@sip-protocol/cli 0.1.0 → 0.2.1

package/dist/index.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 // src/index.ts
-import { Command as Command9 } from "commander";
+import { Command as Command14 } from "commander";
 
 // src/commands/init.ts
 import { Command } from "commander";
@@ -9,25 +9,24 @@ import { PrivacyLevel } from "@sip-protocol/types";
 
 // src/utils/config.ts
 import Conf from "conf";
-var schema = {
-  network: {
-    type: "string",
-    default: "testnet"
-  },
-  defaultPrivacy: {
-    type: "string",
-    default: "transparent"
-  }
-};
 var store = new Conf({
   projectName: "sip-protocol",
-  schema
+  defaults: {
+    network: "testnet",
+    defaultPrivacy: "transparent"
+  }
 });
-function getConfig() {
+function getConfig(key) {
+  if (key) {
+    return store.get(key);
+  }
   return {
     network: store.get("network"),
     defaultPrivacy: store.get("defaultPrivacy"),
     defaultChain: store.get("defaultChain"),
+    primaryChain: store.get("primaryChain"),
+    metaAddress: store.get("metaAddress"),
+    viewingKeys: store.get("viewingKeys"),
     rpcEndpoints: store.get("rpcEndpoints")
   };
 }
@@ -64,6 +63,13 @@ ${message}
 function keyValue(key, value) {
   console.log(chalk.gray(`  ${key}:`), chalk.white(String(value)));
 }
+function json(data) {
+  console.log(JSON.stringify(
+    data,
+    (_, value) => typeof value === "bigint" ? value.toString() : value,
+    2
+  ));
+}
 function spinner(text) {
   return ora(text).start();
 }
@@ -92,6 +98,9 @@ function formatHash(hash, length = 8) {
   if (hash.length <= length * 2) return hash;
   return `${hash.slice(0, length)}...${hash.slice(-length)}`;
 }
+function divider() {
+  console.log(chalk.gray("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"));
+}
 
 // src/commands/init.ts
 function createInitCommand() {
@@ -127,35 +136,85 @@ import {
   isEd25519Chain,
   encodeStealthMetaAddress
 } from "@sip-protocol/sdk";
+import * as fs from "fs";
+import * as path from "path";
+function formatKeysAsText(data) {
+  return [
+    `# SIP Stealth Meta-Address Keys`,
+    `# Generated: ${data.generatedAt}`,
+    `# Chain: ${data.chain}`,
+    ``,
+    `## Public Keys (safe to share)`,
+    `SPENDING_PUBLIC_KEY=${data.spendingPublicKey}`,
+    `VIEWING_PUBLIC_KEY=${data.viewingPublicKey}`,
+    `META_ADDRESS=${data.metaAddress}`,
+    ``,
+    `## Private Keys (KEEP SECRET!)`,
+    `SPENDING_PRIVATE_KEY=${data.spendingPrivateKey}`,
+    `VIEWING_PRIVATE_KEY=${data.viewingPrivateKey}`,
+    ``,
+    `# WARNING: Delete this file after securely storing the keys!`
+  ].join("\n");
+}
 function createKeygenCommand() {
-  return new Command2("keygen").description("Generate stealth meta-address").option("-c, --chain <chain>", "Target chain (ethereum, solana, near)", "ethereum").option("--spending-key <key>", "Spending private key (hex)").option("--viewing-key <key>", "Viewing private key (hex)").action(async (options) => {
+  return new Command2("keygen").description("Generate stealth meta-address").option("-c, --chain <chain>", "Target chain (ethereum, solana, near)", "ethereum").option("--spending-key <key>", "Spending private key (hex)").option("--viewing-key <key>", "Viewing private key (hex)").option("-o, --output-file <path>", "Output file for keys (enables secure export)").option("-f, --format <format>", "Output format: json or text", "json").action(async (options) => {
     try {
       heading("Generate Stealth Meta-Address");
       const chain = options.chain;
       const useEd25519 = isEd25519Chain(chain);
-      let metaAddress;
+      const format = options.format || "json";
+      let result;
       if (useEd25519) {
         if (options.spendingKey || options.viewingKey) {
           warning("Ed25519 chains do not support custom keys in CLI yet");
         }
-        metaAddress = generateEd25519StealthMetaAddress(chain);
+        result = generateEd25519StealthMetaAddress(chain);
       } else {
-        metaAddress = generateStealthMetaAddress(chain);
+        result = generateStealthMetaAddress(chain);
       }
       success("Stealth meta-address generated");
       keyValue("Chain", chain);
-      const spendingPubKey = metaAddress.metaAddress.spendingKey;
-      const viewingPubKey = metaAddress.metaAddress.viewingKey;
-      const spendingPrivKey = metaAddress.spendingPrivateKey;
-      const viewingPrivKey = metaAddress.viewingPrivateKey;
+      const spendingPubKey = result.metaAddress.spendingKey;
+      const viewingPubKey = result.metaAddress.viewingKey;
+      const spendingPrivKey = result.spendingPrivateKey;
+      const viewingPrivKey = result.viewingPrivateKey;
+      const encoded = encodeStealthMetaAddress(result.metaAddress);
       keyValue("Spending Public Key", spendingPubKey);
       keyValue("Viewing Public Key", viewingPubKey);
-      const encoded = encodeStealthMetaAddress(metaAddress.metaAddress);
       keyValue("Encoded Address", encoded);
       console.log();
-      warning("PRIVATE KEYS - Keep these secure!");
-      keyValue("Spending Private Key", spendingPrivKey);
-      keyValue("Viewing Private Key", viewingPrivKey);
+      if (options.outputFile) {
+        const outputPath = path.resolve(options.outputFile);
+        const dir = path.dirname(outputPath);
+        if (dir !== "." && dir !== "/") {
+          fs.mkdirSync(dir, { recursive: true });
+        }
+        const exportData = {
+          chain,
+          spendingPublicKey: spendingPubKey,
+          viewingPublicKey: viewingPubKey,
+          spendingPrivateKey: spendingPrivKey,
+          viewingPrivateKey: viewingPrivKey,
+          metaAddress: encoded,
+          generatedAt: (/* @__PURE__ */ new Date()).toISOString()
+        };
+        const content = format === "json" ? JSON.stringify(exportData, null, 2) : formatKeysAsText(exportData);
+        fs.writeFileSync(outputPath, content, {
+          mode: 384,
+          encoding: "utf-8"
+        });
+        success(`Keys exported to: ${outputPath}`);
+        warning("SECURITY: File permissions set to 600 (owner only)");
+        warning("SECURITY: Delete this file after securely storing the keys!");
+        info("Private keys NOT displayed in terminal for security");
+      } else {
+        warning("PRIVATE KEYS - Keep these secure!");
+        keyValue("Spending Private Key", spendingPrivKey);
+        keyValue("Viewing Private Key", viewingPrivKey);
+        console.log();
+        info("TIP: Use --output-file for secure key export:");
+        info("  sip keygen --chain solana --output-file ./keys.json");
+      }
     } catch (err) {
       console.error("Failed to generate keys:", err);
       process.exit(1);
@@ -338,8 +397,8 @@ function createQuoteCommand() {
       const quotes = await sip.getQuotes(intent);
       spin.succeed(`Found ${quotes.length} quote(s)`);
       if (quotes.length === 0) {
-        console.log("\nNo quotes available");
-        return;
+        console.error("\nNo quotes available");
+        process.exit(1);
       }
       console.log();
       const headers = ["Solver", "Output Amount", "Fee", "Time (s)"];
@@ -367,7 +426,7 @@ function createQuoteCommand() {
 import { Command as Command7 } from "commander";
 import { createSIP as createSIP2, NATIVE_TOKENS as NATIVE_TOKENS2 } from "@sip-protocol/sdk";
 function createSwapCommand() {
-  return new Command7("swap").description("Execute swap").argument("<from-chain>", "Source chain (e.g., ethereum, solana)").argument("<to-chain>", "Destination chain").argument("<amount>", "Amount to swap").option("-t, --token <symbol>", "Token symbol (default: native token)").option("-p, --privacy <level>", "Privacy level (transparent|shielded|compliant)").option("-r, --recipient <address>", "Recipient address (optional)").option("--solver <id>", "Specific solver to use").action(async (fromChain, toChain, amountStr, options) => {
+  return new Command7("swap").description("Execute swap").argument("<from-chain>", "Source chain (e.g., ethereum, solana)").argument("<to-chain>", "Destination chain").argument("<amount>", "Amount to swap").option("-t, --token <symbol>", "Token symbol (default: native token)").option("-p, --privacy <level>", "Privacy level (transparent|shielded|compliant)").option("-r, --recipient <address>", "Recipient address (optional)").option("-s, --slippage <percent>", "Slippage tolerance in percent (default: 5)", parseFloat).option("--solver <id>", "Specific solver to use").action(async (fromChain, toChain, amountStr, options) => {
