Derive a deterministic secp256k1 EOA from the passkey's PRF output via
HKDF-SHA256, enabling hardware-backed signing for x402 micropayments and
Safe treasury proposals without storing private keys.
Key changes:
- EOA key derivation with domain-separated HKDF (eoa-derivation.ts)
- Key manager integration with PRF-only EOA path (key-derivation.ts)
- Encrypted client-side wallet store for Safe associations (wallet-store.ts)
- Passkey-backed x402 signer replacing EVM_PRIVATE_KEY (passkey-signer.ts)
- Safe propose/confirm/execute proxy routes in rwallet (mod.ts)
- Wallet capability flag in JWT via users.wallet_address (server.ts)
- Payment operation permissions: x402, safe-propose, safe-execute (session.ts)
Privacy: Safe wallet associations stored client-side only (AES-256-GCM
encrypted localStorage). Server only knows user has wallet capability.
108 tests passing across 5 test suites.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The bare domain x402.org/facilitator returns a 308 redirect that
breaks payment verification. Use www.x402.org/facilitator instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New rSpace module for 3D Gaussian splat viewing. Gallery + full-viewport
Three.js/GaussianSplats3D viewer loaded via CDN importmap. EncryptID auth
on uploads, optional x402 micro-transaction gate. Reusable x402 Hono
middleware in shared/x402/.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
Jeff Emmett