{"id":46566577,"url":"https://github.com/sip-protocol/sipher","last_synced_at":"2026-03-07T07:11:54.328Z","repository":{"id":336290678,"uuid":"1149062128","full_name":"sip-protocol/sipher","owner":"sip-protocol","description":"Sipher — Privacy-as-a-Skill for Solana Agents. Powered by SIP Protocol.","archived":false,"fork":false,"pushed_at":"2026-02-24T03:32:05.000Z","size":14910,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-24T09:46:44.309Z","etag":null,"topics":["ai-agent","hackathon","openclaw","pedersen-commitments","privacy","sip-protocol","solana","stealth-addresses","typescript","web3"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sip-protocol.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-03T17:19:03.000Z","updated_at":"2026-02-24T03:32:08.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/sip-protocol/sipher","commit_stats":null,"previous_names":["sip-protocol/sipher"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sip-protocol/sipher","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sip-protocol%2Fsipher","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sip-protocol%2Fsipher/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sip-protocol%2Fsipher/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sip-protocol%2Fsipher/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sip-protocol","download_url":"https://codeload.github.com/sip-protocol/sipher/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sip-protocol%2Fsipher/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30209484,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T05:23:27.321Z","status":"ssl_error","status_checked_at":"2026-03-07T05:00:17.256Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agent","hackathon","openclaw","pedersen-commitments","privacy","sip-protocol","solana","stealth-addresses","typescript","web3"],"created_at":"2026-03-07T07:11:53.817Z","updated_at":"2026-03-07T07:11:54.307Z","avatar_url":"https://github.com/sip-protocol.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\u003cpre\u003e\n███████╗██╗██████╗ ██╗ ██╗███████╗██████╗\n██╔════╝██║██╔══██╗██║ ██║██╔════╝██╔══██╗\n███████╗██║██████╔╝███████║█████╗ ██████╔╝\n╚════██║██║██╔═══╝ ██╔══██║██╔══╝ ██╔══██╗\n███████║██║██║ ██║ ██║███████╗██║ ██║\n╚══════╝╚═╝╚═╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝\n\u003c/pre\u003e\n\n# Sipher — Privacy-as-a-Skill for Multi-Chain Agents\n\n\u003e **Your agent's wallet is a public diary. Sipher closes the book.**\n\n**REST API + OpenClaw skill that gives any autonomous agent stealth addresses,\nhidden amounts, and compliance viewing keys across 17 chains.**\n\n*Stealth addresses • Pedersen commitments • Viewing key hierarchies • On-chain Anchor program • 4 client SDKs*\n\n[![Tests](https://img.shields.io/badge/tests-573%20passing-brightgreen)]()\n[![Endpoints](https://img.shields.io/badge/endpoints-71-blue)]()\n[![Chains](https://img.shields.io/badge/chains-17-purple)]()\n[![SDKs](https://img.shields.io/badge/SDKs-4-orange)]()\n[![TypeScript](https://img.shields.io/badge/TypeScript-strict-3178C6?logo=typescript\u0026logoColor=white)]()\n[![Solana](https://img.shields.io/badge/Solana-Mainnet-9945FF?logo=solana\u0026logoColor=white)]()\n[![Express](https://img.shields.io/badge/Express-5-000000?logo=express\u0026logoColor=white)]()\n[![License: MIT](https://img.shields.io/badge/license-MIT-blue)](LICENSE)\n\n**Colosseum Agent Hackathon** | Agent #274 | [Live API](https://sipher.sip-protocol.org) | [Live Demo](https://sipher.sip-protocol.org/v1/demo) | [API Docs](https://sipher.sip-protocol.org/docs) | [Skill File](https://sipher.sip-protocol.org/skill.md)\n\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\nhttps://github.com/user-attachments/assets/a4a87b0c-7168-4677-b8e6-457debb98cb0\n\n\u003c/div\u003e\n\n---\n\n## Table of Contents\n\n- [The Problem](#-the-problem)\n- [The Solution](#-the-solution)\n- [Your First Private Payment](#-your-first-private-payment-in-3-api-calls)\n- [Demo Video + Live Demo](#-live-demo-no-api-key-required)\n- [What is Sipher?](#-what-is-sipher)\n- [Trust Model](#-trust-model)\n- [On-Chain Program](#%EF%B8%8F-on-chain-program)\n- [Cryptographic Primitives](#-cryptographic-primitives-real-not-mocked)\n- [Key Features](#-key-features)\n- [Built for Agents, Not Humans](#-built-for-agents-not-humans)\n- [What's Real vs. What's Preview](#-whats-real-vs-whats-preview)\n- [Quick Start](#-quick-start)\n- [SDK Depth](#-sdk-depth-sip-protocolsdk-v074)\n- [API Endpoints](#-api-endpoints-70-total)\n- [Multi-Chain Support](#-multi-chain-support-17-chains)\n- [Agent