Identity app — shippability audit 2026-05-22

[linear]

Identity app — shippability audit 2026-05-22

Parallel to DEM-707 (Incentives app — shippability audit). Ties back to umbrella DEM-695. Auditor: Nesy-Claude (KYN-206).

Repo identification (HIGH)

• identity.demos.sh is served by kynesyslabs/incentives. The repo name says "incentives" but package.json#name = "identity", index.html title is IDENTITY, and the live bundle string-matches confirm it. (HIGH)
• The umbrella's other "identity" repos are not the deployed app:
  • kynesyslabs/demos-identity-verify (Next.js) backs verify.demos.sh, not identity.demos.sh. (HIGH)
  • kynesyslabs/demos-identity-verify-backend is the verify app's API backend. (HIGH)
  • kynesyslabs/8004agentidentity is a separate standalone Vite app, not deployed at identity.demos.sh. (HIGH)

Summary table

Dimension	Finding	Confidence
Active branch	dev is where work happens; main last touched 2026-01-22 (PR #65), ~4 months stale.	HIGH
Last 20 commits on main	4 months ago. Last activity: Nomis integration merge (PR #58, #65) on 2026-01-22. No code reached main since.	HIGH
Last 20 commits on dev	5/19 TLSN identity-flow hardening (PR #77) • 5/18 TLSN error/fee gating fixes • 4/15 seed-phrase wallet connect (PR #75) • 4/13 Ethos card + Human Passport guidance (PR #74) • 4/09 Human Passport + Ethos identity merged (PR #66/#68) • 4/08 Dockerized OAuth backend, stateless OAuth state, TLSN nginx routing (PR #73) • 4/02 OAuth-TLSN flow integration (PR #70) • 3/25 demosdk → 2.11.4.	HIGH
Open PRs	2 open. #76 "[WIP] Feature/identity cards" (Sergey, base dev, opened 2026-04-16 — 5 weeks stale). #61 "Added ERC-8004 agent identity linking UI" (Sergey, base dev, opened 2026-01-09 — ~4.5 months stale).	HIGH
Tests	No tests in repo. No test script in package.json. No *.test.ts / *.spec.ts. No vitest/jest dev dep.	HIGH
CI / GitHub Actions	No .github/workflows directory (404 on the contents API). No CI gating on PR merge.	HIGH
Production deploy	https://identity.demos.sh HTTP 200, served by nginx, asset index-CRwgRWw9.js Last-Modified: 2026-04-09. Matches dev HEAD around Human Passport merge 3297d3b (2026-04-09T08:11Z).	HIGH
Production vs dev	Prod is ~6 weeks behind dev. Missing: seed-phrase wallet connect (#75), Ethos card visibility fix (#74), TLSN identity flow hardening (#77 — fee gating, preflight, wallet auto-reconnect).	HIGH
Production vs main	Prod is ~3.5 months ahead of main. main is effectively abandoned as a release branch; promote dev → main or stop pretending main exists.	HIGH
Deploy mechanism	Repo has Dockerfile, docker-compose.yml, nginx.conf, firebase.json, .firebaserc, deploy.sh / deploy-quick.sh / deploy-fresh.sh. Likely manual deploy from dev.	MEDIUM
Verifier sub-service	verifier/ Fastify service on port 4000 for Cloudflare Turnstile token validation; documented in README.	HIGH
OAuth backend	Dockerized OAuth backend introduced 2026-04-08 (PR #73); stateless OAuth state; TLSN traffic routed via nginx. Confirms OAuth backend is a separate runtime, not part of the SPA.	HIGH

ERC-8004 / OAuth-TLSN integration matrix

Identity flow	Repo state	Production (identity.demos.sh)	Confidence
Discord (OAuth + TLSN)	Merged into dev 2025-12-25 (df1e458 "Switched Discord identity to OAuth flow"), then briefly reverted (PR #56), then re-landed via OAuth+TLSN integration PR #70 (2026-04-02) and Dockerized OAuth backend PR #73 (2026-04-08).	Wired live. Bundle references getDemosIdsByWeb2Identity(c, "discord", …), discord.com/channels/<guildId>/..., /home/discord.svg card.	HIGH
GitHub (OAuth + TLSN)	Same PR #55 → revert → PR #70 path. Bundle still carries gist-based fallback strings (gist.github.com, gist.githubusercontent.com, raw.githubusercontent.com) alongside OAuth handlers.	Wired live, with gist-format strings retained as a web2.formats entry (legacy or fallback path — worth a code-level check before claiming pure OAuth).	HIGH on wired / MEDIUM on whether gist path is dead
Twitter (OAuth + TLSN)	Branch feat/twitter-oauth exists, not yet merged into dev. Bundle carries twitter:["https://x.com"] in web2.formats, getDemosIdsByTwitter, and linkedSocials.twitter.	Partially wired: twitter identity can be displayed/linked, but a dedicated OAuth flow PR has not landed. Likely still using older TLSN-against-x.com proof path.	MEDIUM
Telegram	Telegram identity flow shipped earlier; PR #62 (hide-telegram-linking-card) merged 2026-01-19 — card is intentionally hidden in the UI.	Backend logic still wired (getDemosIdsByTelegram, telegram challenge auth in bundle), UI card hidden.	HIGH
TLSN base layer	tlsn_request / tlsn_store SDK operations, TLSN nginx routing landed in PR #73 (2026-04-08); TLSN identity-flow hardening (fee gating, preflight, wallet auto-reconnect) landed in dev 2026-05-19 (PR #77).	TLSN base layer wired in prod (2026-04-09 build); the 2026-05-18/19 hardening is NOT in prod yet — known production gap.	HIGH
ERC-8004 agent identity	PR #61 open since 2026-01-09 against dev, never merged. Standalone Vite app exists at kynesyslabs/8004agentidentity (HEAD 2026-01-12) targeting Base Sepolia contracts 0x8004…Fb / …41BF / …2d55. Parent DEM ticket DEM-470 was canceled 2026-05-21.	Not wired into identity.demos.sh.	HIGH
Nomis Identity / Score	Landed dev → main 2026-01-22 (PR #58 + follow-ups). Wallet-extension Nomis integration on feat-nomis-integration (2026-01-05).	Wired live.	HIGH
Unstoppable Domains	UI references linkedUDDomains and Unstoppable card; backed by kynesyslabs/ud_demos_caching_system.	Card visible in prod bundle.	MEDIUM
Ethos Identity	PR #68 merged 2026-04-09 (Ethos identity integration), follow-up PR #74 (Ethos card visibility) 2026-04-13.	Ethos integration likely wired in prod based on 2026-04-09 deploy timestamp, but visibility fix (#74) is after the deploy and may not be live.	MEDIUM
Human Passport	PR #66 merged 2026-04-09 (Human Passport integration).	Probably in prod (build is 2026-04-09 same day) but uncertain whether the merge made it into the deployed bundle. Needs a one-shot check on the live site.	MEDIUM

