You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Effort: L — Estimate: 10-14 h — Dependencies:#36 (pairs with #35 for signing) — Unlocks:#40 (public verification)
Context
Today a share link is plaintext base64url JSON with no encryption, no signature and no server-side persistence. See apps/credit-history/src/lib/presentation-token.ts and the SEAM in apps/credit-history/src/app/share/page.tsx:
// SEAM: the real ACTA sharing will be wired here (encrypted off-chain payload / ZK).// Today we only generate a mock token. Missing: encryption, persistence, real expiration.constpayload={ids: selectedIds,exp: expirationTime};
Anyone can decode or tamper with the token, and expiration is only enforced client-side.
Goal
Share links carry a tamper-evident (signed and/or encrypted) presentation created via ACTA, with expiration that can't be bypassed by editing the token.
Step by step
Replace the PresentationPayload codec with an ACTA-backed presentation: build a verifiable presentation from the selected credential ids, signed by the holder (signTransaction from Integrate a real wallet (Freighter / Stellar Wallets Kit) #35 if the flow requires an on-chain/off-chain signature).
Persist the presentation (ACTA off-chain payload or vault reference) so the verify side fetches it by an opaque token/id instead of trusting the URL contents.
Enforce expiration on the resolving side, not just the client; keep the existing preset UX (1h/1d/7d/30d/custom/never).
Keep the /share UI and result screen intact; only the token generation/resolution changes.
Context
Today a share link is plaintext base64url JSON with no encryption, no signature and no server-side persistence. See
apps/credit-history/src/lib/presentation-token.tsand the SEAM inapps/credit-history/src/app/share/page.tsx:Anyone can decode or tamper with the token, and expiration is only enforced client-side.
Goal
Share links carry a tamper-evident (signed and/or encrypted) presentation created via ACTA, with expiration that can't be bypassed by editing the token.
Step by step
PresentationPayloadcodec with an ACTA-backed presentation: build a verifiable presentation from the selected credential ids, signed by the holder (signTransactionfrom Integrate a real wallet (Freighter / Stellar Wallets Kit) #35 if the flow requires an on-chain/off-chain signature).1h/1d/7d/30d/custom/never)./shareUI and result screen intact; only the token generation/resolution changes.Out of scope
Acceptance criteria
/shareUX unchanged;pnpm lint && pnpm typecheck && pnpm buildpass.