@btc-vision/cli 1.0.1 → 1.0.3

package/build/lib/ipfs.js

@@ -42,86 +42,95 @@ async function httpRequest(url, options) {
     });
 }
 export async function pinToIPFS(data, name) {
-    const config = loadConfig();
-    const endpoint = config.ipfsPinningEndpoint;
-    if (!endpoint) {
-        throw new Error('IPFS pinning endpoint not configured. Run `opnet config set ipfsPinningEndpoint <url>`');
-    }
-    const boundary = '----FormBoundary' + Math.random().toString(36).substring(2);
-    const fileName = name || 'plugin.opnet';
-    const formParts = [];
-    formParts.push(Buffer.from(`--${boundary}\r\n` +
-        `Content-Disposition: form-data; name="file"; filename="${fileName}"\r\n` +
-        `Content-Type: application/octet-stream\r\n\r\n`));
-    formParts.push(data);
-    formParts.push(Buffer.from('\r\n'));
-    formParts.push(Buffer.from(`--${boundary}--\r\n`));
-    const body = Buffer.concat(formParts);
-    const headers = {
-        'Content-Type': `multipart/form-data; boundary=${boundary}`,
-        'Content-Length': body.length.toString(),
-    };
-    if (config.ipfsPinningAuthHeader) {
-        const [headerName, headerValue] = config.ipfsPinningAuthHeader
-            .split(':')
-            .map((s) => s.trim());
-        if (headerName && headerValue) {
-            headers[headerName] = headerValue;
+    try {
+        const config = loadConfig();
+        const endpoint = config.ipfsPinningEndpoint;
+        if (!endpoint) {
+            throw new Error('IPFS pinning endpoint not configured. Run `opnet config set ipfsPinningEndpoint <url>`');
         }
-    }
-    else if (config.ipfsPinningApiKey) {
-        headers['Authorization'] = `Bearer ${config.ipfsPinningApiKey}`;
-    }
-    const url = new URL(endpoint);
-    let requestUrl;
-    if (url.hostname.includes('ipfs.opnet.org')) {
-        requestUrl = endpoint;
-    }
-    else if (url.hostname.includes('pinata')) {
-        requestUrl = 'https://api.pinata.cloud/pinning/pinFileToIPFS';
-        if (config.ipfsPinningApiKey) {
-            headers['pinata_api_key'] = config.ipfsPinningApiKey;
+        const boundary = '----FormBoundary' + Math.random().toString(36).substring(2);
+        const fileName = name || 'plugin.opnet';
+        const formParts = [];
+        formParts.push(Buffer.from(`--${boundary}\r\n` +
+            `Content-Disposition: form-data; name="file"; filename="${fileName}"\r\n` +
+            `Content-Type: application/octet-stream\r\n\r\n`));
+        formParts.push(data);
+        formParts.push(Buffer.from('\r\n'));
+        formParts.push(Buffer.from(`--${boundary}--\r\n`));
+        const body = Buffer.concat(formParts);
+        const headers = {
+            'Content-Type': `multipart/form-data; boundary=${boundary}`,
+            'Content-Length': body.length.toString(),
+        };
+        if (config.ipfsPinningAuthHeader) {
+            const [headerName, headerValue] = config.ipfsPinningAuthHeader
+                .split(':')
+                .map((s) => s.trim());
+            if (headerName && headerValue) {
+                headers[headerName] = headerValue;
+            }
         }
+        else if (config.ipfsPinningApiKey) {
+            headers['Authorization'] = `Bearer ${config.ipfsPinningApiKey}`;
+        }
+        const url = new URL(endpoint);
+        let requestUrl;
+        if (url.hostname.includes('ipfs.opnet.org')) {
+            requestUrl = endpoint;
+        }
+        else if (url.hostname.includes('pinata')) {
+            requestUrl = 'https://api.pinata.cloud/pinning/pinFileToIPFS';
+            if (config.ipfsPinningApiKey && !config.ipfsPinningApiKey.startsWith('eyJ')) {
+                headers['pinata_api_key'] = config.ipfsPinningApiKey;
+                if (config.ipfsPinningSecret) {
+                    headers['pinata_secret_api_key'] = config.ipfsPinningSecret;
+                }
+            }
+        }
+        else if (url.hostname.includes('web3.storage') || url.hostname.includes('w3s.link')) {
+            requestUrl = endpoint.endsWith('/') ? endpoint + 'upload' : endpoint + '/upload';
+        }
+        else if (url.hostname.includes('nft.storage')) {
+            requestUrl = 'https://api.nft.storage/upload';
+        }
+        else if (url.pathname.includes('/api/v0/')) {
+            requestUrl = endpoint;
+        }
+        else {
+            requestUrl = endpoint.endsWith('/') ? endpoint + 'pins' : endpoint + '/pins';
+        }
+        const response = await httpRequest(requestUrl, {
+            method: 'POST',
+            headers,
+            body,
+            timeout: 120000,
+        });
+        const result = JSON.parse(response.toString());
+        let cid;
+        if (typeof result.IpfsHash === 'string') {
+            cid = result.IpfsHash;
+        }
+        else if (typeof result.cid === 'string') {
+            cid = result.cid;
+        }
+        else if (typeof result.Hash === 'string') {
+            cid = result.Hash;
+        }
+        else if (result.value &&
+            typeof result.value.cid === 'string') {
+            cid = result.value.cid;
+        }
+        if (!cid) {
+            throw new Error(`Failed to extract CID from pinning response: ${JSON.stringify(result)}`);
+        }
+        return {
+            cid,
+            size: data.length,
+        };
     }
-    else if (url.hostname.includes('web3.storage') || url.hostname.includes('w3s.link')) {
-        requestUrl = endpoint.endsWith('/') ? endpoint + 'upload' : endpoint + '/upload';
-    }
-    else if (url.hostname.includes('nft.storage')) {
-        requestUrl = 'https://api.nft.storage/upload';
-    }
-    else if (url.pathname.includes('/api/v0/')) {
-        requestUrl = endpoint;
-    }
-    else {
-        requestUrl = endpoint.endsWith('/') ? endpoint + 'pins' : endpoint + '/pins';
-    }
-    const response = await httpRequest(requestUrl, {
-        method: 'POST',
-        headers,
-        body,
-        timeout: 120000,
-    });
-    const result = JSON.parse(response.toString());
-    let cid;
-    if (typeof result.IpfsHash === 'string') {
-        cid = result.IpfsHash;
-    }
-    else if (typeof result.cid === 'string') {
-        cid = result.cid;
-    }
-    else if (typeof result.Hash === 'string') {
-        cid = result.Hash;
-    }
-    else if (result.value && typeof result.value.cid === 'string') {
-        cid = result.value.cid;
-    }
-    if (!cid) {
-        throw new Error(`Failed to extract CID from pinning response: ${JSON.stringify(result)}`);
+    catch (e) {
+        throw new Error(`IPFS pinning failed: ${e instanceof Error ? e.message : String(e)}`);
     }
-    return {
-        cid,
-        size: data.length,
-    };
 }
 export async function fetchFromIPFS(cid) {
     const config = loadConfig();

package/build/lib/manifest.js

@@ -78,7 +78,7 @@ export function createManifest(options) {
     return {
         name: options.name,
         version: '1.0.0',
-        opnetVersion: '^1.0.0',
+        opnetVersion: '>=0.0.1',
         main: 'dist/index.jsc',
         target: 'bytenode',
         type: 'plugin',

package/build/lib/registry.d.ts

@@ -32,7 +32,7 @@ export interface PendingTransferInfo {
     pendingOwner: Address;
     initiatedAt: bigint;
 }
-export declare function getRegistryContract(network?: NetworkName): IPackageRegistry;
+export declare function getRegistryContract(network?: NetworkName, sender?: Address): IPackageRegistry;
 export declare function clearRegistryCache(): void;
 export declare function getScope(scopeName: string, network?: NetworkName): Promise<ScopeInfo | null>;
 export declare function getScopeOwner(scopeName: string, network?: NetworkName): Promise<Address | null>;

package/build/lib/registry.js

@@ -5,10 +5,10 @@ import { getNetwork } from './wallet.js';
 import { loadConfig } from './config.js';
 import { PACKAGE_REGISTRY_ABI } from './PackageRegistry.abi.js';
 const registryCache = new Map();
-export function getRegistryContract(network) {
+export function getRegistryContract(network, sender) {
     const config = loadConfig();
     const targetNetwork = network || config.defaultNetwork;
-    const cacheKey = targetNetwork;
+    const cacheKey = sender ? `${targetNetwork}:${sender.toHex()}` : targetNetwork;
     const cached = registryCache.get(cacheKey);
     if (cached) {
         return cached;
@@ -16,7 +16,7 @@ export function getRegistryContract(network) {
     const provider = getProvider(targetNetwork);
     const registryAddress = getRegistryContractAddress(targetNetwork);
     const bitcoinNetwork = getNetwork(targetNetwork);
-    const contract = getContract(registryAddress, PACKAGE_REGISTRY_ABI, provider, bitcoinNetwork);
+    const contract = getContract(registryAddress, PACKAGE_REGISTRY_ABI, provider, bitcoinNetwork, sender);
     registryCache.set(cacheKey, contract);
     return contract;
 }

