@sip-protocol/cli 0.2.0 → 0.2.1

package/dist/index.mjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 // src/index.ts
-import { Command as Command12 } from "commander";
+import { Command as Command14 } from "commander";
 
 // src/commands/init.ts
 import { Command } from "commander";
@@ -63,6 +63,13 @@ ${message}
 function keyValue(key, value) {
   console.log(chalk.gray(`  ${key}:`), chalk.white(String(value)));
 }
+function json(data) {
+  console.log(JSON.stringify(
+    data,
+    (_, value) => typeof value === "bigint" ? value.toString() : value,
+    2
+  ));
+}
 function spinner(text) {
   return ora(text).start();
 }
@@ -129,35 +136,85 @@ import {
   isEd25519Chain,
   encodeStealthMetaAddress
 } from "@sip-protocol/sdk";
+import * as fs from "fs";
+import * as path from "path";
+function formatKeysAsText(data) {
+  return [
+    `# SIP Stealth Meta-Address Keys`,
+    `# Generated: ${data.generatedAt}`,
+    `# Chain: ${data.chain}`,
+    ``,
+    `## Public Keys (safe to share)`,
+    `SPENDING_PUBLIC_KEY=${data.spendingPublicKey}`,
+    `VIEWING_PUBLIC_KEY=${data.viewingPublicKey}`,
+    `META_ADDRESS=${data.metaAddress}`,
+    ``,
+    `## Private Keys (KEEP SECRET!)`,
+    `SPENDING_PRIVATE_KEY=${data.spendingPrivateKey}`,
+    `VIEWING_PRIVATE_KEY=${data.viewingPrivateKey}`,
+    ``,
+    `# WARNING: Delete this file after securely storing the keys!`
+  ].join("\n");
+}
 function createKeygenCommand() {
-  return new Command2("keygen").description("Generate stealth meta-address").option("-c, --chain <chain>", "Target chain (ethereum, solana, near)", "ethereum").option("--spending-key <key>", "Spending private key (hex)").option("--viewing-key <key>", "Viewing private key (hex)").action(async (options) => {
+  return new Command2("keygen").description("Generate stealth meta-address").option("-c, --chain <chain>", "Target chain (ethereum, solana, near)", "ethereum").option("--spending-key <key>", "Spending private key (hex)").option("--viewing-key <key>", "Viewing private key (hex)").option("-o, --output-file <path>", "Output file for keys (enables secure export)").option("-f, --format <format>", "Output format: json or text", "json").action(async (options) => {
     try {
       heading("Generate Stealth Meta-Address");
       const chain = options.chain;
       const useEd25519 = isEd25519Chain(chain);
-      let metaAddress;
+      const format = options.format || "json";
+      let result;
       if (useEd25519) {
         if (options.spendingKey || options.viewingKey) {
           warning("Ed25519 chains do not support custom keys in CLI yet");
         }
-        metaAddress = generateEd25519StealthMetaAddress(chain);
+        result = generateEd25519StealthMetaAddress(chain);
       } else {
-        metaAddress = generateStealthMetaAddress(chain);
+        result = generateStealthMetaAddress(chain);
       }
       success("Stealth meta-address generated");
       keyValue("Chain", chain);
-      const spendingPubKey = metaAddress.metaAddress.spendingKey;
-      const viewingPubKey = metaAddress.metaAddress.viewingKey;
-      const spendingPrivKey = metaAddress.spendingPrivateKey;
-      const viewingPrivKey = metaAddress.viewingPrivateKey;
+      const spendingPubKey = result.metaAddress.spendingKey;
+      const viewingPubKey = result.metaAddress.viewingKey;
+      const spendingPrivKey = result.spendingPrivateKey;
+      const viewingPrivKey = result.viewingPrivateKey;
+      const encoded = encodeStealthMetaAddress(result.metaAddress);
       keyValue("Spending Public Key", spendingPubKey);
       keyValue("Viewing Public Key", viewingPubKey);
-      const encoded = encodeStealthMetaAddress(metaAddress.metaAddress);
       keyValue("Encoded Address", encoded);
       console.log();
-      warning("PRIVATE KEYS - Keep these secure!");
-      keyValue("Spending Private Key", spendingPrivKey);
-      keyValue("Viewing Private Key", viewingPrivKey);
+      if (options.outputFile) {
+        const outputPath = path.resolve(options.outputFile);
+        const dir = path.dirname(outputPath);
+        if (dir !== "." && dir !== "/") {
+          fs.mkdirSync(dir, { recursive: true });
+        }
+        const exportData = {
+          chain,
+          spendingPublicKey: spendingPubKey,
+          viewingPublicKey: viewingPubKey,
+          spendingPrivateKey: spendingPrivKey,
+          viewingPrivateKey: viewingPrivKey,
+          metaAddress: encoded,
+          generatedAt: (/* @__PURE__ */ new Date()).toISOString()
+        };
+        const content = format === "json" ? JSON.stringify(exportData, null, 2) : formatKeysAsText(exportData);
+        fs.writeFileSync(outputPath, content, {
+          mode: 384,
+          encoding: "utf-8"
+        });
+        success(`Keys exported to: ${outputPath}`);
+        warning("SECURITY: File permissions set to 600 (owner only)");
+        warning("SECURITY: Delete this file after securely storing the keys!");
+        info("Private keys NOT displayed in terminal for security");
+      } else {
+        warning("PRIVATE KEYS - Keep these secure!");
+        keyValue("Spending Private Key", spendingPrivKey);
+        keyValue("Viewing Private Key", viewingPrivKey);
+        console.log();
+        info("TIP: Use --output-file for secure key export:");
+        info("  sip keygen --chain solana --output-file ./keys.json");
+      }
     } catch (err) {
       console.error("Failed to generate keys:", err);
       process.exit(1);
@@ -444,9 +501,40 @@ Solver not found: ${options.solver}`);
 
 // src/commands/scan.ts
 import { Command as Command8 } from "commander";
-import { checkStealthAddress, checkEd25519StealthAddress, isEd25519Chain as isEd25519Chain2 } from "@sip-protocol/sdk";
+import {
+  checkStealthAddress,
+  checkEd25519StealthAddressV1,
+  checkSecp256k1StealthAddressV1,
+  deriveStealthPrivateKey,
+  deriveStealthPrivateKeyV1,
+  isEd25519Chain as isEd25519Chain2,
+  parseStealthAddress
+} from "@sip-protocol/sdk";
+import { ed25519 } from "@noble/curves/ed25519";
+import { secp256k1 } from "@noble/curves/secp256k1";
+import { bytesToHex, hexToBytes } from "@noble/hashes/utils";
+import * as fs2 from "fs";
+import * as path2 from "path";
+function formatScanResultsAsText(results, exportedAt) {
+  const lines = [
+    `# SIP Scan Results`,
+    `# Exported: ${exportedAt}`,
+    `# Found: ${results.length} stealth payment(s)`,
+    ``
+  ];
+  for (const r of results) {
+    lines.push(`## Address: ${r.address}`);
+    lines.push(`CHAIN=${r.chain}`);
+    if (r.privateKey) {
+      lines.push(`PRIVATE_KEY=${r.privateKey}`);
+    }
+    lines.push(``);
+  }
+  lines.push(`# WARNING: Delete this file after importing keys to your wallet!`);
+  return lines.join("\n");
+}
 function createScanCommand() {
-  return new Command8("scan").description("Scan for stealth payments").requiredOption("-c, --chain <chain>", "Chain to scan (ethereum, solana, near)").requiredOption("-s, --spending-key <key>", "Your spending private key (hex)").requiredOption("-v, --viewing-key <key>", "Your viewing private key (hex)").option("-a, --addresses <addresses...>", "Specific addresses to check").action(async (options) => {
+  return new Command8("scan").description("Scan for stealth payments").requiredOption("-c, --chain <chain>", "Chain to scan (ethereum, solana, near)").requiredOption("-s, --spending-key <key>", "Your spending private key (hex)").requiredOption("-v, --viewing-key <key>", "Your viewing private key (hex)").option("-a, --addresses <addresses...>", "Specific addresses to check").option("-o, --output-file <path>", "Output file for private keys (required to export keys)").option("-f, --format <format>", "Output format: json or text", "json").action(async (options) => {
     try {
       heading("Scan for Stealth Payments");
       const chain = options.chain;
@@ -461,24 +549,28 @@ function createScanCommand() {
       const results = [];
       for (const address of options.addresses) {
         try {
+          const stealthAddr = parseStealthAddress(address);
           let result;
-          if (useEd25519) {
-            result = checkEd25519StealthAddress(
-              address,
-              options.spendingKey,
-              options.viewingKey
-            );
+          const spendingPubKey = useEd25519 ? `0x${bytesToHex(ed25519.getPublicKey(hexToBytes(options.spendingKey.slice(2))))}` : `0x${bytesToHex(secp256k1.getPublicKey(hexToBytes(options.spendingKey.slice(2)), true))}`;
+          let isMine = checkStealthAddress(stealthAddr, options.viewingKey, spendingPubKey);
+          let isLegacy = false;
+          if (!isMine) {
+            const legacyMatch = useEd25519 ? checkEd25519StealthAddressV1(stealthAddr, options.spendingKey, options.viewingKey) : checkSecp256k1StealthAddressV1(stealthAddr, options.spendingKey, options.viewingKey);
+            if (legacyMatch) {
+              isMine = true;
+              isLegacy = true;
+            }
+          }
+          if (isMine) {
+            const derivedKey = isLegacy ? deriveStealthPrivateKeyV1(stealthAddr, options.spendingKey, options.viewingKey) : deriveStealthPrivateKey(stealthAddr, options.spendingKey, options.viewingKey);
+            result = { isMine: true, stealthPrivateKey: derivedKey.privateKey };
           } else {
-            result = checkStealthAddress(
-              address,
-              options.spendingKey,
-              options.viewingKey
-            );
+            result = { isMine: false };
           }
           results.push({
             address,
             isMine: result.isMine,
-            privateKey: result.isMine ? result.stealthPrivateKey : void 0
+            privateKey: result.stealthPrivateKey
           });
         } catch (err) {
           results.push({
@@ -492,15 +584,34 @@ function createScanCommand() {
       success(`Scanned ${results.length} address(es), found ${foundCount} stealth payment(s)`);
       if (foundCount > 0) {
         console.log();
-        const headers = ["Address", "Match", "Private Key"];
+        const headers = ["Address", "Match"];
         const rows = results.filter((r) => r.isMine).map((r) => [
-          r.address.slice(0, 10) + "...",
-          "Yes",
-          r.privateKey ? r.privateKey.slice(0, 10) + "..." : "N/A"
+          r.address.slice(0, 16) + "..." + r.address.slice(-8),
+          "Yes"
         ]);
         table(headers, rows);
         console.log();
-        warning("Store the private keys securely to access these funds");
+        if (options.outputFile) {
+          const outputPath = path2.resolve(options.outputFile);
+          const format = options.format || "json";
+          const exportedAt = (/* @__PURE__ */ new Date()).toISOString();
+          const exportData = results.filter((r) => r.isMine).map((r) => ({
+            address: r.address,
+            privateKey: r.privateKey,
+            chain: options.chain
+          }));
