Context
There is no real signup today: the account surrogate is pasting a 64-char hex Ed25519 MemWal delegate seed via Auth1 → importDelegate (apps/web/src/main.tsx:1043), stored in localStorage. The README says "no wallet connect," and apps/web/package.json has no Sui/wallet deps (only three); the root has @mysten/sui@^2.9.1. All /app/* content is hard-gated behind hasMemWalDelegate (renderShell, main.tsx:1510), so a first-timer cannot proceed without a raw private key.
Goal / user story
As a new user, I sign in with my Sui wallet (or keyless zkLogin via Google) instead of pasting a private key, my Sui address becomes my identity, and the app unlocks — with the delegate-paste flow demoted to an advanced "bring-your-own MemWal" option.
Acceptance criteria
Implementation notes
- Add to
apps/web/package.json: @mysten/dapp-kit, @mysten/sui (root is already ^2.9.1), @tanstack/react-query; wrap the app in SuiClientProvider + WalletProvider + QueryClientProvider. Use useCurrentAccount, useSignPersonalMessage.
- Backend: add
POST /api/auth/wallet in apps/api/src/worker.ts — issue a nonce, verify the signed message, map address → owner_id, return a session token in the existing me/session shape (mirror importDelegate's response handling at main.tsx:1100).
- zkLogin: use Enoki (
@mysten/enoki EnokiFlow) + Google OAuth; needs an ENOKI_API_KEY worker secret. Enoki sponsorship means no SUI balance is required.
- A wallet/zkLogin user still needs a MemWal delegate to
remember/recall; decide whether the Worker mints/holds a managed delegate keyed to the address, or keeps BYO for now (this is the open account-model decision). Keep BYO working as a fallback this milestone.
- Gotcha: dapp-kit adds bundle weight — lazy-load the wallet provider on
/app routes so the landing/share pages don't ship it.
Sui Overflow angle
This is the headline Sui-native onboarding for the hackathon: real Sui wallet + keyless zkLogin sign-in, with the Sui address as on-chain identity. It also sets up address-owned namespaces and attribution receipts (the address becomes the owner/producer in the Move registry/receipt). Judges expect wallet connect; today's private-key paste is a non-starter for a Sui demo.
Dependencies
Account-model decision (delegate-as-identity vs real accounts + managed delegate). Pairs with the first-run onboarding issue. Downstream on-chain registry/receipt work uses this address as owner.
Part of the ContextMEM roadmap (#4) • Sui Overflow build.
Context
There is no real signup today: the account surrogate is pasting a 64-char hex Ed25519 MemWal delegate seed via
Auth1→importDelegate(apps/web/src/main.tsx:1043), stored inlocalStorage. The README says "no wallet connect," andapps/web/package.jsonhas no Sui/wallet deps (onlythree); the root has@mysten/sui@^2.9.1. All/app/*content is hard-gated behindhasMemWalDelegate(renderShell,main.tsx:1510), so a first-timer cannot proceed without a raw private key.Goal / user story
As a new user, I sign in with my Sui wallet (or keyless zkLogin via Google) instead of pasting a private key, my Sui address becomes my identity, and the app unlocks — with the delegate-paste flow demoted to an advanced "bring-your-own MemWal" option.
Acceptance criteria
@mysten/dapp-kitConnectButton) lists installed Sui wallets and connects.'anonymous'owner_iddefault) and unlocks/app/*without a pasted delegate.useSignPersonalMessage) before issuing a session token — address ownership is proven, not asserted.Auth1/importDelegate) is moved behind an "Advanced / BYO MemWal" affordance, not the default gate.Implementation notes
apps/web/package.json:@mysten/dapp-kit,@mysten/sui(root is already^2.9.1),@tanstack/react-query; wrap the app inSuiClientProvider+WalletProvider+QueryClientProvider. UseuseCurrentAccount,useSignPersonalMessage.POST /api/auth/walletinapps/api/src/worker.ts— issue a nonce, verify the signed message, mapaddress → owner_id, return a session token in the existingme/session shape (mirrorimportDelegate's response handling atmain.tsx:1100).@mysten/enokiEnokiFlow) + Google OAuth; needs anENOKI_API_KEYworker secret. Enoki sponsorship means no SUI balance is required.remember/recall; decide whether the Worker mints/holds a managed delegate keyed to the address, or keeps BYO for now (this is the open account-model decision). Keep BYO working as a fallback this milestone./approutes so the landing/share pages don't ship it.Sui Overflow angle
This is the headline Sui-native onboarding for the hackathon: real Sui wallet + keyless zkLogin sign-in, with the Sui address as on-chain identity. It also sets up address-owned namespaces and attribution receipts (the address becomes the
owner/producerin the Moveregistry/receipt). Judges expect wallet connect; today's private-key paste is a non-starter for a Sui demo.Dependencies
Account-model decision (delegate-as-identity vs real accounts + managed delegate). Pairs with the first-run onboarding issue. Downstream on-chain registry/receipt work uses this address as
owner.Part of the ContextMEM roadmap (#4) • Sui Overflow build.