polkadot-cli 1.20.0 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +110 -29
  2. package/dist/cli.mjs +785 -243
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -18,6 +18,7 @@ Ships with Polkadot and all system parachains preconfigured with multiple fallba
18
18
  - ✅ Built with agent use in mind — structured JSON output on every command (`--json`)
19
19
  - ✅ Fuzzy matching with typo suggestions
20
20
  - ✅ Account management — BIP39 mnemonics, derivation paths, env-backed secrets, watch-only, dev accounts
21
+ - ✅ Local workspaces — `dot init` creates a `.polkadot/` in any directory, auto-discovered git-style and fully isolated from your global `~/.polkadot`
21
22
  - ✅ Named address resolution across all commands
22
23
  - ✅ Runtime API calls — `dot polkadot.apis.Core.version`
23
24
  - ✅ Raw JSON-RPC calls — `dot polkadot.rpc.system_health`, with discovery via `rpc_methods` and tab-completion
@@ -1887,48 +1888,89 @@ dot parachain 1000 --type child --json
1887
1888
  dot account inspect --parachain 1000 --parachain-type child --json
1888
1889
  ```
1889
1890
 
1890
- ### Bandersnatch member keys
1891
+ ### Bandersnatch / verifiable (member keys, ring-VRF proofs, signing)
1891
1892
 
1892
- Derive Bandersnatch member keys from account mnemonics for on-chain member set registration (personhood proofs, Ring VRF). Uses the [`verifiablejs`](https://github.com/paritytech/verifiablejs) WASM library.
1893
+ `dot verifiable` is a set of composable, unopinionated primitives over the
1894
+ [`verifiablejs`](https://github.com/paritytech/verifiablejs) WASM library: derive
1895
+ member keys, sign, generate and verify ring-VRF proofs, and encode member sets.
1896
+ Every action is bytes-in, bytes-out — it takes hex / `--file` / `--stdin` input
1897
+ and supports `--output json`, so it pipes together and composes with any data
1898
+ (for example values you fetched on-chain with `dot` beforehand). It makes no
1899
+ assumptions and does no fetching or selection of its own.
1900
+
1901
+ #### Two concepts you must not conflate
1902
+
1903
+ ```
1904
+ Mnemonic ─BIP39─▶ entropy ─keyed blake2b─▶ member entropy ─▶ member key / secret
1905
+ (key = --entropy-key) │
1906
+ ring proof: one_shot(…, --context, --message)
1907
+ ```
1908
+
1909
+ - **`--entropy-key <text|0xhex>`** — the key mixed into the keyed-blake2b that
1910
+ turns your mnemonic into the Bandersnatch member entropy. **Omit** it for a
1911
+ **lite** person (unkeyed); use **`candidate`** for a **full** person. It must
1912
+ match the key used when the member was recognised on-chain, or you derive a
1913
+ different (unrecognised) member key. It is **not** an sr25519 derivation path
1914
+ and **not** the ring `--context`. (The value is the raw UTF-8 — or hex — bytes
1915
+ of the blake2b key; this matches the iOS/Android clients, which key the
1916
+ "full person" deriver with `"candidate"`.)
1917
+ - **`--context <text|0xhex>`** — the **32-byte ring/proof namespace** (e.g.
1918
+ `"dotns"`), zero-padded right to 32 bytes like Solidity `bytes32()`. It
1919
+ determines the alias and is named `context` across the runtime
1920
+ (`type Context = [u8;32]`), the iOS client, and verifiablejs. Used by
1921
+ `alias` / `prove` / `verify`.
1922
+
1923
+ > **Migration (breaking):** previously `dot verifiable <account> --context
1924
+ > candidate` used `--context` as the entropy-derivation key. That key is now
1925
+ > `--entropy-key`, and `--context` means the ring context. For one release the
1926
+ > old form still works on the member command (with a deprecation warning); use
1927
+ > `--entropy-key` going forward.
1928
+
1929
+ #### Member keys
1893
1930
 
1894
1931
  ```bash
1895
- # Derive unkeyed member key (lite person)
1932
+ # Lite person (unkeyed)
1896
1933
  dot verifiable alice
1897
- # Output:
1898
- # Bandersnatch Member Key
1899
- #
1900
1934
  # Account: alice
1901
1935
  # Member Key: 0xbb6ee099b568f1844d62fc00e6305c2e83aa8da30ce59e664ef39e089204d43c
1902
1936
 
