@tokamak-private-dapps/private-state-cli 2.4.2 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +103 -4
- package/README.md +241 -91
- package/agents.md +1476 -145
- package/assets/service-terms.md +294 -0
- package/assets/tx-fees.json +4 -4
- package/commands/account.mjs +5 -1
- package/commands/channel.mjs +14 -0
- package/commands/index.mjs +7 -6
- package/commands/notes.mjs +5 -0
- package/commands/secret.mjs +20 -0
- package/commands/system.mjs +7 -2
- package/commands/wallet.mjs +12 -2
- package/investigator/README.md +13 -11
- package/investigator/index.html +1 -1
- package/lib/private-state-browser-wallet-helpers.mjs +91 -0
- package/lib/private-state-cli-command-registry.mjs +227 -99
- package/lib/private-state-runtime-management.mjs +90 -10
- package/lib/private-state-terms.mjs +35 -0
- package/lib/runtime.mjs +4001 -489
- package/package.json +3 -3
- package/private-state-bridge-cli.mjs +1 -1
- package/cli-assistant.html +0 -1534
|
@@ -53,6 +53,7 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
53
53
|
type: "text",
|
|
54
54
|
placeholder: "my-account",
|
|
55
55
|
valueLabel: "<NAME>",
|
|
56
|
+
hint: "Local account alias. Omit it on supported commands to use a MetaMask-compatible browser wallet instead.",
|
|
56
57
|
option: "--account",
|
|
57
58
|
},
|
|
58
59
|
leaderAccount: {
|
|
@@ -69,7 +70,7 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
69
70
|
type: "text",
|
|
70
71
|
placeholder: "relayer-account",
|
|
71
72
|
valueLabel: "<ACCOUNT>",
|
|
72
|
-
hint: "Optional for proof-backed note commands.
|
|
73
|
+
hint: "Optional for proof-backed note commands. Use --tx-submitter <ACCOUNT> for a local submitter, or --tx-submitter without a value for browser-wallet submission of executeChannelTransaction.",
|
|
73
74
|
option: "--tx-submitter",
|
|
74
75
|
optional: true,
|
|
75
76
|
},
|
|
@@ -99,7 +100,7 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
99
100
|
wallet: {
|
|
100
101
|
label: "Wallet Name",
|
|
101
102
|
type: "text",
|
|
102
|
-
placeholder: "channel-
|
|
103
|
+
placeholder: "channel-0xYourEthereumAddress",
|
|
103
104
|
valueLabel: "<NAME>",
|
|
104
105
|
option: "--wallet",
|
|
105
106
|
},
|
|
@@ -110,6 +111,13 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
110
111
|
valueLabel: "<PATH>",
|
|
111
112
|
option: "--output",
|
|
112
113
|
},
|
|
114
|
+
random: {
|
|
115
|
+
label: "Random Secret",
|
|
116
|
+
type: "checkbox",
|
|
117
|
+
hint: "Generate a random wallet secret instead of prompting the user to type one.",
|
|
118
|
+
option: "--random",
|
|
119
|
+
optional: true,
|
|
120
|
+
},
|
|
113
121
|
exportEvidence: {
|
|
114
122
|
label: "Evidence ZIP",
|
|
115
123
|
type: "text",
|
|
@@ -119,19 +127,6 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
119
127
|
option: "--export-evidence",
|
|
120
128
|
optional: true,
|
|
121
129
|
},
|
|
122
|
-
acknowledgeFullNotePlaintextExport: {
|
|
123
|
-
label: "Acknowledge Note Plaintext Export",
|
|
124
|
-
type: "checkbox",
|
|
125
|
-
hint: "Required with --export-evidence. Confirms that all locally known note plaintext will be written to the ZIP.",
|
|
126
|
-
option: "--acknowledge-full-note-plaintext-export",
|
|
127
|
-
optional: true,
|
|
128
|
-
},
|
|
129
|
-
acknowledgeActionImpact: {
|
|
130
|
-
label: "Acknowledge Action Impact",
|
|
131
|
-
type: "checkbox",
|
|
132
|
-
hint: "Required for transaction-sending bridge, channel, and note commands. Confirms that the user reviewed the public/private action-impact warning.",
|
|
133
|
-
option: "--acknowledge-action-impact",
|
|
134
|
-
},
|
|
135
130
|
input: {
|
|
136
131
|
label: "Input File",
|
|
137
132
|
type: "text",
|
|
@@ -165,9 +160,9 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
165
160
|
recipients: {
|
|
166
161
|
label: "Recipients JSON",
|
|
167
162
|
type: "textarea",
|
|
168
|
-
placeholder: "[\"
|
|
163
|
+
placeholder: "[\"0xRecipientChannelAddress\"]",
|
|
169
164
|
valueLabel: "<JSON_ARRAY>",
|
|
170
|
-
hint: "JSON array of recipient
|
|
165
|
+
hint: "JSON array of recipient channel-local addresses. Its length must match --amounts.",
|
|
171
166
|
option: "--recipients",
|
|
172
167
|
},
|
|
173
168
|
docker: {
|
|
@@ -207,6 +202,20 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
207
202
|
option: "--read-only",
|
|
208
203
|
optional: true,
|
|
209
204
|
},
|
|
205
|
+
terminalTerms: {
|
|
206
|
+
label: "Terminal Terms Acceptance",
|
|
207
|
+
type: "checkbox",
|
|
208
|
+
hint: "Use terminal-only Terms acceptance instead of the default local browser Terms page.",
|
|
209
|
+
option: "--terminal-terms",
|
|
210
|
+
optional: true,
|
|
211
|
+
},
|
|
212
|
+
includeWalletKeys: {
|
|
213
|
+
label: "Include Wallet Keys",
|
|
214
|
+
type: "checkbox",
|
|
215
|
+
hint: "With uninstall, delete wallet spending-key and viewing-key files instead of preserving them.",
|
|
216
|
+
option: "--include-wallet-keys",
|
|
217
|
+
optional: true,
|
|
218
|
+
},
|
|
210
219
|
fromGenesis: {
|
|
211
220
|
label: "Scan From Genesis",
|
|
212
221
|
type: "checkbox",
|
|
@@ -269,21 +278,31 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
269
278
|
});
|
|
270
279
|
|
|
271
280
|
const ACTION_IMPACT_HELP = Object.freeze({
