diff --git a/README.md b/README.md index aa9a683..ee8a156 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,15 @@ # Motr Enclave -Extism WASM plugin providing encrypted key storage for Nebula wallet. Built with Go 1.25+ for `wasip1`. +Extism WASM plugin providing encrypted key storage for the Nebula wallet. Built with Go 1.25+ for `wasip1` target. + +## Features + +- **WebAuthn Integration** - Device-bound credentials with PRF key derivation +- **MPC Key Shares** - Secure threshold signature key storage +- **Multi-Chain Support** - BIP44 derivation for Sonr, Ethereum, Bitcoin +- **UCAN v1.0.0-rc.1** - Capability-based authorization with CID-indexed delegations +- **Encryption at Rest** - AES-256-GCM encrypted database serialization +- **SQLite Functions** - Custom functions for address derivation and signing ## Quick Start @@ -32,16 +41,24 @@ import { createEnclave } from '@sonr/motr-enclave'; const enclave = await createEnclave('/enclave.wasm'); -const { did, database } = await enclave.generate(credential); +// Generate new identity with MPC key share +const result = await enclave.generate(credentialBase64); +// Returns: { did, enclave_id, public_key, accounts, database } +// Load existing database await enclave.load(database); +// List accounts across all chains const accounts = await enclave.exec('resource:accounts action:list'); +// Sign data with an enclave +const signature = await enclave.exec('resource:enclaves action:sign subject:enclave_id:data_hex'); + +// Query DID document const didDoc = await enclave.query(); ``` -### CLI +### CLI Testing ```bash make test-plugin @@ -51,26 +68,70 @@ make test-plugin | Function | Input | Output | |----------|-------|--------| -| `generate` | WebAuthn credential (base64) | DID + database buffer | -| `load` | Database buffer | Success status | -| `exec` | Filter string + optional UCAN | Action result | +| `ping` | Message string | Echo response | +| `generate` | WebAuthn credential (base64) | DID, enclave_id, public_key, accounts[], database | +| `load` | Database buffer | Success status, DID | +| `exec` | Filter string | Action result | | `query` | DID (optional) | DID document | -## Database Schema +### Exec Resources & Actions -The database schema is defined in `db/schema.sql`. +| Resource | Actions | +|----------|---------| +| `accounts` | list, get, sign | +| `enclaves` | list, get, sign, rotate, archive, delete | +| `credentials` | list, get | +| `sessions` | list, revoke | +| `grants` | list, revoke | +| `delegations` | list, list_received, list_command, get, revoke, verify, cleanup | +| `verification_methods` | list, get, delete | +| `services` | list, get, get_by_id | -![[.github/db-schema.png]] +### Filter Syntax + +``` +resource: action: [subject:] +``` + +Examples: +```bash +# List all accounts +resource:accounts action:list + +# Get specific account +resource:accounts action:get subject:sonr1abc... + +# Sign with enclave +resource:enclaves action:sign subject:enc_123:48656c6c6f + +# List delegations by command +resource:delegations action:list_command subject:/vault/read +``` + +## Architecture + +The enclave uses SQLite as a computation engine with custom functions: + +| Function | Purpose | +|----------|---------| +| `bip44_derive(pubkey, chain)` | Derive address from public key | +| `bip44_derive_from_enclave(id, chain)` | Derive address from stored enclave | + +Supported chains: `sonr` (Cosmos 118), `ethereum` (60), `bitcoin` (0) ## Project Structure ``` motr-enclave/ -├── main.go # Go plugin source -├── src/ # TypeScript SDK -├── dist/ # Built SDK -├── example/ # Browser test app -├── db/ # SQLite schema +├── cmd/enclave/ # WASM plugin entry point +├── internal/ +│ ├── keybase/ # Database layer + SQLite functions +│ ├── crypto/mpc/ # MPC key operations +│ ├── crypto/ucan/ # UCAN v1.0.0-rc.1 builders +│ └── migrations/ # Schema + queries +├── src/ # TypeScript SDK +├── dist/ # Built SDK +├── example/ # Browser demo └── Makefile ``` @@ -80,4 +141,12 @@ motr-enclave/ make test # Run Go tests make lint # Run linter make clean # Remove build artifacts +make generate # Regenerate SQLC code ``` + +## Documentation + +- [AGENTS.md](./AGENTS.md) - Architecture and coding guidelines +- [TODO.md](./TODO.md) - Remaining implementation tasks +- [CHANGELOG.md](./CHANGELOG.md) - Version history +- [MIGRATION.md](./MIGRATION.md) - Original schema design