evefrontier/evevault

# EVE Vault Wallet EVE Vault Wallet is a Chrome MV3 extension and web app built with WXT and React. It implements the Sui Wallet Standard to let dApps discover and connect to a user wallet. User authentication supports **EVE Frontier FusionAuth** via Chrome's `identity` API. After login, a [Sui zkLogin](https://docs.sui.io/concepts/cryptography/zklogin) address is derived and exposed to dApps via the wallet standard. ## Features - EVE Frontier OAuth (FusionAuth) - zkLogin address derivation (Enoki) - Wallet Standard implementation for dApp discovery - Transaction signing with zkLogin and privatekey (localnet-only) - Multi-network support (Devnet, Testnet, Localnet) - Multi-tenant FusionAuth configuration - Zustand for client state - Chrome storage persistence (extension) ## How It Works EVE Vault uses **zkLogin** to create a Sui wallet address from your OAuth credentials (FusionAuth). Your wallet address is cryptographically derived from your authenticated identity using zero-knowledge proofs. On Sui Localnet, signing uses a local Ed25519 keypair (imported in the app), which keeps dev/test flows simple. For detailed technical information, see the [Architecture Documentation](https://github.com/evefrontier/architecture-decision-log/blob/main/adr/0008-zklogin-implementation-auth-flow.md) and [Sui zkLogin docs](https://docs.sui.io/concepts/cryptography/zklogin). ## Download **Latest extension (Chrome):** [https://github.com/evefrontier/evevault/releases](https://github.com/evefrontier/evevault/releases) **Latest extension ZIP** (CI, stable filename): [releases/latest/download/eve-vault-chrome.zip](https://github.com/evefrontier/evevault/releases/latest/download/eve-vault-chrome.zip) — see [docs/RELEASE_EXTENSION.md](./docs/RELEASE_EXTENSION.md). **Web app:** [https://evevault.evefrontier.com/](https://evevault.evefrontier.com/) ## Requirements - Node.js 22+ - [Bun](https://bun.sh/) (package manager used in this repo) - FusionAuth application with client credentials (per-tenant secrets in env) - Enoki API key (zkLogin address derivation) ## Quick Start ### 1. Install dependencies bun install ### 2. Environment configuration # FusionAuth — set secrets for each tenant you enable VITE_TENANT_STILLNESS_CLIENT_SECRET= VITE_TENANT_UTOPIA_CLIENT_SECRET= VITE_TENANT_TAUCETI_CLIENT_SECRET= VITE_TENANT_TESSERACT_CLIENT_SECRET= VITE_TENANT_TETRA_CLIENT_SECRET= VITE_TENANT_TIAKI_CLIENT_SECRET= VITE_FUSIONAUTH_REDIRECT_URI= # Enoki VITE_ENOKI_API_KEY= # Extension (when required by your build / OAuth redirect) EXTENSION_ID= ### 3. OAuth provider setup (FusionAuth) 1. FusionAuth admin → Applications → your app → OAuth 2. Add redirect URI: `https://.chromiumapp.org/` (extension flow) 3. Enable scopes: `openid`, `profile`, `email` ### 4. Start development # Extension only bun run dev:ext # Extension and web apps bun run dev ### 5. Load the extension in Chrome 1. Open `chrome://extensions` 2. Enable **Developer mode** 3. **Load unpacked** → select `apps/extension/.output/chrome-mv3` (after `dev` or `build` has produced output) ### 6. Smoke-test the popup 1. Open the extension popup 2. Sign in with your configured tenant 3. After success, you should see your zkLogin address and balance (when the network and APIs are available) 4. Use the in-app network selector to switch networks where supported ## Build # Extension (Turborepo) bun run build:ext # Web app bun run build:web # Both apps bun run build Extension artifact directory: `apps/extension/.output/chrome-mv3/` ## Code quality ### Linting and formatting [Biome](https://biomejs.dev/) is used for format + lint. bun run lint bun run lint:fix bun run typecheck Run a task for one workspace, for example: bunx turbo run lint --filter=@evevault/web ### Pre-commit (Husky + lint-staged) Staged `*.{ts,tsx,js,jsx,json,css}` files are run through `biome check --write` before commit (see root `package.json` `lint-staged`). Config: `biome.json`, `.biomeignore`, `.husky/pre-commit`. ### Tests bun run test bun run test:run bunx turbo run test --filter=@evevault/shared ## Project structure Monorepo: Bun workspaces + [Turborepo](https://turbo.build/). evevault/ ├── packages/ │ └── shared/ # Shared types, auth, wallet, UI used by web + extension └── apps/ ├── extension/ # WXT Chrome MV3 extension └── web/ # Vite + React web app ## Documentation - [Release extension (CI)](./docs/RELEASE_EXTENSION.md) — GitHub Actions ZIP - [ADR: hybrid monorepo structure](./docs/adr/001-hybrid-monorepo-structure.md) - [Troubleshooting](./docs/TROUBLESHOOTING.md) - [Architecture (zkLogin / auth)](https://github.com/evefrontier/architecture-decision-log/blob/main/adr/0008-zklogin-implementation-auth-flow.md) — external ADR ## Usage ### For dApp developers EVE Vault registers as **Eve Vault** through the [Sui Wallet Standard](https://docs.sui.io/standards/wallet-standard). Use any stack that lists Wallet Standard wallets (for example `@mysten/dapp-kit`); connect or filter for the wallet named **Eve Vault**. The extension injects the provider in pages where it is allowed to run. ### For extension users 1. Open the popup from the toolbar icon 2. Complete sign-in for your tenant 3. Once authenticated, the wallet is available to permitted sites 4. Switch Sui networks from the network selector when offered ## Known limitations - zkLogin **maxEpoch** expiry can require unlocking / signing again after an epoch boundary ## Acknowledgements - [WXT](https://wxt.dev/) and React - Sui Wallet Standard: [@mysten/wallet-standard](https://sdk.mystenlabs.com/dapp-kit/wallet-standard) - zkLogin: [@mysten/sui](https://docs.sui.io/concepts/cryptography/zklogin) - [Zustand](https://zustand-demo.pmnd.rs/) - [oidc-client-ts](https://github.com/authts/oidc-client-ts) + FusionAuth - [Enoki](https://docs.enoki.mystenlabs.com/) (Mysten Labs)

标签：自动化攻击