diff --git a/.github/workflows/vetkeys-encrypted-notes-app-vetkd.yml b/.github/workflows/vetkeys-encrypted-notes-app-vetkd.yml
new file mode 100644
index 000000000..8751b25d9
--- /dev/null
+++ b/.github/workflows/vetkeys-encrypted-notes-app-vetkd.yml
@@ -0,0 +1,36 @@
+name: vetkeys-encrypted-notes-app-vetkd
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths:
+      - rust/vetkeys/encrypted_notes_app_vetkd/**
+      - .github/workflows/vetkeys-encrypted-notes-app-vetkd.yml
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  rust:
+    runs-on: ubuntu-24.04
+    container: ghcr.io/dfinity/icp-dev-env-rust:0.1.0
+    env:
+      ICP_CLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Deploy Encrypted Notes App Vetkd Rust
+        working-directory: rust/vetkeys/encrypted_notes_app_vetkd/rust
+        run: icp network start -d && icp deploy
+  motoko:
+    runs-on: ubuntu-24.04
+    container: ghcr.io/dfinity/icp-dev-env-motoko:0.1.0
+    env:
+      ICP_CLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Deploy Encrypted Notes App Vetkd Motoko
+        working-directory: rust/vetkeys/encrypted_notes_app_vetkd/motoko
+        run: icp network start -d && icp deploy
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/README.md b/rust/vetkeys/encrypted_notes_app_vetkd/README.md
similarity index 50%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/README.md
rename to rust/vetkeys/encrypted_notes_app_vetkd/README.md
index 01d63e3ea..0effa17d9 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/README.md
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/README.md
@@ -1,58 +1,82 @@
 # Encrypted notes: vetKD
 
+<!--
+ICP Ninja links removed: icp.ninja support requires dfx which is no longer used in this example.
 | Motoko backend | [![](https://icp.ninja/assets/open.svg)](http://icp.ninja/editor?g=https://github.com/dfinity/examples/tree/master/rust/vetkeys/encrypted_notes_dapp_vetkd/motoko)|
 | --- | --- |
 | Rust backend | [![](https://icp.ninja/assets/open.svg)](http://icp.ninja/editor?g=https://github.com/dfinity/examples/tree/master/rust/vetkeys/encrypted_notes_dapp_vetkd/rust) |
+-->
 
-Encrypted notes is an example dapp for authoring and storing confidential information on the Internet Computer (ICP) in the form of short pieces of text. Users can create and access their notes via any number of automatically synchronized devices authenticated via Internet Identity (II). Notes are stored confidentially using vetKeys. The end-to-end encryption is performed by the dapp’s frontend.
+Encrypted notes is an example dapp for authoring and storing confidential information on the Internet Computer (ICP) in the form of short pieces of text. Users can create and access their notes via any number of automatically synchronized devices authenticated via Internet Identity (II). Notes are stored confidentially using vetKeys. The end-to-end encryption is performed by the dapp's frontend.
 
 In particular, the notes are encrypted with an AES key that is derived (directly in the browser) from a note-ID-specific vetKey obtained from the backend canister (in encrypted form, using an ephemeral transport key), which itself obtains it from the vetKD system API. This way, there is no need for any device management in the dapp, plus sharing of notes becomes possible.
 
-The vetKey used to encrypt and decrypt a note is note-ID-specific (and not, for example, principal-specific) to enable the sharing of notes between users. The derived AES keys are stored as non-extractable CryptoKeys in an IndexedDB in the browser for efficiency so that their respective vetKey only has to be fetched from the server once. To improve the security even further, the vetKeys' derivation information could be adapted to include a (numeric) epoch that advances each time the list of users with which the note is shared is changed.
+The vetKey used to encrypt and decrypt a note is note-ID-specific (and not, for example, principal-specific) to enable the sharing of notes between users. The derived AES keys are stored as non-extractable CryptoKeys in an IndexedDB in the browser for efficiency so that their respective vetKey only has to be fetched from the server once.
 
 ## Prerequisites
 
-This example requires an installation of:
-
-- [x] Install the [IC SDK](https://internetcomputer.org/docs/current/developer-docs/setup/install/index.mdx).
+- [x] Install the [ICP CLI](https://cli.internetcomputer.org).
 - [x] Install [npm](https://www.npmjs.com/package/npm).
 
-### (Optionally) Choose a Different Master Key
+## Folder Structure
 
-This example uses `test_key_1` by default. To use a different [available master key](https://internetcomputer.org/docs/building-apps/network-features/vetkeys/api#available-master-keys), change the `"init_arg": "(\"test_key_1\")"` line in `dfx.json` to the desired key before running `dfx deploy` in the next step.
+This example provides both a **Rust** and a **Motoko** backend, sharing a common `frontend/`:
+
+```
+encrypted_notes_app_vetkd/
+├── frontend/   ← shared frontend (symlinked into rust/ and motoko/)
+├── motoko/     ← Motoko backend + icp.yaml
+└── rust/       ← Rust backend + icp.yaml
+```
 
 ## Deploy the Canisters Locally
 
-If you want to deploy this project locally with a Motoko backend, then run:
+Deploy with the **Motoko** backend:
+```bash
+cd motoko
+icp network start -d && icp deploy
+```
+
+Or deploy with the **Rust** backend:
 ```bash
-dfx start --background && dfx deploy
+cd rust
+icp network start -d && icp deploy
 ```
-from the `motoko` folder.
 
-To use the Rust backend instead of Motoko, run the same command in the rust folder.
+## Running the Frontend in Development Mode
+
+After deploying, run from the `frontend` folder:
+```bash
+cd frontend
+npm run dev:motoko   # if you deployed the Motoko backend
+# or
+npm run dev:rust     # if you deployed the Rust backend
+```
 
 ## Example Components
 
 ### Backend
 
-The backend consists of a canister that stores encrypted notes. It is automatically deployed with `dfx deploy`.
+The backend consists of a canister that stores encrypted notes. It is automatically deployed with `icp deploy`.
 
 ### Frontend
 
 The frontend is a **Svelte** application providing a user-friendly interface for managing encrypted notes.
 
-To run the frontend in development mode with hot reloading (after running `dfx deploy`):
-
-```bash
-npm run dev
-```
-
 ## Limitations
 
 This example dapp does not implement key rotation, which is strongly recommended in a production environment.
-Key rotation involves periodically changing encryption keys and re-encrypting data to enhance security.
-In a production dapp, key rotation would be useful to limit the impact of potential key compromise if a malicious party gains access to a key, or to limit access when users are added or removed from note sharing.
 
 ## Troubleshooting
 
-If you run into issues, clearing all the application-specific IndexedDBs in the browser (which are used to store Internet Identity information and the derived non-extractable AES keys) might help fix the issue. For example in Chrome, go to Inspect → Application → Local Storage → `http://localhost:3000/` → Clear All, and then reload.
+If you run into issues, clearing all the application-specific IndexedDBs in the browser might help. For example in Chrome, go to Inspect → Application → Local Storage → Clear All, and then reload.
+
+## API Level
+
+This example intentionally uses the **raw VetKD management canister API** (`encrypted_symmetric_key_for_note`, `symmetric_key_verification_key_for_note`) to demonstrate how VetKD works at the protocol level.
+
+For most applications, the higher-level [`EncryptedMaps`](https://github.com/dfinity/vetkeys/tree/main/frontend/ic_vetkeys/src/encrypted_maps) abstraction from `@icp-sdk/vetkeys` is the recommended approach — it handles key derivation, caching, and access control internally without requiring a custom crypto layer. See the [**VetKD Password Manager**](../password_manager/) and [**VetKD Password Manager with Metadata**](../password_manager_with_metadata/) examples for how `EncryptedMaps` is used in practice.
+
+## Additional Resources
+
+- **[What are VetKeys](https://docs.internetcomputer.org/concepts/vetkeys)** - For more information about VetKeys and VetKD.
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/.npmrc b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/.npmrc
new file mode 100644
index 000000000..521a9f7c0
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/.npmrc
@@ -0,0 +1 @@
+legacy-peer-deps=true
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/index.html b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/index.html
similarity index 67%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/index.html
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/index.html
index abc12ca3b..a494e91ea 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/index.html
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/index.html
@@ -3,14 +3,10 @@
   <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width,initial-scale=1" />
-
     <title>Encrypted Notes</title>
-
     <link rel="icon" type="image/png" href="/favicon.png" />
-    <link rel="stylesheet" href="/build/bundle.css" />
-
-    <script defer src="/build/main.js"></script>
   </head>
-
-  <body></body>
+  <body>
+    <script type="module" src="/src/main.ts"></script>
+  </body>
 </html>
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/package.json b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/package.json
new file mode 100644
index 000000000..96ba0925a
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/package.json
@@ -0,0 +1,39 @@
+{
+    "name": "encrypted-notes-frontend",
+    "private": true,
+    "version": "0.0.0",
+    "type": "module",
+    "scripts": {
+        "dev": "printf '\\nNo backend specified. Use one of:\\n\\n  npm run dev:motoko\\n  npm run dev:rust\\n\\n' && exit 1",
+        "dev:motoko": "npm run build:bindings && BACKEND=motoko vite",
+        "dev:rust": "npm run build:bindings && BACKEND=rust vite",
+        "build": "npm run build:bindings && vite build",
+        "build:bindings": "cd scripts && ./gen_bindings.sh",
+        "preview": "vite preview",
+        "check": "svelte-check --tsconfig ./tsconfig.json"
+    },
+    "devDependencies": {
+        "@sveltejs/vite-plugin-svelte": "^3.0.2",
+        "@tsconfig/svelte": "^5.0.4",
+        "@types/node": "^24.0.10",
+        "autoprefixer": "^10.4.2",
+        "postcss": "^8.4.31",
+        "svelte": "^4.2.19",
+        "svelte-check": "^3.8.6",
+        "tailwindcss": "^3.0.17",
+        "tslib": "^2.8.1",
+        "typescript": "~5.7.2",
+        "vite": "^5.4.21"
+    },
+    "dependencies": {
+        "@icp-sdk/auth": "^7.1.0",
+        "@icp-sdk/core": "^5.4.0",
+        "@icp-sdk/vetkeys": "^0.5.0-beta.0",
+        "daisyui": "^1.25.4",
+        "idb-keyval": "6.2.1",
+        "isomorphic-dompurify": "^2.25.0",
+        "svelte-icons": "^2.1.0",
+        "svelte-spa-router": "^4.0.1",
+        "typewriter-editor": "^0.6.45"
+    }
+}
\ No newline at end of file
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/postcss.config.mjs b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/postcss.config.mjs
new file mode 100644
index 000000000..8409575db
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/postcss.config.mjs
@@ -0,0 +1,6 @@
+import tailwindcss from 'tailwindcss';
+import autoprefixer from 'autoprefixer';
+
+export default {
+  plugins: [tailwindcss(), autoprefixer()],
+};
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/.ic-assets.json5 b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/.ic-assets.json5
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/.ic-assets.json5
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/.ic-assets.json5
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/favicon.png b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/favicon.png
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/favicon.png
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/favicon.png
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/img/ic-badge-powered-by-crypto_label-stripe-dark-text.png b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/img/ic-badge-powered-by-crypto_label-stripe-dark-text.png
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/img/ic-badge-powered-by-crypto_label-stripe-dark-text.png
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/img/ic-badge-powered-by-crypto_label-stripe-dark-text.png
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/img/ic-badge-powered-by-crypto_label-stripe-white-text.png b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/img/ic-badge-powered-by-crypto_label-stripe-white-text.png
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/img/ic-badge-powered-by-crypto_label-stripe-white-text.png
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/img/ic-badge-powered-by-crypto_label-stripe-white-text.png
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/img/ic-badge-powered-by-crypto_transparent-dark-text.png b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/img/ic-badge-powered-by-crypto_transparent-dark-text.png
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/img/ic-badge-powered-by-crypto_transparent-dark-text.png
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/img/ic-badge-powered-by-crypto_transparent-dark-text.png
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/img/ic-badge-powered-by-crypto_transparent-white-text.png b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/img/ic-badge-powered-by-crypto_transparent-white-text.png
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/public/img/ic-badge-powered-by-crypto_transparent-white-text.png
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/public/img/ic-badge-powered-by-crypto_transparent-white-text.png
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/scripts/gen_bindings.sh b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/scripts/gen_bindings.sh
new file mode 100755
index 000000000..895b957ab
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/scripts/gen_bindings.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+set -eu
+
+# Resolve the script's physical location so we work correctly even when the
+# icp CLI has symlinked `frontend/` into a backend subdirectory for the build.
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
+FRONTEND_DIR="$(dirname "$SCRIPT_DIR")"
+EXAMPLE_ROOT="$(dirname "$FRONTEND_DIR")"
+
+# Bindings are always generated from the Rust backend since both backends
+# expose the same Candid interface.
+
+rm -rf "$FRONTEND_DIR/src/declarations/encrypted_notes"
+mkdir -p "$FRONTEND_DIR/src/declarations/encrypted_notes"
+npx --yes @icp-sdk/bindgen \
+    --did-file "$EXAMPLE_ROOT/rust/backend/src/encrypted_notes_rust.did" \
+    --out-dir "$FRONTEND_DIR/src/declarations/encrypted_notes" \
+    --declarations-flat --force
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/App.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/App.svelte
similarity index 78%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/App.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/App.svelte
index 3c24748b1..b3b5d6eec 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/App.svelte
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/App.svelte
@@ -12,8 +12,3 @@
 {/if}
 <Notifications />
 
