Passkey-only login/register MVP for an agentic crypto wallet.
- Backend: Cloudflare Workers + Hono + D1
- Frontend: React + Vite + TypeScript
- Passkey:
@simplewebauthn/server+@simplewebauthn/browser
- Passkey register/login (no Google login)
- Step-up payment verification with passkey (
userVerification=required) - Session token issued by Worker
- User wallet bootstrap on first registration:
- server-generated EOA key, encrypted-at-rest
- EOA address reused across Ethereum/Base/BNB/Arbitrum/Optimism/Polygon
- EIP-7702 orchestration via
@biconomy/abstractjsfor gasless-capable flows
- Supported chains API: Ethereum, Base, BNB Chain, Arbitrum, Optimism, Polygon, Tron, Solana, Bitcoin
- Agent recommendation API stub
apps/api: Worker API (also serves built frontend assets in production)apps/web: React appapps/webapp: 独立的 Agent 后台工程,构建后会挂到同域/ops/
- Edit
apps/api/src/config/appConfig.tsto control:supportedChains: which chains are supporteddefaultReceiveTokens: which tokens are shown by default in receive flow
- Install dependencies
npm install- Configure Worker env and D1
- Edit
apps/api/wrangler.toml:database_id
- Create local vars:
cp apps/api/.dev.vars.example apps/api/.dev.vars
cp apps/web/.env.example apps/web/.env
cp apps/webapp/.env.example apps/webapp/.env- Update
apps/api/.dev.vars:SIM_API_KEYBGW_API_KEY/BGW_API_SECRET(optional, defaults to Bitget Wallet public demo credentials)COINGECKO_API_KEY(optional, public free tier works without key)COINGECKO_API_BASE_URL(optional, usehttps://pro-api.coingecko.com/api/v3for pro key)COINGECKO_USER_AGENT(recommended, e.g.AgenticWallet-MVP/0.1 (...))ADMIN_API_TOKEN(optional, enables/v1/admin/*management APIs without passkey/session)ETHEREUM_RPC_URLBASE_RPC_URLBNB_RPC_URLARBITRUM_RPC_URLOPTIMISM_RPC_URLPOLYGON_RPC_URLBICONOMY_API_KEY(required for cross-chain stablecoin transfer quote/execute)BICONOMY_API_BASE_URL(optional, defaults tohttps://api.biconomy.io)
- Optional LLM settings:
- Direct Gemini call on Cloudflare AI Gateway:
LLM_PROVIDER=geminiLLM_MODEL=gemini-2.5-flashLLM_BASE_URL=https://gateway.ai.cloudflare.com/v1/<ACCOUNT_ID>/<GATEWAY_ID>/google-ai-studioCF_AIG_TOKEN=<your gateway token>
- OpenAI primary with Gemini fallback on the same Cloudflare AI Gateway:
LLM_PROVIDER=openaiLLM_BASE_URL=https://gateway.ai.cloudflare.com/v1/<ACCOUNT_ID>/<GATEWAY_ID>/openaiLLM_MODEL=gpt-4.1-nanoLLM_FALLBACK_PROVIDER=geminiLLM_FALLBACK_MODEL=gemini-2.5-flashCF_AI_GATEWAY_ACCOUNT_ID=<ACCOUNT_ID>CF_AI_GATEWAY_GATEWAY_ID=<GATEWAY_ID>CF_AIG_TOKEN=<your gateway token>
- Or keep default OpenAI route by leaving
LLM_PROVIDER=openaiand settingLLM_API_KEY.
- Direct Gemini call on Cloudflare AI Gateway:
- Set secrets:
cd apps/api
npx wrangler secret put APP_SECRET
npx wrangler secret put WEBAUTHN_RP_NAME- Apply local D1 migrations
cd apps/api
npx wrangler d1 migrations apply agentic_wallet_db --local- Run backend
npm run dev:api- Run frontend (new terminal)
npm run dev:web- Build and open the admin console
npm run build:web
npm run build:webapp
npm run dev:apiThen open:
- User app:
http://127.0.0.1:8787/ - Agent ops console:
http://127.0.0.1:8787/ops/
Notes:
/ops/now uses admin-token auth instead of passkey auth.- Set
ADMIN_API_TOKENinapps/api/.dev.vars, then paste the same token into the/ops/login screen. - The admin console currently has two views:
User Agent: browse different users and inspect each user's useragent state.Topic Agent: inspect global topic-generation pipeline jobs and recent topic articles.
/v1/admin/*routes no longer reuse user session auth; they accept an admin token viaAuthorization: Bearer <ADMIN_API_TOKEN>(or legacyX-Topic-Special-Admin-Token).
- Build frontend assets
npm run build:web
npm run build:webapp- Deploy Worker (Hono API +
apps/web/distassets, including/ops/)
npm run deploy:workerNotes:
- Worker static assets are configured in
apps/api/wrangler.tomlunder[assets]. - API routes stay on
/v1/*, static routes are served from the same domain. - In production, keep
VITE_API_BASEempty so frontend calls same-origin APIs.
- This is MVP code and not production-hardening.
- Passkey requires HTTPS in production.
- WebAuthn
originandrpIdare derived from each incoming request (origin+hostname), so frontend and API should be served on the same host for passkey flows. - Wallet creation now uses backend-generated EOA addresses for EVM chains, with EIP-7702/MEE execution for orchestrated flows.
GET /v1/market/top-assetssupportsname(topGainers|topLosers|topVolume|marketCap|trending),source(auto|coingecko|bitget), and optionalcategory.POST /v1/market/coingecko/platforms/syncsyncs CoinGeckocoins/list?include_platform=trueinto local D1 (incremental write: changed rows only).GET /v1/market/coingecko/platforms/sync-statusreturns last sync metadata.- Strategy:
- Top assets: CoinGecko first, Bitget fallback (only for list types Bitget supports).
- Token detail and kline: Bitget.