feat: add UP integration backlog task-120, remove duplicate task-72

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backlog/tasks/task-120 - Universal-Profiles-x-EncryptID-integration.md

@@ -0,0 +1,36 @@
+---
+id: 120
+title: Universal Profiles × EncryptID integration
+status: In Progress
+priority: high
+created: 2026-03-16
+---
+
+## Description
+Give every EncryptID user a LUKSO Universal Profile (LSP0 + LSP6) on Base, controlled by their passkey-derived secp256k1 key.
+
+## Phase 1: Core (DONE)
+- [x] EVM key derivation (`encryptid-sdk/src/client/evm-key.ts`) — HKDF secp256k1 from PRF
+- [x] UP deployment service (`encryptid-up-service/`) — Hono API with CREATE2, LSP6 permissions, LSP25 relay
+- [x] SDK types — `eid.up` in JWT claims, `LSP6Permission` enum, UP request/response types
+- [x] Session UP helpers — `getUPAddress()`, `hasUniversalProfile()`, `setUniversalProfile()`
+- [x] Recovery hooks — `onUPRecovery()` for on-chain controller rotation
+- [x] Schema migration — UP columns on users table
+- [x] Server endpoints — `GET/POST /api/profile/:id/up`, UP info in JWT claims
+
+## Phase 2: UP-Aware Sessions
+- [ ] Map EncryptID AuthLevel → LSP6 BitArray permissions on-chain
+- [ ] Guardian → LSP6 controller mapping with ADDPERMISSIONS
+
+## Phase 3: Payment-Infra Migration
+- [ ] WalletAdapter abstraction (UP + Openfort)
+- [ ] New users → UP by default
+
+## Phase 4: NLA Oracle Integration
+- [ ] `getEncryptIDWallet()` for CLI
+- [ ] Escrow parties identified by UP address
+
+## Notes
+- encryptid-up-service repo: https://gitea.jeffemmett.com/jeffemmett/encryptid-up-service
+- Chain: Base Sepolia (84532) for dev, Base mainnet for prod
+- LSP contracts are EVM-compatible, deployed on Base

backlog/tasks/task-72 - Universal-Profiles-x-EncryptID-integration.md

@@ -1,50 +0,0 @@
----
-title: "Universal Profiles × EncryptID Integration"
-status: "In Progress"
-priority: "high"
-created: 2026-03-16
-labels: ["encryptid", "blockchain", "lukso", "base"]
----
-
-# Universal Profiles × EncryptID Integration
-
-Give every EncryptID user a LUKSO Universal Profile (LSP0 + LSP6) on Base, controlled by their passkey-derived secp256k1 key. Replaces fragmented Openfort wallets and raw EOAs with a unified on-chain identity.
-
-## Phase 1: Core — EVM Key Derivation + UP Deployment Service (DONE)
-
-- [x] Client-side secp256k1 key derivation from PRF via HKDF (`evm-key.ts`)
-- [x] UP deployment service (`encryptid-up-service/`) — Hono API with CREATE2 factory
-- [x] LSP6 permission encoding (AuthLevel → BitArray mapping)
-- [x] LSP25 gasless relay service
-- [x] LSP3 profile metadata sync
-- [x] Database schema migration (UP columns on users table)
-- [x] JWT claims updated with `eid.up` object
-- [x] Recovery hooks for on-chain controller rotation
-- [ ] Deploy LSP0/LSP6 implementation contracts on Base Sepolia
-- [ ] Set up Infisical secrets (RELAY_PRIVATE_KEY, JWT_SECRET)
-- [ ] DNS record for up.encryptid.jeffemmett.com
-- [ ] Install npm dependencies (requires root)
-- [ ] End-to-end test: passkey → derive key → deploy UP → relay tx
-
-## Phase 2: SDK Integration — UP-Aware Sessions
-
-- [ ] UP info in JWT claims on auth
-- [ ] GET/POST /api/profile/:id/up endpoints
-- [ ] SessionManager: getUPAddress(), hasUniversalProfile()
-- [ ] Guardian → LSP6 controller mapping for on-chain recovery
-
-## Phase 3: Payment-Infra Migration
-
-- [ ] WalletAdapter abstraction (UP + Openfort)
-- [ ] New users → UP by default
-- [ ] Optional Openfort → UP migration path
-
-## Phase 4: NLA Oracle Integration
-
-- [ ] getEncryptIDWallet() in NLA CLI
-- [ ] --encryptid flag on create/fulfill/collect commands
-- [ ] UP-identified escrow parties with LSP3 metadata
-
-## Notes
-
-- 2026-03-16: Phase 1 code complete. SDK changes in encryptid-sdk repo, UP service in encryptid-up-service (new, not yet a git repo). DB/server changes in rspace-online.bak.