@obelyzk/sdk 1.4.0 → 1.6.0

package/dist/obelysk/index.mjs

@@ -8,10 +8,10 @@ import {
   ecMul,
   invMod,
   randomScalar
-} from "../chunk-MDF4P52S.mjs";
+} from "../chunk-GK4FKSZ4.mjs";
 import {
   __require
-} from "../chunk-Y6FXYEAI.mjs";
+} from "../chunk-XGB3TDIC.mjs";
 
 // src/obelysk/client.ts
 import { RpcProvider } from "starknet";

package/dist/privacy/index.mjs

@@ -19,8 +19,8 @@ import {
   randomBytes,
   randomScalar,
   subMod
-} from "../chunk-MDF4P52S.mjs";
-import "../chunk-Y6FXYEAI.mjs";
+} from "../chunk-GK4FKSZ4.mjs";
+import "../chunk-XGB3TDIC.mjs";
 export {
   AssetId,
   CURVE_ORDER,

package/dist/react/index.mjs

@@ -16,8 +16,8 @@ import {
   WorkersClient,
   getContractsForNetwork
 } from "../chunk-LXJT3QK6.mjs";
-import "../chunk-MDF4P52S.mjs";
-import "../chunk-Y6FXYEAI.mjs";
+import "../chunk-GK4FKSZ4.mjs";
+import "../chunk-XGB3TDIC.mjs";
 
 // src/react/providers/BitSageProvider.tsx
 import {

package/examples/.claude/rules/starknet.md

@@ -0,0 +1,17 @@
+---
+paths:
+  - "scripts/**/*.mjs"
+  - "scripts/**/*.ts"
+  - "deployment/**"
+  - "contracts/**"
+---
+
+# Starknet Transaction Rules
+
+Before ANY on-chain transaction in these paths:
+
+1. Call `obelyzk_classify` with the target contract address, value, and function selector.
+2. If the decision is `escalate` or `block`, stop and explain the threat score.
+3. Include the `io_commitment` in the commit message for the audit trail.
+4. Never use `--skip-policy` or set `STWO_SKIP_POLICY_COMMITMENT=1`.
+5. Never call `starkli invoke` or `sncast invoke` without prior classification.

package/examples/CLAUDE.md

@@ -0,0 +1,59 @@
+## Agent Safety Policy
+
+This project uses ObelyZK cryptographic policy enforcement. All on-chain actions
+are classified by a ZKML model before execution. The classifier generates a
+GKR+STARK proof binding the threat score to the specific transaction features
+and policy configuration.
+
+### Tools Available
+
+- `obelyzk_classify` — Classify a transaction before executing it. Returns a
+  proven threat score (0-100000) and decision (approve/escalate/block).
+- `obelyzk_agent_status` — Check your agent's trust score, strike count, and
+  whether you are trusted by the firewall contract.
+- `obelyzk_check_action` — Query the status of a previously submitted action.
+- `obelyzk_health` — Check prover server and firewall contract availability.
+- `obelyzk_get_policy` — Inspect the active policy configuration and commitment hash.
+- `obelyzk_list_models` — List available models on the prover server.
+- `obelyzk_prove_inference` — Submit an async proof generation job for any model.
+- `obelyzk_verify_proof` — Check if a proof has been verified on-chain.
+- `obelyzk_register_agent` — Register a new agent on the firewall contract.
+- `obelyzk_submit_action` — Submit a pending action for on-chain classification.
+- `obelyzk_resolve_action` — Resolve a pending action with a verified ZKML proof.
+- `obelyzk_approve_escalated` — Approve an escalated action (human-in-the-loop).
+- `obelyzk_reject_escalated` — Reject an escalated action and add a strike.
+
+### Required Workflow
+
+Before ANY on-chain transaction (`starkli invoke`, `sncast invoke`, contract
+deployments, token transfers, approvals):
+
+1. Call `obelyzk_classify` with the target address, value, and selector.
+2. If decision is `block` — do NOT execute. Explain the threat score to the user.
+3. If decision is `escalate` — ask the user for explicit approval before proceeding.
+4. If decision is `approve` — safe to execute.
+5. Include the `io_commitment` from the classify result in any commit messages
+   or logs for audit trail purposes.
+
+### Decision Thresholds
+
+| Score Range | Decision | Action |
+|-------------|----------|--------|
+| 0 - 40,000 | approve | Execute immediately |
+| 40,001 - 70,000 | escalate | Requires human review |
+| 70,001 - 100,000 | block | Reject, do not execute |
+
+### Trust Score
+
+Your agent's trust score is updated via asymmetric EMA after each resolved action:
+- Bad actions raise the score quickly (alpha = 0.5)
+- Good actions lower the score slowly (alpha = 0.1)
+- At 5 strikes, the agent is automatically frozen
+
+Check your status with `obelyzk_agent_status` if actions start failing.
+
+### Restrictions
+
+- Do NOT set `STWO_SKIP_POLICY_COMMITMENT=1` in any environment.
+- Do NOT bypass the classifier by calling contracts directly without classification.
+- Do NOT modify firewall thresholds without explicit user authorization.

