@btc-vision/cli 1.0.0 → 1.0.2

package/build/lib/binary.js

@@ -1,5 +1,5 @@
 import * as crypto from 'crypto';
-import { PLUGIN_MAGIC_BYTES, PLUGIN_FORMAT_VERSION, MLDSA_PUBLIC_KEY_SIZES, MLDSA_SIGNATURE_SIZES, } from '@btc-vision/plugin-sdk';
+import { MLDSA_PUBLIC_KEY_SIZES, MLDSA_SIGNATURE_SIZES, PLUGIN_FORMAT_VERSION, PLUGIN_MAGIC_BYTES, } from '@btc-vision/plugin-sdk';
 import { cliLevelToMLDSALevel, mldsaLevelToCLI } from '../types/index.js';
 export function parseOpnetBinary(data) {
     let offset = 0;
@@ -91,27 +91,35 @@ export function verifyChecksum(parsed) {
     return computed.equals(parsed.checksum);
 }
 export function buildOpnetBinary(options) {
-    const { mldsaLevel, publicKey, signature, metadata, bytecode, proto = Buffer.alloc(0) } = options;
+    const { mldsaLevel, publicKey, metadata, bytecode, proto = Buffer.alloc(0), signFn } = options;
     const sdkLevel = cliLevelToMLDSALevel(mldsaLevel);
     const expectedPkSize = MLDSA_PUBLIC_KEY_SIZES[sdkLevel];
     const expectedSigSize = MLDSA_SIGNATURE_SIZES[sdkLevel];
     if (publicKey.length !== expectedPkSize) {
         throw new Error(`Public key size mismatch: expected ${expectedPkSize}, got ${publicKey.length}`);
     }
+    const tempMetadata = { ...metadata, checksum: '' };
+    const tempMetadataBytes = Buffer.from(JSON.stringify(tempMetadata), 'utf-8');
+    const checksum = computeChecksum(tempMetadataBytes, bytecode, proto);
+    const checksumHex = `sha256:${checksum.toString('hex')}`;
+    const finalMetadata = { ...metadata, checksum: checksumHex };
+    const metadataBytes = Buffer.from(JSON.stringify(finalMetadata), 'utf-8');
+    const finalChecksum = computeChecksum(metadataBytes, bytecode, proto);
+    const signature = signFn ? signFn(finalChecksum) : Buffer.alloc(expectedSigSize);
     if (signature.length !== expectedSigSize) {
         throw new Error(`Signature size mismatch: expected ${expectedSigSize}, got ${signature.length}`);
     }
-    const metadataStr = JSON.stringify(metadata);
-    const metadataBytes = Buffer.from(metadataStr, 'utf-8');
-    const checksum = computeChecksum(metadataBytes, bytecode, proto);
     const totalSize = 8 +
         4 +
         1 +
         publicKey.length +
         signature.length +
-        4 + metadataBytes.length +
-        4 + bytecode.length +
-        4 + proto.length +
+        4 +
+        metadataBytes.length +
+        4 +
+        bytecode.length +
+        4 +
+        proto.length +
         32;
     const buffer = Buffer.alloc(totalSize);
     let offset = 0;
@@ -137,8 +145,8 @@ export function buildOpnetBinary(options) {
     offset += 4;
     proto.copy(buffer, offset);
     offset += proto.length;
-    checksum.copy(buffer, offset);
-    return buffer;
+    finalChecksum.copy(buffer, offset);
+    return { binary: buffer, checksum: finalChecksum };
 }
 export function extractMetadata(data) {
     try {

package/build/lib/config.d.ts

@@ -1,4 +1,4 @@
-import { CLIConfig, NetworkName, CLIMldsaLevel } from '../types/index.js';
+import { CLIConfig, CLIMldsaLevel, NetworkName } from '../types/index.js';
 export declare function ensureConfigDir(): void;
 export declare function loadConfig(): CLIConfig;
 export declare function saveConfig(config: CLIConfig): void;

