@tokamak-private-dapps/private-state-cli 2.4.3 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +94 -4
- package/README.md +230 -90
- package/agents.md +1476 -148
- package/assets/service-terms.md +294 -0
- package/assets/tx-fees.json +4 -4
- package/commands/account.mjs +5 -1
- package/commands/channel.mjs +14 -0
- package/commands/index.mjs +5 -0
- package/commands/notes.mjs +5 -0
- package/commands/secret.mjs +20 -0
- package/commands/system.mjs +7 -2
- package/commands/wallet.mjs +12 -2
- package/investigator/README.md +13 -11
- package/investigator/index.html +1 -1
- package/lib/private-state-browser-wallet-helpers.mjs +91 -0
- package/lib/private-state-cli-command-registry.mjs +222 -97
- package/lib/private-state-runtime-management.mjs +90 -10
- package/lib/private-state-terms.mjs +35 -0
- package/lib/runtime.mjs +3493 -399
- package/package.json +3 -3
- package/private-state-bridge-cli.mjs +1 -1
- package/cli-assistant.html +0 -1534
|
@@ -53,6 +53,7 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
53
53
|
type: "text",
|
|
54
54
|
placeholder: "my-account",
|
|
55
55
|
valueLabel: "<NAME>",
|
|
56
|
+
hint: "Local account alias. Omit it on supported commands to use a MetaMask-compatible browser wallet instead.",
|
|
56
57
|
option: "--account",
|
|
57
58
|
},
|
|
58
59
|
leaderAccount: {
|
|
@@ -69,7 +70,7 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
69
70
|
type: "text",
|
|
70
71
|
placeholder: "relayer-account",
|
|
71
72
|
valueLabel: "<ACCOUNT>",
|
|
72
|
-
hint: "Optional for proof-backed note commands.
|
|
73
|
+
hint: "Optional for proof-backed note commands. Use --tx-submitter <ACCOUNT> for a local submitter, or --tx-submitter without a value for browser-wallet submission of executeChannelTransaction.",
|
|
73
74
|
option: "--tx-submitter",
|
|
74
75
|
optional: true,
|
|
75
76
|
},
|
|
@@ -99,7 +100,7 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
99
100
|
wallet: {
|
|
100
101
|
label: "Wallet Name",
|
|
101
102
|
type: "text",
|
|
102
|
-
placeholder: "channel-
|
|
103
|
+
placeholder: "channel-0xYourEthereumAddress",
|
|
103
104
|
valueLabel: "<NAME>",
|
|
104
105
|
option: "--wallet",
|
|
105
106
|
},
|
|
@@ -110,6 +111,13 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
110
111
|
valueLabel: "<PATH>",
|
|
111
112
|
option: "--output",
|
|
112
113
|
},
|
|
114
|
+
random: {
|
|
115
|
+
label: "Random Secret",
|
|
116
|
+
type: "checkbox",
|
|
117
|
+
hint: "Generate a random wallet secret instead of prompting the user to type one.",
|
|
118
|
+
option: "--random",
|
|
119
|
+
optional: true,
|
|
120
|
+
},
|
|
113
121
|
exportEvidence: {
|
|
114
122
|
label: "Evidence ZIP",
|
|
115
123
|
type: "text",
|
|
@@ -119,19 +127,6 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
119
127
|
option: "--export-evidence",
|
|
120
128
|
optional: true,
|
|
121
129
|
},
|
|
122
|
-
acknowledgeFullNotePlaintextExport: {
|
|
123
|
-
label: "Acknowledge Note Plaintext Export",
|
|
124
|
-
type: "checkbox",
|
|
125
|
-
hint: "Required with --export-evidence. Confirms that all locally known note plaintext will be written to the ZIP.",
|
|
126
|
-
option: "--acknowledge-full-note-plaintext-export",
|
|
127
|
-
optional: true,
|
|
128
|
-
},
|
|
129
|
-
acknowledgeActionImpact: {
|
|
130
|
-
label: "Acknowledge Action Impact",
|
|
131
|
-
type: "checkbox",
|
|
132
|
-
hint: "Required for transaction-sending bridge, channel, and note commands. Confirms that the user reviewed the public/private action-impact warning.",
|
|
133
|
-
option: "--acknowledge-action-impact",
|
|
134
|
-
},
|
|
135
130
|
input: {
|
|
136
131
|
label: "Input File",
|
|
137
132
|
type: "text",
|
|
@@ -165,9 +160,9 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
165
160
|
recipients: {
|
|
166
161
|
label: "Recipients JSON",
|
|
167
162
|
type: "textarea",
|
|
168
|
-
placeholder: "[\"
|
|
163
|
+
placeholder: "[\"0xRecipientChannelAddress\"]",
|
|
169
164
|
valueLabel: "<JSON_ARRAY>",
|
|
170
|
-
hint: "JSON array of recipient
|
|
165
|
+
hint: "JSON array of recipient channel-local addresses. Its length must match --amounts.",
|
|
171
166
|
option: "--recipients",
|
|
172
167
|
},
|
|
173
168
|
docker: {
|
|
@@ -207,6 +202,20 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
207
202
|
option: "--read-only",
|
|
208
203
|
optional: true,
|
|
209
204
|
},
|
|
205
|
+
terminalTerms: {
|
|
206
|
+
label: "Terminal Terms Acceptance",
|
|
207
|
+
type: "checkbox",
|
|
208
|
+
hint: "Use terminal-only Terms acceptance instead of the default local browser Terms page.",
|
|
209
|
+
option: "--terminal-terms",
|
|
210
|
+
optional: true,
|
|
211
|
+
},
|
|
212
|
+
includeWalletKeys: {
|
|
213
|
+
label: "Include Wallet Keys",
|
|
214
|
+
type: "checkbox",
|
|
215
|
+
hint: "With uninstall, delete wallet spending-key and viewing-key files instead of preserving them.",
|
|
216
|
+
option: "--include-wallet-keys",
|
|
217
|
+
optional: true,
|
|
218
|
+
},
|
|
210
219
|
fromGenesis: {
|
|
211
220
|
label: "Scan From Genesis",
|
|
212
221
|
type: "checkbox",
|
|
@@ -269,21 +278,31 @@ export const PRIVATE_STATE_CLI_FIELD_CATALOG = Object.freeze({
|
|
|
269
278
|
});
|
|
270
279
|
|
|
271
280
|
const ACTION_IMPACT_HELP = Object.freeze({
|
|
272
|
-
|
|
281
|
+
warningSummary: "The CLI shows a warning summary before the command proceeds; User-Controlled AI Agents must not accept Terms or confirmations for the user.",
|
|
273
282
|
illegalUse: "The command must not be used for money laundering, sanctions evasion, terrorist financing, illegal gambling, criminal-proceeds concealment, or regulatory evasion.",
|
|
274
|
-
secretRecovery: "Losing wallet secrets, viewing keys, or spending keys can prevent note discovery or note use;
|
|
283
|
+
secretRecovery: "Losing wallet secrets, viewing keys, or spending keys can prevent note discovery or note use; if all required secret material and backups are lost, no recovery method exists.",
|
|
275
284
|
exchangeControlledAddress: "Do not use an exchange-controlled address as a self-custody bridge source or direct bridge withdrawal target.",
|
|
276
285
|
policy: "The user must review the channel policy snapshot before accepting channel-bound actions.",
|
|
277
286
|
provenance: "Public observers cannot reconstruct private note counterparty relationships or note provenance from public contract state alone.",
|
|
287
|
+
browserWalletAccount: "Omit --account to use a MetaMask-compatible browser wallet instead of a local account alias; the CLI does not read or store the raw L1 private key in this mode.",
|
|
288
|
+
browserWalletTxSubmitter: "Use --tx-submitter without a value when a browser wallet should submit executeChannelTransaction and pay gas.",
|
|
289
|
+
localL2Keys: "Browser-wallet L1 signing does not replace local wallet keys; note commands still use the local viewing key and spending key.",
|
|
278
290
|
});
|
|
279
291
|
|
|
280
292
|
export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
281
293
|
{
|
|
282
294
|
id: "install",
|
|
283
295
|
description: "Install private-state CLI runtime artifacts in full or read-only mode.",
|
|
284
|
-
fields: ["readOnly", "docker", "includeLocalArtifacts", "groth16CliVersion", "tokamakZkEvmCliVersion"],
|
|
285
|
-
|
|
296
|
+
fields: ["network", "readOnly", "docker", "includeLocalArtifacts", "terminalTerms", "groth16CliVersion", "tokamakZkEvmCliVersion"],
|
|
297
|
+
optionalFields: ["network"],
|
|
298
|
+
usage: "optional --network, --read-only, --docker, --include-local-artifacts, --terminal-terms, --groth16-cli-version, and --tokamak-zk-evm-cli-version",
|
|
286
299
|
help: [
|
|
300
|
+
"Use --network to install only that network's deployment artifacts",
|
|
301
|
+
"Mainnet install, or install without --network, opens a local browser Terms page and requires explicit human acceptance before installation proceeds",
|
|
302
|
+
"Sepolia and anvil installs do not require Terms acceptance",
|
|
303
|
+
"Use --terminal-terms only when the local browser flow cannot be used for a Terms-gated install",
|
|
304
|
+
"--json reports that browser-based interactive Terms acceptance is required for Terms-gated installs and does not install artifacts",
|
|
305
|
+
"Install results include the canonical Terms version and deterministic Terms hash",
|
|
287
306
|
"Default full mode installs proof runtimes and all deployment artifacts needed by transaction-sending commands",
|
|
288
307
|
"--read-only installs only artifacts needed by channel-state read commands and commands unrelated to channel state",
|
|
289
308
|
"Version options install exact CLI package versions; omitted versions resolve to npm registry latest",
|
|
@@ -293,9 +312,14 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
293
312
|
},
|
|
294
313
|
{
|
|
295
314
|
id: "uninstall",
|
|
296
|
-
description: "Interactively remove local private-state
|
|
297
|
-
fields: [],
|
|
298
|
-
usage: "
|
|
315
|
+
description: "Interactively remove local private-state CLI data. By default, wallet spending-key and viewing-key files are preserved.",
|
|
316
|
+
fields: ["includeWalletKeys"],
|
|
317
|
+
usage: "optional --include-wallet-keys",
|
|
318
|
+
help: [
|
|
319
|
+
"Default uninstall preserves wallet spending-key and viewing-key files under the CLI secret root",
|
|
320
|
+
"--include-wallet-keys deletes every local private-state CLI file, including wallet spending-key and viewing-key files",
|
|
321
|
+
"Both modes remove local workspaces, account secrets, wallet secret source files stored under the CLI root, proof artifacts, Tokamak zk-EVM runtime data, and the global CLI package when installed",
|
|
322
|
+
],
|
|
299
323
|
},
|
|
300
324
|
{
|
|
301
325
|
id: "set-rpc",
|
|
@@ -309,6 +333,33 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
309
333
|
"All bridge-facing and wallet commands read RPC settings from this file and do not accept --rpc-url",
|
|
310
334
|
],
|
|
311
335
|
},
|
|
336
|
+
{
|
|
337
|
+
id: "secret-create-private-key-source",
|
|
338
|
+
display: "secret create-private-key-source",
|
|
339
|
+
description: "Prompt for an Ethereum private key and write a local source file for account import.",
|
|
340
|
+
fields: ["output"],
|
|
341
|
+
usage: "--output",
|
|
342
|
+
help: [
|
|
343
|
+
"Prompts in the terminal with masked input and never prints the private key",
|
|
344
|
+
"Writes the source file with restrictive permissions where the operating system supports it",
|
|
345
|
+
"Refuses to overwrite an existing file",
|
|
346
|
+
"After creating the file, import it with account import --private-key-file",
|
|
347
|
+
],
|
|
348
|
+
},
|
|
349
|
+
{
|
|
350
|
+
id: "secret-create-wallet-secret-source",
|
|
351
|
+
display: "secret create-wallet-secret-source",
|
|
352
|
+
description: "Prompt for a wallet secret, or explicitly generate a random one, and write a local source file for channel join.",
|
|
353
|
+
fields: ["output", "random"],
|
|
354
|
+
optionalFields: ["random"],
|
|
355
|
+
usage: "--output and optional --random",
|
|
356
|
+
help: [
|
|
357
|
+
"Prompts in the terminal with masked input by default so the user can type a memorable secret",
|
|
358
|
+
"Use --random only when the user explicitly wants a random wallet secret",
|
|
359
|
+
"Never prints the wallet secret and refuses to overwrite an existing file",
|
|
360
|
+
"After creating the file, pass it to channel join --wallet-secret-path",
|
|
361
|
+
],
|
|
362
|
+
},
|
|
312
363
|
{
|
|
313
364
|
id: "help-commands",
|
|
314
365
|
display: "help commands",
|
|
@@ -353,17 +404,20 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
353
404
|
"Does not accept --rpc-url and never writes RPC configuration",
|
|
354
405
|
"Recommends bridge deposits only after a wallet is joined and needs channel liquidity",
|
|
355
406
|
"Channel leaders publish workspace mirror files through channel recover-workspace --publish-workspace-mirror, not a standalone publish command",
|
|
407
|
+
"Channel workspace mirror and observer URLs are read from on-chain Channel metadata when available",
|
|
356
408
|
],
|
|
357
409
|
},
|
|
358
410
|
{
|
|
359
411
|
id: "help-observer",
|
|
360
412
|
display: "help observer",
|
|
361
|
-
description: "Show the
|
|
362
|
-
|
|
363
|
-
|
|
413
|
+
description: "Show the public observer URL registered on-chain for a selected Channel.",
|
|
414
|
+
installMode: "read-only",
|
|
415
|
+
fields: ["network", "channelName", "json"],
|
|
416
|
+
usage: "--network, --channel-name, and optional --json",
|
|
364
417
|
help: [
|
|
365
|
-
"
|
|
366
|
-
"
|
|
418
|
+
"Reads the selected Channel's observer URL from on-chain Channel metadata",
|
|
419
|
+
"Fails clearly when the Channel Provider has not registered an observer URL for that Channel",
|
|
420
|
+
"The observer is a Channel-scoped public monitoring surface; it is not a wallet, key manager, or disclosure authority",
|
|
367
421
|
],
|
|
368
422
|
},
|
|
369
423
|
{
|
|
@@ -375,7 +429,7 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
375
429
|
help: [
|
|
376
430
|
"Uses packages/apps/private-state/cli/assets/tx-fees.json as the measured gas source packaged with the CLI",
|
|
377
431
|
"Reads live fee data from the selected network RPC and live ETH/USD from CoinGecko",
|
|
378
|
-
"
|
|
432
|
+
"Use --json for machine-readable fee data when another tool needs to inspect the fee table",
|
|
379
433
|
],
|
|
380
434
|
},
|
|
381
435
|
{
|
|
@@ -387,21 +441,26 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
387
441
|
"Prints the local investigator HTML path and opens it in the default browser",
|
|
388
442
|
"Use wallet get-notes --export-evidence first, then load the raw ZIP in the investigator GUI",
|
|
389
443
|
"The raw evidence ZIP contains full locally known note plaintext and should not be submitted as-is unless full wallet-history disclosure is intended",
|
|
444
|
+
"Do not give the raw evidence ZIP to User-Controlled AI Agents, support channels, or untrusted parties",
|
|
390
445
|
],
|
|
391
446
|
},
|
|
392
447
|
{
|
|
393
448
|
id: "account-import",
|
|
394
449
|
display: "account import",
|
|
395
|
-
description: "Import a private-key source file into a protected local
|
|
450
|
+
description: "Import a private-key source file into a protected local Ethereum account secret for later --account use.",
|
|
396
451
|
fields: ["account", "network", "privateKeyFile"],
|
|
397
452
|
usage: "--account, --network, and --private-key-file",
|
|
398
453
|
},
|
|
399
454
|
{
|
|
400
455
|
id: "account-get-l1-address",
|
|
401
456
|
display: "account get-l1-address",
|
|
402
|
-
description: "
|
|
457
|
+
description: "Read the Ethereum address from a local account alias or the browser wallet.",
|
|
403
458
|
fields: ["account", "network"],
|
|
404
|
-
|
|
459
|
+
optionalFields: ["account"],
|
|
460
|
+
usage: "--network and optional --account",
|
|
461
|
+
help: [
|
|
462
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
463
|
+
],
|
|
405
464
|
},
|
|
406
465
|
{
|
|
407
466
|
id: "account-get-bridge-fund",
|
|
@@ -409,7 +468,11 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
409
468
|
description: "Read the local account's current shared bridge vault balance.",
|
|
410
469
|
installMode: "read-only",
|
|
411
470
|
fields: ["network", "account"],
|
|
412
|
-
|
|
471
|
+
optionalFields: ["account"],
|
|
472
|
