MetaState-Prototype-Project
diff --git a/‎.env.example‎
Lines changed: 14 additions & 0 deletions b/‎.env.example‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎infrastructure/control-panel/src/routes/+layout.svelte‎
Lines changed: 31 additions & 10 deletions b/‎infrastructure/control-panel/src/routes/+layout.svelte‎
Lines changed: 31 additions & 10 deletions
diff --git a/‎infrastructure/dev-sandbox/src/routes/+page.svelte‎
Lines changed: 52 additions & 14 deletions b/‎infrastructure/dev-sandbox/src/routes/+page.svelte‎
Lines changed: 52 additions & 14 deletions
diff --git a/‎infrastructure/eid-wallet/package.json‎
Lines changed: 3 additions & 1 deletion b/‎infrastructure/eid-wallet/package.json‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎infrastructure/eid-wallet/src-tauri/gen/android/.idea/AndroidProjectSystem.xml‎
Lines changed: 0 additions & 6 deletions b/‎infrastructure/eid-wallet/src-tauri/gen/android/.idea/AndroidProjectSystem.xml‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎infrastructure/eid-wallet/src-tauri/gen/android/.idea/codeStyles/Project.xml‎
Lines changed: 0 additions & 123 deletions b/‎infrastructure/eid-wallet/src-tauri/gen/android/.idea/codeStyles/Project.xml‎
Lines changed: 0 additions & 123 deletions
diff --git a/‎infrastructure/eid-wallet/src-tauri/gen/android/.idea/codeStyles/codeStyleConfig.xml‎
Lines changed: 0 additions & 5 deletions b/‎infrastructure/eid-wallet/src-tauri/gen/android/.idea/codeStyles/codeStyleConfig.xml‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎infrastructure/eid-wallet/src-tauri/gen/android/.idea/compiler.xml‎
Lines changed: 0 additions & 6 deletions b/‎infrastructure/eid-wallet/src-tauri/gen/android/.idea/compiler.xml‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎infrastructure/eid-wallet/src-tauri/gen/android/.idea/deploymentTargetSelector.xml‎
Lines changed: 0 additions & 10 deletions b/‎infrastructure/eid-wallet/src-tauri/gen/android/.idea/deploymentTargetSelector.xml‎
Lines changed: 0 additions & 10 deletions
@@ -16,6 +16,15 @@ PROVISIONER_DATABASE_URL="postgres://postgres:postgres@localhost:5432/provisione
 PUBLIC_VERIFF_KEY="your-veriff-key"
 VERIFF_HMAC_KEY="your-veriff-hmac-key"
 
+# Didit KYC
+DIDIT_API_KEY="your-didit-api-key"
+DIDIT_WORKFLOW_ID="your-didit-workflow-id"
+DIDIT_WEBHOOK_SECRET="your-didit-webhook-secret"
+
+# Provisioner signing key (32-byte hex seed for ed25519)
+PROVISIONER_SIGNING_SEED="your-32-byte-hex-seed"
+PROVISIONER_KID="provisioner-1"
+
 # set this to allow or deny
 DUPLICATES_POLICY="DENY"
 IP_ADDR="localhost"
@@ -63,6 +72,11 @@ PUBLIC_APP_STORE_EID_WALLET=""
 PUBLIC_PLAY_STORE_EID_WALLET=""
 NOTIFICATION_SHARED_SECRET=your-notification-secret-key
 
+# Shared secret between eid-wallet frontend and evault-core provisioner
+# Backend reads PROVISIONER_SHARED_SECRET, wallet reads PUBLIC_PROVISIONER_SHARED_SECRET
+PROVISIONER_SHARED_SECRET="your-provisioner-shared-secret"
+PUBLIC_PROVISIONER_SHARED_SECRET="your-provisioner-shared-secret"
+
 PUBLIC_ESIGNER_BASE_URL="http://localhost:3004"
 PUBLIC_FILE_MANAGER_BASE_URL="http://localhost:3005"
 