package/examples/claude-settings.json

@@ -0,0 +1,52 @@
+{
+  "mcpServers": {
+    "obelyzk-policy": {
+      "command": "npx",
+      "args": ["ts-node", "./node_modules/@obelyzk/sdk/src/mcp-policy/index.ts"],
+      "env": {
+        "PROVER_URL": "http://localhost:8080",
+        "STARKNET_RPC": "https://starknet-sepolia.g.alchemy.com/starknet/version/rpc/v0_7/YOUR_KEY",
+        "FIREWALL_CONTRACT": "0x_YOUR_FIREWALL_CONTRACT_ADDRESS",
+        "VERIFIER_CONTRACT": "0x_YOUR_VERIFIER_CONTRACT_ADDRESS",
+        "PROVER_API_KEY": "",
+        "DEPLOYER_PRIVKEY": "",
+        "DEPLOYER_ADDRESS": ""
+      }
+    }
+  },
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "./node_modules/@obelyzk/sdk/src/hooks/pre-tool-use.sh"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Bash|mcp__obelyzk-policy__.*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "./node_modules/@obelyzk/sdk/src/hooks/post-tool-use.sh",
+            "async": true
+          }
+        ]
+      }
+    ],
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "./node_modules/@obelyzk/sdk/src/hooks/session-start.sh"
+          }
+        ]
+      }
+    ]
+  }
+}