+
usage: "--network and optional --account",
|
|
473
|
+
help: [
|
|
474
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
475
|
+
],
|
|
413
476
|
},
|
|
414
477
|
{
|
|
415
478
|
id: "channel-create",
|
|
@@ -417,8 +480,10 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
417
480
|
description: "Create a bridge channel and initialize its workspace.",
|
|
418
481
|
installMode: "full",
|
|
419
482
|
fields: ["channelName", "joinToll", "network", "account"],
|
|
420
|
-
|
|
483
|
+
optionalFields: ["account"],
|
|
484
|
+
usage: "--channel-name, --join-toll, --network, and optional --account",
|
|
421
485
|
help: [
|
|
486
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
422
487
|
"Prints the immutable policy snapshot before sending the transaction",
|
|
423
488
|
"Initializes the local channel workspace by replaying channel logs from channel genesis",
|
|
424
489
|
],
|
|
@@ -454,16 +519,34 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
454
519
|
description: "Register or update the channel leader's workspace mirror base URL.",
|
|
455
520
|
installMode: "full",
|
|
456
521
|
fields: ["channelName", "network", "account", "url"],
|
|
457
|
-
|
|
522
|
+
optionalFields: ["account"],
|
|
523
|
+
usage: "--channel-name, --network, --url, and optional --account",
|
|
458
524
|
help: [
|
|
525
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
459
526
|
"Only the on-chain channel leader can update the registered mirror URL",
|
|
460
527
|
"The URL points to a server implementing the private-state channel workspace mirror protocol",
|
|
461
528
|
],
|
|
462
529
|
},
|
|
530
|
+
{
|
|
531
|
+
id: "channel-abandon-operation",
|
|
532
|
+
display: "channel abandon-operation",
|
|
533
|
+
description: "Let the channel leader permanently stop new joins and channel deposits for a channel.",
|
|
534
|
+
installMode: "full",
|
|
535
|
+
fields: ["channelName", "network", "account"],
|
|
536
|
+
optionalFields: ["account"],
|
|
537
|
+
usage: "--channel-name, --network, and optional --account",
|
|
538
|
+
help: [
|
|
539
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
540
|
+
"Only the on-chain channel leader can abandon channel operation",
|
|
541
|
+
"Abandonment is immediate after the transaction on the selected network is accepted",
|
|
542
|
+
"After abandonment, channel join and wallet deposit-channel are rejected for that channel",
|
|
543
|
+
"Abandonment does not block existing note activity, wallet redeem-notes, wallet withdraw-channel, or channel exit",
|
|
544
|
+
],
|
|
545
|
+
},
|
|
463
546
|
{
|
|
464
547
|
id: "channel-get-meta",
|
|
465
548
|
display: "channel get-meta",
|
|
466
|
-
description: "Read channel existence, manager, vault,
|
|
549
|
+
description: "Read channel existence, manager, vault, Join Toll, refund schedule, operation status, and immutable policy snapshot.",
|
|
467
550
|
installMode: "read-only",
|
|
468
551
|
fields: ["channelName", "network"],
|
|
469
552
|
usage: "--channel-name, --network",
|
|
@@ -473,14 +556,16 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
473
556
|
display: "account deposit-bridge",
|
|
474
557
|
description: "Deposit canonical tokens into the shared bridge vault.",
|
|
475
558
|
installMode: "read-only",
|
|
476
|
-
fields: ["amount", "network", "account"
|
|
477
|
-
|
|
559
|
+
fields: ["amount", "network", "account"],
|
|
560
|
+
optionalFields: ["account"],
|
|
561
|
+
usage: "--amount, --network, and optional --account",
|
|
478
562
|
help: [
|
|
479
|
-
|
|
480
|
-
"
|
|
563
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
564
|
+
"Warning summary: emits public Ethereum mainnet approval and bridge funding events that expose the local Ethereum account, bridge vault, amount, and transaction hashes.",
|
|
565
|
+
"Private note state is not changed by this command; it does not pay a channel Join Toll.",
|
|
481
566
|
ACTION_IMPACT_HELP.exchangeControlledAddress,
|
|
482
567
|
ACTION_IMPACT_HELP.illegalUse,
|
|
483
|
-
ACTION_IMPACT_HELP.
|
|
568
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
484
569
|
],
|
|
485
570
|
},
|
|
486
571
|
{
|
|
@@ -488,14 +573,16 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
488
573
|
display: "account withdraw-bridge",
|
|
489
574
|
description: "Withdraw tokens from the shared bridge vault back to the wallet.",
|
|
490
575
|
installMode: "read-only",
|
|
491
|
-
fields: ["amount", "network", "account"
|
|
492
|
-
|
|
576
|
+
fields: ["amount", "network", "account"],
|
|
577
|
+
optionalFields: ["account"],
|
|
578
|
+
usage: "--amount, --network, and optional --account",
|
|
493
579
|
help: [
|
|
494
|
-
|
|
580
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
581
|
+
"Warning summary: emits a public Ethereum mainnet bridge withdrawal event that exposes the local Ethereum recipient, bridge vault, amount, and transaction hash.",
|
|
495
582
|
"Private note state is not changed by this command; prior note provenance is not public by default.",
|
|
496
583
|
ACTION_IMPACT_HELP.exchangeControlledAddress,
|
|
497
584
|
ACTION_IMPACT_HELP.illegalUse,
|
|
498
|
-
ACTION_IMPACT_HELP.
