---
title: "Universal Profiles × EncryptID Integration"
status: "In Progress"
priority: "high"
created: 2026-03-16
labels: ["encryptid", "blockchain", "lukso", "base"]
---

# Universal Profiles × EncryptID Integration

Give every EncryptID user a LUKSO Universal Profile (LSP0 + LSP6) on Base, controlled by their passkey-derived secp256k1 key. Replaces fragmented Openfort wallets and raw EOAs with a unified on-chain identity.

## Phase 1: Core — EVM Key Derivation + UP Deployment Service (DONE)

- [x] Client-side secp256k1 key derivation from PRF via HKDF (`evm-key.ts`)
- [x] UP deployment service (`encryptid-up-service/`) — Hono API with CREATE2 factory
- [x] LSP6 permission encoding (AuthLevel → BitArray mapping)
- [x] LSP25 gasless relay service
- [x] LSP3 profile metadata sync
- [x] Database schema migration (UP columns on users table)
- [x] JWT claims updated with `eid.up` object
- [x] Recovery hooks for on-chain controller rotation
- [ ] Deploy LSP0/LSP6 implementation contracts on Base Sepolia
- [ ] Set up Infisical secrets (RELAY_PRIVATE_KEY, JWT_SECRET)
- [ ] DNS record for up.encryptid.jeffemmett.com
- [ ] Install npm dependencies (requires root)
- [ ] End-to-end test: passkey → derive key → deploy UP → relay tx

## Phase 2: SDK Integration — UP-Aware Sessions

- [ ] UP info in JWT claims on auth
- [ ] GET/POST /api/profile/:id/up endpoints
- [ ] SessionManager: getUPAddress(), hasUniversalProfile()
- [ ] Guardian → LSP6 controller mapping for on-chain recovery

## Phase 3: Payment-Infra Migration

- [ ] WalletAdapter abstraction (UP + Openfort)
- [ ] New users → UP by default
- [ ] Optional Openfort → UP migration path

## Phase 4: NLA Oracle Integration

- [ ] getEncryptIDWallet() in NLA CLI
- [ ] --encryptid flag on create/fulfill/collect commands
- [ ] UP-identified escrow parties with LSP3 metadata

## Notes

- 2026-03-16: Phase 1 code complete. SDK changes in encryptid-sdk repo, UP service in encryptid-up-service (new, not yet a git repo). DB/server changes in rspace-online.bak.