-<style lang="postcss" global>
-  @tailwind base;
-  @tailwind components;
-  @tailwind utilities;
-</style>
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/app.css b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/app.css
new file mode 100644
index 000000000..b5c61c956
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/app.css
@@ -0,0 +1,3 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Disclaimer.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Disclaimer.svelte
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Disclaimer.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Disclaimer.svelte
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/DisclaimerCopy.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/DisclaimerCopy.svelte
new file mode 100644
index 000000000..2bf836e94
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/DisclaimerCopy.svelte
@@ -0,0 +1,3 @@
+<strong>Disclaimer:</strong> This sample app is intended exclusively for experimental
+purpose. You are advised not to use this app for storing your critical data such
+as keys or passwords.
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/EditNote.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/EditNote.svelte
similarity index 91%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/EditNote.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/EditNote.svelte
index a5ef18c09..5a905db97 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/EditNote.svelte
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/EditNote.svelte
@@ -1,8 +1,8 @@
 <script lang="ts">
-  import { navigateTo } from 'svelte-router-spa';
-  import type { CurrentRoute } from 'svelte-router-spa/types/components/route';
+  import { push } from 'svelte-spa-router';
   import { Editor, placeholder } from 'typewriter-editor';
-  import { extractTitle, NoteModel } from '../lib/note';
+  import { extractTitle } from '../lib/note';
+  import type { NoteModel } from '../lib/note';
   import { notesStore, refreshNotes, updateNote, addUser, removeUser } from '../store/notes';
   import Header from './Header.svelte';
   import NoteEditor from './NoteEditor.svelte';
@@ -14,7 +14,7 @@
   import Spinner from './Spinner.svelte';
   import DOMPurify from 'isomorphic-dompurify';
 
-  export let currentRoute: CurrentRoute;
+  export let params: { id?: string } = {};
 
   let editedNote: NoteModel;
   let editor: Editor;
@@ -69,7 +69,7 @@
           type: 'success',
           message: 'Note deleted successfully',
         });
-        navigateTo('/notes');
+        push('/notes');
       });
   }
 
@@ -85,13 +85,13 @@
     if ($auth.state !== 'initialized') {
       throw new Error('expected the auth.state to be initialized');
     }
-    return $auth.client.getIdentity().getPrincipal().toString();
+    return $auth.principal.toString();
   }
 
   $: {
     if ($notesStore.state === 'loaded' && !editedNote) {
       const note = $notesStore.list.find(
-        (note) => note.id.toString() === currentRoute.namedParams.id
+        (note) => note.id.toString() === params.id
       );
 
       if (note) {
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Header.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Header.svelte
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Header.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Header.svelte
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Hero.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Hero.svelte
similarity index 95%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Hero.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Hero.svelte
index c88799230..19aa54e29 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Hero.svelte
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Hero.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
-  import { AuthState, login } from '../store/auth';
+  import { login } from '../store/auth';
+  import type { AuthState } from '../store/auth';
   import DisclaimerCopy from './DisclaimerCopy.svelte';
   import Spinner from './Spinner.svelte';
 
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/LayoutAuthenticated.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/LayoutAuthenticated.svelte
similarity index 50%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/LayoutAuthenticated.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/LayoutAuthenticated.svelte
index cb2624f25..acf0e17c7 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/LayoutAuthenticated.svelte
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/LayoutAuthenticated.svelte
@@ -1,24 +1,16 @@
 <script lang="ts">
-  import { Router } from 'svelte-router-spa';
+  import Router from 'svelte-spa-router';
   import '../store/notes';
   import EditNote from './EditNote.svelte';
   import NewNote from './NewNote.svelte';
   import Notes from './Notes.svelte';
   import SidebarLayout from './SidebarLayout.svelte';
 
-  const routes = [
-    {
-      name: '/',
-      component: NewNote,
-    },
-    {
-      name: '/notes',
-      nestedRoutes: [
-        { name: 'index', component: Notes },
-        { name: 'edit/:id', component: EditNote },
-      ],
-    },
-  ];
+  const routes = {
+    '/': NewNote,
+    '/notes': Notes,
+    '/notes/:id': EditNote,
+  };
 </script>
 
 <SidebarLayout>
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/NewNote.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/NewNote.svelte
similarity index 98%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/NewNote.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/NewNote.svelte
index 5901ed075..31e71eda2 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/NewNote.svelte
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/NewNote.svelte
@@ -27,7 +27,7 @@
     }
     creating = true;
     await addNote(
-      noteFromContent(DOMPurify.sanitize(editor.getHTML()), tags, $auth.client.getIdentity().getPrincipal()),
+      noteFromContent(DOMPurify.sanitize(editor.getHTML()), tags, $auth.principal),
       $auth.actor,
       $auth.crypto
     )
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Note.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Note.svelte
similarity index 89%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Note.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Note.svelte
index 9b1f9ee78..bec2d02a8 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Note.svelte
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Note.svelte
@@ -1,7 +1,8 @@
 <script lang="ts">
   import { createEventDispatcher } from 'svelte';
 
-  import { NoteModel, summarize } from '../lib/note';
+  import { summarize } from '../lib/note';
+  import type { NoteModel } from '../lib/note';
 
   export let note: NoteModel;
 
@@ -14,7 +15,7 @@
 
 <a
   class="p-4 rounded-md border border-base-300 dark:border-base-300  bg-base dark:bg-base-100 hover:-translate-y-2 transition-transform"
-  href={`/notes/edit/${note.id}`}
+  href={`#/notes/${note.id}`}
 >
   <div class="pointer-events-none">
     <h2 class="text-lg font-bold mb-2 line-clamp-3">
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/NoteEditor.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/NoteEditor.svelte
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/NoteEditor.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/NoteEditor.svelte
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Notes.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Notes.svelte
similarity index 94%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Notes.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Notes.svelte
index fd1fdaf37..7b142660a 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Notes.svelte
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Notes.svelte
@@ -36,7 +36,7 @@
   <span slot="title"> Your notes </span>
   <svelte:fragment slot="actions">
     {#if $notesStore.state === 'loaded' && $notesStore.list.length > 0}
-      <a class="btn btn-primary" href="/">New Note</a>
+      <a class="btn btn-primary" href="#/">New Note</a>
     {/if}
   </svelte:fragment>
 </Header>
@@ -66,7 +66,7 @@
     {:else}
       <div class="text-center pt-8 italic">You don't have any notes.</div>
       <div class="text-center pt-8 ">
-        <a href="/" class="btn btn-primary">Add a note</a>
+        <a href="#/" class="btn btn-primary">Add a note</a>
       </div>
     {/if}
   {:else if $notesStore.state === 'error'}
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Notifications.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Notifications.svelte
similarity index 81%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Notifications.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Notifications.svelte
index 8ea937899..85528b1d1 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Notifications.svelte
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Notifications.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
-  import { Notification, notifications } from '../store/notifications';
+  import { notifications } from '../store/notifications';
+  import type { Notification } from '../store/notifications';
   import { fly, fade } from 'svelte/transition';
 