+          const content = format === "json" ? JSON.stringify(exportData.map((d) => ({ ...d, exportedAt })), null, 2) : formatScanResultsAsText(exportData, exportedAt);
+          fs2.writeFileSync(outputPath, content, {
+            mode: 384,
+            encoding: "utf-8"
+          });
+          success(`Private keys exported to: ${outputPath}`);
+          warning("SECURITY: Delete this file after importing keys to your wallet!");
+          warning("SECURITY: File permissions set to 600 (owner only)");
+        } else {
+          info("Private keys not exported (use --output-file to export securely)");
+          warning("Keys are NOT displayed in terminal for security reasons");
+        }
       } else {
         info("No stealth payments found");
       }
@@ -726,7 +837,7 @@ import {
   ed25519PublicKeyToSolanaAddress,
   ed25519PublicKeyToNearAddress,
   publicKeyToEthAddress,
-  deriveStealthPrivateKey,
+  deriveStealthPrivateKey as deriveStealthPrivateKey2,
   deriveEd25519StealthPrivateKey,
   solanaAddressToEd25519PublicKey
 } from "@sip-protocol/sdk";
@@ -819,7 +930,7 @@ function createStealthCommand() {
         stealthAddressObj,
         spendingKey,
         viewingKey
-      ) : deriveStealthPrivateKey(
+      ) : deriveStealthPrivateKey2(
         stealthAddressObj,
         spendingKey,
         viewingKey
@@ -870,8 +981,8 @@ function createViewingKeyCommand() {
   const cmd = new Command11("viewing-key").alias("vk").description("Manage viewing keys for selective disclosure");
   cmd.command("generate").alias("gen").description("Generate a new viewing key").option("-p, --path <path>", 'Key derivation path (e.g., "payments/2024")').option("-i, --interactive", "Interactive mode").action(async (options) => {
     heading("Generate Viewing Key");
-    let path = options.path;
-    if (options.interactive || !path) {
+    let path3 = options.path;
+    if (options.interactive || !path3) {
       const response = await prompts3([
         {
           type: "text",
@@ -890,11 +1001,11 @@ function createViewingKeyCommand() {
         console.log(chalk4.yellow("Cancelled."));
         return;
       }
-      path = response.path;
+      path3 = response.path;
     }
     const spinner2 = ora4("Generating viewing key...").start();
     try {
-      const viewingKey = generateViewingKey(path);
+      const viewingKey = generateViewingKey(path3);
       spinner2.succeed("Viewing key generated");
       console.log();
       keyValue("Path", viewingKey.path);
@@ -919,7 +1030,7 @@ function createViewingKeyCommand() {
       ]);
       if (saveResponse.save) {
         const existingKeys = getConfig("viewingKeys") || {};
-        existingKeys[path] = viewingKey.key;
+        existingKeys[path3] = viewingKey.key;
         setConfig("viewingKeys", existingKeys);
         success("Viewing key saved to config");
       }
@@ -940,8 +1051,8 @@ function createViewingKeyCommand() {
       return;
     }
     console.log();
-    entries.forEach(([path, key]) => {
-      console.log(chalk4.cyan(`  ${path}`));
+    entries.forEach(([path3, key]) => {
+      console.log(chalk4.cyan(`  ${path3}`));
       console.log(chalk4.gray(`    ${key.slice(0, 20)}...${key.slice(-10)}`));
       console.log();
     });
@@ -961,7 +1072,7 @@ function createViewingKeyCommand() {
         type: "select",
         name: "path",
         message: "Select viewing key to share:",
-        choices: entries.map(([path]) => ({ title: path, value: path }))
+        choices: entries.map(([path3]) => ({ title: path3, value: path3 }))
       },
       {
         type: "select",
@@ -1004,8 +1115,776 @@ function createViewingKeyCommand() {
   return cmd;
 }
 
+// src/commands/backends.ts
+import { Command as Command12 } from "commander";
+import {
+  PrivacyBackendRegistry,
+  SIPNativeBackend
+} from "@sip-protocol/sdk";
+import chalk5 from "chalk";
+function createDefaultRegistry() {
+  const registry = new PrivacyBackendRegistry({ enableHealthTracking: true });
+  registry.register(new SIPNativeBackend());
+  return registry;
+}
+function collectBackendInfo(registry) {
+  const entries = registry.getAllEntries();
+  const healthTracker = registry.getHealthTracker();
+  const results = [];
+  for (const entry of entries) {
+    const backend = entry.backend;
+    const caps = backend.getCapabilities();
+    let healthy = true;
+    let failures = 0;
+    if (healthTracker) {
+      const health = healthTracker.getHealth(backend.name);
+      if (health) {
+        healthy = health.isHealthy;
+        failures = health.consecutiveFailures;
+      }
+    }
+    results.push({
+      name: backend.name,
+      type: backend.type,
+      chains: [...backend.chains],
+      healthy,
+      failures,
+      enabled: entry.enabled,
+      compliance: caps.complianceSupport
+    });
+  }
+  return results;
+}
+function createBackendsCommand() {
+  const cmd = new Command12("backends").description("Manage and list privacy backends");
+  cmd.command("list").description("List all registered privacy backends").option("--health", "Show health status").option("--metrics", "Show detailed metrics").option("--json", "Output as JSON").option("--type <type>", "Filter by type (transaction, compute, both)").option("--chain <chain>", "Filter by chain support").action(async (options) => {
+    try {
+      const registry = createDefaultRegistry();
+      let backends = collectBackendInfo(registry);
+      if (options.type) {
+        backends = backends.filter((b) => b.type === options.type || b.type === "both");
