Egregoros integration expedition
A Field Guide to the Miniapp Forest
Walk through every host boundary one chapter at a time. Nothing happens silently: every disclosure, signature, draft, and permission remains visible and user controlled.
The gate in the old stone wall
On load we identify the exact Egregoros host, accept its private channel, and announce that this page is ready. The bootstrap contains no user identity and requires no user permission.
Not attempted yet.
The note pinned beneath a fern
Ask for the public note and exact URL that opened this journey. Treat every returned field as untrusted context, useful for display but never as authorization.
Not attempted yet.
The keeper of the brass key
The Phoenix backend registers one public client for this app and issuer, prepares S256 PKCE, and keeps every Egregoros token outside the iframe.
Not attempted yet.
The sealed letter returns
Redeem the one-time handoff with the verifier known only to this iframe, then ask the backend to verify the authenticated account without revealing its bearer token.
Not attempted yet.
The clearing where words may be changed
Prefill Egregoros’s own composer. You remain the editor and must submit the note yourself; afterward the app listens for its canonical publication receipt.
Not attempted yet.
The bell that rings only by invitation
Read transactional-message permission, request it through host-owned confirmation, then let the backend verify the exact recipient and declared app actor.
Not attempted yet.
The fox’s wax seal
Discover the chain, connect an account, and sign a clearly labeled personal message. This chapter never creates or broadcasts an Ethereum transaction.
Not attempted yet.
The path beyond the host’s lantern
Ask Egregoros to confirm an external destination. The iframe never receives a general popup or top-navigation capability.
Not attempted yet.
The map is folded at dusk
Review the completed checks, deliberately destroy the SDK channel, or close the host panel. Closing clears ephemeral launch state but never revokes OAuth or wallet grants.
Not attempted yet.