   const classMap: Record<Notification['type'], string> = {
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/SharingEditor.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/SharingEditor.svelte
similarity index 98%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/SharingEditor.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/SharingEditor.svelte
index 15fa4ed2f..086758bab 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/SharingEditor.svelte
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/SharingEditor.svelte
@@ -1,5 +1,5 @@
 <script lang="ts">
-  import { NoteModel } from '../lib/note';
+  import type { NoteModel } from '../lib/note';
   import { auth } from '../store/auth';
   import { addUser, refreshNotes, removeUser } from '../store/notes';
   import { addNotification, showError } from '../store/notifications';
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/SidebarLayout.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/SidebarLayout.svelte
similarity index 94%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/SidebarLayout.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/SidebarLayout.svelte
index 1dcbd41f7..d6d27f2bf 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/SidebarLayout.svelte
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/SidebarLayout.svelte
@@ -27,13 +27,13 @@
       </div>
       <div class="border-b">
         <div class="pl-4">My Principal:</div>
-        <div class="pl-4">{$auth.client.getIdentity().getPrincipal()}</div>
+        <div class="pl-4">{$auth.principal}</div>
       </div>
       <ul
         class="p-4 overflow-y-auto menu w-full bg-base-100 flex-1 flex flex-col"
       >
         <li>
-          <a href="/">
+          <a href="#/">
             <span class="w-6 h-6 p-1 mr-2">
               <FaPlusSquare />
             </span>
@@ -41,7 +41,7 @@
           </a>
         </li>
         <li>
-          <a href="/notes">
+          <a href="#/notes">
             <span class="w-6 h-6 p-1 mr-2">
               <FaBook />
             </span>
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Spinner.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Spinner.svelte
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/Spinner.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/Spinner.svelte
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/TagEditor.svelte b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/TagEditor.svelte
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/TagEditor.svelte
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/components/TagEditor.svelte
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/global.d.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/global.d.ts
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/global.d.ts
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/global.d.ts
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/actor.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/actor.ts
new file mode 100644
index 000000000..b29294c5c
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/actor.ts
@@ -0,0 +1,19 @@
+import { HttpAgent } from "@icp-sdk/core/agent";
+import { safeGetCanisterEnv } from "@icp-sdk/core/agent/canister-env";
+import { createActor as createEncryptedNotesActor, type Backend } from "../declarations/encrypted_notes/encrypted_notes_rust";
+
+export type BackendActor = Backend;
+
+const canisterEnv = safeGetCanisterEnv<{
+  "PUBLIC_CANISTER_ID:encrypted_notes": string;
+}>();
+
+export async function createActor(options?: { identity?: any }): Promise<BackendActor> {
+  const canisterId = canisterEnv?.["PUBLIC_CANISTER_ID:encrypted_notes"];
+  const agent = await HttpAgent.create({
+    identity: options?.identity,
+    host: window.location.origin,
+    rootKey: canisterEnv?.IC_ROOT_KEY,
+  });
+  return createEncryptedNotesActor(canisterId, { agent });
+}
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/crypto.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/crypto.ts
new file mode 100644
index 000000000..15c94c15e
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/crypto.ts
@@ -0,0 +1,78 @@
+import type { BackendActor } from './actor';
+import { get, set } from 'idb-keyval';
+import * as vetkd from "@icp-sdk/vetkeys";
+
+export class CryptoService {
+  private keyMaterialCache = new Map<string, vetkd.DerivedKeyMaterial>();
+
+  constructor(private actor: BackendActor) {}
+
+  public async encryptWithNoteKey(note_id: bigint, owner: string, data: string): Promise<string> {
+    const keyMaterial = await this.fetchNoteKeyMaterial(note_id, owner);
+    const associatedData = buildInput(note_id, owner);
+    const encrypted = await keyMaterial.encryptMessage(data, "note-key", associatedData);
+    return String.fromCharCode(...encrypted);
+  }
+
+  public async decryptWithNoteKey(note_id: bigint, owner: string, data: string): Promise<string> {
+    const keyMaterial = await this.fetchNoteKeyMaterial(note_id, owner);
+    const associatedData = buildInput(note_id, owner);
+    const ciphertext = Uint8Array.from([...data].map(ch => ch.charCodeAt(0)));
+    const decrypted = await keyMaterial.decryptMessage(ciphertext, "note-key", associatedData);
+    return String.fromCharCode(...decrypted);
+  }
+
+  private async fetchNoteKeyMaterial(note_id: bigint, owner: string): Promise<vetkd.DerivedKeyMaterial> {
+    const cacheKey = `${note_id}_${owner}`;
+
+    // 1. In-memory cache (fastest, session-scoped)
+    const memCached = this.keyMaterialCache.get(cacheKey);
+    if (memCached) return memCached;
+
+    // 2. IndexedDB cache (persisted across sessions via getCryptoKey/fromCryptoKey)
+    const storedCryptoKey: CryptoKey | undefined = await get([note_id.toString(), owner]);
+    if (storedCryptoKey) {
+      const keyMaterial = await vetkd.DerivedKeyMaterial.fromCryptoKey(storedCryptoKey);
+      this.keyMaterialCache.set(cacheKey, keyMaterial);
+      return keyMaterial;
+    }
+
+    // 3. Fetch from canister (first access)
+    const tsk = vetkd.TransportSecretKey.random();
+    const ek_bytes_hex = await this.actor.encrypted_symmetric_key_for_note(note_id, tsk.publicKeyBytes());
+    const encryptedVetKey = vetkd.EncryptedVetKey.deserialize(hex_decode(ek_bytes_hex));
+    const pk_bytes_hex = await this.actor.symmetric_key_verification_key_for_note();
+    const dpk = vetkd.DerivedPublicKey.deserialize(hex_decode(pk_bytes_hex));
+    const input = buildInput(note_id, owner);
+    const vetKey = encryptedVetKey.decryptAndVerify(tsk, dpk, input);
+    const keyMaterial = await vetKey.asDerivedKeyMaterial();
+
+    // Store the underlying non-extractable CryptoKey in IndexedDB (same pattern as EncryptedMaps)
+    await set([note_id.toString(), owner], keyMaterial.getCryptoKey());
+    this.keyMaterialCache.set(cacheKey, keyMaterial);
+    return keyMaterial;
+  }
+}
+
+function buildInput(note_id: bigint, owner: string): Uint8Array {
+  const note_id_bytes = bigintTo128BitBigEndianUint8Array(note_id);
+  const owner_utf8 = new TextEncoder().encode(owner);
+  const input = new Uint8Array(note_id_bytes.length + owner_utf8.length);
+  input.set(note_id_bytes);
+  input.set(owner_utf8, note_id_bytes.length);
+  return input;
+}
+
+const hex_decode = (hexString: string) =>
+  Uint8Array.from(hexString.match(/.{1,2}/g)!.map((byte) => parseInt(byte, 16)));
+
+function bigintTo128BitBigEndianUint8Array(bn: bigint): Uint8Array {
+  var hex = BigInt(bn).toString(16);
+  while (hex.length < 32) { hex = '0' + hex; }
+  var len = hex.length / 2;
+  var u8 = new Uint8Array(len);
+  for (var i = 0, j = 0; i < len; i++, j += 2) {
+    u8[i] = parseInt(hex.slice(j, j + 2), 16);
+  }
+  return u8;
+}
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/enums.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/enums.ts
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/enums.ts
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/enums.ts
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/note.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/note.ts
similarity index 94%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/note.ts
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/note.ts
index 50a4d5959..10d6598c4 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/note.ts
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/note.ts
@@ -1,6 +1,6 @@
-import type { EncryptedNote } from '../lib/backend';
+import type { EncryptedNote } from '../declarations/encrypted_notes/backend.did';
 import type { CryptoService } from './crypto';
-import type { Principal } from '@dfinity/principal';
+import type { Principal } from '@icp-sdk/core/principal';
 
 export interface NoteModel {
   id: bigint;
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/sleep.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/sleep.ts
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/sleep.ts
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/lib/sleep.ts
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/main.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/main.ts
similarity index 86%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/main.ts
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/main.ts
index 3108e9002..75e6d2f70 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/main.ts
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/main.ts
@@ -1,3 +1,4 @@
+import "./app.css";
 import App from "./App.svelte";
 
 const init = async () => {
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/store/auth.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/store/auth.ts
new file mode 100644
index 000000000..88f138897
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/store/auth.ts
@@ -0,0 +1,132 @@
+import { get, writable } from "svelte/store";
+import { type BackendActor, createActor } from "../lib/actor";
+import { AuthClient, LocalStorage } from "@icp-sdk/auth/client";
+import type { Principal } from "@icp-sdk/core/principal";
+import { CryptoService } from "../lib/crypto";
+import { showError } from "./notifications";
+import { push } from "svelte-spa-router";
+
+export type AuthState =
+  | { state: "initializing-auth" }
+  | { state: "anonymous"; actor: BackendActor; client: AuthClient }
+  | { state: "initializing-crypto"; actor: BackendActor; client: AuthClient; principal: Principal }
+  | { state: "synchronizing"; actor: BackendActor; client: AuthClient; principal: Principal }
+  | {
+      state: "initialized";
+      actor: BackendActor;
+      client: AuthClient;
+      principal: Principal;
+      crypto: CryptoService;
+    }
+  | { state: "error"; error: string };
+
+export const auth = writable<AuthState>({ state: "initializing-auth" });
+
+async function initAuth() {
+  const isLocal =
+    window.location.hostname === "localhost" ||
+    window.location.hostname.endsWith(".localhost");
+  // Workaround for https://github.com/dfinity/icp-js-auth/issues/120
+  // IdbStorage has a race condition on localhost dev servers. LocalStorage
+  // avoids IDB on local but uses plain string storage (less secure), so
+  // production deployments keep the default secure IdbStorage + ECDSA key.
+  const client = new AuthClient({
+    identityProvider: isLocal
+      ? "http://id.ai.localhost:8000/authorize"
+      : "https://id.ai/authorize",
+    ...(isLocal
+      ? { storage: new LocalStorage(), keyType: "Ed25519" as const }
+      : {}),
+  });
+  if (client.isAuthenticated()) {
+    authenticate(client);
+  } else {
+    const actor = await createActor();
+    auth.update(() => ({
+      state: "anonymous",
+      actor,
+      client,
+    }));
+  }
+}
+
+initAuth();
+
+export async function login() {
+  const currentAuth = get(auth);
+
+  if (currentAuth.state === "anonymous") {
+    await currentAuth.client.signIn();
+    authenticate(currentAuth.client);
+  }
+}
+
+export async function logout() {
+  const currentAuth = get(auth);
+
+  if (currentAuth.state === "initialized") {
+    await currentAuth.client.signOut();
+    const actor = await createActor();
+    auth.update(() => ({
+      state: "anonymous",
+      actor,
+      client: currentAuth.client,
+    }));
+    push("/");
+  }
+}
+
+export async function authenticate(client: AuthClient) {
+  handleSessionTimeout();
+
+  try {
+    const identity = await client.getIdentity();
+    const principal = identity.getPrincipal();
+    const actor = await createActor({ identity });
+
+    auth.update(() => ({
+      state: "initializing-crypto",
+      actor,
+      client,
+      principal,
+    }));
+
+    const cryptoService = new CryptoService(actor);
+
+    auth.update(() => ({
+      state: "initialized",
+      actor,
+      client,
+      principal,
+      crypto: cryptoService,
+    }));
+  } catch (e: any) {
+    auth.update(() => ({
+      state: "error",
+      error: e.message || "An error occurred",
+    }));
+  }
+}
+
+function handleSessionTimeout() {
+  setTimeout(() => {
+    try {
+      const delegation = JSON.parse(
+        window.localStorage.getItem("ic-delegation") ?? "null",
+      ) as {
+        delegations: Array<{ delegation: { expiration: string } }>;
+      } | null;
+      if (!delegation) return;
+
+      const expirationTimeMs =
+        Number.parseInt(delegation.delegations[0].delegation.expiration, 16) /
+        1000000;
+
+      setTimeout(() => {
+        logout();
+      }, expirationTimeMs - Date.now());
+    } catch {
+      console.error("Could not handle delegation expiry.");
+    }
+  });
+}
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/store/draft.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/store/draft.ts
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/store/draft.ts
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/store/draft.ts
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/store/notes.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/store/notes.ts
similarity index 97%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/store/notes.ts
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/store/notes.ts
index 9c2995342..cdf9dd871 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/store/notes.ts
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/store/notes.ts
@@ -2,7 +2,8 @@ import { writable } from 'svelte/store';
 import type { BackendActor } from '../lib/actor';
 import type { EncryptedNote } from '../lib/backend';
 import type { CryptoService } from '../lib/crypto';
-import { deserialize, NoteModel, serialize } from '../lib/note';
+import { deserialize, serialize } from '../lib/note';
+import type { NoteModel } from '../lib/note';
 import { auth } from './auth';
 import { showError } from './notifications';
 