package/build/lib/transaction.d.ts

@@ -0,0 +1,27 @@
+import { Address } from '@btc-vision/transaction';
+import { TransactionParameters } from 'opnet';
+import { CLIWallet } from './wallet.js';
+import { NetworkName } from '../types/index.js';
+import { PsbtOutputExtended } from '@btc-vision/bitcoin';
+export declare const DEFAULT_MAX_SAT_TO_SPEND = 100000n;
+export declare const DEFAULT_FEE_RATE = 6;
+export declare function buildTransactionParams(wallet: CLIWallet, network: NetworkName, maxSatToSpend?: bigint, feeRate?: number, extra?: PsbtOutputExtended): TransactionParameters;
+export declare function getWalletAddress(wallet: CLIWallet): Address;
+export declare function formatSats(sats: bigint): string;
+export declare function checkBalance(wallet: CLIWallet, network: NetworkName, minBalance?: bigint): Promise<{
+    sufficient: boolean;
+    balance: bigint;
+}>;
+export declare const DEFAULT_POLL_INTERVAL = 10000;
+export declare const DEFAULT_MAX_WAIT_TIME = 600000;
+export interface TransactionConfirmationResult {
+    confirmed: boolean;
+    blockNumber?: bigint;
+    revert?: string;
+    error?: string;
+}
+export declare function waitForTransactionConfirmation(txHash: string, network: NetworkName, options?: {
+    pollInterval?: number;
+    maxWaitTime?: number;
+    message?: string;
+}): Promise<TransactionConfirmationResult>;

package/build/lib/transaction.js

@@ -0,0 +1,91 @@
+import ora from 'ora';
+import { getNetwork } from './wallet.js';
+import { getProvider } from './provider.js';
+export const DEFAULT_MAX_SAT_TO_SPEND = 100000n;
+export const DEFAULT_FEE_RATE = 6;
+export function buildTransactionParams(wallet, network, maxSatToSpend = DEFAULT_MAX_SAT_TO_SPEND, feeRate = DEFAULT_FEE_RATE, extra) {
+    const bitcoinNetwork = getNetwork(network);
+    return {
+        signer: wallet.keypair,
+        mldsaSigner: wallet.mldsaKeypair,
+        refundTo: wallet.p2trAddress,
+        maximumAllowedSatToSpend: maxSatToSpend,
+        network: bitcoinNetwork,
+        feeRate,
+        extraOutputs: extra ? [extra] : undefined,
+    };
+}
+export function getWalletAddress(wallet) {
+    return wallet.address;
+}
+export function formatSats(sats) {
+    const btc = Number(sats) / 100_000_000;
+    if (btc >= 0.001) {
+        return `${sats} sats (${btc.toFixed(8)} BTC)`;
+    }
+    return `${sats} sats`;
+}
+export async function checkBalance(wallet, network, minBalance = 10000n) {
+    const provider = getProvider(network);
+    const balance = await provider.getBalance(wallet.p2trAddress);
+    return {
+        sufficient: balance >= minBalance,
+        balance,
+    };
+}
+export const DEFAULT_POLL_INTERVAL = 10_000;
+export const DEFAULT_MAX_WAIT_TIME = 600_000;
+export async function waitForTransactionConfirmation(txHash, network, options) {
+    const pollInterval = options?.pollInterval ?? DEFAULT_POLL_INTERVAL;
+    const maxWaitTime = options?.maxWaitTime ?? DEFAULT_MAX_WAIT_TIME;
+    const message = options?.message ?? 'Waiting for transaction confirmation';
+    const provider = getProvider(network);
+    const startTime = Date.now();
+    const spinner = ora({
+        text: `${message} (0s elapsed)`,
+        spinner: 'dots',
+    }).start();
+    const updateSpinnerText = () => {
+        const elapsed = Math.floor((Date.now() - startTime) / 1000);
+        spinner.text = `${message} (${elapsed}s elapsed)`;
+    };
+    const textUpdateInterval = setInterval(updateSpinnerText, 1000);
+    try {
+        while (Date.now() - startTime < maxWaitTime) {
+            try {
+                const tx = await provider.getTransaction(txHash);
+                if (tx.blockNumber !== undefined && tx.blockNumber !== null) {
+                    const blockNum = typeof tx.blockNumber === 'bigint'
+                        ? tx.blockNumber
+                        : BigInt(tx.blockNumber);
+                    spinner.succeed(`Transaction confirmed in block ${blockNum}`);
+                    return {
+                        confirmed: true,
+                        blockNumber: blockNum,
+                    };
+                }
+                if (tx.revert) {
+                    spinner.fail(`Transaction reverted: ${tx.revert}`);
+                    return {
+                        confirmed: false,
+                        revert: tx.revert,
+                    };
+                }
+            }
+            catch {
+            }
+            await sleep(pollInterval);
+        }
+        spinner.fail(`Timeout waiting for transaction confirmation`);
+        return {
+            confirmed: false,
+            error: `Transaction not confirmed within ${maxWaitTime / 1000} seconds`,
+        };
+    }
+    finally {
+        clearInterval(textUpdateInterval);
+    }
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}

package/build/lib/wallet.d.ts

@@ -1,7 +1,8 @@
-import { Network } from '@btc-vision/bitcoin';
-import { MLDSASecurityLevel } from '@btc-vision/bip32';
-import { EcKeyPair, Wallet } from '@btc-vision/transaction';
+import { Network, Signer } from '@btc-vision/bitcoin';
+import { MLDSASecurityLevel, QuantumBIP32Interface } from '@btc-vision/bip32';
+import { Address } from '@btc-vision/transaction';
 import { CLICredentials, CLIMldsaLevel, NetworkName } from '../types/index.js';
+import { ECPairInterface } from 'ecpair';
 export declare function getNetwork(networkName: NetworkName): Network;
 export declare function getMLDSASecurityLevel(level: CLIMldsaLevel): MLDSASecurityLevel;
 export declare class CLIWallet {
@@ -9,14 +10,13 @@ export declare class CLIWallet {
     private readonly network;
     private readonly mldsaLevel;
     private constructor();
+    get address(): Address;
     get p2trAddress(): string;
-    get underlyingWallet(): Wallet;
-    get keypair(): EcKeyPair;
-    get mldsaKeypair(): EcKeyPair;
+    get keypair(): Signer | ECPairInterface | null;
+    get mldsaKeypair(): QuantumBIP32Interface;
     get mldsaPublicKey(): Buffer;
     get mldsaPublicKeyHash(): string;
     get securityLevel(): CLIMldsaLevel;
-    get walletNetwork(): Network;
     static fromCredentials(credentials: CLICredentials): CLIWallet;
     static load(): CLIWallet;
     static verifyMLDSA(data: Buffer, signature: Buffer, publicKey: Buffer, level: CLIMldsaLevel): boolean;

package/build/lib/wallet.js

@@ -32,12 +32,12 @@ export class CLIWallet {
         this.network = network;
         this.mldsaLevel = mldsaLevel;
     }
+    get address() {
+        return this.wallet.address;
+    }
     get p2trAddress() {
         return this.wallet.p2tr;
     }
-    get underlyingWallet() {
-        return this.wallet;
-    }
     get keypair() {
         return this.wallet.keypair;
     }
@@ -54,9 +54,6 @@ export class CLIWallet {
     get securityLevel() {
         return this.mldsaLevel;
     }
-    get walletNetwork() {
-        return this.network;
-    }
     static fromCredentials(credentials) {
         const network = getNetwork(credentials.network);
         const securityLevel = getMLDSASecurityLevel(credentials.mldsaLevel);

package/build/types/index.d.ts

@@ -8,6 +8,7 @@ export interface CLIConfig {
     ipfsGateways: string[];
     ipfsPinningEndpoint: string;
     ipfsPinningApiKey: string;
+    ipfsPinningSecret: string;
     ipfsPinningAuthHeader: string;
     registryAddresses: Record<NetworkName, string>;
     defaultMldsaLevel: CLIMldsaLevel;

