@devtion/devcli 0.0.0-a9e4cd4 → 0.0.0-bbc217a

package/dist/types/commands/authBandada.d.ts

@@ -0,0 +1,2 @@
+declare const authBandada: () => Promise<never>;
+export default authBandada;

package/dist/types/commands/authSIWE.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Auth command using Sign In With Ethereum
+ * @notice The auth command allows a user to make the association of their Ethereum account with the CLI by leveraging SIWE as an authentication mechanism.
+ * @dev Under the hood, the command handles a manual Device Flow following the guidelines in the SIWE documentation.
+ */
+declare const authSIWE: () => Promise<void>;
+export default authSIWE;

package/dist/types/commands/ceremony/index.d.ts

@@ -0,0 +1,3 @@
+import { Command } from "commander";
+declare const setCeremonyCommands: (program: Command) => Command;
+export default setCeremonyCommands;

package/dist/types/commands/ceremony/listParticipants.d.ts

@@ -0,0 +1,2 @@
+declare const listParticipants: () => Promise<never>;
+export default listParticipants;

package/dist/types/commands/index.d.ts

@@ -1,5 +1,7 @@
 export { default as setup } from "./setup.js";
 export { default as auth } from "./auth.js";
+export { default as authBandada } from "./authBandada.js";
+export { default as authSIWE } from "./authSIWE.js";
 export { default as contribute } from "./contribute.js";
 export { default as observe } from "./observe.js";
 export { default as finalize } from "./finalize.js";

package/dist/types/commands/setup.d.ts

@@ -27,7 +27,7 @@ export declare const handleAdditionOfCircuitsToCeremony: (r1csOptions: Array<str
 export declare const displayCeremonySummary: (ceremonyInputData: CeremonyInputData, circuits: Array<CircuitDocument>) => void;
 /**
  * Check if the smallest Powers of Tau has already been downloaded/stored in the correspondent local path
- * @dev we are downloading the Powers of Tau file from Hermez Cryptography Phase 1 Trusted Setup.
+ * @dev we are downloading the Powers of Tau file from Perpetual Powers of Tau Phase 1 Trusted Setup.
  * @param powers <string> - the smallest amount of powers needed for the given circuit (should be in a 'XY' stringified form).
  * @param ptauCompleteFilename <string> - the complete file name of the powers of tau file to be downloaded.
  * @returns <Promise<void>>
@@ -76,7 +76,7 @@ export declare const handleCircuitArtifactUploadToStorage: (firebaseFunctions: F
  * @notice The setup command allows the coordinator of the ceremony to prepare the next ceremony by interacting with the CLI.
  * @dev For proper execution, the command must be run in a folder containing the R1CS files related to the circuits
  * for which the coordinator wants to create the ceremony. The command will download the necessary Tau powers
- * from Hermez's ceremony Phase 1 Reliable Setup Ceremony.
+ * from PPoT ceremony Phase 1 Setup Ceremony.
  * @param cmd? <any> - the path to the ceremony setup file.
  */
 declare const setup: (cmd: {

package/dist/types/lib/bandada.d.ts

@@ -0,0 +1,6 @@
+import { GroupResponse } from "@bandada/api-sdk";
+import { Identity } from "@semaphore-protocol/identity";
+export declare const getGroup: (groupId: string) => Promise<GroupResponse | null>;
+export declare const getMembersOfGroup: (groupId: string) => Promise<string[] | null>;
+export declare const addMemberToGroup: (groupId: string, dashboardUrl: string, identity: Identity) => Promise<void>;
+export declare const isGroupMember: (groupId: string, identity: Identity) => Promise<boolean>;

package/dist/types/lib/files.d.ts

@@ -1,4 +1,5 @@
 /// <reference types="node" />
+/// <reference types="node" />
 import { Dirent, Stats } from "fs";
 /**
  * Check a directory path.

package/dist/types/lib/localConfigs.d.ts

@@ -35,6 +35,44 @@ export declare const setLocalAccessToken: (token: string) => void;
  * Delete the stored access token.
  */
 export declare const deleteLocalAccessToken: () => void;
+/**
+ * Return the Bandada identity, if present.
+ * @returns <string | undefined> - the Bandada identity if present, otherwise undefined.
+ */
+export declare const getLocalBandadaIdentity: () => string | unknown;
+/**
+ * Check if the Bandada identity exists in the local storage.
+ * @returns <boolean>
+ */
+export declare const checkLocalBandadaIdentity: () => boolean;
+/**
+ * Set the Bandada identity.
+ * @param identity <string> - the Bandada identity to be stored.
+ */
+export declare const setLocalBandadaIdentity: (identity: string) => void;
+/**
+ * Delete the stored Bandada identity.
+ */
+export declare const deleteLocalBandadaIdentity: () => void;
+/**
+ * Return the authentication method, if present.
+ * @returns <string | undefined> - the authentication method if present, otherwise undefined.
+ */
+export declare const getLocalAuthMethod: () => string | unknown;
+/**
+ * Check if the authentication method exists in the local storage.
+ * @returns <boolean>
+ */
+export declare const checkLocalAuthMethod: () => boolean;
+/**
+ * Set the authentication method.
+ * @param method <string> - the authentication method to be stored.
+ */
+export declare const setLocalAuthMethod: (method: string) => void;
+/**
+ * Delete the stored authentication method.
+ */
+export declare const deleteLocalAuthMethod: () => void;
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.

package/dist/types/lib/prompts.d.ts

@@ -90,7 +90,7 @@ export declare const promptPotSelector: (options: Array<string>) => Promise<stri
  * @param isFinalizing <boolean> - true when the coordinator must select a ceremony for finalization; otherwise false (participant selects a ceremony for contribution).
  * @returns Promise<FirebaseDocumentInfo> - the Firestore document of the selected ceremony.
  */
-export declare const promptForCeremonySelection: (ceremoniesDocuments: Array<FirebaseDocumentInfo>, isFinalizing: boolean) => Promise<FirebaseDocumentInfo>;
+export declare const promptForCeremonySelection: (ceremoniesDocuments: Array<FirebaseDocumentInfo>, isFinalizing: boolean, messageToDisplay?: string) => Promise<FirebaseDocumentInfo>;
 /**
  * Prompt the participant to type the entropy or the coordinator to type the beacon.
  * @param isEntropy <boolean> - true when prompting for typing entropy; otherwise false.

package/dist/types/types/index.d.ts

@@ -63,3 +63,72 @@ export type GithubGistFile = {
     raw_url: string;
     size: number;
 };
+/**
+ * Define the return object of the function that verifies the Bandada membership and proof.
+ * @typedef {Object} VerifiedBandadaResponse
+ * @property {boolean} valid - true if the proof is valid and the user is a member of the group; otherwise false.
+ * @property {string} message - a message describing the result of the verification.
+ * @property {string} token - the custom access token.
+ */
+export type VerifiedBandadaResponse = {
+    valid: boolean;
+    message: string;
+    token: string;
+};
+/**
+ * Define the return object of the device code uri request.
+ * @typedef {Object} OAuthDeviceCodeResponse
+ * @property {string} device_code - the device code.
+ * @property {string} user_code - the user code.
+ * @property {string} verification_uri - the verification uri.
+ * @property {number} expires_in - the expiration time in seconds.
+ * @property {number} interval - the interval time in seconds.
+ * @property {string} verification_uri_complete - the complete verification uri.
+ * @property {string} error - in case there was an error, show the code
+ * @property {string} error_description - error details.
+ * @property {string} error_uri - error uri.
+ */
+export type OAuthDeviceCodeResponse = {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    expires_in: number;
+    interval: number;
+    verification_uri_complete: string;
+    error?: string;
+    error_description?: string;
+    error_uri?: string;
+};
+/**
+ * Define the return object of the polling endpoint
+ * @typedef {Object} OAuthTokenResponse
+ * @property {string} access_token - the resulting device flow token
+ * @property {string} token_type - token type
+ * @property {number} expires_in - when does the token expires
+ * @property {string} scope - the scope requested by the initial device flow endpoint
+ * @property {string} refresh_token - refresh token
+ * @property {string} id_token - id token
+ * @property {string} error - in case there was an error, show the code
+ * @property {string} error_description - error details
+ */
+export type OAuthTokenResponse = {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    scope: string;
+    refresh_token: string;
+    id_token: string;
+    error?: string;
+    error_description?: string;
+};
+/**
+ * @typedef {Object} CheckNonceOfSIWEAddressResponse
+ * @property {boolean} valid - if the checking was valid or not
+ * @property {string} message - more information about the validity
+ * @property {string} token - token to sign into Firebase
+ */
+export type CheckNonceOfSIWEAddressResponse = {
+    valid: boolean;
+    message: string;
+    token: string;
+};

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@devtion/devcli",
   "type": "module",
-  "version": "0.0.0-a9e4cd4",
+  "version": "0.0.0-bbc217a",
   "description": "All-in-one interactive command-line for interfacing with zkSNARK Phase 2 Trusted Setup ceremonies",
   "repository": "git@github.com:privacy-scaling-explorations/p0tion.git",
   "homepage": "https://github.com/privacy-scaling-explorations/p0tion",
@@ -34,11 +34,14 @@
     "build:watch": "rollup -c rollup.config.ts -w --configPlugin typescript",
     "start": "ts-node --esm ./src/index.ts",
     "auth": "yarn start auth",
+    "auth:siwe": "yarn start auth-siwe",
+    "auth:bandada": "yarn start auth-bandada",
     "contribute": "yarn start contribute",
     "clean": "yarn start clean",
     "list": "yarn start list",
     "logout": "yarn start logout",
     "validate": "yarn start validate",
+    "ceremony:participants": "yarn start ceremony participants",
     "coordinate:setup": "yarn start coordinate setup",
     "coordinate:observe": "yarn start coordinate observe",
     "coordinate:finalize": "yarn start coordinate finalize",
@@ -57,6 +60,7 @@
     "@types/winston": "^2.4.4",
     "rollup-plugin-auto-external": "^2.0.0",
     "rollup-plugin-cleanup": "^3.2.1",
+    "rollup-plugin-copy": "^3.5.0",
     "rollup-plugin-typescript2": "^0.34.1",
     "solc": "^0.8.19",
     "ts-node": "^10.9.1",
@@ -65,10 +69,12 @@
   "dependencies": {
     "@adobe/node-fetch-retry": "^2.2.0",
     "@aws-sdk/client-s3": "^3.329.0",
+    "@bandada/api-sdk": "^1.0.0-beta.1",
     "@devtion/actions": "latest",
     "@octokit/auth-oauth-app": "^5.0.5",
     "@octokit/auth-oauth-device": "^4.0.4",
     "@octokit/request": "^6.2.3",
+    "@semaphore-protocol/identity": "^3.15.1",
     "blakejs": "^1.2.1",
     "boxen": "^7.1.0",
     "chalk": "^5.2.0",
@@ -78,6 +84,7 @@
     "commander": "^10.0.1",
     "conf": "^11.0.1",
     "dotenv": "^16.0.3",
+    "ethers": "^6.9.0",
     "figlet": "^1.6.0",
     "firebase": "^9.21.0",
     "log-symbols": "^5.1.0",
@@ -90,12 +97,12 @@
     "prompts": "^2.4.2",
     "rimraf": "^5.0.0",
     "rollup": "^3.21.6",
-    "snarkjs": "^0.6.11",
+    "snarkjs": "0.7.3",
     "timer-node": "^5.0.7",
     "winston": "^3.8.2"
   },
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "6ae3553e4d11b4344404ad493cf95a169ae14a56"
+  "gitHead": "41d13d724d628f5901ece1ef659d1a554c0db8d9"
 }

package/src/commands/auth.ts

@@ -8,7 +8,12 @@ import figlet from "figlet"
 import { fileURLToPath } from "url"
 import { dirname } from "path"
 import { GENERIC_ERRORS, showError } from "../lib/errors.js"
-import { checkLocalAccessToken, getLocalAccessToken, setLocalAccessToken } from "../lib/localConfigs.js"
+import {
+    checkLocalAccessToken,
+    getLocalAccessToken,
+    setLocalAccessToken,
+    setLocalAuthMethod
+} from "../lib/localConfigs.js"
 import { bootstrapCommandExecutionAndServices, signInToFirebase } from "../lib/services.js"
 import theme from "../lib/theme.js"
 import {
@@ -171,6 +176,7 @@ const auth = async () => {
         const newToken = await executeGithubDeviceFlow(String(process.env.AUTH_GITHUB_CLIENT_ID))
 
         // Store the new access token.
+        setLocalAuthMethod("github")
         setLocalAccessToken(newToken)
     } else spinner.succeed(`Local authentication token found\n`)
 

package/src/commands/authBandada.ts

@@ -0,0 +1,120 @@
+import { Identity } from "@semaphore-protocol/identity"
+
+import { commonTerms } from "@devtion/actions"
+import { httpsCallable } from "firebase/functions"
+import { groth16 } from "snarkjs"
+import { getAuth, signInWithCustomToken } from "firebase/auth"
+import prompts from "prompts"
+import { getLocalDirname } from "../lib/files.js"
+import theme from "../lib/theme.js"
+import { customSpinner } from "../lib/utils.js"
+import { VerifiedBandadaResponse } from "../types/index.js"
+import { showError } from "../lib/errors.js"
+import { bootstrapCommandExecutionAndServices } from "../lib/services.js"
+import { addMemberToGroup, isGroupMember } from "../lib/bandada.js"
+import {
+    checkLocalBandadaIdentity,
+    deleteLocalAccessToken,
+    deleteLocalAuthMethod,
+    deleteLocalBandadaIdentity,
+    getLocalBandadaIdentity,
+    setLocalAccessToken,
+    setLocalAuthMethod,
+    setLocalBandadaIdentity
+} from "../lib/localConfigs.js"
+
+const { BANDADA_DASHBOARD_URL, BANDADA_GROUP_ID } = process.env
+
+const authBandada = async () => {
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices()
+        const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`)
+        spinner.start()
+        // 1. check if _identity string exists in local storage
+        let identityString: string | unknown
+        const isIdentityStringStored = checkLocalBandadaIdentity()
+        if (isIdentityStringStored) {
+            identityString = getLocalBandadaIdentity()
+            spinner.succeed(`Identity seed found\n`)
+        } else {
+            spinner.warn(`Identity seed not found\n`)
+            // 2. generate a random _identity string and save it in local storage
+            const { seed } = await prompts({
+                type: "text",
+                name: "seed",
+                message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
+                initial: false
+            })
+            identityString = seed as string
+            setLocalBandadaIdentity(identityString as string)
+        }
+        // 3. create a semaphore identity with _identity string as a seed
+        const identity = new Identity(identityString as string)
+
+        // 4. check if the user is a member of the group
+        console.log(`Checking Bandada membership...`)
+        const isMember = await isGroupMember(BANDADA_GROUP_ID, identity)
+        if (!isMember) {
+            await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity)
+        }
+
+        // 5. generate a proof that the user owns the commitment.
+        spinner.text = `Generating proof of identity...`
+        spinner.start()
+        // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
+
+        const initDirectoryName = getLocalDirname()
+        const directoryName = initDirectoryName.includes("/src") ? "." : initDirectoryName
+
+        const { proof, publicSignals } = await groth16.fullProve(
+            {
+                identityTrapdoor: identity.trapdoor,
+                identityNullifier: identity.nullifier,
+                externalNullifier: BANDADA_GROUP_ID
+            },
+            `${directoryName}/public/mini-semaphore.wasm`,
+            `${directoryName}/public/mini-semaphore.zkey`
+        )
+        spinner.succeed(`Proof generated.\n`)
+        spinner.text = `Sending proof to verification...`
+        spinner.start()
+        // 6. send proof to a cloud function that verifies it and checks membership
+        const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof)
+        const result = await cf({
+            proof,
+            publicSignals
+        })
+        const { valid, token, message } = result.data as VerifiedBandadaResponse
+        if (!valid) {
+            showError(message, true)
+            deleteLocalAuthMethod()
+            deleteLocalAccessToken()
+            deleteLocalBandadaIdentity()
+        }
+        spinner.succeed(`Proof verified.\n`)
+        spinner.text = `Authenticating...`
+        spinner.start()
+        // 7. Auth to p0tion firebase
+        const credentials = await signInWithCustomToken(getAuth(), token)
+        setLocalAuthMethod("bandada")
+        setLocalAccessToken(token)
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`)
+
+        console.log(
+            `\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(
+                `phase2cli logout`
+            )} command`
+        )
+    } catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.")
+        console.error(error)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+        deleteLocalBandadaIdentity()
+    }
+
+    process.exit(0)
+}
+
+export default authBandada

