- Security (M1):
isVoteApprovednow accepts an optionalthresholdparameter (default:VOTE_THRESHOLD).executeCommandpasses the on-chain threshold from the governance header after loading registry state — private registry operators with a non-default threshold no longer see incorrect "vote passed" results from the hardcoded value. - Docs (L6): Added explanatory comments to
header_deps: []inexecute.ts,anchor.ts, andreclaim.ts. ThesinceMTP delay is enforced by CKB consensus; no scripts in this project callload_header(), soheader_depsis always empty.
- GUI fixes: Execute reducer now dispatches the correct
EXECUTEaction (previously dispatchedUPDATE_PROPOSAL, suppressing the optimistic registry update). Server-side execute marks proposal asexecutedbefore saving. Registry table rows changed from<button>to<div role="button">to fix nested interactive content (invalid HTML).SET_DATAreducer preserves initial-load meta keys (reviewWindowHours,proposerName) across polls.state.registrynull guards added throughout. - Connection state: Registry fetch failures now show an amber "Registry error" dot instead of green "Connected" — the two states were indistinguishable before.
- Proposal filters: Added missing "Approved" and "Ready to execute" filter tabs. Pubkey comparisons normalised to lowercase.
- Operator docs: Rewrote
deploy-treasury.mdxanddeploy-private-registry.mdxto explain how the treasury connects to the registry via the v3 governance header, and added dedicated "Connect the CLI / GUI / SDK" sections for private registry operators.
ckb-firewall config— new command that reads and writes~/.ckb-firewall/config.json.--proposer <name>sets the default proposer name non-interactively; running without flags shows current config and opens an interactive menu.proposeuses the saved proposer name as the prompt default and offers to save a new name on first use. A failed config write is a non-fatal warning — proposal creation continues.- GUI
TFW_METAnow includesproposerNamefrom config; the New Proposal form prefills the Proposer field accordingly. program.versionand the GUI version label now read frompackage.jsonat runtime instead of hardcoded literals.loadConfigguards against array-shaped JSON withArray.isArraycheck.saveConfigwraps FS operations in try-catch and throws a descriptive error including the file path.
- Minor
registry.rsfix (trailing-data consistency guard).
preview.jsexpanded: 20 new CODE_INDEX entries (TransactionFirewall,HashType,ScriptLike,OutPointLike,RegistryEntry,TransactionCellDep,FIREWALL_ERROR_CODES, all fourFirewallSdkErrorsubclasses,isFirewallSdkError,resolveRegistryDeps,firstActiveEntry, Rust SDKis_blacklisted,preflight_check,build_firewall_lock_args/script/spend_cell_deps,encode_governance_header).- Four new TERMS:
treasury,live cell,Merkle proof,RegistryEntry. - FILE_PATH_RE extended to include
examples/*so Location lines in example docs trigger GitHub link panels. examples/rust/src/bin/preflight_service.rs: "1 entries" → "1 entry / N entries" pluralisation fix.
- Fully keyless governance:
anchorandexecuteno longer require any private key; the treasury-lock contract authorises spends autonomously. ckb-firewall anchor— builds and submits a treasury-funded PBLK proposal anchor cell.ckb-firewall reclaim— reclaims a rejected or abandoned proposal anchor after the review window.ckb-firewall treasury-status— reports treasury pool usage and donation address.signcommand removed; signing is no longer a workflow step.inspectshows treasury pool balance and donation address.- GUI: treasury banner, sign step removed from proposal flow.
- TypeScript and Rust SDK examples scaffolded under
examples/with root README, lockfile, and helper scripts.
contracts/treasury-lock— autonomous CKB type script holding governance capacity. Args:governance_lock_type_id(32) | proposal_anchor_type_id(32). Capacity may only leave via a transaction that includes a validproposal-anchorinput.contracts/proposal-anchor— type script protecting PBLK anchor cells. Enforces PBLK payload validity on creation, treasury lock on the anchor cell, minimum relativesincedelay (MTP metric) on consumption, and capacity return to treasury.
- Witness expanded to 173 bytes (up from 141). Extra 32 bytes carry the proposal anchor type hash used by
governance-lockto verify an anchor input is present in the execute transaction. - Workflow:
propose → anchor → export/import → vote → execute.
- All bare
+onusizevalues from on-chain bytes replaced withchecked_add. treasury-lockmolecule Script offset validation inis_anchor_type_for_treasury.- Registry growth always drawn from treasury, not proposal cell surplus.
- Anchor cell locked to treasury-lock (not governance-lock).
sinceMTP metric validation: bit 63 (relative flag) checked separately; bits 62:61 must be exactly0b10via(since & 0x6000_0000_0000_0000) == 0x4000_0000_0000_0000.- Dust treasury change absorbed into fee rather than creating sub-threshold output.
- Treasury-lock script always discovered from cell deps, not from hardcoded testnet constants.
proposal-anchorargs_off + 4overflow fixed withchecked_add(PR #31 review comment#discussion_r3354905455).
- Proposal cells moved to governance-lock as their lock script; treasury key no longer required at execute time.
prehash: falsesigning fix — CLI was wrapping governance payload in SHA-256 before secp256k1; governance-lock signs the raw blake2b digest directly.sincefield encoding corrected inproposal-anchorunit tests (block-number metric → MTP).
- GOV-004 closed: vote authorisation hardened.
- NEW-004 closed: execute authorisation hardened.
- Signer layer artifacts removed; VM blocker eliminated. Proposal cells now correctly lock to governance-lock rather than the treasury key.
ckb-firewall gui— browser-based governance dashboard served over loopback. Tries port 80 (portless URLhttp://ckb-firewall.localhost), falls back to:7979. Security hardening: loopback enforcement at handler level,safeJson()XSS guard,spawn()for browser launch (no shell), path traversal guard on proposal import, body-size abort, SHA-256 integrity checks on CDN vendor scripts.- Install script shows version diff on upgrade.
- Site restructured around the Diátaxis framework: tutorials, how-to guides, reference, explanations.
- Getting-started slimmed to a tutorial entry and choose-your-path router.
- Guides section added (task-oriented how-to articles).
- Rust SDK API reference added as a formal reference entry.
- Sidebar and all internal cross-links rebuilt.
- GUI mode page added with real screenshot.
- Main README quick-start rewritten; doc table expanded.
- Bumped for GOV1 v3 compatibility.
serdefeature flag fixed (broken since v0.3.0 modularisation).
- https://www.npmjs.com/package/@ckb-firewall/cli
- Install:
npm install -g @ckb-firewall/cli
- Scaffolded
sdk/cli/as a standalone npm package (@ckb-firewall/cli) with commander, chalk, ora, cli-table3, inquirer, log-symbols, and cfonts. - Implemented eight commands covering inspect, quick-path add/remove (testnet/dev), and the full governance lifecycle:
propose,vote,proposals,sign,execute. - Governance flow: propose → 72-hour review window → validator voting (3-of-5 threshold) →
sign(collect secp256k1 recovered signatures) → on-chain execution viackb-cli. Thesigncommand produces 65-byte[r|s|recovery_bit]signatures that are stored with the proposal and included directly in the execute transaction witness — there is no separate multisig-aggregation step beyond this. Proposals are stored under~/.ckb-firewall/proposals/. signcommand: uses@noble/curvesv2format: 'recovered'to produce correct secp256k1 65-byte signatures[r(32)|s(32)|recovery_bit(1)]matching the CKB secp256k1 convention.- Hints system: each command prints 2 contextual next-step hints.
inspectandproposalsadditionally show a voting callout when open proposals are present. - Interactive UX: all commands prompt for missing arguments;
removeshows a pick-list of current registry entries. - Added
sdk/cli/README.md,sdk/cli/LICENSE(MIT), andfilesfield inpackage.jsonfor publish-ready tarball. - Updated root
README.mdCLI section with full governance flow examples. - Updated
notes/governance.mdwith CLI tooling reference and command list. - Updated
notes/internal/scripts.mdwith CLI commands section.
- Prepared
@ckb-firewall/sdkfor npm publishing: public scoped package config, package metadata, ESM build outputs, tarball validation, and type compatibility checks. - Published the canonical CKB testnet BLKL registry cell in notes/deployments/testnet.registry.json and aligned the SDK/testnet docs around caller-supplied
cellDeps. - Hardened governance tx preparation for slow indexers and wallet top-ups: capacity filtering, committed top-up polling, merged tx outputs, explicit sender selection, and safer prompt handling.
Core Implementation (Completed):
- Implemented complete firewall lock script in Rust using ckb-std
- Lock args parsing with frozen v1 layout (72 + N + M bytes)
- Registry cell dep selection with exactly-one-match rule
- Blacklist membership checking with binary search (O(log n))
- Temporary entry expiry using median time calculation
- Inner lock delegation via spawn syscall
- Comprehensive error handling (codes 5-17)
- 24 unit tests covering all major code paths
Technical Details:
- Added
Cargo.tomlwith optimized release profile - Implemented
FirewallLockArgs::parse()with layout validation - Implemented
RegistryPayload::parse()with magic/version checks - Implemented
find_registry_cell_dep()for deterministic registry selection - Implemented
get_median_time()using header_deps timestamps - Implemented
delegate_to_inner_lock()using spawn_cell - All frozen v1 error codes properly implemented
Testing:
- 24 comprehensive unit tests (all passing)
- 10
ckb-testtoolintegration tests run against the real compiled contract binary - Integration coverage includes invalid args/version/flags, missing/invalid/unsorted/ambiguous registry deps, blacklisted output lock/type args, and a non-blacklisted happy path
Documentation:
- Documented all public APIs and error codes
- Added inline documentation throughout
Remaining Work:
- Binary compilation (needs Rust + capsule environment)
- Complete integration tests with compiled binary
- Cycle profiling and optimization
- Registry type script implementation
- Production deployment testing
- Extended
ckb-testtoolintegration suite to 10 passing tests, adding:AmbiguousRegistryCellDep(17) rejection case- non-blacklisted happy-path pass case
- Added cycle profiling scaffold:
contracts/firewall-lock/CYCLE_REPORT.mdcontracts/firewall-lock/profile-cycles.sh
- Added automated happy-path cycle probe:
test_cycle_probe_happy_path_lock_onlyemitsCYCLE_PROBE_HAPPY_PATH_LOCK_ONLY=<n>test_cycle_probe_happy_path_type_onlyemitsCYCLE_PROBE_HAPPY_PATH_TYPE_ONLY=<n>test_cycle_probe_happy_path_both_checksemitsCYCLE_PROBE_HAPPY_PATH_BOTH_CHECKS=<n>test_cycle_probe_happy_path_large_registry_both_checksemitsCYCLE_PROBE_HAPPY_PATH_LARGE_REGISTRY_BOTH_CHECKS=<n>test_cycle_probe_happy_path_very_large_registry_both_checksemitsCYCLE_PROBE_HAPPY_PATH_VERY_LARGE_REGISTRY_BOTH_CHECKS=<n>profile-cycles.shruns all probes and auto-updates report
- Updated phase-status docs to reflect binary build success and integration pass rate.
- Scaffolded repository structure from
README.mdwith core folders and markdown placeholders.
- Expanded architecture, lock script spec, and governance docs with v1-ready detail.
- Expanded tests, integration scope, and scripts documentation including CLI direction.
- Expanded contract and SDK module READMEs with responsibilities and security properties.
- Frozen governance voting model to 9 active validators with one-validator-one-vote and explicit per-proposal thresholds.
- Added emergency temporary-add-only policy with 6-hour minimum vote window, 72-hour TTL, and ratification requirement.