|
|
585
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
499
586
|
],
|
|
500
587
|
},
|
|
501
588
|
{
|
|
@@ -504,13 +591,14 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
504
591
|
description: "Rebuild a recoverable local wallet from on-chain channel state.",
|
|
505
592
|
installMode: "read-only",
|
|
506
593
|
fields: ["channelName", "network", "account", "walletSecretPath", "fromGenesis"],
|
|
507
|
-
optionalFields: ["walletSecretPath"],
|
|
508
|
-
usage: "--channel-name, --network, --account, optional --wallet-secret-path, optional --from-genesis",
|
|
594
|
+
optionalFields: ["account", "walletSecretPath"],
|
|
595
|
+
usage: "--channel-name, --network, optional --account, optional --wallet-secret-path, optional --from-genesis",
|
|
509
596
|
help: [
|
|
597
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
510
598
|
"Rebuilds backup metadata from channel state without recreating the spending key by default",
|
|
511
|
-
"Derives and stores the viewing key when the
|
|
599
|
+
"Derives and stores the viewing key when the selected L1 signer can reproduce the registered viewing public key",
|
|
512
600
|
"Use --wallet-secret-path only for an active channel registration when you need to rederive and store the spending key",
|
|
513
|
-
"--wallet-secret-path requires the derived spending key to match the current on-chain
|
|
601
|
+
"--wallet-secret-path requires the derived spending key to match the current on-chain channel-local address and storage key before note recovery starts",
|
|
514
602
|
"Exited or non-active accounts can be recovered for viewing/evidence history only; omit --wallet-secret-path for those wallets",
|
|
515
603
|
"Before wallet recovery, refreshes stale channel workspace state only when the saved recovery index delta fits the pre-command budget",
|
|
516
604
|
"Fails and asks for channel recover-workspace first when the channel workspace is missing, unusable, or too stale for automatic recovery",
|
|
@@ -522,22 +610,26 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
522
610
|
{
|
|
523
611
|
id: "channel-join",
|
|
524
612
|
display: "channel join",
|
|
525
|
-
description: "Pay the channel
|
|
613
|
+
description: "Pay the channel Join Toll, the one-time Channel entry fee, and bind a wallet to a channel-specific private application identity.",
|
|
526
614
|
installMode: "full",
|
|
527
|
-
fields: ["channelName", "network", "account", "walletSecretPath"
|
|
528
|
-
|
|
615
|
+
fields: ["channelName", "network", "account", "walletSecretPath"],
|
|
616
|
+
optionalFields: ["account"],
|
|
617
|
+
usage: "--channel-name, --network, --wallet-secret-path, and optional --account",
|
|
529
618
|
help: [
|
|
619
|
+
ACTION_IMPACT_HELP.browserWalletAccount,
|
|
530
620
|
"Refreshes the local channel workspace through the saved recovery index before joining when the scan fits the 7,200-block pre-command budget",
|
|
531
621
|
"Fails instead of replaying from genesis; recover from a registered workspace mirror first, and use channel recover-workspace --source rpc --from-genesis only when no compatible mirror is available",
|
|
532
|
-
"--wallet-secret-path is read once for channel-bound
|
|
533
|
-
"
|
|
622
|
+
"--wallet-secret-path is read once for channel-bound spending-key derivation and is not stored in the wallet workspace",
|
|
623
|
+
"With browser-wallet mode, the user approves account connection, chain check, the L2 spending-key message signature, the note-receive viewing-key typed-data signature, any Join Toll token approval, and the join transaction in the browser wallet",
|
|
624
|
+
"Pays any Join Toll directly from the Ethereum wallet, not from bridge-deposited balance",
|
|
625
|
+
"Fails when the selected channel has been abandoned",
|
|
534
626
|
"Prints the immutable policy snapshot before first registration",
|
|
535
|
-
"
|
|
627
|
+
"Warning summary: emits public channel join and token-vault registration events exposing the Ethereum account, channel-local address pair, note-receive public key, Join Toll, and channel id.",
|
|
536
628
|
"Private note state is not changed by this command.",
|
|
537
629
|
ACTION_IMPACT_HELP.policy,
|
|
538
630
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
539
631
|
ACTION_IMPACT_HELP.illegalUse,
|
|
540
|
-
ACTION_IMPACT_HELP.
|
|
632
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
541
633
|
],
|
|
542
634
|
},
|
|
543
635
|
{
|
|
@@ -568,7 +660,7 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
568
660
|
usage: "--network, --wallet, and --output",
|
|
569
661
|
help: [
|
|
570
662
|
"Includes wallet note-tracking metadata, public key metadata, and channel workspace cache",
|
|
571
|
-
"Excludes
|
|
663
|
+
"Excludes Ethereum private keys, spending keys, viewing private keys, wallet secrets, owner, value, and salt",
|
|
572
664
|
],
|
|
573
665
|
},
|
|
574
666
|
{
|
|
@@ -577,21 +669,36 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
577
669
|
description: "Export a secret .key file containing the wallet viewing private key and public viewing-key metadata.",
|
|
578
670
|
fields: ["network", "wallet", "output"],
|
|
579
671
|
usage: "--network, --wallet, and --output",
|
|
672
|
+
help: [
|
|
673
|
+
"Requires an interactive terminal on mainnet because the output file contains secret-bearing viewing authority",
|
|
674
|
+
"Sepolia and anvil exports do not require interactive confirmation",
|
|
675
|
+
"Anyone with the exported file may be able to read and reconstruct note history addressed to this wallet when other required wallet state is available",
|
|
676
|
+
"User-Controlled AI Agents must not confirm this export or receive the exported key file",
|
|
677
|
+
],
|
|
580
678
|
},
|
|
581
679
|
{
|
|
582
680
|
id: "wallet-export-spending-key",
|
|
583
681
|
display: "wallet export spending-key",
|
|
584
|
-
description: "Export a secret .key file containing the wallet
|
|
682
|
+
description: "Export a secret .key file containing the wallet spending private key and public spending-key metadata.",
|
|
585
683
|
fields: ["network", "wallet", "output"],
|
|
586
684
|
usage: "--network, --wallet, and --output",
|
|
685
|
+
help: [
|
|
686
|
+
"Requires an interactive terminal on mainnet because the output file contains secret-bearing spending authority",
|
|
687
|
+
"Sepolia and anvil exports do not require interactive confirmation",
|
|
688
|
+
"Anyone with the exported file may be able to spend, transfer, or redeem Private Notes when other required wallet state is available",
|
|
689
|
+
"User-Controlled AI Agents must not confirm this export or receive the exported key file",
|
|
690
|
+
],
|
|
587
691
|
},
|
|
588
692
|
{
|
|
589
693
|
id: "wallet-import-backup",
|
|
590
694
|
display: "wallet import backup",
|
|
591
695
|
description: "Import a backup ZIP created by wallet export backup.",
|
|
592
|
-
fields: ["input"],
|
|
593
|
-
|
|
696
|
+
fields: ["input", "network"],
|
|
697
|
+
optionalFields: ["network"],
|
|
698
|
+
usage: "--input and optional --network",
|
|
594
699
|
help: [
|
|
700
|
+
"Use --network anvil or --network sepolia for non-mainnet imports that should not require Service Terms acceptance",
|
|
701
|
+
"Mainnet imports, and imports without a network selector, require current Service Terms acceptance",
|
|
595
702
|
"Refuses to overwrite existing wallet metadata or workspace cache files",
|
|
596
703
|
"Does not grant viewing or spending authority; import the corresponding key files separately when needed",
|
|
597
704
|
],
|
|
@@ -600,59 +707,62 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
600
707
|
id: "wallet-import-viewing-key",
|
|
601
708
|
display: "wallet import viewing-key",
|
|
602
709
|
description: "Import a secret .key file created by wallet export viewing-key.",
|
|
603
|
-
fields: ["input"],
|
|
604
|
-
|
|
710
|
+
fields: ["input", "network"],
|
|
711
|
+
optionalFields: ["network"],
|
|
712
|
+
usage: "--input and optional --network",
|
|
605
713
|
},
|
|
606
714
|
{
|
|
607
715
|
id: "wallet-import-spending-key",
|
|
608
716
|
display: "wallet import spending-key",
|
|
609
717
|
description: "Import a secret .key file created by wallet export spending-key.",
|
|
610
|
-
fields: ["input"],
|
|
611
|
-
|
|
718
|
+
fields: ["input", "network"],
|
|
719
|
+
optionalFields: ["network"],
|
|
720
|
+
usage: "--input and optional --network",
|
|
612
721
|
},
|
|
613
722
|
{
|
|
614
723
|
id: "wallet-deposit-channel",
|
|
615
724
|
display: "wallet deposit-channel",
|
|
616
|
-
description: "Move bridged funds into the channel
|
|
725
|
+
description: "Move bridged funds into the channel accounting balance.",
|
|
617
726
|
installMode: "full",
|
|
618
|
-
fields: ["wallet", "network", "amount"
|
|
619
|
-
usage: "--wallet, --network, --amount
|
|
727
|
+
fields: ["wallet", "network", "amount"],
|
|
728
|
+
usage: "--wallet, --network, --amount",
|
|
620
729
|
help: [
|
|
621
730
|
"Refreshes the local channel workspace through the saved recovery index before proving the deposit when the scan fits the 7,200-block pre-command budget",
|
|
622
|
-
"
|
|
731
|
+
"Fails when the selected channel has been abandoned",
|
|
732
|
+
"Warning summary: emits public proof-backed bridge/channel accounting events exposing the Ethereum submitter, registered channel-local address, amount, channel id, and transaction hash.",
|
|
623
733
|
"Private note state is not changed by this command.",
|
|
624
734
|
ACTION_IMPACT_HELP.policy,
|
|
625
735
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
626
736
|
ACTION_IMPACT_HELP.illegalUse,
|
|
627
|
-
ACTION_IMPACT_HELP.
|
|
737
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
628
738
|
],
|
|
629
739
|
},
|
|
630
740
|
{
|
|
631
741
|
id: "wallet-withdraw-channel",
|
|
632
742
|
display: "wallet withdraw-channel",
|
|
633
|
-
description: "Move channel
|
|
743
|
+
description: "Move channel balance back into the shared bridge vault.",
|
|
634
744
|
installMode: "full",
|
|
635
|
-
fields: ["wallet", "network", "amount"
|
|
636
|
-
usage: "--wallet, --network, --amount
|
|
745
|
+
fields: ["wallet", "network", "amount"],
|
|
746
|
+
usage: "--wallet, --network, --amount",
|
|
637
747
|
help: [
|
|
638
748
|
"Refreshes the local channel workspace through the saved recovery index before proving the withdrawal when the scan fits the 7,200-block pre-command budget",
|
|
639
|
-
"
|
|
749
|
+
"Warning summary: emits public proof-backed bridge/channel accounting events exposing the Ethereum submitter, registered channel-local address, amount, channel id, and transaction hash.",
|
|
640
750
|
"Private note state is not changed by this command; prior note provenance is not public by default.",
|
|
641
751
|
ACTION_IMPACT_HELP.provenance,
|
|
642
752
|
ACTION_IMPACT_HELP.policy,
|
|
643
753
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
644
754
|
ACTION_IMPACT_HELP.illegalUse,
|
|
645
|
-
ACTION_IMPACT_HELP.
|
|
755
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
646
756
|
],
|
|
647
757
|
},
|
|
648
758
|
{
|
|
649
759
|
id: "wallet-get-channel-fund",
|
|
650
760
|
display: "wallet get-channel-fund",
|
|
651
|
-
description: "Read the current channel
|
|
761
|
+
description: "Read the current channel accounting balance.",
|
|
652
762
|
installMode: "read-only",
|
|
653
763
|
fields: ["wallet", "network"],
|
|
654
764
|
usage: "--wallet and --network",
|
|
655
|
-
help: ["Refreshes the local channel workspace through the saved recovery index before reading the
|
|
765
|
+
help: ["Refreshes the local channel workspace through the saved recovery index before reading the channel accounting balance when the scan fits the 7,200-block pre-command budget"],
|
|
656
766
|
},
|
|
657
767
|
{
|
|
658
768
|
id: "channel-exit",
|
|
@@ -663,6 +773,13 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
663
773
|
usage: "--wallet and --network",
|
|
664
774
|
help: [
|
|
665
775
|
"Refreshes the local channel workspace through the saved recovery index before checking the channel balance when the scan fits the 7,200-block pre-command budget",
|
|
776
|
+
"Warning summary: emits public channel exit and Join Toll refund events exposing the Ethereum account, channel id, refund quote, transaction hash, and wallet registration exit status.",
|
|
777
|
+
"Private note plaintext and prior note provenance are not public by default, but the wallet epoch is locally marked as exited.",
|
|
778
|
+
ACTION_IMPACT_HELP.provenance,
|
|
779
|
+
ACTION_IMPACT_HELP.policy,
|
|
780
|
+
ACTION_IMPACT_HELP.secretRecovery,
|
|
781
|
+
ACTION_IMPACT_HELP.illegalUse,
|
|
782
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
666
783
|
"Marks the current local wallet epoch as exited and keeps its note metadata available for historical evidence export",
|
|
667
784
|
],
|
|
668
785
|
},
|
|
@@ -671,19 +788,21 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
671
788
|
display: "wallet mint-notes",
|
|
672
789
|
description: "Mint one or two private-state notes from the wallet's channel balance.",
|
|
673
790
|
installMode: "full",
|
|
674
|
-
fields: ["wallet", "network", "amounts", "
|
|
675
|
-
usage: "--wallet, --network, --amounts,
|
|
791
|
+
fields: ["wallet", "network", "amounts", "txSubmitter"],
|
|
792
|
+
usage: "--wallet, --network, --amounts, and optional --tx-submitter",
|
|
676
793
|
help: [
|
|
677
794
|
"Refreshes the local channel workspace through the saved recovery index before proving the mint when the scan fits the 7,200-block pre-command budget",
|
|
678
795
|
"Requires both viewing and spending key capability so the accepted mint can be recovered through the normal note event path",
|
|
679
|
-
"Use --tx-submitter <ACCOUNT>
|
|
680
|
-
|
|
796
|
+
"Use --tx-submitter <ACCOUNT> when a separate local Ethereum account should submit the transaction and pay gas",
|
|
797
|
+
ACTION_IMPACT_HELP.browserWalletTxSubmitter,
|
|
798
|
+
ACTION_IMPACT_HELP.localL2Keys,
|
|
799
|
+
"Warning summary: emits public accepted-transition, commitment, encrypted note-delivery, root update, and transaction events.",
|
|
681
800
|
"Private note state changes by creating local note plaintext and public commitments; note owner/value/salt are not public by default.",
|
|
682
801
|
ACTION_IMPACT_HELP.provenance,
|
|
683
802
|
ACTION_IMPACT_HELP.policy,
|
|
684
803
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
685
804
|
ACTION_IMPACT_HELP.illegalUse,
|
|
686
|
-
ACTION_IMPACT_HELP.
|
|
805
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
687
806
|
],
|
|
688
807
|
},
|
|
689
808
|
{
|
|
@@ -691,23 +810,25 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
691
810
|
display: "wallet transfer-notes",
|
|
692
811
|
description: "Spend input notes into the registered 1->1, 1->2, or 2->1 private transfer shapes.",
|
|
693
812
|
installMode: "full",
|
|
694
|
-
fields: ["wallet", "network", "noteIds", "recipients", "amounts", "
|
|
695
|
-
usage: "--wallet, --network, --note-ids <JSON_ARRAY>, --recipients <JSON_ARRAY>, --amounts <JSON_ARRAY>,
|
|
813
|
+
fields: ["wallet", "network", "noteIds", "recipients", "amounts", "txSubmitter"],
|
|
814
|
+
usage: "--wallet, --network, --note-ids <JSON_ARRAY>, --recipients <JSON_ARRAY>, --amounts <JSON_ARRAY>, and optional --tx-submitter",
|
|
696
815
|
help: [
|
|
697
816
|
"--note-ids must be a JSON array of input note commitment IDs from wallet get-notes, for example '[\"0xNOTE1\",\"0xNOTE2\"]'",
|
|
698
|
-
"--recipients must be a JSON array of recipient
|
|
817
|
+
"--recipients must be a JSON array of recipient channel-local addresses, for example '[\"0xRECIPIENT1\",\"0xRECIPIENT2\"]'",
|
|
699
818
|
"--amounts must be a JSON array of token amounts, preferably quoted for decimals, for example '[\"1.5\",\"2\"]'",
|
|
700
819
|
"--recipients length must equal --amounts length; supported transfer shapes are 1->1, 1->2, and 2->1",
|
|
701
820
|
"The sum of output amounts must equal the sum of the selected input note values",
|
|
702
821
|
"Refreshes the local channel workspace and received-note logs through saved recovery indexes before proving the transfer when scans fit the 7,200-block pre-command budget",
|
|
703
|
-
"Use --tx-submitter <ACCOUNT>
|
|
704
|
-
|
|
822
|
+
"Use --tx-submitter <ACCOUNT> when a separate local Ethereum account should submit the transaction and pay gas",
|
|
823
|
+
ACTION_IMPACT_HELP.browserWalletTxSubmitter,
|
|
824
|
+
ACTION_IMPACT_HELP.localL2Keys,
|
|
825
|
+
"Warning summary: emits public accepted-transition, input nullifier, output commitment, encrypted note-delivery, root update, and transaction events.",
|
|
705
826
|
"Private note state changes by consuming selected input notes and creating output notes; sender-recipient relationship, note plaintext, and note provenance are not public by default.",
|
|
706
827
|
ACTION_IMPACT_HELP.provenance,
|
|
707
828
|
ACTION_IMPACT_HELP.policy,
|
|
708
829
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
709
830
|
ACTION_IMPACT_HELP.illegalUse,
|
|
710
|
-
ACTION_IMPACT_HELP.
|
|
831
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
711
832
|
],
|
|
712
833
|
},
|
|
713
834
|
{
|
|
@@ -715,18 +836,20 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
715
836
|
display: "wallet redeem-notes",
|
|
716
837
|
description: "Redeem one tracked note back into the wallet's channel balance.",
|
|
717
838
|
installMode: "full",
|
|
718
|
-
fields: ["wallet", "network", "noteIds", "
|
|
719
|
-
usage: "--wallet, --network, --note-ids,
|
|
839
|
+
fields: ["wallet", "network", "noteIds", "txSubmitter"],
|
|
840
|
+
usage: "--wallet, --network, --note-ids, and optional --tx-submitter",
|
|
720
841
|
help: [
|
|
721
842
|
"Refreshes the local channel workspace and received-note logs through saved recovery indexes before proving the redeem when scans fit the 7,200-block pre-command budget",
|
|
722
|
-
"Use --tx-submitter <ACCOUNT>
|
|
723
|
-
|
|
843
|
+
"Use --tx-submitter <ACCOUNT> when a separate local Ethereum account should submit the transaction and pay gas",
|
|
844
|
+
ACTION_IMPACT_HELP.browserWalletTxSubmitter,
|
|
845
|
+
ACTION_IMPACT_HELP.localL2Keys,
|
|
846
|
+
"Warning summary: emits public accepted-transition, note nullifier, accounting update, root update, and transaction events.",
|
|
724
847
|
"Private note state changes by consuming selected notes; prior note provenance is not public by default.",
|
|
725
848
|
ACTION_IMPACT_HELP.provenance,
|
|
726
849
|
ACTION_IMPACT_HELP.policy,
|
|
727
850
|
ACTION_IMPACT_HELP.secretRecovery,
|
|
728
851
|
ACTION_IMPACT_HELP.illegalUse,
|
|
729
|
-
ACTION_IMPACT_HELP.
|
|
852
|
+
ACTION_IMPACT_HELP.warningSummary,
|
|
730
853
|
],
|
|
731
854
|
},
|
|
732
855
|
{
|
|
@@ -734,14 +857,16 @@ export const PRIVATE_STATE_CLI_COMMANDS = Object.freeze([
|
|
|
734
857
|
display: "wallet get-notes",
|
|
735
858
|
description: "Refresh received notes when the saved recovery index is recent, then show tracked note state.",
|
|
736
859
|
installMode: "read-only",
|
|
737
|
-
fields: ["wallet", "network", "exportEvidence"
|
|
738
|
-
usage: "--wallet, --network, optional --export-evidence
|
|
860
|
+
fields: ["wallet", "network", "exportEvidence"],
|
|
861
|
+
usage: "--wallet, --network, and optional --export-evidence",
|
|
739
862
|
help: [
|
|
740
863
|
"Refreshes the local channel workspace through the saved recovery index before reading notes when the scan fits the 7,200-block pre-command budget",
|
|
741
864
|
"Refreshes received-note logs through the saved wallet note recovery index when the scan fits the 7,200-block pre-command budget",
|
|
742
865
|
"Fails instead of replaying from genesis; run wallet recover-workspace first when explicit wallet recovery is required",
|
|
743
|
-
"Use --export-evidence <PATH>
|
|
744
|
-
"
|
|
866
|
+
"Use --export-evidence <PATH> to write a local full-note evidence ZIP for private-state-cli investigator; mainnet export requires interactive confirmation",
|
|
867
|
+
"Sepolia and anvil evidence exports do not require interactive confirmation",
|
|
868
|
+
"The raw evidence ZIP may include plaintext note facts for all locally known notes and retained exited epochs for the selected wallet",
|
|
869
|
+
"User-Controlled AI Agents must not confirm this export or receive the raw evidence ZIP",
|
|
745
870
|
],
|
|
746
871
|
},
|
|
747
872
|
]);
|