|
|
272
|
-
|
|
281
|
+
warningSummary: "The CLI shows a warning summary before the command proceeds; User-Controlled AI Agents must not accept Terms or confirmations for the user.",
|
|
273
282
|
illegalUse: "The command must not be used for money laundering, sanctions evasion, terrorist financing, illegal gambling, criminal-proceeds concealment, or regulatory evasion.",
|
|
274
|
-
secretRecovery: "Losing wallet secrets, viewing keys, or spending keys can prevent note discovery or note use;
|
|
283
|
+
secretRecovery: "Losing wallet secrets, viewing keys, or spending keys can prevent note discovery or note use; if all required secret material and backups are lost, no recovery method exists.",
|
|
275
284
|
exchangeControlledAddress: "Do not use an exchange-controlled address as a self-custody bridge source or direct bridge withdrawal target.",
|
|
276
285
|
policy: "The user must review the channel policy snapshot before accepting channel-bound actions.",
|
|
277
286
|
provenance: "Public observers cannot reconstruct private note counterparty relationships or note provenance from public contract state alone.",
|
|
287
|
+
browserWalletAccount: "Omit --account to use a MetaMask-compatible browser wallet instead of a local account alias; the CLI does not read or store the raw L1 private key in this mode.",
|
|
288
|
+
browserWalletTxSubmitter: "Use --tx-submitter without a value when a browser wallet should submit executeChannelTransaction and pay gas.",
|
|
289
|
+
localL2Keys: "Browser-wallet L1 signing does not replace local wallet keys; note commands still use the local viewing key and spending key.",
|
|
278
290
|
});
|
|
279
291
|
|
|
280
292
|
export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
281
293
|
{
|
|
282
294
|
id: "install",
|
|
283
295
|
description: "Install private-state CLI runtime artifacts in full or read-only mode.",
|
|
284
|
-
fields: ["readOnly", "docker", "includeLocalArtifacts", "groth16CliVersion", "tokamakZkEvmCliVersion"],
|
|
285
|
-
|
|
296
|
+
fields: ["network", "readOnly", "docker", "includeLocalArtifacts", "terminalTerms", "groth16CliVersion", "tokamakZkEvmCliVersion"],
|
|
297
|
+
optionalFields: ["network"],
|
|
298
|
+
usage: "optional --network, --read-only, --docker, --include-local-artifacts, --terminal-terms, --groth16-cli-version, and --tokamak-zk-evm-cli-version",
|
|
286
299
|
help: [
|
|
300
|
+
"Use --network to install only that network's deployment artifacts",
|
|
301
|
+
"Mainnet install, or install without --network, opens a local browser Terms page and requires explicit human acceptance before installation proceeds",
|
|
302
|
+
"Sepolia and anvil installs do not require Terms acceptance",
|
|
303
|
+
"Use --terminal-terms only when the local browser flow cannot be used for a Terms-gated install",
|
|
304
|
+
"--json reports that browser-based interactive Terms acceptance is required for Terms-gated installs and does not install artifacts",
|
|
305
|
+
"Install results include the canonical Terms version and deterministic Terms hash",
|
|
287
306
|
"Default full mode installs proof runtimes and all deployment artifacts needed by transaction-sending commands",
|
|
288
307
|
"--read-only installs only artifacts needed by channel-state read commands and commands unrelated to channel state",
|
|
289
308
|
"Version options install exact CLI package versions; omitted versions resolve to npm registry latest",
|
|
@@ -293,9 +312,14 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
293
312
|
},
|
|
294
313
|
{
|
|
295
314
|
id: "uninstall",
|
|
296
|
-
description: "Interactively remove local private-state
|
|
297
|
-
fields: [],
|
|
298
|
-
usage: "
|
|
315
|
+
description: "Interactively remove local private-state CLI data. By default, wallet spending-key and viewing-key files are preserved.",
|
|
316
|
+
fields: ["includeWalletKeys"],
|
|
317
|
+
usage: "optional --include-wallet-keys",
|
|
318
|
+
help: [
|
|
319
|
+
"Default uninstall preserves wallet spending-key and viewing-key files under the CLI secret root",
|
|
320
|
+
"--include-wallet-keys deletes every local private-state CLI file, including wallet spending-key and viewing-key files",
|
|
321
|
+
"Both modes remove local workspaces, account secrets, wallet secret source files stored under the CLI root, proof artifacts, Tokamak zk-EVM runtime data, and the global CLI package when installed",
|
|
322
|
+
],
|
|
299
323
|
},
|
|
300
324
|
{
|
|
301
325
|
id: "set-rpc",
|
|
@@ -309,12 +333,42 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
309
333
|
"All bridge-facing and wallet commands read RPC settings from this file and do not accept --rpc-url",
|
|
310
334
|
],
|
|
311
335
|
},
|
|
336
|
+
{
|
|
337
|
+
id: "secret-create-private-key-source",
|
|
338
|
+
display: "secret create-private-key-source",
|
|
339
|
+
description: "Prompt for an Ethereum private key and write a local source file for account import.",
|
|
340
|
+
fields: ["output"],
|
|
341
|
+
usage: "--output",
|
|
342
|
+
help: [
|
|
343
|
+
"Prompts in the terminal with masked input and never prints the private key",
|
|
344
|
+
"Writes the source file with restrictive permissions where the operating system supports it",
|
|
345
|
+
"Refuses to overwrite an existing file",
|
|
346
|
+
"After creating the file, import it with account import --private-key-file",
|
|
347
|
+
],
|
|
348
|
+
},
|
|
349
|
+
{
|
|
350
|
+
id: "secret-create-wallet-secret-source",
|
|
351
|
+
display: "secret create-wallet-secret-source",
|
|
352
|
+
description: "Prompt for a wallet secret, or explicitly generate a random one, and write a local source file for channel join.",
|
|
353
|
+
fields: ["output", "random"],
|
|
354
|
+
optionalFields: ["random"],
|
|
355
|
+
usage: "--output and optional --random",
|
|
356
|
+
help: [
|
|
357
|
+
"Prompts in the terminal with masked input by default so the user can type a memorable secret",
|
|
358
|
+
"Use --random only when the user explicitly wants a random wallet secret",
|
|
359
|
+
"Never prints the wallet secret and refuses to overwrite an existing file",
|
|
360
|
+
"After creating the file, pass it to channel join --wallet-secret-path",
|
|
361
|
+
],
|
|
362
|
+
},
|
|
312
363
|
{
|
|
313
364
|
id: "help-commands",
|
|
314
365
|
display: "help commands",
|
|
315
366
|
description: "Show the private-state CLI command reference.",
|
|
316
|
-
fields: [],
|
|
317
|
-
usage: "
|
|
367
|
+
fields: ["json"],
|
|
368
|
+
usage: "optional --json",
|
|
369
|
+
help: [
|
|
370
|
+
"Use --json to emit the full command reference as structured JSON on stdout.",
|
|
371
|
+
],
|
|
318
372
|
},
|
|
319
373
|
{
|
|
320
374
|
id: "help-update",
|
|
@@ -350,17 +404,20 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
350
404
|
"Does not accept --rpc-url and never writes RPC configuration",
|
|
351
405
|
"Recommends bridge deposits only after a wallet is joined and needs channel liquidity",
|
|
352
406
|
"Channel leaders publish workspace mirror files through channel recover-workspace --publish-workspace-mirror, not a standalone publish command",
|
|
407
|
+
"Channel workspace mirror and observer URLs are read from on-chain Channel metadata when available",
|
|
353
408
|
],
|
|
354
409
|
},
|
|
355
410
|
{
|
|
356
411
|
id: "help-observer",
|
|
357
412
|
display: "help observer",
|
|
358
|
-
description: "Show the
|
|
359
|
-
|
|
360
|
-
|
|
413
|
+
description: "Show the public observer URL registered on-chain for a selected Channel.",
|
|
414
|
+
installMode: "read-only",
|
|
415
|
+
fields: ["network", "channelName", "json"],
|
|
416
|
+
usage: "--network, --channel-name, and optional --json",
|
|
361
417
|
help: [
|
|
362
|
-
"
|
|
363
|
-
"
|
|
418
|
+
"Reads the selected Channel's observer URL from on-chain Channel metadata",
|
|
419
|
+
"Fails clearly when the Channel Provider has not registered an observer URL for that Channel",
|
|
420
|
+
"The observer is a Channel-scoped public monitoring surface; it is not a wallet, key manager, or disclosure authority",
|
|
364
421
|
],
|
|
365
422
|
},
|
|
366
423
|
{
|
|
@@ -372,7 +429,7 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
372
429
|
help: [
|
|
373
430
|
"Uses packages/apps/private-state/cli/assets/tx-fees.json as the measured gas source packaged with the CLI",
|
|
374
431
|
"Reads live fee data from the selected network RPC and live ETH/USD from CoinGecko",
|
|
375
|
-
"
|
|
432
|
+
"Use --json for machine-readable fee data when another tool needs to inspect the fee table",
|
|
376
433
|
],
|
|
377
434
|
},
|
|
378
435
|
{
|
|
@@ -384,21 +441,26 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
384
441
|
"Prints the local investigator HTML path and opens it in the default browser",
|
|
385
442
|
"Use wallet get-notes --export-evidence first, then load the raw ZIP in the investigator GUI",
|
|
386
443
|
"The raw evidence ZIP contains full locally known note plaintext and should not be submitted as-is unless full wallet-history disclosure is intended",
|
|
444
|
+
"Do not give the raw evidence ZIP to User-Controlled AI Agents, support channels, or untrusted parties",
|
|
387
445
|
],
|
|
388
446
|
},
|
|
389
447
|
{
|
|
390
448
|
id: "account-import",
|
|
391
449
|
display: "account import",
|
|
392
|
-
description: "Import a private-key source file into a protected local
|
|
450
|
+
description: "Import a private-key source file into a protected local Ethereum account secret for later --account use.",
|
|
393
451
|
fields: ["account", "network", "privateKeyFile"],
|
|
394
452
|
usage: "--account, --network, and --private-key-file",
|
|
395
453
|
},
|
|
396
454
|
{
|
|
397
455
|
id: "account-get-l1-address",
|
|
398
456
|
display: "account get-l1-address",
|
|
399
|
-
description: "
|
|
457
|
+
description: "Read the Ethereum address from a local account alias or the browser wallet.",
|
|
400
458
|
fields: ["account", "network"],
|
|
401
|
-
|
|
459
|
+
optionalFields: ["account"],
|
|
460
|
+
usage: "--network and optional --account",
|
|
461
|
+
help: [
|
|
462
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
463
|
+
],
|
|
402
464
|
},
|
|
403
465
|
{
|
|
404
466
|
id: "account-get-bridge-fund",
|
|
@@ -406,7 +468,11 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
406
468
|
description: "Read the local account's current shared bridge vault balance.",
|
|
407
469
|
installMode: "read-only",
|
|
408
470
|
fields: ["network", "account"],
|
|
409
|
-
|
|
471
|
+
optionalFields: ["account"],
|
|
472
|
+
usage: "--network and optional --account",
|
|
473
|
+
help: [
|
|
474
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
475
|
+
],
|
|
410
476
|
},
|
|
411
477
|
{
|
|
412
478
|
id: "channel-create",
|
|
@@ -414,8 +480,10 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
414
480
|
description: "Create a bridge channel and initialize its workspace.",
|
|
415
481
|
installMode: "full",
|
|
416
482
|
fields: ["channelName", "joinToll", "network", "account"],
|
|
417
|
-
|
|
483
|
+
optionalFields: ["account"],
|
|
484
|
+
usage: "--channel-name, --join-toll, --network, and optional --account",
|
|
418
485
|
help: [
|
|
486
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
419
487
|
"Prints the immutable policy snapshot before sending the transaction",
|
|
420
488
|
"Initializes the local channel workspace by replaying channel logs from channel genesis",
|
|
421
489
|
],
|
|
@@ -451,16 +519,34 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
451
519
|
description: "Register or update the channel leader's workspace mirror base URL.",
|
|
452
520
|
installMode: "full",
|
|
453
521
|
fields: ["channelName", "network", "account", "url"],
|
|
454
|
-
|
|
522
|
+
optionalFields: ["account"],
|
|
523
|
+
usage: "--channel-name, --network, --url, and optional --account",
|
|
455
524
|
help: [
|
|
525
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
456
526
|
"Only the on-chain channel leader can update the registered mirror URL",
|
|
457
527
|
"The URL points to a server implementing the private-state channel workspace mirror protocol",
|
|
458
528
|
],
|
|
459
529
|
},
|
|
530
|
+
{
|
|
531
|
+
id: "channel-abandon-operation",
|
|
532
|
+
display: "channel abandon-operation",
|
|
533
|
+
description: "Let the channel leader permanently stop new joins and channel deposits for a channel.",
|
|
534
|
+
installMode: "full",
|
|
535
|
+
fields: ["channelName", "network", "account"],
|
|
536
|
+
optionalFields: ["account"],
|
|
537
|
+
usage: "--channel-name, --network, and optional --account",
|
|
538
|
+
help: [
|
|
539
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
540
|
+
"Only the on-chain channel leader can abandon channel operation",
|
|
541
|
+
"Abandonment is immediate after the transaction on the selected network is accepted",
|
|
542
|
+
"After abandonment, channel join and wallet deposit-channel are rejected for that channel",
|
|
543
|
+
"Abandonment does not block existing note activity, wallet redeem-notes, wallet withdraw-channel, or channel exit",
|
|
544
|
+
],
|
|
545
|
+
},
|
|
460
546
|
{
|
|
461
547
|
id: "channel-get-meta",
|
|
462
548
|
display: "channel get-meta",
|
|
463
|
-
description: "Read channel existence, manager, vault,
|
|
549
|
+
description: "Read channel existence, manager, vault, Join Toll, refund schedule, operation status, and immutable policy snapshot.",
|
|
464
550
|
installMode: "read-only",
|
|
465
551
|
fields: ["channelName", "network"],
|
|
466
552
|
usage: "--channel-name, --network",
|
|
@@ -470,14 +556,16 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
470
556
|
display: "account deposit-bridge",
|
|
471
557
|
description: "Deposit canonical tokens into the shared bridge vault.",
|
|
472
558
|
installMode: "read-only",
|
|
473
|
-
fields: ["amount", "network", "account"
|
|
474
|
-
|
|
559
|
+
fields: ["amount", "network", "account"],
|
|
560
|
+
optionalFields: ["account"],
|
|
561
|
+
usage: "--amount, --network, and optional --account",
|
|
475
562
|
help: [
|
|
476
|
-
|
|
477
|
-
"
|
|
563
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
564
|
+
"Warning summary: emits public Ethereum mainnet approval and bridge funding events that expose the local Ethereum account, bridge vault, amount, and transaction hashes.",
|
|
565
|
+
"Private note state is not changed by this command; it does not pay a channel Join Toll.",
|
|
478
566
|
ACTION_IMPACT_HELP.exchangeControlledAddress,
|
|
479
567
|
ACTION_IMPACT_HELP.illegalUse,
|
|
480
|
-
ACTION_IMPACT_HELP.
|
|
568
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
481
569
|
],
|
|
482
570
|
},
|
|
483
571
|
{
|
|
@@ -485,14 +573,16 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
485
573
|
display: "account withdraw-bridge",
|
|
486
574
|
description: "Withdraw tokens from the shared bridge vault back to the wallet.",
|
|
487
575
|
installMode: "read-only",
|
|
488
|
-
fields: ["amount", "network", "account"
|
|
489
|
-
|
|
576
|
+
fields: ["amount", "network", "account"],
|
|
577
|
+
optionalFields: ["account"],
|
|
578
|
+
usage: "--amount, --network, and optional --account",
|
|
490
579
|
help: [
|
|
491
|
-
|
|
580
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
581
|
+
"Warning summary: emits a public Ethereum mainnet bridge withdrawal event that exposes the local Ethereum recipient, bridge vault, amount, and transaction hash.",
|
|
492
582
|
"Private note state is not changed by this command; prior note provenance is not public by default.",
|
|
493
583
|
ACTION_IMPACT_HELP.exchangeControlledAddress,
|
|
494
584
|
ACTION_IMPACT_HELP.illegalUse,
|
|
495
|
-
ACTION_IMPACT_HELP.
|
|
585
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
496
586
|
],
|
|
497
587
|
},
|
|
498
588
|
{
|
|
@@ -501,13 +591,14 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
501
591
|
description: "Rebuild a recoverable local wallet from on-chain channel state.",
|
|
502
592
|
installMode: "read-only",
|
|
503
593
|
fields: ["channelName", "network", "account", "walletSecretPath", "fromGenesis"],
|
|
504
|
-
optionalFields: ["walletSecretPath"],
|
|
505
|
-
usage: "--channel-name, --network, --account, optional --wallet-secret-path, optional --from-genesis",
|
|
594
|
+
optionalFields: ["account", "walletSecretPath"],
|
|
595
|
+
usage: "--channel-name, --network, optional --account, optional --wallet-secret-path, optional --from-genesis",
|
|
506
596
|
help: [
|
|
597
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
507
598
|
"Rebuilds backup metadata from channel state without recreating the spending key by default",
|
|
508
|
-
"Derives and stores the viewing key when the
|
|
599
|
+
"Derives and stores the viewing key when the selected L1 signer can reproduce the registered viewing public key",
|
|
509
600
|
"Use --wallet-secret-path only for an active channel registration when you need to rederive and store the spending key",
|
|
510
|
-
"--wallet-secret-path requires the derived spending key to match the current on-chain
|
|
601
|
+
"--wallet-secret-path requires the derived spending key to match the current on-chain channel-local address and storage key before note recovery starts",
|
|
511
602
|
"Exited or non-active accounts can be recovered for viewing/evidence history only; omit --wallet-secret-path for those wallets",
|
|
512
603
|
"Before wallet recovery, refreshes stale channel workspace state only when the saved recovery index delta fits the pre-command budget",
|
|
513
604
|
"Fails and asks for channel recover-workspace first when the channel workspace is missing, unusable, or too stale for automatic recovery",
|
|
@@ -519,22 +610,26 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
519
610
|
{
|
|
520
611
|
id: "channel-join",
|
|
521
612
|
display: "channel join",
|
|
522
|
-
description: "Pay the channel
|
|
613
|
+
description: "Pay the channel Join Toll, the one-time Channel entry fee, and bind a wallet to a channel-specific private application identity.",
|
|
523
614
|
installMode: "full",
|
|
524
|
-
fields: ["channelName", "network", "account", "walletSecretPath"
|
|
525
|
-
|
|
615
|
+
fields: ["channelName", "network", "account", "walletSecretPath"],
|
|
616
|
+
optionalFields: ["account"],
|
|
617
|
+
usage: "--channel-name, --network, --wallet-secret-path, and optional --account",
|
|
526
618
|
help: [
|
|
619
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
527
620
|
"Refreshes the local channel workspace through the saved recovery index before joining when the scan fits the 7,200-block pre-command budget",
|
|
528
621
|
"Fails instead of replaying from genesis; recover from a registered workspace mirror first, and use channel recover-workspace --source rpc --from-genesis only when no compatible mirror is available",
|
|
529
|
-
"--wallet-secret-path is read once for channel-bound
|
|
530
|
-
"
|
|
622
|
+
"--wallet-secret-path is read once for channel-bound spending-key derivation and is not stored in the wallet workspace",
|
|
623
|
+
"With browser-wallet mode, the user approves account connection, chain check, the L2 spending-key message signature, the note-receive viewing-key typed-data signature, any Join Toll token approval, and the join transaction in the browser wallet",
|
|
624
|
+
"Pays any Join Toll directly from the Ethereum wallet, not from bridge-deposited balance",
|
|
625
|
+
"Fails when the selected channel has been abandoned",
|
|
531
626
|
"Prints the immutable policy snapshot before first registration",
|
|
532
|
-
"
|
|
627
|
+
"Warning summary: emits public channel join and token-vault registration events exposing the Ethereum account, channel-local address pair, note-receive public key, Join Toll, and channel id.",
|
|
533
628
|
"Private note state is not changed by this command.",
|
|
534
629
|
ACTION_IMPACT_HELP.policy,
|
|
535
630
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
536
631
|
ACTION_IMPACT_HELP.illegalUse,
|
|
537
|
-
ACTION_IMPACT_HELP.
|
|
632
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
538
633
|
],
|
|
539
634
|
},
|
|
540
635
|
{
|
|
@@ -565,7 +660,7 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
565
660
|
usage: "--network, --wallet, and --output",
|
|
566
661
|
help: [
|
|
567
662
|
"Includes wallet note-tracking metadata, public key metadata, and channel workspace cache",
|
|
568
|
-
"Excludes
|
|
663
|
+
"Excludes Ethereum private keys, spending keys, viewing private keys, wallet secrets, owner, value, and salt",
|
|
569
664
|
],
|
|
570
665
|
},
|
|
571
666
|
{
|
|
@@ -574,21 +669,36 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
574
669
|
description: "Export a secret .key file containing the wallet viewing private key and public viewing-key metadata.",
|
|
575
670
|
fields: ["network", "wallet", "output"],
|
|
576
671
|
usage: "--network, --wallet, and --output",
|
|
672
|
+
help: [
|
|
673
|
+
"Requires an interactive terminal on mainnet because the output file contains secret-bearing viewing authority",
|
|
674
|
+
"Sepolia and anvil exports do not require interactive confirmation",
|
|
675
|
+
"Anyone with the exported file may be able to read and reconstruct note history addressed to this wallet when other required wallet state is available",
|
|
676
|
+
"User-Controlled AI Agents must not confirm this export or receive the exported key file",
|
|
677
|
+
],
|
|
577
678
|
},
|
|
578
679
|
{
|
|
579
680
|
id: "wallet-export-spending-key",
|
|
580
681
|
display: "wallet export spending-key",
|
|
581
|
-
description: "Export a secret .key file containing the wallet
|
|
682
|
+
description: "Export a secret .key file containing the wallet spending private key and public spending-key metadata.",
|
|
582
683
|
fields: ["network", "wallet", "output"],
|
|
583
684
|
usage: "--network, --wallet, and --output",
|
|
685
|
+
help: [
|
|
686
|
+
"Requires an interactive terminal on mainnet because the output file contains secret-bearing spending authority",
|
|
687
|
+
"Sepolia and anvil exports do not require interactive confirmation",
|
|
688
|
+
"Anyone with the exported file may be able to spend, transfer, or redeem Private Notes when other required wallet state is available",
|
|
689
|
+
"User-Controlled AI Agents must not confirm this export or receive the exported key file",
|
|
690
|
+
],
|
|
584
691
|
},
|
|
585
692
|
{
|
|
586
693
|
id: "wallet-import-backup",
|
|
587
694
|
display: "wallet import backup",
|
|
588
695
|
description: "Import a backup ZIP created by wallet export backup.",
|
|
589
|
-
fields: ["input"],
|
|
590
|
-
|
|
696
|
+
fields: ["input", "network"],
|
|
697
|
+
optionalFields: ["network"],
|
|
698
|
+
usage: "--input and optional --network",
|
|
591
699
|
help: [
|
|
700
|
+
"Use --network anvil or --network sepolia for non-mainnet imports that should not require Service Terms acceptance",
|
|
701
|
+
"Mainnet imports, and imports without a network selector, require current Service Terms acceptance",
|
|
592
702
|
"Refuses to overwrite existing wallet metadata or workspace cache files",
|
|
593
703
|
"Does not grant viewing or spending authority; import the corresponding key files separately when needed",
|
|
594
704
|
],
|
|
@@ -597,59 +707,62 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
597
707
|
id: "wallet-import-viewing-key",
|
|
598
708
|
display: "wallet import viewing-key",
|
|
599
709
|
description: "Import a secret .key file created by wallet export viewing-key.",
|
|
600
|
-
fields: ["input"],
|
|
601
|
-
|
|
710
|
+
fields: ["input", "network"],
|
|
711
|
+
optionalFields: ["network"],
|
|
712
|
+
usage: "--input and optional --network",
|
|
602
713
|
},
|
|
603
714
|
{
|
|
604
715
|
id: "wallet-import-spending-key",
|
|
605
716
|
display: "wallet import spending-key",
|
|
606
717
|
description: "Import a secret .key file created by wallet export spending-key.",
|
|
607
|
-
fields: ["input"],
|
|
608
|
-
|
|
718
|
+
fields: ["input", "network"],
|
|
719
|
+
optionalFields: ["network"],
|
|
720
|
+
usage: "--input and optional --network",
|
|
609
721
|
},
|
|
610
722
|
{
|
|
611
723
|
id: "wallet-deposit-channel",
|
|
612
724
|
display: "wallet deposit-channel",
|
|
613
|
-
description: "Move bridged funds into the channel
|
|
725
|
+
description: "Move bridged funds into the channel accounting balance.",
|
|
614
726
|
installMode: "full",
|
|
615
|
-
fields: ["wallet", "network", "amount"
|
|
616
|
-
usage: "--wallet, --network, --amount
|
|
727
|
+
fields: ["wallet", "network", "amount"],
|
|
728
|
+
usage: "--wallet, --network, --amount",
|
|
617
729
|
help: [
|
|
618
730
|
"Refreshes the local channel workspace through the saved recovery index before proving the deposit when the scan fits the 7,200-block pre-command budget",
|
|
619
|
-
"
|
|
731
|
+
"Fails when the selected channel has been abandoned",
|
|
732
|
+
"Warning summary: emits public proof-backed bridge/channel accounting events exposing the Ethereum submitter, registered channel-local address, amount, channel id, and transaction hash.",
|
|
620
733
|
"Private note state is not changed by this command.",
|
|
621
734
|
ACTION_IMPACT_HELP.policy,
|
|
622
735
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
623
736
|
ACTION_IMPACT_HELP.illegalUse,
|
|
624
|
-
ACTION_IMPACT_HELP.
|
|
737
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
625
738
|
],
|
|
626
739
|
},
|
|
627
740
|
{
|
|
628
741
|
id: "wallet-withdraw-channel",
|
|
629
742
|
display: "wallet withdraw-channel",
|
|
630
|
-
description: "Move channel
|
|
743
|
+
description: "Move channel balance back into the shared bridge vault.",
|
|
631
744
|
installMode: "full",
|
|
632
|
-
fields: ["wallet", "network", "amount"
|
|
633
|
-
usage: "--wallet, --network, --amount
|
|
745
|
+
fields: ["wallet", "network", "amount"],
|
|
746
|
+
usage: "--wallet, --network, --amount",
|
|
634
747
|
help: [
|
|
635
748
|
"Refreshes the local channel workspace through the saved recovery index before proving the withdrawal when the scan fits the 7,200-block pre-command budget",
|
|
636
|
-
"
|
|
749
|
+
"Warning summary: emits public proof-backed bridge/channel accounting events exposing the Ethereum submitter, registered channel-local address, amount, channel id, and transaction hash.",
|
|
637
750
|
"Private note state is not changed by this command; prior note provenance is not public by default.",
|
|
638
751
|
ACTION_IMPACT_HELP.provenance,
|
|
639
752
|
ACTION_IMPACT_HELP.policy,
|
|
640
753
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
641
754
|
ACTION_IMPACT_HELP.illegalUse,
|
|
642
|
-
ACTION_IMPACT_HELP.
|
|
755
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
643
756
|
],
|
|
644
757
|
},
|
|
645
758
|
{
|
|
646
759
|
id: "wallet-get-channel-fund",
|
|
647
760
|
display: "wallet get-channel-fund",
|
|
648
|
-
description: "Read the current channel
|
|
761
|
+
description: "Read the current channel accounting balance.",
|
|
649
762
|
installMode: "read-only",
|
|
650
763
|
fields: ["wallet", "network"],
|
|
651
764
|
usage: "--wallet and --network",
|
|
652
|
-
help: ["Refreshes the local channel workspace through the saved recovery index before reading the
|
|
765
|
+
help: ["Refreshes the local channel workspace through the saved recovery index before reading the channel accounting balance when the scan fits the 7,200-block pre-command budget"],
|
|
653
766
|
},
|
|
654
767
|
{
|
|
655
768
|
id: "channel-exit",
|
|
@@ -660,6 +773,13 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
660
773
|
usage: "--wallet and --network",
|
|
661
774
|
help: [
|
|
662
775
|
"Refreshes the local channel workspace through the saved recovery index before checking the channel balance when the scan fits the 7,200-block pre-command budget",
|
|
776
|
+
"Warning summary: emits public channel exit and Join Toll refund events exposing the Ethereum account, channel id, refund quote, transaction hash, and wallet registration exit status.",
|
|
777
|
+
"Private note plaintext and prior note provenance are not public by default, but the wallet epoch is locally marked as exited.",
|
|
778
|
+
ACTION_IMPACT_HELP.provenance,
|
|
779
|
+
ACTION_IMPACT_HELP.policy,
|
|
780
|
+
ACTION_IMPACT_HELP.secretRecovery,
|
|
781
|
+
ACTION_IMPACT_HELP.illegalUse,
|
|
782
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
663
783
|
"Marks the current local wallet epoch as exited and keeps its note metadata available for historical evidence export",
|
|
664
784
|
],
|
|
665
785
|
},
|
|
@@ -668,19 +788,21 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
668
788
|
display: "wallet mint-notes",
|
|
669
789
|
description: "Mint one or two private-state notes from the wallet's channel balance.",
|
|
670
790
|
installMode: "full",
|
|
671
|
-
fields: ["wallet", "network", "amounts", "
|
|
672
|
-
usage: "--wallet, --network, --amounts,
|
|
791
|
+
fields: ["wallet", "network", "amounts", "txSubmitter"],
|
|
792
|
+
usage: "--wallet, --network, --amounts, and optional --tx-submitter",
|
|
673
793
|
help: [
|
|
674
794
|
"Refreshes the local channel workspace through the saved recovery index before proving the mint when the scan fits the 7,200-block pre-command budget",
|
|
675
795
|
"Requires both viewing and spending key capability so the accepted mint can be recovered through the normal note event path",
|
|
676
|
-
"Use --tx-submitter <ACCOUNT>
|
|
677
|
-
|
|
796
|
+
"Use --tx-submitter <ACCOUNT> when a separate local Ethereum account should submit the transaction and pay gas",
|
|
797
|
+
ACTION_IMPACT_HELP.browserWalletTxSubmitter,
|
|
798
|
+
ACTION_IMPACT_HELP.localL2Keys,
|
|
799
|
+
"Warning summary: emits public accepted-transition, commitment, encrypted note-delivery, root update, and transaction events.",
|
|
678
800
|
"Private note state changes by creating local note plaintext and public commitments; note owner/value/salt are not public by default.",
|
|
679
801
|
ACTION_IMPACT_HELP.provenance,
|
|
680
802
|
ACTION_IMPACT_HELP.policy,
|
|
681
803
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
682
804
|
ACTION_IMPACT_HELP.illegalUse,
|
|
683
|
-
ACTION_IMPACT_HELP.
|
|
805
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
684
806
|
],
|
|
685
807
|
},
|
|
686
808
|
{
|
|
@@ -688,23 +810,25 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
688
810
|
display: "wallet transfer-notes",
|
|
689
811
|
description: "Spend input notes into the registered 1->1, 1->2, or 2->1 private transfer shapes.",
|
|
690
812
|
installMode: "full",
|
|
691
|
-
fields: ["wallet", "network", "noteIds", "recipients", "amounts", "
|
|
692
|
-
usage: "--wallet, --network, --note-ids <JSON_ARRAY>, --recipients <JSON_ARRAY>, --amounts <JSON_ARRAY>,
|
|
813
|
+
fields: ["wallet", "network", "noteIds", "recipients", "amounts", "txSubmitter"],
|
|
814
|
+
usage: "--wallet, --network, --note-ids <JSON_ARRAY>, --recipients <JSON_ARRAY>, --amounts <JSON_ARRAY>, and optional --tx-submitter",
|
|
693
815
|
help: [
|
|
694
816
|
"--note-ids must be a JSON array of input note commitment IDs from wallet get-notes, for example '[\"0xNOTE1\",\"0xNOTE2\"]'",
|
|
695
|
-
"--recipients must be a JSON array of recipient
|
|
817
|
+
"--recipients must be a JSON array of recipient channel-local addresses, for example '[\"0xRECIPIENT1\",\"0xRECIPIENT2\"]'",
|
|
696
818
|
"--amounts must be a JSON array of token amounts, preferably quoted for decimals, for example '[\"1.5\",\"2\"]'",
|
|
697
819
|
"--recipients length must equal --amounts length; supported transfer shapes are 1->1, 1->2, and 2->1",
|
|
698
820
|
"The sum of output amounts must equal the sum of the selected input note values",
|
|
699
821
|
"Refreshes the local channel workspace and received-note logs through saved recovery indexes before proving the transfer when scans fit the 7,200-block pre-command budget",
|
|
700
|
-
"Use --tx-submitter <ACCOUNT>
|
|
701
|
-
|
|
822
|
+
"Use --tx-submitter <ACCOUNT> when a separate local Ethereum account should submit the transaction and pay gas",
|
|
823
|
+
ACTION_IMPACT_HELP.browserWalletTxSubmitter,
|
|
824
|
+
ACTION_IMPACT_HELP.localL2Keys,
|
|
825
|
+
"Warning summary: emits public accepted-transition, input nullifier, output commitment, encrypted note-delivery, root update, and transaction events.",
|
|
702
826
|
"Private note state changes by consuming selected input notes and creating output notes; sender-recipient relationship, note plaintext, and note provenance are not public by default.",
|
|
703
827
|
ACTION_IMPACT_HELP.provenance,
|
|
704
828
|
ACTION_IMPACT_HELP.policy,
|
|
705
829
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
706
830
|
ACTION_IMPACT_HELP.illegalUse,
|
|
707
|
-
ACTION_IMPACT_HELP.
|
|
831
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
708
832
|
],
|
|
709
833
|
},
|
|
710
834
|
{
|
|
@@ -712,18 +836,20 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
712
836
|
display: "wallet redeem-notes",
|
|
713
837
|
description: "Redeem one tracked note back into the wallet's channel balance.",
|
|
714
838
|
installMode: "full",
|
|
715
|
-
fields: ["wallet", "network", "noteIds", "
|
|
716
|
-
usage: "--wallet, --network, --note-ids,
|
|
839
|
+
fields: ["wallet", "network", "noteIds", "txSubmitter"],
|
|
840
|
+
usage: "--wallet, --network, --note-ids, and optional --tx-submitter",
|
|
717
841
|
help: [
|
|
718
842
|
"Refreshes the local channel workspace and received-note logs through saved recovery indexes before proving the redeem when scans fit the 7,200-block pre-command budget",
|
|
719
|
-
"Use --tx-submitter <ACCOUNT>
|
|
720
|
-
|
|
843
|
+
"Use --tx-submitter <ACCOUNT> when a separate local Ethereum account should submit the transaction and pay gas",
|
|
844
|
+
ACTION_IMPACT_HELP.browserWalletTxSubmitter,
|
|
845
|
+
ACTION_IMPACT_HELP.localL2Keys,
|
|
846
|
+
"Warning summary: emits public accepted-transition, note nullifier, accounting update, root update, and transaction events.",
|
|
721
847
|
"Private note state changes by consuming selected notes; prior note provenance is not public by default.",
|
|
722
848
|
ACTION_IMPACT_HELP.provenance,
|
|
723
849
|
ACTION_IMPACT_HELP.policy,
|
|
724
850
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
725
851
|
ACTION_IMPACT_HELP.illegalUse,
|
|
726
|
-
ACTION_IMPACT_HELP.
|
|
852
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
727
853
|
],
|
|
728
854
|
},
|
|
729
855
|
{
|
|
@@ -731,14 +857,16 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
731
857
|
display: "wallet get-notes",
|
|
732
858
|
description: "Refresh received notes when the saved recovery index is recent, then show tracked note state.",
|
|
733
859
|
installMode: "read-only",
|
|
734
|
-
fields: ["wallet", "network", "exportEvidence"
|
|
735
|
-
usage: "--wallet, --network, optional --export-evidence
|
|
860
|
+
fields: ["wallet", "network", "exportEvidence"],
|
|
861
|
+
usage: "--wallet, --network, and optional --export-evidence",
|
|
736
862
|
help: [
|
|
737
863
|
"Refreshes the local channel workspace through the saved recovery index before reading notes when the scan fits the 7,200-block pre-command budget",
|
|
738
864
|
"Refreshes received-note logs through the saved wallet note recovery index when the scan fits the 7,200-block pre-command budget",
|
|
739
865
|
"Fails instead of replaying from genesis; run wallet recover-workspace first when explicit wallet recovery is required",
|
|
740
|
-
"Use --export-evidence <PATH>
|
|
741
|
-
"
|
|
866
|
+
"Use --export-evidence <PATH> to write a local full-note evidence ZIP for private-state-cli investigator; mainnet export requires interactive confirmation",
|
|
867
|
+
"Sepolia and anvil evidence exports do not require interactive confirmation",
|
|
868
|
+
"The raw evidence ZIP may include plaintext note facts for all locally known notes and retained exited epochs for the selected wallet",
|
|
869
|
+
"User-Controlled AI Agents must not confirm this export or receive the raw evidence ZIP",
|
|
742
870
|
],
|
|
743
871
|
},
|
|
744
872
|
]);
|