Jeff Emmett
be271de7fb
Derive a deterministic secp256k1 EOA from the passkey's PRF output via HKDF-SHA256, enabling hardware-backed signing for x402 micropayments and Safe treasury proposals without storing private keys. Key changes: - EOA key derivation with domain-separated HKDF (eoa-derivation.ts) - Key manager integration with PRF-only EOA path (key-derivation.ts) - Encrypted client-side wallet store for Safe associations (wallet-store.ts) - Passkey-backed x402 signer replacing EVM_PRIVATE_KEY (passkey-signer.ts) - Safe propose/confirm/execute proxy routes in rwallet (mod.ts) - Wallet capability flag in JWT via users.wallet_address (server.ts) - Payment operation permissions: x402, safe-propose, safe-execute (session.ts) Privacy: Safe wallet associations stored client-side only (AES-256-GCM encrypted localStorage). Server only knows user has wallet capability. 108 tests passing across 5 test suites. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| hono-middleware.ts | ||
| passkey-signer.ts | ||
| types.d.ts | ||