withub-cli 0.1.0 → 0.2.1

package/dist/commands/checkout.js

@@ -17,12 +17,17 @@ const serialize_1 = require("../lib/serialize");
 const repo_1 = require("../lib/repo");
 const seal_1 = require("../lib/seal");
 const keys_1 = require("../lib/keys");
+const lit_1 = require("../lib/lit");
+const crypto_1 = require("../lib/crypto");
+const lighthouse_1 = require("../lib/lighthouse");
+const evmProvider_1 = require("../lib/evmProvider");
 const WIT_DIR = '.wit';
 async function checkoutAction(commitId) {
     const witPath = await requireWitDir();
     const repoCfg = await (0, repo_1.readRepoConfig)(witPath);
     const commit = await (0, state_1.readCommitById)(witPath, commitId);
-    const files = await resolveFilesForCommit(witPath, commit, repoCfg.seal_policy_id || null);
+    const sealPolicyId = (0, repo_1.resolveSuiSealPolicyId)(repoCfg);
+    const files = await resolveFilesForCommit(witPath, commit, sealPolicyId, repoCfg);
     if (!files) {
         // Friendly message already printed inside resolveFilesForCommit/ensureBlobsFromManifest
         // eslint-disable-next-line no-console
@@ -84,11 +89,11 @@ function safeJoin(base, rel) {
     }
     return path_1.default.join(base, norm);
 }
-async function resolveFilesForCommit(witPath, commit, sealPolicyId) {
+async function resolveFilesForCommit(witPath, commit, sealPolicyId, repoCfg) {
     if (commit.tree?.files && Object.keys(commit.tree.files).length) {
         return commit.tree.files;
     }
-    const manifestId = commit.tree?.manifest_id;
+    const manifestId = commit.tree?.manifest_id || commit.tree?.manifest_cid;
     if (!manifestId) {
         throw new Error('Commit has no file list or manifest_id; cannot checkout.');
     }
@@ -100,7 +105,7 @@ async function resolveFilesForCommit(witPath, commit, sealPolicyId) {
     if (computedRoot !== commit.tree.root_hash) {
         throw new Error('Commit root_hash does not match manifest.');
     }
-    const ok = await ensureBlobsFromManifest(witPath, manifest, sealPolicyId);
+    const ok = await ensureBlobsFromManifest(witPath, manifest, sealPolicyId, repoCfg);
     if (!ok) {
         return null;
     }
@@ -117,16 +122,35 @@ async function loadManifest(witPath, manifestId) {
             throw err;
     }
     // fetch from walrus
-    const walrusSvc = await walrus_1.WalrusService.fromRepo();
-    // eslint-disable-next-line no-console
-    console.log(ui_1.colors.cyan(`Fetching manifest ${manifestId} from Walrus...`));
-    const buf = Buffer.from(await walrusSvc.readBlob(manifestId));
+    // fetch from walrus or lighthouse
+    let buf;
+    try {
+        const walrusSvc = await walrus_1.WalrusService.fromRepo();
+        // eslint-disable-next-line no-console
+        console.log(ui_1.colors.cyan(`Fetching manifest ${manifestId} from Walrus...`));
+        buf = Buffer.from(await walrusSvc.readBlob(manifestId));
+    }
+    catch (err) {
+        // If Walrus fails or not configured, try Lighthouse (Mantle fallback)
+        // eslint-disable-next-line no-console
+        console.log(ui_1.colors.cyan(`Fetching manifest ${manifestId} from Lighthouse...`));
+        const res = await (0, lighthouse_1.downloadFromLighthouseGateway)(manifestId, { verify: false });
+        buf = Buffer.from(res.bytes);
+    }
     const manifest = schema_1.ManifestSchema.parse(JSON.parse(buf.toString('utf8')));
     await promises_1.default.mkdir(path_1.default.dirname(file), { recursive: true });
     await promises_1.default.writeFile(file, buf.toString('utf8'), 'utf8');
     return manifest;
 }
-async function ensureBlobsFromManifest(witPath, manifest, sealPolicyId) {
+async function ensureBlobsFromManifest(witPath, manifest, sealPolicyId, repoCfg) {
+    if (repoCfg.chain === 'mantle') {
+        return ensureBlobsMantle(witPath, manifest, repoCfg);
+    }
+    else {
+        return ensureBlobsSui(witPath, manifest, sealPolicyId);
+    }
+}
+async function ensureBlobsSui(witPath, manifest, sealPolicyId) {
     const entries = Object.entries(manifest.files);
     const missing = [];
     for (const [rel, meta] of entries) {
@@ -137,10 +161,14 @@ async function ensureBlobsFromManifest(witPath, manifest, sealPolicyId) {
     }
     if (!missing.length)
         return true;
-    const walrusSvc = await walrus_1.WalrusService.fromRepo();
     // eslint-disable-next-line no-console
     console.log(ui_1.colors.cyan(`Fetching ${missing.length} missing blobs from Walrus...`));
-    // Setup for decryption if needed
+    let walrusSvc = null;
+    try {
+        walrusSvc = await walrus_1.WalrusService.fromRepo();
+    }
+    catch { }
+    // Setup for decryption
     let signerInfo = null;
     let suiClient = null;
     const hasEncrypted = entries.some(([, meta]) => meta.enc);
@@ -150,8 +178,10 @@ async function ensureBlobsFromManifest(witPath, manifest, sealPolicyId) {
         suiClient = new client_1.SuiClient({ url: resolved.suiRpcUrl });
     }
     for (const { rel, meta } of missing) {
+        if (!walrusSvc)
+            throw new Error('Walrus service not initialized');
         const data = await fetchFileBytes(walrusSvc, manifest, rel, meta);
-        let plain;
+        let plain = data;
         try {
             if (meta.enc) {
                 if (!signerInfo || !suiClient) {
@@ -168,13 +198,10 @@ async function ensureBlobsFromManifest(witPath, manifest, sealPolicyId) {
                 };
                 plain = await (0, seal_1.decryptWithSeal)(data, encMeta, signerInfo.signer, suiClient);
             }
-            else {
-                plain = data;
-            }
         }
         catch (err) {
             // eslint-disable-next-line no-console
-            console.log(ui_1.colors.red(`Seal decryption failed for ${rel}. Check if you are whitelisted.`));
+            console.log(ui_1.colors.red(`❌ Access Denied or Decryption Failed for ${rel}: ${err.message}`));
             return false;
         }
         const hash = (0, serialize_1.sha256Base64)(plain);
@@ -187,6 +214,95 @@ async function ensureBlobsFromManifest(witPath, manifest, sealPolicyId) {
     }
     return true;
 }
+async function ensureBlobsMantle(witPath, manifest, repoCfg) {
+    const entries = Object.entries(manifest.files);
+    const missing = [];
+    for (const [rel, meta] of entries) {
+        const buf = await (0, fs_1.readBlob)(witPath, meta.hash);
+        if (!buf) {
+            missing.push({ rel, meta });
+        }
+    }
+    if (!missing.length)
+        return true;
+    // eslint-disable-next-line no-console
+    console.log(ui_1.colors.cyan(`Fetching ${missing.length} missing blobs (Lighthouse/Mantle)...`));
+    let litService = null;
+    let authSig = null;
+    let mantleSigner = null;
+    const hasEncrypted = entries.some(([, meta]) => meta.enc);
+    if (hasEncrypted) {
+        litService = new lit_1.LitService();
+        mantleSigner = await (0, evmProvider_1.loadMantleSigner)();
+    }
+    for (const { rel, meta } of missing) {
+        let data;
+        if (meta.cid) { // Lighthouse/IPFS
+            const res = await (0, lighthouse_1.downloadFromLighthouseGateway)(meta.cid, { verify: false });
+            data = Buffer.from(res.bytes);
+        }
+        else {
+            throw new Error(`Cannot download ${rel}: missing CID for Mantle repo.`);
+        }
+        let plain = data;
+        try {
+            if (meta.enc) {
+                const encAny = meta.enc;
+                if (encAny.alg === 'lit-aes-256-gcm') {
+                    // Lit Decryption
+                    if (!litService || !mantleSigner)
+                        throw new Error('Lit/Mantle env not initialized');
+                    if (!authSig) {
+                        // eslint-disable-next-line no-console
+                        console.log(ui_1.colors.gray('  Generating SIWE AuthSig...'));
+                        authSig = await litService.getAuthSig(mantleSigner.signer);
+                    }
+                    const encMeta = {
+                        alg: encAny.alg,
+                        lit_encrypted_key: encAny.lit_encrypted_key,
