feat: Add payment links feature and project documentation

Payment Links:
- Add payment link button to dashboard
- Fix payment history API to use wallet address parameter
- Add 'View My Links' button in create page
- Update hook imports in payment history page
- Add payment_links table schema to database

Documentation:
- Add comprehensive feature roadmap guide
- Document X-Ray Protocol and ZK technology
- Add honest project assessment
- Include implementation priorities and timeline

Author: Adwaitbytes

demo/docs/FEATURE_ROADMAP.md

@@ -0,0 +1,281 @@
+# STELLARAY - 100% HONEST ASSESSMENT
+
+**No bullshit. Just facts.**
+
+---
+
+## WHAT'S ACTUALLY DONE ✅
+
+### 1. Landing Page (`/`)
+- Beautiful UI with dark/light theme
+- Google sign-in button (redirects to waitlist when WAITLIST_MODE=true)
+- X-Ray Protocol information section
+- Network switcher (testnet/mainnet)
+- **STATUS: COMPLETE**
+
+### 2. Dashboard (`/dashboard`)
+- Google OAuth integration (NextAuth.js) - **WORKING**
+- Wallet generation from Google sub ID - **WORKING (but NOT real ZK)**
+- Balance display - **WORKING** (fetches from Stellar Horizon)
+- Transaction history - **WORKING** (fetches from Stellar Horizon)
+- Send XLM functionality - **WORKING** (real transactions on testnet)
+- Receive with QR code - **WORKING**
+- Fund with Friendbot - **WORKING** (testnet only)
+- XLM price display - **WORKING** (from CoinGecko/CoinPaprika)
+- X-Ray metrics display - **WORKING** (fetches blockchain events)
+- **STATUS: 90% COMPLETE** (missing real ZK)
+
+### 3. Explorer Page (`/explorer`)
+- ZK Proof Visualizer component - **UI ONLY** (displays mock/fetched data)
+- Gas Savings Comparison - **UI ONLY** (shows comparison charts)
+- Proof Timeline - **UI ONLY** (shows recent proofs)
+- Network Activity Monitor - **WORKING** (fetches real Horizon data)
+- BN254 Curve Explorer - **UI/EDUCATIONAL**
+- Proof Benchmark - **UI ONLY**
+- Privacy Calculator - **UI ONLY**
+- Identity Badge System - **UI ONLY**
+- **STATUS: 70% COMPLETE** (lots of UI, data is mostly mock)
+
+### 4. SDK Pages (`/sdk`, `/sdk-demo`, `/sdk-live`)
+- SDK documentation - **COMPLETE**
+- SDK import tests - **WORKING** (SDK imports successfully)
+- SDK instantiation - **WORKING** (can create ZkLoginClient)
+- **STATUS: COMPLETE** (but SDK not actually used for wallet creation)
+
+### 5. Payment Page (`/pay`)
+- Payment link generator - **WORKING**
+- Deep links to Lobstr wallet - **WORKING**
+- Stellar URI protocol - **WORKING**
+- **STATUS: COMPLETE**
+
+### 6. Components (14 total)
+| Component | Purpose | Real Data? |
+|-----------|---------|------------|
+| `ZKProofVisualizer` | Shows proof structure | Fetched from blockchain events |
+| `GasSavingsComparison` | WASM vs X-Ray gas | Calculated/mock |
+| `ProofTimeline` | Recent proof activity | Fetched from blockchain |
+| `ProofMetrics` | Verification stats | Aggregated from events |
+| `NetworkActivityMonitor` | Live blockchain activity | Real Horizon data |
+| `BN254CurveExplorer` | Educational curve viz | Static/calculated |
+| `ProofBenchmark` | Performance testing | Simulated |
+| `PrivacyCalculator` | Privacy metrics | Calculated |
+| `IdentityBadgeSystem` | Achievement badges | Mock data |
+| `AdvancedAnalyticsDashboard` | Analytics charts | Mock data |
+| `XRayStatusBadge` | Protocol status | API data |
+| `TransactionXRayBadge` | TX ZK status | Mock/derived |
+| `NetworkSwitcher` | Testnet/Mainnet toggle | Working |
+| `LoadingScreen` | Loading animation | Working |
+
+### 7. Backend APIs
+| Route | Status | Real? |
+|-------|--------|-------|
+| `/api/auth/[...nextauth]` | ✅ Working | Yes - Google OAuth |
+| `/api/price` | ✅ Working | Yes - CoinGecko/etc |
+| `/api/xray/events` | ✅ Working | Yes - Stellar Horizon |
+| `/api/xray/status` | ✅ Working | Partially real |
+| `/api/xray/metrics` | ✅ Working | Aggregated from events |
+
+### 8. Libraries
+| Library | Purpose | Status |
+|---------|---------|--------|
+| `lib/stellar.ts` | Stellar operations | ✅ Working |
+| `lib/soroban.ts` | Contract interactions | ⚠️ Defined but not fully used |
+| `lib/xray.ts` | X-Ray data fetching | ✅ Working |
+| `lib/db.ts` | Database utilities | ✅ Working |
+
+---
+
+## WHAT'S NOT DONE ❌
+
+### The Critical Missing Piece: ACTUAL ZK
+
+**Current wallet generation (NOT real ZK):**
+```typescript
+// lib/stellar.ts line 122-137
+export function generateWalletFromSub(sub: string): WalletKeys {
+  // This is just a hash, NOT zero-knowledge proof!
+  const data = encoder.encode(`stellar-zklogin-${sub}-${net}-v1`);
+  const hash = StellarSdk.hash(Buffer.from(data));
+  const keypair = StellarSdk.Keypair.fromRawEd25519Seed(hash);
+  return { publicKey: keypair.publicKey(), secretKey: keypair.secret() };
+}
+```
+
+**What SHOULD happen (real ZK):**
+```typescript
+export async function generateZkWallet(googleIdToken: string): Promise<ZkWallet> {
+  // 1. Get user salt from salt service
+  const salt = await saltService.getOrCreate(googleIdToken);
+
+  // 2. Generate ZK proof via prover service
+  const proof = await proverService.generateProof({
+    idToken: googleIdToken,
+    salt: salt,
+    maxEpoch: currentEpoch + 10,
+  });
+
+  // 3. Derive address from proof (deterministic)
+  const address = deriveAddressFromProof(proof);
+
+  // 4. Verify proof on-chain
+  await zkVerifierContract.verify(proof);
+
+  return { address, proof };
+}
+```
+
+### What's Missing:
+
+1. **Prover Service** - Server that generates ZK proofs
+   - Need to run ZK circuit (Groth16)
+   - CPU/GPU intensive
+   - ~$20K infrastructure cost
+
+2. **Salt Service** - Secure storage for user salts
+   - Need HSM/KMS backed storage
+   - Each user needs unique salt
+   - ~$10K infrastructure cost
+
+3. **Actual ZK Proof Generation** - The core feature
+   - SDK has the code but we're not calling it
+   - Need to connect frontend → prover → blockchain
+
+4. **On-Chain Verification** - Proving identity on Stellar
+   - Contract exists but not being called
+   - Need to submit proofs to ZK Verifier contract
+
+---
+
+## REAL VS FAKE DATA
+
+| Feature | Data Source | Real? |
+|---------|-------------|-------|
+| Wallet address | Hash of Google sub | ❌ Not real ZK |
+| Balance | Stellar Horizon API | ✅ Real |
+| Transactions | Stellar Horizon API | ✅ Real |
+| Send/Receive | Stellar SDK | ✅ Real |
+| XLM Price | CoinGecko/CoinPaprika | ✅ Real |
+| X-Ray Events | Stellar Horizon operations | ✅ Real (but not ZK-specific) |
+| Proof Visualizer | Derived from tx hashes | ⚠️ Derived, not actual proofs |
+| Gas Comparisons | Calculated estimates | ⚠️ Estimates, not measured |
+| Badge System | Mock data | ❌ Fake |
+| User count/stats | Mock data | ❌ Fake |
+
+---
+
+## HONEST SUMMARY
+
+### What You Can Demo:
+1. Sign in with Google ✅
+2. Get a Stellar wallet address ✅
+3. Fund it with testnet XLM ✅
+4. Send/receive real transactions ✅
+5. See real balance and history ✅
+6. Show X-Ray protocol info ✅
+7. Show blockchain activity ✅
+
+### What You CANNOT Demo:
+1. Actual ZK proof generation ❌
+2. On-chain proof verification ❌
+3. Privacy-preserving authentication ❌
+4. The core "zkLogin" feature ❌
+
+### The Hard Truth:
+**You have a working Stellar wallet with Google login. But it's NOT using zero-knowledge proofs. The wallet is generated from a simple hash of the Google ID, which means:**
+
+- Google (or anyone with the ID token) could derive your wallet
+- There's no cryptographic privacy
+- The "ZK" part is marketing, not implementation
+
+---
+
+## WHAT NEEDS TO BE BUILT
+
+### Priority 1: Prover Service (2-3 weeks)
+- Rust or Node.js service
+- Generates Groth16 proofs
+- Uses the zkLogin circuit
+- Deployed on AWS/GCP with GPUs
+
+### Priority 2: Salt Service (1 week)
+- Simple API with KMS-backed storage
+- Associates Google sub → unique salt
+- Needs to be secure (HSM ideal)
+
+### Priority 3: Frontend Integration (1 week)
+- Replace `generateWalletFromSub` with actual ZK flow
+- Call prover service
+- Submit proofs to blockchain
+
+### Priority 4: Testing & Security (2 weeks)
+- End-to-end testing
+- Security audit
+- Edge case handling
+
+**Total time to real ZK: 6-8 weeks with dedicated work**
+
+---
+
+## FOR STELLAR PITCH
+
+### Be Honest:
+> "We've built a production-ready wallet frontend with working Stellar integration. The SDK is imported and tested. What we need is funding to build the backend infrastructure - the prover service and salt management - to enable actual ZK proof generation."
+
+### Show What Works:
+1. Live demo of Google sign-in → wallet
+2. Real transactions on testnet
+3. SDK import and instantiation tests
+4. Beautiful UI/UX
+
+### Admit What Doesn't:
+1. ZK proofs not actually generated yet
+2. Need backend services
+3. 6-8 weeks to full ZK implementation
+
+### The Ask:
+> "$150K to complete ZK integration, run security audit, and launch on mainnet in 6 months."
+
+---
+
+## IMPROVEMENTS TO MAKE PROJECT MORE IMPRESSIVE
+
+### Quick Wins (1-2 days each):
+1. Add real user count from database
+2. Add real transaction volume metrics
+3. Better error handling
+4. Mobile responsive fixes
+
+### Medium Effort (1 week each):
+1. Build basic prover service (even if slow)
+2. Add transaction history export
+3. Add multi-asset support (USDC, etc.)
+4. Add address book feature
+
+### Big Features (2-4 weeks each):
+1. **Full ZK integration** - THE priority
+2. Social recovery system
+3. Gas abstraction (pay fees in USDC)
+4. Multi-chain support
+
+---
+
+## FINAL HONEST VERDICT
+
+**What you have:**
+- A good-looking Stellar wallet
+- Working Google OAuth
+- Real blockchain integration
+- Nice UI components
+
+**What you don't have:**
+- Actual zero-knowledge proofs
+- The core differentiating feature
+- What makes this different from any other wallet
+
+**Bottom line:**
+The project is about 40% done for the core ZK feature, but 90% done for a basic Google-login Stellar wallet. The ZK part is the hard part and the valuable part.
+
+---
+
+*Document created: January 2025*
+*This is the honest truth. Build on it.*