package/examples/test_confidential_swap_api.ts

@@ -0,0 +1,313 @@
+/**
+ * Test Confidential Swap API - End-to-End Flow
+ *
+ * Tests the privacy swap API endpoints without requiring blockchain credentials.
+ * Verifies proof generation, order creation, and order taking flows.
+ */
+
+const API_URL = process.env.API_URL || 'http://localhost:8090';
+
+interface ElGamalCiphertext {
+    c1_x: string;
+    c1_y: string;
+    c2_x: string;
+    c2_y: string;
+}
+
+interface ProofBundle {
+    rangeProof: {
+        commitment: { x: string; y: string };
+        challenge: string;
+        response: string;
+    };
+    rateProof: {
+        rateCommitment: { x: string; y: string };
+        challenge: string;
+        responseGive: string;
+        responseRate: string;
+        responseBlinding: string;
+    };
+    balanceProof: {
+        balanceCommitment: { x: string; y: string };
+        challenge: string;
+        response: string;
+    };
+}
+
+function log(msg: string, type: 'info' | 'success' | 'error' | 'header' = 'info') {
+    const colors = {
+        info: '\x1b[36m',
+        success: '\x1b[32m',
+        error: '\x1b[31m',
+        header: '\x1b[35m',
+    };
+    console.log(`${colors[type]}${msg}\x1b[0m`);
+}
+
+async function testHealthEndpoint(): Promise<boolean> {
+    try {
+        const response = await fetch(`${API_URL}/api/v1/privacy/health`);
+        const data = await response.json();
+        log(`  Status: ${data.status}`, data.status === 'healthy' ? 'success' : 'error');
+        log(`  GPU Available: ${data.gpu_available}`, 'info');
+        log(`  Version: ${data.version}`, 'info');
+        return data.status === 'healthy';
+    } catch (e) {
+        log(`  Health check failed: ${(e as Error).message}`, 'error');
+        return false;
+    }
+}
+
+async function testListOrders(): Promise<any[]> {
+    try {
+        const response = await fetch(`${API_URL}/api/v1/privacy/orders`);
+        const data = await response.json();
+        log(`  Total orders: ${data.orders?.length || 0}`, 'success');
+        return data.orders || [];
+    } catch (e) {
+        log(`  List orders failed: ${(e as Error).message}`, 'error');
+        return [];
+    }
+}
+
+async function testGenerateProof(giveAmount: string, wantAmount: string): Promise<ProofBundle | null> {
+    try {
+        const response = await fetch(`${API_URL}/api/v1/privacy/generate-swap-proof`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                giveAsset: 0, // SAGE
+                wantAsset: 1, // USDC
+                giveAmount,
+                wantAmount,
+                rate: (BigInt(wantAmount) * BigInt('1000000000000000000') / BigInt(giveAmount)).toString(),
+                blindingFactor: '0x' + Math.random().toString(16).slice(2).padStart(64, '0'),
+            }),
+        });
+
+        if (!response.ok) {
+            throw new Error(`HTTP ${response.status}`);
+        }
+
+        const data = await response.json();
+        log(`  Range proof: generated`, 'success');
+        log(`  Rate proof: generated`, 'success');
+        log(`  Balance proof: generated`, 'success');
+        return data;
+    } catch (e) {
+        log(`  Proof generation failed: ${(e as Error).message}`, 'error');
+        return null;
+    }
+}
+
+async function testCreateOrder(proofs: ProofBundle): Promise<string | null> {
+    try {
+        // Generate mock encrypted amounts
+        const randomHex = () => '0x' + Math.random().toString(16).slice(2).padStart(64, '0');
+
+        const encryptedGive: ElGamalCiphertext = {
+            c1_x: randomHex(),
+            c1_y: randomHex(),
+            c2_x: randomHex(),
+            c2_y: randomHex(),
+        };
+
+        const encryptedWant: ElGamalCiphertext = {
+            c1_x: randomHex(),
+            c1_y: randomHex(),
+            c2_x: randomHex(),
+            c2_y: randomHex(),
+        };
+
+        const response = await fetch(`${API_URL}/api/v1/privacy/orders`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                giveAsset: 0,
+                wantAsset: 1,
+                encryptedGive,
+                encryptedWant,
+                rateCommitment: randomHex(),
+                minFillPct: 0,
+                expiresIn: 604800,
+                proofs,
+            }),
+        });
+
+        if (!response.ok) {