+                        unified_access_control_conditions: encAny.unified_access_control_conditions || encAny.access_control_conditions,
+                        lit_hash: encAny.lit_hash || encAny.enc_hash, // fallback
+                        iv: encAny.iv,
+                        tag: encAny.tag
+                    };
+                    const sessionKey = await litService.decryptSessionKey(encMeta.lit_encrypted_key, encMeta.lit_hash, encMeta.unified_access_control_conditions, authSig);
+                    plain = (0, crypto_1.decryptBuffer)({
+                        ciphertext: data,
+                        iv: Buffer.from(encMeta.iv, 'hex'),
+                        authTag: Buffer.from(encMeta.tag, 'hex'),
+                    }, sessionKey);
+                }
+                else {
+                    throw new Error(`Unsupported encryption alg on Mantle: ${encAny.alg}`);
+                }
+            }
+        }
+        catch (err) {
+            if (err.message && (err.message.includes('NotAuthorized') || err.message.includes('not authorized'))) {
+                // eslint-disable-next-line no-console
+                console.log(ui_1.colors.red(`❌ Access Denied: You do not have permission to decrypt ${rel}.`));
+            }
+            else {
+                // eslint-disable-next-line no-console
+                console.log(ui_1.colors.red(`❌ Failed to decrypt ${rel}: ${err.message}`));
+            }
+            if (litService)
+                await litService.disconnect();
+            return false;
+        }
+        const hash = (0, serialize_1.sha256Base64)(plain);
+        if (hash !== meta.hash || plain.length !== meta.size) {
+            throw new Error(`Downloaded blob mismatch for ${rel} (hash: ${hash}, expected: ${meta.hash})`);
+        }
+        const blobPath = path_1.default.join(witPath, 'objects', 'blobs', (0, fs_1.blobFileName)(meta.hash));
+        await (0, fs_1.ensureDirForFile)(blobPath);
+        await promises_1.default.writeFile(blobPath, plain);
+    }
+    if (litService) {
+        await litService.disconnect();
+    }
+    return true;
+}
 function manifestIdToFile(id) {
     return id.replace(/\//g, '_').replace(/\+/g, '-');
 }
@@ -209,5 +325,10 @@ async function fetchFileBytes(walrusSvc, manifest, rel, meta) {
         }
         return data;
     }
+    // Fallback for types that might pass meta with just cid (cached manually handled above usually)
+    // But if ensureBlobsFromManifest calls this for a non-walrus file, safeguard:
+    if (meta.enc || meta.cid) {
+        throw new Error(`Should have been handled by Lighthouse downloader.`);
+    }
     throw new Error(`Manifest entry missing Walrus file id for ${rel}`);
 }

package/dist/commands/clone.js

@@ -18,12 +18,34 @@ const state_1 = require("../lib/state");
 const repo_1 = require("../lib/repo");
 const seal_1 = require("../lib/seal");
 const keys_1 = require("../lib/keys");
+const chain_1 = require("../lib/chain");
+const evmClone_1 = require("../lib/evmClone");
 const DEFAULT_RELAYS = ['https://upload-relay.testnet.walrus.space'];
 const DEFAULT_NETWORK = 'testnet';
 async function cloneAction(repoId) {
     if (!repoId) {
         throw new Error('Usage: wit clone <repo_id>');
     }
+    const activeChain = await (0, chain_1.readActiveChain)();
+    const repoChain = inferRepoChain(repoId, activeChain);
+    if (repoId.startsWith('mantle:') || repoChain === 'mantle') {
+        try {
+            await (0, evmClone_1.cloneFromMantle)(repoId);
+            return;
+        }
+        catch (err) {
+            // eslint-disable-next-line no-console
+            console.error(ui_1.colors.red(`Clone failed: ${err.message}`));
+            process.exitCode = 1;
+            return;
+        }
+    }
+    if (repoChain !== activeChain) {
+        // eslint-disable-next-line no-console
+        console.error(ui_1.colors.red((0, chain_1.formatChainMismatchMessage)(repoChain, activeChain)));
+        process.exitCode = 1;
+        return;
+    }
     // eslint-disable-next-line no-console
