docs: resolve Phase 1 design decisions and add emulator info
- Q1 RESOLVED: per-session wallet scope (Phase 3: optional sharing) - Q2 RESOLVED: invalidate keys on biometric change (intentional) - Q3 RESOLVED: testnet first, single config point for mainnet swap - Added Android emulator connection info (ADB + noVNC)
This commit is contained in:
parent
9ff2b0964a
commit
880454847e
1 changed files with 33 additions and 16 deletions
49
BLOCKERS.md
49
BLOCKERS.md
|
|
@ -24,28 +24,45 @@ When a developer with Android SDK runs this code:
|
|||
2. Run `./gradlew ktlintCheck --continue` and fix any code style issues
|
||||
3. Run `./gradlew :features:wallet:impl:test` to verify tests pass
|
||||
|
||||
## Questions Requiring Human Decision
|
||||
---
|
||||
|
||||
### Q1: Wallet Scope
|
||||
Currently using `SessionScope` for wallet bindings. Should wallets be:
|
||||
- Per-session (current implementation) - each Matrix account has its own wallet
|
||||
- App-wide (`AppScope`) - one wallet shared across Matrix accounts
|
||||
## Resolved Decisions
|
||||
|
||||
**Recommendation:** Per-session seems correct for a Matrix-integrated wallet.
|
||||
### Q1: Wallet Scope ✅ RESOLVED
|
||||
**Decision:** Per-session (each Matrix account has its own wallet)
|
||||
|
||||
### Q2: Key Storage Location
|
||||
Currently planning to use `EncryptedSharedPreferences` with Android Keystore.
|
||||
- Should keys be tied to biometric enrollment? (invalidated if biometrics change)
|
||||
- Or should keys persist even after biometric changes?
|
||||
Each Matrix session maintains its own independent wallet. This aligns with Matrix's account-centric model and provides proper isolation between accounts.
|
||||
|
||||
**Recommendation:** Keys should be invalidated on biometric changes for security.
|
||||
**Phase 3 Planned:** Optional wallet sharing between accounts — will be implemented as a user preference, not default behavior.
|
||||
|
||||
### Q3: Testnet vs Mainnet
|
||||
Phase 1 plan targets mainnet (`Constants.KOIOS_MAINNET_URL`).
|
||||
- Should we build testnet support initially for safer testing?
|
||||
- Or go straight to mainnet?
|
||||
### Q2: Key Storage on Biometric Change ✅ RESOLVED
|
||||
**Decision:** INVALIDATE keys and require re-authentication/re-setup
|
||||
|
||||
**Recommendation:** Testnet first for safer development, easy switch to mainnet later.
|
||||
When biometric enrollment changes (fingerprints added/removed, face re-enrolled, etc.), stored wallet keys are invalidated. Users must re-authenticate and re-setup their wallet access. This is **intentional security behavior, not a bug** — it prevents unauthorized access if a device is compromised or biometrics are changed by an attacker.
|
||||
|
||||
### Q3: Network Configuration ✅ RESOLVED
|
||||
**Decision:** TESTNET first, with easy mainnet swap
|
||||
|
||||
Development and initial testing will target Cardano testnet. The network configuration must be a **single constant or build flavor** — no scattered hardcoded values throughout the codebase.
|
||||
|
||||
Implementation requirements:
|
||||
- Single source of truth: `Constants.NETWORK_MODE` or build variant
|
||||
- All network-dependent URLs/configs derived from this single value
|
||||
- Clean swap to mainnet via config change or release build flavor
|
||||
- No hunting through code for hardcoded "testnet" strings
|
||||
|
||||
---
|
||||
|
||||
## Android Emulator
|
||||
|
||||
Development Android emulator is live and available:
|
||||
|
||||
| Service | Address |
|
||||
|---------|---------|
|
||||
| ADB | `192.168.0.5:5555` |
|
||||
| noVNC (browser access) | `http://192.168.0.5:6080` |
|
||||
|
||||
Connect via: `adb connect 192.168.0.5:5555`
|
||||
|
||||
---
|
||||
*Last updated: 2026-03-27*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue