Description
Description
Integrate the UCAN capability system into the x/dwn module for secure vault operations with granular permission control.
Requirements
- Define the capability hierarchy in genesis.proto:
- Root capability: "/vault"
- Sub-capabilities: sign, refresh, verify
- Add UCAN validation middleware to message handlers
- Implement capability checking for vault operations
- Create initialization logic to load capabilities on startup
- Add tests for capability verification
Context
The x/dwn module manages secure key vaults that require strict access control. Implementing UCAN capabilities will allow for delegation of specific vault operations without compromising security. This enables use cases like allowing limited signing capabilities while restricting key replacement or modification.
Dependencies
- UCAN protobuf definitions from sonr-io/crypto
- Common UCAN verification interface