Report: Month 1
OpenSats progress report for January 5 - February 5, 2026.
Project: LaWallet NWC Period: January 5 – February 5, 2026 Grant: OpenSats — Fifteenth Wave of Bitcoin Grants
Summary
The first month focused on building a solid backend foundation. We exceeded the original scope by pulling work forward from Months 2 and 3 — delivering structured logging, JWT authentication, RBAC authorization, and full integration test coverage ahead of schedule. The result is a hardened, well-tested backend ready to support the SDK, dashboards, and new services planned for the coming months.
Stats: 118 files changed, 13,391 insertions, 3,215 deletions — 66 commits across 18 merged PRs.
What Was Delivered
Configuration & Environment
- Zod-based environment variable validation replacing raw
process.envaccess - Structured
AppConfigwith per-environment configuration and caching
Error Handling
ApiErrorclass hierarchy with typed error responseswithErrorHandlinghigher-order function applied to all 30 API routes
Structured Logging
- Pino logger with request context, correlation IDs, and configurable log levels
- Replaced all
console.log/console.errorcalls across the codebase
Authorization & Security
PR #168–PR #171, commit ee8629b
- RBAC model with four roles: USER < VIEWER < OPERATOR < ADMIN
- Prisma schema migration from string to enum for user roles
- Role management API endpoint with hierarchy validation
- Maintenance mode middleware with admin bypass
Input Validation
- Centralized Zod validation schemas for all API inputs
- Validation middleware applied to every route
Security Middleware
- Rate limiting for public endpoints
- Request size limits (body size and file upload constraints)
Testing Infrastructure
- Vitest 3.2.4 with MSW mock server, happy-dom, and coverage thresholds
- 12 unit test suites covering all lib utilities and auth functions
- 21 integration test files covering all 32 API route handlers (154 tests)
Framework Upgrade
- Next.js 16 with ESLint 9 flat config
- Migrated
@getalby/sdkto v7 andreact-resizable-panelsto v4
Epics Completed (7)
| Epic | Title | Closed |
|---|---|---|
| #128 | Bug Fixes & Critical Issues | Jan 15 |
| #129 | Error Handling & Infrastructure | Jan 15 |
| #131 | Configuration & Environment | Jan 15 |
| #130 | Logging & Observability | Jan 23 |
| #132 | Authorization & Security | Jan 30 |
| #133 | Security Middleware | Feb 5 |
| #134 | Testing Infrastructure | Feb 5 |
Next Quarter (Feb – Apr 2026)
With the backend foundation complete — including testing infrastructure, error handling, auth, and security middleware — the next quarter focuses on developer tooling and user-facing features. Month 2 wraps up CI/CD pipelines, a TypeScript Client SDK covering all 30 API endpoints, and a React Hooks package. Month 3 shifts to the frontend: enhancing the Admin Dashboard with user management and activity monitoring, adding Nostr login (NIP-07/NIP-46), and introducing Playwright E2E tests. Month 4 delivers the User Dashboard (profile, NWC connection, address management), launches the Courtesy NWC Proxy as a new containerized service, and adds white-label customization support.
See the full Roadmap for the 6-month timeline.
Links
- Repository: github.com/lawalletio/lawallet-nwc
- Full changelog: Month 1 Changelog
- Roadmap: Roadmap
- Architecture: Architecture