@unionlabs/payments 0.1.0

package/dist/cli.js

@@ -0,0 +1,675 @@
+#!/usr/bin/env node
+import { generatePaymentKey, computeUnspendableAddress, computeNullifier, UnionPrivatePayments, parseProofJson, AttestationClient, proofJsonToRedeemParams, submitRedeem, updateLoopbackClient, depositToZAsset, RpcClient, ProverClient } from './chunk-37PNLRA6.js';
+import { Command } from 'commander';
+import { writeFileSync, readFileSync, existsSync } from 'fs';
+import { createWalletClient, http, createPublicClient } from 'viem';
+import { polygon, optimism, arbitrum, base, mainnet } from 'viem/chains';
+import { privateKeyToAccount } from 'viem/accounts';
+
+var DEFAULT_CONFIG_PATH = "./private-payments.config.json";
+function loadConfig(configPath) {
+  const path = configPath ?? DEFAULT_CONFIG_PATH;
+  if (!existsSync(path)) {
+    throw new Error(`Config file not found: ${path}
+Create a private-payments.config.json file or specify --config <path>`);
+  }
+  try {
+    const content = readFileSync(path, "utf-8");
+    const config = JSON.parse(content);
+    const required = [
+      "proverUrl",
+      "sourceRpcUrl",
+      "destinationRpcUrl",
+      "srcZAssetAddress",
+      "dstZAssetAddress",
+      "sourceChainId",
+      "destinationChainId"
+    ];
+    for (const field of required) {
+      if (config[field] === void 0) {
+        throw new Error(`Missing required field in config: ${field}`);
+      }
+    }
+    return config;
+  } catch (e) {
+    if (e instanceof SyntaxError) {
+      throw new Error(`Invalid JSON in config file: ${path}`);
+    }
+    throw e;
+  }
+}
+
+// src/cli/utils.ts
+var ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
+function parseBeneficiaries(input) {
+  if (!input || input.trim() === "") {
+    return [];
+  }
+  const addresses = input.split(",").map((s) => s.trim().toLowerCase());
+  if (addresses.length > 4) {
+    throw new Error("Maximum 4 beneficiaries allowed");
+  }
+  for (const addr of addresses) {
+    if (!isValidAddress(addr)) {
+      throw new Error(`Invalid address: ${addr}`);
+    }
+  }
+  return addresses;
+}
+function padBeneficiaries(beneficiaries) {
+  return [
+    beneficiaries[0] ?? ZERO_ADDRESS,
+    beneficiaries[1] ?? ZERO_ADDRESS,
+    beneficiaries[2] ?? ZERO_ADDRESS,
+    beneficiaries[3] ?? ZERO_ADDRESS
+  ];
+}
+function parseClientIds(input) {
+  const ids = input.split(",").map((s) => {
+    const id = parseInt(s.trim(), 10);
+    if (isNaN(id) || id < 0) {
+      throw new Error(`Invalid client ID: ${s}`);
+    }
+    return id;
+  });
+  if (ids.length === 0) {
+    throw new Error("At least one client ID is required");
+  }
+  return ids;
+}
+function validateSecret(secret) {
+  if (!secret.startsWith("0x")) {
+    throw new Error("Secret must start with 0x");
+  }
+  if (secret.length !== 66) {
+    throw new Error("Secret must be 32 bytes (66 characters with 0x prefix)");
+  }
+  if (!/^0x[0-9a-fA-F]{64}$/.test(secret)) {
+    throw new Error("Secret must be a valid hex string");
+  }
+  return secret.toLowerCase();
+}
+function isValidAddress(address) {
+  return /^0x[0-9a-fA-F]{40}$/.test(address);
+}
+function validateAddress(address, name) {
+  if (!isValidAddress(address)) {
+    throw new Error(`Invalid ${name} address: ${address}`);
+  }
+  return address.toLowerCase();
+}
+function formatAmount(amount, decimals, symbol) {
+  const divisor = 10n ** BigInt(decimals);
+  const whole = amount / divisor;
+  const fraction = amount % divisor;
+  const fractionStr = fraction.toString().padStart(decimals, "0");
+  const trimmedFraction = fractionStr.replace(/0+$/, "");
+  const formatted = trimmedFraction ? `${whole}.${trimmedFraction}` : whole.toString();
+  return symbol ? `${formatted} ${symbol}` : formatted;
+}
+function getExplorerUrl(chainId, txHash) {
+  const explorers = {
+    1: "https://etherscan.io",
+    8453: "https://basescan.org",
+    42161: "https://arbiscan.io",
+    10: "https://optimistic.etherscan.io",
+    137: "https://polygonscan.com"
+  };
+  const explorer = explorers[chainId];
+  if (explorer) {
+    return `${explorer}/tx/${txHash}`;
+  }
+  return txHash;
+}
+
+// src/cli/commands/generate.ts
+var generateCommand = new Command("generate").description(
+  "Generate a new unspendable address (generates random secret by default)"
+).option(
+  "--secret <hex>",
+  "Use existing 32-byte secret (0x-prefixed hex) instead of generating"
+).option(
+  "--beneficiaries <addresses>",
+  "Comma-separated beneficiary addresses (max 4, empty = unbounded)"
+).option(
+  "--config <path>",
+  "Path to config file",
+  "./private-payments.config.json"
+).action(async (options) => {
+  try {
+    const config = loadConfig(options.config);
+    const secret = options.secret ? validateSecret(options.secret) : generatePaymentKey();
+    const isNewSecret = !options.secret;
+    const beneficiaries = parseBeneficiaries(options.beneficiaries);
+    const paddedBeneficiaries = padBeneficiaries(beneficiaries);
+    const depositAddress = computeUnspendableAddress(
+      secret,
+      BigInt(config.destinationChainId),
+      paddedBeneficiaries
+    );
+    const nullifier = computeNullifier(
+      secret,
+      BigInt(config.destinationChainId)
+    );
+    const isUnbounded = beneficiaries.length === 0;
+    if (isNewSecret) {
+      console.log("Secret:", secret);
+      console.log("");
+      console.log(
+        "WARNING: Save this secret! It is required to redeem funds."
+      );
+      console.log("");
+    }
+    console.log("Deposit Address:", depositAddress);
+    console.log(
+      "Nullifier:",
+      "0x" + nullifier.toString(16).padStart(64, "0")
+    );
+    console.log(
+      "Mode:",
+      isUnbounded ? "Unbounded (any beneficiary allowed)" : `Bounded (${beneficiaries.length} beneficiaries)`
+    );
+    if (!isUnbounded) {
+      console.log("Beneficiaries:");
+      for (const addr of beneficiaries) {
+        console.log(`  - ${addr}`);
+      }
+    }
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var balanceCommand = new Command("balance").description("Query balance via light client").requiredOption("--secret <hex>", "32-byte secret (0x-prefixed hex)").option(
+  "--beneficiaries <addresses>",
+  "Comma-separated beneficiary addresses"
+).requiredOption("--client-id <id>", "Light client ID to use").option(
+  "--config <path>",
+  "Path to config file",
+  "./private-payments.config.json"
+).action(async (options) => {
+  try {
+    const config = loadConfig(options.config);
+    const secret = validateSecret(options.secret);
+    const beneficiaries = parseBeneficiaries(options.beneficiaries);
+    const clientId = parseInt(options.clientId, 10);
+    if (isNaN(clientId) || clientId < 0) {
+      throw new Error("Invalid light client ID");
+    }
+    const client = new UnionPrivatePayments({
+      proverUrl: config.proverUrl,
+      sourceRpcUrl: config.sourceRpcUrl,
+      destinationRpcUrl: config.destinationRpcUrl,
+      srcZAssetAddress: config.srcZAssetAddress,
+      dstZAssetAddress: config.dstZAssetAddress,
+      sourceChainId: BigInt(config.sourceChainId),
+      destinationChainId: BigInt(config.destinationChainId)
+    });
+    const depositAddress = client.getDepositAddress(
+      secret,
+      beneficiaries
+    );
+    const nullifier = client.getNullifier(secret);
+    console.log("Querying balance...");
+    console.log("Deposit Address:", depositAddress);
+    console.log("Light Client ID:", clientId);
+    const balance = await client.getBalance({
+      depositAddress,
+      nullifier,
+      clientId
+    });
+    const tokenInfo = await client.getSrcZAssetInfo();
+    console.log("");
+    console.log(`Latest height: ${balance.latestHeight}`);
+    console.log(`Light client height: ${balance.lightClientHeight}`);
+    console.log(
+      `Light client lag: ${balance.latestHeight - balance.lightClientHeight}`
+    );
+    console.log(`Balance:`);
+    console.log(
+      "  Pending:",
+      formatAmount(
+        balance.pending,
+        tokenInfo.decimals,
+        tokenInfo.symbol
+      )
+    );
+    console.log(
+      "  Confirmed:",
+      formatAmount(
+        balance.confirmed,
+        tokenInfo.decimals,
+        tokenInfo.symbol
+      )
+    );
+    console.log(
+      "  Redeemed:",
+      formatAmount(
+        balance.redeemed,
+        tokenInfo.decimals,
+        tokenInfo.symbol
+      )
+    );
+    console.log(
+      "  Available:",
+      formatAmount(
+        balance.available,
+        tokenInfo.decimals,
+        tokenInfo.symbol
+      )
+    );
+    console.log("");
+    console.log("Raw balance:");
+    console.log("  Pending:", balance.pending.toString());
+    console.log("  Confirmed:", balance.confirmed.toString());
+    console.log("  Redeemed:", balance.redeemed.toString());
+    console.log("  Available:", balance.available.toString());
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var proveCommand = new Command("prove").description("Generate ZK proof for redemption").requiredOption("--secret <hex>", "32-byte secret (0x-prefixed hex)").option("--beneficiaries <addresses>", "Comma-separated beneficiary addresses for address derivation").requiredOption("--beneficiary <address>", "Address to redeem to").requiredOption("--amount <value>", 'Amount to redeem in smallest units (e.g., "2000000" for 2 USDC)').requiredOption("--client-ids <ids>", "Comma-separated light client IDs for anonymity set").requiredOption("--selected-client <id>", "Which client ID to use for proof").option("--output <file>", "Save proof JSON to file (default: stdout)").option("--config <path>", "Path to config file", "./private-payments.config.json").action(async (options) => {
+  try {
+    const config = loadConfig(options.config);
+    const secret = validateSecret(options.secret);
+    const beneficiaries = parseBeneficiaries(options.beneficiaries);
+    const beneficiary = validateAddress(options.beneficiary, "beneficiary");
+    const clientIds = parseClientIds(options.clientIds);
+    const selectedClientId = parseInt(options.selectedClient, 10);
+    if (isNaN(selectedClientId)) {
+      throw new Error("Invalid selected client ID");
+    }
+    if (!clientIds.includes(selectedClientId)) {
+      throw new Error(`Selected client ${selectedClientId} not in client IDs: ${clientIds.join(", ")}`);
+    }
+    const client = new UnionPrivatePayments({
+      proverUrl: config.proverUrl,
+      sourceRpcUrl: config.sourceRpcUrl,
+      destinationRpcUrl: config.destinationRpcUrl,
+      srcZAssetAddress: config.srcZAssetAddress,
+      dstZAssetAddress: config.dstZAssetAddress,
+      sourceChainId: BigInt(config.sourceChainId),
+      destinationChainId: BigInt(config.destinationChainId)
+    });
+    const amount = BigInt(options.amount);
+    console.error("Generating proof...");
+    console.error("  Secret:", secret.slice(0, 10) + "...");
+    console.error("  Beneficiary:", beneficiary);
+    console.error("  Amount:", amount.toString());
+    console.error("  Client IDs:", clientIds.join(", "));
+    console.error("  Selected Client:", selectedClientId);
+    const result = await client.generateProof(
+      secret,
+      beneficiaries,
+      beneficiary,
+      amount,
+      clientIds,
+      selectedClientId
+    );
+    if (!result.proof.success || !result.proof.proofJson || !result.metadata) {
+      throw new Error(result.proof.error ?? "Proof generation failed");
+    }
+    console.error("Proof generated successfully!");
+    const proofJson = parseProofJson(result.proof.proofJson);
+    const output = {
+      proof: proofJson,
+      metadata: {
+        depositAddress: result.metadata.depositAddress,
+        beneficiary: result.metadata.beneficiary,
+        value: result.metadata.value.toString(),
+        nullifier: "0x" + result.metadata.nullifier.toString(16).padStart(64, "0"),
+        lightClients: result.metadata.lightClients.map((lc) => ({
+          clientId: lc.clientId,
+          height: lc.height.toString(),
+          stateRoot: lc.stateRoot
+        }))
+      }
+    };
+    const jsonOutput = JSON.stringify(output, null, 2);
+    if (options.output) {
+      writeFileSync(options.output, jsonOutput);
+      console.error(`Proof saved to: ${options.output}`);
+    } else {
+      console.log(jsonOutput);
+    }
+    console.error("");
+    console.error("Metadata:");
+    console.error("  Deposit Address:", result.metadata.depositAddress);
+    console.error("  Beneficiary:", result.metadata.beneficiary);
+    console.error("  Value:", result.metadata.value.toString());
+    console.error("  Nullifier:", "0x" + result.metadata.nullifier.toString(16).padStart(64, "0"));
+    console.error("  Light Clients:", result.metadata.lightClients.length);
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var CHAIN_MAP = {
+  1: mainnet,
+  8453: base,
+  42161: arbitrum,
+  10: optimism,
+  137: polygon
+};
+var redeemCommand = new Command("redeem").description("Submit redemption transaction (with existing proof or generate on the fly)").option("--proof <file>", "Path to proof JSON file (from prove command)").option("--secret <hex>", "32-byte secret (0x-prefixed hex) - required if no --proof").option("--beneficiaries <addresses>", "Comma-separated beneficiary addresses for address derivation").option("--beneficiary <address>", "Address to redeem to - required if no --proof").option("--amount <value>", "Amount to redeem in smallest units - required if no --proof").option("--client-ids <ids>", "Comma-separated light client IDs for anonymity set - required if no --proof").option("--selected-client <id>", "Which client ID to use for proof - required if no --proof").option("--private-key <key>", "Private key to send transaction (or env SENDER_PRIVATE_KEY)").option("--config <path>", "Path to config file", "./private-payments.config.json").action(async (options) => {
+  try {
+    const config = loadConfig(options.config);
+    const privateKey = options.privateKey ?? process.env.SENDER_PRIVATE_KEY;
+    if (!privateKey) {
+      throw new Error("Private key required. Use --private-key or set SENDER_PRIVATE_KEY env var");
+    }
+    if (!privateKey.startsWith("0x")) {
+      throw new Error("Private key must start with 0x");
+    }
+    if (!config.attestorUrl) {
+      throw new Error("attestorUrl required in config for redemption");
+    }
+    if (!config.attestorApiKey) {
+      throw new Error("attestorApiKey required in config for redemption");
+    }
+    let proofData;
+    if (options.proof) {
+      const proofContent = readFileSync(options.proof, "utf-8");
+      proofData = JSON.parse(proofContent);
+      console.log("Loading proof from:", options.proof);
+    } else {
+      if (!options.secret || !options.beneficiary || !options.amount || !options.clientIds || !options.selectedClient) {
+        throw new Error(
+          "When not using --proof, you must provide: --secret, --beneficiary, --amount, --client-ids, --selected-client"
+        );
+      }
+      const secret = validateSecret(options.secret);
+      const beneficiaries = parseBeneficiaries(options.beneficiaries);
+      const beneficiary2 = validateAddress(options.beneficiary, "beneficiary");
+      const clientIds = parseClientIds(options.clientIds);
+      const selectedClientId = parseInt(options.selectedClient, 10);
+      if (isNaN(selectedClientId)) {
+        throw new Error("Invalid selected client ID");
+      }
+      if (!clientIds.includes(selectedClientId)) {
+        throw new Error(`Selected client ${selectedClientId} not in client IDs: ${clientIds.join(", ")}`);
+      }
+      const client = new UnionPrivatePayments({
+        proverUrl: config.proverUrl,
+        sourceRpcUrl: config.sourceRpcUrl,
+        destinationRpcUrl: config.destinationRpcUrl,
+        srcZAssetAddress: config.srcZAssetAddress,
+        dstZAssetAddress: config.dstZAssetAddress,
+        sourceChainId: BigInt(config.sourceChainId),
+        destinationChainId: BigInt(config.destinationChainId)
+      });
+      const amount = BigInt(options.amount);
+      console.log("Generating proof...");
+      console.log("  Secret:", secret.slice(0, 10) + "...");
+      console.log("  Beneficiary:", beneficiary2);
+      console.log("  Amount:", amount.toString());
+      console.log("  Client IDs:", clientIds.join(", "));
+      console.log("  Selected Client:", selectedClientId);
+      const result = await client.generateProof(
+        secret,
+        beneficiaries,
+        beneficiary2,
+        amount,
+        clientIds,
+        selectedClientId
+      );
+      if (!result.proof.success || !result.proof.proofJson || !result.metadata) {
+        throw new Error(result.proof.error ?? "Proof generation failed");
+      }
+      console.log("Proof generated successfully!");
+      const proofJson = parseProofJson(result.proof.proofJson);
+      proofData = {
+        proof: proofJson,
+        metadata: {
+          depositAddress: result.metadata.depositAddress,
+          beneficiary: result.metadata.beneficiary,
+          value: result.metadata.value.toString(),
+          nullifier: "0x" + result.metadata.nullifier.toString(16).padStart(64, "0"),
+          lightClients: result.metadata.lightClients.map((lc) => ({
+            clientId: lc.clientId,
+            height: lc.height.toString(),
+            stateRoot: lc.stateRoot
+          }))
+        }
+      };
+    }
+    const lightClients = proofData.metadata.lightClients.map((lc) => ({
+      clientId: lc.clientId,
+      height: BigInt(lc.height),
+      stateRoot: lc.stateRoot
+    }));
+    const nullifier = BigInt(proofData.metadata.nullifier);
+    const value = BigInt(proofData.metadata.value);
+    const beneficiary = proofData.metadata.beneficiary;
+    const depositAddress = proofData.metadata.depositAddress;
+    console.log("");
+    console.log("Redemption details:");
+    console.log("  Deposit Address:", depositAddress);
+    console.log("  Beneficiary:", beneficiary);
+    console.log("  Value:", value.toString());
+    console.log("  Nullifier:", proofData.metadata.nullifier);
+    console.log("  Light Clients:", lightClients.length);
+    console.log("");
+    console.log("Requesting attestation...");
+    const attestationClient = new AttestationClient(
+      config.attestorUrl,
+      config.attestorApiKey
+    );
+    const attestation = await attestationClient.getAttestation(depositAddress, beneficiary);
+    console.log("  Attested Message:", attestation.attestedMessage);
+    console.log("  Signature:", attestation.signature.slice(0, 20) + "...");
+    const redeemParams = proofJsonToRedeemParams(proofData.proof, {
+      lightClients,
+      nullifier,
+      value,
+      beneficiary,
+      attestedMessage: attestation.attestedMessage,
+      signature: attestation.signature
+    });
+    const chain = CHAIN_MAP[config.destinationChainId];
+    if (!chain) {
+      throw new Error(`Unsupported destination chain ID: ${config.destinationChainId}`);
+    }
+    const account = privateKeyToAccount(privateKey);
+    const walletClient = createWalletClient({
+      account,
+      chain,
+      transport: http(config.destinationRpcUrl)
+    });
+    console.log("");
+    console.log("Submitting redeem transaction...");
+    const txHash = await submitRedeem(
+      config.dstZAssetAddress,
+      redeemParams,
+      walletClient
+    );
+    console.log("");
+    console.log("Transaction submitted!");
+    console.log("Hash:", txHash);
+    console.log("Explorer:", getExplorerUrl(config.destinationChainId, txHash));
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var updateClientCommand = new Command("update-client").description("Update loopback light client to a specific block height").requiredOption("--rpc <url>", "RPC URL for the chain").requiredOption("--client-id <id>", "Light client ID to update").option("--height <height>", "Block height to update to (default: latest)", "latest").requiredOption("--ibc-handler <address>", "IBCHandler contract address").option("--private-key <key>", "Private key to send transaction (or env SENDER_PRIVATE_KEY)").action(async (options) => {
+  try {
+    const privateKey = options.privateKey ?? process.env.SENDER_PRIVATE_KEY;
+    if (!privateKey) {
+      throw new Error("Private key required. Use --private-key or set SENDER_PRIVATE_KEY env var");
+    }
+    if (!privateKey.startsWith("0x")) {
+      throw new Error("Private key must start with 0x");
+    }
+    const clientId = parseInt(options.clientId, 10);
+    if (isNaN(clientId)) {
+      throw new Error("Invalid client ID: must be a number");
+    }
+    const ibcHandlerAddress = options.ibcHandler;
+    if (!ibcHandlerAddress.startsWith("0x") || ibcHandlerAddress.length !== 42) {
+      throw new Error("Invalid IBC handler address");
+    }
+    const height = options.height === "latest" ? "latest" : BigInt(options.height);
+    const publicClient = createPublicClient({
+      transport: http(options.rpc)
+    });
+    const chainId = await publicClient.getChainId();
+    const account = privateKeyToAccount(privateKey);
+    const walletClient = createWalletClient({
+      account,
+      chain: { id: chainId },
+      transport: http(options.rpc)
+    });
+    console.log("Updating loopback light client...");
+    console.log("  RPC:", options.rpc);
+    console.log("  IBC Handler:", ibcHandlerAddress);
+    console.log("  Client ID:", clientId);
+    console.log("  Height:", height === "latest" ? "latest" : height.toString());
+    console.log("");
+    const result = await updateLoopbackClient(
+      options.rpc,
+      ibcHandlerAddress,
+      clientId,
+      height,
+      walletClient
+    );
+    console.log("Light client updated successfully!");
+    console.log("  Chain ID:", result.chainId.toString());
+    console.log("  Block Number:", result.blockNumber.toString());
+    console.log("  State Root:", result.stateRoot);
+    console.log("  Transaction:", result.txHash);
+    console.log("  Explorer:", getExplorerUrl(Number(result.chainId), result.txHash));
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var depositCommand = new Command("deposit").description("Wrap underlying tokens and deposit to ZAsset").requiredOption("--amount <amount>", 'Amount to deposit in smallest units (e.g., "50000000" for 50 USDC)').requiredOption("--secret <hex>", "32-byte secret to derive deposit address (0x-prefixed hex)").option("--beneficiaries <addresses>", "Comma-separated beneficiary addresses (max 4, empty = unbounded)").option("--private-key <key>", "Private key to sign transaction (or env SENDER_PRIVATE_KEY)").option("--config <path>", "Path to config file", "./private-payments.config.json").action(async (options) => {
+  try {
+    const privateKey = options.privateKey ?? process.env.SENDER_PRIVATE_KEY;
+    if (!privateKey) {
+      throw new Error("Private key required. Use --private-key or set SENDER_PRIVATE_KEY env var");
+    }
+    if (!privateKey.startsWith("0x")) {
+      throw new Error("Private key must start with 0x");
+    }
+    const config = loadConfig(options.config);
+    const secret = validateSecret(options.secret);
+    const beneficiaries = parseBeneficiaries(options.beneficiaries);
+    const paddedBeneficiaries = padBeneficiaries(beneficiaries);
+    const rpcUrl = config.sourceRpcUrl;
+    const zAssetAddress = config.srcZAssetAddress;
+    const amount = BigInt(options.amount);
+    const depositAddress = computeUnspendableAddress(
+      secret,
+      BigInt(config.destinationChainId),
+      paddedBeneficiaries
+    );
+    const account = privateKeyToAccount(privateKey);
+    const walletClient = createWalletClient({
+      account,
+      chain: { id: config.sourceChainId },
+      transport: http(rpcUrl)
+    });
+    console.log("Depositing to ZAsset...");
+    console.log("  ZAsset:", zAssetAddress);
+    console.log("  Amount:", amount.toString());
+    console.log("  Deposit Address:", depositAddress);
+    console.log("");
+    const result = await depositToZAsset(
+      rpcUrl,
+      zAssetAddress,
+      depositAddress,
+      amount,
+      walletClient
+    );
+    console.log("");
+    console.log("Deposit complete!");
+    console.log("  Tx Hash:", result.txHash);
+    console.log("  Explorer:", getExplorerUrl(Number(result.chainId), result.txHash));
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var historyCommand = new Command("history").description("List redemption transactions for a secret").requiredOption("--secret <hex>", "32-byte secret (0x-prefixed hex)").option("--from-block <number>", "Start block number (default: earliest)").option("--to-block <number>", "End block number (default: latest)").option("--config <path>", "Path to config file", "./private-payments.config.json").action(async (options) => {
+  try {
+    const config = loadConfig(options.config);
+    const secret = validateSecret(options.secret);
+    const client = new UnionPrivatePayments({
+      proverUrl: config.proverUrl,
+      sourceRpcUrl: config.sourceRpcUrl,
+      destinationRpcUrl: config.destinationRpcUrl,
+      srcZAssetAddress: config.srcZAssetAddress,
+      dstZAssetAddress: config.dstZAssetAddress,
+      sourceChainId: BigInt(config.sourceChainId),
+      destinationChainId: BigInt(config.destinationChainId)
+    });
+    const nullifier = client.getNullifier(secret);
+    const nullifierHex = "0x" + nullifier.toString(16).padStart(64, "0");
+    console.log("Querying redemption history...");
+    console.log("Nullifier:", nullifierHex);
+    console.log("");
+    const fromBlock = options.fromBlock ? BigInt(options.fromBlock) : void 0;
+    const toBlock = options.toBlock ? BigInt(options.toBlock) : void 0;
+    const dstRpcClient = new RpcClient(config.destinationRpcUrl);
+    const history = await dstRpcClient.getRedemptionHistory(
+      config.dstZAssetAddress,
+      nullifier,
+      fromBlock,
+      toBlock
+    );
+    if (history.length === 0) {
+      console.log("No redemptions found for this secret.");
+      return;
+    }
+    const tokenInfo = await client.getDstZAssetInfo();
+    console.log(`Found ${history.length} redemption${history.length > 1 ? "s" : ""}:`);
+    console.log("");
+    for (let i = 0; i < history.length; i++) {
+      const entry = history[i];
+      console.log(`#${i + 1}  Block: ${entry.blockNumber}`);
+      console.log(`    Tx: ${entry.txHash}`);
+      console.log(`    Amount: ${formatAmount(entry.redeemAmount, tokenInfo.decimals, tokenInfo.symbol)}`);
+      console.log(`    Beneficiary: ${entry.beneficiary}`);
+      console.log(`    Explorer: ${getExplorerUrl(config.destinationChainId, entry.txHash)}`);
+      console.log("");
+    }
+    const totalRedeemed = history.reduce((sum, h) => sum + h.redeemAmount, 0n);
+    console.log(`Total redeemed: ${formatAmount(totalRedeemed, tokenInfo.decimals, tokenInfo.symbol)}`);
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var exportVerifierCommand = new Command("export-verifier").description("Export the Solidity verifier contract from the prover server").option("--prover-url <url>", "Prover gRPC-web URL", "http://localhost:8080").option("--output <file>", "Save verifier to file (default: stdout)").action(async (options) => {
+  try {
+    const proverClient = new ProverClient(options.proverUrl);
+    console.error("Exporting verifier contract...");
+    console.error("  Prover URL:", options.proverUrl);
+    const verifierContract = await proverClient.exportVerifier();
+    if (options.output) {
+      writeFileSync(options.output, verifierContract);
+      console.error(`Verifier saved to: ${options.output}`);
+    } else {
+      console.log(verifierContract);
+    }
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+
+// src/cli.ts
+var program = new Command();
+program.name("payments").description("CLI for Union Private Payments - privacy-preserving transfers using ZK proofs").version("0.1.0");
+program.addCommand(generateCommand);
+program.addCommand(balanceCommand);
+program.addCommand(proveCommand);
+program.addCommand(redeemCommand);
+program.addCommand(updateClientCommand);
+program.addCommand(depositCommand);
+program.addCommand(historyCommand);
+program.addCommand(exportVerifierCommand);
+program.parse();