package/build/lib/credentials.d.ts

@@ -1,4 +1,4 @@
-import { CLICredentials, NetworkName, CLIMldsaLevel } from '../types/index.js';
+import { CLICredentials, CLIMldsaLevel, NetworkName } from '../types/index.js';
 export declare function loadCredentials(): CLICredentials | null;
 export declare function saveCredentials(credentials: CLICredentials): void;
 export declare function deleteCredentials(): boolean;

package/build/lib/ipfs.js

@@ -62,7 +62,9 @@ export async function pinToIPFS(data, name) {
         'Content-Length': body.length.toString(),
     };
     if (config.ipfsPinningAuthHeader) {
-        const [headerName, headerValue] = config.ipfsPinningAuthHeader.split(':').map((s) => s.trim());
+        const [headerName, headerValue] = config.ipfsPinningAuthHeader
+            .split(':')
+            .map((s) => s.trim());
         if (headerName && headerValue) {
             headers[headerName] = headerValue;
         }
@@ -139,7 +141,6 @@ export async function fetchFromIPFS(cid) {
         }
         catch (error) {
             lastError = error instanceof Error ? error : new Error(String(error));
-            continue;
         }
     }
     throw new Error(`Failed to fetch from all gateways: ${lastError?.message}`);

package/build/lib/manifest.d.ts

@@ -10,5 +10,5 @@ export declare function createManifest(options: {
     email?: string;
     description?: string;
     pluginType: 'standalone' | 'library';
-}): IPluginMetadata;
+}): Omit<IPluginMetadata, 'checksum'>;
 export declare function getManifestPath(dir?: string): string;

package/build/lib/manifest.js

@@ -1,6 +1,6 @@
 import * as fs from 'fs';
 import * as path from 'path';
-import { validateManifest as sdkValidateManifest, PLUGIN_NAME_REGEX, PLUGIN_MANIFEST_FILENAME, DEFAULT_PERMISSIONS, DEFAULT_RESOURCES, DEFAULT_LIFECYCLE, } from '@btc-vision/plugin-sdk';
+import { DEFAULT_LIFECYCLE, DEFAULT_PERMISSIONS, DEFAULT_RESOURCES, PLUGIN_MANIFEST_FILENAME, PLUGIN_NAME_REGEX, validateManifest as sdkValidateManifest, } from '@btc-vision/plugin-sdk';
 const SCOPED_NAME_PATTERN = /^@[a-z][a-z0-9-]*\/[a-z][a-z0-9-]*$/;
 export function validatePluginName(name) {
     const errors = [];
@@ -29,8 +29,7 @@ export function validateManifest(manifest) {
 export function validatePermissions(permissions) {
     const errors = [];
     if (permissions.database?.enabled) {
-        if (!permissions.database.collections ||
-            !Array.isArray(permissions.database.collections)) {
+        if (!permissions.database.collections || !Array.isArray(permissions.database.collections)) {
             errors.push('database.collections must be an array when database is enabled');
         }
     }
@@ -49,14 +48,27 @@ export function loadManifest(manifestPath) {
     catch (e) {
         throw new Error(`Failed to parse manifest: ${e instanceof Error ? e.message : String(e)}`);
     }
-    const result = validateManifest(manifest);
-    if (!result.valid) {
-        const errorList = result.errors
-            .map((e) => `  - ${e.path}: ${e.message}`)
-            .join('\n');
-        throw new Error(`Invalid manifest:\n${errorList}`);
+    const errors = [];
+    if (!manifest.name || typeof manifest.name !== 'string') {
+        errors.push('name is required');
+    }
+    if (!manifest.version || typeof manifest.version !== 'string') {
+        errors.push('version is required');
+    }
+    if (!manifest.author || typeof manifest.author !== 'object') {
+        errors.push('author is required');
+    }
+    if (!manifest.pluginType || !['standalone', 'library'].includes(manifest.pluginType)) {
+        errors.push('pluginType must be "standalone" or "library"');
+    }
+    if (errors.length > 0) {
+        throw new Error(`Invalid manifest:\n${errors.map((e) => `  - ${e}`).join('\n')}`);
+    }
+    const result = manifest;
+    if (!result.checksum) {
+        result.checksum = '';
     }
-    return manifest;
+    return result;
 }
 export function saveManifest(manifestPath, manifest) {
     const content = JSON.stringify(manifest, null, 4);
@@ -66,11 +78,10 @@ export function createManifest(options) {
     return {
         name: options.name,
         version: '1.0.0',
-        opnetVersion: '^1.0.0',
+        opnetVersion: '>=0.0.1',
         main: 'dist/index.jsc',
         target: 'bytenode',
         type: 'plugin',
-        checksum: '',
         author: {
             name: options.author,
             email: options.email,