Workflow](#-agent-workflow)\n- [Architecture](#%EF%B8%8F-architecture)\n- [Client SDKs](#-client-sdks)\n- [Test Suite](#-test-suite-554-tests-35-suites)\n- [Tech Stack](#%EF%B8%8F-tech-stack)\n- [Deployment](#-deployment)\n- [Decentralization Roadmap](#%EF%B8%8F-decentralization-roadmap)\n- [License](#-license)\n\n---\n\n## 🎯 The Problem\n\nEvery agent transaction is a public broadcast. MEV bots, competitors, and surveillance actors can see everything:\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003cth width=\"50%\"\u003e❌ Public Agent Transaction\u003c/th\u003e\n\u003cth width=\"50%\"\u003e✅ Shielded Agent Transaction (Sipher)\u003c/th\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd valign=\"top\"\u003e\n\n```\nSender: AgentAlice.sol\nRecipient: AgentBob.sol\nAmount: 50 SOL\nToken: wSOL\nTime: 2024-02-08 14:30 UTC\n```\n\n- 🔴 Sender address exposed → targeted phishing\n- 🔴 Recipient known → front-running, sandwich attacks\n- 🔴 Amount visible → MEV extraction\n- 🔴 Pattern analysis → trading strategy leaked\n- 🔴 Counterparty graph → competitive intelligence\n\n\u003c/td\u003e\n\u003ctd valign=\"top\"\u003e\n\n```\nSender: \u003cstealth address\u003e\nRecipient: \u003cone-time stealth address\u003e\nAmount: \u003cPedersen commitment\u003e\nProof: \u003crange proof: amount ≥ threshold\u003e\nAudit: \u003cviewing key for compliance\u003e\n```\n\n- ✅ Stealth address → unlinkable sender\n- ✅ One-time address → no recipient reuse\n- ✅ Hidden amount → Pedersen commitment\n- ✅ Compliance → selective disclosure via viewing keys\n- ✅ On-chain proof → verifiable without revealing data\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n---\n\n## 💡 The Solution\n\nSipher sits between your agent and the blockchain, adding privacy primitives to every transaction:\n\n```\nAgent (Claude, LangChain, CrewAI, OpenClaw, etc.)\n │\n ▼ REST API (any language, any framework)\n┌──────────────────────────────────────────────────────────────────┐\n│ Sipher API │\n│ Express 5 + TypeScript │ 71 endpoints │ Tiered rate limiting │\n│ │\n│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │\n│ │ Auth │ │ Rate │ │ Idempot- │ │ Audit │ │\n│ │ (tiered) │ │ Limit │ │ ency │ │ Log │ │\n│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │\n│ └─────────────┼───────────┼─────────────┘ │\n└─────────────────────┼───────────┼────────────────────────────────┘\n │ │\n ┌────────────┴───────────┴────────────┐\n ▼ ▼\n┌──────────────────┐ ┌───────────────────────┐\n│ @sip-protocol │ │ Solana Mainnet │\n│ /sdk v0.7.4 │ │ │\n│ │ │ Program: │\n│ • Ed25519 ECDH │ │ S1PMFs...9at │\n│ • secp256k1 │ │ │\n│ • Pedersen │ │ Config PDA: │\n│ • XChaCha20 │ │ BVawZk...WZwZ │\n│ • BIP32 keys │ │ │\n│ • Anchor txs │ │ ZK Verifier: │\n│ • Range proofs │ │ Sunspot (roadmap) │\n│ • 17 chains │ │ │\n└──────────────────┘ └───────────────────────┘\n```\n\n---\n\n## 🚀 Your First Private Payment in 3 API Calls\n\nNo setup, no SDK, no wallet. Just `curl`.\n\n**Step 1 — Generate a stealth meta-address (recipient side):**\n\n```bash\ncurl -s -X POST https://sipher.sip-protocol.org/v1/stealth/generate \\\n -H \"Content-Type: application/json\" \\\n -H \"X-API-Key: your-key\" \\\n -d '{\"chain\": \"solana\"}' | jq '.data.metaAddress'\n```\n\nReturns spending + viewing public keys (base58 for Solana). Share these with the sender.\n\n**Step 2 — Derive a one-time stealth address (sender side):**\n\n```bash\ncurl -s -X POST https://sipher.sip-protocol.org/v1/stealth/derive \\\n -H \"Content-Type: application/json\" \\\n -H \"X-API-Key: your-key\" \\\n -d '{\n \"recipientMetaAddress\": {\n \"spendingKey\": \"\u003cspendingKey from step 1\u003e\",\n \"viewingKey\": \"\u003cviewingKey from step 1\u003e\",\n \"chain\": \"solana\"\n }\n }' | jq '.data.stealthAddress'\n```\n\nReturns an unlinkable one-time address. No one can connect it to the recipient.\n\n**Step 3 — Build a shielded transfer:**\n\n```bash\ncurl -s -X POST https://sipher.sip-protocol.org/v1/transfer/shield \\\n -H \"Content-Type: application/json\" \\\n -H \"X-API-Key: your-key\" \\\n -d '{\n \"senderAddress\": \"YourSolanaAddress\",\n \"recipientMetaAddress\": {\n \"spendingKey\": \"\u003cspendingKey from step 1\u003e\",\n \"viewingKey\": \"\u003cviewingKey from step 1\u003e\",\n \"chain\": \"solana\"\n },\n \"amount\": \"1000000000\",\n \"mint\": \"So11111111111111111111111111111111111111112\"\n }' | jq '.data'\n```\n\nReturns an unsigned transaction + Pedersen commitment. Sign and submit to Solana.