From dd6c65a69310b27645cc0ec8317df765ce47300e Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeffemmett@gmail.com>
Date: Fri, 13 Feb 2026 12:41:01 -0700
Subject: [PATCH] Add backlog tasks for EncryptID and rWallet

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 ...unified-identity-system-for-r-ecosystem.md | 70 +++++++++++++++++++
 ...ptID-Foundation-WebAuthn-+-Domain-Setup.md | 64 +++++++++++++++++
 ...- Sprint-6-EncryptID-Migration-&-Launch.md | 61 ++++++++++++++++
 ...print-5-EncryptID-Cross-App-Integration.md | 60 ++++++++++++++++
 .../task-9 - Create-rWallet.online-website.md | 41 +++++++++++
 5 files changed, 296 insertions(+)
 create mode 100644 backlog/tasks/task-10 - Design-EncryptID-unified-identity-system-for-r-ecosystem.md
 create mode 100644 backlog/tasks/task-11 - Sprint-1-EncryptID-Foundation-WebAuthn-+-Domain-Setup.md
 create mode 100644 backlog/tasks/task-12 - Sprint-6-EncryptID-Migration-&-Launch.md
 create mode 100644 backlog/tasks/task-13 - Sprint-5-EncryptID-Cross-App-Integration.md
 create mode 100644 backlog/tasks/task-9 - Create-rWallet.online-website.md

diff --git a/backlog/tasks/task-10 - Design-EncryptID-unified-identity-system-for-r-ecosystem.md b/backlog/tasks/task-10 - Design-EncryptID-unified-identity-system-for-r-ecosystem.md
new file mode 100644
index 0000000..63b97bb
--- /dev/null
+++ b/backlog/tasks/task-10 - Design-EncryptID-unified-identity-system-for-r-ecosystem.md	
@@ -0,0 +1,70 @@
+---
+id: task-10
+title: Design EncryptID unified identity system for r-ecosystem
+status: Done
+assignee: []
+created_date: '2026-02-05 15:02'
+updated_date: '2026-02-05 15:05'
+labels:
+  - architecture
+  - security
+  - rSpace-ecosystem
+dependencies: []
+priority: high
+---
+
+## Description
+
+<!-- SECTION:DESCRIPTION:BEGIN -->
+Design and document the EncryptID unified identity/authentication system for rspace.online, rwallet, rvote, rmaps, and rfiles.
+
+Key requirements:
+- WebAuthn/Passkey as primary authentication
+- WebCrypto API for key derivation and client-side encryption
+- Account Abstraction smart wallet integration
+- Social recovery (NO seed phrases)
+- Cross-app SSO across all r-ecosystem apps
+- DID:key for decentralized identity
+<!-- SECTION:DESCRIPTION:END -->
+
+## Acceptance Criteria
+<!-- AC:BEGIN -->
+- [x] #1 Architecture document complete with all 5 layers defined
+- [x] #2 Social recovery mechanism designed (no seed phrases)
+- [x] #3 Cross-app SSO strategy documented
+- [x] #4 Integration path with existing CryptID documented
+- [x] #5 Provider comparison (ZeroDev vs Safe vs Privy) complete
+<!-- AC:END -->
+
+## Implementation Notes
+
+<!-- SECTION:NOTES:BEGIN -->
+## Completed Research
+
+Created comprehensive ENCRYPTID-SPECIFICATION.md covering:
+
+### 5-Layer Architecture
+1. **Layer 1: WebAuthn/Passkeys** - Hardware-backed primary auth
+2. **Layer 2: Derived Keys (WebCrypto)** - Encryption, signing, DID keys via HKDF
+3. **Layer 3: Smart Wallet (AA)** - ZeroDev + Safe hybrid for on-chain ops
+4. **Layer 4: Social Recovery** - Guardian-based, no seed phrases, 48h time-lock
+5. **Layer 5: Session/SSO** - Related Origin Requests for cross-app auth
+
+### Social Recovery Design
+- 3-of-5 guardian threshold recommended
+- Guardian types: secondary passkey, trusted contacts, hardware key, institutional
+- 48-hour time-lock with user notification and cancellation
+- Privacy-preserving (guardians don't know each other)
+
+### Provider Comparison
+- **ZeroDev**: Best for custom flows, native passkey support via Turnkey
+- **Safe**: Best for DAOs/shared treasuries, multi-sig native
+- **Privy**: Quickest integration, managed recovery
+- **Turnkey**: Infrastructure layer, TEE-backed
+
+### Key Research Sources
+- Yubico PRF Extension Guide