     try {
       heading("Execute Swap");
       const config = getConfig();
@@ -386,7 +445,10 @@ function createSwapCommand() {
         address: null,
         decimals: 18
       };
+      const slippagePercent = Math.min(Math.max(options.slippage ?? 5, 0), 100);
+      const slippageTolerance = slippagePercent / 100;
       info("Creating shielded intent...");
+      info(`Slippage tolerance: ${slippagePercent}%`);
       const intent = await sip.createIntent({
         input: {
           asset: inputAsset,
@@ -396,8 +458,8 @@ function createSwapCommand() {
           asset: outputAsset,
           minAmount: 0n,
           // Accept any amount
-          maxSlippage: 0.05
-          // 5% slippage tolerance
+          maxSlippage: slippageTolerance
+          // User-configurable slippage
         },
         privacy,
         recipientMetaAddress: options.recipient
@@ -439,9 +501,40 @@ Solver not found: ${options.solver}`);
 
 // src/commands/scan.ts
 import { Command as Command8 } from "commander";
-import { checkStealthAddress, checkEd25519StealthAddress, isEd25519Chain as isEd25519Chain2 } from "@sip-protocol/sdk";
+import {
+  checkStealthAddress,
+  checkEd25519StealthAddressV1,
+  checkSecp256k1StealthAddressV1,
+  deriveStealthPrivateKey,
+  deriveStealthPrivateKeyV1,
+  isEd25519Chain as isEd25519Chain2,
+  parseStealthAddress
+} from "@sip-protocol/sdk";
+import { ed25519 } from "@noble/curves/ed25519";
+import { secp256k1 } from "@noble/curves/secp256k1";
+import { bytesToHex, hexToBytes } from "@noble/hashes/utils";
+import * as fs2 from "fs";
+import * as path2 from "path";
+function formatScanResultsAsText(results, exportedAt) {
+  const lines = [
+    `# SIP Scan Results`,
+    `# Exported: ${exportedAt}`,
+    `# Found: ${results.length} stealth payment(s)`,
+    ``
+  ];
+  for (const r of results) {
+    lines.push(`## Address: ${r.address}`);
+    lines.push(`CHAIN=${r.chain}`);
+    if (r.privateKey) {
+      lines.push(`PRIVATE_KEY=${r.privateKey}`);
+    }
+    lines.push(``);
+  }
+  lines.push(`# WARNING: Delete this file after importing keys to your wallet!`);
+  return lines.join("\n");
+}
 function createScanCommand() {
-  return new Command8("scan").description("Scan for stealth payments").requiredOption("-c, --chain <chain>", "Chain to scan (ethereum, solana, near)").requiredOption("-s, --spending-key <key>", "Your spending private key (hex)").requiredOption("-v, --viewing-key <key>", "Your viewing private key (hex)").option("-a, --addresses <addresses...>", "Specific addresses to check").action(async (options) => {
+  return new Command8("scan").description("Scan for stealth payments").requiredOption("-c, --chain <chain>", "Chain to scan (ethereum, solana, near)").requiredOption("-s, --spending-key <key>", "Your spending private key (hex)").requiredOption("-v, --viewing-key <key>", "Your viewing private key (hex)").option("-a, --addresses <addresses...>", "Specific addresses to check").option("-o, --output-file <path>", "Output file for private keys (required to export keys)").option("-f, --format <format>", "Output format: json or text", "json").action(async (options) => {
     try {
       heading("Scan for Stealth Payments");
       const chain = options.chain;
@@ -449,31 +542,35 @@ function createScanCommand() {
       info(`Scanning ${chain} for stealth payments...`);
       info(`Using ${useEd25519 ? "ed25519" : "secp256k1"} curve`);
       if (!options.addresses || options.addresses.length === 0) {
-        warning("No addresses provided. Specify addresses with -a flag.");
-        info("Example: sip scan -c ethereum -s 0x... -v 0x... -a 0xabc... 0xdef...");
-        return;
+        console.error("No addresses provided. Specify addresses with -a flag.");
+        console.error("Example: sip scan -c ethereum -s 0x... -v 0x... -a 0xabc... 0xdef...");
+        process.exit(1);
       }
       const results = [];
       for (const address of options.addresses) {
         try {
+          const stealthAddr = parseStealthAddress(address);
           let result;
-          if (useEd25519) {
-            result = checkEd25519StealthAddress(
-              address,
-              options.spendingKey,
-              options.viewingKey
-            );
+          const spendingPubKey = useEd25519 ? `0x${bytesToHex(ed25519.getPublicKey(hexToBytes(options.spendingKey.slice(2))))}` : `0x${bytesToHex(secp256k1.getPublicKey(hexToBytes(options.spendingKey.slice(2)), true))}`;
+          let isMine = checkStealthAddress(stealthAddr, options.viewingKey, spendingPubKey);
+          let isLegacy = false;
+          if (!isMine) {
+            const legacyMatch = useEd25519 ? checkEd25519StealthAddressV1(stealthAddr, options.spendingKey, options.viewingKey) : checkSecp256k1StealthAddressV1(stealthAddr, options.spendingKey, options.viewingKey);
+            if (legacyMatch) {
+              isMine = true;
+              isLegacy = true;
+            }
+          }
+          if (isMine) {
+            const derivedKey = isLegacy ? deriveStealthPrivateKeyV1(stealthAddr, options.spendingKey, options.viewingKey) : deriveStealthPrivateKey(stealthAddr, options.spendingKey, options.viewingKey);
+            result = { isMine: true, stealthPrivateKey: derivedKey.privateKey };
           } else {
-            result = checkStealthAddress(
-              address,
-              options.spendingKey,
-              options.viewingKey
-            );
+            result = { isMine: false };
           }
           results.push({
             address,
             isMine: result.isMine,
-            privateKey: result.isMine ? result.stealthPrivateKey : void 0
+            privateKey: result.stealthPrivateKey
           });
         } catch (err) {
           results.push({
@@ -487,15 +584,34 @@ function createScanCommand() {
       success(`Scanned ${results.length} address(es), found ${foundCount} stealth payment(s)`);
       if (foundCount > 0) {
         console.log();
-        const headers = ["Address", "Match", "Private Key"];
+        const headers = ["Address", "Match"];
         const rows = results.filter((r) => r.isMine).map((r) => [
-          r.address.slice(0, 10) + "...",
-          "Yes",
-          r.privateKey ? r.privateKey.slice(0, 10) + "..." : "N/A"
+          r.address.slice(0, 16) + "..." + r.address.slice(-8),
+          "Yes"
         ]);
         table(headers, rows);
         console.log();
-        warning("Store the private keys securely to access these funds");
+        if (options.outputFile) {
+          const outputPath = path2.resolve(options.outputFile);
+          const format = options.format || "json";
+          const exportedAt = (/* @__PURE__ */ new Date()).toISOString();
+          const exportData = results.filter((r) => r.isMine).map((r) => ({
+            address: r.address,
+            privateKey: r.privateKey,
+            chain: options.chain
+          }));
+          const content = format === "json" ? JSON.stringify(exportData.map((d) => ({ ...d, exportedAt })), null, 2) : formatScanResultsAsText(exportData, exportedAt);
+          fs2.writeFileSync(outputPath, content, {
+            mode: 384,
+            encoding: "utf-8"
+          });
+          success(`Private keys exported to: ${outputPath}`);
+          warning("SECURITY: Delete this file after importing keys to your wallet!");
+          warning("SECURITY: File permissions set to 600 (owner only)");
+        } else {
+          info("Private keys not exported (use --output-file to export securely)");
+          warning("Keys are NOT displayed in terminal for security reasons");
+        }
       } else {
         info("No stealth payments found");
       }
@@ -506,15 +622,1281 @@ function createScanCommand() {
   });
 }
 
+// src/commands/setup.ts
+import { Command as Command9 } from "commander";
+import prompts from "prompts";
+import chalk2 from "chalk";
+import ora2 from "ora";
+import {
+  generateStealthMetaAddress as generateStealthMetaAddress2,
+  generateEd25519StealthMetaAddress as generateEd25519StealthMetaAddress2,
+  encodeStealthMetaAddress as encodeStealthMetaAddress2,
+  isEd25519Chain as isEd25519Chain3
+} from "@sip-protocol/sdk";
+import { PrivacyLevel as PrivacyLevel2 } from "@sip-protocol/types";
+var CHAINS = [
+  { title: "Solana", value: "solana", description: "Fast, low-cost transactions" },
+  { title: "Ethereum", value: "ethereum", description: "EVM mainnet" },
+  { title: "NEAR", value: "near", description: "Sharded, scalable" },
+  { title: "Arbitrum", value: "arbitrum", description: "Ethereum L2" },
+  { title: "Base", value: "base", description: "Coinbase L2" }
+];
+var PRIVACY_LEVELS = [
+  {
+    title: "Transparent",
+    value: PrivacyLevel2.TRANSPARENT,
+    description: "No privacy (like standard transactions)"
+  },
+  {
+    title: "Shielded",
+    value: PrivacyLevel2.SHIELDED,
+    description: "Full privacy - hidden sender, amount, recipient"
+  },
+  {
+    title: "Compliant",
+    value: PrivacyLevel2.COMPLIANT,
+    description: "Privacy with viewing keys for auditors"
+  }
+];
+function createSetupCommand() {
+  return new Command9("setup").description("Interactive setup wizard for SIP Protocol").option("--quick", "Quick setup with defaults").action(async (options) => {
+    console.clear();
+    console.log();
+    console.log(chalk2.bold.magenta("  \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557"));
+    console.log(chalk2.bold.magenta("  \u2551                                           \u2551"));
+    console.log(chalk2.bold.magenta("  \u2551") + chalk2.bold.white("   \u{1F6E1}\uFE0F  SIP Protocol Setup Wizard  \u{1F6E1}\uFE0F   ") + chalk2.bold.magenta("\u2551"));
+    console.log(chalk2.bold.magenta("  \u2551                                           \u2551"));
+    console.log(chalk2.bold.magenta("  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D"));
+    console.log();
+    console.log(chalk2.gray("  Privacy layer for cross-chain transactions"));
+    console.log();
+    if (options.quick) {
+      await quickSetup();
+      return;
+    }
+    console.log(chalk2.cyan.bold("  Step 1 of 4: ") + chalk2.white("Network Configuration"));
+    console.log();
+    const networkResponse = await prompts([
+      {
+        type: "select",
+        name: "network",
+        message: "Which network do you want to use?",
+        choices: [
+          { title: "Testnet / Devnet", value: "testnet", description: "For development and testing" },
+          { title: "Mainnet", value: "mainnet", description: "Production network" }
+        ],
+        initial: 0
+      }
+    ]);
+    if (!networkResponse.network) {
+      console.log(chalk2.yellow("\n  Setup cancelled."));
+      return;
+    }
+    console.log();
+    console.log(chalk2.cyan.bold("  Step 2 of 4: ") + chalk2.white("Primary Chain"));
+    console.log();
+    const chainResponse = await prompts([
+      {
+        type: "select",
+        name: "chain",
+        message: "Which chain will you use primarily?",
+        choices: CHAINS,
+        initial: 0
+      }
+    ]);
+    if (!chainResponse.chain) {
+      console.log(chalk2.yellow("\n  Setup cancelled."));
+      return;
+    }
+    console.log();
+    console.log(chalk2.cyan.bold("  Step 3 of 4: ") + chalk2.white("Default Privacy Level"));
+    console.log();
+    const privacyResponse = await prompts([
+      {
+        type: "select",
+        name: "privacy",
+        message: "What privacy level do you want by default?",
+        choices: PRIVACY_LEVELS,
+        initial: 1
+        // Default to shielded
+      }
+    ]);
+    if (!privacyResponse.privacy) {
+      console.log(chalk2.yellow("\n  Setup cancelled."));
+      return;
+    }
+    console.log();
+    console.log(chalk2.cyan.bold("  Step 4 of 4: ") + chalk2.white("Key Generation"));
+    console.log();
+    const keyResponse = await prompts([
+      {
+        type: "confirm",
+        name: "generateKeys",
+        message: "Generate stealth meta-address now?",
+        initial: true
+      }
+    ]);
+    const spinner2 = ora2("Saving configuration...").start();
+    try {
+      setConfig("network", networkResponse.network);
+      setConfig("primaryChain", chainResponse.chain);
+      setConfig("defaultPrivacy", privacyResponse.privacy);
+      spinner2.succeed("Configuration saved");
+    } catch (err) {
+      spinner2.fail("Failed to save configuration");
+      console.error(err);
+      process.exit(1);
+    }
+    if (keyResponse.generateKeys) {
+      console.log();
+      const keySpinner = ora2("Generating stealth meta-address...").start();
+      try {
+        const chain = chainResponse.chain;
+        const useEd25519 = isEd25519Chain3(chain);
+        const metaAddress = useEd25519 ? generateEd25519StealthMetaAddress2(chain) : generateStealthMetaAddress2(chain);
+        keySpinner.succeed("Keys generated");
+        console.log();
+        console.log(chalk2.bold.green("  \u2713 Stealth Meta-Address Generated"));
+        console.log();
+        console.log(chalk2.gray("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510"));
+        console.log(chalk2.gray("  \u2502 ") + chalk2.cyan("Chain:           ") + chalk2.white(chain.padEnd(30)) + chalk2.gray(" \u2502"));
+        console.log(chalk2.gray("  \u2502 ") + chalk2.cyan("Curve:           ") + chalk2.white((useEd25519 ? "ed25519" : "secp256k1").padEnd(30)) + chalk2.gray(" \u2502"));
+        console.log(chalk2.gray("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518"));
+        console.log();
+        const encoded = encodeStealthMetaAddress2(metaAddress.metaAddress);
+        console.log(chalk2.bold("  Encoded Meta-Address (share this):"));
+        console.log(chalk2.green(`  ${encoded}`));
+        console.log();
+        console.log(chalk2.bold.yellow("  \u26A0\uFE0F  PRIVATE KEYS - Store securely!"));
+        console.log();
+        console.log(chalk2.gray("  Spending Key: ") + chalk2.dim(metaAddress.spendingPrivateKey));
+        console.log(chalk2.gray("  Viewing Key:  ") + chalk2.dim(metaAddress.viewingPrivateKey));
+        console.log();
+        setConfig("metaAddress", encoded);
+      } catch (err) {
+        keySpinner.fail("Failed to generate keys");
+        console.error(err instanceof Error ? err.message : err);
+      }
+    }
+    console.log();
+    divider();
+    console.log();
+    console.log(chalk2.bold.green("  \u{1F389} Setup Complete!"));
+    console.log();
+    console.log(chalk2.gray("  Configuration:"));
+    console.log(chalk2.gray("  \u251C\u2500 Network:  ") + chalk2.white(networkResponse.network));
+    console.log(chalk2.gray("  \u251C\u2500 Chain:    ") + chalk2.white(chainResponse.chain));
+    console.log(chalk2.gray("  \u251C\u2500 Privacy:  ") + chalk2.white(privacyResponse.privacy));
+    console.log(chalk2.gray("  \u2514\u2500 Config:   ") + chalk2.dim(getConfigPath()));
+    console.log();
+    console.log(chalk2.cyan("  Next steps:"));
+    console.log(chalk2.gray("  1. ") + chalk2.white("sip keygen") + chalk2.gray(" - Generate more stealth addresses"));
+    console.log(chalk2.gray("  2. ") + chalk2.white("sip quote") + chalk2.gray("  - Get a swap quote"));
+    console.log(chalk2.gray("  3. ") + chalk2.white("sip scan") + chalk2.gray("   - Scan for incoming payments"));
+    console.log();
+  });
+}
+async function quickSetup() {
+  const spinner2 = ora2("Quick setup with defaults...").start();
+  try {
+    setConfig("network", "testnet");
+    setConfig("primaryChain", "solana");
+    setConfig("defaultPrivacy", PrivacyLevel2.SHIELDED);
+    const metaAddress = generateEd25519StealthMetaAddress2("solana");
+    const encoded = encodeStealthMetaAddress2(metaAddress.metaAddress);
+    setConfig("metaAddress", encoded);
+    spinner2.succeed("Quick setup complete");
+    console.log();
+    console.log(chalk2.green("  \u2713 Network: testnet"));
+    console.log(chalk2.green("  \u2713 Chain: solana"));
+    console.log(chalk2.green("  \u2713 Privacy: shielded"));
+    console.log(chalk2.green("  \u2713 Keys generated"));
+    console.log();
+    console.log(chalk2.bold("  Meta-Address:"));
+    console.log(chalk2.cyan(`  ${encoded}`));
+    console.log();
+    console.log(chalk2.yellow("  \u26A0\uFE0F  Run ") + chalk2.white("sip setup") + chalk2.yellow(" for full interactive setup"));
+    console.log();
+  } catch (err) {
+    spinner2.fail("Quick setup failed");
+    console.error(err);
+    process.exit(1);
+  }
+}
+
+// src/commands/stealth.ts
+import { Command as Command10 } from "commander";
+import prompts2 from "prompts";
+import chalk3 from "chalk";
+import ora3 from "ora";