     console.log(ui_1.colors.header('Starting clone...'));
     // Prepare .wit layout and config
@@ -57,7 +79,7 @@ async function cloneAction(repoId) {
         try {
             const cfgRaw = await promises_1.default.readFile(path_1.default.join(witPath, 'config.json'), 'utf8');
             const cfg = JSON.parse(cfgRaw);
-            cfg.seal_policy_id = onchain.sealPolicyId;
+            (0, repo_1.setSuiSealPolicyId)(cfg, onchain.sealPolicyId);
             await (0, repo_1.writeRepoConfig)(witPath, cfg);
         }
         catch {
@@ -205,14 +227,15 @@ async function ensureLayout(cwd, repoId) {
     }
     catch (err) {
         if (err?.code === 'ENOENT') {
+            const activeChain = await (0, chain_1.readActiveChain)();
+            const repoChain = inferRepoChain(repoId, activeChain);
+            const chainConfig = buildChainConfig(repoChain);
             const cfg = {
                 repo_name: repoId,
                 repo_id: repoId,
-                network: DEFAULT_NETWORK,
-                relays: DEFAULT_RELAYS,
-                author: 'unknown',
-                key_alias: 'default',
-                seal_policy_id: null,
+                chain: repoChain,
+                chains: { [repoChain]: chainConfig },
+                network: inferNetwork(repoChain),
                 created_at: new Date().toISOString(),
             };
             await (0, repo_1.writeRepoConfig)(witPath, cfg);
@@ -224,13 +247,47 @@ async function ensureLayout(cwd, repoId) {
     await promises_1.default.writeFile(path_1.default.join(witPath, 'HEAD'), 'refs/heads/main\n', 'utf8');
     return witPath;
 }
+function inferRepoChain(repoId, fallback) {
+    if (repoId.startsWith('mantle:'))
+        return 'mantle';
+    if (repoId.startsWith('sui:'))
+        return 'sui';
+    return fallback;
+}
+function inferNetwork(repoChain) {
+    if (repoChain === 'mantle')
+        return 'testnet';
+    else if (repoChain === 'sui')
+        return DEFAULT_NETWORK;
+    throw new Error(`Unsupported chain "${repoChain}".`);
+}
+function buildChainConfig(repoChain) {
+    if (repoChain === 'sui') {
+        return {
+            author: 'unknown',
+            key_alias: 'default',
+            network: DEFAULT_NETWORK,
+            relays: DEFAULT_RELAYS,
+            seal_policy_id: null,
+            storage_backend: 'walrus',
+        };
+    }
+    else if (repoChain === 'mantle') {
+        return {
+            author: 'unknown',
+            storage_backend: 'ipfs',
+        };
+    }
+    throw new Error(`Unsupported chain "${repoChain}".`);
+}
 async function ensureHeadFiles(witPath, headCommit) {
     const headRefPath = path_1.default.join(witPath, 'refs', 'heads', 'main');
     await promises_1.default.writeFile(headRefPath, `${headCommit}\n`, 'utf8');
 }
 function parseRemoteCommit(buf) {
     const parsed = JSON.parse(buf.toString('utf8'));
-    if (!parsed?.tree?.root_hash || !parsed?.tree?.manifest_id) {
+    const hasManifestRef = Boolean(parsed?.tree?.manifest_id || parsed?.tree?.manifest_cid);
+    if (!parsed?.tree?.root_hash || !hasManifestRef) {
         throw new Error('Invalid remote commit object');
     }
     return parsed;

package/dist/commands/commit.js

@@ -27,8 +27,9 @@ async function commitAction(opts) {
         console.warn('Index is empty. Nothing to commit.');
         return;
     }
-    const config = await readConfig(witPath);
-    if (!config.author || config.author === 'unknown') {
+    const repoCfg = await (0, repo_1.readRepoConfig)(witPath);
+    const author = (0, repo_1.resolveChainAuthor)(repoCfg);
+    if (!author || author === 'unknown') {
         // eslint-disable-next-line no-console
         console.warn(ui_1.colors.yellow('Warning: author is unknown. Set author in .wit/config.json or ~/.witconfig.'));
     }
@@ -43,7 +44,7 @@ async function commitAction(opts) {
             files: index,
         },
         parent,
-        author: config.author || 'unknown',
+        author: author || 'unknown',
         message,
         timestamp: Math.floor(Date.now() / 1000),
