feat(examples): add keyless Zcash transparent signer example#501
Draft
clawdbot-glitch003 wants to merge 2 commits into
Draft
feat(examples): add keyless Zcash transparent signer example#501clawdbot-glitch003 wants to merge 2 commits into
clawdbot-glitch003 wants to merge 2 commits into
Conversation
A keyless Zcash transparent (t1) wallet bound to a Lit Action's CID. The action derives a secp256k1 t1 address from its own identity key, builds and ZIP-243 signs every transaction it sends (BLAKE2b sighash personalized by the consensus branch ID), and only signs single-recipient P2PKH transfers under a code-bound cap with change forced back to itself. Includes the action, a Blockchair-backed client (setup/address/balance/transfer), and a README. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
Dependency limit exceeded — report not shown. This pull request scan exceeded the 10,000-dependency limit applied to this scan, so the results are incomplete and may be inaccurate. To avoid reporting false positives, Socket has not posted a report. Upgrade your plan to raise the dependency limit and get complete reports, or view the partial scan in the dashboard. Socket is always free for open source. If this is a non-commercial open source project, contact us to request a free Team account. |
Captures the full state for picking this up later: what the transparent example is and how it was verified, the shielded (Orchard) target design, the WASM proving spike with real native/local/TEE numbers (and the spike crate source), the wasm-delivery 413 tension, and the two infra blockers (ingress timeout PR #442; on-chain LIT_ACTION_DEFAULT_MEMORY_LIMIT_MB -> 256) with a step-by-step resume checklist. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
clawdbot-glitch003
marked this pull request as draft
June 16, 2026 19:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What's here now (transparent — complete & verified)
A keyless Zcash transparent (
t1) wallet bound to a Lit Action's CID, modeled onexamples/solana-signer. The action derives a secp256k1t1address from its own identity key, builds a v4 transaction, computes the ZIP-243 BLAKE2b sighash (NU6 branch id), and only signs single-recipient P2PKH transfers under a code-bound cap with change forced back to itself; the client uses Blockchair mainnet REST for UTXOs/broadcast. The signing path was checked against all 10 officialzip_0243test vectors (10/10) plus canonical secp256k1/DER vectors and an end-to-end run of the real action.Why it's a draft
The original intent was to pivot this to a shielded (Orchard) signer. That was scoped and proven feasible with a real spike — the
orchardcrate compiled to WASM generates a Halo2 proof inside a real Lit Action (~100 MB peak, ~56 s in the TEE). It's parked behind two infra limit bumps that must land on dev first:dstack-ingress's internal nginx cuts responses at 60 s. Fixed in fix(phala): raise dstack-ingress nginx proxy timeouts to 900s #442 (raisesPROXY_READ_TIMEOUTto 900 s); needs merge + dev redeploy.LIT_ACTION_DEFAULT_MEMORY_LIMIT_MB(default 64, max 640) needs setting to 256 via the monitor dapp (no code change).To resume
Land the two limits on dev, re-run the spike proof to confirm it returns, then build the real Orchard prover (real spends + v5 tx assembly), the wasm-loading JS action (fetch + pinned SHA-256 so it stays CID-bound), and a lightwalletd (
lwd.testnet.zec.pro) client for note scanning + broadcast. Full details, exact spike numbers, and the spike crate source are in the handoff doc. The transparent example may be removed in favor of shielded at that point.