+import {
+  generateStealthAddress,
+  generateEd25519StealthAddress,
+  decodeStealthMetaAddress,
+  isEd25519Chain as isEd25519Chain4,
+  ed25519PublicKeyToSolanaAddress,
+  ed25519PublicKeyToNearAddress,
+  publicKeyToEthAddress,
+  deriveStealthPrivateKey as deriveStealthPrivateKey2,
+  deriveEd25519StealthPrivateKey,
+  solanaAddressToEd25519PublicKey
+} from "@sip-protocol/sdk";
+function createStealthCommand() {
+  const cmd = new Command10("stealth").description("Generate one-time stealth addresses");
+  cmd.command("generate").alias("gen").description("Generate a one-time stealth address from a meta-address").option("-m, --meta <address>", "Recipient meta-address (or use saved)").option("-c, --chain <chain>", "Target chain (auto-detected from meta-address)").option("-i, --interactive", "Interactive mode").action(async (options) => {
+    heading("Generate Stealth Address");
+    let metaAddressStr = options.meta;
+    if (options.interactive || !metaAddressStr) {
+      const savedMeta = getConfig("metaAddress");
+      const response = await prompts2([
+        {
+          type: "text",
+          name: "meta",
+          message: "Enter recipient meta-address:",
+          initial: savedMeta || "",
+          validate: (value) => value.startsWith("sip:") ? true : "Must be a valid SIP meta-address (sip:...)"
+        }
+      ]);
+      if (!response.meta) {
+        console.log(chalk3.yellow("Cancelled."));
+        return;
+      }
+      metaAddressStr = response.meta;
+    }
+    const spinner2 = ora3("Generating stealth address...").start();
+    try {
+      const metaAddress = decodeStealthMetaAddress(metaAddressStr);
+      const chain = metaAddress.chain;
+      const useEd25519 = isEd25519Chain4(chain);
+      const result = useEd25519 ? generateEd25519StealthAddress(metaAddress) : generateStealthAddress(metaAddress);
+      const stealthPubKey = result.stealthAddress.address;
+      const ephemeralPubKey = result.stealthAddress.ephemeralPublicKey;
+      let chainAddress;
+      if (useEd25519) {
+        if (chain === "solana") {
+          chainAddress = ed25519PublicKeyToSolanaAddress(stealthPubKey);
+        } else if (chain === "near") {
+          chainAddress = ed25519PublicKeyToNearAddress(stealthPubKey);
+        } else {
+          chainAddress = stealthPubKey;
+        }
+      } else {
+        chainAddress = publicKeyToEthAddress(stealthPubKey);
+      }
+      spinner2.succeed("Stealth address generated");
+      console.log();
+      keyValue("Chain", chain);
+      keyValue("Curve", useEd25519 ? "ed25519" : "secp256k1");
+      console.log();
+      console.log(chalk3.bold.green("  One-Time Address (send funds here):"));
+      console.log(chalk3.cyan(`  ${chainAddress}`));
+      console.log();
+      console.log(chalk3.bold("  Ephemeral Public Key (publish for recipient):"));
+      console.log(chalk3.gray(`  ${ephemeralPubKey}`));
+      console.log();
+      warning("The ephemeral key must be published so the recipient can find and claim funds.");
+    } catch (err) {
+      spinner2.fail("Failed to generate stealth address");
+      console.error(err instanceof Error ? err.message : err);
+      process.exit(1);
+    }
+  });
+  cmd.command("derive").description("Derive spending key from stealth address (to claim funds)").requiredOption("-a, --stealth-address <address>", "Stealth address where funds were sent").requiredOption("-e, --ephemeral <key>", "Ephemeral public key from sender announcement").requiredOption("-s, --spending-key <key>", "Your spending private key (hex)").requiredOption("-v, --viewing-key <key>", "Your viewing private key (hex)").option("-c, --chain <chain>", "Chain (solana, ethereum, near)", "solana").action(async (options) => {
+    heading("Derive Stealth Spending Key");
+    warning("This is for advanced users. Keep your derived private key secure!");
+    console.log();
+    const spinner2 = ora3("Deriving stealth private key...").start();
+    try {
+      const chain = options.chain;
+      const useEd25519 = isEd25519Chain4(chain);
+      const spendingKey = normalizeHexKey(options.spendingKey);
+      const viewingKey = normalizeHexKey(options.viewingKey);
+      const ephemeralKey = normalizeHexKey(options.ephemeral);
+      let stealthPubKeyHex;
+      if (useEd25519 && chain === "solana") {
+        stealthPubKeyHex = solanaAddressToEd25519PublicKey(options.stealthAddress);
+      } else if (options.stealthAddress.startsWith("0x")) {
+        stealthPubKeyHex = options.stealthAddress;
+      } else {
+        throw new Error("Stealth address must be base58 (Solana) or hex (0x...)");
+      }
+      const stealthAddressObj = {
+        address: stealthPubKeyHex,
+        ephemeralPublicKey: ephemeralKey,
+        viewTag: 0
+        // Not needed for derivation
+      };
+      const recovery = useEd25519 ? deriveEd25519StealthPrivateKey(
+        stealthAddressObj,
+        spendingKey,
+        viewingKey
+      ) : deriveStealthPrivateKey2(
+        stealthAddressObj,
+        spendingKey,
+        viewingKey
+      );
+      spinner2.succeed("Stealth private key derived");
+      console.log();
+      keyValue("Chain", chain);
+      keyValue("Curve", useEd25519 ? "ed25519" : "secp256k1");
+      console.log();
+      console.log(chalk3.bold.green("  Derived Private Key (use to claim funds):"));
+      console.log(chalk3.cyan(`  ${recovery.privateKey}`));
+      console.log();
+      console.log(chalk3.bold("  Stealth Address:"));
+      console.log(chalk3.gray(`  ${recovery.stealthAddress}`));
+      console.log();
+      warning("Never share your private key! Use it to sign transactions claiming your funds.");
+      console.log();
+      info3("Next steps:");
+      console.log(chalk3.gray("  1. Import this key into a wallet or use SDK to claim"));
+      console.log(chalk3.gray("  2. Transfer funds from stealth address to your main wallet"));
+      console.log(chalk3.gray("  3. Securely delete this private key after claiming"));
+      console.log();
+    } catch (err) {
+      spinner2.fail("Failed to derive stealth key");
+      console.error(err instanceof Error ? err.message : err);
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+function info3(message) {
+  console.log(chalk3.blue("\u2139"), message);
+}
+function normalizeHexKey(key) {
+  if (key.startsWith("0x")) {
+    return key;
+  }
+  return `0x${key}`;
+}
+
+// src/commands/viewing-key.ts
+import { Command as Command11 } from "commander";
+import prompts3 from "prompts";
+import chalk4 from "chalk";
+import ora4 from "ora";
+import { generateViewingKey } from "@sip-protocol/sdk";
+function createViewingKeyCommand() {
+  const cmd = new Command11("viewing-key").alias("vk").description("Manage viewing keys for selective disclosure");
+  cmd.command("generate").alias("gen").description("Generate a new viewing key").option("-p, --path <path>", 'Key derivation path (e.g., "payments/2024")').option("-i, --interactive", "Interactive mode").action(async (options) => {
+    heading("Generate Viewing Key");
+    let path3 = options.path;
+    if (options.interactive || !path3) {
+      const response = await prompts3([
+        {
+          type: "text",
+          name: "path",
+          message: "Enter a label or path for this viewing key:",
+          initial: `audit/${Date.now()}`,
+          validate: (value) => value.length > 0 ? true : "Path is required"
+        },
+        {
+          type: "text",
+          name: "description",
+          message: "Description (optional):"
+        }
+      ]);
+      if (!response.path) {
+        console.log(chalk4.yellow("Cancelled."));
+        return;
+      }
+      path3 = response.path;
+    }
+    const spinner2 = ora4("Generating viewing key...").start();
+    try {
+      const viewingKey = generateViewingKey(path3);
+      spinner2.succeed("Viewing key generated");
+      console.log();
+      keyValue("Path", viewingKey.path);
+      keyValue("Hash", viewingKey.hash);
+      console.log();
+      console.log(chalk4.bold.green("  Viewing Key (share with auditors):"));
+      console.log(chalk4.cyan(`  ${viewingKey.key}`));
+      console.log();
+      console.log(chalk4.bold("  Key Hash (for verification):"));
+      console.log(chalk4.gray(`  ${viewingKey.hash}`));
+      console.log();
+      warning("Share the viewing key with authorized parties only.");