         extras: { patch_id: null, tags: {} },
@@ -107,19 +108,6 @@ async function requireWitDir() {
         throw new Error('Not a wit repository (missing .wit). Run `wit init` first.');
     }
 }
-async function readConfig(witPath) {
-    const file = path_1.default.join(witPath, 'config.json');
-    try {
-        const raw = await promises_1.default.readFile(file, 'utf8');
-        return JSON.parse(raw);
-    }
-    catch (err) {
-        if (err?.code === 'ENOENT') {
-            return {};
-        }
-        throw err;
-    }
-}
 async function writeCommitObject(witPath, commitId, serialized) {
     const file = path_1.default.join(witPath, 'objects', 'commits', `${(0, state_1.idToFileName)(commitId)}.json`);
     await promises_1.default.writeFile(file, serialized, 'utf8');

package/dist/commands/fetch.js

@@ -21,6 +21,14 @@ async function fetchAction() {
     if (!repoCfg.repo_id) {
         throw new Error('Missing repo_id in .wit/config.json. Cannot fetch.');
     }
+    if (repoCfg.chain === 'mantle') {
+        return fetchActionMantle(witPath, repoCfg);
+    }
+    else {
+        return fetchActionSui(witPath, repoCfg);
+    }
+}
+async function fetchActionSui(witPath, repoCfg) {
     // eslint-disable-next-line no-console
     console.log(ui_1.colors.header('Fetching remote metadata...'));
     const resolved = await (0, walrus_1.resolveWalrusConfig)(process.cwd());
@@ -32,9 +40,10 @@ async function fetchAction() {
         console.log(ui_1.colors.yellow('Remote repository has no head; nothing to fetch.'));
         return;
     }
-    if (onchain.sealPolicyId && repoCfg.seal_policy_id !== onchain.sealPolicyId) {
-        repoCfg.seal_policy_id = onchain.sealPolicyId;
-        await promises_1.default.writeFile(path_1.default.join(witPath, 'config.json'), JSON.stringify(repoCfg, null, 2) + '\n', 'utf8');
+    const currentPolicyId = (0, repo_1.resolveSuiSealPolicyId)(repoCfg);
+    if (onchain.sealPolicyId && onchain.sealPolicyId !== currentPolicyId) {
+        (0, repo_1.setSuiSealPolicyId)(repoCfg, onchain.sealPolicyId);
+        await (0, repo_1.writeRepoConfig)(witPath, repoCfg);
     }
     // Download manifest and commit for validation/cache
     const manifest = await loadManifestCached(walrusSvc, witPath, onchain.headManifest);
@@ -71,13 +80,76 @@ async function fetchAction() {
     // eslint-disable-next-line no-console
     console.log(`Quilt: ${ui_1.colors.hash(onchain.headQuilt)}`);
 }
+// --------------------------------------------------------------------------
+// MANTLE IMPLEMENTATION
+// --------------------------------------------------------------------------
+const evmProvider_1 = require("../lib/evmProvider");
+const evmRepo_1 = require("../lib/evmRepo");
+const lighthouse_1 = require("../lib/lighthouse");
+const evmClone_1 = require("../lib/evmClone");
+async function fetchActionMantle(witPath, repoCfg) {
+    // eslint-disable-next-line no-console
+    console.log(ui_1.colors.header('Fetching remote metadata (Mantle)...'));
+    // 1. Load Contract State
+    const signerCtx = await (0, evmProvider_1.loadMantleSigner)();
+    const repoService = new evmRepo_1.EvmRepoService(signerCtx);
+    let repoId = BigInt(0);
+    const repoIdStr = repoCfg.repo_id;
+    if (repoIdStr.startsWith('mantle:')) {
+        repoId = BigInt(repoIdStr.split(':').pop());
+    }
+    else {
+        repoId = BigInt(repoIdStr);
+    }
+    const onchain = await repoService.getRepoState(repoId);
+    if (!onchain || !onchain.headCommit) {
+        // eslint-disable-next-line no-console
+        console.log(ui_1.colors.yellow('Remote repository has no head; nothing to fetch.'));
+        return;
+    }
+    // 2. Download Head Commit & Manifest
+    // eslint-disable-next-line no-console
+    console.log(ui_1.colors.cyan(`Remote Head: ${onchain.headCommit}`));
+    const commitBuf = await downloadBuffer(onchain.headCommit);
+    const commit = parseRemoteCommit(commitBuf);
+    await cacheJson(path_1.default.join(witPath, 'objects', 'commits', `${(0, state_1.idToFileName)(onchain.headCommit)}.json`), commitBuf.toString('utf8'));