+      }
+      if (options.chain) {
+        backends = backends.filter((b) => b.chains.includes(options.chain));
+      }
+      if (options.json) {
+        json({
+          backends: backends.map((b) => ({
+            ...b,
+            chains: b.chains
+          })),
+          total: backends.length,
+          healthy: backends.filter((b) => b.healthy).length
+        });
+        return;
+      }
+      heading("Privacy Backends");
+      if (backends.length === 0) {
+        warning("No backends match the specified filters");
+        return;
+      }
+      const headers = ["NAME", "TYPE", "CHAINS", "COMPLIANCE"];
+      if (options.health || options.metrics) {
+        headers.push("HEALTHY", "FAILURES");
+      }
+      const rows = backends.map((b) => {
+        const row = [
+          b.enabled ? b.name : chalk5.gray(b.name + " (disabled)"),
+          b.type,
+          b.chains.join(", "),
+          b.compliance ? chalk5.green("\u2713") : chalk5.gray("\u2717")
+        ];
+        if (options.health || options.metrics) {
+          row.push(
+            b.healthy ? chalk5.green("\u2713") : chalk5.red("\u2717"),
+            b.failures
+          );
+        }
+        return row;
+      });
+      table(headers, rows);
+      console.log();
+      const healthyCount = backends.filter((b) => b.healthy).length;
+      const complianceCount = backends.filter((b) => b.compliance).length;
+      success(`${backends.length} backend(s) registered`);
+      if (options.health || options.metrics) {
+        if (healthyCount === backends.length) {
+          info(`All backends healthy`);
+        } else {
+          warning(`${healthyCount}/${backends.length} backends healthy`);
+        }
+      }
+      info(`${complianceCount} backend(s) support compliance (viewing keys)`);
+    } catch (err) {
+      console.error("Failed to list backends:", err);
+      process.exit(1);
+    }
+  });
+  cmd.command("info <name>").description("Show detailed information about a specific backend").option("--json", "Output as JSON").action(async (name, options) => {
+    try {
+      const registry = createDefaultRegistry();
+      const backend = registry.get(name);
+      if (!backend) {
+        console.error(`Backend '${name}' not found`);
+        console.error("Available backends:", registry.getNames().join(", "));
+        process.exit(1);
+      }
+      const caps = backend.getCapabilities();
+      const healthTracker = registry.getHealthTracker();
+      const health = healthTracker?.getHealth(name);
+      const metrics = healthTracker?.getMetrics(name);
+      const backendInfo = {
+        name: backend.name,
+        type: backend.type,
+        chains: [...backend.chains],
+        capabilities: {
+          complianceSupport: caps.complianceSupport,
+          anonymitySet: caps.anonymitySet,
+          latency: caps.latencyEstimate,
+          setupRequired: caps.setupRequired
+        },
+        health: health ? {
+          state: health.circuitState,
+          isHealthy: health.isHealthy,
+          consecutiveFailures: health.consecutiveFailures,
+          consecutiveSuccesses: health.consecutiveSuccesses,
+          lastFailureTime: health.lastFailureTime ? new Date(health.lastFailureTime).toISOString() : null,
+          lastFailureReason: health.lastFailureReason ?? null
+        } : null,
+        metrics: metrics ? {
+          totalRequests: metrics.totalRequests,
+          successfulRequests: metrics.successfulRequests,
+          failedRequests: metrics.failedRequests,
+          averageLatencyMs: Math.round(metrics.averageLatencyMs),
+          successRate: metrics.totalRequests > 0 ? Math.round(metrics.successfulRequests / metrics.totalRequests * 100) : 0
+        } : null
+      };
+      if (options.json) {
+        json(backendInfo);
+        return;
+      }
+      heading(`Backend: ${backend.name}`);
+      console.log(chalk5.bold("General"));
+      console.log(`  Type:     ${backend.type}`);
+      console.log(`  Chains:   ${backend.chains.join(", ")}`);
+      console.log();
+      console.log(chalk5.bold("Capabilities"));
+      console.log(`  Compliance:     ${caps.complianceSupport ? chalk5.green("Yes") : chalk5.gray("No")}`);
+      console.log(`  Anonymity Set:  ${caps.anonymitySet ?? "N/A"}`);
+      console.log(`  Est. Latency:   ${caps.latencyEstimate}`);
+      console.log(`  Setup Required: ${caps.setupRequired ? "Yes" : "No"}`);
+      if (health) {
+        console.log();
+        console.log(chalk5.bold("Health"));
+        console.log(`  State:      ${health.circuitState === "closed" ? chalk5.green("Healthy") : chalk5.red(health.circuitState)}`);
+        console.log(`  Healthy:    ${health.isHealthy ? chalk5.green("Yes") : chalk5.red("No")}`);
+        console.log(`  Failures:   ${health.consecutiveFailures}`);
+        console.log(`  Successes:  ${health.consecutiveSuccesses}`);
+        if (health.lastFailureReason) {
+          console.log(`  Last Error: ${health.lastFailureReason}`);
+        }
+      }
+      if (metrics) {
+        console.log();
+        console.log(chalk5.bold("Metrics"));
+        console.log(`  Total Requests: ${metrics.totalRequests}`);
+        console.log(`  Success Rate:   ${backendInfo.metrics?.successRate}%`);
+        console.log(`  Avg Latency:    ${backendInfo.metrics?.averageLatencyMs}ms`);
+      }
+    } catch (err) {
+      console.error("Failed to get backend info:", err);