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/store/notifications.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/store/notifications.ts
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/store/notifications.ts
rename to rust/vetkeys/encrypted_notes_app_vetkd/frontend/src/store/notifications.ts
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/svelte.config.js b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/svelte.config.js
new file mode 100644
index 000000000..8abe4369b
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/svelte.config.js
@@ -0,0 +1,5 @@
+import { vitePreprocess } from '@sveltejs/vite-plugin-svelte'
+
+export default {
+  preprocess: vitePreprocess(),
+}
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/tailwind.config.mjs b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/tailwind.config.mjs
new file mode 100644
index 000000000..6d6be576b
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/tailwind.config.mjs
@@ -0,0 +1,13 @@
+import daisyui from 'daisyui';
+
+export default {
+  content: [
+    './index.html',
+    './src/**/*.svelte',
+    './src/**/*.ts',
+  ],
+  theme: {
+    extend: {},
+  },
+  plugins: [daisyui],
+};
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/tsconfig.json b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/tsconfig.json
new file mode 100644
index 000000000..4365ffeb0
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/tsconfig.json
@@ -0,0 +1,5 @@
+{
+  "extends": "@tsconfig/svelte/tsconfig.json",
+  "include": ["src/**/*", "index.html"],
+  "exclude": ["node_modules/*", "public/*", "src/declarations/**/*"]
+}
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/frontend/vite.config.ts b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/vite.config.ts
new file mode 100644
index 000000000..3d6221a96
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/frontend/vite.config.ts
@@ -0,0 +1,44 @@
+import { defineConfig } from "vite";
+import { svelte } from "@sveltejs/vite-plugin-svelte";
+import { execSync } from "child_process";
+
+const environment = process.env.ICP_ENVIRONMENT || "local";
+const CANISTER_NAMES = ["encrypted_notes"];
+
+function getDevServerConfig() {
+    const backend = process.env.BACKEND;
+    if (!backend) {
+        throw new Error("BACKEND env var is required. Use `npm run dev:motoko` or `npm run dev:rust`.");
+    }
+    const networkStatus = JSON.parse(
+        execSync(`icp network status -e ${environment} --json --project-root-override ../${backend}`, { encoding: "utf-8" }),
+    );
+    const canisterParams = CANISTER_NAMES.map((name) => {
+        const id = execSync(
+            `icp canister status ${name} -e ${environment} --id-only --project-root-override ../${backend}`,
+            { encoding: "utf-8", stdio: "pipe" },
+        ).trim();
+        return `PUBLIC_CANISTER_ID:${name}=${id}`;
+    }).join("&");
+    return {
+        headers: {
+            "Set-Cookie": `ic_env=${encodeURIComponent(`${canisterParams}&ic_root_key=${networkStatus.root_key}`)}; SameSite=Lax;`,
+        },
+        proxy: { "/api": { target: networkStatus.api_url, changeOrigin: true } },
+        hmr: false,
+    };
+}
+
+export default defineConfig(({ command }) => ({
+    plugins: [svelte()],
+    build: {
+        sourcemap: true,
+        rollupOptions: {
+            output: {
+                inlineDynamicImports: true,
+            },
+        },
+    },
+    root: "./",
+    ...(command === "serve" ? { server: getDevServerConfig() } : {}),
+}));
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/backend/main.mo b/rust/vetkeys/encrypted_notes_app_vetkd/motoko/backend/main.mo
similarity index 66%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/backend/main.mo
rename to rust/vetkeys/encrypted_notes_app_vetkd/motoko/backend/main.mo
index 52b99f6e2..01abfd5c8 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/backend/main.mo
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/motoko/backend/main.mo
@@ -1,17 +1,17 @@
-import Map "mo:base/HashMap";
-import Text "mo:base/Text";
-import Array "mo:base/Array";
-import Buffer "mo:base/Buffer";
-import List "mo:base/List";
-import Iter "mo:base/Iter";
-import Nat "mo:base/Nat";
-import Nat8 "mo:base/Nat8";
-import Bool "mo:base/Bool";
-import Principal "mo:base/Principal";
-import Option "mo:base/Option";
-import Debug "mo:base/Debug";
-import Blob "mo:base/Blob";
-import Hash "mo:base/Hash";
+import Map "mo:core/Map";
+import Text "mo:core/Text";
+import Array "mo:core/Array";
+import List "mo:core/List";
+import PureList "mo:core/pure/List";
+import Iter "mo:core/Iter";
+import Nat "mo:core/Nat";
+import Nat8 "mo:core/Nat8";
+import Bool "mo:core/Bool";
+import Principal "mo:core/Principal";
+import Option "mo:core/Option";
+import Debug "mo:core/Debug";
+import Runtime "mo:core/Runtime";
+import Blob "mo:core/Blob";
 import Hex "./utils/Hex";
 
 // Declare a shared actor class
@@ -61,11 +61,11 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
     private var nextNoteId : Nat = 1;
 
     // Store notes by their ID, so that note-specific encryption keys can be derived.
-    private transient var notesById = Map.HashMap<NoteId, EncryptedNote>(0, Nat.equal, Hash.hash);
+    private transient var notesById = Map.empty<NoteId, EncryptedNote>();
     // Store which note IDs are owned by a particular principal
-    private transient var noteIdsByOwner = Map.HashMap<PrincipalName, List.List<NoteId>>(0, Text.equal, Text.hash);
+    private transient var noteIdsByOwner = Map.empty<PrincipalName, PureList.List<NoteId>>();
     // Store which notes are shared with a particular principal. Does not include the owner, as this is tracked by `noteIdsByOwner`.
-    private transient var noteIdsByUser = Map.HashMap<PrincipalName, List.List<NoteId>>(0, Text.equal, Text.hash);
+    private transient var noteIdsByUser = Map.empty<PrincipalName, PureList.List<NoteId>>();
 
     // While accessing _heap_ data is more efficient, we use the following _stable memory_
     // as a buffer to preserve data across canister upgrades.
@@ -73,14 +73,14 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
     // https://internetcomputer.org/docs/current/developer-docs/production/resource-limits.
     // See also: [preupgrade], [postupgrade]
     private var stable_notesById : [(NoteId, EncryptedNote)] = [];
-    private var stable_noteIdsByOwner : [(PrincipalName, List.List<NoteId>)] = [];
-    private var stable_noteIdsByUser : [(PrincipalName, List.List<NoteId>)] = [];
+    private var stable_noteIdsByOwner : [(PrincipalName, PureList.List<NoteId>)] = [];
+    private var stable_noteIdsByUser : [(PrincipalName, PureList.List<NoteId>)] = [];
 
     // Utility function that helps writing assertion-driven code more concisely.
     private func expect<T>(opt : ?T, violation_msg : Text) : T {
         switch (opt) {
             case (null) {
-                Debug.trap(violation_msg);
+                Runtime.trap(violation_msg);
             };
             case (?x) {
                 x;
@@ -120,18 +120,18 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
             users = [];
         };
 
-        switch (noteIdsByOwner.get(owner)) {
+        switch (Map.get(noteIdsByOwner, Text.compare, owner)) {
             case (?owner_nids) {
-                assert List.size(owner_nids) < MAX_NOTES_PER_USER;
-                noteIdsByOwner.put(owner, List.push(newNote.id, owner_nids));
+                assert PureList.size(owner_nids) < MAX_NOTES_PER_USER;
+                ignore Map.insert(noteIdsByOwner, Text.compare, owner, PureList.pushFront(owner_nids, newNote.id));
             };
             case null {
-                assert noteIdsByOwner.size() < MAX_USERS;
-                noteIdsByOwner.put(owner, List.make(newNote.id));
+                assert Map.size(noteIdsByOwner) < MAX_USERS;
+                ignore Map.insert(noteIdsByOwner, Text.compare, owner, PureList.singleton(newNote.id));
             };
         };
 
-        notesById.put(newNote.id, newNote);
+        ignore Map.insert(notesById, Nat.compare, newNote.id, newNote);
         nextNoteId += 1;
         newNote.id;
     };
@@ -156,23 +156,23 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
         assert not Principal.isAnonymous(caller);
         let user = Principal.toText(caller);
 
-        let owned_notes = List.map(
-            Option.get(noteIdsByOwner.get(user), List.nil()),
+        let owned_notes = PureList.map(
+            Option.get(Map.get(noteIdsByOwner, Text.compare, user), PureList.empty()),
             func(nid : NoteId) : EncryptedNote {
-                expect(notesById.get(nid), "missing note with ID " # Nat.toText(nid));
+                expect(Map.get(notesById, Nat.compare, nid), "missing note with ID " # Nat.toText(nid));
             },
         );
-        let shared_notes = List.map(
-            Option.get(noteIdsByUser.get(user), List.nil()),
+        let shared_notes = PureList.map(
+            Option.get(Map.get(noteIdsByUser, Text.compare, user), PureList.empty()),
             func(nid : NoteId) : EncryptedNote {
-                expect(notesById.get(nid), "missing note with ID " # Nat.toText(nid));
+                expect(Map.get(notesById, Nat.compare, nid), "missing note with ID " # Nat.toText(nid));
             },
         );
 