+    const manifestCid = commit.tree.manifest_cid || commit.tree.manifest_id;
+    if (!manifestCid) {
+        throw new Error('Remote commit missing manifest_cid');
+    }
+    const manifestBuf = await downloadBuffer(manifestCid);
+    // Cache manifest
+    await cacheJson(path_1.default.join(witPath, 'objects', 'manifests', `${(0, state_1.idToFileName)(manifestCid)}.json`), manifestBuf.toString('utf8'));
+    // 3. Sync History (Incremental)
+    const map = await readCommitIdMapSafe(witPath);
+    await (0, evmClone_1.downloadCommitChainMantle)(onchain.headCommit, witPath, map);
+    await (0, state_1.writeCommitIdMap)(witPath, map);
+    // 4. Update References
+    await (0, repo_1.writeRemoteRef)(witPath, onchain.headCommit);
+    await (0, repo_1.writeRemoteState)(witPath, {
+        repo_id: repoCfg.repo_id,
+        head_commit: onchain.headCommit,
+        head_manifest: manifestCid,
+        head_quilt: '',
+        version: Number(onchain.version),
+    });
+    // eslint-disable-next-line no-console
+    console.log(ui_1.colors.green('Fetch complete (worktree unchanged).'));
+    console.log(`Head: ${ui_1.colors.hash(onchain.headCommit)}`);
+}
+async function downloadBuffer(cid) {
+    const res = await (0, lighthouse_1.downloadFromLighthouseGateway)(cid, { verify: false });
+    return Buffer.from(res.bytes);
+}
+// function downloadCommitChainMantle moved to ../lib/evmClone.ts
 async function cacheJson(filePath, content) {
     await promises_1.default.mkdir(path_1.default.dirname(filePath), { recursive: true });
     await promises_1.default.writeFile(filePath, content, 'utf8');
 }
 function parseRemoteCommit(buf) {
     const parsed = JSON.parse(buf.toString('utf8'));
-    if (!parsed?.tree?.root_hash || !parsed?.tree?.manifest_id) {
+    const hasManifestRef = Boolean(parsed?.tree?.manifest_id || parsed?.tree?.manifest_cid);
+    if (!parsed?.tree?.root_hash || !hasManifestRef) {
         throw new Error('Invalid remote commit object');
     }
     return parsed;

package/dist/commands/init.js

@@ -7,9 +7,12 @@ exports.initAction = initAction;
 const promises_1 = __importDefault(require("fs/promises"));
 const path_1 = __importDefault(require("path"));
 const keys_1 = require("../lib/keys");
+const chain_1 = require("../lib/chain");
+const evmKeys_1 = require("../lib/evmKeys");
+const ui_1 = require("../lib/ui");
 const DEFAULT_RELAYS = ['https://upload-relay.testnet.walrus.space'];
 const DEFAULT_NETWORK = 'testnet';
-const IGNORE_ENTRIES = ['.wit/', '~/.wit/keys', '.env.local', '*.pem', '.wit/seal'];
+const IGNORE_ENTRIES = ['.wit/', '~/.wit/keys', '~/.wit/keys-sui', '~/.wit/keys-evm', '.env.local', '*.pem', '.wit/seal'];
 async function initAction(name, options) {
     const cwd = process.cwd();
     const repoName = name || path_1.default.basename(cwd);
@@ -17,14 +20,41 @@ async function initAction(name, options) {
     await promises_1.default.mkdir(witDir, { recursive: true });
     await ensureLayout(witDir);
     const globalCfg = await readGlobalConfig();
-    const activeAddress = await (0, keys_1.readActiveAddress)();
-    const repoCfg = buildRepoConfig(repoName, globalCfg, activeAddress);
+    const activeChain = await (0, chain_1.readActiveChain)();
+    let activeAddress = null;
+    if (activeChain === 'mantle') {
+        activeAddress = await (0, evmKeys_1.readActiveEvmAddress)();
+    }
+    else if (activeChain === 'sui') {
+        activeAddress = await (0, keys_1.readActiveAddress)();
+    }
+    else {
+        // eslint-disable-next-line no-console
+        console.error(ui_1.colors.red(`Unsupported chain "${activeChain}".`));
+        process.exitCode = 1;
+        return;
+    }
+    const repoCfg = buildRepoConfig(repoName, globalCfg, activeAddress, activeChain);
     const wantsPrivate = options?.private || Boolean(options?.sealPolicy || options?.sealSecret);
     if (wantsPrivate) {
-        // We mark it as pending. The actual policy ID will be generated on-chain during 'wit push'.