+      console.log(chalk4.gray("  They can view transactions but cannot spend funds."));
+      console.log();
+      const saveResponse = await prompts3([
+        {
+          type: "confirm",
+          name: "save",
+          message: "Save this viewing key to config?",
+          initial: false
+        }
+      ]);
+      if (saveResponse.save) {
+        const existingKeys = getConfig("viewingKeys") || {};
+        existingKeys[path3] = viewingKey.key;
+        setConfig("viewingKeys", existingKeys);
+        success("Viewing key saved to config");
+      }
+    } catch (err) {
+      spinner2.fail("Failed to generate viewing key");
+      console.error(err instanceof Error ? err.message : err);
+      process.exit(1);
+    }
+  });
+  cmd.command("list").alias("ls").description("List saved viewing keys").action(async () => {
+    heading("Saved Viewing Keys");
+    const keys = getConfig("viewingKeys") || {};
+    const entries = Object.entries(keys);
+    if (entries.length === 0) {
+      console.log(chalk4.gray("  No viewing keys saved."));
+      console.log(chalk4.gray("  Run: sip viewing-key generate -i"));
+      console.log();
+      return;
+    }
+    console.log();
+    entries.forEach(([path3, key]) => {
+      console.log(chalk4.cyan(`  ${path3}`));
+      console.log(chalk4.gray(`    ${key.slice(0, 20)}...${key.slice(-10)}`));
+      console.log();
+    });
+  });
+  cmd.command("share").description("Create a shareable viewing key disclosure").option("-p, --path <path>", "Viewing key path to share").option("-e, --expires <date>", "Expiration date (ISO format)").option("-s, --scope <scope>", "Scope of disclosure (all, treasury, payments)").action(async (options) => {
+    heading("Create Viewing Key Disclosure");
+    const keys = getConfig("viewingKeys") || {};
+    const entries = Object.entries(keys);
+    if (entries.length === 0) {
+      console.log(chalk4.yellow("  No viewing keys saved."));
+      console.log(chalk4.gray("  Run: sip viewing-key generate -i first"));
+      console.log();
+      return;
+    }
+    const response = await prompts3([
+      {
+        type: "select",
+        name: "path",
+        message: "Select viewing key to share:",
+        choices: entries.map(([path3]) => ({ title: path3, value: path3 }))
+      },
+      {
+        type: "select",
+        name: "scope",
+        message: "Disclosure scope:",
+        choices: [
+          { title: "All transactions", value: "all" },
+          { title: "Treasury only", value: "treasury" },
+          { title: "Payments only", value: "payments" },
+          { title: "Custom time range", value: "custom" }
+        ]
+      },
+      {
+        type: "text",
+        name: "recipient",
+        message: "Recipient (auditor, regulator, etc.):"
+      }
+    ]);
+    if (!response.path) {
+      console.log(chalk4.yellow("Cancelled."));
+      return;
+    }
+    const key = keys[response.path];
+    console.log();
+    console.log(chalk4.bold.green("  \u{1F4CB} Viewing Key Disclosure"));
+    console.log();
+    console.log(chalk4.gray("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510"));
+    console.log(chalk4.gray("  \u2502 ") + chalk4.cyan("Path:      ") + chalk4.white(response.path.padEnd(36)) + chalk4.gray(" \u2502"));
+    console.log(chalk4.gray("  \u2502 ") + chalk4.cyan("Scope:     ") + chalk4.white(response.scope.padEnd(36)) + chalk4.gray(" \u2502"));
+    console.log(chalk4.gray("  \u2502 ") + chalk4.cyan("Recipient: ") + chalk4.white((response.recipient || "Not specified").padEnd(36)) + chalk4.gray(" \u2502"));
+    console.log(chalk4.gray("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518"));
+    console.log();
+    console.log(chalk4.bold("  Viewing Key:"));
+    console.log(chalk4.cyan(`  ${key}`));
+    console.log();
+    console.log(chalk4.gray("  The recipient can use this key to view transactions"));
+    console.log(chalk4.gray("  matching the specified scope, but cannot spend funds."));
+    console.log();
+  });
+  return cmd;
+}
+
+// src/commands/backends.ts
+import { Command as Command12 } from "commander";
+import {
+  PrivacyBackendRegistry,
+  SIPNativeBackend
+} from "@sip-protocol/sdk";
+import chalk5 from "chalk";
+function createDefaultRegistry() {
+  const registry = new PrivacyBackendRegistry({ enableHealthTracking: true });
+  registry.register(new SIPNativeBackend());
+  return registry;
+}
+function collectBackendInfo(registry) {
+  const entries = registry.getAllEntries();
+  const healthTracker = registry.getHealthTracker();
+  const results = [];
+  for (const entry of entries) {
+    const backend = entry.backend;
+    const caps = backend.getCapabilities();
+    let healthy = true;
+    let failures = 0;
+    if (healthTracker) {
+      const health = healthTracker.getHealth(backend.name);
+      if (health) {
+        healthy = health.isHealthy;
+        failures = health.consecutiveFailures;
+      }
+    }
+    results.push({
+      name: backend.name,
+      type: backend.type,
+      chains: [...backend.chains],
+      healthy,
+      failures,
+      enabled: entry.enabled,
+      compliance: caps.complianceSupport
+    });
+  }
+  return results;
+}
+function createBackendsCommand() {
+  const cmd = new Command12("backends").description("Manage and list privacy backends");
+  cmd.command("list").description("List all registered privacy backends").option("--health", "Show health status").option("--metrics", "Show detailed metrics").option("--json", "Output as JSON").option("--type <type>", "Filter by type (transaction, compute, both)").option("--chain <chain>", "Filter by chain support").action(async (options) => {
+    try {
+      const registry = createDefaultRegistry();
+      let backends = collectBackendInfo(registry);
+      if (options.type) {
+        backends = backends.filter((b) => b.type === options.type || b.type === "both");
+      }
+      if (options.chain) {
+        backends = backends.filter((b) => b.chains.includes(options.chain));
+      }
+      if (options.json) {
+        json({
+          backends: backends.map((b) => ({
+            ...b,
+            chains: b.chains
+          })),
+          total: backends.length,
+          healthy: backends.filter((b) => b.healthy).length
+        });
+        return;
+      }
+      heading("Privacy Backends");
+      if (backends.length === 0) {
+        warning("No backends match the specified filters");
+        return;
+      }
+      const headers = ["NAME", "TYPE", "CHAINS", "COMPLIANCE"];
+      if (options.health || options.metrics) {
+        headers.push("HEALTHY", "FAILURES");
+      }
+      const rows = backends.map((b) => {
+        const row = [
+          b.enabled ? b.name : chalk5.gray(b.name + " (disabled)"),
+          b.type,
+          b.chains.join(", "),
+          b.compliance ? chalk5.green("\u2713") : chalk5.gray("\u2717")
+        ];
+        if (options.health || options.metrics) {
+          row.push(
+            b.healthy ? chalk5.green("\u2713") : chalk5.red("\u2717"),
+            b.failures
+          );
+        }
+        return row;
+      });
+      table(headers, rows);
+      console.log();
+      const healthyCount = backends.filter((b) => b.healthy).length;
+      const complianceCount = backends.filter((b) => b.compliance).length;
+      success(`${backends.length} backend(s) registered`);
+      if (options.health || options.metrics) {
+        if (healthyCount === backends.length) {
+          info(`All backends healthy`);
+        } else {
+          warning(`${healthyCount}/${backends.length} backends healthy`);
+        }
+      }
+      info(`${complianceCount} backend(s) support compliance (viewing keys)`);
+    } catch (err) {
+      console.error("Failed to list backends:", err);
+      process.exit(1);
+    }
+  });
+  cmd.command("info <name>").description("Show detailed information about a specific backend").option("--json", "Output as JSON").action(async (name, options) => {
+    try {
+      const registry = createDefaultRegistry();
+      const backend = registry.get(name);
+      if (!backend) {
+        console.error(`Backend '${name}' not found`);
+        console.error("Available backends:", registry.getNames().join(", "));
+        process.exit(1);
+      }
+      const caps = backend.getCapabilities();
+      const healthTracker = registry.getHealthTracker();