- Switched lock spec to stable registry identity matching with exact dep uniqueness rule (zero/multiple matches fail).
- Frozen V1 lock args layout and public custom error constants starting at code 5.
- Updated remaining docs to align with stable registry identity + exactly-one dep-selection rule.
- Replaced residual outdated wording and aligned validator lifecycle policy details.
- Synced SDK/contract/script/test docs to canonical error semantics (including
AmbiguousRegistryCellDep).
- Registry identity: use CKB type script triple in lock args and SDK examples; remove redundant type-hash + args-hash pairing.
- Error codes: drop unused
RegistryIdentityMismatch; renumber public constants 9–17. - Emergency TTL: specify
expires_at+ median-time evaluation in lock spec and governance docs.
- README: normative governance tables moved to
governance/voting.md/notes/governance.mdonly. - Integration tests: local devnet as default for CI; testnet for periodic smoke.
- Module READMEs: emergency scope + registry dep-selection invariants; pinned public error codes in unit test doc.
CHANGELOGconsolidated under one date; scripts README wording tweak.notes/governance.md: split frozen lifecycle vs v2 refinement items to avoid contradictory "open decisions" list.
- Added GitHub Actions workflow
.github/workflows/tests.ymlto run firewall lock unit tests, build the RISC-V release binary, and run integration tests on push/PR.
- Added defensive registry entry-count bound check before
Vec::with_capacityallocation in registry parser. - Optimized registry dep scanning to avoid loading full dep cell data when only type-script identity matching is needed.
- Built
contracts/firewall-lockRISC-V release binary (firewall-lock) successfully (23K). - Ran firewall lock unit tests (24/24 passing).
- Ran
ckb-testtoolintegration tests intests/unit(27/27 passing: 15 firewall + 12 blacklist-registry). - Recorded happy-path cycle probe results in
contracts/firewall-lock/CYCLE_REPORT.mdviaprofile-cycles.sh. - Fixed
contracts/firewall-lock/profile-cycles.shreport update logic to work with non-empty Notes column.
- Implemented
contracts/blacklist-registrytype script contract:- Enforces exactly-one input/output registry cell topology for updates
- Enforces
BLKLv1 registry payload invariants (magic, version, sorted entries) - Enforces governance authorization via a configured governance lock script identity encoded in type args
- Binds update transactions to a governance context witness payload (
GOV1v1) committed by sighash-all locks
- Added
ckb-testtoolintegration tests:tests/unit/tests/blacklist_registry_tests.rs(12 tests passing)- Wired into
tests/unit/Cargo.toml
- Added hashing dependency for tests (
blake2b-ref) and aligned personalization with CKB default hash
- Upgraded
contracts/blacklist-registryto strict in-script governance verification:- Added fixed 5-signer secp256k1 pubkey set in contract code.
- Extended
GOV1witness layout withsigner_countand repeated{signer_index, signature[65]}entries. - Added digest binding
blake2b(proposal_id_hash || vote_digest_hash || old_root || new_root). - Enforced 3-of-5 signer threshold with signer index bounds + duplicate checks + signature verification.
- Extended integration coverage:
tests/unit/tests/blacklist_registry_tests.rsnow signs governance payloads with deterministic keys and validates strict signature paths (12 passing tests, including bootstrap and stricter signer failure paths).
- Applied PR #3 documentation consistency fixes:
- Unified firewall binary naming to
firewall-lockin build notes/snippets. - Removed developer-specific absolute paths in setup docs.
- Aligned capsule-free build instructions (
cargo build --release --target=...) with current workflow.