-        let buf = Buffer.Buffer<EncryptedNote>(List.size(owned_notes) + List.size(shared_notes));
-        buf.append(Buffer.fromArray(List.toArray(owned_notes)));
-        buf.append(Buffer.fromArray(List.toArray(shared_notes)));
-        Buffer.toArray(buf);
+        let buf = List.empty<EncryptedNote>();
+        List.append(buf, List.fromArray<EncryptedNote>(PureList.toArray(owned_notes)));
+        List.append(buf, List.fromArray<EncryptedNote>(PureList.toArray(shared_notes)));
+        List.toArray(buf);
     };
 
     // Replaces the encrypted text of note with ID [id] with [encrypted_text].
@@ -187,12 +187,12 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
     public shared ({ caller }) func update_note(id : NoteId, encrypted_text : Text) : async () {
         assert not Principal.isAnonymous(caller);
         let caller_text = Principal.toText(caller);
-        let (?note_to_update) = notesById.get(id) else Debug.trap("note with id " # Nat.toText(id) # "not found");
+        let (?note_to_update) = Map.get(notesById, Nat.compare, id) else Runtime.trap("note with id " # Nat.toText(id) # "not found");
         if (not is_authorized(caller_text, note_to_update)) {
-            Debug.trap("unauthorized");
+            Runtime.trap("unauthorized");
         };
         assert note_to_update.encrypted_text.size() <= MAX_NOTE_CHARS;
-        notesById.put(id, { note_to_update with encrypted_text });
+        ignore Map.insert(notesById, Nat.compare, id, { note_to_update with encrypted_text });
     };
 
     // Shares the note with ID [note_id] with the [user].
@@ -207,25 +207,25 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
     public shared ({ caller }) func add_user(note_id : NoteId, user : PrincipalName) : async () {
         assert not Principal.isAnonymous(caller);
         let caller_text = Principal.toText(caller);
-        let (?note) = notesById.get(note_id) else Debug.trap("note with id " # Nat.toText(note_id) # "not found");
+        let (?note) = Map.get(notesById, Nat.compare, note_id) else Runtime.trap("note with id " # Nat.toText(note_id) # "not found");
         if (caller_text != note.owner) {
-            Debug.trap("unauthorized");
+            Runtime.trap("unauthorized");
         };
         assert note.users.size() < MAX_SHARES_PER_NOTE;
         if (not Option.isSome(Array.find(note.users, func(u : PrincipalName) : Bool { u == user }))) {
-            let users_buf = Buffer.fromArray<PrincipalName>(note.users);
-            users_buf.add(user);
-            let updated_note = { note with users = Buffer.toArray(users_buf) };
-            notesById.put(note_id, updated_note);
+            let users_buf = List.fromArray<PrincipalName>(note.users);
+            List.add(users_buf, user);
+            let updated_note = { note with users = List.toArray(users_buf) };
+            ignore Map.insert(notesById, Nat.compare, note_id, updated_note);
         };
-        switch (noteIdsByUser.get(user)) {
+        switch (Map.get(noteIdsByUser, Text.compare, user)) {
             case (?user_nids) {
-                if (not List.some(user_nids, func(nid : NoteId) : Bool { nid == note_id })) {
-                    noteIdsByUser.put(user, List.push(note_id, user_nids));
+                if (not PureList.any(user_nids, func(nid : NoteId) : Bool { nid == note_id })) {
+                    ignore Map.insert(noteIdsByUser, Text.compare, user, PureList.pushFront(user_nids, note_id));
                 };
             };
             case null {
-                noteIdsByUser.put(user, List.make(note_id));
+                ignore Map.insert(noteIdsByUser, Text.compare, user, PureList.singleton(note_id));
             };
         };
     };
@@ -242,22 +242,20 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
     public shared ({ caller }) func remove_user(note_id : NoteId, user : PrincipalName) : async () {
         assert not Principal.isAnonymous(caller);
         let caller_text = Principal.toText(caller);
-        let (?note) = notesById.get(note_id) else Debug.trap("note with id " # Nat.toText(note_id) # "not found");
+        let (?note) = Map.get(notesById, Nat.compare, note_id) else Runtime.trap("note with id " # Nat.toText(note_id) # "not found");
         if (caller_text != note.owner) {
-            Debug.trap("unauthorized");
+            Runtime.trap("unauthorized");
         };
-        let users_buf = Buffer.fromArray<PrincipalName>(note.users);
-        users_buf.filterEntries(func(i : Nat, u : PrincipalName) : Bool { u != user });
-        let updated_note = { note with users = Buffer.toArray(users_buf) };
-        notesById.put(note_id, updated_note);
+        let updated_note = { note with users = Array.filter(note.users, func(u : PrincipalName) : Bool { u != user }) };
+        ignore Map.insert(notesById, Nat.compare, note_id, updated_note);
 
-        switch (noteIdsByUser.get(user)) {
+        switch (Map.get(noteIdsByUser, Text.compare, user)) {
             case (?user_nids) {
-                let updated_nids = List.filter(user_nids, func(nid : NoteId) : Bool { nid != note_id });
-                if (not List.isNil(updated_nids)) {
-                    noteIdsByUser.put(user, updated_nids);
+                let updated_nids = PureList.filter(user_nids, func(nid : NoteId) : Bool { nid != note_id });
+                if (not PureList.isEmpty(updated_nids)) {
+                    ignore Map.insert(noteIdsByUser, Text.compare, user, updated_nids);
                 } else {
-                    let _ = noteIdsByUser.remove(user);
+                    ignore Map.remove(noteIdsByUser, Text.compare, user);
                 };
             };
             case null {};
@@ -275,36 +273,36 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
     public shared ({ caller }) func delete_note(note_id : NoteId) : async () {
         assert not Principal.isAnonymous(caller);
         let caller_text = Principal.toText(caller);
-        let (?note_to_delete) = notesById.get(note_id) else Debug.trap("note with id " # Nat.toText(note_id) # "not found");
+        let (?note_to_delete) = Map.get(notesById, Nat.compare, note_id) else Runtime.trap("note with id " # Nat.toText(note_id) # "not found");
         let owner = note_to_delete.owner;
         if (owner != caller_text) {
-            Debug.trap("unauthorized");
+            Runtime.trap("unauthorized");
         };
-        switch (noteIdsByOwner.get(owner)) {
+        switch (Map.get(noteIdsByOwner, Text.compare, owner)) {
             case (?owner_nids) {
-                let updated_nids = List.filter(owner_nids, func(nid : NoteId) : Bool { nid != note_id });
-                if (not List.isNil(updated_nids)) {
-                    noteIdsByOwner.put(owner, updated_nids);
+                let updated_nids = PureList.filter(owner_nids, func(nid : NoteId) : Bool { nid != note_id });
+                if (not PureList.isEmpty(updated_nids)) {
+                    ignore Map.insert(noteIdsByOwner, Text.compare, owner, updated_nids);
                 } else {
-                    let _ = noteIdsByOwner.remove(owner);
+                    ignore Map.remove(noteIdsByOwner, Text.compare, owner);
                 };
             };
             case null {};
         };
-        for (user in note_to_delete.users.vals()) {
-            switch (noteIdsByUser.get(user)) {
+        for (user in note_to_delete.users.values()) {
+            switch (Map.get(noteIdsByUser, Text.compare, user)) {
                 case (?user_nids) {
-                    let updated_nids = List.filter(user_nids, func(nid : NoteId) : Bool { nid != note_id });
-                    if (not List.isNil(updated_nids)) {
-                        noteIdsByUser.put(user, updated_nids);
+                    let updated_nids = PureList.filter(user_nids, func(nid : NoteId) : Bool { nid != note_id });
+                    if (not PureList.isEmpty(updated_nids)) {
+                        ignore Map.insert(noteIdsByUser, Text.compare, user, updated_nids);
                     } else {
-                        let _ = noteIdsByUser.remove(user);
+                        ignore Map.remove(noteIdsByUser, Text.compare, user);
                     };
                 };
                 case null {};
             };
         };
-        let _ = notesById.remove(note_id);
+        ignore Map.remove(notesById, Nat.compare, note_id);
     };
 
     // Only the vetKD methods in the IC management canister are required here.
@@ -335,15 +333,15 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
 
     public shared ({ caller }) func encrypted_symmetric_key_for_note(note_id : NoteId, transport_public_key : Blob) : async Text {
         let caller_text = Principal.toText(caller);
-        let (?note) = notesById.get(note_id) else Debug.trap("note with id " # Nat.toText(note_id) # "not found");
+        let (?note) = Map.get(notesById, Nat.compare, note_id) else Runtime.trap("note with id " # Nat.toText(note_id) # "not found");
         if (not is_authorized(caller_text, note)) {
-            Debug.trap("unauthorized");
+            Runtime.trap("unauthorized");
         };
 
-        let buf = Buffer.Buffer<Nat8>(32);
-        buf.append(Buffer.fromArray(natToBigEndianByteArray(16, note_id))); // fixed-size encoding
-        buf.append(Buffer.fromArray(Blob.toArray(Text.encodeUtf8(note.owner))));
-        let input = Blob.fromArray(Buffer.toArray(buf)); // prefix-free
+        let buf = List.empty<Nat8>();
+        List.append(buf, List.fromArray<Nat8>(natToBigEndianByteArray(16, note_id))); // fixed-size encoding
+        List.append(buf, List.fromArray<Nat8>(Blob.toArray(Text.encodeUtf8(note.owner))));
+        let input = Blob.fromArray(List.toArray(buf)); // prefix-free
 
         let { encrypted_key } = await (with cycles = 26_153_846_153) management_canister.vetkd_derive_key({
             input;
@@ -370,9 +368,9 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
     // The work required before a canister upgrade begins.
     system func preupgrade() {
         Debug.print("Starting pre-upgrade hook...");
-        stable_notesById := Iter.toArray(notesById.entries());
-        stable_noteIdsByOwner := Iter.toArray(noteIdsByOwner.entries());
-        stable_noteIdsByUser := Iter.toArray(noteIdsByUser.entries());
+        stable_notesById := Iter.toArray(Map.entries(notesById));
+        stable_noteIdsByOwner := Iter.toArray(Map.entries(noteIdsByOwner));
+        stable_noteIdsByUser := Iter.toArray(Map.entries(noteIdsByUser));
         Debug.print("pre-upgrade finished.");
     };
 
@@ -381,27 +379,21 @@ shared ({ caller = initializer }) persistent actor class (keyName: Text) {
     system func postupgrade() {
         Debug.print("Starting post-upgrade hook...");
 
-        notesById := Map.fromIter<NoteId, EncryptedNote>(
-            stable_notesById.vals(),
-            stable_notesById.size(),
-            Nat.equal,
-            Hash.hash,
+        notesById := Map.fromIter(
+            stable_notesById.values(),
+            Nat.compare,
         );
         stable_notesById := [];
 