+      process.exit(1);
+    }
+  });
+  return cmd;
+}
+
+// src/commands/proof.ts
+import { Command as Command13 } from "commander";
+import { readFileSync, writeFileSync as writeFileSync3, existsSync } from "fs";
+import {
+  MockProofProvider as MockProofProvider3,
+  createProofAggregator,
+  createVerificationPipeline,
+  createCrossSystemValidator,
+  UnifiedProofConverter
+} from "@sip-protocol/sdk";
+function readProofFile(path3) {
+  if (!existsSync(path3)) {
+    throw new Error(`File not found: ${path3}`);
+  }
+  const content = readFileSync(path3, "utf-8");
+  return JSON.parse(content);
+}
+function writeProofFile(path3, data) {
+  writeFileSync3(path3, JSON.stringify(data, null, 2));
+}
+function readFromStdin() {
+  return new Promise((resolve3, reject) => {
+    let data = "";
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", (chunk) => {
+      data += chunk;
+    });
+    process.stdin.on("end", () => resolve3(data));
+    process.stdin.on("error", reject);
+    setTimeout(() => {
+      if (data === "") {
+        reject(new Error("No input received from stdin"));
+      }
+    }, 1e3);
+  });
+}
+var PROOF_SYSTEM_NAMES = {
+  noir: "Noir (Aztec)",
+  halo2: "Halo2 (Zcash)",
+  kimchi: "Kimchi (Mina)",
+  groth16: "Groth16",
+  plonk: "PLONK",
+  stark: "STARK"
+};
+function formatProofSystem(system) {
+  return PROOF_SYSTEM_NAMES[system] || system;
+}
+function getSystemFromProof(proof) {
+  return proof.metadata.system;
+}
+function createProofCommand() {
+  const proof = new Command13("proof").description("Proof composition operations (M20)");
+  proof.command("generate").description("Generate a ZK proof").requiredOption("-s, --system <system>", "Proof system (noir|halo2|kimchi|mock)").requiredOption("-c, --circuit <id>", "Circuit identifier").option("-i, --inputs <json>", "Public inputs as JSON string").option("-f, --inputs-file <path>", "Public inputs from JSON file").option("-w, --witness <json>", "Private witness as JSON string").option("--witness-file <path>", "Private witness from JSON file").option("-o, --output <path>", "Output file path (default: stdout)").option("--json", "Output as JSON", false).action(async (options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Generate ZK Proof");
+      }
+      let publicInputs = {};
+      if (options.inputs) {
+        publicInputs = JSON.parse(options.inputs);
+      } else if (options.inputsFile) {
+        publicInputs = JSON.parse(readFileSync(options.inputsFile, "utf-8"));
+      }
+      const spin = format === "human" ? spinner(`Generating ${options.system} proof...`) : null;
+      const systemLower = options.system.toLowerCase();
+      const provider = new MockProofProvider3({ silent: true });
+      await provider.initialize();
+      const result = await provider.generateFundingProof({
+        balance: BigInt(publicInputs.balance || "1000000"),
+        minimumRequired: BigInt(publicInputs.minimum || "100"),
+        blindingFactor: new Uint8Array(32),
+        assetId: publicInputs.asset || "ETH",
+        userAddress: publicInputs.user || "0x0000000000000000000000000000000000000000",
+        ownershipSignature: new Uint8Array(64)
+      });
+      spin?.succeed("Proof generated");
+      const proofMetadata = {
+        system: systemLower,
+        systemVersion: "1.0.0",
+        circuitId: options.circuit,
+        circuitVersion: "1.0.0",
+        generatedAt: Date.now(),
+        proofSizeBytes: result.proof.proof.length / 2
+        // hex string to bytes
+      };
+      const proofData = {
+        proof: {
+          id: `proof_${Date.now()}`,
+          proof: result.proof.proof,
+          publicInputs: result.publicInputs.map(String),
+          metadata: proofMetadata
+        },
+        metadata: {
+          system: options.system,
+          circuit: options.circuit,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        }
+      };
+      if (options.output) {
+        writeProofFile(options.output, proofData);
+        if (format === "human") {
+          success(`Proof written to ${options.output}`);
+        }
+      }
+      if (format === "json") {
+        json(proofData);
+      } else if (!options.output) {
+        keyValue("System", formatProofSystem(systemLower));
+        keyValue("Circuit", options.circuit);
+        keyValue("Proof", formatHash(result.proof.proof, 16));
+        keyValue("Public Inputs", JSON.stringify(result.publicInputs));
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ error: String(err) });
+      } else {
+        error(`Failed to generate proof: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  proof.command("compose").description("Compose multiple proofs together").requiredOption("-p, --proofs <paths...>", "Proof file paths to compose").option("-t, --template <name>", "Composition template (sequential|parallel|recursive)", "sequential").option("-o, --output <path>", "Output file path (default: stdout)").option("--json", "Output as JSON", false).option("--validate", "Validate compatibility before composing", true).action(async (options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Compose Proofs");
+      }
+      const proofs = [];
+      for (const path3 of options.proofs) {
+        const proofFile = readProofFile(path3);
+        proofs.push(proofFile.proof);
+      }
+      if (format === "human") {
+        info(`Loaded ${proofs.length} proofs`);
+        proofs.forEach((p, i) => {