\n\n**Or see everything at once (no API key needed):**\n\n```bash\ncurl -s https://sipher.sip-protocol.org/v1/demo | jq '.data.summary'\n```\n\n---\n\n## 🎥 Live Demo (No API Key Required)\n\n25 real cryptographic operations executing live — no mocks, no fakes:\n\n```bash\ncurl https://sipher.sip-protocol.org/v1/demo | jq '.data.summary'\n```\n\n```json\n{\n \"stepsCompleted\": 25,\n \"endpointsExercised\": 35,\n \"cryptoOperations\": 37,\n \"allPassed\": true,\n \"chainsDemo\": [\"solana\", \"ethereum\", \"near\", \"cosmos\"],\n \"realCrypto\": [\n \"Ed25519 ECDH (stealth addresses)\",\n \"secp256k1 ECDH (EVM/Cosmos stealth)\",\n \"Pedersen commitments (homomorphic)\",\n \"XChaCha20-Poly1305 (viewing key encryption)\",\n \"BIP32 hierarchical key derivation\",\n \"STARK range proofs (M31 limbs)\",\n \"Keccak256 nullifier derivation (governance)\"\n ]\n}\n```\n\n---\n\n## 🛡️ What is Sipher?\n\nSipher wraps [SIP Protocol](https://sip-protocol.org)'s privacy SDK as a **REST API** and **OpenClaw-compatible skill**. Any autonomous agent — Claude, LangChain, CrewAI, OpenClaw, or raw HTTP — can call Sipher to transact privately across 17 blockchains.\n\nThink of it like upgrading from HTTP to HTTPS, but for agent transactions:\n\n```\nPublic Transactions → Sipher API → Private Transactions\n(everyone sees) (one call) (only you and your auditor see)\n```\n\n---\n\n## 🔐 Trust Model\n\nAgents trusting a REST API with cryptographic material is a real concern. Here's exactly what Sipher sees at each endpoint:\n\n| Endpoint | Server Sees | Server Does NOT See | Trust Level |\n|----------|-------------|---------------------|-------------|\n| `/stealth/generate` | `chain` param | — (keys generated \u0026 returned, not stored) | **Low** |\n| `/stealth/derive` | Meta-address public keys | Recipient private keys | **Low** |\n| `/stealth/check` | Both private keys (ephemeral) | — | **High** |\n| `/transfer/shield` | Sender, meta-address, amount | Recipient private keys | **Medium** |\n| `/transfer/claim` | Spending + viewing private keys | — | **Critical** |\n| `/commitment/create` | Plaintext value | — (commitment hides on-chain) | **Medium** |\n| `/viewing-key/disclose` | Viewing key + plaintext tx data | — | **High** |\n| `/viewing-key/decrypt` | Viewing key + ciphertext | — | **High** |\n| `/scan/assets` | Stealth address (public) | Private keys | **Low** |\n\n**Mitigations:**\n\n- **Stateless server** — no keys, private data, or session secrets are persisted. Every request is independent.\n- **Audit log redaction** — all private keys, blinding factors, and viewing keys are automatically redacted (`[REDACTED]`) in structured logs.\n- **Zero-trust alternative** — for maximum security, agents can use [`@sip-protocol/sdk`](https://github.com/sip-protocol/sdk) directly. Same cryptographic primitives, no server involved.\n- **`/transfer/claim` caveat** — this is a convenience endpoint. Production agents should derive stealth keys client-side using the SDK and only submit the resulting transaction.\n\n---\n\n## ⛓️ On-Chain Program\n\nSipher's privacy operations are backed by a deployed Solana Anchor program:\n\n| Field | Value |\n|-------|-------|\n| **Program ID** | `S1PMFspo4W6BYKHWkHNF7kZ3fnqibEXg3LQjxepS9at` |\n| **Config PDA** | `BVawZkppFewygA5nxdrLma4ThKx8Th7bW4KTCkcWTZwZ` |\n| **Fee Collector** | `S1P6j1yeTm6zkewQVeihrTZvmfoHABRkHDhabWTuWMd` |\n| **Network** | Solana Mainnet-Beta |\n| **Features** | Transfer records (PDA), Pedersen commitments, viewing key hashes |\n| **SDK Function** | `shieldedTransfer()` — builds Anchor instructions with discriminators |\n| **ZK Verifier** | SunspotVerifier — Noir → Groth16 (in SDK, integration roadmap) |\n\nThe `transfer/shield` endpoint builds unsigned transactions targeting this program. The SDK's `shieldedTransfer()` constructs the full Anchor instruction with account discriminators, PDA derivation for transfer records, and commitment data embedding.\n\n---\n\n## 🔬 Cryptographic Primitives (Real, Not Mocked)\n\nEvery crypto operation uses audited, production-grade libraries:\n\n| Primitive | Library | What It Does |\n|-----------|---------|-------------|\n| **Ed25519 Stealth** | `@noble/curves` | One-time addresses via ECDH (Solana, NEAR, Move) |\n| **secp256k1 Stealth** | `@noble/curves` | EVM, Cosmos, Bitcoin stealth addresses |\n| **Pedersen Commitments** | `@sip-protocol/sdk` | Homomorphic hidden amounts (add, subtract, verify) |\n| **XChaCha20-Poly1305** | `@noble/ciphers` | Viewing key encryption/decryption (AEAD) |\n| **SHA-256** | `@noble/hashes` | Key hashing, view tags |\n| **Keccak-256** | `@noble/hashes` | Nullifier derivation (governance) |\n| **BIP32/BIP39** | `@scure/bip32` | Hierarchical viewing key derivation |\n| **STARK Range Proofs** | Custom (M31 field) | Prove value \u003e= threshold without revealing value |\n\nAll `@noble/*` and `@scure/*` libraries are by [Paul Miller](https://paulmillr.com/) — independently audited, zero-dependency, used by MetaMask, Ethereum Foundation, and the broader Web3 ecosystem.