• Architecture & Vision
• Executive Summary
• Background
• Problem Statement
• Vision
• Objectives
• Scope
  • 1. Identity Records
  • 2. Identity Workspace
  • 3. Browser Integration
  • 4. Local-First Security
• Authentication Evolution
• Relationship to Continuum Core
• Relationship to Nostr
• Existing Foundation
• Long-Term Vision
• Design Principles
  • Local First
  • Encrypted by Default
  • Identity-Centric
  • Protocol Agnostic
  • User Controlled
  • Extensible
  • Open Foundation
• Benefits
• Conclusion

§Architecture & Vision

Version: Draft 1.2
Date: June 2026

§Executive Summary

Continuum began as a local-first platform for managing sovereign identities, signing events, publishing content, and preserving user ownership through open protocols such as Nostr.

As the platform has evolved, a broader opportunity has emerged.

Individuals now maintain dozens—or even hundreds—of digital identities across banks, brokerages, healthcare providers, employers, government agencies, cloud applications, cryptocurrency platforms, developer services, and decentralized protocols.

Each identity exists in isolation, often requiring separate credentials, profile information, recovery procedures, notes, documents, and authentication methods.

Continuum Vault extends the Continuum Core platform by providing a unified, encrypted, local-first identity workspace where every digital relationship can be managed from a single location under the user’s control.

Continuum is built on a simple premise: identity should belong to the user rather than the applications they use. Everything else in this document follows from that principle.

Rather than treating passwords as the product, Continuum treats digital identities as first-class objects.

§Background

The modern Internet has become increasingly fragmented.

A typical user maintains accounts for:

• Banks
• Brokerages
• Employers
• Healthcare providers
• Government agencies
• Cloud applications
• Social networks
• Bitcoin wallets
• Nostr identities
• Developer platforms
• Subscription services
• Internal company portals

Each service introduces its own authentication mechanism, profile information, account history, recovery process, and supporting documentation.

Users frequently rely upon multiple disconnected tools including:

• Password managers
• Browser autofill
• Email archives
• Cloud storage
• Notes applications
• Bookmarks
• Memory

While each tool addresses part of the problem, none manages the complete relationship between a user and every digital service they use.

§Problem Statement

Traditional password managers focus primarily on one responsibility:

Remember my credentials.

Credentials, however, represent only one component of an online identity.

Every account often includes:

• Login URL
• Username
• Password
• Email address
• Phone number
• Recovery information
• Multi-factor authentication
• Security notes
• Documents
• Statements
• Contracts
• Attachments
• Support history
• Personal notes
• Historical activity

Managing this information across multiple applications creates unnecessary complexity and increases the likelihood of forgotten information, duplicated effort, and security mistakes.

§Vision

Continuum Vault provides a local-first identity workspace where every online account becomes an Identity Record.

An Identity Record represents the complete relationship between a user and a digital service.

Instead of organizing passwords, Continuum organizes identities.

§Objectives

The Continuum Vault project will:

• Provide unified identity management.
• Support both legacy and modern authentication methods.
• Integrate with the existing encrypted Continuum workspace.
• Extend the existing Continuum Browser Extension.
• Preserve complete user ownership through a local-first architecture.
• Eliminate unnecessary dependence on third-party cloud password managers.

§Scope

§1. Identity Records

Every online service becomes an Identity Record containing information such as:

• Display Name
• Login URL
• Username
• Password
• Email Address
• Phone Number
• Recovery Information
• Security Notes
• Attachments
• Tags
• Custom Metadata
• Historical Activity

Identity Records become first-class objects within Continuum.

§2. Identity Workspace

Each Identity Record may additionally contain:

• Notes
• Documents
• Statements
• Contracts
• Screenshots
• Configuration Details
• Recovery Files
• Service History
• Reminders
• Custom Metadata

The objective is to centralize everything associated with a digital relationship rather than storing information across multiple applications.

§3. Browser Integration

Continuum already includes an open-source Continuum Browser Signer that securely communicates with the local Continuum workspace for Nostr authentication.

Continuum Vault introduces a complementary Continuum Vault Extension focused on legacy website authentication and autofill.

While both extensions share common architectural principles, they serve different purposes and are intentionally designed as separate components. Separating these responsibilities reduces the permission scope of each extension while allowing both to evolve independently.

Typical workflow:

1. User selects an Identity Record within Continuum.
2. Continuum launches the associated login page.
3. The browser extension securely communicates with the local Continuum workspace.
4. The appropriate credentials are retrieved.
5. Login fields are automatically populated.

The browser extension is not intended to become a standalone password manager.

Continuum remains the authoritative source for identity information.

§4. Local-First Security

All sensitive information remains encrypted within the local Continuum workspace.

Credentials are decrypted only when required during authorized authentication workflows.

No cloud synchronization is required.

No third-party password storage is required.

