Skip to content

Sui wallet connect + zkLogin sign-in to replace the Ed25519 delegate-key signup wall #17

Description

@harrymove-ctrl

Context

There is no real signup today: the account surrogate is pasting a 64-char hex Ed25519 MemWal delegate seed via Auth1importDelegate (apps/web/src/main.tsx:1043), stored in localStorage. The README says "no wallet connect," and apps/web/package.json has no Sui/wallet deps (only three); the root has @mysten/sui@^2.9.1. All /app/* content is hard-gated behind hasMemWalDelegate (renderShell, main.tsx:1510), so a first-timer cannot proceed without a raw private key.

Goal / user story

As a new user, I sign in with my Sui wallet (or keyless zkLogin via Google) instead of pasting a private key, my Sui address becomes my identity, and the app unlocks — with the delegate-paste flow demoted to an advanced "bring-your-own MemWal" option.

Acceptance criteria

  • A "Connect wallet" entry point (built on @mysten/dapp-kit ConnectButton) lists installed Sui wallets and connects.
  • On connect, the wallet address becomes the hosted identity (replaces the 'anonymous' owner_id default) and unlocks /app/* without a pasted delegate.
  • A zkLogin / Google keyless option is available for users without a wallet extension.
  • The Worker verifies a signed nonce (useSignPersonalMessage) before issuing a session token — address ownership is proven, not asserted.
  • The Ed25519 delegate import (Auth1/importDelegate) is moved behind an "Advanced / BYO MemWal" affordance, not the default gate.
  • Disconnect clears the session and returns the user to the public/landing state.

Implementation notes

  • Add to apps/web/package.json: @mysten/dapp-kit, @mysten/sui (root is already ^2.9.1), @tanstack/react-query; wrap the app in SuiClientProvider + WalletProvider + QueryClientProvider. Use useCurrentAccount, useSignPersonalMessage.
  • Backend: add POST /api/auth/wallet in apps/api/src/worker.ts — issue a nonce, verify the signed message, map address → owner_id, return a session token in the existing me/session shape (mirror importDelegate's response handling at main.tsx:1100).
  • zkLogin: use Enoki (@mysten/enoki EnokiFlow) + Google OAuth; needs an ENOKI_API_KEY worker secret. Enoki sponsorship means no SUI balance is required.
  • A wallet/zkLogin user still needs a MemWal delegate to remember/recall; decide whether the Worker mints/holds a managed delegate keyed to the address, or keeps BYO for now (this is the open account-model decision). Keep BYO working as a fallback this milestone.
  • Gotcha: dapp-kit adds bundle weight — lazy-load the wallet provider on /app routes so the landing/share pages don't ship it.

Sui Overflow angle

This is the headline Sui-native onboarding for the hackathon: real Sui wallet + keyless zkLogin sign-in, with the Sui address as on-chain identity. It also sets up address-owned namespaces and attribution receipts (the address becomes the owner/producer in the Move registry/receipt). Judges expect wallet connect; today's private-key paste is a non-starter for a Sui demo.

Dependencies

Account-model decision (delegate-as-identity vs real accounts + managed delegate). Pairs with the first-run onboarding issue. Downstream on-chain registry/receipt work uses this address as owner.

Part of the ContextMEM roadmap (#4) • Sui Overflow build.

Metadata

Metadata

Assignees

No one assigned

    Labels

    P0Demo-blocking: required for a working Sui Overflow demofeatureUser- or agent-facing capabilityonboardingUser and developer onboarding / first-run experiencesuiSui chain: tx signing, objects, wallet, zkLogin, explorer

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions