{"id":33552208,"url":"https://github.com/sip-protocol/sip-protocol","last_synced_at":"2026-06-16T05:01:14.812Z","repository":{"id":326162637,"uuid":"1104266774","full_name":"sip-protocol/sip-protocol","owner":"sip-protocol","description":"Shielded Intents Protocol - The Privacy Standard for Web3","archived":false,"fork":false,"pushed_at":"2026-01-12T04:55:21.000Z","size":4806,"stargazers_count":1,"open_issues_count":249,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-12T04:55:40.596Z","etag":null,"topics":["blockchain","cross-chain","cryptography","defi","intents","near-protocol","nextjs","privacy","privacy-preserving","sdk","stealth-addresses","typescript","web3","zcash","zero-knowledge-proofs"],"latest_commit_sha":null,"homepage":"https://sip-protocol.org","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sip-protocol.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-26T01:32:32.000Z","updated_at":"2026-01-11T14:01:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/sip-protocol/sip-protocol","commit_stats":null,"previous_names":["rector-labs/sip-protocol"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/sip-protocol/sip-protocol","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sip-protocol%2Fsip-protocol","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sip-protocol%2Fsip-protocol/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sip-protocol%2Fsip-protocol/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sip-protocol%2Fsip-protocol/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sip-protocol","download_url":"https://codeload.github.com/sip-protocol/sip-protocol/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sip-protocol%2Fsip-protocol/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28380809,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-13T10:00:56.084Z","status":"ssl_error","status_checked_at":"2026-01-13T09:45:11.986Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","cross-chain","cryptography","defi","intents","near-protocol","nextjs","privacy","privacy-preserving","sdk","stealth-addresses","typescript","web3","zcash","zero-knowledge-proofs"],"created_at":"2025-11-27T13:03:18.108Z","updated_at":"2026-06-16T05:01:14.701Z","avatar_url":"https://github.com/sip-protocol.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cpre\u003e\n███████╗ ██╗ ██████╗\n██╔════╝ ██║ ██╔══██╗\n███████╗ ██║ ██████╔╝\n╚════██║ ██║ ██╔═══╝\n███████║ ██║ ██║\n╚══════╝ ╚═╝ ╚═╝\n\u003c/pre\u003e\n\n# Shielded Intents Protocol\n\n\u003e **Privacy is not a feature. It's a right.**\n\n**The privacy layer for cross-chain transactions via NEAR Intents + Zcash**\n\n*One toggle to shield them all • Stealth addresses • Zero-knowledge proofs • Selective disclosure • Multi-chain support*\n\n[![CI](https://github.com/sip-protocol/sip-protocol/actions/workflows/ci.yml/badge.svg)](https://github.com/sip-protocol/sip-protocol/actions/workflows/ci.yml)\n[![codecov](https://codecov.io/gh/sip-protocol/sip-protocol/graph/badge.svg)](https://codecov.io/gh/sip-protocol/sip-protocol)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n[![TypeScript](https://img.shields.io/badge/TypeScript-5.0-blue?logo=typescript\u0026logoColor=white)](https://www.typescriptlang.org/)\n[![Next.js](https://img.shields.io/badge/Next.js-14-black?logo=next.js\u0026logoColor=white)](https://nextjs.org/)\n[![NEAR](https://img.shields.io/badge/NEAR-Intents-00C08B?logo=near\u0026logoColor=white)](https://near.org/)\n[![Zcash](https://img.shields.io/badge/Zcash-Shielded-F4B728?logo=zcash\u0026logoColor=black)](https://z.cash/)\n[![Circuits](https://img.shields.io/badge/Noir-Circuits-8B5CF6?logo=data:image/svg%2bxml;base64,PHN2ZyB3aWR0aD0iMjQiIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48Y2lyY2xlIGN4PSIxMiIgY3k9IjEyIiByPSIxMCIgZmlsbD0id2hpdGUiLz48L3N2Zz4=)](docs/specs/CIRCUITS.md)\n[![pnpm](https://img.shields.io/badge/pnpm-Monorepo-F69220?logo=pnpm\u0026logoColor=white)](https://pnpm.io/)\n[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](CONTRIBUTING.md)\n\n**🏆 Winner — [Zypherpunk Hackathon](https://zypherpunk.xyz) ($6,500: NEAR $4,000 + Tachyon $500 + pumpfun $2,000) | #9 of 93 | 3 Tracks**\n**🥇 1st Place — [Solana Graveyard Hackathon](https://solana.com/graveyard-hack) | Torque Sponsor Track ($750)**\n\n\u003c/div\u003e\n\n---\n\n## Table of Contents\n\n- [What is SIP?](#-what-is-sip)\n- [Quick Preview](#-quick-preview)\n- [The Problem](#-the-problem)\n- [The Solution](#-the-solution)\n- [Key Features](#-key-features)\n- [Installation](#-installation)\n- [Quick Start](#-quick-start)\n- [Architecture](#%EF%B8%8F-architecture)\n- [Packages](#-packages)\n- [Infrastructure](#-infrastructure)\n- [Roadmap](#-roadmap)\n- [Tech Stack](#%EF%B8%8F-tech-stack)\n- [Development](#-development)\n- [Contributing](#-contributing)\n- [Security](#-security)\n- [License](#-license)\n- [Acknowledgments](#-acknowledgments)\n\n---\n\n## 🛡️ What is SIP?\n\nSIP (Shielded Intents Protocol) brings **HTTPS-level privacy** to cross-chain transactions. Just as HTTPS encrypted the web without changing how users browse, SIP adds privacy to blockchain intents without changing how users swap.\n\n```\nHTTP → HTTPS (Web privacy upgrade)\nIntents → SIP (Blockchain privacy upgrade)\n```\n\n**Stop exposing your financial activity. Start swapping privately.**\n\n---\n\n## 🎥 Quick Preview\n\n### The Privacy Upgrade\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003cth width=\"50%\"\u003e❌ Public Intent (Everyone sees everything)\u003c/th\u003e\n\u003cth width=\"50%\"\u003e✅ Shielded Intent (Solvers see only what they need)\u003c/th\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd valign=\"top\"\u003e\n\n```typescript\n{\n from: \"0x1234...\",\n inputAmount: 10,\n inputToken: \"SOL\",\n outputToken: \"ETH\",\n recipient: \"0x5678...\"\n}\n```\n\n**Exposed:**\n- 🔴 Your wallet address\n- 🔴 Exact amounts\n- 🔴 Recipient address\n- 🔴 Full transaction history\n\n\u003c/td\u003e\n\u003ctd valign=\"top\"\u003e\n\n```typescript\n{\n intentId: \"abc123\",\n outputToken: \"ETH\",\n minOutput: 0.004,\n inputCommitment: \"0xabc...\",\n recipientStealth: \"0xdef...\",\n proof: \"0x123...\"\n}\n```\n\n**Protected:**\n- ✅ Sender hidden (commitment)\n- ✅ Amount hidden (ZK proof)\n- ✅ Recipient hidden (stealth address)\n- ✅ Unlinkable transactions\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n**Result:** Solvers can fulfill your intent without knowing who you are or where the funds are going.\n\n---\n\n## 🎯 The Problem\n\nCurrent cross-chain solutions expose **everything** about your transactions. This isn't just inconvenient — it's a security risk.\n\n### What's Exposed\n\n| Data Point | Visibility | Risk |\n|------------|------------|------|\n| **Sender Address** | Public | Targeted phishing, social engineering |\n| **Transaction Amount** | Public | Front-running, MEV extraction |\n| **Recipient Address** | Public | Surveillance, address clustering |\n| **Transaction History** | Permanent | Financial profiling, discrimination |\n\n### Real-World Consequences\n\n| Attack Vector | How It Works | Impact |\n|---------------|--------------|--------|\n| **Front-Running** | Bots see your pending swap, execute first | You get worse price |\n| **MEV Extraction** | Validators reorder txs to profit | Value extracted from you |\n| **Phishing** | Attackers identify high-value wallets | Direct theft attempts |\n| **Surveillance** | Exchanges/govts track all activity | Privacy violation |\n| **Price Discrimination** | Services see your balance | Higher fees for wealthy users |\n\n**The blockchain is a public ledger. Without privacy, it's a surveillance system.**\n\n---\n\n## 💡 The Solution\n\nSIP wraps cross-chain intents in a **cryptographic privacy layer** using battle-tested technology from Zcash and cutting-edge stealth address schemes.\n\n### How It Works\n\n```\n┌─────────────────────────────────────────────────────────────────┐\n│ USER │\n│ │ │\n│ ▼ │\n│ ┌─────────────────────────────────────────────────────────┐ │\n│ │ SIP SDK │ │\n│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────────┐ │ │\n│ │ │ Privacy │ │ Stealth │ │ ZK Proof │ │ │\n│ │ │ Toggle │ │ Address Gen │ │ Generation │ │ │\n│ │ └─────────────┘ └─────────────┘ └─────────────────┘ │ │\n│ └─────────────────────────┬───────────────────────────────┘ │\n│ │ │\n│ ▼ │\n│ ┌─────────────────────────────────────────────────────────┐ │\n│ │ SHIELDED INTENT LAYER │ │\n│ │ • Pedersen commitments (hide amounts) │ │\n│ │ • Stealth addresses (hide recipients) │ │\n│ │ • ZK proofs (prove validity without revealing data) │ │\n│ └─────────────────────────┬───────────────────────────────┘ │\n│ │ │\n│ ▼ │\n│ ┌─────────────────────────────────────────────────────────┐ │\n│ │ NEAR INTENTS ROUTER │ │\n│ │ • Intent matching │ │\n│ │ • Solver network │ │\n│ │ • Cross-chain execution │ │\n│ └─────────────────────────┬───────────────────────────────┘ │\n│ │ │\n│ ┌───────────────┼───────────────┐ │\n│ ▼ ▼ ▼ │\n│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │\n│ │ Solana │ │ Zcash │ │ Ethereum │ │\n│ │ │ │ (Privacy │ │ │ │\n│ │ │ │ Backbone) │ │ │ │\n│ └──────────────┘ └──────────────┘ └──────────────┘ │\n└─────────────────────────────────────────────────────────────────┘\n```\n\n### Core Mechanisms\n\n| Mechanism | Purpose | Technology |\n|-----------|---------|------------|\n| **Pedersen Commitments** | Hide transaction amounts | `value * G + blinding * H` |\n| **Stealth Addresses** | One-time recipient addresses | EIP-5564 style, secp256k1 |\n| **ZK Proofs** | Prove validity without revealing data | Zcash proving system |\n| **Viewing Keys** | Selective disclosure for compliance | Derived key pairs |\n\n---\n\n## ✨ Key Features\n\n### 🔒 **One-Click Privacy**\nToggle between public and shielded modes with a single switch. No complex setup, no key management headaches.\n\n### 🌐 **Multi-Chain Support**\nWorks across Solana, Ethereum, NEAR, and more. Privacy shouldn't be chain-specific.\n\n### 📊 **Three Privacy Levels**\n\n| Level | Description | Use Case |\n|-------|-------------|----------|\n| `TRANSPARENT` | Standard public transaction | When privacy isn't needed |\n| `SHIELDED` | Full privacy via Zcash pool | Personal transactions |\n| `COMPLIANT` | Privacy + viewing key | Institutional/regulatory |\n\n### 👻 **Stealth Addresses**\nEvery transaction uses a fresh one-time address. No address reuse, no transaction linkability.\n\n### 🔑 **Viewing Keys**\nSelective disclosure for audits and compliance. Prove your transaction history without exposing it to everyone.\n\n### 🛡️ **MEV Protection**\nHidden amounts and recipients mean front-runners can't extract value from your trades.\n\n### ⚡ **Zero UX Friction**\nSame swap interface you're used to. Privacy happens under the hood.\n\n---\n\n## 📦 Installation\n\n```bash\n# npm\nnpm install @sip-protocol/sdk\n\n# pnpm\npnpm add @sip-protocol/sdk\n\n# yarn\nyarn add @sip-protocol/sdk\n```\n\n---\n\n## 🚀 Quick Start\n\n### 1. Initialize the SDK\n\n```typescript\nimport { SIP, PrivacyLevel } from '@sip-protocol/sdk';\n\nconst sip = new SIP({\n network: 'mainnet', // NEAR Intents is mainnet-only (no testnet)\n});\n```\n\n\u003e **Note:** NEAR Intents (1Click API) operates on **mainnet only**. There is no testnet deployment.\n\u003e For testing: use `MockSolver` for unit tests, or small mainnet amounts ($5-10) for integration testing.\n\n### 2. Create a Shielded Intent\n\n```typescript\nconst intent = await sip.createIntent({\n input: {\n chain: 'solana',\n token: 'SOL',\n amount: 10,\n },\n output: {\n chain: 'ethereum',\n token: 'ETH',\n },\n privacy: PrivacyLevel.SHIELDED,\n});\n```\n\n### 3. Get Quotes \u0026 Execute\n\n```typescript\n// Solvers compete to fill your intent\nconst quotes = await intent.getQuotes();\n\n// Execute with the best quote\nconst result = await intent.execute(quotes[0]);\n\nconsole.log(result.status); // 'fulfilled'\nconsole.log(result.txHash); // null (shielded!)\nconsole.log(result.proof); // ZK proof of execution\n```\n\n### 4. Choose Your Privacy Level\n\n```typescript\n// Public mode (standard intent, no privacy)\nprivacy: PrivacyLevel.TRANSPARENT\n\n// Full privacy (via Zcash shielded pool)\nprivacy: PrivacyLevel.SHIELDED\n\n// Privacy + audit capability (for institutions)\nprivacy: PrivacyLevel.COMPLIANT,\nviewingKey: generateViewingKey()\n```\n\n---\n\n## 🏗️ Architecture\n\n\u003e **Full architecture documentation**: [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md)\n\u003e\n\u003e **Design decisions**: [Why Noir over Halo2?](docs/decisions/NOIR-VS-HALO2.md)\n\n### Component Overview\n\n```\nsip-protocol/\n├── examples/ # Integration examples\n│ ├── private-swap/ # Private swap example\n│ ├── private-payment/ # Stealth payment example\n│ └── compliance/ # Viewing key example\n├── packages/\n│ ├── sdk/ # @sip-protocol/sdk\n│ │ ├── src/stealth.ts # Stealth address generation\n│ │ ├── src/intent.ts # Intent builder\n│ │ ├── src/privacy.ts # Viewing key management\n│ │ ├── src/crypto.ts # Pedersen commitments\n│ │ └── src/sip.ts # Main client class\n│ └── types/ # @sip-protocol/types\n│ ├── src/intent.ts # ShieldedIntent interface\n│ ├── src/privacy.ts # PrivacyLevel enum\n│ └── src/stealth.ts # Stealth address types\n└── docs/ # Documentation\n```\n\n### Data Flow\n\n```\nUser Input → Privacy Layer → Intent Creation → Solver Network → Execution\n │ │ │ │ │\n │ ▼ │ │ │\n │ ┌──────────┐ │ │ │\n │ │ Generate │ │ │ │\n │ │ Stealth │ │ │ │\n │ │ Address │ │ │ │\n │ └──────────┘ │ │ │\n │ │ │ │ │\n │ ▼ │ │ │\n │ ┌──────────┐ │ │ │\n │ │ Create │ │ │ │\n │ │ Pedersen │ │ │ │\n │ │Commitment│ │ │ │\n │ └──────────┘ │ │ │\n │ │ │ │ │\n │ ▼ │ │ │\n │ ┌──────────┐ │ │ │\n │ │ Generate │ │ │ │\n │ │ ZK Proof │ │ │ │\n │ └──────────┘ │ │ │\n │ │ │ │ │\n └──────────────┴──────────────┴─────────────────┴─────────────┘\n```\n\n---\n\n## 📚 Packages\n\n| Package | Version | Description | Tests |\n|---------|---------|-------------|-------|\n| [`@sip-protocol/sdk`](packages/sdk) | 0.7.3 | Core SDK for shielded intents | 6,603 |\n| [`@sip-protocol/types`](packages/types) | 0.2.1 | TypeScript type definitions | - |\n| [`@sip-protocol/react`](packages/react) | 0.1.0 | React hooks for SIP | 82 |\n| [`@sip-protocol/cli`](packages/cli) | 0.2.0 | CLI tool | 10 |\n| [`@sip-protocol/api`](packages/api) | 0.1.0 | REST API wrapper | 18 |\n| [`@sip-protocol/react-native`](packages/react-native) | 0.1.1 | iOS/Android SDK | 10 |\n| [`circuits`](packages/circuits) | - | Noir ZK circuits | - |\n\n**On-chain Programs:**\n| Program | Description |\n|---------|-------------|\n| [`sip-privacy`](programs/sip-privacy) | Solana Anchor program |\n| [`sip-ethereum`](contracts/sip-ethereum) | Ethereum Foundry contracts |\n\n**Examples:** 11 integration examples in [`examples/`](examples/)\n\n---\n\n## 🔌 Infrastructure\n\nSIP is **infrastructure-agnostic** — use your preferred RPC providers without changing your application code.\n\n### Solana RPC Providers\n\n| Provider | Best For | Real-time | Special Features |\n|----------|----------|-----------|------------------|\n| **[Helius](https://helius.dev)** | Production apps | Webhooks | DAS API, rich metadata |\n| **[QuickNode](https://quicknode.com)** | Enterprise | Yellowstone gRPC | Global edge network |\n| **[Triton](https://triton.one)** | DeFi/Trading | Dragon's Mouth gRPC | ~400ms latency advantage |\n| **Generic** | Development | WebSocket | No API key required |\n\n```typescript\nimport { createProvider } from '@sip-protocol/sdk'\n\n// Same API, different backends — your choice\nconst provider = createProvider('quicknode', { endpoint: process.env.QUICKNODE_ENDPOINT })\n// or: createProvider('helius', { apiKey: process.env.HELIUS_API_KEY })\n// or: createProvider('triton', { xToken: process.env.TRITON_TOKEN })\n// or: createProvider('generic', { connection })\n\n// All providers work identically\nconst assets = await provider.getAssetsByOwner('7xK9...')\n```\n\n### Why Provider-Agnostic?\n\n- **No vendor lock-in** — switch providers without code changes\n- **Best-of-breed** — use Helius for DAS, QuickNode for gRPC, mix and match\n- **Open-source tooling** — unified interface benefits the entire ecosystem\n- **Resilience** — easy failover between providers\n\nSee [SDK README](packages/sdk/README.md) for detailed provider documentation.\n\n---\n\n## 🗺️ Roadmap\n\nSee [ROADMAP.md](ROADMAP.md) for detailed milestone tracking.\n\n### Phase 1-3: Foundation ✅ **Complete** (M1-M15)\n\n- ✅ Core SDK with stealth addresses, Pedersen commitments, viewing keys\n- ✅ Multi-chain support (15+ chains including Solana, Ethereum, NEAR)\n- ✅ ZK proof system (Noir circuits, browser proving)\n- ✅ NEAR Intents + Zcash integration\n- ✅ React, CLI, API packages\n- ✅ 6,661+ tests\n\n### Phase 4: Same-Chain Expansion 🎯 **Active** (M16-M18)\n\n- ✅ M16: Narrative capture (content, community, positioning)\n- ✅ M17: Solana same-chain privacy (Complete - Jan 2026)\n- 🎯 M18: Ethereum same-chain privacy (Active)\n\n### Phase 5: Technical Moat 🔲 **Planned** (M19-M22)\n\n- 🔲 M19: Proof composition (Zcash + Mina)\n- 🔲 M20: Multi-language SDK (Python, Rust, Go)\n- 🔲 M21: SIP-EIP standard proposal\n- 🔲 M22: Institutional custody integration\n\n---\n\n## 🛠️ Tech Stack\n\n| Category | Technology | Purpose |\n|----------|------------|---------|\n| **Framework** | Next.js 14 (App Router) | Reference application |\n| **Language** | TypeScript (strict mode) | Type safety |\n| **Styling** | Tailwind CSS + shadcn/ui | UI components |\n| **State** | Zustand | Client state management |\n| **Monorepo** | pnpm + Turborepo | Package management |\n| **Cryptography** | @noble/curves, @noble/hashes | Stealth addresses, commitments |\n| **Deployment** | Vercel | Hosting |\n\n---\n\n## 💻 Development\n\n### Prerequisites\n\n- Node.js 