 
@@ -79,26 +79,48 @@
 								// Fetch evaults if we have IDs
 								if (evaultsData) {
 									const evaultIds = JSON.parse(evaultsData);
-									if (Array.isArray(evaultIds) && evaultIds.length > 0 && typeof evaultIds[0] === 'string') {
-										const { EVaultService } = await import('$lib/services/evaultService');
+									if (
+										Array.isArray(evaultIds) &&
+										evaultIds.length > 0 &&
+										typeof evaultIds[0] === 'string'
+									) {
+										const { EVaultService } =
+											await import('$lib/services/evaultService');
 										const allEVaults = await EVaultService.getEVaults();
 										const evaultObjects = evaultIds
-											.map((id: string) => allEVaults.find((e: any) => (e.evault || e.ename || e.id) === id))
+											.map((id: string) =>
+												allEVaults.find(
+													(e: any) => (e.evault || e.ename || e.id) === id
+												)
+											)
 											.filter(Boolean);
-										sessionStorage.setItem('selectedEVaultsData', JSON.stringify(evaultObjects));
+										sessionStorage.setItem(
+											'selectedEVaultsData',
+											JSON.stringify(evaultObjects)
+										);
 									}
 								}
 
 								// Fetch platforms if we have URLs
 								if (platformsData) {
 									const platformUrls = JSON.parse(platformsData);
-									if (Array.isArray(platformUrls) && platformUrls.length > 0 && typeof platformUrls[0] === 'string') {
-										const { registryService } = await import('$lib/services/registry');
+									if (
+										Array.isArray(platformUrls) &&
+										platformUrls.length > 0 &&
+										typeof platformUrls[0] === 'string'
+									) {
+										const { registryService } =
+											await import('$lib/services/registry');
 										const allPlatforms = await registryService.getPlatforms();
 										const platformObjects = platformUrls
-											.map((url: string) => allPlatforms.find((p: any) => p.url === url))
+											.map((url: string) =>
+												allPlatforms.find((p: any) => p.url === url)
+											)
 											.filter(Boolean);
-										sessionStorage.setItem('selectedPlatformsData', JSON.stringify(platformObjects));
+										sessionStorage.setItem(
+											'selectedPlatformsData',
+											JSON.stringify(platformObjects)
+										);
 									}
 								}
 							} catch (error) {
@@ -107,8 +129,7 @@
 
 							// Navigate to monitoring
 							goto('/monitoring');
-						}}
-						>Start Monitoring</ButtonAction
+						}}>Start Monitoring</ButtonAction
 					>
 				</div>
 			{:else}
 
@@ -133,6 +133,20 @@ function setDebug(info: DebugInfo): void {
     lastDebug = info;
 }
 
+async function getPlatformToken(): Promise<string> {
+    const res = await fetch(
+        new URL("/platforms/certification", config.registryUrl).toString(),
+        {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ platform: config.platformName }),
+        },
+    );
+    if (!res.ok) throw new Error(`Platform token failed: ${res.status}`);
+    const data = (await res.json()) as { token: string };
+    return data.token;
+}
+
 async function ensurePlatformToken(identity: Identity): Promise<string> {
     const now = Date.now();
     if (
@@ -257,8 +271,7 @@ function escapeHtml(str: string): string {
         .replace(/</g, "&lt;")
         .replace(/>/g, "&gt;")
         .replace(/"/g, "&quot;")
-        .replace(/'/g, "&#39;")
-        .replace(/\//g, "&#47;");
+        .replace(/'/g, "&#39;");
 }
 
 function highlightJson(json: string): string {
@@ -284,34 +297,59 @@ function highlightJson(json: string): string {
 }
 
