diff --git a/DESIGN.md b/DESIGN.md
index d735414..b247849 100644
--- a/DESIGN.md
+++ b/DESIGN.md
@@ -424,15 +424,24 @@ warzone.wasm      # browser client (via wasm-pack)
 - [x] OTP key replenishment
 - [x] Fetch-and-delete delivery
 - [x] 17 protocol tests
-- [ ] **WebSocket real-time push** (replace HTTP polling with instant delivery)
+- [x] WASM bridge for web↔CLI interop (same crypto on both clients)
 
 ### Phase 2 — Core Messaging
+- [ ] WebSocket real-time push (replace HTTP polling with instant delivery)
 - [ ] Delivery receipts (sent, delivered, read)
 - [ ] File transfer (chunked, encrypted)
 - [ ] Multi-device support (device list signed by identity key)
 - [ ] Sender Keys for group encryption (replace per-member fan-out)
 - [ ] Group management (kick, leave, key rotation)
 - [ ] Message ordering and deduplication
+- [ ] Ethereum-compatible identity (dual-curve: secp256k1 + X25519 from same BIP39 seed)
+  - Fingerprint = Ethereum address (Keccak-256 of secp256k1 pubkey)
+  - BIP44 paths: m/44'/60'/0'/0/0 (Ethereum), m/44'/1234'/0' (Warzone X25519)
+  - MetaMask/Rabby wallet connect (sign challenge → derive session)
+  - Hardware wallet support via existing secp256k1 (Ledger/Trezor)
+  - ENS domain resolution (@vitalik.eth → 0xd8dA... → Warzone identity)
+  - Crates: k256, tiny-keccak, ethers-rs/alloy for ENS resolution
+  - Session key delegation from hardware wallet (sign once per 30 days)
 - [ ] TUI client (ratatui)
 - [ ] Web client (WASM)