+- Vitalik's social recovery recommendations
+- ZeroDev/Safe documentation
+- Corbado passkey guides
+<!-- SECTION:NOTES:END -->
diff --git a/backlog/tasks/task-11 - Sprint-1-EncryptID-Foundation-WebAuthn-+-Domain-Setup.md b/backlog/tasks/task-11 - Sprint-1-EncryptID-Foundation-WebAuthn-+-Domain-Setup.md
new file mode 100644
index 0000000..92fd5e1
--- /dev/null
+++ b/backlog/tasks/task-11 - Sprint-1-EncryptID-Foundation-WebAuthn-+-Domain-Setup.md	
@@ -0,0 +1,64 @@
+---
+id: task-11
+title: 'Sprint 1: EncryptID Foundation - WebAuthn + Domain Setup'
+status: Done
+assignee: []
+created_date: '2026-02-05 15:38'
+updated_date: '2026-02-05 16:54'
+labels:
+  - encryptid
+  - sprint-1
+  - foundation
+dependencies: []
+priority: high
+---
+
+## Description
+
+<!-- SECTION:DESCRIPTION:BEGIN -->
+Set up the foundational infrastructure for EncryptID:
+
+1. **Domain Setup**
+   - Configure encryptid.online domain
+   - Set up Cloudflare tunnel routing
+   - Deploy basic landing page
+
+2. **WebAuthn Implementation**
+   - Registration flow with discoverable credentials
+   - Authentication flow with PRF extension
+   - Credential storage in D1/PostgreSQL
+
+3. **Related Origins Configuration**
+   - Create `.well-known/webauthn` file
+   - Configure all r-ecosystem domains
+   - Test cross-origin passkey usage
+
+4. **Session Token Issuance**
+   - JWT generation with EncryptID claims
+   - Refresh token rotation
+   - Session storage strategy
+<!-- SECTION:DESCRIPTION:END -->
+
+## Acceptance Criteria
+<!-- AC:BEGIN -->
+- [ ] #1 encryptid.online domain live and accessible
+- [ ] #2 WebAuthn registration creates discoverable credential
+- [ ] #3 WebAuthn authentication returns PRF output (where supported)
+- [ ] #4 Related Origins allows auth from rspace.online
+- [ ] #5 JWT tokens issued with proper EncryptID claims
+- [ ] #6 Refresh token rotation working
+<!-- AC:END -->
+
+## Implementation Notes
+
+<!-- SECTION:NOTES:BEGIN -->
+Starting implementation with domain encryptid.jeffemmett.com
+
+Sprint 1 deployment complete:
+- EncryptID server deployed at https://encryptid.jeffemmett.com
+- WebAuthn registration/authentication endpoints working
+- .well-known/webauthn serving Related Origins config
+- Demo page accessible at /demo.html
+- Docker container running on Netcup with Traefik routing
+- Cloudflare tunnel configured for HTTPS access
+<!-- SECTION:NOTES:END -->
diff --git a/backlog/tasks/task-12 - Sprint-6-EncryptID-Migration-&-Launch.md b/backlog/tasks/task-12 - Sprint-6-EncryptID-Migration-&-Launch.md
new file mode 100644
index 0000000..cd29504
--- /dev/null
+++ b/backlog/tasks/task-12 - Sprint-6-EncryptID-Migration-&-Launch.md	
@@ -0,0 +1,61 @@
+---
+id: task-12
+title: 'Sprint 6: EncryptID Migration & Launch'
+status: To Do
+assignee: []
+created_date: '2026-02-05 15:38'
+labels:
+  - encryptid
+  - sprint-6
+  - launch
+  - migration
+dependencies: []
+priority: medium
+---
+
+## Description
+
+<!-- SECTION:DESCRIPTION:BEGIN -->
+Migrate from CryptID and prepare for production launch:
+
+1. **CryptID Migration**
+   - Migration tool for existing users
+   - Re-encrypt data with new keys
+   - Identity linking (old → new)
+   - Backward compatibility period
+
+2. **User Onboarding**
+   - First-time user flow
+   - Passkey creation guidance
+   - Guardian setup wizard
+   - Recovery plan documentation
+
+3. **Documentation**
+   - API documentation
+   - SDK usage guides
+   - Security whitepaper
+   - User help center
+
+4. **Security Audit**
+   - Internal security review
+   - External audit (if budget allows)
+   - Penetration testing
+   - Bug bounty program setup
+
+5. **Launch Preparation**
+   - Performance optimization
+   - Error monitoring (Sentry)
+   - Analytics setup
+   - Launch announcement
