It would be great to have a shot list of actions required to test
Pomade is getting closer — take a look below for a demo video, or try it out yourself at https://pomade.onrender.com.
https://coracle-media.us-southeast-1.linodeobjects.com/pomade_demo_3.mov
For more details, take a look at the repository at https://github.com/coracle-social/pomade.
I am currently looking for security-oriented reviews, so if you're interested in using this project for your client, please take a look at PROTOCOL.md and tell me if you see any major attack vectors! Of course, an email-based recovery protocol can only be so secure (email providers, senders, clients, and signers are all assumed to be somewhat trustworthy). If you really want to go deep, a review of the signer code would also be helpful.
Finally, if you'd like to run a signer please let me know and I'll add your signer to my master list of recommended signers.
Discussion
Just released a new version that has some explanations. The test flow is sign up, back, login, back, recover. Should give you an idea of what's going on