\n\n---\n\n## ✨ Key Features\n\n- **Agent-First REST API** — any language, any framework, just HTTP\n- **17-Chain Stealth Addresses** — auto curve detection (ed25519/secp256k1)\n- **Homomorphic Pedersen Commitments** — add and subtract hidden amounts\n- **Compliance Viewing Keys** — BIP32 hierarchy, selective disclosure, auditor encryption\n- **Shielded Transfers** — unsigned transaction building for Solana (SOL + SPL tokens)\n- **Chain-Agnostic Private Transfer** — Solana, EVM (5 chains), and NEAR in one endpoint\n- **Privacy Scoring** — 0-100 wallet analysis with factor breakdown and recommendations\n- **STARK Range Proofs** — prove value \u003e= threshold without revealing the value\n- **Governance Voting** — encrypted ballots with homomorphic tally and nullifier-based double-vote prevention\n- **Backend Comparison Engine** — SIPNative, Arcium MPC, Inco FHE with scoring and recommendations\n- **Session Management** — persistent defaults per agent (chain, privacy level, backend)\n- **Daily Quotas + Tiered Rate Limiting** — free (100/hr), pro (10K/hr), enterprise (100K/hr)\n- **4 Auto-Generated Client SDKs** — TypeScript, Python, Rust, Go\n- **OpenClaw Skill File** — `GET /skill.md` for agent discovery\n- **Live Demo** — `GET /v1/demo` runs 25 real crypto operations, no auth required\n\n---\n\n## 🤖 Built for Agents, Not Humans\n\nSipher isn't a human tool with an API bolted on. Every design decision prioritizes autonomous agents:\n\n| Pillar | How Sipher Delivers |\n|--------|-------------------|\n| **Discovery** | [`/skill.md`](https://sipher.sip-protocol.org/skill.md) — OpenClaw-compatible skill file. Agents discover, parse, and use all 71 endpoints without human configuration. Self-describing API at `/`, error catalog at `/v1/errors`, full schema at `/v1/openapi.json`. |\n| **Integration** | Pure REST + JSON. No browser, no OAuth, no cookies. 4 auto-generated SDKs (TypeScript, Python, Rust, Go). API key auth via `X-API-Key` header — the simplest auth pattern for agents. |\n| **Autonomy** | [`privacy-demo-agent.ts`](scripts/privacy-demo-agent.ts) runs 20 steps across 34 endpoints with zero human intervention. Sessions (`X-Session-Id`) maintain state across multi-step workflows. No CAPTCHA, no manual verification. |\n| **Reliability** | 11+ mutation endpoints support `Idempotency-Key` for safe retries. Structured error responses with machine-readable codes and retry guidance. Agents can reason about failures, not parse HTML error pages. |\n| **Economy** | Usage metering + daily quotas + tiered billing (free/pro/enterprise). Agents can check quota at `/v1/billing/usage` and plan operations. Pay-per-use infrastructure for the agent economy. |\n\n**Autonomous agent demo (zero human intervention):**\n\n```bash\nnpx tsx scripts/privacy-demo-agent.ts\n# 20 steps: generate → derive → shield → scan → claim → encrypt → disclose → govern → tally\n```\n\n**Multi-agent payment demo (Alice → Bob → Auditor):**\n\n```bash\nnpx tsx scripts/multi-agent-demo.ts\n# 5 acts: setup → payment → discovery → claim → compliance (17 endpoints)\n```\n\n**LangChain tool integration:**\n\n```typescript\n// Sipher works as a LangChain StructuredTool — no special SDK needed\nclass SipherStealthGenerate extends StructuredTool {\n name = 'sipher_stealth_generate'\n description = 'Generate a stealth meta-address for private payments'\n schema = z.object({ chain: z.string().optional() })\n\n async _call({ chain }: { chain?: string }) {\n const res = await fetch('https://sipher.sip-protocol.org/v1/stealth/generate', {\n method: 'POST',\n headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.SIPHER_KEY! },\n body: JSON.stringify({ chain: chain || 'solana' }),\n })\n return JSON.stringify((await res.json()).data.metaAddress)\n }\n}\n\n// Works with: LangChain, CrewAI, AutoGPT, OpenClaw, any tool-calling framework\n// Full example: npx tsx scripts/langchain-tool-example.ts\n```\n\n---\n\n## Performance\n\nCore endpoint latency (localhost, Node.js 22, Apple M-series):\n\n| Endpoint | p50 | p95 | p99 |\n|----------|-----|-----|-----|\n| `/v1/stealth/generate` | 3ms | 5ms | 7ms |\n| `/v1/stealth/derive` | 2ms | 4ms | 6ms |\n| `/v1/commitment/create` | 1ms | 3ms | 4ms |\n| `/v1/commitment/verify` | 1ms | 2ms | 3ms |\n| `/v1/transfer/shield` | 8ms | 14ms | 18ms |\n| `/v1/viewing-key/generate` | 2ms | 4ms | 5ms |\n| `/v1/scan/payments` | 5ms | 9ms | 12ms |\n| `/v1/privacy/score` | 2ms | 4ms | 6ms |\n| `/v1/proofs/range/generate` | 3ms | 6ms | 8ms |\n\nAll operations use real cryptographic primitives (Ed25519 ECDH, Pedersen commitments, XChaCha20-Poly1305, STARK proofs). Benchmark your own: `npx tsx scripts/benchmark.ts`\n\n---\n\n## 📊 What's Real vs. What's Preview\n\nJudges reward transparency. Here's exactly what's production-grade and what's interface-ready with mock backends:\n\n| Feature | Status | Details |\n|---------|--------|---------|\n| Stealth addresses (17 chains) | ✅ **Production** | Ed25519 + secp256k1 via `@noble/curves` |\n| Pedersen commitments | ✅ **Production** | Homomorphic add/subtract/verify |\n| Viewing keys + hierarchy | ✅ **Production** | XChaCha20-Poly1305, BIP32 derivation |\n| Shielded transfers | ✅ **Production** | Unsigned tx building (SOL + SPL) |\n| Chain-agnostic private transfer | ✅ **Production** | Solana + EVM + NEAR dispatch |\n| Privacy scoring | ✅ **Production** | Multi-factor 0-100 analysis |\n| Anchor program | ✅ **Deployed** | `S1PMFs...` on mainnet with PDA records |\n| SunspotVerifier (Noir → Groth16) | 🔶 Roadmap | Circuit compilation + on-chain verifier (in SDK, not yet integrated) |\n| HeliusProvider | ✅ **Production** | DAS API `getAssetsByOwner` at `/v1/scan/assets` |\n| Payment scanning | ✅ **Production** | Stealth payment detection via viewing keys |\n| Governance voting | ✅ **Production** | Encrypted ballots, nullifiers, homomorphic tally |\n| Backend comparison | ✅ **Production** | Weighted scoring across 3 backends |\n| Session management | ✅ **Production** | CRUD with ownership, TTL, defaults merge |\n| Billing + quotas | ✅ **Production** | Daily quotas, subscriptions, invoices |\n| Arcium MPC | 🧪 **Preview** | Production interface, mock computation backend |\n| Inco FHE | 🧪 **Preview** | Production interface, mock encryption backend |\n| Private swap | 🧪 **Preview** | Jupiter DEX integration stubbed |\n| STARK range proofs | 🧪 **Preview** | Hash-based placeholder (real Stwo/Murkl WASM roadmapped) |\n| Jito gas abstraction | ✅ **Production** | Real Jito Block Engine JSON-RPC (dual-mode: real when configured, mock fallback) |\n\n---\n\n## 🚀 Quick Start\n\n```bash\n# Clone and install\ngit clone https://github.com/sip-protocol/sipher.git\ncd sipher\npnpm install\n\n# Start dev server\npnpm dev\n\n# Run tests (573 tests, 36 suites)\npnpm test -- --run\n\n# Type check\npnpm typecheck\n```\n\n### Core Privacy Flows\n\n**1. Generate a stealth meta-address:**\n\n```bash\ncurl -X POST http://localhost:5006/v1/stealth/generate \\\n -H \"Content-Type: application/json\" \\\n -H \"X-API-Key: your-key\" \\\n -d '{\"chain\": \"solana\"}'\n```\n\n**2. Create a Pedersen commitment (hidden amount):**\n\n```bash\ncurl -X POST http://localhost:5006/v1/commitment/create \\\n -H \"Content-Type: application/json\" \\\n -H \"X-API-Key: your-key\" \\\n -d '{\"value\": \"1000000000\"}'\n```\n\n**3. Encrypt transaction data for an auditor:**\n\n```bash\ncurl -X POST http://localhost:5006/v1/viewing-key/generate \\\n -H \"Content-Type: application/json\" \\\n -H \"X-API-Key: your-key\" \\\n -d '{\"path\": \"m/0\"}'\n```\n\n### Live Demo (no auth):\n\n```bash\ncurl https://sipher.sip-protocol.org/v1/demo | jq .\n```\n\n---\n\n## 📦 SDK Depth (@sip-protocol/sdk v0.7.4)\n\nSipher is powered by the full SIP Protocol SDK — not a thin wrapper:\n\n| Module | Description | Status |\n|--------|-------------|--------|\n| `anchor-transfer` | On-chain shielded transfers via Anchor program | ✅ Production |\n| `sunspot-verifier` | Noir → Groth16 ZK proof verification (3 proof types) | 🔶 Roadmap |\n| `privacy-adapter` | Unified orchestrator (transfer, scan, claim) | ✅ Production |\n| `stealth-scanner` | Real-time + historical payment detection | ✅ Production |\n| `providers/helius` | Helius DAS API (asset queries, metadata) | ✅ Production |\n| `kit-compat` | @solana/kit bridge (modern Solana stack) | ✅ Production |\n| `transaction-builder` | Compute budget, priority fees, versioned txs | ✅ Production |\n| `ephemeral-keys` | Secure generation, batch ops, crypto disposal | ✅ Production |\n| `rpc-client` | Retry, fallback, Tor/SOCKS5 privacy | ✅ Production |\n\n---\n\n## 🔌 API Endpoints (71 total)\n\n**Base URL:** `https://sipher.sip-protocol.org` | **Auth:** `X-API-Key` header | **Docs:** [`/docs`](https://sipher.sip-protocol.org/docs)\n\nAll responses