package/build/lib/provider.js

@@ -1,5 +1,5 @@
 import { JSONRpcProvider } from 'opnet';
-import { getRpcUrl, getRegistryAddress, loadConfig } from './config.js';
+import { getRegistryAddress, getRpcUrl, loadConfig } from './config.js';
 import { getNetwork } from './wallet.js';
 const DEFAULT_TIMEOUT = 30000;
 const providerCache = new Map();

package/build/lib/registry.d.ts

@@ -1,5 +1,5 @@
 import { Address } from '@btc-vision/transaction';
-import { NetworkName, CLIMldsaLevel, RegistryPluginType } from '../types/index.js';
+import { CLIMldsaLevel, NetworkName, RegistryPluginType } from '../types/index.js';
 import { IPluginPermissions } from '@btc-vision/plugin-sdk';
 import { IPackageRegistry } from '../types/PackageRegistry.js';
 export interface ScopeInfo {

package/build/lib/wallet.d.ts

@@ -1,7 +1,7 @@
 import { Network } from '@btc-vision/bitcoin';
 import { MLDSASecurityLevel } from '@btc-vision/bip32';
-import { Wallet, EcKeyPair } from '@btc-vision/transaction';
-import { CLICredentials, NetworkName, CLIMldsaLevel } from '../types/index.js';
+import { EcKeyPair, Wallet } from '@btc-vision/transaction';
+import { CLICredentials, CLIMldsaLevel, NetworkName } from '../types/index.js';
 export declare function getNetwork(networkName: NetworkName): Network;
 export declare function getMLDSASecurityLevel(level: CLIMldsaLevel): MLDSASecurityLevel;
 export declare class CLIWallet {
@@ -9,8 +9,6 @@ export declare class CLIWallet {
     private readonly network;
     private readonly mldsaLevel;
     private constructor();
-    static fromCredentials(credentials: CLICredentials): CLIWallet;
-    static load(): CLIWallet;
     get p2trAddress(): string;
     get underlyingWallet(): Wallet;
     get keypair(): EcKeyPair;
@@ -19,9 +17,11 @@ export declare class CLIWallet {
     get mldsaPublicKeyHash(): string;
     get securityLevel(): CLIMldsaLevel;
     get walletNetwork(): Network;
+    static fromCredentials(credentials: CLICredentials): CLIWallet;
+    static load(): CLIWallet;
+    static verifyMLDSA(data: Buffer, signature: Buffer, publicKey: Buffer, level: CLIMldsaLevel): boolean;
     signMLDSA(data: Buffer): Buffer;
     verifyMLDSA(data: Buffer, signature: Buffer): boolean;
-    static verifyMLDSA(data: Buffer, signature: Buffer, publicKey: Buffer, level: CLIMldsaLevel): boolean;
 }
 export declare function generateMLDSAKeypair(level: CLIMldsaLevel): {
     privateKey: Buffer;