-        noteIdsByOwner := Map.fromIter<PrincipalName, List.List<NoteId>>(
-            stable_noteIdsByOwner.vals(),
-            stable_noteIdsByOwner.size(),
-            Text.equal,
-            Text.hash,
+        noteIdsByOwner := Map.fromIter(
+            stable_noteIdsByOwner.values(),
+            Text.compare,
         );
         stable_noteIdsByOwner := [];
 
-        noteIdsByUser := Map.fromIter<PrincipalName, List.List<NoteId>>(
-            stable_noteIdsByUser.vals(),
-            stable_noteIdsByUser.size(),
-            Text.equal,
-            Text.hash,
+        noteIdsByUser := Map.fromIter(
+            stable_noteIdsByUser.values(),
+            Text.compare,
         );
         stable_noteIdsByUser := [];
 
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/backend/utils/Hex.mo b/rust/vetkeys/encrypted_notes_app_vetkd/motoko/backend/utils/Hex.mo
similarity index 86%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/backend/utils/Hex.mo
rename to rust/vetkeys/encrypted_notes_app_vetkd/motoko/backend/utils/Hex.mo
index 310b72d6d..b96543458 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/backend/utils/Hex.mo
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/motoko/backend/utils/Hex.mo
@@ -5,13 +5,15 @@
  * License     : Apache 2.0>
  */
 
-import Array "mo:base/Array";
-import Iter "mo:base/Iter";
-import Option "mo:base/Option";
-import Nat8 "mo:base/Nat8";
-import Char "mo:base/Char";
-import Result "mo:base/Result";
-import Text "mo:base/Text";
+import Array "mo:core/Array";
+import Iter "mo:core/Iter";
+import Nat "mo:core/Nat";
+import VarArray "mo:core/VarArray";
+import Option "mo:core/Option";
+import Nat8 "mo:core/Nat8";
+import Char "mo:core/Char";
+import Result "mo:core/Result";
+import Text "mo:core/Text";
 import Prim "mo:⛔";
 
 module {
@@ -75,7 +77,7 @@ module {
     };
     var i = 0;
     let n = upper.size() / 2 + upper.size() % 2;
-    let array = Array.init<Nat8>(n, 0);
+    let array = VarArray.repeat<Nat8>(0, n);
     while (i != n) {
       switch (parse()) {
         case (#ok w8) {
@@ -87,14 +89,14 @@ module {
         };
       };
     };
-    #ok (Array.freeze<Nat8>(array));
+    #ok (Array.fromVarArray<Nat8>(array));
   };
 
   /**
    * Decode an unsigned 4-bit integer in hexadecimal format.
    */
   private func decodeW4(char : Char) : Result<Nat8, DecodeError> {
-    for (i in Iter.range(0, 15)) {
+    for (i in Nat.range(0, 16)) {
       if (symbols[i] == char) {
         return #ok (Nat8.fromNat(i));
       };
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/frontend b/rust/vetkeys/encrypted_notes_app_vetkd/motoko/frontend
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/frontend
rename to rust/vetkeys/encrypted_notes_app_vetkd/motoko/frontend
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/motoko/icp.yaml b/rust/vetkeys/encrypted_notes_app_vetkd/motoko/icp.yaml
new file mode 100644
index 000000000..8b496303e
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/motoko/icp.yaml
@@ -0,0 +1,24 @@
+canisters:
+  - name: encrypted_notes
+    recipe:
+      type: "@dfinity/motoko@v4.1.0"
+      configuration:
+        main: backend/main.mo
+    init_args:
+      type: text
+      value: "(\"test_key_1\")"
+
+  - name: www
+    recipe:
+      type: "@dfinity/asset-canister@v2.1.0"
+      configuration:
+        dir: dist
+        build:
+          - npm install --include=dev --legacy-peer-deps --prefix ../frontend
+          - npm run build --prefix ../frontend
+          - rm -rf dist && mv ../frontend/dist dist && cp dist/index.html dist/404.html
+
+networks:
+  - name: local
+    mode: managed
+    ii: true
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/motoko/mops.toml b/rust/vetkeys/encrypted_notes_app_vetkd/motoko/mops.toml
new file mode 100644
index 000000000..1172ef015
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/motoko/mops.toml
@@ -0,0 +1,5 @@
+[toolchain]
+moc = "1.9.0"
+
+[dependencies]
+core = "2.5.0"
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/Cargo.toml b/rust/vetkeys/encrypted_notes_app_vetkd/rust/Cargo.toml
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/rust/Cargo.toml
rename to rust/vetkeys/encrypted_notes_app_vetkd/rust/Cargo.toml
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/backend/Cargo.toml b/rust/vetkeys/encrypted_notes_app_vetkd/rust/backend/Cargo.toml
similarity index 87%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/rust/backend/Cargo.toml
rename to rust/vetkeys/encrypted_notes_app_vetkd/rust/backend/Cargo.toml
index 25355a7fa..48c9a0a7b 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/backend/Cargo.toml
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/rust/backend/Cargo.toml
@@ -9,7 +9,8 @@ crate-type = ["cdylib"]
 
 [dependencies]
 candid = "0.10"
-ic-cdk = "0.18.3"
+ic-cdk = "0.20.1"
+ic-cdk-management-canister = "0.1.1"
 ic-stable-structures = "0.6.4"
 lazy_static = "1.4.0"
 serde_json = "1.0.108"
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/backend/src/encrypted_notes_rust.did b/rust/vetkeys/encrypted_notes_app_vetkd/rust/backend/src/encrypted_notes_rust.did
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/rust/backend/src/encrypted_notes_rust.did
rename to rust/vetkeys/encrypted_notes_app_vetkd/rust/backend/src/encrypted_notes_rust.did
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/backend/src/lib.rs b/rust/vetkeys/encrypted_notes_app_vetkd/rust/backend/src/lib.rs
similarity index 98%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/rust/backend/src/lib.rs
rename to rust/vetkeys/encrypted_notes_app_vetkd/rust/backend/src/lib.rs
index 4ea54bd55..3bd0f2538 100644
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/backend/src/lib.rs
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/rust/backend/src/lib.rs
@@ -371,7 +371,7 @@ fn remove_user(note_id: NoteId, user: PrincipalName) {
     });
 }
 
-use ic_cdk::management_canister::{
+use ic_cdk_management_canister::{
     VetKDCurve, VetKDDeriveKeyArgs, VetKDDeriveKeyResult, VetKDKeyId, VetKDPublicKeyArgs,
     VetKDPublicKeyResult,
 };
@@ -384,7 +384,7 @@ async fn symmetric_key_verification_key_for_note() -> String {
         key_id: key_id(),
     };
 
-    let response: VetKDPublicKeyResult = ic_cdk::management_canister::vetkd_public_key(&request)
+    let response: VetKDPublicKeyResult = ic_cdk_management_canister::vetkd_public_key(&request)
         .await
         .expect("call to vetkd_public_key failed");
 
@@ -418,7 +418,7 @@ async fn encrypted_symmetric_key_for_note(
         }
     });
 
-    let response: VetKDDeriveKeyResult = ic_cdk::management_canister::vetkd_derive_key(&request)
+    let response: VetKDDeriveKeyResult = ic_cdk_management_canister::vetkd_derive_key(&request)
         .await
         .expect("call to vetkd_derive_key failed");
 
