Web Wallet¶
The XE web wallet is a browser-based application for managing accounts on the XE network. It supports sending and receiving assets, compute lease management, P2P chat, DAO governance, and state chain inspection -- all without a server-side backend holding keys.
Key properties¶
- Client-side keys -- seeds are encrypted with AES-GCM and stored in
localStorage. Decrypted keys exist only in memory during an active session. - Multi-wallet -- manage multiple accounts from a single interface, each with its own encrypted seed.
- Auto-receive -- a background poller detects and processes pending sends automatically.
- Offline signing -- all block signing and PoW computation happens in the browser. The wallet communicates with a node only for chain state and block submission.
Features¶
| Feature | Description |
|---|---|
| Send / Receive | Transfer XE and XUSD between accounts |
| Claim | Claim 100 XUSD from the testnet faucet (once per 24h) |
| Multi-asset balances | View XE and XUSD balances per wallet |
| P2P Chat | Encrypted messaging between accounts |
| Compute leasing | Request, monitor, and manage VM leases |
| DAO governance | Draft, sign, and submit state chain blocks |
| State inspector | Browse state chain blocks and KV state |
| Auto-receive | Background polling with automatic receive block creation |
| Wallet management | Create, import, rename, delete, and switch wallets |
Tech stack¶
| Component | Version | Purpose |
|---|---|---|
| SvelteKit | 2.0 | Application framework (with Svelte 5 runes) |
| Svelte | 5 | Reactivity and components |
| TailwindCSS | 4 | Styling |
| tweetnacl | -- | Ed25519 key generation, signing, verification |
| blakejs | -- | Blake2b for proof of work |
| adapter-static | -- | Static SPA output |
Security model¶
Seeds are encrypted at rest using AES-GCM with keys derived via PBKDF2 (100,000 iterations, SHA-256). Decrypted seeds live in memory only -- they are never written to disk or sent over the network.
A 5-minute idle timeout monitors user activity (mouse, keyboard, touch, scroll) and automatically locks the wallet when no activity is detected. Locking zeros out all in-memory seeds.
Browser security
The wallet trusts the browser environment. Users should ensure their device is free of malware and use a strong passphrase. The encrypted seeds in localStorage are only as secure as the passphrase protecting them.
See Security for the full encryption and session management specification.
Deployment¶
The wallet is built as a static SPA and served from a Docker container:
- Build stage: Node 22 Alpine installs dependencies and runs
npm run build - Runtime stage: Caddy 2 Alpine serves the output at the
/walletbase path
In production, Caddy serves the wallet's static files from /opt/xe/web/wallet/ at the /wallet/ path. See Deployment for the full setup.
See also¶
- Security -- AES-GCM encryption, session management, storage schema
- Features -- detailed feature reference
- Explorer -- the companion block explorer
- API Reference -- HTTP endpoints the wallet communicates with