package/build/lib/wallet.js

@@ -1,8 +1,8 @@
 import { networks } from '@btc-vision/bitcoin';
 import { MLDSASecurityLevel, QuantumBIP32Factory } from '@btc-vision/bip32';
-import { Mnemonic, Wallet, EcKeyPair, MessageSigner } from '@btc-vision/transaction';
+import { EcKeyPair, MessageSigner, Mnemonic, Wallet } from '@btc-vision/transaction';
 import * as crypto from 'crypto';
-import { loadCredentials, canSign } from './credentials.js';
+import { canSign, loadCredentials } from './credentials.js';
 export function getNetwork(networkName) {
     switch (networkName) {
         case 'mainnet':
@@ -32,30 +32,6 @@ export class CLIWallet {
         this.network = network;
         this.mldsaLevel = mldsaLevel;
     }
-    static fromCredentials(credentials) {
-        const network = getNetwork(credentials.network);
-        const securityLevel = getMLDSASecurityLevel(credentials.mldsaLevel);
-        if (credentials.mnemonic) {
-            const mnemonic = new Mnemonic(credentials.mnemonic, '', network, securityLevel);
-            const wallet = mnemonic.deriveUnisat();
-            return new CLIWallet(wallet, network, credentials.mldsaLevel);
-        }
-        if (credentials.wif && credentials.mldsaPrivateKey) {
-            const wallet = Wallet.fromWif(credentials.wif, credentials.mldsaPrivateKey, network, securityLevel);
-            return new CLIWallet(wallet, network, credentials.mldsaLevel);
-        }
-        throw new Error('Invalid credentials: requires either mnemonic or both WIF and MLDSA key');
-    }
-    static load() {
-        const credentials = loadCredentials();
-        if (!credentials) {
-            throw new Error('No credentials found. Run `opnet login` to configure your wallet.');
-        }
-        if (!canSign(credentials)) {
-            throw new Error('Credentials incomplete for signing. Run `opnet login` to reconfigure.');
-        }
-        return CLIWallet.fromCredentials(credentials);
-    }
     get p2trAddress() {
         return this.wallet.p2tr;
     }
@@ -81,12 +57,29 @@ export class CLIWallet {
     get walletNetwork() {
         return this.network;
     }
-    signMLDSA(data) {
-        const result = MessageSigner.signMLDSAMessage(this.wallet.mldsaKeypair, data);
-        return Buffer.from(result.signature);
+    static fromCredentials(credentials) {
+        const network = getNetwork(credentials.network);
+        const securityLevel = getMLDSASecurityLevel(credentials.mldsaLevel);
+        if (credentials.mnemonic) {
+            const mnemonic = new Mnemonic(credentials.mnemonic, '', network, securityLevel);
+            const wallet = mnemonic.deriveUnisat();
+            return new CLIWallet(wallet, network, credentials.mldsaLevel);
+        }
+        if (credentials.wif && credentials.mldsaPrivateKey) {
+            const wallet = Wallet.fromWif(credentials.wif, credentials.mldsaPrivateKey, network, securityLevel);
+            return new CLIWallet(wallet, network, credentials.mldsaLevel);
+        }
+        throw new Error('Invalid credentials: requires either mnemonic or both WIF and MLDSA key');
     }
-    verifyMLDSA(data, signature) {
-        return MessageSigner.verifyMLDSASignature(this.wallet.mldsaKeypair, data, signature);
+    static load() {
+        const credentials = loadCredentials();
+        if (!credentials) {
+            throw new Error('No credentials found. Run `opnet login` to configure your wallet.');
+        }
+        if (!canSign(credentials)) {
+            throw new Error('Credentials incomplete for signing. Run `opnet login` to reconfigure.');
+        }
+        return CLIWallet.fromCredentials(credentials);
     }
     static verifyMLDSA(data, signature, publicKey, level) {
         const securityLevel = getMLDSASecurityLevel(level);
@@ -94,6 +87,13 @@ export class CLIWallet {
         const keypair = QuantumBIP32Factory.fromPublicKey(publicKey, dummyChainCode, networks.bitcoin, securityLevel);
         return keypair.verify(data, signature);
     }
+    signMLDSA(data) {
+        const result = MessageSigner.signMLDSAMessage(this.wallet.mldsaKeypair, data);
+        return Buffer.from(result.signature);
+    }
+    verifyMLDSA(data, signature) {
+        return MessageSigner.verifyMLDSASignature(this.wallet.mldsaKeypair, data, signature);
+    }
 }
 export function generateMLDSAKeypair(level) {
     const securityLevel = getMLDSASecurityLevel(level);