1903
- # Derive keyed member key (full person — "candidate" context)
1904
- dot verifiable alice --context candidate
1905
- # Output:
1906
- # Bandersnatch Member Key
1907
- #
1908
- # Account: alice
1909
- # Context: candidate
1910
- # Member Key: 0x5f915576987547d3e55bb4129ac8cae1d338f8933073dc74272b4c825f738592
1937
+ # Full person (candidate-keyed)
1938
+ dot verifiable alice --entropy-key candidate
1939
+ # Account: alice
1940
+ # Entropy Key: candidate
1941
+ # Member Key: 0x5f915576987547d3e55bb4129ac8cae1d338f8933073dc74272b4c825f738592
1942
+ ```
1911
1943
 
1912
- # Arbitrary context string
1913
- dot verifiable alice --context pps
1944
+ Derived keys are saved to the account store and shown in `dot account inspect`.
1914
1945
 
1915
- # JSON output (for scripting)
1916
- dot verifiable alice --context candidate --json
1917
- ```
1946
+ #### Alias, sign, prove, verify
1918
1947
 
1919
- The derivation flow:
1948
+ ```bash
1949
+ # Alias for a ring context (deterministic in entropy + context)
1950
+ dot verifiable alias alice --entropy-key candidate --context dotns
1920
1951
 
1921
- ```
1922
- Mnemonic mnemonicToEntropy() blake2b256(entropy, context?) → member_from_entropy() → 32-byte member key
1923
- ```
1952
+ # Standalone Bandersnatch signature (64 bytes)
1953
+ dot verifiable sign alice --message "hello" --entropy-key candidate
1954
+ dot verifiable verify-sig --signature 0x… --member 0x… --message "hello"
1924
1955
 
1925
- - **Unkeyed** (no `--context`): `blake2b256(entropy)` used for lite person registration
1926
- - **With context** (e.g. `--context candidate`): `blake2b256(entropy, key="candidate")` used for full person registration. The `--context` value is passed as the raw UTF-8 bytes of the blake2b key parameter.
1927
- - Both 12-word and 24-word mnemonics are supported
1956
+ # Ring-VRF proof over a members set, then verify it locally
1957
+ dot verifiable members 0x<key> 0x<key> --output json # SCALE-encode the ring
1958
+ dot verifiable prove alice --entropy-key candidate --context dotns \
1959
+ --message 0x… --members 0x… --output json
1960
+ dot verifiable verify --proof 0x… --context dotns --message 0x… --members 0x…
1961
+ # verify exits non-zero if the proof does not validate
1962
+ ```
1928
1963
 
1929
- Derived keys are saved to the account store. For stored accounts, saved keys appear in `dot account inspect` output. When creating a new account with `dot account create`, both unkeyed and `candidate` keys are automatically derived and saved.
1964
+ `dot verifiable` is deliberately scoped to **raw verifiable crypto** bytes in,
1965
+ bytes out, with no knowledge of Polkadot chains, pallets, or collections (the
1966
+ same way `dot sign` is just sr25519). It does no automated fetching or selection
1967
+ and assumes nothing about how the bytes were produced or where they go: supply
1968
+ the members/context/message yourself (e.g. read from chain with `dot` first), and
1969
+ use the resulting signature or proof however you need — as a value in a `dot`
1970
+ extrinsic or signed extension, or anywhere else.
1930
1971
 
1931
- Run `dot verifiable` with no arguments to see usage and the full derivation diagram.
1972
+ Run `dot verifiable` with no arguments for the full action/option list and the
1973
+ derivation diagram. Both 12- and 24-word mnemonics are supported.
1932
1974
 
1933
1975
  ### Getting help
1934
1976
 
@@ -2111,13 +2153,52 @@ Config and metadata caches live in `~/.polkadot/` by default:
2111
2153
 
2112
2154
  > **Warning:** `accounts.json` stores secrets (mnemonics and seeds) in **plain text**. Encrypted-at-rest storage is planned but not yet implemented. Keep appropriate file permissions (`chmod 600 ~/.polkadot/accounts.json`) and do not use this for high-value mainnet accounts.
2113
2155
 