- Unified firewall binary naming to
- Completed strict mode-2 governance drill recording and validation:
tests/integration/governance_drill/latest.jsontests/integration/governance_drill/mode2_signer_state.json
- Refreshed phase3 verification and closeout artifacts via:
scripts/phase3_verify.shscripts/phase3_closeout_check.sh
- Confirmed closeout gates pass for:
- contract builds and tests
- cycle report refresh
- governance drill evidence integrity
- runbook/template completeness
- Added chain-backed evidence gate and closeout hook:
scripts/phase4_governance_evidence_check.shscripts/phase4_governance_tx_status.sh
- Added one-command live autorun flow:
scripts/phase4_governance_autorun_live.sh
- Added auto tx-file mode and scenario tx preparation:
scripts/phase4_prepare_tx_files.shscripts/phase4_submit_tx.sh
- Hardened execution reliability:
- auto-prepare missing tx files
- auto-topup when lock-only input inventory is low
- atomic write/recovery for prepared tx files
- forced full refresh of scenario tx inputs before execution
- idempotent replay behavior with rerun for unknown/non-resolvable hashes
- Removed atomic runtime instruction path from on-chain
blacklist-registry:- rewrote critical decode/load paths to raw syscall/manual parsing where needed
- avoided runtime paths that emitted unsupported LR/SC/AMO instructions in CKB VM
- Added VM compatibility preflight:
scripts/check_registry_vm_compat.sh- integrated into live autorun and deploy hardening checks
- Fixed live bootstrap witness-root mismatch by rewriting GOV1 roots from generated tx payload during tx preparation.
- Completed end-to-end chain-backed live autorun successfully:
- all four governance scenarios executed/re-recorded with chain-resolvable tx hashes
- chain status artifact produced:
tests/integration/governance_drill/chain_status_latest.json
- final evidence gate passed:
scripts/phase4_governance_evidence_check.sh
- Enforced chain-backed governance evidence on
mainand PRs tomain:REAL_GOV_EVIDENCE_REQUIRED=1inphase3_closeout_check.shCI step; pinnedckb-cliviascripts/ci/install_ckb_cli.shin.github/workflows/tests.yml. - Hardened
phase4_governance_tx_status.shto poll untilcommittedorrejected; closeout requires allchain_status_latest.jsonscenarioscommittedwhen Phase 4 gate is on. - Refreshed
tests/integration/governance_drill/chain_status_latest.jsonagainst testnet. - Added Phase 4 milestone artifacts under
phase4_artifacts/, ADRnotes/internal/phase4/adr/ADR-Phase4-Governance-Verification.md, runbooknotes/internal/phase4/runbooks/governance-drill-live-execution.md, Phase 4 security tracker, go/no-go record, andnotes/internal/phase4/verification-status.mdlinked from the verification matrix. - Added
contracts/blacklist-registry/CYCLE_REPORT.mdfor registry governance cycle posture. - Updated
scripts/README.md,notes/governance.md, and governance incident playbook cross-links.
- Mark
scripts/ci/install_ckb_cli.shexecutable in git; invoke installer withbashin.github/workflows/tests.yml. - Run blocking Phase 3 closeout only after prior steps succeed (
success()), so a failed install does not surface as a false governance-evidence failure. - Added
deploy/to.gitignorefor local deployment and chain-run outputs.
- Added
curl --retryand--connect-timeouttoscripts/ci/install_ckb_cli.shfor transient download failures. - Replaced
id.len() as u8withu8::try_frominfirewall_lock_tests.rsregistry payload helpers to avoid silent truncation.
- Added median-time /
header_depVM tests for temporary blacklist expiry vs active paths and even-count median. - Added inner-lock spawn coverage: missing inner cell dep (error 13) and
always_failurefixture inner lock (error 15). - Added 256-entry registry stress happy-path test; fixture
tests/unit/fixtures/always_failure_lockwith README attribution. - Extended
build_tx_with_firewall_lockto attachheader_deps;insert_test_headershelper for ckb-testtool.
- Added permutation, nine-header median grid, no-header zero-median, duplicate-timestamp boundary, and single-header median VM tests (
firewall_lock_tests.rs). - Expanded
tests/unit/fixtures/README.mdwith third-party testdata explanation. - Documented SHA-256 and byte size for
always_failure_lockintests/unit/fixtures/README.md(matchesckb-script0.118.0testdata/always_failure). - Added explicit "Replacing this fixture" checklist to
tests/unit/fixtures/README.md(update size, SHA-256,ckb-scriptversion line, run tests, changelog).