package/build/types/PackageRegistry.d.ts

@@ -1,5 +1,5 @@
 import { Address } from '@btc-vision/transaction';
-import { CallResult, OPNetEvent, IOP_NETContract } from 'opnet';
+import { CallResult, IOP_NETContract, OPNetEvent } from 'opnet';
 export type TreasuryAddressChangedEvent = {
     readonly previousAddressHash: bigint;
     readonly newAddressHash: bigint;

package/build/types/index.js

@@ -1,4 +1,4 @@
-import { MLDSALevel, MLDSA_PUBLIC_KEY_SIZES, MLDSA_SIGNATURE_SIZES } from '@btc-vision/plugin-sdk';
+import { MLDSA_PUBLIC_KEY_SIZES, MLDSA_SIGNATURE_SIZES, MLDSALevel } from '@btc-vision/plugin-sdk';
 export function cliLevelToMLDSALevel(level) {
     switch (level) {
         case 44:

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@btc-vision/cli",
-    "version": "1.0.0",
+    "version": "1.0.2",
     "type": "module",
     "description": "CLI for the OPNet plugin ecosystem - scaffolding, compilation, signing, and registry interaction",
     "author": "OP_NET",
@@ -53,12 +53,12 @@
         "bytenode": "^1.5.7",
         "commander": "^14.0.0",
         "esbuild": "^0.25.5",
-        "opnet": "^1.7.17",
+        "opnet": "^1.7.18",
         "ora": "^8.2.0"
     },
     "devDependencies": {
         "@eslint/js": "^9.39.1",
-        "@types/node": "^24.3.0",
+        "@types/node": "^25.0.2",
         "eslint": "^9.39.1",
         "gulp": "^5.0.1",
         "gulp-cached": "^1.1.1",

package/src/commands/CompileCommand.ts

@@ -10,7 +10,7 @@ import * as esbuild from 'esbuild';
 import bytenode from 'bytenode';
 import { BaseCommand } from './BaseCommand.js';
 import { getManifestPath, loadManifest } from '../lib/manifest.js';
-import { buildOpnetBinary, computeChecksum, formatFileSize } from '../lib/binary.js';
+import { buildOpnetBinary, formatFileSize } from '../lib/binary.js';
 import { CLIWallet } from '../lib/wallet.js';
 import { canSign, loadCredentials } from '../lib/credentials.js';
 import { CLIMldsaLevel } from '../types/index.js';
@@ -105,8 +105,8 @@ export class CompileCommand extends BaseCommand {
 
             // Prepare signing
             let publicKey: Buffer;
-            let signature: Buffer;
             let mldsaLevel: CLIMldsaLevel;
+            let signFn: ((checksum: Buffer) => Buffer) | undefined;
 
             if (options.sign) {
                 this.logger.info('Loading wallet for signing...');
@@ -125,33 +125,31 @@ export class CompileCommand extends BaseCommand {
 
                 this.logger.success(`Wallet loaded (MLDSA-${mldsaLevel})`);
 
-                // Compute checksum and sign
-                this.logger.info('Signing plugin...');
-                const metadataBytes = Buffer.from(JSON.stringify(manifest), 'utf-8');
-                const checksum = computeChecksum(metadataBytes, bytecode, proto);
-
-                signature = wallet.signMLDSA(checksum);
-                this.logger.success(
-                    `Plugin signed (${formatFileSize(signature.length)} signature)`,
-                );
+                // Create signing function that will be called with the final checksum
+                signFn = (checksum: Buffer) => wallet.signMLDSA(checksum);
             } else {
                 this.logger.warn('Skipping signing (--no-sign)');
                 // Use dummy values for unsigned binary
                 mldsaLevel = 44;
                 publicKey = Buffer.alloc(1312); // MLDSA-44 public key size
-                signature = Buffer.alloc(2420); // MLDSA-44 signature size
             }
 