+          keyValue(`  Proof ${i + 1}`, `${formatProofSystem(getSystemFromProof(p))} - ${formatHash(p.id)}`);
+        });
+        divider();
+      }
+      if (options.validate) {
+        const validator = createCrossSystemValidator();
+        const systems = [...new Set(proofs.map((p) => getSystemFromProof(p)))];
+        if (systems.length > 1) {
+          const spin2 = format === "human" ? spinner("Validating cross-system compatibility...") : null;
+          const report = validator.validate(proofs, {
+            skipFieldCheck: false,
+            skipCurveCheck: false
+          });
+          const errors = report.checks.filter((c) => !c.passed && c.severity === "error");
+          if (errors.length > 0) {
+            spin2?.fail("Compatibility check failed");
+            if (format === "json") {
+              json({ error: "Incompatible proof systems", report });
+            } else {
+              error("Proof systems are not compatible for composition");
+              errors.forEach((e) => {
+                error(`  - ${e.name}: ${e.message}`);
+              });
+            }
+            process.exit(1);
+          }
+          spin2?.succeed("Compatibility validated");
+        }
+      }
+      const spin = format === "human" ? spinner(`Composing proofs (${options.template})...`) : null;
+      const startTime = Date.now();
+      const aggregator = createProofAggregator();
+      const mockProvider = new MockProofProvider3({ silent: true });
+      await mockProvider.initialize();
+      const getProvider = (_system) => {
+        return mockProvider;
+      };
+      let result;
+      if (options.template === "parallel") {
+        result = await aggregator.aggregateParallel({
+          proofs,
+          getProvider,
+          verifyBefore: options.validate,
+          maxConcurrent: 4,
+          onProgress: (event) => {
+            if (format === "human" && spin) {
+              const progress = Math.round(event.step / event.totalSteps * 100);
+              spin.text = `${event.operation} (${progress}%)`;
+            }
+          }
+        });
+      } else {
+        result = await aggregator.aggregateSequential({
+          proofs,
+          getProvider,
+          verifyBefore: options.validate,
+          onProgress: (event) => {
+            if (format === "human" && spin) {
+              const progress = Math.round(event.step / event.totalSteps * 100);
+              spin.text = `${event.operation} (${progress}%)`;
+            }
+          }
+        });
+      }
+      const timeMs = Date.now() - startTime;
+      if (!result.success || !result.composedProof) {
+        spin?.fail("Composition failed");
+        if (format === "json") {
+          json({ error: result.error || "Unknown error" });
+        } else {
+          error(`Composition failed: ${result.error || "Unknown error"}`);
+        }
+        process.exit(1);
+      }
+      spin?.succeed("Composition complete");
+      const outputData = {
+        proof: result.composedProof,
+        metadata: {
+          template: options.template,
+          inputProofs: proofs.map((p) => p.id),
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          timeMs
+        }
+      };
+      if (options.output) {
+        writeProofFile(options.output, outputData);
+        if (format === "human") {
+          success(`Composed proof written to ${options.output}`);
+        }
+      }
+      if (format === "json") {
+        json(outputData);
+      } else if (!options.output) {
+        keyValue("Composed Proof ID", result.composedProof.id);
+        keyValue("Component Proofs", result.composedProof.proofs.length.toString());
+        keyValue("Strategy", result.composedProof.strategy);
+        keyValue("Time", `${timeMs}ms`);
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ error: String(err) });
+      } else {
+        error(`Failed to compose proofs: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  proof.command("verify").description("Verify a proof or composed proof").argument("<path>", "Proof file path (or - for stdin)").option("--strict", "Enable strict verification mode", false).option("--json", "Output as JSON", false).action(async (path3, options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Verify Proof");
+      }
+      let proofData;
+      if (path3 === "-") {
+        const stdinData = await readFromStdin();
+        proofData = JSON.parse(stdinData);
+      } else {
+        proofData = readProofFile(path3);
+      }
+      const spin = format === "human" ? spinner("Verifying proof...") : null;
+      const pipeline = createVerificationPipeline();
+      const isComposed = "proofs" in proofData.proof && Array.isArray(proofData.proof.proofs);
+      const mockProvider = new MockProofProvider3({ silent: true });
+      await mockProvider.initialize();
+      const getProvider = (_system) => {
+        return mockProvider;
+      };
+      let result;
+      if (isComposed) {
+        result = await pipeline.verify(proofData.proof, {
+          getProvider,
+          config: {}
+        });
+      } else {
+        result = await pipeline.verifySingle(proofData.proof, getProvider);
+      }
+      if (result.valid) {
+        spin?.succeed("Proof is valid");
+      } else {
+        spin?.fail("Proof verification failed");
+      }
+      if (format === "json") {
+        json({
+          valid: result.valid,
+          isComposed,
+          details: result
+        });
+      } else {
