Prerequisites
- Node.js 18 or higher
- Bun (for compiling WASM artifacts)
- The
wranglerCLI if running the Vault Worker locally
Project layout
A typical HyperAuth app has three moving parts:
The signer and vault are loaded by
HyperAuthProvider from /enclave.wasm and /vault.wasm by default. You can serve them from your app’s public/ directory in development, or from a CDN such as Cloudflare R2 in production.
Compile the WASM artifacts
From the monorepo root:core/enclave/dist/enclave.wasm and core/vault/dist/vault.wasm. Copy them into your app’s public/ directory before starting the dev server:
Start the dev server
Run your app’s dev script:http://localhost:5173. The SDK’s defaults (/enclave.wasm, /vault.wasm, /api/bundler, /api/indexer) resolve against the same origin, so a proxy to the Vault Worker on port 8787 works without any additional configuration.
Run the Vault Worker locally
If your client needs the Vault Worker’s HTTP API (e.g. for/api/sessions or /api/dids), run it under wrangler:
http://localhost:8787. Add the secrets your local Worker requires to apps/vault/.dev.vars:
apps/vault/.dev.vars
Validate documentation links
If you’re editing this docs site, the Mintlify CLI can check for broken links:Troubleshooting
Worker fails to load enclave.wasm
Worker fails to load enclave.wasm
The most common cause is the WASM file is missing from
public/. Run bun run compile:wasm and copy the artifacts as shown above. If the file is present, check that your dev server is serving it with Content-Type: application/wasm — Vite handles this automatically; other bundlers may need a plugin.Vault locked after page reload
Vault locked after page reload
By default the vault auto-locks after 5 minutes of inactivity, and a page reload always loses in-memory state. Persist the encrypted database via
client.setAutoLockCallback or call client.exportVault({ password }) and store the result yourself. See Vault Management for the full workflow.