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@btc-vision/cli",
-    "version": "1.0.1",
+    "version": "1.0.3",
     "type": "module",
     "description": "CLI for the OPNet plugin ecosystem - scaffolding, compilation, signing, and registry interaction",
     "author": "OP_NET",
@@ -52,6 +52,7 @@
         "@inquirer/prompts": "^7.5.3",
         "bytenode": "^1.5.7",
         "commander": "^14.0.0",
+        "ecpair": "^2.1.0",
         "esbuild": "^0.25.5",
         "opnet": "^1.7.18",
         "ora": "^8.2.0"

package/src/commands/AcceptCommand.ts

@@ -6,9 +6,19 @@
 
 import { confirm } from '@inquirer/prompts';
 import { BaseCommand } from './BaseCommand.js';
-import { getPendingScopeTransfer, getPendingTransfer } from '../lib/registry.js';
+import {
+    getPendingScopeTransfer,
+    getPendingTransfer,
+    getRegistryContract,
+} from '../lib/registry.js';
 import { canSign, loadCredentials } from '../lib/credentials.js';
 import { CLIWallet } from '../lib/wallet.js';
+import {
+    buildTransactionParams,
+    checkBalance,
+    formatSats,
+    getWalletAddress,
+} from '../lib/transaction.js';
 import { NetworkName } from '../types/index.js';
 
 interface AcceptOptions {
@@ -41,7 +51,7 @@ export class AcceptCommand extends BaseCommand {
                 this.logger.warn('Run `opnet login` to configure your wallet.');
                 process.exit(1);
             }
-            CLIWallet.fromCredentials(credentials);
+            const wallet = CLIWallet.fromCredentials(credentials);
             this.logger.success('Wallet loaded');
 
             const network = (options?.network || 'mainnet') as NetworkName;
@@ -84,12 +94,46 @@ export class AcceptCommand extends BaseCommand {
                     }
                 }
 
+                // Check wallet balance
+                this.logger.info('Checking wallet balance...');
+                const { sufficient, balance } = await checkBalance(wallet, network);
+                if (!sufficient) {
+                    this.logger.fail('Insufficient balance');
+                    this.logger.error(`Wallet balance: ${formatSats(balance)}`);
+                    this.logger.error('Please fund your wallet before accepting transfer.');
+                    process.exit(1);
+                }
+                this.logger.success(`Wallet balance: ${formatSats(balance)}`);
+
                 // Execute acceptance
                 this.logger.info('Accepting transfer...');
-                this.logger.warn('Acceptance transaction required.');
-                this.logger.log('Transaction would call: acceptScopeTransfer(');
-                this.logger.log(`  scopeName: "${scopeName}"`);
-                this.logger.log(')');
+
+                const sender = getWalletAddress(wallet);
+                const contract = getRegistryContract(network, sender);
+                const txParams = buildTransactionParams(wallet, network);
+
+                const acceptResult = await contract.acceptScopeTransfer(scopeName);
+
+                if (acceptResult.revert) {
+                    this.logger.fail('Acceptance would fail');
+                    this.logger.error(`Reason: ${acceptResult.revert}`);
+                    process.exit(1);
+                }
+
+                if (acceptResult.estimatedGas) {
+                    this.logger.info(`Estimated gas: ${acceptResult.estimatedGas} sats`);
+                }
+
+                const receipt = await acceptResult.sendTransaction(txParams);
+
+                this.logger.log('');
+                this.logger.success('Scope transfer accepted successfully!');
+                this.logger.log('');
+                this.logger.log(`Scope:          ${name}`);
+                this.logger.log(`Transaction ID: ${receipt.transactionId}`);
+                this.logger.log(`Fees paid:      ${formatSats(receipt.estimatedFees)}`);
+                this.logger.log('');
+                return;
             } else {
                 const pending = await getPendingTransfer(name, network);
 
@@ -123,20 +167,49 @@ export class AcceptCommand extends BaseCommand {
                     }
                 }
 
+                // Check wallet balance
+                this.logger.info('Checking wallet balance...');
+                const { sufficient: sufficientPkg, balance: balancePkg } = await checkBalance(
+                    wallet,
+                    network,
+                );
+                if (!sufficientPkg) {
+                    this.logger.fail('Insufficient balance');
+                    this.logger.error(`Wallet balance: ${formatSats(balancePkg)}`);
+                    this.logger.error('Please fund your wallet before accepting transfer.');
+                    process.exit(1);
+                }
+                this.logger.success(`Wallet balance: ${formatSats(balancePkg)}`);
+
                 // Execute acceptance
                 this.logger.info('Accepting transfer...');
-                this.logger.warn('Acceptance transaction required.');
-                this.logger.log('Transaction would call: acceptTransfer(');
-                this.logger.log(`  packageName: "${name}"`);
-                this.logger.log(')');
-            }
 
-            this.logger.info('Acceptance (transaction pending)');
+                const sender = getWalletAddress(wallet);
+                const contract = getRegistryContract(network, sender);
+                const txParams = buildTransactionParams(wallet, network);
+
+                const acceptResult = await contract.acceptTransfer(name);
 