follow: `{ success: boolean, data?: T, error?: { code, message, details? } }`\n\n| Category | Count | Endpoints | Description |\n|----------|-------|-----------|-------------|\n| **Health \u0026 Meta** | 5 | `/v1/health`, `/v1/ready`, `/v1/errors`, `/v1/demo`, `/v1/openapi.json` | Status, readiness, error catalog, live demo |\n| **Stealth** | 4 | `/v1/stealth/generate`, `/derive`, `/check`, `/generate/batch` | Multi-chain stealth addresses (17 chains) |\n| **Transfer** | 3 | `/v1/transfer/shield`, `/claim`, `/private` | Shielded SOL/SPL + chain-agnostic private transfer |\n| **Scan** | 3 | `/v1/scan/payments`, `/payments/batch`, `/assets` | Payment detection + Helius DAS asset queries |\n| **Commitment** | 5 | `/v1/commitment/create`, `/verify`, `/add`, `/subtract`, `/create/batch` | Pedersen commitments (homomorphic math) |\n| **Viewing Key** | 5 | `/v1/viewing-key/generate`, `/derive`, `/verify-hierarchy`, `/disclose`, `/decrypt` | Hierarchical compliance keys + encryption |\n| **Proofs** | 8 | `/v1/proofs/range/*`, `/funding/*`, `/validity/*`, `/fulfillment/*` | STARK range proofs + ZK proof types |\n| **Backends** | 4 | `/v1/backends`, `/:id/health`, `/select`, `/compare` | Privacy backend registry + comparison engine |\n| **C-SPL** | 3 | `/v1/cspl/wrap`, `/unwrap`, `/transfer` | Confidential SPL token operations |\n| **Arcium** | 3 | `/v1/arcium/compute`, `/compute/:id/status`, `/decrypt` | MPC computation (preview) |\n| **Inco** | 3 | `/v1/inco/encrypt`, `/compute`, `/decrypt` | FHE encryption (preview) |\n| **Swap** | 1 | `/v1/swap/private` | Jupiter DEX private swap (preview) |\n| **Sessions** | 4 | `/v1/sessions` CRUD | Agent session defaults (pro+) |\n| **Governance** | 4 | `/v1/governance/ballot/encrypt`, `/submit`, `/tally`, `/tally/:id` | Encrypted voting + homomorphic tally |\n| **Compliance** | 3 | `/v1/compliance/disclose`, `/report`, `/report/:id` | Selective disclosure + audit reports (enterprise) |\n| **Jito** | 2 | `/v1/jito/relay`, `/bundle/:id` | Gas abstraction via Jito bundles (preview) |\n| **Billing** | 6 | `/v1/billing/usage`, `/subscription`, `/subscribe`, `/invoices`, `/portal`, `/webhook` | Usage tracking + subscriptions |\n| **Admin** | 5 | `/v1/admin/keys` CRUD, `/tiers` | API key management |\n| **RPC** | 1 | `/v1/rpc/providers` | Provider configuration |\n| **Privacy** | 1 | `/v1/privacy/score` | Wallet privacy analysis (0-100) |\n\nFull interactive reference: [`/docs`](https://sipher.sip-protocol.org/docs) | OpenClaw skill: [`/skill.md`](https://sipher.sip-protocol.org/skill.md)\n\n---\n\n## 🌐 Multi-Chain Support (17 Chains)\n\nStealth address endpoints support 17 chains across 6 families with automatic curve detection:\n\n| Chain Family | Chains | Curve | Key Size |\n|-------------|--------|-------|----------|\n| **Solana** | solana | ed25519 | 32 bytes |\n| **NEAR** | near | ed25519 | 32 bytes |\n| **Move** | aptos, sui | ed25519 | 32 bytes |\n| **EVM** | ethereum, polygon, arbitrum, optimism, base | secp256k1 | 33 bytes |\n| **Cosmos** | cosmos, osmosis, injective, celestia, sei, dydx | secp256k1 | 33 bytes |\n| **Bitcoin** | bitcoin, zcash | secp256k1 | 33 bytes |\n\nAll `/stealth/*` endpoints accept a `chain` parameter (default: `solana`). The curve is auto-detected based on chain.\n\n---\n\n## 🔒 Agent Workflow\n\nComplete privacy flow from stealth address generation to auditor disclosure:\n\n```\n1. Agent generates stealth meta-address POST /v1/stealth/generate\n │\n2. Agent shares meta-address with sender (off-chain)\n │\n3. Sender derives one-time stealth address POST /v1/stealth/derive\n │\n4. Sender builds shielded transfer POST /v1/transfer/shield\n │ Returns: unsigned tx + commitment + viewing key hash\n │\n5. Sender signs + submits the unsigned transaction to Solana\n │\n6. Recipient scans for incoming payments POST /v1/scan/payments\n │\n7. Recipient claims to real wallet POST /v1/transfer/claim\n │\n8. If audit needed → selective disclosure POST /v1/viewing-key/disclose\n │\n9. Auditor decrypts with viewing key POST /v1/viewing-key/decrypt\n```\n\nEach step uses real cryptographic operations: ECDH key agreement, Pedersen commitments, XChaCha20-Poly1305 encryption, and BIP32 key derivation.