+            const text = await response.text();
+            log(`  Create order returned ${response.status}: ${text.slice(0, 100)}`, 'info');
+            // May not be fully implemented - that's OK for API test
+            return null;
+        }
+
+        const data = await response.json();
+        log(`  Order created: ${data.orderId}`, 'success');
+        return data.orderId;
+    } catch (e) {
+        log(`  Create order not implemented (expected): ${(e as Error).message}`, 'info');
+        return null;
+    }
+}
+
+async function testTakeOrder(orderId: string = '1'): Promise<boolean> {
+    try {
+        const randomHex = () => '0x' + Math.random().toString(16).slice(2).padStart(64, '0');
+
+        // Generate 64 bit commitments and responses for range proof
+        const bitCommitments = Array.from({ length: 64 }, () => ({
+            x: randomHex(),
+            y: randomHex(),
+        }));
+        const responses = Array.from({ length: 64 }, () => randomHex());
+
+        const response = await fetch(`${API_URL}/api/v1/privacy/orders/${orderId}/take`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                // Match the Rust API schema: TakeOrderRequest
+                takerGive: {
+                    c1: { x: randomHex(), y: randomHex() },
+                    c2: { x: randomHex(), y: randomHex() },
+                },
+                takerWant: {
+                    c1: { x: randomHex(), y: randomHex() },
+                    c2: { x: randomHex(), y: randomHex() },
+                },
+                proofs: {
+                    rangeProof: {
+                        bitCommitments,
+                        challenge: randomHex(),
+                        responses,
+                        numBits: 64,
+                    },
+                    rateProof: {
+                        rateCommitment: { x: randomHex(), y: randomHex() },
+                        challenge: randomHex(),
+                        responseGive: randomHex(),
+                        responseRate: randomHex(),
+                        responseBlinding: randomHex(),
+                    },
+                    balanceProof: {
+                        balanceCommitment: { x: randomHex(), y: randomHex() },
+                        challenge: randomHex(),
+                        response: randomHex(),
+                    },
+                },
+            }),
+        });
+
+        const data = await response.json();
+        if (data.matchId) {
+            log(`  Order taken! Match ID: ${data.matchId.slice(0, 20)}...`, 'success');
+            log(`  Status: ${data.status}`, 'success');
+            return true;
+        } else if (data.error) {
+            log(`  Take order error: ${data.error}`, 'error');
+            return false;
+        }
+        return false;
+    } catch (e) {
+        log(`  Take order failed: ${(e as Error).message}`, 'error');
+        return false;
+    }
+}
+
+async function testGetBalance(): Promise<boolean> {
+    try {
+        const testAddress = '0x0759a4374389b0e3cfcc59d49310b6bc75bb12bbf8ce550eb5c2f026918bb344';
+        // Asset ID: 0=SAGE, 1=USDC, 2=STRK, 3=ETH
+        const assetId = 0; // SAGE
+        const response = await fetch(`${API_URL}/api/v1/privacy/balance/${testAddress}/${assetId}`);
+        const data = await response.json();
+        log(`  Encrypted balance retrieved`, 'success');
+        log(`  Has ciphertext: ${!!data.c1?.x}`, 'info');
+        return true;
+    } catch (e) {
+        log(`  Get balance failed: ${(e as Error).message}`, 'error');
+        return false;
+    }
+}
+
+async function testSwapHistory(): Promise<boolean> {
+    try {
+        const testAddress = '0x0759a4374389b0e3cfcc59d49310b6bc75bb12bbf8ce550eb5c2f026918bb344';
+        const response = await fetch(`${API_URL}/api/v1/privacy/swaps/history/${testAddress}`);
+        const data = await response.json();
+        log(`  Swap history entries: ${data.swaps?.length || 0}`, 'success');
+        return true;
+    } catch (e) {
+        log(`  Get swap history failed: ${(e as Error).message}`, 'error');
+        return false;
+    }
+}
+
+async function main() {
+    log('\n╔══════════════════════════════════════════════════════════════════════╗', 'header');
+    log('║    CONFIDENTIAL SWAP API - End-to-End Test                           ║', 'header');