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/frontend b/rust/vetkeys/encrypted_notes_app_vetkd/rust/frontend
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/rust/frontend
rename to rust/vetkeys/encrypted_notes_app_vetkd/rust/frontend
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/rust/icp.yaml b/rust/vetkeys/encrypted_notes_app_vetkd/rust/icp.yaml
new file mode 100644
index 000000000..cf25e37b4
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/rust/icp.yaml
@@ -0,0 +1,25 @@
+canisters:
+  - name: encrypted_notes
+    recipe:
+      type: "@dfinity/rust@v3.2.0"
+      configuration:
+        package: encrypted_notes_backend
+        candid: backend/src/encrypted_notes_rust.did
+    init_args:
+      type: text
+      value: "(\"test_key_1\")"
+
+  - name: www
+    recipe:
+      type: "@dfinity/asset-canister@v2.1.0"
+      configuration:
+        dir: dist
+        build:
+          - npm install --include=dev --legacy-peer-deps --prefix ../frontend
+          - npm run build --prefix ../frontend
+          - rm -rf dist && mv ../frontend/dist dist
+
+networks:
+  - name: local
+    mode: managed
+    ii: true
diff --git a/rust/vetkeys/encrypted_notes_app_vetkd/rust/rust-toolchain.toml b/rust/vetkeys/encrypted_notes_app_vetkd/rust/rust-toolchain.toml
new file mode 100644
index 000000000..6e5beca4f
--- /dev/null
+++ b/rust/vetkeys/encrypted_notes_app_vetkd/rust/rust-toolchain.toml
@@ -0,0 +1,2 @@
+[toolchain]
+targets = ["wasm32-unknown-unknown"]
\ No newline at end of file
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/security-checklist.md b/rust/vetkeys/encrypted_notes_app_vetkd/security-checklist.md
similarity index 100%
rename from rust/vetkeys/encrypted_notes_dapp_vetkd/security-checklist.md
rename to rust/vetkeys/encrypted_notes_app_vetkd/security-checklist.md
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/package.json b/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/package.json
deleted file mode 100644
index 2a36dba9e..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/package.json
+++ /dev/null
@@ -1,81 +0,0 @@
-{
-  "name": "encrypted-notes-dapp",
-  "version": "0.2.0",
-  "keywords": [
-    "Internet Computer",
-    "Motoko",
-    "Svelte",
-    "Canister",
-    "Rust"
-  ],
-  "scripts": {
-    "build": "npm run build:bindings && rollup -c --bundleConfigAsCjs",
-    "build:bindings": "cd scripts && ./gen_bindings.sh",
-    "dev": "npm run build:bindings && rollup -c --bundleConfigAsCjs -w",
-    "start": "sirv public --single",
-    "test": "jest src",
-    "test:watch": "npm run test -- --watch",
-    "check": "svelte-check --tsconfig ./tsconfig.json"
-  },
-  "devDependencies": {
-    "@babel/preset-env": "^7.16.8",
-    "@rollup/plugin-commonjs": "^25.0.0",
-    "@rollup/plugin-json": "^6.0.0",
-    "@rollup/plugin-node-resolve": "^15.0.2",
-    "@rollup/plugin-terser": "^1.0.0",
-    "@rollup/plugin-typescript": "^12.1.2",
-    "@tailwindcss/line-clamp": "^0.3.1",
-    "@testing-library/jest-dom": "^5.16.1",
-    "@testing-library/svelte": "^3.0.3",
-    "@tsconfig/svelte": "^2.0.0",
-    "autoprefixer": "^10.4.2",
-    "babel-jest": "^27.4.6",
-    "daisyui": "^1.25.4",
-    "idb-keyval": "6.2.1",
-    "jest": "^30.2.0",
-    "postcss": "^8.4.31",
-    "rollup": "^3.30.0",
-    "rollup-plugin-css-only": "^4.3.0",
-    "rollup-plugin-dotenv": "^0.5.1",
-    "rollup-plugin-inject": "^3.0.2",
-    "rollup-plugin-inject-process-env": "^1.3.1",
-    "rollup-plugin-livereload": "^2.0.0",
-    "rollup-plugin-polyfill-node": "^0.12.0",
-    "rollup-plugin-svelte": "^7.2.2",
-    "svelte": "^3.59.1",
-    "svelte-check": "^3.3.2",
-    "svelte-jester": "^2.3.2",
-    "svelte-preprocess": "^5.0.3",
-    "tailwindcss": "^3.0.17",
-    "tslib": "^2.0.0",
-    "typescript": "^4.0.0"
-  },
-  "dependencies": {
-    "@dfinity/agent": "^2.1.3",
-    "@dfinity/auth-client": "^2.1.3",
-    "@dfinity/candid": "^2.1.3",
-    "@dfinity/identity": "^2.1.3",
-    "@dfinity/principal": "^2.1.3",
-    "@dfinity/vetkeys": "^0.3.0",
-    "isomorphic-dompurify": "^2.25.0",
-    "sirv-cli": "^1.0.0",
-    "svelte-icons": "^2.1.0",
-    "svelte-router-spa": "^6.0.3",
-    "typewriter-editor": "^0.6.45"
-  },
-  "jest": {
-    "transform": {
-      "^.+\\.js$": "babel-jest",
-      "^.+\\.svelte$": "svelte-jester"
-    },
-    "moduleFileExtensions": [
-      "js",
-      "svelte"
-    ],
-    "setupFilesAfterEnv": [
-      "@testing-library/jest-dom/extend-expect",
-      "./jest-env.js"
-    ],
-    "testEnvironment": "jsdom"
-  }
-}
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/rollup.config.js b/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/rollup.config.js
deleted file mode 100644
index 535cf2306..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/rollup.config.js
+++ /dev/null
@@ -1,121 +0,0 @@
-import svelte from "rollup-plugin-svelte";
-import commonjs from "@rollup/plugin-commonjs";
-import resolve from "@rollup/plugin-node-resolve";
-import livereload from "rollup-plugin-livereload";
-import terser from "@rollup/plugin-terser";
-import sveltePreprocess from "svelte-preprocess";
-import typescript from "@rollup/plugin-typescript";
-import css from "rollup-plugin-css-only";
-import json from "@rollup/plugin-json";
-import injectProcessEnv from "rollup-plugin-inject-process-env";
-
-const production = !process.env.ROLLUP_WATCH;
-
-function serve(exposeHost) {
-  let server;
-
-  function toExit() {
-    if (server) server.kill(0);
-  }
-
-  return {
-    writeBundle() {
-      if (server) return;
-      server = require("child_process").spawn(
-        "npm",
-        exposeHost
-          ? ["run", "start-expose", "--", "--dev"]
-          : ["run", "start", "--", "--dev"],
-        {
-          stdio: ["ignore", "inherit", "inherit"],
-          shell: true,
-        }
-      );
-
-      process.on("SIGTERM", toExit);
-      process.on("exit", toExit);
-    },
-  };
-}
-
-export default (config) => {
-  const exposeHost = !!config.configExpose;
-
-  return {
-    input: "src/main.ts",
-    output: {
-      sourcemap: true,
-      name: "app",
-      format: "iife",
-
-      file: "public/build/main.js",
-      inlineDynamicImports: true,
-    },
-    plugins: [
-      svelte({
-        preprocess: sveltePreprocess({
-          sourceMap: !production,
-          postcss: {
-            plugins: [require("tailwindcss")(), require("autoprefixer")()],
-          },
-        }),
-        compilerOptions: {
-          // enable run-time checks when not in production
-          dev: !production,
-        },
-      }),
-      // we'll extract any component CSS out into
-      // a separate file - better for performance
-      css({ output: "bundle.css" }),
-
-      // If you have external dependencies installed from
-      // npm, you'll most likely need these plugins. In
-      // some cases you'll need additional configuration -
-      // consult the documentation for details:
-      // https://github.com/rollup/plugins/tree/master/packages/commonjs
-      resolve({
-        preferBuiltins: false,
-        browser: true,
-        dedupe: ["svelte"],
-      }),
-      commonjs(),
-      typescript({
-        sourceMap: !production,
-        inlineSources: !production,
-      }),
-      json(),
-      injectProcessEnv({
-        DFX_NETWORK: process.env.DFX_NETWORK,
-        CANISTER_ID_ENCRYPTED_NOTES: process.env.CANISTER_ID_ENCRYPTED_NOTES,
-      }),
-
-      // In dev mode, call `npm run start` once
-      // the bundle has been generated
-      !production && serve(exposeHost),
-
-      // Watch the `public` directory and refresh the
-      // browser on changes when not in production
-      !production && livereload("public"),
-
-      // If we're building for production (npm run build
-      // instead of npm run dev), minify
-      production && terser(),
-    ],
-    watch: {
-      clearScreen: false,
-    },
-    onwarn: function (warning) {
-      if (
-        [
-          "CIRCULAR_DEPENDENCY",
-          "THIS_IS_UNDEFINED",
-          "EVAL",
-          "NAMESPACE_CONFLIC",
-        ].includes(warning.code)
-      ) {
-        return;
-      }
-      console.warn(warning.message);
-    },
-  };
-};
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/scripts/gen_bindings.sh b/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/scripts/gen_bindings.sh
deleted file mode 100755
index dbc07b9d7..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/scripts/gen_bindings.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-cd ../.. && dfx generate encrypted_notes || exit 1
-
-rm -r frontend/src/declarations/encrypted_notes > /dev/null 2>&1 || true
-
-mkdir -p frontend/src/declarations/encrypted_notes
-mv src/declarations/encrypted_notes frontend/src/declarations
-rmdir -p src/declarations > /dev/null 2>&1 || true
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/DisclaimerCopy.svelte b/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/DisclaimerCopy.svelte
deleted file mode 100644
index dcbfd5c9d..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/components/DisclaimerCopy.svelte
+++ /dev/null
@@ -1,3 +0,0 @@
-<strong>Disclaimer:</strong> This sample dapp is intended exclusively for experimental
-purpose. You are advised not to use this dapp for storing your critical data such
-as keys or passwords.
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/actor.ts b/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/actor.ts
deleted file mode 100644
index 6c275f9e5..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/actor.ts
+++ /dev/null
@@ -1,54 +0,0 @@
-import {
-  Actor,
-  ActorConfig,
-  ActorSubclass,
-  HttpAgent,
-  HttpAgentOptions,
-} from "@dfinity/agent";
-import {
-  idlFactory,
-  _SERVICE,
-} from "../declarations/encrypted_notes/encrypted_notes.did.js";
-
-export type BackendActor = ActorSubclass<_SERVICE>;
-
-export function createActor(options?: {
-  agentOptions?: HttpAgentOptions;
-  actorOptions?: ActorConfig;
-}): BackendActor {
-  const hostOptions = {
-    host:
-      process.env.DFX_NETWORK === "ic"
-        ? `https://${process.env.CANISTER_ID_ENCRYPTED_NOTES}.ic0.app`
-        : "http://localhost:8000",
-  };
-  if (!options) {
-    options = {
-      agentOptions: hostOptions,
-    };
-  } else if (!options.agentOptions) {
-    options.agentOptions = hostOptions;
-  } else {
-    options.agentOptions.host = hostOptions.host;
-  }
-
-  const agent = new HttpAgent({ ...options.agentOptions });
-  // Fetch root key for certificate validation during development
-  if (process.env.NODE_ENV !== "production") {
-    console.log(`Dev environment - fetching root key...`);
-
-    agent.fetchRootKey().catch((err) => {
-      console.warn(
-        "Unable to fetch root key. Check to ensure that your local replica is running"
-      );
-      console.error(err);
-    });
-  }
-
-  // Creates an actor with using the candid interface and the HttpAgent
-  return Actor.createActor(idlFactory, {
-    agent,
-    canisterId: process.env.CANISTER_ID_ENCRYPTED_NOTES,
-    ...options?.actorOptions,
-  });
-}
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/crypto.ts b/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/crypto.ts
deleted file mode 100644
index cb96c4b83..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/lib/crypto.ts
+++ /dev/null
@@ -1,109 +0,0 @@
-import type { BackendActor } from './actor';
-import { get, set } from 'idb-keyval';
-
-// Usage of the imported bindings only works if the respective .wasm was loaded, which is done in main.ts.
-// See also https://github.com/rollup/plugins/tree/master/packages/wasm#using-with-wasm-bindgen-and-wasm-pack
-import * as vetkd from "@dfinity/vetkeys";
-
-export class CryptoService {
-  constructor(private actor: BackendActor) {
-  }
-
-  // The function encrypts data with the note-id-specific secretKey.
