🎯 Misyon

Önerilen Temiz Stack (2026)

Kripto wallet platformu için güvenlik, performans, auditability ve developer velocity önceliğiyle hedef stack. Her katmanı tek tek yapıp tikliyoruz.

56%

tam karşılanan

10 ✅7 🟡1 ⬜

Katman	Önerilen	Bizim Durumumuz	Durum
Frontend	Next.js 15 (App Router) + React 19 + TypeScript	Next.js 14.2 + React 18.3 + TypeScript TypeScript tam. Next 15 / React 19 upgrade + App Router geçişi gerekiyor.	🟡 Kısmi
UI / Styling	Tailwind + shadcn/ui + Radix	Custom CSS + Tailwind (dep) + Radix Dialog + cmdk Tailwind & Radix kurulu ama ana stil custom globals.css; shadcn/ui yok.	🟡 Kısmi
State & Data	TanStack Query + Zustand / Jotai	TanStack Query v5 + Zustand v4 Öneriyi tam karşılıyor.	✅ Tamam
Wallet Library	viem + wagmi + @solana/web3.js	viem v2 ✅ ethers → viem geçişi tamamlandı (ethers bağımlılığı kaldırıldı); cüzdan üretimi/türetme test vektörleriyle doğrulandı. wagmi mimari gereği N/A (self-custody cüzdanız, dış cüzdana bağlanmıyoruz). Solana (@solana/web3.js) ayrı zincir özelliği — onchain-solana maddesinde izleniyor.	✅ Tamam
Backend	NestJS (modüler)	NestJS 10 (modüler) Öneriyi tam karşılıyor.	✅ Tamam
HTTP Adapter	Fastify	Fastify (platform-fastify) ✅ Express'ten Fastify'a geçildi (@fastify/helmet + @fastify/compress). Tüm endpoint'ler doğrulandı; geçiş sırasında bulunan çapraz-modül JWT guard DI hatası da düzeltildi.	✅ Tamam
API Style	REST + tRPC (opsiyonel)	REST + Swagger REST mevcut; tRPC opsiyonel.	✅ Tamam
Database	PostgreSQL + Prisma 7	PostgreSQL / SQLite + TypeORM PostgreSQL destekli ama ORM Prisma değil TypeORM.	🟡 Kısmi
Cache / Queue	Redis + BullMQ	Redis (ioredis) + cache-manager Redis bağlı (graceful); BullMQ kuyruğu yok.	🟡 Kısmi
Redis Cache	Redis cache-aside katmanı	ioredis + cache-manager (graceful) Redis bağlantısı graceful; JWT blacklist Redis kullanıyor. Tam cache-aside (CacheInterceptor) katmanı eksik + Redis lokalde çalışmıyor.	🟡 Kısmi
Rate Limiting	Throttler	@nestjs/throttler (10/s, 100/dk) ✅ ThrottlerModule app.module'da aktif — short (10/s) + medium (100/dk) limitleri.	✅ Tamam
Auth	Clerk / NextAuth v5 + Wallet Auth	JWT + Passport + Passkeys JWT oturum + logout blacklist + ✅ Passkey (WebAuthn) girişi var; kalan: Wallet Auth (Sign-In-with-Ethereum) + social login.	🟡 Kısmi
Security / Crypto	Argon2id + libsodium + viem signing	Argon2id + AES-GCM keystore + viem signing ✅ Argon2id parola hash (@node-rs/argon2, bcrypt'ten şeffaf migrasyon). ✅ Client-side AES-GCM/PBKDF2 keystore (Web Crypto — libsodium'un yerine native, ekstra dep yok). ✅ viem ile user-side imzalama.	✅ Tamam
2FA / OTP	TOTP + WebAuthn + Twilio (opsiyonel SMS)	TOTP (otplib) + WebAuthn/Passkeys ✅ TOTP aktif. ✅ WebAuthn/Passkeys (@simplewebauthn) — Settings'ten ekle, login'de passkey ile gir. Twilio SMS opsiyonel.	✅ Tamam
Container	Docker Compose (dev) → Kubernetes (prod)	Docker Compose (postgres+redis+backend+frontend+nginx) ✅ Prod compose deploy-hazır: tutarsız env adları düzeltildi, REDIS_PASSWORD bağlandı, .env.example'lar eksiksiz turnkey checklist. Kalan: Kubernetes (scale gerekince).	🟡 Kısmi
Web Server	Caddy / Nginx 1.26+	Nginx Nginx mevcut (prod).	✅ Tamam
Monitoring	Prometheus + Grafana + Sentry	— Henüz hata/metrik izleme yok.	⬜ Bekliyor
Tracing	OpenTelemetry distributed tracing	OpenTelemetry SDK + auto-instrumentation ✅ OTel SDK (src/tracing.ts) — HTTP+DB auto-instrumentation, korele traceId'ler doğrulandı. Graceful: varsayılan kapalı, TRACING_CONSOLE=true ile konsola / OTEL_EXPORTER_OTLP_ENDPOINT ile collector'a.	✅ Tamam

Alternatif / Opsiyonel Değişiklikler

Daha hafif / fullstackNext.js 15 + tRPC + Prisma (ayrı backend olmadan)

Maksimum performansDrizzle ORM (Prisma yerine)

Kurumsal / büyük ekipNestJS + Prisma (şu anki tercih)

Çok fazla chainThirdweb / Dynamic.xyz abstraction katmanı

Ekstra Güvenlik & Wallet Tavsiyeleri

Private key / seed asla backend'de saklanmaz✅ Tamam

Tüm transaction'lar user-side imzalanır✅ Tamam

Rate limiting + bot koruması🟡 Kısmi

MPC / Shamir Secret Sharing⬜ Bekliyor

Key rotation + secure enclave (WebAuthn + Passkeys)🟡 Kısmi

Bağımsız güvenlik denetimi (Certik / PeckShield)⬜ Bekliyor

Internal — Product Benchmark

Competitor Analysis

Feature matrix vs the 3 best-designed crypto wallets. Stars (★) mark our unique advantages. Dashed cells have notes — hover to read.