package/src/commands/authSIWE.ts

@@ -0,0 +1,185 @@
+import open from "open"
+import figlet from "figlet"
+import clipboard from "clipboardy"
+import fetch from "node-fetch"
+import { getAuth, signInWithCustomToken } from "firebase/auth"
+import { httpsCallable } from "firebase/functions"
+import { commonTerms } from "@devtion/actions"
+import { showError } from "../lib/errors.js"
+import { bootstrapCommandExecutionAndServices } from "../lib/services.js"
+import theme from "../lib/theme.js"
+import { customSpinner, sleep } from "../lib/utils.js"
+import { CheckNonceOfSIWEAddressResponse, OAuthDeviceCodeResponse, OAuthTokenResponse } from "../types/index.js"
+import {
+    checkLocalAccessToken,
+    deleteLocalAccessToken,
+    deleteLocalAuthMethod,
+    getLocalAccessToken,
+    setLocalAccessToken,
+    setLocalAuthMethod
+} from "../lib/localConfigs.js"
+
+const showVerificationCodeAndUri = async (OAuthDeviceCode: OAuthDeviceCodeResponse) => {
+    // Copy code to clipboard.
+    let noClipboard = false
+    try {
+        clipboard.writeSync(OAuthDeviceCode.user_code)
+        clipboard.readSync()
+    } catch (error) {
+        noClipboard = true
+    }
+    // Display data.
+    console.log(
+        `${theme.symbols.warning} Visit ${theme.text.bold(
+            theme.text.underlined(OAuthDeviceCode.verification_uri_complete)
+        )} on this device to generate a new token and authenticate\n`
+    )
+    console.log(theme.colors.magenta(figlet.textSync("Code is Below", { font: "ANSI Shadow" })), "\n")
+
+    const message = !noClipboard ? `has been copied to your clipboard (${theme.emojis.clipboard})` : ``
+    console.log(
+        `${theme.symbols.info} Your auth code: ${theme.text.bold(OAuthDeviceCode.user_code)} ${message} ${
+            theme.symbols.success
+        }\n`
+    )
+    const spinner = customSpinner(`Redirecting to Sign In With Ethereum...`, `clock`)
+    spinner.start()
+    await sleep(10000) // ~10s to make users able to read the CLI.
+    try {
+        // Automatically open the page (# Step 2).
+        await open(OAuthDeviceCode.verification_uri_complete)
+    } catch (error: any) {
+        console.log(
+            `${theme.symbols.info} Please authenticate via SIWE at ${OAuthDeviceCode.verification_uri_complete}`
+        )
+    }
+    spinner.stop()
+}
+
+/**
+ * Return the token to sign in to Firebase after passing the SIWE Device Flow
+ * @param clientId <string> - The client id of the Auth0 application.
+ * @param firebaseFunctions <any> - The Firebase functions instance to call the cloud function
+ * @returns <string> - The token to sign in to Firebase
+ */
+const executeSIWEDeviceFlow = async (clientId: string, firebaseFunctions: any): Promise<string> => {
+    // Call Auth0 endpoint to request device code uri
+    const OAuthDeviceCode = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/oauth/device/code`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({
+            client_id: clientId,
+            scope: "openid",
+            audience: `${process.env.AUTH0_APPLICATION_URL}/api/v2/`
+        })
+    }).then((_res) => _res.json())) as OAuthDeviceCodeResponse
+    if (OAuthDeviceCode.error) {
+        showError(OAuthDeviceCode.error_description, true)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+    }
+    await showVerificationCodeAndUri(OAuthDeviceCode)
+    // Poll Auth0 endpoint until you get token or request expires
+    let isSignedIn = false
+    let isExpired = false
+    let auth0Token = ""
+    while (!isSignedIn && !isExpired) {
+        // Call Auth0 endpoint to request token
+        const OAuthToken = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/oauth/token`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({
+                client_id: clientId,
+                device_code: OAuthDeviceCode.device_code,
+                grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+            })
+        }).then((_res) => _res.json())) as OAuthTokenResponse
+        if (OAuthToken.error) {
+            if (OAuthToken.error === "authorization_pending") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000)
+            } else if (OAuthToken.error === "slow_down") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000 * 2)
+            } else if (OAuthToken.error === "expired_token") {
+                // The user didn't sign in on time
+                isExpired = true
+            }
+        } else {
+            // The user signed in
+            isSignedIn = true
+            auth0Token = OAuthToken.access_token
+        }
+    }
+    // Send token to cloud function to check nonce, create user and retrieve token
+    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.checkNonceOfSIWEAddress)
+    const result = await cf({
+        auth0Token
+    })
+    const { token, valid, message } = result.data as CheckNonceOfSIWEAddressResponse
+    if (!valid) {
+        showError(message, true)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+    }
+    return token
+}
+
+/**
+ * Auth command using Sign In With Ethereum
+ * @notice The auth command allows a user to make the association of their Ethereum account with the CLI by leveraging SIWE as an authentication mechanism.
+ * @dev Under the hood, the command handles a manual Device Flow following the guidelines in the SIWE documentation.
+ */
+const authSIWE = async () => {
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices()
+        // Console more context for the user.
+        console.log(
+            `${theme.symbols.info} ${theme.text.bold(
+                `You are about to authenticate on this CLI using your Ethereum address (device flow - OAuth 2.0 mechanism).\n${theme.symbols.warning} Please, note that only a Sign-in With Ethereum signature will be required`
+            )}\n`
+        )
+        const spinner = customSpinner(`Checking authentication token...`, `clock`)
+        spinner.start()
+        await sleep(5000)
+
+        // Manage OAuth Github or SIWE token.
+        const isLocalTokenStored = checkLocalAccessToken()
+
+        if (!isLocalTokenStored) {
+            spinner.fail(`No local authentication token found\n`)
+
+            // Generate a new access token using Github Device Flow (OAuth 2.0).
+            const newToken = await executeSIWEDeviceFlow(String(process.env.AUTH_SIWE_CLIENT_ID), firebaseFunctions)
+
+            // Store the new access token.
+            setLocalAuthMethod("siwe")
+            setLocalAccessToken(newToken)
+        } else spinner.succeed(`Local authentication token found\n`)
+
+        // Get access token from local store.
+        const token = String(getLocalAccessToken())
+
+        spinner.text = `Authenticating...`
+        spinner.start()
+
+        // Exchange token for credential.
+        const credentials = await signInWithCustomToken(getAuth(), token)
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`)
+
+        console.log(
+            `\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(
+                `phase2cli logout`
+            )} command`
+        )
+        process.exit(0)
+    } catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.")
+        console.error(error)
+        deleteLocalAuthMethod()
+        deleteLocalAccessToken()
+    }
+}
+
+export default authSIWE