+      const health = healthTracker?.getHealth(name);
+      const metrics = healthTracker?.getMetrics(name);
+      const backendInfo = {
+        name: backend.name,
+        type: backend.type,
+        chains: [...backend.chains],
+        capabilities: {
+          complianceSupport: caps.complianceSupport,
+          anonymitySet: caps.anonymitySet,
+          latency: caps.latencyEstimate,
+          setupRequired: caps.setupRequired
+        },
+        health: health ? {
+          state: health.circuitState,
+          isHealthy: health.isHealthy,
+          consecutiveFailures: health.consecutiveFailures,
+          consecutiveSuccesses: health.consecutiveSuccesses,
+          lastFailureTime: health.lastFailureTime ? new Date(health.lastFailureTime).toISOString() : null,
+          lastFailureReason: health.lastFailureReason ?? null
+        } : null,
+        metrics: metrics ? {
+          totalRequests: metrics.totalRequests,
+          successfulRequests: metrics.successfulRequests,
+          failedRequests: metrics.failedRequests,
+          averageLatencyMs: Math.round(metrics.averageLatencyMs),
+          successRate: metrics.totalRequests > 0 ? Math.round(metrics.successfulRequests / metrics.totalRequests * 100) : 0
+        } : null
+      };
+      if (options.json) {
+        json(backendInfo);
+        return;
+      }
+      heading(`Backend: ${backend.name}`);
+      console.log(chalk5.bold("General"));
+      console.log(`  Type:     ${backend.type}`);
+      console.log(`  Chains:   ${backend.chains.join(", ")}`);
+      console.log();
+      console.log(chalk5.bold("Capabilities"));
+      console.log(`  Compliance:     ${caps.complianceSupport ? chalk5.green("Yes") : chalk5.gray("No")}`);
+      console.log(`  Anonymity Set:  ${caps.anonymitySet ?? "N/A"}`);
+      console.log(`  Est. Latency:   ${caps.latencyEstimate}`);
+      console.log(`  Setup Required: ${caps.setupRequired ? "Yes" : "No"}`);
+      if (health) {
+        console.log();
+        console.log(chalk5.bold("Health"));
+        console.log(`  State:      ${health.circuitState === "closed" ? chalk5.green("Healthy") : chalk5.red(health.circuitState)}`);
+        console.log(`  Healthy:    ${health.isHealthy ? chalk5.green("Yes") : chalk5.red("No")}`);
+        console.log(`  Failures:   ${health.consecutiveFailures}`);
+        console.log(`  Successes:  ${health.consecutiveSuccesses}`);
+        if (health.lastFailureReason) {
+          console.log(`  Last Error: ${health.lastFailureReason}`);
+        }
+      }
+      if (metrics) {
+        console.log();
+        console.log(chalk5.bold("Metrics"));
+        console.log(`  Total Requests: ${metrics.totalRequests}`);
+        console.log(`  Success Rate:   ${backendInfo.metrics?.successRate}%`);
+        console.log(`  Avg Latency:    ${backendInfo.metrics?.averageLatencyMs}ms`);
+      }
+    } catch (err) {
+      console.error("Failed to get backend info:", err);
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
+// src/commands/proof.ts
+import { Command as Command13 } from "commander";
+import { readFileSync, writeFileSync as writeFileSync3, existsSync } from "fs";
+import {
+  MockProofProvider as MockProofProvider3,
+  createProofAggregator,
+  createVerificationPipeline,
+  createCrossSystemValidator,
+  UnifiedProofConverter
+} from "@sip-protocol/sdk";
+function readProofFile(path3) {
+  if (!existsSync(path3)) {
+    throw new Error(`File not found: ${path3}`);
+  }
+  const content = readFileSync(path3, "utf-8");
+  return JSON.parse(content);
+}
+function writeProofFile(path3, data) {
+  writeFileSync3(path3, JSON.stringify(data, null, 2));
+}
+function readFromStdin() {
+  return new Promise((resolve3, reject) => {
+    let data = "";
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", (chunk) => {
+      data += chunk;
+    });
+    process.stdin.on("end", () => resolve3(data));
+    process.stdin.on("error", reject);
+    setTimeout(() => {
+      if (data === "") {
+        reject(new Error("No input received from stdin"));
+      }
+    }, 1e3);
+  });
+}
+var PROOF_SYSTEM_NAMES = {
+  noir: "Noir (Aztec)",
+  halo2: "Halo2 (Zcash)",
+  kimchi: "Kimchi (Mina)",
+  groth16: "Groth16",
+  plonk: "PLONK",
+  stark: "STARK"
+};
+function formatProofSystem(system) {
+  return PROOF_SYSTEM_NAMES[system] || system;
+}
+function getSystemFromProof(proof) {
+  return proof.metadata.system;
+}
+function createProofCommand() {
+  const proof = new Command13("proof").description("Proof composition operations (M20)");
+  proof.command("generate").description("Generate a ZK proof").requiredOption("-s, --system <system>", "Proof system (noir|halo2|kimchi|mock)").requiredOption("-c, --circuit <id>", "Circuit identifier").option("-i, --inputs <json>", "Public inputs as JSON string").option("-f, --inputs-file <path>", "Public inputs from JSON file").option("-w, --witness <json>", "Private witness as JSON string").option("--witness-file <path>", "Private witness from JSON file").option("-o, --output <path>", "Output file path (default: stdout)").option("--json", "Output as JSON", false).action(async (options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Generate ZK Proof");
+      }
+      let publicInputs = {};
+      if (options.inputs) {
+        publicInputs = JSON.parse(options.inputs);
+      } else if (options.inputsFile) {
+        publicInputs = JSON.parse(readFileSync(options.inputsFile, "utf-8"));
+      }
+      const spin = format === "human" ? spinner(`Generating ${options.system} proof...`) : null;
+      const systemLower = options.system.toLowerCase();
+      const provider = new MockProofProvider3({ silent: true });
+      await provider.initialize();
+      const result = await provider.generateFundingProof({
+        balance: BigInt(publicInputs.balance || "1000000"),
+        minimumRequired: BigInt(publicInputs.minimum || "100"),
+        blindingFactor: new Uint8Array(32),
+        assetId: publicInputs.asset || "ETH",
+        userAddress: publicInputs.user || "0x0000000000000000000000000000000000000000",
+        ownershipSignature: new Uint8Array(64)
+      });
+      spin?.succeed("Proof generated");
+      const proofMetadata = {
+        system: systemLower,
+        systemVersion: "1.0.0",
+        circuitId: options.circuit,
+        circuitVersion: "1.0.0",
+        generatedAt: Date.now(),
+        proofSizeBytes: result.proof.proof.length / 2
+        // hex string to bytes
+      };
+      const proofData = {
+        proof: {
+          id: `proof_${Date.now()}`,
+          proof: result.proof.proof,
+          publicInputs: result.publicInputs.map(String),
+          metadata: proofMetadata
+        },
+        metadata: {
+          system: options.system,
+          circuit: options.circuit,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        }
+      };
+      if (options.output) {
+        writeProofFile(options.output, proofData);
+        if (format === "human") {
+          success(`Proof written to ${options.output}`);
+        }
+      }
+      if (format === "json") {
+        json(proofData);
+      } else if (!options.output) {
+        keyValue("System", formatProofSystem(systemLower));
+        keyValue("Circuit", options.circuit);
+        keyValue("Proof", formatHash(result.proof.proof, 16));
+        keyValue("Public Inputs", JSON.stringify(result.publicInputs));
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ error: String(err) });
+      } else {
+        error(`Failed to generate proof: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  proof.command("compose").description("Compose multiple proofs together").requiredOption("-p, --proofs <paths...>", "Proof file paths to compose").option("-t, --template <name>", "Composition template (sequential|parallel|recursive)", "sequential").option("-o, --output <path>", "Output file path (default: stdout)").option("--json", "Output as JSON", false).option("--validate", "Validate compatibility before composing", true).action(async (options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Compose Proofs");
+      }
+      const proofs = [];
+      for (const path3 of options.proofs) {
+        const proofFile = readProofFile(path3);
+        proofs.push(proofFile.proof);
+      }
+      if (format === "human") {
+        info(`Loaded ${proofs.length} proofs`);