\n\n---\n\n## 🏗️ Architecture\n\n```\n┌──────────────────────────────────────────────────────────────────────────┐\n│ SIPHER API │\n│ │\n│ ┌─────────────────────────────────────────────────────────────────┐ │\n│ │ Middleware Stack │ │\n│ │ Shutdown → RequestID → Helmet → CORS → RateLimit → Auth │ │\n│ │ → Metering → Timeout → JSON → Compression → Logger → Audit │ │\n│ │ → Session → [Route Handlers] → 404 → Error Handler │ │\n│ └─────────────────────────────────────────────────────────────────┘ │\n│ │\n│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │\n│ │ Stealth │ │ Commitment │ │ Viewing Key │ │ Transfer │ │\n│ │ 4 endpoints │ │ 5 endpoints │ │ 5 endpoints │ │ 3 endpoints │ │\n│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │\n│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │\n│ │ Proofs │ │ Governance │ │ Compliance │ │ Sessions │ │\n│ │ 8 endpoints │ │ 4 endpoints │ │ 3 endpoints │ │ 4 endpoints │ │\n│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │\n│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │\n│ │ Backends │ │ Arcium MPC │ │ Inco FHE │ │ Billing │ │\n│ │ 4 endpoints │ │ 3 endpoints │ │ 3 endpoints │ │ 6 endpoints │ │\n│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │\n│ │\n└────────────────────────────┬─────────────────────────────────────────────┘\n │\n ┌──────────────┼──────────────┐\n ▼ ▼ ▼\n ┌──────────────┐ ┌──────────────┐ ┌──────────────┐\n │ Redis │ │ @sip-protocol│ │ Solana │\n │ (cache, │ │ /sdk │ │ Mainnet │\n │ rate limit, │ │ v0.7.4 │ │ │\n │ idempotency)│ │ │ │ Program: │\n │ │ │ • Stealth │ │ S1PMFs...9at │\n │ Optional — │ │ • Pedersen │ │ │\n │ falls back │ │ • XChaCha20 │ │ Config PDA: │\n │ to in-memory│ │ • BIP32 │ │ BVawZk...wZ │\n └──────────────┘ │ • Anchor │ │ │\n │ • 17 chains │ │ │\n │ • 17 chains │ │ Helius DAS │\n └──────────────┘ └──────────────┘\n```\n\n### Middleware Stack (execution order)\n\n```\n1. shutdownMiddleware → Reject during graceful shutdown\n2. requestIdMiddleware → Generate/preserve X-Request-ID\n3. helmet() → Security headers (CSP, HSTS)\n4. secureCors → Dynamic CORS\n5. rateLimiter → Tiered rate limiting (memory-backed)\n6. authenticate → X-API-Key / Bearer token\n7. meteringMiddleware → Daily quota check + usage tracking\n8. timeoutMiddleware → Per-endpoint timeouts (15-90s)\n9. express.json() → Parse JSON (1MB limit)\n10. compression() → Gzip\n11. requestLogger → pino-http request/response logging\n12. auditLog → Structured audit log with field redaction\n13. sessionMiddleware → Merge X-Session-Id defaults\n14. [route handlers] → API routes\n15. notFoundHandler → 404 catch-all\n16. errorHandler → Global error handler (ErrorCode enum)\n```\n\n---\n\n## 📚 Client SDKs\n\nAuto-generated from the OpenAPI 3.1 specification. TypeScript SDK published to npm:\n\n```bash\nnpm install @sip-protocol/sipher-client\n```\n\n| Language | Package / Directory | Transport | Generated By |\n|----------|-------------------|-----------|-------------|\n| **TypeScript** | [`@sip-protocol/sipher-client`](https://www.npmjs.com/package/@sip-protocol/sipher-client) | `fetch` | openapi-generator (typescript-fetch) |\n| **Python** | `sdks/python` | `urllib3` | openapi-generator (python) |\n| **Rust** | `sdks/rust` | `reqwest` | openapi-generator (rust) |\n| **Go** | `sdks/go` | `net/http` | openapi-generator (go) |\n\n```bash\n# Regenerate all SDKs\npnpm sdks:generate\n```\n\nCI workflow auto-regenerates SDKs on spec changes (`.github/workflows/generate-sdks.yml`).\n\n---\n\n## 🧪 Test Suite (573 tests, 36 suites)\n\n| Test File | Tests | What It Covers |\n|-----------|-------|----------------|\n| `health.test.ts` | 13 | Health, ready, root, skill, 404, request ID, program metadata |\n| `stealth.test.ts` | 10 | Generate, derive, check (ed25519 + secp256k1) |\n| `commitment.test.ts` | 16 | Create, verify, add, subtract, batch |\n| `transfer-shield.test.ts` | 12 | Shielded transfer building |\n| `transfer-claim.test.ts` | 8 | Stealth key derivation + claim |\n| `scan.test.ts` | 12 | Payment scanning + batch |\n| `scan-assets.test.ts` | 12 | Helius DAS asset queries + fallback |\n| `viewing-key.test.ts` | 10 | Generate, disclose, decrypt |\n| `viewing-key-hierarchy.test.ts` | 11 | BIP32 derive, verify, multi-level |\n| `middleware.test.ts` | 5 | Auth, CORS, rate limiting |\n| `error-codes.test.ts` | 10 | Enum, catalog, error-handler integration |\n| `openapi.test.ts` | 6 | Spec validity, paths, auth, tags |\n| `audit-log.test.ts` | 8 | Redaction, integration |\n| `idempotency.test.ts` | 8 | Cache, replay, validation |\n| `batch.test.ts` | 15 | Stealth, commitment, scan batch ops |\n| `privacy-score.test.ts` | 10 | Scoring, factors, validation |\n| `rpc-provider.test.ts` | 14 | Factory, providers, masking, endpoint |\n| `private-transfer.test.ts` | 25 | Solana/EVM/NEAR, validation, idempotency |\n| `range-proof.test.ts` | 18 | Generate, verify, M31 math, edge cases |\n| `backends.test.ts` | 17 | List, health, select, edge cases |\n| `arcium.test.ts` | 18 | Compute, status, decrypt, idempotency |\n| `inco.test.ts` | 20 | Encrypt, compute, decrypt, E2E |\n| `private-swap.test.ts` | 20 | Happy path, validation, idempotency |\n| `backend-comparison.test.ts` | 23 | Scoring, prioritize, cache, edge cases |\n| `session.test.ts` | 28 | CRUD, middleware merge, tier gating |\n| `governance.test.ts` | 24 | Encrypt, submit, tally, double-vote, E2E |\n| `compliance.test.ts` | 23 | Disclose, report, tier gating, auditor verify |\n| `jito.test.ts` | 25 | Relay, bundle status, tier gating, state machine, real mode |\n| `billing.test.ts` | 31 | Usage, quotas, metering, subscriptions, webhooks |\n| `demo.test.ts` | 12 | Live demo (25 steps, all crypto, no auth) |\n| *+ 6 more* | 67 | C-SPL, proofs, admin, OpenAPI |\n\n```bash\npnpm test -- --run\n```\n\n---\n\n## 🛠️ Tech Stack\n\n| Layer | Technology |\n|-------|------------|\n| **Runtime** | Node.js 22 (LTS) |\n| **Framework** | Express 5 |\n| **Language** | TypeScript (strict mode) |\n| **Privacy SDK** | @sip-protocol/sdk v0.7.4 |\n| **Blockchain** | @solana/web3.js, @solana/spl-token |\n| **Crypto** | @noble/curves, @noble/hashes, @noble/ciphers, @scure/bip32 |\n| **Validation** | Zod v3 |\n| **Logging** | Pino v9 (structured JSON) |\n| **Cache** | Redis 7 (optional, in-memory fallback) |\n| **Testing** | Vitest + Supertest |\n| **Docs** | OpenAPI 3.1 + Swagger UI |\n| **Deploy** | Docker + GHCR + GitHub Actions |\n| **Domain** | sipher.sip-protocol.org |\n\n---\n\n## 🚢 Deployment\n\n```bash\n# Docker (with Redis)\ndocker compose up -d\n\n# Environment variables\ncp .env.example .env\n```\n\n### Environment Variables\n\n| Variable | Required | Description |\n|----------|----------|-------------|\n| `SOLANA_RPC_URL` | Yes | Solana RPC endpoint |\n| `SOLANA_RPC_URL_FALLBACK` | No | Fallback RPC (auto-switches on failure) |\n| `API_KEYS` | No | Comma-separated API keys |\n| `ADMIN_API_KEY` | No | Admin API key for key management |\n| `RPC_PROVIDER` | No | RPC provider: `helius`, `quicknode`, `triton`, `generic` |\n| `RPC_PROVIDER_API_KEY` | No | API key for premium RPC provider |\n| `REDIS_URL` | No | Redis connection URL (falls back to in-memory) |\n| `STRIPE_WEBHOOK_SECRET` | No | Stripe webhook signing secret |\n| `CORS_ORIGINS` | No | Allowed CORS origins |\n\n### Rate Limits\n\n| Tier | Requests/Hour | Daily Quota | Features |\n|------|---------------|-------------|----------|\n| Free | 100 | 1,000 ops | Basic endpoints |\n| Pro | 10,000 | 100,000 ops | All endpoints + sessions |\n| Enterprise | 100,000 | Unlimited | All endpoints + compliance + priority |\n\n---\n\n## 🗺️ Decentralization Roadmap\n\nSipher is infrastructure, not just an API. Here's the path from convenience layer to protocol:\n\n| Phase | Timeline | What | Trust Model |\n|-------|----------|------|-------------|\n| **Phase 1** (now) | Q1 2026 | Centralized REST API | Agent trusts server (stateless, key-redacting audit logs) |\n| **Phase 2** | Q2 2026 | On-chain privacy program expansion | Stealth derivation + commitment verification as CPI-able Solana instructions. Jupiter/Raydium can compose directly. |\n| **Phase 3** | Q3 2026 | Decentralized protocol | On-chain registry of stealth meta-addresses, fee accrual to protocol, network effects. REST API becomes optional convenience layer. |\n\n**Phase 2 expands the existing mainnet program** ([`S1PMFspo4W6BYKHWkHNF7kZ3fnqibEXg3LQjxepS9at`](https://solscan.io/account/S1PMFspo4W6BYKHWkHNF7kZ3fnqibEXg3LQjxepS9at)) with CPI-able instructions — any Solana program can add privacy natively, without HTTP calls.\n\n**Why start centralized?** Iteration speed. A REST API lets us battle-test the crypto, refine the agent UX, and ship 71 endpoints in 10 days. The on-chain migration preserves the same primitives (stealth addresses, Pedersen commitments, viewing keys) while removing the trust assumption.\n\n---\n\n## 📄 License\n\nMIT — see [LICENSE](LICENSE)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**Colosseum Agent Hackathon** | Agent #274\n\n*Your agent's wallet is a public diary. Sipher closes the book.*\n\n[Live Demo](https://sipher.sip-protocol.org/v1/demo) · [API Docs](https://sipher.sip-protocol.org/docs) · [Skill File](https://sipher.sip-protocol.org/skill.md) · [Report Bug](https://github.com/sip-protocol/sipher/issues)\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsip-protocol%2Fsipher","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsip-protocol%2Fsipher","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsip-protocol%2Fsipher/lists"}