-            this.logger.log('');
-            this.logger.success('Transfer acceptance submitted!');
-            this.logger.warn('Note: Registry transaction support is coming soon.');
-            this.logger.log('');
+                if (acceptResult.revert) {
+                    this.logger.fail('Acceptance would fail');
+                    this.logger.error(`Reason: ${acceptResult.revert}`);
+                    process.exit(1);
+                }
+
+                if (acceptResult.estimatedGas) {
+                    this.logger.info(`Estimated gas: ${acceptResult.estimatedGas} sats`);
+                }
+
+                const receipt = await acceptResult.sendTransaction(txParams);
+
+                this.logger.log('');
+                this.logger.success('Package transfer accepted successfully!');
+                this.logger.log('');
+                this.logger.log(`Package:        ${name}`);
+                this.logger.log(`Transaction ID: ${receipt.transactionId}`);
+                this.logger.log(`Fees paid:      ${formatSats(receipt.estimatedFees)}`);
+                this.logger.log('');
+            }
         } catch (error) {
             this.logger.fail('Acceptance failed');
             if (this.isUserCancelled(error)) {

package/src/commands/CompileCommand.ts

@@ -10,7 +10,7 @@ import * as esbuild from 'esbuild';
 import bytenode from 'bytenode';
 import { BaseCommand } from './BaseCommand.js';
 import { getManifestPath, loadManifest } from '../lib/manifest.js';
-import { buildOpnetBinary, computeChecksum, formatFileSize } from '../lib/binary.js';
+import { buildOpnetBinary, formatFileSize } from '../lib/binary.js';
 import { CLIWallet } from '../lib/wallet.js';
 import { canSign, loadCredentials } from '../lib/credentials.js';
 import { CLIMldsaLevel } from '../types/index.js';
@@ -105,8 +105,8 @@ export class CompileCommand extends BaseCommand {
 
             // Prepare signing
             let publicKey: Buffer;
-            let signature: Buffer;
             let mldsaLevel: CLIMldsaLevel;
+            let signFn: ((checksum: Buffer) => Buffer) | undefined;
 
             if (options.sign) {
                 this.logger.info('Loading wallet for signing...');
@@ -125,33 +125,31 @@ export class CompileCommand extends BaseCommand {
 
                 this.logger.success(`Wallet loaded (MLDSA-${mldsaLevel})`);
 
-                // Compute checksum and sign
-                this.logger.info('Signing plugin...');
-                const metadataBytes = Buffer.from(JSON.stringify(manifest), 'utf-8');
-                const checksum = computeChecksum(metadataBytes, bytecode, proto);
-
-                signature = wallet.signMLDSA(checksum);
-                this.logger.success(
-                    `Plugin signed (${formatFileSize(signature.length)} signature)`,
-                );
+                // Create signing function that will be called with the final checksum
+                signFn = (checksum: Buffer) => wallet.signMLDSA(checksum);
             } else {
                 this.logger.warn('Skipping signing (--no-sign)');
                 // Use dummy values for unsigned binary
                 mldsaLevel = 44;
                 publicKey = Buffer.alloc(1312); // MLDSA-44 public key size
-                signature = Buffer.alloc(2420); // MLDSA-44 signature size
             }
 
             // Build .opnet binary
             this.logger.info('Assembling .opnet binary...');
-            const binary = buildOpnetBinary({
+            const { binary, checksum } = buildOpnetBinary({
                 mldsaLevel,
                 publicKey,
-                signature,
                 metadata: manifest,
                 bytecode,
                 proto,
+                signFn,
             });
+
+            if (options.sign) {
+                this.logger.success(
+                    `Plugin signed (checksum: sha256:${checksum.toString('hex').substring(0, 16)}...)`,
+                );
+            }
             this.logger.success(`Binary assembled (${formatFileSize(binary.length)})`);
 
             // Write output
@@ -178,6 +176,7 @@ export class CompileCommand extends BaseCommand {
             this.logger.log(`Plugin:       ${manifest.name}@${manifest.version}`);
             this.logger.log(`Type:         ${manifest.pluginType}`);
             this.logger.log(`MLDSA Level:  ${mldsaLevel}`);
+            this.logger.log(`Checksum:     sha256:${checksum.toString('hex')}`);
             this.logger.log(`Signed:       ${options.sign ? 'Yes' : 'No'}`);
             this.logger.log('');