oss.sarwagya.wtf

Compatibility

What CI actually proves, per engine and per runtime.

Every claim on this page is exercised by CI on every commit — the identity journey (generate → persist → reload → same ID → sign → verify → reset) runs in all three engines via Playwright.

FeatureChromiumFirefoxWebKit
Non-extractable Ed25519 keypairyesyesyes
Web Crypto baseline: Chrome 137+, Firefox 129+, Safari 17+.
Key persists across reloads (IndexedDB)yesyesyes
Structured clone of a non-extractable CryptoKey — the load-bearing assumption, proven in CI.
Challenge signing + server verificationyesyesyes
Proof signed in-browser, verified by the real server package in Node.
Deterministic signature bytesyesyesno
WebKit hedges Ed25519 signatures. Valid everywhere; byte-reproducible nowhere you should rely on.

Browsers

Chromium 137+, Firefox 129+, and Safari 17+ carry everything Ghost needs. Older browsers fail loudly and early: capabilities() reports supported: false with per-feature flags, and createGhost() throws a typed UNSUPPORTED or KEY_GENERATION_FAILED — never a silent fallback to weaker storage.

Private browsing generally works but the identity dies with the session in most modes — see identity durability.

Server runtimes

@0xsarwagya/ghost/server touches exactly one platform API: globalThis.crypto. Node 20+, Deno, Bun, and edge workers all provide it. Node 18.17+ works; Node 20+ is what CI runs and what we recommend.