+        proofs.forEach((p, i) => {
+          keyValue(`  Proof ${i + 1}`, `${formatProofSystem(getSystemFromProof(p))} - ${formatHash(p.id)}`);
+        });
+        divider();
+      }
+      if (options.validate) {
+        const validator = createCrossSystemValidator();
+        const systems = [...new Set(proofs.map((p) => getSystemFromProof(p)))];
+        if (systems.length > 1) {
+          const spin2 = format === "human" ? spinner("Validating cross-system compatibility...") : null;
+          const report = validator.validate(proofs, {
+            skipFieldCheck: false,
+            skipCurveCheck: false
+          });
+          const errors = report.checks.filter((c) => !c.passed && c.severity === "error");
+          if (errors.length > 0) {
+            spin2?.fail("Compatibility check failed");
+            if (format === "json") {
+              json({ error: "Incompatible proof systems", report });
+            } else {
+              error("Proof systems are not compatible for composition");
+              errors.forEach((e) => {
+                error(`  - ${e.name}: ${e.message}`);
+              });
+            }
+            process.exit(1);
+          }
+          spin2?.succeed("Compatibility validated");
+        }
+      }
+      const spin = format === "human" ? spinner(`Composing proofs (${options.template})...`) : null;
+      const startTime = Date.now();
+      const aggregator = createProofAggregator();
+      const mockProvider = new MockProofProvider3({ silent: true });
+      await mockProvider.initialize();
+      const getProvider = (_system) => {
+        return mockProvider;
+      };
+      let result;
+      if (options.template === "parallel") {
+        result = await aggregator.aggregateParallel({
+          proofs,
+          getProvider,
+          verifyBefore: options.validate,
+          maxConcurrent: 4,
+          onProgress: (event) => {
+            if (format === "human" && spin) {
+              const progress = Math.round(event.step / event.totalSteps * 100);
+              spin.text = `${event.operation} (${progress}%)`;
+            }
+          }
+        });
+      } else {
+        result = await aggregator.aggregateSequential({
+          proofs,
+          getProvider,
+          verifyBefore: options.validate,
+          onProgress: (event) => {
+            if (format === "human" && spin) {
+              const progress = Math.round(event.step / event.totalSteps * 100);
+              spin.text = `${event.operation} (${progress}%)`;
+            }
+          }
+        });
+      }
+      const timeMs = Date.now() - startTime;
+      if (!result.success || !result.composedProof) {
+        spin?.fail("Composition failed");
+        if (format === "json") {
+          json({ error: result.error || "Unknown error" });
+        } else {
+          error(`Composition failed: ${result.error || "Unknown error"}`);
+        }
+        process.exit(1);
+      }
+      spin?.succeed("Composition complete");
+      const outputData = {
+        proof: result.composedProof,
+        metadata: {
+          template: options.template,
+          inputProofs: proofs.map((p) => p.id),
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          timeMs
+        }
+      };
+      if (options.output) {
+        writeProofFile(options.output, outputData);
+        if (format === "human") {
+          success(`Composed proof written to ${options.output}`);
+        }
+      }
+      if (format === "json") {
+        json(outputData);
+      } else if (!options.output) {
+        keyValue("Composed Proof ID", result.composedProof.id);
+        keyValue("Component Proofs", result.composedProof.proofs.length.toString());
+        keyValue("Strategy", result.composedProof.strategy);
+        keyValue("Time", `${timeMs}ms`);
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ error: String(err) });
+      } else {
+        error(`Failed to compose proofs: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  proof.command("verify").description("Verify a proof or composed proof").argument("<path>", "Proof file path (or - for stdin)").option("--strict", "Enable strict verification mode", false).option("--json", "Output as JSON", false).action(async (path3, options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Verify Proof");
+      }
+      let proofData;
+      if (path3 === "-") {
+        const stdinData = await readFromStdin();
+        proofData = JSON.parse(stdinData);
+      } else {
+        proofData = readProofFile(path3);
+      }
+      const spin = format === "human" ? spinner("Verifying proof...") : null;
+      const pipeline = createVerificationPipeline();
+      const isComposed = "proofs" in proofData.proof && Array.isArray(proofData.proof.proofs);
+      const mockProvider = new MockProofProvider3({ silent: true });
+      await mockProvider.initialize();
+      const getProvider = (_system) => {
+        return mockProvider;
+      };
+      let result;
+      if (isComposed) {
+        result = await pipeline.verify(proofData.proof, {
+          getProvider,
+          config: {}
+        });
+      } else {
+        result = await pipeline.verifySingle(proofData.proof, getProvider);
+      }
+      if (result.valid) {
+        spin?.succeed("Proof is valid");
+      } else {
+        spin?.fail("Proof verification failed");
+      }
+      if (format === "json") {
+        json({
+          valid: result.valid,
+          isComposed,
+          details: result
+        });
+      } else {
+        keyValue("Valid", result.valid ? "Yes" : "No");
+        keyValue("Type", isComposed ? "Composed" : "Single");
+        if (isComposed) {
+          const composed = proofData.proof;
+          keyValue("Component Proofs", composed.proofs.length.toString());
+        }
+        if (!result.valid && "error" in result) {
+          error(`Reason: ${result.error}`);
+        }
+      }
+      if (!result.valid) {
+        process.exit(1);
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ valid: false, error: String(err) });
+      } else {
+        error(`Failed to verify proof: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  proof.command("inspect").description("Analyze and display proof details").argument("<path>", "Proof file path (or - for stdin)").option("--json", "Output as JSON", false).option("--full", "Show full proof data (not truncated)", false).action(async (path3, options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Proof Inspection");
+      }
+      let proofData;
+      if (path3 === "-") {
+        const stdinData = await readFromStdin();
+        proofData = JSON.parse(stdinData);
+      } else {
+        proofData = readProofFile(path3);
+      }
+      const proof2 = proofData.proof;
+      const isComposed = "proofs" in proof2 && Array.isArray(proof2.proofs);
+      if (format === "json") {
+        json({
+          type: isComposed ? "composed" : "single",
+          ...proofData
+        });
+        return;
+      }
+      keyValue("Type", isComposed ? "Composed Proof" : "Single Proof");
+      keyValue("ID", proof2.id);
+      divider();
+      if (isComposed) {
+        const composed = proof2;
+        keyValue("Strategy", composed.strategy);
+        keyValue("Status", composed.status);
+        keyValue("Component Proofs", composed.proofs.length.toString());
+        info("\nComponent Proofs:");
+        table(
+          ["#", "System", "ID", "Public Inputs"],
+          composed.proofs.map((p, i) => [
+            (i + 1).toString(),
+            formatProofSystem(getSystemFromProof(p)),
+            formatHash(p.id),
+            p.publicInputs.length.toString()
+          ])
+        );
+        if (composed.compositionMetadata) {
+          divider();
+          info("Composition Metadata:");
+          keyValue("  Proof Count", composed.compositionMetadata.proofCount.toString());
+          keyValue("  Systems", composed.compositionMetadata.systems.join(", "));
+          keyValue("  Composition Time", `${composed.compositionMetadata.compositionTimeMs}ms`);
+        }
+      } else {
+        const single = proof2;
+        keyValue("System", formatProofSystem(getSystemFromProof(single)));
+        if (single.metadata) {
+          keyValue("Circuit ID", single.metadata.circuitId || "N/A");