package/src/commands/ceremony/index.ts

@@ -0,0 +1,20 @@
+import { Command } from "commander"
+import listParticipants from "./listParticipants.js"
+
+const setCeremonyCommands = (program: Command) => {
+    const ceremony = program.command("ceremony").description("manage ceremonies")
+
+    ceremony
+        .command("participants")
+        .description("retrieve participants list of a ceremony")
+        .requiredOption(
+            "-c, --ceremony <string>",
+            "the prefix of the ceremony you want to retrieve information about",
+            ""
+        )
+        .action(listParticipants)
+
+    return ceremony
+}
+
+export default setCeremonyCommands

package/src/commands/ceremony/listParticipants.ts

@@ -0,0 +1,56 @@
+import { collection, doc, getDocs } from "firebase/firestore"
+import { ParticipantDocument, UserDocument, commonTerms, getAllCeremonies } from "@devtion/actions"
+import theme from "../../lib/theme.js"
+import { bootstrapCommandExecutionAndServices } from "../../lib/services.js"
+import { showError } from "../../lib/errors.js"
+import { promptForCeremonySelection } from "../../lib/prompts.js"
+
+const listParticipants = async () => {
+    try {
+        const { firestoreDatabase } = await bootstrapCommandExecutionAndServices()
+
+        const allCeremonies = await getAllCeremonies(firestoreDatabase)
+        const selectedCeremony = await promptForCeremonySelection(
+            allCeremonies,
+            true,
+            "Which ceremony would you like to see participants?"
+        )
+
+        const docRef = doc(firestoreDatabase, commonTerms.collections.ceremonies.name, selectedCeremony.id)
+        const participantsRef = collection(docRef, "participants")
+        const participantsSnapshot = await getDocs(participantsRef)
+        const participants = participantsSnapshot.docs.map(
+            (participantDoc) => participantDoc.data() as ParticipantDocument
+        )
+
+        const usersRef = collection(firestoreDatabase, "users")
+        const usersSnapshot = await getDocs(usersRef)
+        const users = usersSnapshot.docs.map((userDoc) => {
+            const data = userDoc.data() as UserDocument
+            return { id: userDoc.id, ...data }
+        })
+
+        const participantDetails = participants
+            .map((participant) => {
+                const user = users.find((_user) => _user.id === participant.userId)
+                if (!user) return null
+                return {
+                    id: user.name,
+                    status: participant.status,
+                    contributionStep: participant.contributionStep,
+                    lastUpdated: new Date(participant.lastUpdated)
+                }
+            })
+            .filter((user) => user !== null)
+
+        const participantsDone = participantDetails.filter((participant) => participant.status === "DONE")
+        console.log(participantDetails)
+        console.log(`${theme.text.underlined("Total participants:")} ${participantDetails.length}`)
+        console.log(`${theme.text.underlined("Total participants finished:")} ${participantsDone.length}`)
+    } catch (err: any) {
+        showError(`Something went wrong: ${err.toString()}`, true)
+    }
+    process.exit(0)
+}
+
+export default listParticipants