Implementing session persistence (save_session, load_client, save_config, load_config) + identity management (save_identity, load_identity, ensure_identity). Keypair stored as plaintext X25519 in ~/.config/opake/identity.json. Seed-phrase derivation is future work.
Architectural decision needed before implementation: multi-device key management strategy. Three options under consideration (documented in CLAUDE.md decision #7):
(A) Key export/import — manual transfer of encrypted private key between devices. Simplest to build, worst UX. (B) Multi-device keys — each device gets its own keypair registered in the DID doc, content keys re-wrapped to all device keys. Most secure, no key material leaves a device. (C) Recovery seed — BIP-39-style mnemonic derives the keypair deterministically. Best UX, highest blast radius if seed leaks.
UX is the deciding factor. This choice shapes the entire keystore design — needs to be settled before #9 work begins.