+    log('╚══════════════════════════════════════════════════════════════════════╝', 'header');
+    log(`\n  API URL: ${API_URL}\n`, 'info');
+
+    const results: { test: string; passed: boolean }[] = [];
+
+    // Test 1: Health Check
+    log('\n=== Test 1: Health Check ===', 'header');
+    const healthOk = await testHealthEndpoint();
+    results.push({ test: 'Health Check', passed: healthOk });
+
+    if (!healthOk) {
+        log('\n  Server not running or unhealthy. Aborting tests.', 'error');
+        process.exit(1);
+    }
+
+    // Test 2: List Orders
+    log('\n=== Test 2: List Orders ===', 'header');
+    const orders = await testListOrders();
+    results.push({ test: 'List Orders', passed: true });
+
+    // Test 3: Generate Proof
+    log('\n=== Test 3: Generate STWO Proof ===', 'header');
+    log('  Generating proof for: 100 SAGE -> 10 USDC', 'info');
+    const proofs = await testGenerateProof('100000000000000000000', '10000000');
+    results.push({ test: 'Generate Proof', passed: !!proofs });
+
+    // Test 4: Take Order (simulated)
+    log('\n=== Test 4: Take Order (Simulated) ===', 'header');
+    const takeOk = await testTakeOrder('1');
+    results.push({ test: 'Take Order', passed: takeOk });
+
+    // Test 5: Get Encrypted Balance
+    log('\n=== Test 5: Get Encrypted Balance ===', 'header');
+    const balanceOk = await testGetBalance();
+    results.push({ test: 'Get Balance', passed: balanceOk });
+
+    // Test 6: Get Swap History
+    log('\n=== Test 6: Get Swap History ===', 'header');
+    const historyOk = await testSwapHistory();
+    results.push({ test: 'Swap History', passed: historyOk });
+
+    // Summary
+    log('\n╔══════════════════════════════════════════════════════════════════════╗', 'header');
+    log('║                        TEST SUMMARY                                  ║', 'header');
+    log('╚══════════════════════════════════════════════════════════════════════╝', 'header');
+
+    const passed = results.filter(r => r.passed).length;
+    const total = results.length;
+
+    for (const r of results) {
+        log(`  ${r.passed ? '✓' : '✗'} ${r.test}`, r.passed ? 'success' : 'error');
+    }
+
+    log(`\n  Result: ${passed}/${total} tests passed`, passed === total ? 'success' : 'error');
+
+    if (passed === total) {
+        log('\n  Confidential Swap API is fully operational!', 'success');
+        log('  Ready for SDK integration and frontend testing.\n', 'success');
+    }
+}
+
+main().catch(e => {
+    log(`\nFatal error: ${e.message}`, 'error');
+    console.error(e);
+    process.exit(1);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@obelyzk/sdk",
-  "version": "1.4.0",
+  "version": "1.6.0",
   "description": "ObelyZK SDK — verifiable ML inference on Starknet with recursive STARK proofs",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -30,11 +30,17 @@
       "types": "./dist/obelysk/index.d.ts",
       "import": "./dist/obelysk/index.mjs",
       "require": "./dist/obelysk/index.js"
+    },
+    "./mcp-policy": {
+      "types": "./dist/mcp-policy/index.d.ts",
+      "import": "./dist/mcp-policy/index.mjs",
+      "require": "./dist/mcp-policy/index.js"
     }
   },
   "license": "MIT",
   "bin": {
-    "bitsage-demo": "./bin/bitsage-demo.ts"
+    "bitsage-demo": "./bin/bitsage-demo.ts",
+    "obelyzk-policy-server": "./dist/mcp-policy/index.js"
   },
   "repository": {
     "type": "git",
@@ -59,7 +65,7 @@
     "zk-proofs"
   ],
   "scripts": {
-    "build": "tsup src/index.ts src/privacy/index.ts src/react/index.ts src/obelysk/index.ts src/firewall/index.ts --format cjs,esm --dts",
+    "build": "tsup src/index.ts src/privacy/index.ts src/react/index.ts src/obelysk/index.ts src/firewall/index.ts src/mcp-policy/index.ts --format cjs,esm --dts",
     "dev": "tsup src/index.ts src/privacy/index.ts src/react/index.ts src/obelysk/index.ts --format cjs,esm --dts --watch",
     "lint": "eslint src/",
     "test": "vitest",
@@ -93,13 +99,15 @@
   },
   "files": [
     "dist",
+    "src/hooks",
+    "examples",
     "README.md"
   ],
   "publishConfig": {
     "access": "public",
     "registry": "https://registry.npmjs.org/"
   },
-  "homepage": "https://obelysk.com",
+  "homepage": "https://obelysk.xyz",
   "bugs": {
     "url": "https://github.com/Bitsage-Network/bitsage-network/issues"
   },

