- H-3: Rate limit wallet-link nonce to 5 per user per 5 minutes (429)
- H-4: Verify sender address matches JWT walletAddress in add-owner-proposal;
also include walletAddress in JWT eid claims
- M-1: Sanitize EIP-6963 provider icons — only allow https: and safe
data:image/(png|jpeg|gif|webp), block SVG and javascript: URIs
- M-2: Validate threshold is a positive integer ≤ newOwnerCount, fetch
actual Safe owner list for bounds checking
- M-3: Add VALID_ETH_ADDR regex validation to all 9 routes that accept
address params (Safe proxy, EOA proxy, propose, confirm, execute,
add-owner-proposal) to prevent SSRF via path traversal
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- C-1: Replace Base64 fake encryption with real AES-256-GCM server-side
encryption for linked wallet data (HKDF-derived key from JWT_SECRET)
- H-1: Escape token name/symbol in balance table to prevent XSS
- H-2: Salt address hash with user ID to prevent cross-user correlation
- M-4: Remove cleartext sessionStorage cache for linked wallets
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Users can now connect browser wallets (MetaMask, Rainbow, etc.) to their
EncryptID identity via SIWE ownership proof, and view linked wallet
balances in the unified rWallet viewer.
New files:
- eip6963.ts: EIP-6963 multi-provider discovery
- external-signer.ts: EIP-1193 provider wrapper for tx signing
- linked-wallets.ts: encrypted client-side store (same AES-256-GCM pattern)
Server: wallet-link nonce/verify/list/delete routes, linked_wallets table,
Safe add-owner-proposal endpoint, new session permissions.
UI: "My Wallets" section with provider picker, SIWE linking flow,
wallet type badges, and click-to-view for linked wallets.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace ~30 hardcoded dark hex colors in folk-wallet-viewer with --rs-*
CSS variables so rWallet adapts to both light and dark themes. Warm up
the global light palette from pure white to off-white tones.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Safe Global deprecated per-chain subdomains (safe-transaction-*.safe.global)
in favour of api.safe.global/tx-service/{shortcode}. The old URLs now 308
redirect, and the /balances/usd/ endpoint no longer exists.
- Update CHAIN_MAP prefixes to new shortcodes (eth, oeth, gno, etc.)
- Switch all Safe API calls to new base URL
- Use /balances/ instead of /balances/usd/ (fiat data no longer available)
- Normalize balance response with native token info and placeholder fiat fields
- Update client to show tokens with non-zero balance even without fiat data
- Update encryptid/server.ts Safe verify endpoint to new API
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the bare address-only empty state with a full dashboard landing:
hero branding, supported chain chips, feature cards, clickable example
wallets (TEC, Gitcoin, Vitalik), and animated loading spinner.
Adds testnet toggle (off by default) that filters Sepolia/Base Sepolia
from detection endpoints via ?testnets=true query param. Shows Safe
Multisig / EOA Wallet badge when a wallet is loaded.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously rWallet only supported Safe multisig wallets. Now it falls
back to EOA detection via public RPC endpoints when no Safe is found,
allowing any Ethereum address to view native balances across chains.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All modules had getApiBase() matching wrong module names (e.g. /vote
instead of /rvote) and requiring /{space}/ prefix in the URL path.
On subdomains like jeff.rspace.online, the browser URL is /rfunds/...
not /jeff/rfunds/..., so the regex never matched.
New pattern: /^(\/[^/]+)?\/rmodule/ handles both:
- Subdomain: /rfunds/... → base = /rfunds
- Direct: /demo/rfunds/... → base = /demo/rfunds
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 22 module directories under modules/ now match their module IDs
(e.g. modules/cart → modules/rcart, modules/canvas → modules/rspace).
Updated all import paths, vite build config, HTML template asset refs,
docker-compose standalone commands, and .gitignore accordingly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett