create-veil-app 0.3.0

package/dist/chunk-QWU7D5FV.js

@@ -0,0 +1,2052 @@
+// src/cli.ts
+import inquirer from "inquirer";
+import chalk from "chalk";
+import ora from "ora";
+
+// src/scaffold.ts
+import fs from "fs-extra";
+import path from "path";
+async function scaffoldProject(config) {
+  const projectPath = path.resolve(process.cwd(), config.projectName);
+  await fs.ensureDir(projectPath);
+  const srcDir = config.framework === "nextjs" ? "app" : "src";
+  const folders = [
+    srcDir,
+    `${srcDir}/components`,
+    `${srcDir}/components/privacy`,
+    `${srcDir}/components/ui`,
+    "lib",
+    "lib/privacy",
+    "lib/veil",
+    "hooks",
+    "contexts",
+    "types"
+  ];
+  if (config.features.shadowpay) folders.push("lib/shadowpay");
+  if (config.features.voting) folders.push("lib/voting");
+  if (config.features.staking) folders.push("lib/staking");
+  if (config.features.multisig) folders.push("lib/multisig");
+  for (const folder of folders) {
+    await fs.ensureDir(path.join(projectPath, folder));
+  }
+  const files = [
+    // Root config files
+    { path: "veil.config.ts", content: generateVeilConfig(config) },
+    { path: ".env.example", content: generateEnvExample(config) },
+    { path: "README.md", content: generateReadme(config) },
+    { path: "package.json", content: generatePackageJson(config) },
+    { path: "tsconfig.json", content: generateTsConfig(config) },
+    { path: "tailwind.config.js", content: generateTailwindConfig(config) },
+    { path: "postcss.config.js", content: generatePostcssConfig() },
+    // Privacy/Veil lib modules
+    { path: "lib/privacy/login.ts", content: generateLoginTs() },
+    { path: "lib/privacy/recovery.ts", content: generateRecoveryTs() },
+    { path: "lib/privacy/access.ts", content: generateAccessTs() },
+    { path: "lib/privacy/guarantees.ts", content: generateGuaranteesTs() },
+    { path: "lib/privacy/index.ts", content: `export * from "./login.js";
+export * from "./recovery.js";
+export * from "./access.js";
+export * from "./guarantees.js";
+` },
+    // Veil SDK integration
+    { path: "lib/veil/rpc.ts", content: generateRpcTs(config) },
+    { path: "lib/veil/helius.ts", content: generateHeliusTs(config) },
+    { path: "lib/veil/index.ts", content: `export * from "./rpc.js";
+export * from "./helius.js";
+` },
+    // Hooks
+    { path: "hooks/useVeil.ts", content: generateVeilHooks(config) },
+    { path: "hooks/useSdk.ts", content: generateSdkHooks() },
+    { path: "hooks/index.ts", content: `export * from "./useVeil.js";
+export * from "./useSdk.js";
+` },
+    // Contexts
+    { path: "contexts/VeilProvider.tsx", content: generateVeilProvider(config) },
+    { path: "contexts/VeilSDKProvider.tsx", content: generateSdkProvider(config) },
+    { path: "contexts/index.ts", content: `export * from "./VeilProvider.js";
+export * from "./VeilSDKProvider.js";
+` },
+    // Components
+    { path: `${srcDir}/components/WalletButton.tsx`, content: generateWalletButton() },
+    { path: `${srcDir}/components/privacy/PrivacyStatus.tsx`, content: generatePrivacyStatus() },
+    // App files
+    { path: `${srcDir}/page.tsx`, content: generateAppEntry(config) },
+    { path: `${srcDir}/layout.tsx`, content: generateLayoutTsx(config) },
+    { path: `${srcDir}/globals.css`, content: generateGlobalsCss() },
+    { path: `${srcDir}/providers.tsx`, content: generateProvidersTsx(config) }
+  ];
+  if (config.framework === "nextjs") {
+    files.push({ path: "next.config.js", content: generateNextConfig() });
+  }
+  if (config.features.shadowpay) {
+    files.push({ path: "lib/shadowpay/index.ts", content: generateShadowPayModule(config) });
+  }
+  for (const file of files) {
+    await fs.writeFile(
+      path.join(projectPath, file.path),
+      file.content,
+      "utf-8"
+    );
+  }
+  const gitignore = `node_modules/
+.env
+.env.local
+dist/
+.next/
+`;
+  await fs.writeFile(path.join(projectPath, ".gitignore"), gitignore, "utf-8");
+}
+
+// src/cli.ts
+var TEMPLATE_INFO = {
+  // DeFi
+  dex: { name: "DEX Interface", description: "Private swaps via ShadowWire", category: "DeFi" },
+  lending: { name: "Lending Protocol", description: "Private lending positions", category: "DeFi" },
+  yield: { name: "Yield Farming", description: "Private stake amounts", category: "DeFi" },
+  pool: { name: "Liquidity Pool", description: "Private LP deposits", category: "DeFi" },
+  // DApp
+  gaming: { name: "Gaming App", description: "Private game assets & scores", category: "DApp" },
+  nft: { name: "NFT Marketplace", description: "Private bids & offers", category: "DApp" },
+  social: { name: "Social Platform", description: "Private messaging & identity", category: "DApp" },
+  governance: { name: "DAO Governance", description: "Private voting & proposals", category: "DApp" },
+  // Exchange
+  cex: { name: "Exchange Interface", description: "CEX-style with privacy", category: "Exchange" },
+  aggregator: { name: "DEX Aggregator", description: "Private swap routing", category: "Exchange" },
+  trading: { name: "Trading Dashboard", description: "Private order books", category: "Exchange" },
+  // Wallet
+  wallet: { name: "Multi-sig Wallet", description: "Stealth signers & treasury", category: "Wallet" },
+  portfolio: { name: "Portfolio Tracker", description: "Private holdings view", category: "Wallet" },
+  payments: { name: "Payment App", description: "Full ShadowPay integration", category: "Wallet" },
+  // Basic
+  basic: { name: "Basic Starter", description: "Minimal privacy-first app", category: "Starter" }
+};
+async function runInit(options) {
+  const answers = await promptUser(options);
+  const spinner = ora({
+    text: "Creating your project with Veil privacy...",
+    color: "cyan"
+  }).start();
+  try {
+    await scaffoldProject(answers);
+    spinner.succeed(chalk.green("Veil initialized successfully."));
+    printNextSteps(answers.projectName);
+  } catch (error) {
+    spinner.fail(chalk.red("Failed to initialize project."));
+    console.error(error);
+    process.exit(1);
+  }
+}
+async function promptUser(options) {
+  const hasAllOptions = options.name && options.template && options.framework && options.network;
+  if (hasAllOptions) {
+    const shadowPayMode2 = options.shadowPay ? options.shadowPayMode || "app" : false;
+    return {
+      projectName: options.name,
+      template: options.template,
+      framework: options.framework,
+      helius: options.helius ?? true,
+      shadowPay: shadowPayMode2,
+      network: options.network,
+      features: {
+        identity: true,
+        recovery: true,
+        voting: true,
+        staking: true,
+        multisig: true,
+        shadowpay: !!options.shadowPay
+      }
+    };
+  }
+  const questions = [];
+  if (!options.name) {
+    questions.push({
+      type: "input",
+      name: "projectName",
+      message: "Project name:",
+      default: "my-veil-app",
+      validate: (input) => {
+        if (/^[a-z0-9-]+$/.test(input)) return true;
+        return "Project name must be lowercase with hyphens only";
+      }
+    });
+  }
+  const initialAnswers = await inquirer.prompt(questions);
+  let selectedTemplate = options.template || "basic";
+  if (!options.template) {
+    const categoryAnswer = await inquirer.prompt([{
+      type: "list",
+      name: "category",
+      message: "What are you building?",
+      choices: [
+        { name: chalk.cyan("\u{1F3E6} DeFi") + " \u2014 DEX, Lending, Yield, Pools", value: "defi" },
+        { name: chalk.magenta("\u{1F3AE} DApp") + " \u2014 Gaming, NFT, Social, Governance", value: "dapp" },
+        { name: chalk.yellow("\u{1F4CA} Exchange") + " \u2014 CEX, Aggregator, Trading", value: "exchange" },
+        { name: chalk.green("\u{1F45B} Wallet") + " \u2014 Multisig, Portfolio, Payments", value: "wallet" },
+        { name: chalk.dim("\u{1F4E6} Basic") + " \u2014 Minimal starter template", value: "basic" }
+      ]
+    }]);
+    if (categoryAnswer.category === "basic") {
+      selectedTemplate = "basic";
+    } else {
+      const templateChoices = Object.entries(TEMPLATE_INFO).filter(([_, info]) => info.category.toLowerCase() === categoryAnswer.category).map(([key, info]) => ({
+        name: `${info.name} \u2014 ${info.description}`,
+        value: key
+      }));
+      const templateAnswer = await inquirer.prompt([{
+        type: "list",
+        name: "template",
+        message: "Select template:",
+        choices: templateChoices
+      }]);
+      selectedTemplate = templateAnswer.template;
+    }
+  }
+  let framework = options.framework || "nextjs";
+  if (!options.framework) {
+    const frameworkAnswer = await inquirer.prompt([{
+      type: "list",
+      name: "framework",
+      message: "Frontend framework:",
+      choices: [
+        { name: "Next.js (recommended)", value: "nextjs" },
+        { name: "Vite + React", value: "vite" }
+      ]
+    }]);
+    framework = frameworkAnswer.framework;
+  }
+  let helius = options.helius ?? true;
+  if (options.helius === void 0) {
+    const heliusAnswer = await inquirer.prompt([{
+      type: "confirm",
+      name: "helius",
+      message: "Enable Helius RPC? (recommended for production)",
+      default: true
+    }]);
+    helius = heliusAnswer.helius;
+  }
+  let shadowPayMode = false;
+  const wantsShadowPay = options.shadowPay ?? true;
+  if (wantsShadowPay) {
+    console.log();
+    console.log(chalk.yellow("\u26A1 ShadowPay uses mainnet for real private payments"));
+    console.log(chalk.dim("   Veil features (voting, staking, multisig) work on devnet"));
+    console.log();
+    const shadowPayAnswer = await inquirer.prompt([{
+      type: "list",
+      name: "mode",
+      message: "ShadowPay mode:",
+      choices: [
+        { name: "App \u2014 Receive private payments from users", value: "app" },
+        { name: "Wallet \u2014 Send private payments to apps/users", value: "wallet" },
+        { name: "Skip \u2014 Don't include ShadowPay", value: "skip" }
+      ]
+    }]);
+    if (shadowPayAnswer.mode !== "skip") {
+      shadowPayMode = shadowPayAnswer.mode;
+    }
+  }
+  let network = options.network || "devnet";
+  if (!options.network) {
+    const networkAnswer = await inquirer.prompt([{
+      type: "list",
+      name: "network",
+      message: "Veil features network:",
+      choices: [
+        { name: "Devnet (recommended)", value: "devnet" },
+        { name: "Localnet", value: "localnet" }
+      ]
+    }]);
+    network = networkAnswer.network;
+  }
+  return {
+    projectName: options.name || initialAnswers.projectName,
+    template: selectedTemplate,
+    framework,
+    helius,
+    shadowPay: shadowPayMode,
+    network,
+    features: {
+      identity: true,
+      recovery: true,
+      voting: true,
+      staking: true,
+      multisig: true,
+      shadowpay: shadowPayMode !== false
+    }
+  };
+}
+function printNextSteps(projectName) {
+  console.log();
+  console.log(chalk.bold("Next steps:"));
+  console.log(chalk.dim("1."), `cd ${projectName}`);
+  console.log(chalk.dim("2."), "cp .env.example .env");
+  console.log(chalk.dim("3."), "pnpm install");
+  console.log(chalk.dim("4."), "pnpm dev");
+  console.log();
+  console.log(
+    chalk.dim("Privacy guarantees are documented in"),
+    chalk.cyan("/privacy/guarantees.ts")
+  );
+  console.log();
+}
+async function runAdd(options) {
+  const fsExtra = await import("fs-extra");
+  const fs2 = fsExtra.default;
+  const path2 = await import("path");
+  const cwd = process.cwd();
+  const packageJsonPath = path2.join(cwd, "package.json");
+  if (!await fs2.pathExists(packageJsonPath)) {
+    console.log(chalk.red("Error: No package.json found."));
+    console.log(chalk.dim("Run this command from the root of your project."));
+    process.exit(1);
+  }
+  const packageJson = await fs2.readJson(packageJsonPath);
+  const deps = { ...packageJson.dependencies, ...packageJson.devDependencies };
+  const isNext = "next" in deps;
+  const isVite = "vite" in deps;
+  const hasReact = "react" in deps;
+  if (!hasReact) {
+    console.log(chalk.red("Error: Veil requires a React project."));
+    console.log(chalk.dim("Detected packages:"), Object.keys(deps).slice(0, 5).join(", "));
+    process.exit(1);
+  }
+  console.log(chalk.dim("Detected:"), isNext ? "Next.js" : isVite ? "Vite" : "React");
+  const answers = await inquirer.prompt([
+    {
+      type: "confirm",
+      name: "helius",
+      message: "Use Helius RPC for better reliability?",
+      default: options.helius !== false,
+      when: () => options.helius === void 0
+    },
+    {
+      type: "confirm",
+      name: "shadowPay",
+      message: "Add ShadowPay for privacy-preserving payments?",
+      default: false,
+      when: () => options.shadowPay === void 0
+    },
+    {
+      type: "list",
+      name: "shadowPayMode",
+      message: "What are you building?",
+      choices: [
+        { name: "App \u2014 receive payments from users", value: "app" },
+        { name: "Wallet \u2014 send payments to apps/users", value: "wallet" }
+      ],
+      when: (ans) => ans.shadowPay || options.shadowPay
+    }
+  ]);
+  const config = {
+    projectName: packageJson.name || "my-app",
+    template: isNext ? "nextjs" : "vite",
+    helius: answers.helius ?? options.helius ?? true,
+    shadowPay: answers.shadowPay || options.shadowPay ? answers.shadowPayMode || "app" : false,
+    network: "devnet"
+  };
+  const spinner = ora({
+    text: "Adding Veil privacy layer...",
+    color: "cyan"
+  }).start();
+  try {
+    await addVeilToProject(cwd, config);
+    spinner.succeed(chalk.green("Veil added successfully."));
+    printAddNextSteps();
+  } catch (error) {
+    spinner.fail(chalk.red("Failed to add Veil."));
+    console.error(error);
+    process.exit(1);
+  }
+}
+async function addVeilToProject(projectPath, config) {
+  const fsExtra = await import("fs-extra");
+  const fs2 = fsExtra.default;
+  const path2 = await import("path");
+  const {
+    generateVeilConfig: generateVeilConfig2,
+    generateEnvExample: generateEnvExample2,
+    generateLoginTs: generateLoginTs2,
+    generateRecoveryTs: generateRecoveryTs2,
+    generateAccessTs: generateAccessTs2,
+    generateGuaranteesTs: generateGuaranteesTs2,
+    generateRpcTs: generateRpcTs2,
+    generateHeliusTs: generateHeliusTs2,
+    generateVeilProvider: generateVeilProvider2,
+    generateVeilHooks: generateVeilHooks2,
+    generateShadowPayModule: generateShadowPayModule2
+  } = await import("./templates-TJ2JYQDS.js");
+  const dirs = ["privacy", "infra", "contexts", "hooks"];
+  for (const dir of dirs) {
+    await fs2.ensureDir(path2.join(projectPath, dir));
+  }
+  const files = [
+    { path: "veil.config.ts", content: generateVeilConfig2(config) },
+    { path: ".env.example", content: generateEnvExample2(config), append: true },
+    // Privacy module
+    { path: "privacy/login.ts", content: generateLoginTs2() },
+    { path: "privacy/recovery.ts", content: generateRecoveryTs2() },
+    { path: "privacy/access.ts", content: generateAccessTs2() },
+    { path: "privacy/guarantees.ts", content: generateGuaranteesTs2() },
+    { path: "privacy/index.ts", content: `export * from "./login.js";
+export * from "./recovery.js";
+export * from "./access.js";
+export * from "./guarantees.js";
+` },
+    // Infra module
+    { path: "infra/rpc.ts", content: generateRpcTs2() },
+    { path: "infra/helius.ts", content: generateHeliusTs2() },
+    { path: "infra/index.ts", content: `export * from "./rpc.js";
+export * from "./helius.js";
+` },
+    // Contexts
+    { path: "contexts/VeilProvider.tsx", content: generateVeilProvider2(config) },
+    { path: "contexts/index.ts", content: `export * from "./VeilProvider.js";
+` },
+    // Hooks
+    { path: "hooks/useVeil.ts", content: generateVeilHooks2() },
+    { path: "hooks/index.ts", content: `export * from "./useVeil.js";
+` }
+  ];
+  if (config.shadowPay) {
+    files.push({ path: "shadowpay/index.ts", content: generateShadowPayModule2(config) });
+  }
+  for (const file of files) {
+    const filePath = path2.join(projectPath, file.path);
+    if (file.append && await fs2.pathExists(filePath)) {
+      const existing = await fs2.readFile(filePath, "utf-8");
+      if (!existing.includes("HELIUS")) {
+        await fs2.appendFile(filePath, "\n" + file.content);
+      }
+    } else if (!await fs2.pathExists(filePath)) {
+      await fs2.ensureDir(path2.dirname(filePath));
+      await fs2.writeFile(filePath, file.content, "utf-8");
+    }
+  }
+}
+function printAddNextSteps() {
+  console.log();
+  console.log(chalk.bold("What was added:"));
+  console.log(chalk.dim("\u2022"), chalk.cyan("privacy/") + " \u2014 login, recovery, access guarantees");
+  console.log(chalk.dim("\u2022"), chalk.cyan("contexts/") + " \u2014 VeilProvider for auth state");
+  console.log(chalk.dim("\u2022"), chalk.cyan("hooks/") + " \u2014 useVeil hook");
+  console.log(chalk.dim("\u2022"), chalk.cyan("infra/") + " \u2014 RPC and Helius helpers");
+  console.log();
+  console.log(chalk.bold("Next steps:"));
+  console.log(chalk.dim("1."), "Wrap your app with <VeilProvider>");
+  console.log(chalk.dim("2."), "Use the useVeil() hook for authentication");
+  console.log(chalk.dim("3."), "Review privacy/guarantees.ts");
+  console.log();
+}
+
+// src/templates/privacy.ts
+function generateLoginTs() {
+  return `/**
+ * Privacy-Preserving Login
+ * 
+ * This module handles authentication without exposing identity on-chain.
+ * 
+ * PRIVACY GUARANTEE:
+ * - Email/passkey \u2192 generates unlinkable Solana wallet
+ * - No identity stored on-chain
+ * - No correlation between login method and wallet address
+ */
+
+import { Keypair } from "@solana/web3.js";
+
+export interface LoginSession {
+  /** Ephemeral session ID (never stored on-chain) */
+  sessionId: string;
+  /** Derived wallet (unlinkable to identity) */
+  wallet: Keypair;
+  /** Session expiry timestamp */
+  expiresAt: number;
+}
+
+/**
+ * Derive a wallet from identity proof without exposing the identity.
+ * 
+ * In production, this would use ZK proofs to:
+ * 1. Prove you own an email/passkey
+ * 2. Derive a deterministic but unlinkable wallet
+ * 3. Never reveal the email/passkey on-chain
+ */
+export async function derivePrivateWallet(
+  identityProof: Uint8Array
+): Promise<Keypair> {
+  // Conceptual: In production, use proper ZK derivation
+  // This demonstrates the privacy-first architecture
+  const seed = await crypto.subtle.digest("SHA-256", identityProof.buffer as ArrayBuffer);
+  return Keypair.fromSeed(new Uint8Array(seed));
+}
+
+/**
+ * Create a new login session.
+ * Session data is ephemeral and never touches the blockchain.
+ */
+export async function createLoginSession(
+  identityProof: Uint8Array,
+  durationMs: number = 24 * 60 * 60 * 1000
+): Promise<LoginSession> {
+  const wallet = await derivePrivateWallet(identityProof);
+  
+  return {
+    sessionId: crypto.randomUUID(),
+    wallet,
+    expiresAt: Date.now() + durationMs,
+  };
+}
+
+/**
+ * Validate session without on-chain lookup.
+ */
+export function isSessionValid(session: LoginSession): boolean {
+  return Date.now() < session.expiresAt;
+}
+`;
+}
+function generateRecoveryTs() {
+  return `/**
+ * Privacy-Preserving Recovery
+ * 
+ * This module handles wallet recovery without exposing guardians.
+ * 
+ * PRIVACY GUARANTEE:
+ * - Guardian identities are never revealed
+ * - Recovery process doesn't leak social graph
+ * - Time-lock or Shamir methods available
+ */
+
+export type RecoveryMethod = "timelock" | "shamir";
+
+export interface RecoveryConfig {
+  method: RecoveryMethod;
+  /** For timelock: delay in seconds before recovery completes */
+  timelockDelay?: number;
+  /** For shamir: threshold of guardians needed */
+  shamirThreshold?: number;
+  /** For shamir: total number of guardian shares */
+  shamirTotal?: number;
+}
+
+/**
+ * Commitment hash for guardian (hides actual identity).
+ * Guardian is identified by hash, not by address or email.
+ */
+export function createGuardianCommitment(
+  guardianSecret: Uint8Array
+): Promise<Uint8Array> {
+  return crypto.subtle.digest("SHA-256", guardianSecret.buffer as ArrayBuffer).then(
+    (hash) => new Uint8Array(hash)
+  );
+}
+
+/**
+ * Initiate recovery with timelock.
+ * The recovery is public, but WHO initiated it is not.
+ */
+export async function initiateTimelockRecovery(
+  commitmentHash: Uint8Array,
+  delaySeconds: number
+): Promise<{ recoveryId: string; unlocksAt: number }> {
+  return {
+    recoveryId: crypto.randomUUID(),
+    unlocksAt: Date.now() + delaySeconds * 1000,
+  };
+}
+
+/**
+ * Initiate Shamir recovery.
+ * Guardians provide shares without revealing who they are.
+ */
+export async function initiateShamirRecovery(
+  shares: Uint8Array[],
+  threshold: number
+): Promise<{ recoveryId: string; sharesCollected: number }> {
+  if (shares.length < threshold) {
+    throw new Error(\`Need \${threshold} shares, got \${shares.length}\`);
+  }
+  
+  return {
+    recoveryId: crypto.randomUUID(),
+    sharesCollected: shares.length,
+  };
+}
+`;
+}
+function generateAccessTs() {
+  return `/**
+ * Privacy-Preserving Access Control
+ * 
+ * This module handles proof-based access without exposing addresses.
+ * 
+ * PRIVACY GUARANTEE:
+ * - Access is verified via proof, not address lookup
+ * - Wallet address is not revealed during verification
+ * - Proof can be verified without knowing who created it
+ */
+
+export interface AccessProof {
+  /** Proof data (ZK proof in production) */
+  proof: Uint8Array;
+  /** Public inputs for verification */
+  publicInputs: Uint8Array;
+  /** Timestamp of proof creation */
+  createdAt: number;
+}
+
+/**
+ * Generate access proof without revealing wallet address.
+ * 
+ * In production, this creates a ZK proof that:
+ * 1. Proves ownership of a valid wallet
+ * 2. Does NOT reveal which wallet
+ * 3. Can be verified by anyone
+ */
+export async function generateAccessProof(
+  wallet: { publicKey: { toBytes(): Uint8Array }; },
+  challenge: Uint8Array
+): Promise<AccessProof> {
+  // Conceptual: Create proof of wallet ownership
+  const message = new Uint8Array([...wallet.publicKey.toBytes(), ...challenge]);
+  const proof = await crypto.subtle.digest("SHA-256", message.buffer as ArrayBuffer);
+  
+  return {
+    proof: new Uint8Array(proof),
+    publicInputs: challenge,
+    createdAt: Date.now(),
+  };
+}
+
+/**
+ * Verify access proof without knowing the wallet.
+ */
+export async function verifyAccessProof(
+  proof: AccessProof,
+  expectedChallenge: Uint8Array
+): Promise<boolean> {
+  // Verify the challenge matches
+  if (proof.publicInputs.length !== expectedChallenge.length) {
+    return false;
+  }
+  
+  for (let i = 0; i < expectedChallenge.length; i++) {
+    if (proof.publicInputs[i] !== expectedChallenge[i]) {
+      return false;
+    }
+  }
+  
+  // In production: verify ZK proof
+  return proof.proof.length === 32;
+}
+`;
+}
+function generateGuaranteesTs() {
+  return `/**
+ * VEIL PRIVACY GUARANTEES
+ *
+ * This file documents what Veil protects and what it does NOT protect.
+ * Read this carefully before building your application.
+ *
+ * \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+ *
+ * \u2705 WHAT VEIL PROTECTS (Private)
+ *
+ * 1. IDENTITY
+ *    - Your email/passkey is never stored on-chain
+ *    - No correlation between login method and wallet
+ *    - Identity proof generates unlinkable wallet
+ *
+ * 2. ACCESS PATTERNS
+ *    - Proof-based verification (not address lookup)
+ *    - Session data is ephemeral
+ *    - No on-chain access logs
+ *
+ * 3. RECOVERY SOCIAL GRAPH
+ *    - Guardian identities are hidden (commitment hashes)
+ *    - Recovery doesn't reveal who helped you
+ *    - Timelock prevents instant unauthorized recovery
+ *
+ * \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+ *
+ * \u274C WHAT VEIL DOES NOT PROTECT (Public on Solana)
+ *
+ * 1. TRANSACTION AMOUNTS
+ *    - All SOL/token amounts are visible
+ *    - This is a Solana limitation, not Veil
+ *
+ * 2. TRANSACTION RECIPIENTS
+ *    - Destination addresses are public
+ *    - Anyone can see who you transact with
+ *
+ * 3. WALLET BALANCES
+ *    - All balances are publicly queryable
+ *    - Historical balance changes are visible
+ *
+ * 4. TRANSACTION HISTORY
+ *    - All transactions are permanently recorded
+ *    - Transaction graph analysis is possible
+ *
+ * \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+ *
+ * \u{1F3AF} VEIL'S MISSION
+ *
+ * "Hide the user, not the transactions."
+ *
+ * Veil ensures that even if someone sees your transactions,
+ * they cannot link them back to your real-world identity.
+ *
+ * \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+ */
+
+export const PRIVACY_GUARANTEES = {
+  identity: {
+    protected: true,
+    description: "Your real identity is never stored or revealed on-chain",
+  },
+  accessPatterns: {
+    protected: true,
+    description: "How you access your wallet is hidden from observers",
+  },
+  recoveryGuardians: {
+    protected: true,
+    description: "Guardian identities are hidden behind commitment hashes",
+  },
+  transactionAmounts: {
+    protected: false,
+    description: "Transaction amounts are visible on Solana",
+  },
+  transactionRecipients: {
+    protected: false,
+    description: "Transaction recipients are visible on Solana",
+  },
+  walletBalances: {
+    protected: false,
+    description: "Wallet balances are publicly queryable",
+  },
+} as const;
+
+export type PrivacyGuarantee = keyof typeof PRIVACY_GUARANTEES;
+`;
+}
+
+// src/templates/infra.ts
+function generateRpcTs(config) {
+  const rpcUrl = config.helius ? "process.env.HELIUS_RPC_URL" : config.network === "devnet" ? '"https://api.devnet.solana.com"' : '"http://localhost:8899"';
+  return `/**
+ * RPC Configuration
+ * 
+ * Privacy-aware RPC layer that abstracts connection details.
+ * 
+ * PRIVACY NOTE:
+ * - RPC providers can see your requests
+ * - Use Helius for better rate limits and webhooks
+ * - Never expose API keys in client-side code
+ */
+
+import { Connection, clusterApiUrl } from "@solana/web3.js";
+
+const NETWORK = "${config.network}";
+
+/**
+ * Get the RPC URL based on configuration.
+ * Server-side only for privacy.
+ */
+function getRpcUrl(): string {
+  if (typeof window !== "undefined") {
+    // Client-side: use public endpoint (limited)
+    return clusterApiUrl("${config.network}");
+  }
+  
+  // Server-side: use configured RPC
+  return ${rpcUrl} || clusterApiUrl("${config.network}");
+}
+
+/**
+ * Create a connection to the Solana network.
+ */
+export function createConnection(): Connection {
+  return new Connection(getRpcUrl(), {
+    commitment: "confirmed",
+    confirmTransactionInitialTimeout: 60000,
+  });
+}
+
+/**
+ * Get network name for display.
+ */
+export function getNetworkName(): string {
+  return NETWORK.charAt(0).toUpperCase() + NETWORK.slice(1);
+}
+
+export { NETWORK };
+`;
+}
+function generateHeliusTs(config) {
+  if (!config.helius) {
+    return `/**
+ * Helius Integration (Disabled)
+ * 
+ * Helius provides enhanced RPC and webhooks for Solana.
+ * Enable it during project setup to use these features.
+ */
+
+export const HELIUS_ENABLED = false;
+
+export function getHeliusRpcUrl(): string {
+  throw new Error("Helius is not enabled. Run veil init with Helius enabled.");
+}
+`;
+  }
+  return `/**
+ * Helius Integration
+ * 
+ * Enhanced RPC and webhook support for Solana.
+ * 
+ * PRIVACY NOTE:
+ * - Helius sees your RPC requests (standard for any RPC provider)
+ * - Webhooks can notify you of on-chain events
+ * - Never expose API keys client-side
+ */
+
+export const HELIUS_ENABLED = true;
+
+/**
+ * Get Helius RPC URL (server-side only).
+ */
+export function getHeliusRpcUrl(): string {
+  const apiKey = process.env.HELIUS_API_KEY;
+  if (!apiKey) {
+    throw new Error("HELIUS_API_KEY not configured");
+  }
+  return \`https://${config.network}.helius-rpc.com/?api-key=\${apiKey}\`;
+}
+
+/**
+ * Verify Helius webhook signature.
+ */
+export async function verifyWebhookSignature(
+  payload: string,
+  signature: string
+): Promise<boolean> {
+  const secret = process.env.HELIUS_WEBHOOK_SECRET;
+  if (!secret) {
+    console.warn("HELIUS_WEBHOOK_SECRET not configured");
+    return false;
+  }
+
+  const encoder = new TextEncoder();
+  const secretBytes = encoder.encode(secret);
+  const key = await crypto.subtle.importKey(
+    "raw",
+    secretBytes.buffer as ArrayBuffer,
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["verify"]
+  );
+
+  const signatureBytes = Uint8Array.from(
+    atob(signature),
+    (c) => c.charCodeAt(0)
+  );
+
+  const payloadBytes = encoder.encode(payload);
+  return crypto.subtle.verify(
+    "HMAC",
+    key,
+    signatureBytes.buffer as ArrayBuffer,
+    payloadBytes.buffer as ArrayBuffer
+  );
+}
+
+/**
+ * Webhook handler placeholder.
+ * Implement your own logic based on event type.
+ */
+export interface HeliusWebhookEvent {
+  type: string;
+  data: unknown;
+  timestamp: number;
+}
+
+export async function handleWebhook(event: HeliusWebhookEvent): Promise<void> {
+  console.log("Received webhook event:", event.type);
+  // Implement your webhook handling logic here
+}
+`;
+}
+
+// src/templates/project.ts
+function generatePackageJson(config) {
+  const isNext = config.framework === "nextjs";
+  const deps = {
+    "@solana/web3.js": "^1.95.0",
+    "@solana/wallet-adapter-base": "^0.9.23",
+    "@solana/wallet-adapter-react": "^0.15.35",
+    "@solana/wallet-adapter-react-ui": "^0.9.35",
+    "@solana/wallet-adapter-phantom": "^0.9.24",
+    "@solana/wallet-adapter-solflare": "^0.6.28"
+  };
+  if (config.features.shadowpay) {
+    deps["@radr/shadowwire"] = "^0.1.0";
+  }
+  const devDeps = {
+    "typescript": "^5.3.3",
+    "@types/node": "^20.11.0",
+    "tailwindcss": "^3.4.1",
+    "postcss": "^8.4.33",
+    "autoprefixer": "^10.4.17"
+  };
+  if (isNext) {
+    deps["next"] = "^14.1.0";
+    deps["react"] = "^18.2.0";
+    deps["react-dom"] = "^18.2.0";
+    devDeps["@types/react"] = "^18.2.48";
+    devDeps["@types/react-dom"] = "^18.2.18";
+  } else {
+    deps["react"] = "^18.2.0";
+    deps["react-dom"] = "^18.2.0";
+    devDeps["vite"] = "^5.0.12";
+    devDeps["@vitejs/plugin-react"] = "^4.2.1";
+    devDeps["@types/react"] = "^18.2.48";
+    devDeps["@types/react-dom"] = "^18.2.18";
+  }
+  const scripts = isNext ? {
+    dev: "next dev",
+    build: "next build",
+    start: "next start",
+    lint: "next lint"
+  } : {
+    dev: "vite",
+    build: "vite build",
+    preview: "vite preview"
+  };
+  const templateInfo = TEMPLATE_INFO[config.template];
+  const pkg = {
+    name: config.projectName,
+    version: "0.1.0",
+    description: `${templateInfo.name} - ${templateInfo.description}. Built with Veil privacy stack.`,
+    private: true,
+    scripts,
+    dependencies: deps,
+    devDependencies: devDeps
+  };
+  return JSON.stringify(pkg, null, 2);
+}
+function generateTsConfig(config) {
+  const isNext = config.framework === "nextjs";
+  if (isNext) {
+    return JSON.stringify({
+      compilerOptions: {
+        target: "ES2017",
+        lib: ["dom", "dom.iterable", "esnext"],
+        allowJs: true,
+        skipLibCheck: true,
+        strict: true,
+        noEmit: true,
+        esModuleInterop: true,
+        module: "esnext",
+        moduleResolution: "bundler",
+        resolveJsonModule: true,
+        isolatedModules: true,
+        jsx: "preserve",
+        incremental: true,
+        plugins: [{ name: "next" }],
+        paths: { "@/*": ["./*"] }
+      },
+      include: ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"],
+      exclude: ["node_modules"]
+    }, null, 2);
+  }
+  return JSON.stringify({
+    compilerOptions: {
+      target: "ES2020",
+      useDefineForClassFields: true,
+      lib: ["ES2020", "DOM", "DOM.Iterable"],
+      module: "ESNext",
+      skipLibCheck: true,
+      moduleResolution: "bundler",
+      allowImportingTsExtensions: true,
+      resolveJsonModule: true,
+      isolatedModules: true,
+      noEmit: true,
+      jsx: "react-jsx",
+      strict: true,
+      noUnusedLocals: true,
+      noUnusedParameters: true,
+      noFallthroughCasesInSwitch: true
+    },
+    include: ["src"],
+    references: [{ path: "./tsconfig.node.json" }]
+  }, null, 2);
+}
+function generateAppEntry(config) {
+  const isNext = config.template === "nextjs";
+  if (isNext) {
+    return `"use client";
+
+import { useWallet } from "@solana/wallet-adapter-react";
+import { WalletButton } from "./components/WalletButton";
+import { PrivacyStatus } from "./components/PrivacyStatus";
+import { useVeil } from "../hooks/useVeil";
+
+export default function Home() {
+  const { connected } = useWallet();
+  const { isAuthenticated, login, logout } = useVeil();
+
+  return (
+    <main className="min-h-screen p-8">
+      {/* Header */}
+      <header className="flex justify-between items-center mb-12">
+        <div className="flex items-center gap-4">
+          <h1 className="text-2xl font-bold bg-gradient-to-r from-purple-400 to-blue-400 bg-clip-text text-transparent">
+            ${config.projectName}
+          </h1>
+          <PrivacyStatus />
+        </div>
+        <WalletButton />
+      </header>
+
+      {/* Hero Section */}
+      <section className="max-w-2xl mx-auto text-center mb-16">
+        <h2 className="text-5xl font-bold mb-6">
+          Privacy-First
+          <span className="block bg-gradient-to-r from-purple-400 to-blue-400 bg-clip-text text-transparent">
+            Solana App
+          </span>
+        </h2>
+        <p className="text-gray-400 text-lg mb-8">
+          Built with Veil \u2014 Your identity is never on-chain.
+        </p>
+
+        {connected && !isAuthenticated && (
+          <button
+            onClick={login}
+            className="px-8 py-3 rounded-xl font-semibold
+                       bg-gradient-to-r from-purple-600 to-blue-600
+                       hover:from-purple-700 hover:to-blue-700
+                       transition-all duration-200 shadow-lg"
+          >
+            Create Private Session
+          </button>
+        )}
+
+        {isAuthenticated && (
+          <div className="glass rounded-xl p-6">
+            <p className="text-green-400 mb-4">\u2705 You are privately authenticated</p>
+            <button
+              onClick={logout}
+              className="text-gray-400 hover:text-white transition-colors"
+            >
+              End Session
+            </button>
+          </div>
+        )}
+      </section>
+
+      {/* Privacy Guarantees */}
+      <section className="max-w-4xl mx-auto">
+        <h3 className="text-2xl font-bold mb-6 text-center">Privacy Guarantees</h3>
+        <div className="grid md:grid-cols-2 gap-4">
+          <div className="glass rounded-xl p-6">
+            <h4 className="text-green-400 font-semibold mb-2">\u2705 What's Private</h4>
+            <ul className="text-gray-300 space-y-2 text-sm">
+              <li>\u2022 Your identity (never on-chain)</li>
+              <li>\u2022 How you access your wallet</li>
+              <li>\u2022 Who your recovery guardians are</li>
+            </ul>
+          </div>
+          <div className="glass rounded-xl p-6">
+            <h4 className="text-red-400 font-semibold mb-2">\u274C What's Public (Solana)</h4>
+            <ul className="text-gray-300 space-y-2 text-sm">
+              <li>\u2022 Transaction amounts</li>
+              <li>\u2022 Transaction recipients</li>
+              <li>\u2022 Wallet balances</li>
+            </ul>
+          </div>
+        </div>
+      </section>
+    </main>
+  );
+}
+`;
+  }
+  return `import { WalletAdapterNetwork } from "@solana/wallet-adapter-base";
+import { ConnectionProvider, WalletProvider } from "@solana/wallet-adapter-react";
+import { WalletModalProvider } from "@solana/wallet-adapter-react-ui";
+import { PhantomWalletAdapter } from "@solana/wallet-adapter-wallets";
+import { clusterApiUrl } from "@solana/web3.js";
+import { useMemo } from "react";
+
+import "@solana/wallet-adapter-react-ui/styles.css";
+
+export default function App() {
+  const network = WalletAdapterNetwork.Devnet;
+  const endpoint = useMemo(() => clusterApiUrl(network), [network]);
+  const wallets = useMemo(() => [new PhantomWalletAdapter()], []);
+
+  return (
+    <ConnectionProvider endpoint={endpoint}>
+      <WalletProvider wallets={wallets} autoConnect>
+        <WalletModalProvider>
+          <main style={{ padding: "2rem" }}>
+            <h1>${config.projectName}</h1>
+            <p>Privacy-first Solana app built with Veil</p>
+          </main>
+        </WalletModalProvider>
+      </WalletProvider>
+    </ConnectionProvider>
+  );
+}
+`;
+}
+
+// src/templates/components.ts
+function generateWalletButton() {
+  return `"use client";
+
+import { useWallet } from "@solana/wallet-adapter-react";
+import { useWalletModal } from "@solana/wallet-adapter-react-ui";
+
+export function WalletButton() {
+  const { wallet, connect, disconnect, connected, publicKey } = useWallet();
+  const { setVisible } = useWalletModal();
+
+  const handleClick = () => {
+    if (connected) {
+      disconnect();
+    } else if (wallet) {
+      connect();
+    } else {
+      setVisible(true);
+    }
+  };
+
+  const truncateAddress = (address: string) => {
+    return \`\${address.slice(0, 4)}...\${address.slice(-4)}\`;
+  };
+
+  return (
+    <button
+      onClick={handleClick}
+      className="px-4 py-2 rounded-lg font-medium transition-all duration-200
+                 bg-gradient-to-r from-purple-600 to-blue-600 
+                 hover:from-purple-700 hover:to-blue-700
+                 text-white shadow-lg hover:shadow-xl"
+    >
+      {connected && publicKey
+        ? truncateAddress(publicKey.toBase58())
+        : "Connect Wallet"}
+    </button>
+  );
+}
+`;
+}
+function generatePrivacyStatus() {
+  return `"use client";
+
+import { useVeil } from "../../hooks/useVeil";
+
+export function PrivacyStatus() {
+  const { isAuthenticated, privacyLevel } = useVeil();
+
+  const getStatusColor = () => {
+    if (!isAuthenticated) return "bg-gray-500";
+    switch (privacyLevel) {
+      case "high": return "bg-green-500";
+      case "medium": return "bg-yellow-500";
+      case "low": return "bg-red-500";
+      default: return "bg-gray-500";
+    }
+  };
+
+  const getStatusText = () => {
+    if (!isAuthenticated) return "Not Connected";
+    switch (privacyLevel) {
+      case "high": return "Privacy: High";
+      case "medium": return "Privacy: Medium";
+      case "low": return "Privacy: Low";
+      default: return "Unknown";
+    }
+  };
+
+  return (
+    <div className="flex items-center gap-2 px-3 py-1.5 rounded-full bg-gray-800/50 border border-gray-700">
+      <div className={\`w-2 h-2 rounded-full \${getStatusColor()}\`} />
+      <span className="text-sm text-gray-300">{getStatusText()}</span>
+    </div>
+  );
+}
+`;
+}
+function generateVeilProvider(config) {
+  return `"use client";
+
+import { createContext, useContext, useState, useEffect, ReactNode } from "react";
+import { useWallet } from "@solana/wallet-adapter-react";
+import { createLoginSession, isSessionValid, LoginSession } from "../privacy/login";
+
+interface VeilContextType {
+  session: LoginSession | null;
+  isAuthenticated: boolean;
+  privacyLevel: "high" | "medium" | "low" | null;
+  login: () => Promise<void>;
+  logout: () => void;
+}
+
+const VeilContext = createContext<VeilContextType | null>(null);
+
+export function VeilProvider({ children }: { children: ReactNode }) {
+  const { connected, publicKey, signMessage } = useWallet();
+  const [session, setSession] = useState<LoginSession | null>(null);
+
+  const isAuthenticated = connected && session !== null && isSessionValid(session);
+  const privacyLevel = isAuthenticated ? "high" : null;
+
+  const login = async () => {
+    if (!connected || !publicKey || !signMessage) {
+      throw new Error("Wallet not connected");
+    }
+
+    // Create identity proof from wallet signature
+    const message = new TextEncoder().encode(
+      \`Veil Login: \${Date.now()}\`
+    );
+    const signature = await signMessage(message);
+    
+    const newSession = await createLoginSession(signature);
+    setSession(newSession);
+  };
+
+  const logout = () => {
+    setSession(null);
+  };
+
+  // Auto-logout when wallet disconnects
+  useEffect(() => {
+    if (!connected) {
+      setSession(null);
+    }
+  }, [connected]);
+
+  return (
+    <VeilContext.Provider value={{ session, isAuthenticated, privacyLevel, login, logout }}>
+      {children}
+    </VeilContext.Provider>
+  );
+}
+
+export function useVeilContext() {
+  const context = useContext(VeilContext);
+  if (!context) {
+    throw new Error("useVeilContext must be used within VeilProvider");
+  }
+  return context;
+}
+`;
+}
+function generateVeilHooks(config) {
+  return `"use client";
+
+import { useVeilContext } from "../contexts/VeilProvider";
+import { PRIVACY_GUARANTEES } from "../privacy/guarantees";
+
+export function useVeil() {
+  const context = useVeilContext();
+  return context;
+}
+
+export function usePrivacyGuarantees() {
+  return PRIVACY_GUARANTEES;
+}
+
+export function usePrivacyCheck() {
+  const { isAuthenticated, privacyLevel } = useVeil();
+  
+  return {
+    isPrivate: privacyLevel === "high",
+    warnings: privacyLevel === "low" 
+      ? ["Your session may be linkable to your identity"]
+      : [],
+  };
+}
+`;
+}
+
+// src/templates/config.ts
+function generateLayoutTsx(config) {
+  return `import type { Metadata } from "next";
+import { Inter } from "next/font/google";
+import "./globals.css";
+import { Providers } from "./providers";
+
+const inter = Inter({ subsets: ["latin"] });
+
+export const metadata: Metadata = {
+  title: "${config.projectName}",
+  description: "Privacy-first Solana app built with Veil",
+};
+
+export default function RootLayout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  return (
+    <html lang="en">
+      <body className={inter.className}>
+        <Providers>
+          {children}
+        </Providers>
+      </body>
+    </html>
+  );
+}
+`;
+}
+function generateGlobalsCss() {
+  return `@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+:root {
+  --foreground-rgb: 255, 255, 255;
+  --background-start-rgb: 10, 10, 20;
+  --background-end-rgb: 20, 20, 40;
+}
+
+body {
+  color: rgb(var(--foreground-rgb));
+  background: linear-gradient(
+    to bottom,
+    rgb(var(--background-start-rgb)),
+    rgb(var(--background-end-rgb))
+  );
+  min-height: 100vh;
+}
+
+/* Veil custom utilities */
+.glass {
+  @apply bg-white/5 backdrop-blur-xl border border-white/10;
+}
+
+.glass-hover {
+  @apply hover:bg-white/10 hover:border-white/20 transition-all duration-300;
+}
+`;
+}
+function generateTailwindConfig(config) {
+  const contentPath = config.template === "nextjs" ? `"./app/**/*.{js,ts,jsx,tsx,mdx}",` : `"./src/**/*.{js,ts,jsx,tsx,mdx}",`;
+  return `/** @type {import('tailwindcss').Config} */
+module.exports = {
+  content: [
+    ${contentPath}
+    "./components/**/*.{js,ts,jsx,tsx,mdx}",
+    "./contexts/**/*.{js,ts,jsx,tsx,mdx}",
+  ],
+  theme: {
+    extend: {
+      colors: {
+        veil: {
+          purple: "#7C3AED",
+          blue: "#3B82F6",
+          dark: "#0A0A14",
+        },
+      },
+    },
+  },
+  plugins: [],
+};
+`;
+}
+function generatePostcssConfig() {
+  return `module.exports = {
+  plugins: {
+    tailwindcss: {},
+    autoprefixer: {},
+  },
+};
+`;
+}
+function generateNextConfig() {
+  return `/** @type {import('next').NextConfig} */
+const nextConfig = {
+  webpack: (config) => {
+    config.externals.push("pino-pretty", "lokijs", "encoding");
+    return config;
+  },
+};
+
+module.exports = nextConfig;
+`;
+}
+function generateProvidersTsx(config) {
+  return `"use client";
+
+import { WalletAdapterNetwork } from "@solana/wallet-adapter-base";
+import {
+  ConnectionProvider,
+  WalletProvider,
+} from "@solana/wallet-adapter-react";
+import { WalletModalProvider } from "@solana/wallet-adapter-react-ui";
+import { PhantomWalletAdapter } from "@solana/wallet-adapter-phantom";
+import { SolflareWalletAdapter } from "@solana/wallet-adapter-solflare";
+import { clusterApiUrl } from "@solana/web3.js";
+import { useMemo, ReactNode } from "react";
+import { VeilProvider } from "../contexts/VeilProvider";
+
+import "@solana/wallet-adapter-react-ui/styles.css";
+
+export function Providers({ children }: { children: ReactNode }) {
+  const network = WalletAdapterNetwork.${config.network === "devnet" ? "Devnet" : "Devnet"};
+  const endpoint = useMemo(() => {
+    // Use Helius if configured, otherwise default
+    if (typeof window === "undefined" && process.env.HELIUS_RPC_URL) {
+      return process.env.HELIUS_RPC_URL;
+    }
+    return clusterApiUrl(network);
+  }, [network]);
+
+  const wallets = useMemo(
+    () => [new PhantomWalletAdapter(), new SolflareWalletAdapter()],
+    []
+  );
+
+  return (
+    <ConnectionProvider endpoint={endpoint}>
+      <WalletProvider wallets={wallets} autoConnect>
+        <WalletModalProvider>
+          <VeilProvider>{children}</VeilProvider>
+        </WalletModalProvider>
+      </WalletProvider>
+    </ConnectionProvider>
+  );
+}
+`;
+}
+
+// src/templates/shadowpay.ts
+function generateShadowPayModule(config) {
+  if (config.shadowPay === "app") {
+    return generateShadowPayApp();
+  } else if (config.shadowPay === "wallet") {
+    return generateShadowPayWallet();
+  }
+  return "";
+}
+function generateShadowPayApp() {
+  return `/**
+ * ShadowPay - App Mode (MAINNET)
+ *
+ * \u26A0\uFE0F  IMPORTANT: ShadowPay uses MAINNET for real private transfers
+ *
+ * Your app RECEIVES private payments from users.
+ * Users can pay you without revealing their identity to you.
+ *
+ * PRIVACY GUARANTEE:
+ * - You receive payments but don't know who sent them
+ * - Payment amounts are still visible on-chain
+ * - User identity is protected via commitment schemes
+ *
+ * NETWORK: mainnet-beta (real SOL/tokens)
+ * This is separate from Veil features which run on devnet
+ */
+
+import { PublicKey, Transaction, Connection, clusterApiUrl } from "@solana/web3.js";
+
+// ShadowPay always uses mainnet for real private transfers
+export const SHADOWPAY_NETWORK = "mainnet-beta";
+export const SHADOWPAY_RPC = process.env.NEXT_PUBLIC_SHADOWPAY_RPC || clusterApiUrl("mainnet-beta");
+
+export function getShadowPayConnection(): Connection {
+  return new Connection(SHADOWPAY_RPC, "confirmed");
+}
+
+export interface PrivatePaymentRequest {
+  /** Amount in lamports */
+  amount: number;
+  /** Your receiving address */
+  recipient: PublicKey;
+  /** Optional memo (visible on-chain) */
+  memo?: string;
+  /** Payment expiry timestamp */
+  expiresAt?: number;
+}
+
+export interface PrivatePayment {
+  /** Unique payment ID */
+  id: string;
+  /** Amount received */
+  amount: number;
+  /** Transaction signature */
+  signature: string;
+  /** Commitment hash (hides sender) */
+  senderCommitment: Uint8Array;
+  /** Timestamp */
+  timestamp: number;
+}
+
+/**
+ * Create a payment request that users can fulfill privately.
+ */
+export function createPaymentRequest(
+  amount: number,
+  recipient: PublicKey,
+  options?: { memo?: string; expiresInSeconds?: number }
+): PrivatePaymentRequest {
+  return {
+    amount,
+    recipient,
+    memo: options?.memo,
+    expiresAt: options?.expiresInSeconds 
+      ? Date.now() + options.expiresInSeconds * 1000 
+      : undefined,
+  };
+}
+
+/**
+ * Generate a payment link for users.
+ * They can scan/click this to pay privately.
+ */
+export function generatePaymentLink(request: PrivatePaymentRequest): string {
+  const params = new URLSearchParams({
+    amount: request.amount.toString(),
+    recipient: request.recipient.toBase58(),
+    ...(request.memo && { memo: request.memo }),
+    ...(request.expiresAt && { expires: request.expiresAt.toString() }),
+  });
+  
+  return \`shadowpay://pay?\${params.toString()}\`;
+}
+
+/**
+ * Verify a received payment without knowing the sender.
+ */
+export async function verifyPayment(
+  connection: Connection,
+  signature: string,
+  expectedAmount: number,
+  recipient: PublicKey
+): Promise<boolean> {
+  const tx = await connection.getTransaction(signature, {
+    commitment: "confirmed",
+  });
+  
+  if (!tx || !tx.meta) return false;
+  
+  // Verify the payment was received
+  const recipientIndex = tx.transaction.message.accountKeys.findIndex(
+    (key) => key.equals(recipient)
+  );
+  
+  if (recipientIndex === -1) return false;
+  
+  const postBalance = tx.meta.postBalances[recipientIndex];
+  const preBalance = tx.meta.preBalances[recipientIndex];
+  const received = postBalance - preBalance;
+  
+  return received >= expectedAmount;
+}
+
+/**
+ * Listen for incoming private payments.
+ */
+export function onPaymentReceived(
+  callback: (payment: PrivatePayment) => void
+): () => void {
+  // In production: Set up WebSocket or polling
+  console.log("Payment listener started");
+  
+  return () => {
+    console.log("Payment listener stopped");
+  };
+}
+`;
+}
+function generateShadowPayWallet() {
+  return `/**
+ * ShadowPay - Wallet Mode (MAINNET)
+ *
+ * \u26A0\uFE0F  IMPORTANT: ShadowPay uses MAINNET for real private transfers
+ *
+ * Your wallet SENDS private payments to apps/users.
+ * You can pay without revealing your identity to recipients.
+ *
+ * PRIVACY GUARANTEE:
+ * - Recipients don't know your identity
+ * - Payment is verified via commitment proofs
+ * - Your wallet address is not directly linked
+ *
+ * NETWORK: mainnet-beta (real SOL/tokens)
+ * This is separate from Veil features which run on devnet
+ */
+
+import { PublicKey, Transaction, Connection, Keypair, clusterApiUrl } from "@solana/web3.js";
+
+// ShadowPay always uses mainnet for real private transfers
+export const SHADOWPAY_NETWORK = "mainnet-beta";
+export const SHADOWPAY_RPC = process.env.NEXT_PUBLIC_SHADOWPAY_RPC || clusterApiUrl("mainnet-beta");
+
+export function getShadowPayConnection(): Connection {
+  return new Connection(SHADOWPAY_RPC, "confirmed");
+}
+
+export interface PrivatePaymentIntent {
+  /** Amount in lamports */
+  amount: number;
+  /** Recipient address */
+  recipient: PublicKey;
+  /** Your commitment (hides your identity) */
+  commitment: Uint8Array;
+}
+
+/**
+ * Create a commitment that hides your identity.
+ */
+export async function createSenderCommitment(
+  senderSecret: Uint8Array
+): Promise<Uint8Array> {
+  const hash = await crypto.subtle.digest("SHA-256", senderSecret.buffer as ArrayBuffer);
+  return new Uint8Array(hash);
+}
+
+/**
+ * Prepare a private payment.
+ * The recipient will receive funds but won't know your identity.
+ */
+export async function preparePrivatePayment(
+  amount: number,
+  recipient: PublicKey,
+  senderSecret: Uint8Array
+): Promise<PrivatePaymentIntent> {
+  const commitment = await createSenderCommitment(senderSecret);
+  
+  return {
+    amount,
+    recipient,
+    commitment,
+  };
+}
+`;
+}
+
+// src/templates/sdk-integration.ts
+function generateSdkProvider(config) {
+  return `"use client";
+
+/**
+ * VeilSDKProvider - Full SDK integration for privacy features
+ * 
+ * This provider wraps your app with the Veil SDK, enabling:
+ * - ZK-based identity (no on-chain identity)
+ * - Shielded balances (hide your holdings)
+ * - Private transfers (hidden amounts)
+ * - Private token operations
+ * - Private DEX swaps
+ */
+
+import { createContext, useContext, useState, useEffect, ReactNode, useCallback } from "react";
+import { useWallet, useConnection } from "@solana/wallet-adapter-react";
+import { VeilClient, ShieldedClient, TransferClient, TokenClient, DexClient } from "@veil-protocol/sdk";
+
+interface VeilSDKContextType {
+  // Core client
+  veil: VeilClient | null;
+  
+  // Sub-clients
+  shielded: ShieldedClient | null;
+  transfer: TransferClient | null;
+  tokens: TokenClient | null;
+  dex: DexClient | null;
+  
+  // State
+  isConnected: boolean;
+  isLoading: boolean;
+  error: string | null;
+  
+  // Balances
+  publicBalance: number;
+  shieldedBalance: number;
+  
+  // Actions
+  refreshBalances: () => Promise<void>;
+  shield: (amount: number) => Promise<string>;
+  unshield: (amount: number) => Promise<string>;
+  privateTransfer: (recipient: string, amount: number) => Promise<string>;
+}
+
+const VeilSDKContext = createContext<VeilSDKContextType | null>(null);
+
+export function VeilSDKProvider({ children }: { children: ReactNode }) {
+  const { connection } = useConnection();
+  const { publicKey, signTransaction, connected } = useWallet();
+  
+  const [veil, setVeil] = useState<VeilClient | null>(null);
+  const [shielded, setShielded] = useState<ShieldedClient | null>(null);
+  const [transfer, setTransfer] = useState<TransferClient | null>(null);
+  const [tokens, setTokens] = useState<TokenClient | null>(null);
+  const [dex, setDex] = useState<DexClient | null>(null);
+  
+  const [isLoading, setIsLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [publicBalance, setPublicBalance] = useState(0);
+  const [shieldedBalance, setShieldedBalance] = useState(0);
+
+  // Initialize SDK when wallet connects
+  useEffect(() => {
+    if (connected && publicKey) {
+      const client = new VeilClient({ connection });
+      setVeil(client);
+      setShielded(client.shielded);
+      setTransfer(client.transfer);
+      setTokens(client.tokens);
+      setDex(client.dex);
+    } else {
+      setVeil(null);
+      setShielded(null);
+      setTransfer(null);
+      setTokens(null);
+      setDex(null);
+    }
+  }, [connected, publicKey, connection]);
+
+  const refreshBalances = useCallback(async () => {
+    if (!veil || !publicKey) return;
+    
+    setIsLoading(true);
+    try {
+      const balances = await veil.getBalances(publicKey);
+      setPublicBalance(balances.public);
+      setShieldedBalance(balances.shielded);
+    } catch (err) {
+      setError(err instanceof Error ? err.message : "Failed to fetch balances");
+    } finally {
+      setIsLoading(false);
+    }
+  }, [veil, publicKey]);
+
+  const shield = useCallback(async (amount: number): Promise<string> => {
+    if (!shielded || !publicKey || !signTransaction) {
+      throw new Error("Wallet not connected");
+    }
+    return shielded.deposit(publicKey, amount, signTransaction);
+  }, [shielded, publicKey, signTransaction]);
+
+  const unshield = useCallback(async (amount: number): Promise<string> => {
+    if (!shielded || !publicKey || !signTransaction) {
+      throw new Error("Wallet not connected");
+    }
+    return shielded.withdraw(publicKey, amount, signTransaction);
+  }, [shielded, publicKey, signTransaction]);
+
+  const privateTransfer = useCallback(async (recipient: string, amount: number): Promise<string> => {
+    if (!transfer || !publicKey || !signTransaction) {
+      throw new Error("Wallet not connected");
+    }
+    return transfer.privateTransfer(publicKey, recipient, amount, signTransaction);
+  }, [transfer, publicKey, signTransaction]);
+
+  return (
+    <VeilSDKContext.Provider value={{
+      veil,
+      shielded,
+      transfer,
+      tokens,
+      dex,
+      isConnected: connected && veil !== null,
+      isLoading,
+      error,
+      publicBalance,
+      shieldedBalance,
+      refreshBalances,
+      shield,
+      unshield,
+      privateTransfer,
+    }}>
+      {children}
+    </VeilSDKContext.Provider>
+  );
+}
+
+export function useVeilSDK() {
+  const context = useContext(VeilSDKContext);
+  if (!context) {
+    throw new Error("useVeilSDK must be used within VeilSDKProvider");
+  }
+  return context;
+}
+`;
+}
+function generateSdkHooks() {
+  return `"use client";
+
+/**
+ * Veil SDK Hooks
+ * 
+ * Convenient hooks for common SDK operations
+ */
+
+import { useVeilSDK } from "../contexts/VeilSDKProvider";
+import { useState, useCallback } from "react";
+
+export function useShieldedBalance() {
+  const { publicBalance, shieldedBalance, refreshBalances, isLoading } = useVeilSDK();
+  return { publicBalance, shieldedBalance, refresh: refreshBalances, isLoading };
+}
+
+export function usePrivateTransfer() {
+  const { privateTransfer } = useVeilSDK();
+  const [isPending, setIsPending] = useState(false);
+  const [txHash, setTxHash] = useState<string | null>(null);
+  const [error, setError] = useState<string | null>(null);
+
+  const send = useCallback(async (recipient: string, amount: number) => {
+    setIsPending(true);
+    setError(null);
+    try {
+      const hash = await privateTransfer(recipient, amount);
+      setTxHash(hash);
+      return hash;
+    } catch (err) {
+      setError(err instanceof Error ? err.message : "Transfer failed");
+      throw err;
+    } finally {
+      setIsPending(false);
+    }
+  }, [privateTransfer]);
+
+  return { send, isPending, txHash, error };
+}
+`;
+}
+
+// src/templates/index.ts
+function generateVeilConfig(config) {
+  return `/**
+ * Veil Configuration
+ *
+ * This file documents the privacy guarantees of your application.
+ * It is used by the Veil CLI and serves as documentation.
+ */
+
+export interface VeilConfig {
+  project: {
+    name: string;
+    network: "devnet" | "mainnet-beta";
+  };
+  privacy: {
+    identity: {
+      enabled: boolean;
+      method: "zk-login" | "passkey";
+      storeOnChain: boolean;
+    };
+    access: {
+      proofRequired: boolean;
+      revealAddress: boolean;
+    };
+    recovery: {
+      enabled: boolean;
+      method: "timelock" | "shamir";
+      publicGuardians: boolean;
+      revealParticipants: boolean;
+    };
+  };
+  infrastructure: {
+    rpc: {
+      provider: "helius" | "default";
+      publicPolling: boolean;
+    };
+    observability: {
+      webhooks: boolean;
+      exposeMetadata: boolean;
+    };
+  };
+  integrations: {
+    shadowPay: {
+      enabled: boolean;
+    };
+  };
+}
+
+export function defineVeilConfig(config: VeilConfig): VeilConfig {
+  return config;
+}
+
+export default defineVeilConfig({
+  project: {
+    name: "${config.projectName}",
+    network: "${config.network}",
+  },
+
+  privacy: {
+    identity: {
+      enabled: true,
+      method: "zk-login", // conceptual, hackathon-safe
+      storeOnChain: false,
+    },
+
+    access: {
+      proofRequired: true,
+      revealAddress: false,
+    },
+
+    recovery: {
+      enabled: true,
+      method: "timelock", // or "shamir"
+      publicGuardians: false,
+      revealParticipants: false,
+    },
+  },
+
+  infrastructure: {
+    rpc: {
+      provider: "${config.helius ? "helius" : "default"}",
+      publicPolling: false,
+    },
+
+    observability: {
+      webhooks: ${config.helius},
+      exposeMetadata: false,
+    },
+  },
+
+  integrations: {
+    shadowPay: {
+      enabled: ${config.shadowPay ? "true" : "false"},
+    },
+  },
+});
+`;
+}
+function generateEnvExample(config) {
+  let env = `# ============================================
+# Veil Configuration
+# ============================================
+
+# Veil Features Network (voting, staking, multisig)
+NEXT_PUBLIC_NETWORK=${config.network}
+`;
+  if (config.helius) {
+    env += `
+# Helius RPC for Veil features (${config.network})
+# Get your key at https://helius.dev
+HELIUS_API_KEY=your_helius_api_key
+HELIUS_RPC_URL=https://${config.network}.helius-rpc.com/?api-key=YOUR_KEY
+HELIUS_WEBHOOK_SECRET=your_webhook_secret
+`;
+  }
+  if (config.shadowPay) {
+    env += `
+# ============================================
+# ShadowPay Configuration (MAINNET)
+# ============================================
+# \u26A0\uFE0F  ShadowPay uses MAINNET for real private transfers
+# This is separate from Veil features which use ${config.network}
+
+# Mainnet RPC for ShadowPay (Helius recommended for production)
+NEXT_PUBLIC_SHADOWPAY_RPC=https://mainnet.helius-rpc.com/?api-key=YOUR_KEY
+
+# Optional: ShadowPay API for enhanced features
+SHADOWPAY_API_KEY=your_shadowpay_key
+`;
+  }
+  return env;
+}
+function generateReadme(config) {
+  const srcDir = config.framework === "nextjs" ? "app" : "src";
+  const templateInfo = TEMPLATE_INFO[config.template];
+  return `# ${config.projectName}
+
+**${templateInfo.name}** \u2014 ${templateInfo.description}
+
+A privacy-first Solana application built with Veil + ShadowWire.
+
+## Privacy Architecture
+
+This app includes the **complete Veil privacy stack**:
+
+| Feature | Description | Network |
+|---------|-------------|---------|
+| \u{1F510} **Identity** | ZK authentication, no PII on-chain | ${config.network} |
+| \u{1F504} **Recovery** | Shamir secret sharing, hidden guardians | ${config.network} |
+| \u{1F5F3}\uFE0F **Voting** | Commit-reveal privacy | ${config.network} |
+| \u{1F4CA} **Staking** | Hidden amounts via Pedersen | ${config.network} |
+| \u{1F465} **Multisig** | Stealth signers | ${config.network} |
+${config.features.shadowpay ? `| \u26A1 **ShadowPay** | Private transfers via @radr/shadowwire | mainnet |` : ""}
+
+## What's Private vs Public
+
+| Aspect | Private | Public |
+|--------|---------|--------|
+| Your identity | \u2705 Never on-chain | |
+| Wallet access method | \u2705 Hidden | |
+| Recovery guardians | \u2705 Hidden | |
+| Vote choices | \u2705 Hidden until reveal | |
+| Stake amounts | \u2705 Committed privately | |
+| Transaction amounts | | \u274C Visible (unless via ShadowPay) |
+
+## Project Structure
+
+\`\`\`
+/${srcDir}              \u2192 Frontend application
+/${srcDir}/components   \u2192 UI & privacy components
+/lib/privacy     \u2192 Privacy modules (login, recovery, access)
+/lib/veil        \u2192 Veil SDK integration (RPC, Helius)
+${config.features.shadowpay ? `/lib/shadowpay   \u2192 ShadowWire private transfers (mainnet)` : ""}
+/hooks           \u2192 React hooks for Veil SDK
+/contexts        \u2192 Provider contexts
+\`\`\`
+
+## Getting Started
+
+\`\`\`bash
+# Install dependencies
+pnpm install
+
+# Copy environment variables
+cp .env.example .env
+
+# Start development server
+pnpm dev
+\`\`\`
+
+## Network Configuration
+
+- **Veil Features**: Run on \`${config.network}\` for development
+- **ShadowPay**: Runs on \`mainnet\` for real private transfers
+
+---
+
+Built with [Veil](https://github.com/veil-protocol) + [ShadowWire](https://shadowwire.io)
+`;
+}
+
+export {
+  generateLoginTs,
+  generateRecoveryTs,
+  generateAccessTs,
+  generateGuaranteesTs,
+  generateRpcTs,
+  generateHeliusTs,
+  generatePackageJson,
+  generateTsConfig,
+  generateAppEntry,
+  generateWalletButton,
+  generatePrivacyStatus,
+  generateVeilProvider,
+  generateVeilHooks,
+  generateLayoutTsx,
+  generateGlobalsCss,
+  generateTailwindConfig,
+  generatePostcssConfig,
+  generateNextConfig,
+  generateProvidersTsx,
+  generateShadowPayModule,
+  generateSdkProvider,
+  generateSdkHooks,
+  generateVeilConfig,
+  generateEnvExample,
+  generateReadme,
+  TEMPLATE_INFO,
+  runInit,
+  runAdd
+};