package/src/hooks/post-tool-use.sh

@@ -0,0 +1,116 @@
+#!/usr/bin/env bash
+# ObelyZK PostToolUse Audit Hook
+#
+# Logs tool execution results for audit trail. Captures:
+# - Tool name and timestamp
+# - Resolved action decisions, threat scores, proof hashes
+# - Transaction hashes from on-chain operations
+#
+# Install in .claude/settings.json:
+#   {
+#     "hooks": {
+#       "PostToolUse": [{
+#         "matcher": "Bash|mcp__obelyzk-policy__.*",
+#         "hooks": [{
+#           "type": "command",
+#           "command": "/path/to/post-tool-use.sh",
+#           "async": true
+#         }]
+#       }]
+#     }
+#   }
+#
+# Environment:
+#   OBELYZK_AUDIT_LOG  - Path to audit log file (default: ~/.obelyzk/audit.jsonl)
+#
+# This hook is async (non-blocking) — it logs but never blocks tool execution.
+
+set -euo pipefail
+
+AUDIT_LOG="${OBELYZK_AUDIT_LOG:-$HOME/.obelyzk/audit.jsonl}"
+
+# Ensure log directory exists
+mkdir -p "$(dirname "$AUDIT_LOG")"
+
+# Read hook context from stdin
+INPUT=$(cat)
+
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null || echo "")
+if [ -z "$TOOL_NAME" ]; then
+  exit 0
+fi
+
+TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)
+SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // "unknown"' 2>/dev/null || echo "unknown")
+
+# Extract tool output if available
+TOOL_OUTPUT=$(echo "$INPUT" | jq -r '.tool_output // empty' 2>/dev/null || echo "")
+
+# Build audit entry based on tool type
+case "$TOOL_NAME" in
+  mcp__obelyzk-policy__obelyzk_classify|mcp__obelyzk-policy__firewall_classify)
+    # Classification result
+    DECISION=$(echo "$TOOL_OUTPUT" | jq -r '.decision // empty' 2>/dev/null || echo "")
+    SCORE=$(echo "$TOOL_OUTPUT" | jq -r '.threat_score // 0' 2>/dev/null || echo "0")
+    IO_COMMIT=$(echo "$TOOL_OUTPUT" | jq -r '.io_commitment // empty' 2>/dev/null || echo "")
+    POLICY=$(echo "$TOOL_OUTPUT" | jq -r '.policy_commitment // empty' 2>/dev/null || echo "")
+
+    jq -nc \
+      --arg ts "$TIMESTAMP" \
+      --arg sid "$SESSION_ID" \
+      --arg tool "$TOOL_NAME" \
+      --arg decision "$DECISION" \
+      --argjson score "$SCORE" \
+      --arg io "$IO_COMMIT" \
+      --arg policy "$POLICY" \
+      '{timestamp: $ts, session: $sid, event: "classify", tool: $tool, decision: $decision, threat_score: $score, io_commitment: $io, policy_commitment: $policy}' \
+      >> "$AUDIT_LOG"
+    ;;
+
+  mcp__obelyzk-policy__obelyzk_resolve_action|mcp__obelyzk-policy__firewall_resolve_action)
+    # Resolved action
+    ACTION_ID=$(echo "$TOOL_OUTPUT" | jq -r '.action_id // empty' 2>/dev/null || echo "")
+    DECISION=$(echo "$TOOL_OUTPUT" | jq -r '.decision // empty' 2>/dev/null || echo "")
+    SCORE=$(echo "$TOOL_OUTPUT" | jq -r '.threat_score // 0' 2>/dev/null || echo "0")
+    TX_HASH=$(echo "$TOOL_OUTPUT" | jq -r '.tx_hash // empty' 2>/dev/null || echo "")
+
+    jq -nc \
+      --arg ts "$TIMESTAMP" \
+      --arg sid "$SESSION_ID" \
+      --arg action "$ACTION_ID" \
+      --arg decision "$DECISION" \
+      --argjson score "$SCORE" \
+      --arg tx "$TX_HASH" \
+      '{timestamp: $ts, session: $sid, event: "resolve", action_id: $action, decision: $decision, threat_score: $score, tx_hash: $tx}' \
+      >> "$AUDIT_LOG"
+    ;;
+
+  mcp__obelyzk-policy__obelyzk_submit_action|mcp__obelyzk-policy__firewall_submit_action)
+    # Submitted action
+    ACTION_ID=$(echo "$TOOL_OUTPUT" | jq -r '.action_id // empty' 2>/dev/null || echo "")
+    TX_HASH=$(echo "$TOOL_OUTPUT" | jq -r '.tx_hash // empty' 2>/dev/null || echo "")
+
+    jq -nc \
+      --arg ts "$TIMESTAMP" \
+      --arg sid "$SESSION_ID" \
+      --arg action "$ACTION_ID" \
+      --arg tx "$TX_HASH" \
+      '{timestamp: $ts, session: $sid, event: "submit", action_id: $action, tx_hash: $tx}' \
+      >> "$AUDIT_LOG"
+    ;;
+
+  Bash)
+    # Log on-chain Bash commands
+    COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null || echo "")
+    if echo "$COMMAND" | grep -qE '(starkli invoke|sncast invoke|starkli deploy)'; then
+      jq -nc \
+        --arg ts "$TIMESTAMP" \
+        --arg sid "$SESSION_ID" \
+        --arg cmd "$COMMAND" \
+        '{timestamp: $ts, session: $sid, event: "onchain_bash", command: $cmd}' \
+        >> "$AUDIT_LOG"
+    fi
+    ;;
+esac
+
+exit 0