Users retain complete ownership of their identity data.

§Authentication Evolution

Legacy username/password authentication represents only one authentication method supported by Continuum.

The architecture is designed to evolve alongside future authentication technologies.

Supported authentication methods may include:

• Username / Password
• Passkeys (WebAuthn/FIDO2)
• OAuth and OpenID Connect
• Enterprise Single Sign-On (SSO)
• API Keys and Access Tokens
• Nostr Event Signing
• Bitcoin Transaction Signing
• Lightning Authentication
• Challenge / Response Authentication
• Partner Application Authentication
• Future Decentralized Identity Standards

The authentication mechanism becomes an implementation detail.

The Identity Record remains constant.

§Relationship to Continuum Core

Continuum Vault is not intended to become a separate product.

It is a core capability of the Continuum platform.

Continuum Core
│
├── Identity Manager
├── Continuum Vault
├── Browser Signer
├── Vault Extension
├── Authentication
├── Documents
├── Notes
├── History
├── Publishing
├── Nostr
├── Bitcoin
└── Future Identity Providers

The Vault complements existing Continuum functionality rather than replacing it.

§Relationship to Nostr

Nostr remains a first-class identity provider within Continuum.

However, Continuum extends beyond any individual protocol.

Within Continuum, a Nostr identity becomes one type of Identity Record alongside traditional SaaS applications, financial institutions, healthcare providers, developer platforms, and future authentication systems.

This positions Continuum as a general-purpose identity platform rather than a protocol-specific client.

§Existing Foundation

Continuum Vault builds upon capabilities that already exist within Continuum today.

Current functionality includes:

• Local Encrypted Identity Workspace
• Multi-Identity Management
• Browser Extension
• Open-Source Browser Signing
• Nostr Authentication
• Remote Signing
• Local Browser-to-Workspace Communication
• Local-First Architecture

Continuum Vault extends these existing foundations rather than introducing an entirely new architecture.

The existing open-source Continuum Browser Signer already demonstrates secure browser-to-workspace communication for Nostr authentication. The Continuum Vault Extension builds upon many of the same architectural principles while remaining a separate component with its own security model and permission scope.

§Long-Term Vision

Continuum seeks to become the user’s trusted identity workspace.

Rather than maintaining separate applications for passwords, browser extensions, notes, decentralized identities, authentication, and future identity technologies, users manage every digital relationship from a single encrypted workspace under their own control.

The browser becomes an interface.

Applications become interchangeable interfaces rather than permanent homes for identity.

Identity remains with the user.

As new authentication technologies emerge, users should not be forced to migrate between identity managers. Instead, Continuum should evolve to support new authentication methods while preserving a consistent user experience centered around Identity Records.

§Design Principles

The Continuum Vault project is guided by the following principles.

§Local First

Identity data belongs to the user, not a cloud service.

§Encrypted by Default

Sensitive information remains encrypted at rest and is only decrypted during authorized authentication workflows.

§Identity-Centric

Continuum organizes relationships rather than simply storing credentials.

§Protocol Agnostic

Legacy SaaS applications, financial institutions, decentralized protocols, and future authentication systems are all treated as supported identity providers.

§User Controlled

Authentication occurs only under explicit user control.

The browser extension acts as a bridge between websites and the local Continuum workspace rather than functioning as an independent credential store.

§Extensible

The platform should support future authentication mechanisms without requiring fundamental architectural changes.

§Open Foundation

Continuum is designed around open standards and open protocols to maximize interoperability and user ownership.

The version of Continuum described in this document is not yet fully open source. My intention is to release Continuum as open source once the project reaches the milestone described on the Continuum website.

Until then, development continues in a private repository while the platform matures.

§Benefits

Continuum Vault provides users with:

• One place to manage every digital relationship.

• A single location for managing every digital identity.

• Secure local storage of credentials and identity metadata.

• Browser-assisted authentication for legacy websites.

• Historical notes and documentation associated with each identity.

• Reduced dependence upon cloud-based password managers.

• A migration path toward sovereign identity and future authentication methods.

• A consistent user experience across both legacy and decentralized applications.

§Conclusion

Continuum Vault represents a natural evolution of the Continuum platform.

By combining identity management, browser integration, authentication, documentation, historical context, and local-first security into a unified workspace, Continuum moves beyond password management toward comprehensive digital identity management.

Legacy username/password authentication is simply the first step.

The long-term objective is to provide a single platform capable of managing identities across both today’s Internet and the decentralized systems of tomorrow.

Rather than asking users to manage passwords, passkeys, Nostr identities, Bitcoin wallets, browser extensions, and future authentication technologies independently, Continuum seeks to provide a unified identity workspace where every digital relationship remains under the user’s ownership and control.

Identity should belong to the user—not the application.

Continuum is a local-first identity workspace, and Nostr is one of the identity systems it supports.