-  public async encryptWithNoteKey(note_id: bigint, owner: string, data: string): Promise<string> {
-    await this.fetch_note_key_if_needed(note_id, owner);
-    const note_key: CryptoKey = await get([note_id.toString(), owner]);
-
-    const data_encoded = Uint8Array.from([...data].map(ch => ch.charCodeAt(0))).buffer
-    // The iv must never be reused with a given key.
-    const iv = window.crypto.getRandomValues(new Uint8Array(12));
-    const ciphertext = await window.crypto.subtle.encrypt(
-      {
-        name: "AES-GCM",
-        iv: iv
-      },
-      note_key,
-      data_encoded
-    );
-
-    const iv_decoded = String.fromCharCode(...new Uint8Array(iv));
-    const cipher_decoded = String.fromCharCode(...new Uint8Array(ciphertext));
-    return iv_decoded + cipher_decoded;
-  }
-
-  // The function decrypts the given input data with the note-id-specific secretKey.
-  public async decryptWithNoteKey(note_id: bigint, owner: string, data: string) {
-    await this.fetch_note_key_if_needed(note_id, owner);
-    const note_key: CryptoKey = await get([note_id.toString(), owner]);
-
-    if (data.length < 13) {
-      throw new Error('wrong encoding, too short to contain iv');
-    }
-    const iv_decoded = data.slice(0, 12);
-    const cipher_decoded = data.slice(12);
-    const iv_encoded = Uint8Array.from([...iv_decoded].map(ch => ch.charCodeAt(0))).buffer;
-    const ciphertext_encoded = Uint8Array.from([...cipher_decoded].map(ch => ch.charCodeAt(0))).buffer;
-
-    let decrypted_data_encoded = await window.crypto.subtle.decrypt(
-      {
-        name: "AES-GCM",
-        iv: iv_encoded
-      },
-      note_key,
-      ciphertext_encoded
-    );
-    const decrypted_data_decoded = String.fromCharCode(...new Uint8Array(decrypted_data_encoded));
-    return decrypted_data_decoded;
-  }
-
-  private async fetch_note_key_if_needed(note_id: bigint, owner: string): Promise<void> {
-    if (!await get([note_id.toString(), owner])) {
-      const tsk = vetkd.TransportSecretKey.random();
-
-      const ek_bytes_hex = await this.actor.encrypted_symmetric_key_for_note(note_id, tsk.publicKeyBytes());
-      const encryptedVetKey = vetkd.EncryptedVetKey.deserialize(hex_decode(ek_bytes_hex));
-
-      const pk_bytes_hex = await this.actor.symmetric_key_verification_key_for_note();
-      const dpk = vetkd.DerivedPublicKey.deserialize(hex_decode(pk_bytes_hex));
-
-      const note_id_bytes: Uint8Array = bigintTo128BitBigEndianUint8Array(note_id);
-      const owner_utf8: Uint8Array = new TextEncoder().encode(owner);
-      let input = new Uint8Array(note_id_bytes.length + owner_utf8.length);
-      input.set(note_id_bytes);
-      input.set(owner_utf8, note_id_bytes.length);
-
-      const vetKey = encryptedVetKey.decryptAndVerify(tsk, dpk, input);
-
-      const note_key = await (await vetKey.asDerivedKeyMaterial()).deriveAesGcmCryptoKey("note-key");
-      await set([note_id.toString(), owner], note_key)
-    }
-  }
-}
-
-const hex_decode = (hexString) =>
-  Uint8Array.from(hexString.match(/.{1,2}/g).map((byte) => parseInt(byte, 16)));
-const hex_encode = (bytes) =>
-  bytes.reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
-
-// Inspired by https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/
-function bigintTo128BitBigEndianUint8Array(bn: bigint): Uint8Array {
-  var hex = BigInt(bn).toString(16);
-
-  // extend hex to length 32 = 16 bytes = 128 bits
-  while (hex.length < 32) {
-    hex = '0' + hex;
-  }
-
-  var len = hex.length / 2;
-  var u8 = new Uint8Array(len);
-
-  var i = 0;
-  var j = 0;
-  while (i < len) {
-    u8[i] = parseInt(hex.slice(j, j + 2), 16);
-    i += 1;
-    j += 2;
-  }
-
-  return u8;
-}
\ No newline at end of file
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/store/auth.ts b/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/store/auth.ts
deleted file mode 100644
index 04c7540db..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/src/store/auth.ts
+++ /dev/null
@@ -1,140 +0,0 @@
-import { get, writable } from "svelte/store";
-import { BackendActor, createActor } from "../lib/actor";
-import { AuthClient } from "@dfinity/auth-client";
-import { CryptoService } from "../lib/crypto";
-import { addNotification, showError } from "./notifications";
-import { sleep } from "../lib/sleep";
-import type { JsonnableDelegationChain } from "@dfinity/identity/lib/cjs/identity/delegation";
-import { navigateTo } from "svelte-router-spa";
-
-export type AuthState =
-  | {
-      state: "initializing-auth";
-    }
-  | {
-      state: "anonymous";
-      actor: BackendActor;
-      client: AuthClient;
-    }
-  | {
-      state: "initializing-crypto";
-      actor: BackendActor;
-      client: AuthClient;
-    }
-  | {
-      state: "synchronizing";
-      actor: BackendActor;
-      client: AuthClient;
-    }
-  | {
-      state: "initialized";
-      actor: BackendActor;
-      client: AuthClient;
-      crypto: CryptoService;
-    }
-  | {
-      state: "error";
-      error: string;
-    };
-
-export const auth = writable<AuthState>({
-  state: "initializing-auth",
-});
-
-async function initAuth() {
-  const client = await AuthClient.create();
-  if (await client.isAuthenticated()) {
-    authenticate(client);
-  } else {
-    auth.update(() => ({
-      state: "anonymous",
-      actor: createActor(),
-      client,
-    }));
-  }
-}
-
-initAuth();
-
-export function login() {
-  const currentAuth = get(auth);
-
-  if (currentAuth.state === "anonymous") {
-    currentAuth.client.login({
-      maxTimeToLive: BigInt(1800) * BigInt(1_000_000_000),
-      identityProvider:
-        process.env.DFX_NETWORK === "ic"
-          ? "https://identity.ic0.app/#authorize"
-          : `http://rdmx6-jaaaa-aaaaa-aaadq-cai.localhost:8000/#authorize`,
-      onSuccess: () => authenticate(currentAuth.client),
-    });
-  }
-}
-
-export async function logout() {
-  const currentAuth = get(auth);
-
-  if (currentAuth.state === "initialized") {
-    await currentAuth.client.logout();
-    auth.update(() => ({
-      state: "anonymous",
-      actor: createActor(),
-      client: currentAuth.client,
-    }));
-    navigateTo("/");
-  }
-}
-
-export async function authenticate(client: AuthClient) {
-  handleSessionTimeout();
-
-  try {
-    const actor = createActor({
-      agentOptions: {
-        identity: client.getIdentity(),
-      },
-    });
-
-    auth.update(() => ({
-      state: "initializing-crypto",
-      actor,
-      client,
-    }));
-
-    const cryptoService = new CryptoService(actor);
-
-    auth.update(() => ({
-      state: "initialized",
-      actor,
-      client,
-      crypto: cryptoService,
-    }));
-  } catch (e) {
-    auth.update(() => ({
-      state: "error",
-      error: e.message || "An error occurred",
-    }));
-  }
-}
-
-// set a timer when the II session will expire and log the user out
-function handleSessionTimeout() {
-  // upon login the localstorage items may not be set, wait for next tick
-  setTimeout(() => {
-    try {
-      const delegation = JSON.parse(
-        window.localStorage.getItem("ic-delegation")
-      ) as JsonnableDelegationChain;
-
-      const expirationTimeMs =
-        Number.parseInt(delegation.delegations[0].delegation.expiration, 16) /
-        1000000;
-
-      setTimeout(() => {
-        logout();
-      }, expirationTimeMs - Date.now());
-    } catch {
-      console.error("Could not handle delegation expiry.");
-    }
-  });
-}
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/tailwind.config.js b/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/tailwind.config.js
deleted file mode 100644
index e88d06d07..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/tailwind.config.js
+++ /dev/null
@@ -1,10 +0,0 @@
-module.exports = {
-  content: [
-    './public/index.html',
-    './src/**/*.svelte',
-  ],
-  theme: {
-    extend: {},
-  },
-  plugins: [require('daisyui'), require('@tailwindcss/line-clamp')],
-};
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/tsconfig.json b/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/tsconfig.json
deleted file mode 100644
index 6bfdec1e8..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/frontend/tsconfig.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "extends": "@tsconfig/svelte/tsconfig.json",
-  "include": ["src/**/*"],
-  "exclude": ["node_modules/*", "__sapper__/*", "public/*", "src/declarations/**/*"]
-}
\ No newline at end of file
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/dfx.json b/rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/dfx.json
deleted file mode 100644
index 61d6507e6..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/motoko/dfx.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
-    "canisters": {
-      "encrypted_notes": {
-        "main": "backend/main.mo",
-        "type": "motoko",
-        "args": "--enhanced-orthogonal-persistence",
-        "init_arg": "(\"test_key_1\")"
-      },
-      "internet-identity": {
-        "candid": "https://github.com/dfinity/internet-identity/releases/download/release-2026-03-16/internet_identity.did",
-        "type": "custom",
-        "specified_id": "rdmx6-jaaaa-aaaaa-aaadq-cai",
-        "remote": {
-          "id": {
-            "ic": "rdmx6-jaaaa-aaaaa-aaadq-cai"
-          }
-        },
-        "wasm": "https://github.com/dfinity/internet-identity/releases/download/release-2026-03-16/internet_identity_dev.wasm.gz"
-      },
-      "www": {
-        "dependencies": ["encrypted_notes", "internet-identity"],
-        "build": [
-          "cd frontend && npm i --include=dev && npm run build && cd - && rm -r public > /dev/null 2>&1; cp -r frontend/public ./"
-        ],
-        "frontend": {
-          "entrypoint": "public/index.html"
-        },
-        "source": ["public/"],
-        "type": "assets",
-        "output_env_file": "frontend/.env"
-      }
-    },
-    "networks": {
-      "local": {
-        "bind": "127.0.0.1:8000",
-        "type": "ephemeral"
-      }
-    }
-  }
\ No newline at end of file
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/dfx.json b/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/dfx.json
deleted file mode 100644
index 7cfa041f3..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/dfx.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
-  "canisters": {
-    "encrypted_notes": {
-      "type": "rust",
-      "candid": "backend/src/encrypted_notes_rust.did",
-      "package": "encrypted_notes_backend",
-      "init_arg": "(\"test_key_1\")"
-    },
-    "internet-identity": {
-      "candid": "https://github.com/dfinity/internet-identity/releases/download/release-2026-03-16/internet_identity.did",
-      "type": "custom",
-      "specified_id": "rdmx6-jaaaa-aaaaa-aaadq-cai",
-      "remote": {
-        "id": {
-          "ic": "rdmx6-jaaaa-aaaaa-aaadq-cai"
-        }
-      },
-      "wasm": "https://github.com/dfinity/internet-identity/releases/download/release-2026-03-16/internet_identity_dev.wasm.gz"
-    },
-    "www": {
-      "dependencies": ["encrypted_notes", "internet-identity"],
-      "build": [
-        "cd frontend && npm i --include=dev && npm run build && cd - && rm -r public > /dev/null 2>&1; cp -r frontend/public ./"
-      ],
-      "frontend": {
-        "entrypoint": "public/index.html"
-      },
-      "source": ["public/"],
-      "type": "assets",
-      "output_env_file": "frontend/.env"
-    }
-  },
-  "networks": {
-    "local": {
-      "bind": "127.0.0.1:8000",
-      "type": "ephemeral"
-    }
-  }
-}
diff --git a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/rust-toolchain.toml b/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/rust-toolchain.toml
deleted file mode 100644
index 2a2058b04..000000000
--- a/rust/vetkeys/encrypted_notes_dapp_vetkd/rust/rust-toolchain.toml
+++ /dev/null
@@ -1,4 +0,0 @@
-[toolchain]
-channel = "1.88.0"
-targets = ["wasm32-unknown-unknown"]
-profile = "default"
\ No newline at end of file