             // Build .opnet binary
             this.logger.info('Assembling .opnet binary...');
-            const binary = buildOpnetBinary({
+            const { binary, checksum } = buildOpnetBinary({
                 mldsaLevel,
                 publicKey,
-                signature,
                 metadata: manifest,
                 bytecode,
                 proto,
+                signFn,
             });
+
+            if (options.sign) {
+                this.logger.success(
+                    `Plugin signed (checksum: sha256:${checksum.toString('hex').substring(0, 16)}...)`,
+                );
+            }
             this.logger.success(`Binary assembled (${formatFileSize(binary.length)})`);
 
             // Write output
@@ -178,6 +176,7 @@ export class CompileCommand extends BaseCommand {
             this.logger.log(`Plugin:       ${manifest.name}@${manifest.version}`);
             this.logger.log(`Type:         ${manifest.pluginType}`);
             this.logger.log(`MLDSA Level:  ${mldsaLevel}`);
+            this.logger.log(`Checksum:     sha256:${checksum.toString('hex')}`);
             this.logger.log(`Signed:       ${options.sign ? 'Yes' : 'No'}`);
             this.logger.log('');
 

package/src/commands/InitCommand.ts

@@ -164,6 +164,12 @@ export class InitCommand extends BaseCommand {
 
         // Create README.md
         this.createReadme(projectDir, config, force);
+
+        // Create ESLint config
+        this.createEslintConfig(projectDir, force);
+
+        // Create Prettier config
+        this.createPrettierConfig(projectDir, force);
     }
 
     private createPluginJson(
@@ -179,11 +185,10 @@ export class InitCommand extends BaseCommand {
         const manifest: Record<string, unknown> = {
             name: config.pluginName,
             version: '1.0.0',
-            opnetVersion: '^1.0.0',
+            opnetVersion: '>=0.0.1',
             main: 'dist/index.jsc',
             target: 'bytenode',
             type: 'plugin',
-            checksum: '',
             author: config.authorEmail
                 ? { name: config.authorName, email: config.authorEmail }
                 : { name: config.authorName },
@@ -277,9 +282,10 @@ export class InitCommand extends BaseCommand {
             main: 'dist/index.js',
             scripts: {
                 build: 'tsc',
-                compile: 'opnet compile',
-                verify: 'opnet verify',
+                compile: 'npx opnet compile',
+                verify: 'npx opnet verify',
                 lint: 'eslint src/',
+                format: 'prettier --write src/',
             },
             author: config.authorEmail
                 ? `${config.authorName} <${config.authorEmail}>`
@@ -287,8 +293,12 @@ export class InitCommand extends BaseCommand {
             license: 'Apache-2.0',
             dependencies: { '@btc-vision/plugin-sdk': '^1.0.0' },
             devDependencies: {
-                '@types/node': '^22.0.0',
+                '@eslint/js': '^9.39.0',
+                '@types/node': '^25.0.0',
+                eslint: '^9.39.0',
+                prettier: '^3.6.0',
                 typescript: '^5.8.0',
+                'typescript-eslint': '^8.39.0',
                 '@btc-vision/cli': '^1.0.0',
             },
         };
@@ -454,6 +464,78 @@ Apache-2.0
         this.logger.success('  Created README.md');
     }
 