Risk findings

• No CI, no tests, hand-deploy. Any merge to dev ships with whatever the local builder produces; there is no automated gate. (HIGH)
• main is dead (4 months stale). Deploys ride dev. Anyone reading main to understand the shipping app gets a 4-month-old view. (HIGH)
• 6-week prod lag. Live build (2026-04-09) is missing 5–6 weeks of dev work, including the 2026-05-18 TLSN hardening (fee gating, preflight, wallet auto-reconnect). If TLSN identity flow is failing in production today, the fix already exists on dev but has not been deployed. (HIGH)
• Stale PR Draft a minimal pseudocode for creating a script #61 (ERC-8004) sits open since 2026-01-09 while parent DEM-470 was canceled — either merge & ship or close the PR. (HIGH)
• Stale PR New peers #76 (Identity cards WIP) marked WIP since 2026-04-16; no recent activity. (MEDIUM)

Top 3 items most ready to ship this week (ranked)

1. Deploy dev **→ **identity.demos.sh to close the 6-week production lag. Pulls in TLSN identity flow hardening (PR Nodes cannot crash due to peers going offline #77 — fee gating, preflight, wallet auto-reconnect), seed-phrase wallet connect (PR Adjusting full screen experience for onboarding #75), Ethos card visibility fix (PR Flow - DemosWork parsing #74). All four PRs are already merged into dev. Pure deploy operation — no code changes required. (HIGH — verified by build timestamp + merge log.) Owner candidate: TheCookingSenpai (has been authoring the merges).
2. Promote dev → main and adopt main as the release branch. Either rebase/merge dev to main now (and document dev as release-candidate) or formally retire main. Picking either is a 1-hour task; the current "main is 4 months stale" state is misleading to anyone reading the repo. (HIGH on the gap, MEDIUM on the right resolution — board decision on branch strategy.)
3. Close out PR Draft a minimal pseudocode for creating a script #61 (ERC-8004 agent identity) one way or the other. DEM-470 is canceled, so the parent intent is gone. Options: (a) close PR Draft a minimal pseudocode for creating a script #61 and rely on the standalone kynesyslabs/8004agentidentity Vite app, or (b) revive DEM-470 with a fresh scope and merge a hardened version of Draft a minimal pseudocode for creating a script #61. Either resolution unblocks repo hygiene. (HIGH — DEM-470 cancellation is verifiable.)

Honorable mention (not in top 3, ship-next): Add a minimum CI pipeline (typecheck + lint + build smoke) under .github/workflows/ — there is currently none. Low risk, high signal. (HIGH on current absence, MEDIUM on effort.)

Notes / open questions

• Where does identity.demos.sh actually get deployed from? Repo has Dockerfile, docker-compose.yml, firebase.json, .firebaserc, nginx.conf, and three deploy*.sh scripts. Nothing in the repo names the actual host. Action: ask infra owner before recommending a deploy mechanism. (LOW confidence — can be answered in one Slack/Linear thread.)
• PR New peers #76 (identity-cards WIP) — pause/cancel decision should rest with Sergey or whoever owns the identity UI refactor.

Method / evidence

• gh api repos/kynesyslabs/incentives/commits?sha=dev&per_page=25
• gh api repos/kynesyslabs/incentives/pulls?state=open
• gh api repos/kynesyslabs/incentives/branches?per_page=30
• gh api repos/kynesyslabs/incentives/contents/{package.json,index.html,vite.config.ts,README.md}
• curl -sIL https://identity.demos.sh + bundle download + grep for feature strings (Discord/GitHub/Twitter/Telegram/Nomis/TLSN/8004/Turnstile/Ethos/Passport)
• Linear DEM-695 children state via GraphQL