18+\n- pnpm 8+\n\n### Setup\n\n```bash\n# Clone the repository\ngit clone https://github.com/sip-protocol/sip-protocol.git\ncd sip-protocol\n\n# Install dependencies\npnpm install\n\n# Start development\npnpm dev\n```\n\n### Commands\n\n```bash\npnpm dev # Start development server\npnpm build # Build all packages\npnpm test -- --run # Run all tests (6,661+)\npnpm lint # Lint code\npnpm typecheck # Type check\n```\n\n---\n\n## 🤝 Contributing\n\nWe welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n### Areas for Contribution\n\n- Protocol improvements\n- SDK features\n- Documentation\n- Security audits\n- Chain integrations\n\n---\n\n## 🔐 Security\n\nSIP is experimental software. Use at your own risk.\n\n### Threat Model\n\nSee our comprehensive [Threat Model](docs/security/THREAT-MODEL.md) for:\n- Identified attack vectors and mitigations\n- Trust assumptions and security boundaries\n- Severity ratings for each threat category\n- Security recommendations for users, integrators, and operators\n\n### Zcash RPC Security\n\n**CRITICAL:** Always use HTTPS/TLS when connecting to Zcash nodes in production.\n\nThe Zcash RPC client uses HTTP Basic Authentication, which transmits credentials in base64-encoded cleartext. Without TLS/HTTPS:\n- RPC credentials are vulnerable to network sniffing\n- All transaction data can be intercepted\n- Man-in-the-middle attacks are possible\n\n**Production Requirements:**\n- ✅ Use `https://` URLs for Zcash RPC endpoints\n- ✅ Configure zcashd with valid TLS certificates\n- ✅ Store credentials in secure environment variables\n- ✅ Use network-level access controls (firewall rules, VPCs)\n- ❌ NEVER use HTTP in production\n- ❌ NEVER hardcode credentials in source code\n\n**Example:**\n```typescript\n// ✅ Production (HTTPS)\nconst client = new ZcashRPCClient({\n host: 'https://your-node.com',\n port: 8232,\n username: process.env.ZCASH_RPC_USER,\n password: process.env.ZCASH_RPC_PASS,\n})\n\n// ⚠️ Development only (HTTP on localhost)\nconst testClient = new ZcashRPCClient({\n host: '127.0.0.1',\n port: 18232,\n username: 'test',\n password: 'test',\n testnet: true,\n})\n```\n\n### Reporting Security Issues\n\nIf you discover a security vulnerability, please report it responsibly:\n- Email: security@sip-protocol.xyz\n- Do NOT open public issues for security vulnerabilities\n\n---\n\n## 📄 License\n\n[MIT License](LICENSE) — see LICENSE file for details.\n\n---\n\n## 🙏 Acknowledgments\n\nSIP builds on the shoulders of giants:\n\n- [Zcash](https://z.cash) — Privacy-preserving cryptocurrency and proving system\n- [NEAR Protocol](https://near.org) — Intent-centric blockchain infrastructure\n- [EIP-5564](https://eips.ethereum.org/EIPS/eip-5564) — Stealth address standard\n- [@noble/curves](https://github.com/paulmillr/noble-curves) — Audited cryptographic primitives\n- The broader privacy and cryptography research community\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**🏆 Winner — [Zypherpunk Hackathon](https://zypherpunk.xyz) ($6,500) | #9 of 93 | 3 Tracks**\n**🥇 1st Place — [Solana Graveyard Hackathon](https://solana.com/graveyard-hack) | Torque Sponsor Track ($750)**\n\n*Privacy is not a feature. It's a right.*\n\n[Documentation](docs/) · [Examples](examples/) · [Report Bug](https://github.com/RECTOR-LABS/sip-protocol/issues)\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsip-protocol%2Fsip-protocol","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsip-protocol%2Fsip-protocol","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsip-protocol%2Fsip-protocol/lists"}