+        keyValue("Valid", result.valid ? "Yes" : "No");
+        keyValue("Type", isComposed ? "Composed" : "Single");
+        if (isComposed) {
+          const composed = proofData.proof;
+          keyValue("Component Proofs", composed.proofs.length.toString());
+        }
+        if (!result.valid && "error" in result) {
+          error(`Reason: ${result.error}`);
+        }
+      }
+      if (!result.valid) {
+        process.exit(1);
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ valid: false, error: String(err) });
+      } else {
+        error(`Failed to verify proof: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  proof.command("inspect").description("Analyze and display proof details").argument("<path>", "Proof file path (or - for stdin)").option("--json", "Output as JSON", false).option("--full", "Show full proof data (not truncated)", false).action(async (path3, options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Proof Inspection");
+      }
+      let proofData;
+      if (path3 === "-") {
+        const stdinData = await readFromStdin();
+        proofData = JSON.parse(stdinData);
+      } else {
+        proofData = readProofFile(path3);
+      }
+      const proof2 = proofData.proof;
+      const isComposed = "proofs" in proof2 && Array.isArray(proof2.proofs);
+      if (format === "json") {
+        json({
+          type: isComposed ? "composed" : "single",
+          ...proofData
+        });
+        return;
+      }
+      keyValue("Type", isComposed ? "Composed Proof" : "Single Proof");
+      keyValue("ID", proof2.id);
+      divider();
+      if (isComposed) {
+        const composed = proof2;
+        keyValue("Strategy", composed.strategy);
+        keyValue("Status", composed.status);
+        keyValue("Component Proofs", composed.proofs.length.toString());
+        info("\nComponent Proofs:");
+        table(
+          ["#", "System", "ID", "Public Inputs"],
+          composed.proofs.map((p, i) => [
+            (i + 1).toString(),
+            formatProofSystem(getSystemFromProof(p)),
+            formatHash(p.id),
+            p.publicInputs.length.toString()
+          ])
+        );
+        if (composed.compositionMetadata) {
+          divider();
+          info("Composition Metadata:");
+          keyValue("  Proof Count", composed.compositionMetadata.proofCount.toString());
+          keyValue("  Systems", composed.compositionMetadata.systems.join(", "));
+          keyValue("  Composition Time", `${composed.compositionMetadata.compositionTimeMs}ms`);
+        }
+      } else {
+        const single = proof2;
+        keyValue("System", formatProofSystem(getSystemFromProof(single)));
+        if (single.metadata) {
+          keyValue("Circuit ID", single.metadata.circuitId || "N/A");
+          keyValue("Circuit Version", single.metadata.circuitVersion || "N/A");
+          keyValue("System Version", single.metadata.systemVersion || "N/A");
+          keyValue("Proof Size", `${single.metadata.proofSizeBytes} bytes`);
+          if (single.metadata.generatedAt) {
+            keyValue("Generated At", new Date(single.metadata.generatedAt).toISOString());
+          }
+        }
+        divider();
+        info("Proof Data:");
+        if (options.full) {
+          keyValue("Proof", single.proof);
+        } else {
+          keyValue("Proof", formatHash(single.proof, 32));
+        }
+        info("\nPublic Inputs:");
+        if (single.publicInputs && single.publicInputs.length > 0) {
+          single.publicInputs.forEach((input, i) => {
+            keyValue(`  [${i}]`, formatHash(input, 16));
+          });
+        } else {
+          info("  (none)");
+        }
+      }
+      if (proofData.metadata) {
+        divider();
+        info("File Metadata:");
+        Object.entries(proofData.metadata).forEach(([key, value]) => {
+          keyValue(`  ${key}`, typeof value === "object" ? JSON.stringify(value) : String(value));
+        });
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ error: String(err) });
+      } else {
+        error(`Failed to inspect proof: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  proof.command("convert").description("Convert proof between formats").argument("<path>", "Source proof file path (or - for stdin)").requiredOption("-t, --to <format>", "Target format (sip|noir|halo2|kimchi|json)").option("-o, --output <path>", "Output file path (default: stdout)").option("--json", "Output as JSON", false).action(async (path3, options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Convert Proof Format");
+      }
+      let proofData;
+      if (path3 === "-") {
+        const stdinData = await readFromStdin();
+        proofData = JSON.parse(stdinData);
+      } else {
+        proofData = readProofFile(path3);
+      }
+      const spin = format === "human" ? spinner(`Converting to ${options.to} format...`) : null;
+      const converter = new UnifiedProofConverter();
+      const targetFormat = options.to.toLowerCase();
+      const single = proofData.proof;
+      let result;
+      if (targetFormat === "json") {
+        result = proofData;
+      } else if (targetFormat === "sip") {
+        result = proofData;
+      } else {
+        const converted = converter.fromSIP(single);
+        if (!converted.success || !converted.result) {
+          throw new Error(converted.error || "Conversion failed");
+        }
+        result = converted.result;
+      }
+      spin?.succeed("Conversion complete");
+      const outputData = {
+        originalFormat: getSystemFromProof(single),
+        targetFormat,
+        proof: result,
+        convertedAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      if (options.output) {
+        writeFileSync3(options.output, JSON.stringify(outputData, null, 2));
+        if (format === "human") {
+          success(`Converted proof written to ${options.output}`);
+        }
+      }
+      if (format === "json" || !options.output) {
+        json(outputData);
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ error: String(err) });
+      } else {
+        error(`Failed to convert proof: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  proof.command("systems").description("List supported proof systems and their capabilities").option("--json", "Output as JSON", false).action(async (options) => {
+    const format = options.json ? "json" : "human";
+    const systems = [
+      {
+        id: "noir",
+        name: "Noir (Aztec)",
+        curve: "BN254",
+        features: ["SNARK", "Universal Setup", "Browser Support"],
+        status: "Production"
+      },
+      {
+        id: "halo2",
+        name: "Halo2 (Zcash)",
+        curve: "Pallas/Vesta",
+        features: ["SNARK", "No Trusted Setup", "Recursive"],
+        status: "Production"
+      },
+      {
+        id: "kimchi",
+        name: "Kimchi (Mina)",
+        curve: "Pasta",
+        features: ["SNARK", "Recursive", "Succinct"],
+        status: "Production"
+      },
+      {
+        id: "groth16",
+        name: "Groth16",
+        curve: "BN254",
+        features: ["SNARK", "Smallest Proofs", "Fastest Verification"],
+        status: "Supported"
+      },
+      {
+        id: "plonk",
+        name: "PLONK",
+        curve: "BN254",
+        features: ["SNARK", "Universal Setup", "Flexible"],
+        status: "Supported"
+      },
+      {
+        id: "stark",
+        name: "STARK",
+        curve: "None (Hash-based)",
+        features: ["No Trusted Setup", "Post-Quantum", "Large Proofs"],
+        status: "Experimental"
+      }
+    ];
+    if (format === "json") {
+      json({ systems });
+      return;
+    }
+    heading("Supported Proof Systems");
+    table(
+      ["System", "Curve", "Status"],
+      systems.map((s) => [s.name, s.curve, s.status])
+    );
+    divider();
+    info("Features by System:");
+    systems.forEach((s) => {
+      keyValue(`  ${s.name}`, s.features.join(", "));
+    });
+  });
+  proof.command("compat").description("Check compatibility between proof systems").argument("<systems...>", "Proof systems to check (e.g., noir halo2)").option("--json", "Output as JSON", false).action(async (systems, options) => {
+    const format = options.json ? "json" : "human";
+    try {
+      if (format === "human") {
+        heading("Proof System Compatibility");
+      }
+      const mockProofs = systems.map((sys, i) => ({
+        id: `mock_${sys}_${i}`,
+        proof: "0x00",
+        publicInputs: ["0x01"],
+        metadata: {
+          system: sys,
+          systemVersion: "1.0.0",
+          circuitId: "test",
+          circuitVersion: "1.0.0",
+          generatedAt: Date.now(),
+          proofSizeBytes: 1
+        }
+      }));
+      const validator = createCrossSystemValidator();
+      const report = validator.validate(mockProofs, {
+        skipFieldCheck: false,
+        skipCurveCheck: false
+      });
+      const errors = report.checks.filter((c) => !c.passed && c.severity === "error");
+      const warnings = report.checks.filter((c) => !c.passed && c.severity === "warning");
+      const compatible = errors.length === 0;
+      if (format === "json") {
+        json({
+          systems,
+          compatible,
+          errors: errors.map((e) => ({ check: e.name, message: e.message })),
+          warnings: warnings.map((w) => ({ check: w.name, message: w.message })),
+          report
+        });
+        return;
+      }
+      keyValue("Systems", systems.join(", "));
+      keyValue("Compatible", compatible ? "Yes" : "No");
+      if (compatible) {
+        success("These proof systems can be composed together");
+      } else {
+        error("These proof systems are not directly compatible");
+        divider();
+        info("Issues:");
+        errors.forEach((e) => {
+          error(`  - ${e.name}: ${e.message}`);
+        });
+      }
+      if (warnings.length > 0) {
+        divider();
+        info("Warnings:");
+        warnings.forEach((w) => {
+          info(`  \u26A0 ${w.name}: ${w.message}`);
+        });
+      }
+      if (!compatible) {
+        process.exit(1);
+      }
+    } catch (err) {
+      if (format === "json") {
+        json({ error: String(err) });
+      } else {
+        error(`Failed to check compatibility: ${err}`);
+      }
+      process.exit(1);
+    }
+  });
+  return proof;
+}
+
 // src/index.ts
-var program = new Command12();
+var program = new Command14();
 program.name("sip").description("Shielded Intents Protocol (SIP) - Privacy layer for cross-chain transactions").version("0.2.0");
 program.addCommand(createSetupCommand());
 program.addCommand(createInitCommand());
@@ -1018,4 +1897,6 @@ program.addCommand(createVerifyCommand());
 program.addCommand(createQuoteCommand());
 program.addCommand(createSwapCommand());
 program.addCommand(createScanCommand());
+program.addCommand(createBackendsCommand());
+program.addCommand(createProofCommand());
 program.parse();