+          keyValue("Circuit Version", single.metadata.circuitVersion || "N/A");
+          keyValue("System Version", single.metadata.systemVersion || "N/A");
+          keyValue("Proof Size", `${single.metadata.proofSizeBytes} bytes`);
+          if (single.metadata.generatedAt) {
+            keyValue("Generated At", new Date(single.metadata.generatedAt).toISOString());
+          }
+        }
+        divider();
+        info("Proof Data:");
+        if (options.full) {
+          keyValue("Proof", single.proof);
+        } else {
+          keyValue("Proof", formatHash(single.proof, 32));
+        }
+        info("\nPublic Inputs:");
+        if (single.publicInputs && single.publicInputs.length > 0) {
+          single.publicInputs.forEach((input, i) => {
+            keyValue(`  [${i}]`, formatHash(input, 16));
+          });
+        } else {
+          info("  (none)");
+        }
+      }
+      if (proofData.metadata) {
+        divider();
+        info("File Metadata:");
+        Object.entries(proofData.metadata).forEach(([key, value]) => {
+          keyValue(`  ${key}`, typeof value === "object" ? JSON.stringify(value) : String(value));
+        });
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ error: String(err) });
+      } else {
+        error(`Failed to inspect proof: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  proof.command("convert").description("Convert proof between formats").argument("<path>", "Source proof file path (or - for stdin)").requiredOption("-t, --to <format>", "Target format (sip|noir|halo2|kimchi|json)").option("-o, --output <path>", "Output file path (default: stdout)").option("--json", "Output as JSON", false).action(async (path3, options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Convert Proof Format");
+      }
+      let proofData;
+      if (path3 === "-") {
+        const stdinData = await readFromStdin();
+        proofData = JSON.parse(stdinData);
+      } else {
+        proofData = readProofFile(path3);
+      }
+      const spin = format === "human" ? spinner(`Converting to ${options.to} format...`) : null;
+      const converter = new UnifiedProofConverter();
+      const targetFormat = options.to.toLowerCase();
+      const single = proofData.proof;
+      let result;
+      if (targetFormat === "json") {
+        result = proofData;
+      } else if (targetFormat === "sip") {
+        result = proofData;
+      } else {
+        const converted = converter.fromSIP(single);
+        if (!converted.success || !converted.result) {
+          throw new Error(converted.error || "Conversion failed");
+        }
+        result = converted.result;
+      }
+      spin?.succeed("Conversion complete");
+      const outputData = {
+        originalFormat: getSystemFromProof(single),
+        targetFormat,
+        proof: result,
+        convertedAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      if (options.output) {
+        writeFileSync3(options.output, JSON.stringify(outputData, null, 2));
+        if (format === "human") {
+          success(`Converted proof written to ${options.output}`);
+        }
+      }
+      if (format === "json" || !options.output) {
+        json(outputData);
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ error: String(err) });
+      } else {
+        error(`Failed to convert proof: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  proof.command("systems").description("List supported proof systems and their capabilities").option("--json", "Output as JSON", false).action(async (options) => {
+    const format = options.json ? "json" : "human";
+    const systems = [
+      {
+        id: "noir",
+        name: "Noir (Aztec)",
+        curve: "BN254",
+        features: ["SNARK", "Universal Setup", "Browser Support"],
+        status: "Production"
+      },
+      {
+        id: "halo2",
+        name: "Halo2 (Zcash)",
+        curve: "Pallas/Vesta",
+        features: ["SNARK", "No Trusted Setup", "Recursive"],
+        status: "Production"
+      },
+      {
+        id: "kimchi",
+        name: "Kimchi (Mina)",
+        curve: "Pasta",
+        features: ["SNARK", "Recursive", "Succinct"],
+        status: "Production"
+      },
+      {
+        id: "groth16",
+        name: "Groth16",
+        curve: "BN254",
+        features: ["SNARK", "Smallest Proofs", "Fastest Verification"],
+        status: "Supported"
+      },
+      {
+        id: "plonk",
+        name: "PLONK",
+        curve: "BN254",
+        features: ["SNARK", "Universal Setup", "Flexible"],
+        status: "Supported"
+      },
+      {
+        id: "stark",
+        name: "STARK",
+        curve: "None (Hash-based)",
+        features: ["No Trusted Setup", "Post-Quantum", "Large Proofs"],
+        status: "Experimental"
+      }
+    ];
+    if (format === "json") {
+      json({ systems });
+      return;
+    }
+    heading("Supported Proof Systems");
+    table(
+      ["System", "Curve", "Status"],
+      systems.map((s) => [s.name, s.curve, s.status])
+    );
+    divider();
+    info("Features by System:");
+    systems.forEach((s) => {
+      keyValue(`  ${s.name}`, s.features.join(", "));
+    });
+  });
+  proof.command("compat").description("Check compatibility between proof systems").argument("<systems...>", "Proof systems to check (e.g., noir halo2)").option("--json", "Output as JSON", false).action(async (systems, options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Proof System Compatibility");
+      }
+      const mockProofs = systems.map((sys, i) => ({
+        id: `mock_${sys}_${i}`,
+        proof: "0x00",
+        publicInputs: ["0x01"],
+        metadata: {
+          system: sys,
+          systemVersion: "1.0.0",
+          circuitId: "test",
+          circuitVersion: "1.0.0",
+          generatedAt: Date.now(),
+          proofSizeBytes: 1
+        }
+      }));
+      const validator = createCrossSystemValidator();
+      const report = validator.validate(mockProofs, {
+        skipFieldCheck: false,
+        skipCurveCheck: false
+      });
+      const errors = report.checks.filter((c) => !c.passed && c.severity === "error");
+      const warnings = report.checks.filter((c) => !c.passed && c.severity === "warning");
+      const compatible = errors.length === 0;
+      if (format === "json") {
+        json({
+          systems,
+          compatible,
+          errors: errors.map((e) => ({ check: e.name, message: e.message })),
+          warnings: warnings.map((w) => ({ check: w.name, message: w.message })),
+          report
+        });
+        return;
+      }
+      keyValue("Systems", systems.join(", "));
+      keyValue("Compatible", compatible ? "Yes" : "No");
+      if (compatible) {
+        success("These proof systems can be composed together");
+      } else {
+        error("These proof systems are not directly compatible");
+        divider();
+        info("Issues:");
+        errors.forEach((e) => {
+          error(`  - ${e.name}: ${e.message}`);
+        });
+      }
+      if (warnings.length > 0) {
+        divider();
+        info("Warnings:");
+        warnings.forEach((w) => {
+          info(`  \u26A0 ${w.name}: ${w.message}`);
+        });
+      }
+      if (!compatible) {
+        process.exit(1);
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ error: String(err) });
+      } else {
+        error(`Failed to check compatibility: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  return proof;
+}
+
 // src/index.ts
-var program = new Command9();
-program.name("sip").description("Shielded Intents Protocol (SIP) - Privacy layer for cross-chain transactions").version("0.1.0");
+var program = new Command14();
+program.name("sip").description("Shielded Intents Protocol (SIP) - Privacy layer for cross-chain transactions").version("0.2.0");
+program.addCommand(createSetupCommand());
 program.addCommand(createInitCommand());
 program.addCommand(createKeygenCommand());
+program.addCommand(createStealthCommand());
+program.addCommand(createViewingKeyCommand());
 program.addCommand(createCommitCommand());
 program.addCommand(createProveCommand());
 program.addCommand(createVerifyCommand());
 program.addCommand(createQuoteCommand());
 program.addCommand(createSwapCommand());
 program.addCommand(createScanCommand());
+program.addCommand(createBackendsCommand());
+program.addCommand(createProofCommand());
 program.parse();