Process

Engineering approach

Socialbridge is delivered through repeatable guardrails: modular packages, pre-flight simulation, a token-based design system, and layered automated test lanes.

Architecture guardrails

The wallet ships as a modular stack of packages (core, domain, network, crypto runtime) so presentation layers stay thin and replaceable. A dual-vault model keeps secrets sealed — keys live in the secret vault, while the app vault stores confidential metadata such as account lists and history.

  • Clear separation of secret vault, app vault, blockchain drivers, and experience layer
  • Strict import direction (app → features → domain → infra → shared)
  • Definition-of-done checklists for every module before it reaches users

Cryptography stack

The vault encrypts every secret with libsodium primitives: Argon2id derives device-bound keys, and XChaCha20-Poly1305 keeps the ciphertext authenticated even if storage is copied. Per-record salts and nonces come from the OS CSPRNG, so the same secret never encrypts to the same bytes twice.

  • Argon2id hardening with tuned memory/time costs resists brute-force on stolen backups
  • XChaCha20-Poly1305 authenticated encryption with 192-bit nonces prevents tampering and replay
  • Audited constant-time implementations with built-in secure wipe

Pre-flight simulation & risk gates

Before a TON transaction is broadcast, the wallet replays it through a local sandbox virtual machine. Users see final balances, money paths, and excess refunds with full fidelity, without sending real funds during the preview step.

  • Full-chain sandbox emulator reproduces contract execution without broadcasting
  • Money-path inspector shows every hop, return, and jetton mint
  • Risk engine issues bounce verdicts and compensation hints in plain language

Design system & theming

The UI is driven by a runtime design-token system (spacing, radius, color, motion) backed by an allowlist, so design changes stay atomic and reversible. A theme editor for design iteration is available as a developer-only tool.

  • Runtime CSS variable graph keeps styling consistent across surfaces
  • Shared UI package powers both the web wallet and the Telegram Mini App
  • Token allowlist validation guards against ad-hoc hardcoded values

Quality discipline

Features ship behind layered automated tests and a mandatory pre-push gate. Each change carries a checklist and a rollback path so regressions are easy to detect and unwind.

  • Unit, integration, and scenario suites across vault logic, DeFi flows, and UI contracts
  • End-to-end lanes for both the web wallet and the Telegram Mini App
  • Pre-push test gate plus security checks before code is published
Back to main page What's delivered