jeffemmett
/
rspace-online
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,061 Commits 3 Branches 0 Tags 41 MiB
Commit Graph

4 Commits

Author SHA1 Message Date
Jeff Emmett e207b18adf fix(encryptid): deterministic key derivation and server-backed guardian recovery 
- Key derivation: replace random crypto.subtle.generateKey with deterministic
  P-256 via @noble/curves/p256 and real Ed25519 did:key generation via
  @noble/curves/ed25519 with multicodec prefix + base58btc encoding
- Guardian recovery: wire RecoveryManager to server API (GET/POST/DELETE
  /api/guardians) instead of localStorage-only persistence. Server handles
  invite emails, client syncs guardian list on load and merges with local
  type metadata. verifyGuardian checks actual server acceptance status.
- Notifications dispatch CustomEvents on document for UI integration
- GuardianSetupElement awaits server sync before first render

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 23:26:52 -07:00
Jeff Emmett 33156cc249 fix: resolve all pre-existing tsc --noEmit errors (10 errors across 5 files) 
- folk-map-viewer.ts: remove explicit return type, let TS infer
- test-x402.ts: cast account as any (test script, readContract unused)
- key-derivation.ts: cast Uint8Array at WebCrypto boundaries (BufferSource/ArrayBuffer)
- wallet-store.ts: cast .buffer as ArrayBuffer
- webauthn.ts: cast PRF output as ArrayBuffer | undefined

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-02 14:48:37 -08:00
Jeff Emmett be271de7fb feat: add Gnosis Safe + EncryptID passkey wallet abstraction 
Derive a deterministic secp256k1 EOA from the passkey's PRF output via
HKDF-SHA256, enabling hardware-backed signing for x402 micropayments and
Safe treasury proposals without storing private keys.

Key changes:
- EOA key derivation with domain-separated HKDF (eoa-derivation.ts)
- Key manager integration with PRF-only EOA path (key-derivation.ts)
- Encrypted client-side wallet store for Safe associations (wallet-store.ts)
- Passkey-backed x402 signer replacing EVM_PRIVATE_KEY (passkey-signer.ts)
- Safe propose/confirm/execute proxy routes in rwallet (mod.ts)
- Wallet capability flag in JWT via users.wallet_address (server.ts)
- Payment operation permissions: x402, safe-propose, safe-execute (session.ts)

Privacy: Safe wallet associations stored client-side only (AES-256-GCM
encrypted localStorage). Server only knows user has wallet capability.

108 tests passing across 5 test suites.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-02 12:18:34 -08:00
Jeff Emmett 72192007e6 feat: Add EncryptID unified identity system 
Implements the EncryptID identity system for the r-ecosystem:

- WebAuthn/Passkey authentication with PRF extension for key derivation
- Client-side cryptographic key derivation (AES-256, ECDSA P-256, Ed25519)
- Social recovery system with guardians (no seed phrases!)
- Session management with authentication levels
- Cross-app SSO via Related Origin Requests
- Web components: login button and guardian setup panel
- Hono server for authentication endpoints
- Docker deployment configuration

Domain: encryptid.jeffemmett.com
RP ID: jeffemmett.com (for cross-subdomain passkey usage)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-05 16:48:19 +00:00