Throwaway dev frontend
Not production. Keys are stored unencrypted in
localStorage. Recovery files are plain JSON. WebAuthn + recovery codes
are deliberately out of scope here — the goal is to exercise the
accounts + chain-api signup → contract-deploy → MCP-CUSTODY flow.
Pages:
- /signup — generate two ed25519 keys, create org+user+contract.
- /login — sign in with email + password.
- /import — restore an account from a recovery file.
- /account — current local state (keys, contract address).
- /oauth-callback — destination for the MCP-CUSTODY OAuth test flow.