Security Fixes:
- Remove blinding factor from Commitment struct (was leaking secrets)
- Add per-installation unique salt for key derivation (was hardcoded)
- Add prominent security warnings to zkproofs.rs (demo-only crypto)
- Document that ZK implementation is for API demonstration only
Performance Fixes:
- Fix memory leak: category_embeddings now uses HashMap instead of Vec
- Add LRU-style eviction at 10k embeddings capacity
- Prevents unbounded memory growth that would crash browser
Code Quality:
- Add max_embeddings configuration option
- Better documentation for data structures
- Add security audit report and optimization guides
⚠️ IMPORTANT: The ZK proof cryptography is simplified for demonstration.
For production use, replace with bulletproofs, curve25519-dalek, merlin crates.
Implements a privacy-preserving financial learning system that runs entirely
in the browser using WebAssembly. Key features:
- PlaidLocalLearner: Browser-local ML engine with IndexedDB persistence
- Q-learning for budget optimization and spending recommendations
- HNSW vector index for semantic transaction categorization
- Spiking neural network for temporal pattern recognition
- Anomaly detection for unusual transaction flagging
- Zero data exfiltration - all learning stays client-side
Components:
- examples/edge/src/plaid/mod.rs: Core Rust learning algorithms
- examples/edge/src/plaid/wasm.rs: WASM bindings for browser
- examples/edge/pkg/plaid-local-learner.ts: TypeScript API wrapper
- examples/edge/pkg/plaid-demo.html: Interactive demo page
- examples/edge/docs/plaid-local-learning.md: Comprehensive documentation
Privacy guarantees:
- Financial data never leaves the browser
- Optional AES-256-GCM encryption for IndexedDB storage
- User can delete all data instantly
- No analytics, telemetry, or tracking