← Home

Wallet StudioUs

9/37

Zerion

34/37

Rainbow

29/37

Phantom

27/37

Design Benchmarks

Zerion

Best web portfolio manager

9/10

Clean dark theme, glassmorphism accents, micro-animations on every interaction. Token cards with live sparklines, protocol labels on transactions. The gold standard for web wallets.

100+ chainsWeb + Extension + Mobile

Rainbow

Best consumer UX

10/10

The most beautiful wallet. Fluid spring animations, gradient NFT cards, personalized colour themes per wallet. Pioneered the "wallet as identity" concept. Every tap feels delightful.

Ethereum ecosystemMobile-first + Web profile

Phantom

Best extension + multi-chain

9/10

Premium dark aesthetic, crisp icon system, seamless dApp connect flow. Excellent empty states and onboarding. Best swap UX with live price comparison across DEXes.

Solana + ETH + Polygon + BitcoinExtension + Mobile

Feature Matrix

✓ Has it ○ Partial ✗ Missing ★ Our advantage

Feature	Zerion	Rainbow	Phantom	Us ★
Core
Multi-chain wallet management	✓	○	✓	✓
Portfolio view with allocation %	✓	✓	✓	✓
Transaction history	✓	✓	✓	✓
Send crypto↑	✓	✓	✓	○
Receive (QR code)	✓	✓	✓	✗
Watch-only wallets (read-only)↑	✓	✓	✗	○
Discovery
Live token prices	✓	✓	✓	✗
Price sparkline / 7d chart	✓	✓	✓	✗
Token discovery / search	✓	✓	✓	✗
NFT gallery	✓	✓	✓	✗
DeFi positions (staking/LP)	✓	○	○	✗
Transactions
On-chain broadcast (real tx)	✓	✓	✓	✗
Gas fee estimation	✓	✓	✓	✗
Transaction labels / protocol tags	✓	○	○	✗
Built-in swap (DEX aggregator)	✓	✓	✓	✗
Cross-chain bridge	✓	✗	✗	✗
Address book / contacts	✓	✓	✓	✗
UX / Design
Dark mode	✓	✓	✓	✓
Mobile responsive web	✓	✓	○	✓
Micro-animations / transitions	✓	✓	✓	✗
Onboarding flow (guided)	✓	✓	✓	✗
Empty state illustrations	✓	✓	✓	✗
Keyboard shortcuts	✓	✗	✗	✗
Platform
Browser extension	✓	✗	✓	✗
Native mobile app (iOS/Android)	✓	✓	✓	✗
WalletConnect / dApp browser	✓	✓	✓	✗
Hardware wallet (Ledger/Trezor)	✓	✓	✓	✗
Fiat on-ramp (buy crypto)	✓	✓	✓	✗
ENS / domain name resolution	✓	✓	✓	✗
Push notifications	✓	✓	○	✗
Security
Non-custodial (keys on device)↑	✓	✓	✓	✗
Seed phrase backup flow	✓	✓	✓	✗
Biometric / PIN lock	✓	✓	✓	✗
Password-protected account	✓	✓	✓	✓
Self-hostable / open infra↑	✗	✗	✗	★
Open source codebase↑	✗	✓	✗	★
JWT session management	○	○	○	✓

Eksiklerimiz (28 özellik)

Öncelik sırasına göre — HIGH = rakiplerle temel parite için zorunlu.

HIGH8 özellik

Send crypto

UI var, on-chain broadcast yok

Core

Receive (QR code)

Core

Live token prices

Discovery

Price sparkline / 7d chart

Discovery

On-chain broadcast (real tx)

Transactions

Gas fee estimation

Transactions

Non-custodial (keys on device)

Şu an custodial (bakiye DB'de)

Security

Seed phrase backup flow

Security

MEDIUM11 özellik

Watch-only wallets (read-only)

Adres eklenebiliyor ama read-only flag yok

Core

Token discovery / search

Discovery

NFT gallery

Discovery

Transaction labels / protocol tags

Transactions

Address book / contacts

Transactions

Micro-animations / transitions

UX / Design

Onboarding flow (guided)

UX / Design

Native mobile app (iOS/Android)

Platform

ENS / domain name resolution

Platform

Push notifications

Platform

Biometric / PIN lock

Security

LOW9 özellik

DeFi positions (staking/LP)

Discovery

Built-in swap (DEX aggregator)

Transactions

Cross-chain bridge

Transactions

Empty state illustrations

UX / Design

Keyboard shortcuts

UX / Design

Browser extension

Platform

WalletConnect / dApp browser

Platform

Hardware wallet (Ledger/Trezor)

Platform

Fiat on-ramp (buy crypto)

Platform