2156
+ ### Local workspaces — `dot init`
2157
+
2158
+ Create a self-contained, per-directory setup for chains and accounts. A workspace is just a `.polkadot/` directory that `dot` discovers automatically:
2159
+
2160
+ ```bash
2161
+ mkdir -p ~/dot/paseo && cd ~/dot/paseo
2162
+ dot init
2163
+ # Initialized empty dot workspace at /Users/you/dot/paseo/.polkadot
2164
+ # Check which workspace is active with: dot which
2165
+ ```
2166
+
2167
+ From this directory (and any subdirectory), every `dot` command reads and writes **all** state — accounts, custom chains, metadata cache — under `./.polkadot/` instead of `~/.polkadot/`:
2168
+
2169
+ ```bash
2170
+ dot account create sudo # stored in ./.polkadot/accounts.json
2171
+ dot chain add mytestnet --rpc ws://localhost:9944
2172
+ dot which
2173
+ # /Users/you/dot/paseo/.polkadot
2174
+ # Source: local workspace (discovered from current directory)
2175
+ ```
2176
+
2177
+ **Discovery** is git-style: `dot` looks for a `.polkadot/` directory in the current directory, then in each parent, stopping at `$HOME` or the filesystem root. The nearest workspace wins. The global `~/.polkadot` is never treated as a workspace — it is only ever the fallback.
2178
+
2179
+ **Precedence:** `DOT_HOME` env var → discovered local workspace → global `~/.polkadot`.
2180
+
2181
+ **Full isolation:** while a workspace is active, the global config is invisible. An account named `sudo` in `~/dot/paseo` and one in `~/dot/mytestnet` are unrelated identities — lookups never fall back to the global config, and resolution errors name the config root that was searched, so running in the wrong directory self-diagnoses. Built-in chains (Polkadot, Paseo, and the system parachains) still work everywhere; they ship with the binary.
2182
+
2183
+ `dot init` is deliberately minimal: it creates an empty `.polkadot/` directory and nothing else. It refuses to run in `$HOME`, errors if the directory already has a workspace, and warns when the new workspace shadows a parent workspace or when a set `DOT_HOME` masks discovery. Nothing is copied from the global config, and no `.gitignore` is written — whether to commit or ignore a workspace (remember: `accounts.json` holds plain-text secrets) is your decision to make.
2184
+
2185
+ **Throwaway sessions** are just disposable workspaces:
2186
+
2187
+ ```bash
2188
+ tmp=$(mktemp -d) && cd "$tmp" && dot init
2189
+ # ... add throwaway accounts and chains, run txs ...
2190
+ cd - && rm -rf "$tmp" # nothing ever touched ~/.polkadot
2191
+ ```
2192
+
2193
+ For secrets that should never hit disk at all, combine workspaces with `--env` secret sources (see [Manage accounts](#manage-accounts)).
2194
+
2114
2195
  ### `DOT_TRUST_CACHED_METADATA` — skip the staleness check
2115
2196
 
2116
2197
  Set `DOT_TRUST_CACHED_METADATA=1` to disable the post-failure stale-metadata check on `dot tx`, `dot tx --dry-run`, and `dot query`. When set, errors propagate exactly as the runtime / RPC reported them, with no extra `state_getRuntimeVersion` / `state_getStorageHash` round-trip. Useful in CI loops where you've just refreshed metadata manually and don't want the overhead.
2117
2198
 
2118
2199
  ### `DOT_HOME` — redirect the config directory
2119
2200
 
2120
- Set the `DOT_HOME` environment variable to point at a different directory. When set, the CLI reads and writes **everything** (config, accounts, metadata, update cache) under that path — no `.polkadot` suffix is appended.
2201
+ Set the `DOT_HOME` environment variable to point at a different directory. When set, the CLI reads and writes **everything** (config, accounts, metadata, update cache) under that path — no `.polkadot` suffix is appended. `DOT_HOME` takes precedence over both [local workspace discovery](#local-workspaces--dot-init) and the global `~/.polkadot`.
2121
2202
 
2122
2203
  ```bash
2123
2204
  # Use a scratch directory for experimentation