---
id: 120
title: Universal Profiles × EncryptID integration
status: In Progress
priority: high
created: 2026-03-16
---

## Description
Give every EncryptID user a LUKSO Universal Profile (LSP0 + LSP6) on Base, controlled by their passkey-derived secp256k1 key.

## Phase 1: Core (DONE)
- [x] EVM key derivation (`encryptid-sdk/src/client/evm-key.ts`) — HKDF secp256k1 from PRF
- [x] UP deployment service (`encryptid-up-service/`) — Hono API with CREATE2, LSP6 permissions, LSP25 relay
- [x] SDK types — `eid.up` in JWT claims, `LSP6Permission` enum, UP request/response types
- [x] Session UP helpers — `getUPAddress()`, `hasUniversalProfile()`, `setUniversalProfile()`
- [x] Recovery hooks — `onUPRecovery()` for on-chain controller rotation
- [x] Schema migration — UP columns on users table
- [x] Server endpoints — `GET/POST /api/profile/:id/up`, UP info in JWT claims

## Phase 2: UP-Aware Sessions
- [ ] Map EncryptID AuthLevel → LSP6 BitArray permissions on-chain
- [ ] Guardian → LSP6 controller mapping with ADDPERMISSIONS

## Phase 3: Payment-Infra Migration
- [ ] WalletAdapter abstraction (UP + Openfort)
- [ ] New users → UP by default

## Phase 4: NLA Oracle Integration
- [ ] `getEncryptIDWallet()` for CLI
- [ ] Escrow parties identified by UP address

## Notes
- encryptid-up-service repo: https://gitea.jeffemmett.com/jeffemmett/encryptid-up-service
- Chain: Base Sepolia (84532) for dev, Base mainnet for prod
- LSP contracts are EVM-compatible, deployed on Base