demo/docs/HONEST_ASSESSMENT.md

@@ -11,25 +11,6 @@ import {
   getPaymentLinkStats,
   getPaymentLinkUrl,
 } from '@/lib/paymentLinks';
-import { generateWalletFromSub } from '@/lib/stellar';
-
-// Helper to parse JWT and get sub
-function parseJwt(token: string): any {
-  try {
-    const base64Url = token.split('.')[1];
-    const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
-    const jsonPayload = decodeURIComponent(
-      Buffer.from(base64, 'base64')
-        .toString('utf-8')
-        .split('')
-        .map((c) => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2))
-        .join('')
-    );
-    return JSON.parse(jsonPayload);
-  } catch {
-    return null;
-  }
-}
 
 export async function GET(request: NextRequest) {
   try {
@@ -42,29 +23,20 @@ export async function GET(request: NextRequest) {
       );
     }
 
-    // Get user's wallet address from session
-    // We need to derive it the same way as in useZkWallet
-    let creatorAddress = '';
-
-    // Try to get from session if available
-    if (session.idToken) {
-      const claims = parseJwt(session.idToken);
-      if (claims?.sub) {
-        const network = request.nextUrl.searchParams.get('network') || 'testnet';
-        const wallet = generateWalletFromSub(claims.sub, network as any);
-        creatorAddress = wallet.publicKey;
-      }
-    }
+    // Get wallet address from query parameter (passed from client)
+    const creatorAddress = request.nextUrl.searchParams.get('address');
 
-    // If we couldn't get the address, try the email-based lookup
-    if (!creatorAddress && session.user.email) {
-      // For now, we'll search by email instead
-      // This is a fallback - in production, store the address in the session
+    if (!creatorAddress) {
+      return NextResponse.json(
+        { error: 'Wallet address required' },
+        { status: 400 }
+      );
     }
 
-    if (!creatorAddress) {
+    // Validate Stellar address format
+    if (!creatorAddress.startsWith('G') || creatorAddress.length !== 56) {
       return NextResponse.json(
-        { error: 'Could not determine wallet address' },
+        { error: 'Invalid wallet address format' },
         { status: 400 }
       );
     }

demo/src/app/api/pay/history/route.ts

@@ -31,6 +31,7 @@ import {
   Code,
   Lock,
   Fingerprint,
+  Link2,
 } from "lucide-react";
 import Link from "next/link";
 import { XRayStatusBadge } from "@/components/XRayStatusBadge";
@@ -605,7 +606,7 @@ export default function Dashboard() {
                 </div>
 
                 {/* Actions */}
-                <div className="grid grid-cols-3 gap-4">
+                <div className="grid grid-cols-2 sm:grid-cols-4 gap-4">
                   <button
                     onClick={() => setShowSendModal(true)}
                     className="group relative"
@@ -626,6 +627,16 @@ export default function Dashboard() {
                       <span className="text-sm">RECEIVE</span>
                     </div>
                   </button>
+                  <button
+                    onClick={() => router.push('/pay/create')}
+                    className="group relative"
+                  >
+                    <div className="absolute inset-0 bg-[#0066FF] translate-x-1 translate-y-1 group-hover:translate-x-2 group-hover:translate-y-2 transition-transform" />
+                    <div className={`relative flex flex-col items-center gap-2 p-4 ${isDark ? 'bg-[#0A0A0A]' : 'bg-[#F5F5F5]'} border-4 border-[#0066FF] font-black group-hover:-translate-x-1 group-hover:-translate-y-1 transition-transform`}>
+                      <Link2 className="w-6 h-6 text-[#0066FF]" />
+                      <span className="text-sm">PAY LINK</span>
+                    </div>
+                  </button>
                   <button
                     onClick={exportTransactions}
                     disabled={transactions.length === 0}