+<!-- SECTION:DESCRIPTION:END -->
+
+## Acceptance Criteria
+<!-- AC:BEGIN -->
+- [ ] #1 CryptID users can migrate to EncryptID
+- [ ] #2 Existing encrypted data re-encrypted with new keys
+- [ ] #3 New user onboarding flow complete
+- [ ] #4 API documentation published
+- [ ] #5 Security review completed
+- [ ] #6 No critical vulnerabilities in audit
+- [ ] #7 Launch blog post drafted
+<!-- AC:END -->
diff --git a/backlog/tasks/task-13 - Sprint-5-EncryptID-Cross-App-Integration.md b/backlog/tasks/task-13 - Sprint-5-EncryptID-Cross-App-Integration.md
new file mode 100644
index 0000000..5ea4fc3
--- /dev/null
+++ b/backlog/tasks/task-13 - Sprint-5-EncryptID-Cross-App-Integration.md	
@@ -0,0 +1,60 @@
+---
+id: task-13
+title: 'Sprint 5: EncryptID Cross-App Integration'
+status: To Do
+assignee: []
+created_date: '2026-02-05 15:38'
+labels:
+  - encryptid
+  - sprint-5
+  - integration
+dependencies: []
+priority: high
+---
+
+## Description
+
+<!-- SECTION:DESCRIPTION:BEGIN -->
+Integrate EncryptID across all r-ecosystem applications:
+
+1. **rspace.online Integration**
+   - Replace CryptID login with EncryptID
+   - E2E encryption for private boards
+   - Document signing for authorship
+
+2. **rwallet.online Integration**
+   - Connect AA wallet for treasury ops
+   - Transaction approval with passkey
+   - Session keys for recurring operations
+
+3. **rvote.online Integration**
+   - Voter authentication
+   - Cryptographic ballot signatures
+   - On-chain vote submission
+
+4. **rfiles.online Integration**
+   - E2E file encryption
+   - Secure file sharing (key wrapping)
+   - Storage payment integration
+
+5. **rmaps.online Integration**
+   - User authentication
+   - Contribution signing
+   - Location data encryption
+
+6. **Shared Components**
+   - EncryptID SDK/library
+   - Login button component
+   - Session management hooks
+<!-- SECTION:DESCRIPTION:END -->
+
+## Acceptance Criteria
+<!-- AC:BEGIN -->
+- [ ] #1 rspace.online authenticates via EncryptID
+- [ ] #2 rwallet.online connects to user's AA wallet
+- [ ] #3 rvote.online accepts signed ballots
+- [ ] #4 rfiles.online encrypts/decrypts with derived keys
+- [ ] #5 rmaps.online uses EncryptID for auth
+- [ ] #6 Single sign-on works across all apps
+- [ ] #7 EncryptID SDK published and documented
+<!-- AC:END -->
diff --git a/backlog/tasks/task-9 - Create-rWallet.online-website.md b/backlog/tasks/task-9 - Create-rWallet.online-website.md
new file mode 100644
index 0000000..c516b28
--- /dev/null
+++ b/backlog/tasks/task-9 - Create-rWallet.online-website.md	
@@ -0,0 +1,41 @@
+---
+id: task-9
+title: Create rWallet.online website
+status: To Do
+assignee: []
+created_date: '2026-02-04 22:39'
+updated_date: '2026-02-04 22:39'
+labels:
+  - website
+  - rSpace-ecosystem
+dependencies: []
+priority: high
+---
+
+## Description
+
+<!-- SECTION:DESCRIPTION:BEGIN -->
+Build and deploy the rWallet.online website as part of the rSpace ecosystem. rWallet is for community treasury management - tracking shared resources, contributions, and funding flows.
+
+Should follow the same tech stack and design patterns as rSpace-website (Next.js, Tailwind, dark retro theme with cyan/orange/yellow accents).
+
+Key features to include:
+- Community treasury dashboard
+- Contribution tracking
+- Funding flow visualization
+- Integration with rSpace ecosystem
+<!-- SECTION:DESCRIPTION:END -->
+
+## Acceptance Criteria
+<!-- AC:BEGIN -->
+- [ ] #1 Website deployed and accessible at rWallet.online
+- [ ] #2 Matches rSpace-website design language
+- [ ] #3 Core treasury dashboard UI implemented
+- [ ] #4 Connected to Cloudflare tunnel for hosting
+<!-- AC:END -->
+
+## Implementation Notes
+
+<!-- SECTION:NOTES:BEGIN -->
+Due: Sunday, February 9, 2026
+<!-- SECTION:NOTES:END -->