-        repoCfg.seal_policy_id = 'pending';
-        // eslint-disable-next-line no-console
-        console.log('Initialized as PRIVATE repository. Encryption will be enabled on first push.');
+        if (activeChain === 'sui') {
+            // We mark it as pending. The actual policy ID will be generated on-chain during 'wit push'.
+            const chainCfg = repoCfg.chains?.[activeChain];
+            if (chainCfg) {
+                chainCfg.seal_policy_id = 'pending';
+            }
+            // eslint-disable-next-line no-console
+            console.log('Initialized as PRIVATE repository. Encryption will be enabled on first push.');
+        }
+        else if (activeChain === 'mantle') {
+            repoCfg.isPrivate = true;
+            // eslint-disable-next-line no-console
+            console.log('Initialized as PRIVATE repository (Lit Protocol). Encryption will be enabled on first push.');
+        }
+        else {
+            // eslint-disable-next-line no-console
+            console.log('Warning: --private is only supported on Sui and Mantle for now; no seal policy was set.');
+        }
     }
     await writeConfigIfMissing(path_1.default.join(witDir, 'config.json'), repoCfg);
     await ensureFile(path_1.default.join(witDir, 'HEAD'), 'refs/heads/main\n');
@@ -65,18 +95,50 @@ async function readGlobalConfig() {
         return {};
     }
 }
-function buildRepoConfig(repoName, globalCfg, activeAddress) {
+function buildRepoConfig(repoName, globalCfg, activeAddress, activeChain) {
+    const network = resolveNetwork(activeChain, globalCfg);
+    const relays = globalCfg.relays?.length ? globalCfg.relays : DEFAULT_RELAYS;
+    const chainConfig = buildChainConfig(activeChain, globalCfg, activeAddress, network, relays);
     return {
         repo_name: repoName,
         repo_id: null,
-        network: globalCfg.network || DEFAULT_NETWORK,
-        relays: globalCfg.relays?.length ? globalCfg.relays : DEFAULT_RELAYS,
-        author: globalCfg.author || 'unknown',
-        key_alias: globalCfg.key_alias || 'default',
-        seal_policy_id: null,
+        chain: activeChain,
+        chains: { [activeChain]: chainConfig },
+        network,
         created_at: new Date().toISOString(),
     };
 }
+function buildChainConfig(activeChain, globalCfg, activeAddress, network, relays) {
+    if (activeChain === 'sui') {
+        return {
+            author: activeAddress || globalCfg.author || 'unknown',
+            key_alias: globalCfg.key_alias || 'default',
+            relays,
+            seal_policy_id: null,
+            storage_backend: 'walrus',
+        };
+    }
+    else if (activeChain === 'mantle') {
+        return {
+            author: activeAddress || 'unknown',
+            storage_backend: 'ipfs',
+        };
+    }
+    // eslint-disable-next-line no-console
+    console.error(ui_1.colors.red(`Unsupported chain "${activeChain}".`));
+    process.exitCode = 1;
+    return {
+        author: activeAddress || 'unknown',
+        storage_backend: 'ipfs',
+    };
+}
+function resolveNetwork(activeChain, globalCfg) {
+    if (globalCfg.network)
+        return globalCfg.network;
+    if (activeChain === 'mantle')
+        return 'mainnet';
+    return DEFAULT_NETWORK; // Defaults to 'testnet' for Sui et al.
+}
 async function writeConfigIfMissing(file, cfg) {
     try {
         await promises_1.default.access(file);