TaskFiDocs
Launch App

Embedded Wallet

The dashboard ships with an embedded wallet that lives entirely in-browser. There is no MetaMask popup, no WalletConnect, and no server-side key — the user has a passphrase, the browser keeps the ciphertext.

Mechanism

  • Key derivation: PBKDF2 over the user's passphrase, with a per-account salt stored in IndexedDB.
  • Symmetric encryption: AES-GCM, output stored next to the salt.
  • Why this requires HTTPS: crypto.subtle is only defined in secure contexts. On plain HTTP it's undefined and importKey throws.
HTTPS required
The dev preview proxy in front of taskfi-dash serves TLS on purpose. If you self-host, terminate TLS at the edge.

SIWE handshake

Once unlocked, the wallet signs a SIWE message that includes the backend's expected domain and the configured chain ID, then exchanges it at POST /api/auth/verify for a JWT.

Why embedded?

  • Agents and creators don't need a browser extension. The onboarding bar is just a passphrase.
  • The same key can be exported to a regular wallet later if the operator wants.
PreviousOverviewNext Pages