 async function loadMetaEnvelopes(): Promise<void> {
-    if (!selectedOntologyId || !selectedIdentity) return;
+    if (!selectedOntologyId) return;
+
+    const ename = inspectorEName.trim() || selectedIdentity?.w3id;
+    if (!ename) {
+        pageError = "Enter an eName or provision an identity first.";
+        return;
+    }
+
     pageLoading = true;
     pageError = null;
     try {
-        const token = await ensurePlatformToken(selectedIdentity);
-        const gqlUrl = `${selectedIdentity.uri.replace(/\/+$/, "")}/graphql`;
+        // Always get a platform token — metaEnvelopes requires Bearer auth
+        const token = await getPlatformToken();
+
+        // Resolve eVault URI
+        let gqlUrl: string;
+        const lookupEName = inspectorEName.trim();
+        if (!lookupEName && selectedIdentity) {
+            gqlUrl = `${selectedIdentity.uri.replace(/\/+$/, "")}/graphql`;
+        } else {
+            const resolveRes = await fetch(
+                new URL(`resolve?w3id=${encodeURIComponent(ename)}`, registryUrl).toString(),
+            );
+            if (!resolveRes.ok) throw new Error(`Registry resolve failed: ${resolveRes.status}`);
+            const resolveData = await resolveRes.json();
+            if (!resolveData.uri) throw new Error("Registry returned no URI for that eName.");
+            gqlUrl = `${resolveData.uri.replace(/\/+$/, "")}/graphql`;
+        }
+
         const useBefore = beforeCursor !== null;
         const query = useBefore
             ? "query ($ontologyId: ID!, $last: Int, $before: String) {\n  metaEnvelopes(filter: {ontologyId: $ontologyId}, last: $last, before: $before) {\n    edges { cursor node { id ontology parsed } }\n    pageInfo { hasNextPage hasPreviousPage startCursor endCursor }\n    totalCount\n  }\n}"
             : "query ($ontologyId: ID!, $first: Int, $after: String) {\n  metaEnvelopes(filter: {ontologyId: $ontologyId}, first: $first, after: $after) {\n    edges { cursor node { id ontology parsed } }\n    pageInfo { hasNextPage hasPreviousPage startCursor endCursor }\n    totalCount\n  }\n}";
         const variables = useBefore
             ? { ontologyId: selectedOntologyId, last: pageSize, before: beforeCursor }
             : { ontologyId: selectedOntologyId, first: pageSize, after: afterCursor };
+
+        const headers: Record<string, string> = {
+            "Content-Type": "application/json",
+            "X-ENAME": ename,
+        };
+        if (token) headers["Authorization"] = `Bearer ${token}`;
+
         const res = await fetch(gqlUrl, {
             method: "POST",
-            headers: {
-                "Content-Type": "application/json",
-                "X-ENAME": inspectorEName || selectedIdentity.w3id,
-                Authorization: `Bearer ${token}`,
-            },
+            headers,
             body: JSON.stringify({ query, variables }),
         });
         const json = await res.json();
+        if (json.errors?.length) throw new Error(json.errors[0].message);
         const data = json.data.metaEnvelopes;
         envelopes = data.edges.map(
-            (e: {
-                node: { id: string; ontology: string; parsed: unknown };
-            }) => e.node,
+            (e: { node: { id: string; ontology: string; parsed: unknown } }) => e.node,
         );
         pageInfo = data.pageInfo;
         totalCount = data.totalCount;
@@ -930,7 +968,7 @@ async function doSign() {
                         <button class="btn-secondary" disabled={schemasLoading} onclick={loadOntologies}>
                             {schemasLoading ? "Loading schemas…" : "Refresh schemas"}
                         </button>
-                        <button disabled={pageLoading || !selectedOntologyId} onclick={loadEnvelopes}>
+                        <button disabled={pageLoading || !selectedOntologyId || (!inspectorEName.trim() && !selectedIdentity)} onclick={loadEnvelopes}>
                             {pageLoading ? "Loading…" : "Load MetaEnvelopes"}
                         </button>
                     </div>
 
@@ -20,6 +20,7 @@
     "license": "MIT",
     "dependencies": {
         "@auvo/tauri-plugin-crypto-hw-api": "^0.1.0",
+        "@didit-protocol/sdk-web": "^0.1.6",
         "@hugeicons/core-free-icons": "^1.0.13",
         "@hugeicons/svelte": "^1.0.2",
         "@iconify/svelte": "^5.0.1",
@@ -46,6 +47,7 @@
         "svelte-loading-spinners": "^0.3.6",
         "svelte-qrcode": "^1.0.1",
         "tailwind-merge": "^3.0.2",
+        "ts-md5": "^2.0.1",
         "uuid": "^11.1.0",
         "wallet-sdk": "workspace:*"
     },
@@ -66,7 +68,7 @@
         "@tailwindcss/forms": "^0.5.10",
         "@tailwindcss/typography": "^0.5.16",
         "@tailwindcss/vite": "^4.0.14",
-        "@tauri-apps/cli": "^2.9.4",
+        "@tauri-apps/cli": "^2.10.0",
         "@types/node": "^22.13.10",
         "@vitest/browser": "^3.0.9",
         "@vitest/coverage-v8": "^3.0.9",