+    private createEslintConfig(projectDir: string, force?: boolean): void {
+        const eslintPath = path.join(projectDir, 'eslint.config.js');
+        if (fs.existsSync(eslintPath) && !force) return;
+
+        const content = `// @ts-check
+
+import eslint from '@eslint/js';
+import tseslint from 'typescript-eslint';
+
+export default tseslint.config(
+    eslint.configs.recommended,
+    ...tseslint.configs.strictTypeChecked,
+    {
+        languageOptions: {
+            parserOptions: {
+                projectService: true,
+                tsconfigDirName: import.meta.dirname,
+            },
+        },
+        rules: {
+            'no-undef': 'off',
+            '@typescript-eslint/no-unused-vars': 'off',
+            'no-empty': 'off',
+            '@typescript-eslint/restrict-template-expressions': 'off',
+            '@typescript-eslint/only-throw-error': 'off',
+            '@typescript-eslint/no-unnecessary-condition': 'off',
+            '@typescript-eslint/unbound-method': 'warn',
+            '@typescript-eslint/no-confusing-void-expression': 'off',
+            '@typescript-eslint/no-extraneous-class': 'off',
+            'no-async-promise-executor': 'off',
+            '@typescript-eslint/no-misused-promises': 'off',
+            '@typescript-eslint/no-unnecessary-type-parameters': 'off',
+            '@typescript-eslint/no-duplicate-enum-values': 'off',
+            'prefer-spread': 'off',
+            '@typescript-eslint/no-empty-object-type': 'off',
+            '@typescript-eslint/no-base-to-string': 'off',
+            '@typescript-eslint/no-dynamic-delete': 'off',
+            '@typescript-eslint/no-redundant-type-constituents': 'off',
+        },
+    },
+    {
+        files: ['**/*.js'],
+        ...tseslint.configs.disableTypeChecked,
+    },
+);
+`;
+
+        fs.writeFileSync(eslintPath, content);
+        this.logger.success('  Created eslint.config.js');
+    }
+
+    private createPrettierConfig(projectDir: string, force?: boolean): void {
+        const prettierPath = path.join(projectDir, '.prettierrc.json');
+        if (fs.existsSync(prettierPath) && !force) return;
+
+        const config = {
+            printWidth: 100,
+            trailingComma: 'all',
+            tabWidth: 4,
+            semi: true,
+            singleQuote: true,
+            quoteProps: 'as-needed',
+            bracketSpacing: true,
+            bracketSameLine: true,
+            arrowParens: 'always',
+            singleAttributePerLine: true,
+        };
+
+        fs.writeFileSync(prettierPath, JSON.stringify(config, null, 4));
+        this.logger.success('  Created .prettierrc.json');
+    }
+
     private toPascalCase(str: string): string {
         return str
             .split(/[-_]/)

package/src/commands/SignCommand.ts

@@ -7,12 +7,7 @@
 import * as fs from 'fs';
 import * as crypto from 'crypto';
 import { BaseCommand } from './BaseCommand.js';
-import {
-    buildOpnetBinary,
-    computeChecksum,
-    formatFileSize,
-    parseOpnetBinary,
-} from '../lib/binary.js';
+import { buildOpnetBinary, formatFileSize, parseOpnetBinary } from '../lib/binary.js';
 import { CLIWallet } from '../lib/wallet.js';
 import { canSign, loadCredentials } from '../lib/credentials.js';
 
@@ -77,27 +72,20 @@ export class SignCommand extends BaseCommand {
                 process.exit(1);
             }
 
-            // Compute new signature
-            this.logger.info('Signing...');
-            const metadataBytes = Buffer.from(parsed.rawMetadata, 'utf-8');
-            const checksum = computeChecksum(
-                metadataBytes,
-                parsed.bytecode,
-                parsed.proto ?? Buffer.alloc(0),
-            );
-            const signature = wallet.signMLDSA(checksum);
-            this.logger.success(`Signed (${formatFileSize(signature.length)} signature)`);
-
-            // Rebuild binary
-            this.logger.info('Rebuilding binary...');
-            const newBinary = buildOpnetBinary({
+            // Rebuild binary with signing
+            this.logger.info('Signing and rebuilding binary...');
+            const signFn = (checksum: Buffer) => wallet.signMLDSA(checksum);
+            const { binary: newBinary, checksum } = buildOpnetBinary({
                 mldsaLevel: wallet.securityLevel,
                 publicKey: wallet.mldsaPublicKey,
-                signature,
                 metadata: parsed.metadata,
                 bytecode: parsed.bytecode,
                 proto: parsed.proto ?? Buffer.alloc(0),
+                signFn,
             });
+            this.logger.success(
+                `Signed (checksum: sha256:${checksum.toString('hex').substring(0, 16)}...)`,
+            );
             this.logger.success(`Binary rebuilt (${formatFileSize(newBinary.length)})`);
 
             // Write output