- Added ESM build (
tsconfig.build.json,dist/),package.jsonexports,types,files, MITLICENSE, repository metadata, andengines(Node >=20). - Tightened compiler options (
noUncheckedIndexedAccess,exactOptionalPropertyTypes,useUnknownInCatchVariables). - Introduced typed
FirewallSdkErrorsubclasses and a discriminatedFirewallDecisionunion with literal failure reasons. - CI: build, tarball checks for
dist/index.jsanddist/index.d.ts, Node ESM smoke import,@arethetypeswrong/cliwith--profile esm-only. - Documented npm install, Node 20+, and ESM-only usage in README files.
- Simplified root README TypeScript section (install-first, no publish-metadata framing); aligned
sdk/typescript/README.mdmodule/types section.
- Renamed
docs/tonotes/and updated scripts, SDK READMEs, tests, and cross-links to the new path.
- Added Astro Starlight site with sidebar topics (Getting Started, Concepts, Reference, Operations), Rapide theme, and topic schema for section landing pages.
- Published reader-facing guides aligned to v1 testnet contracts, fixtures, SDK, and CLI behavior, including Why this exists and MDX pages for integration walkthroughs.
- Moved prior internal markdown under
notes/sodocs/is reserved for the public site; updated repository links and phase-3 scripts accordingly.
-
Favicon and apple-touch icon generated from project logo; Starlight
faviconconfigured. -
Removed GitHub Pages deployment workflow,
docs/public/CNAME, and Pages setup docs.
- Added
INVALID_TYPE_ID = 27to theblacklist-registryerror module. Previously, type ID mismatch branches were reusingINVALID_TYPE_ARGS_LAYOUT (20), making it impossible to distinguish the two failure modes. Both the bootstrap and update paths now return27on type ID mismatch. Code26was skipped when assigning this number.
- Multi-registry support:
FirewallConfig.registriesreplaces singleregistryScript; each entry is aRegistrySpecLikewithcodeHash,hashType,typeIdValue, andrequiredflag. - Registry dep matching now uses
typeIdValue(bytes 34–66 of the 66-byte v2 type args) — survives governance-lock upgrades without reconfiguration. preflightCheckaccepts an array of pre-fetchedRegistryPayloadobjects and an explicitnowSecsparameter for time-based expiry evaluation.fetchRegistryPayload(rpcUrl, txHash, index)added as a convenience RPC helper.- Dropped BLKL v1 support — only BLKL v2 payloads accepted, matching the on-chain contracts.
- GOV1 witness version bumped to v3; v2 no longer accepted by the
blacklist-registrytype script.
- Updated to use
FirewallConfig.registriesAPI throughout governance and inspect commands. inspectcommand now printstypeIdValuealongside registry entries.checkcommand accepts--registry-type-idflag as an alternative to a full registry spec.- Added
exportandimportsubcommands for sharing proposal JSON between governance participants. - Fixed signing preimage to include
oldRoot,newRoot, andreviewWindowEndMs(5-field 136-byte preimage).
- Modular rewrite: flat
lib.rssplit intoerrors,types,registry,builder,firewall, andtestnetmodules. All public symbols re-exported from the crate root for ergonomicuse. - Multi-registry:
FirewallConfig { registries: Vec<RegistrySpec> }.RegistrySpecidentifies a registry cell dep bycode_hash,hash_type, andtype_id_value(bytes 34–66 of the 66-byte v2 registry type args) — survives governance-lock upgrades. Required/optional flag per spec. check_transaction(cfg, tx, now_secs): full pre-flight against live cell deps in anUnsignedTxLike.preflight_check(outputs, payloads, now_secs): check against already-parsedRegistryPayloadslices.is_blacklisted(target, payloads, now_secs): point check, returnsbool.parse_registry_payload(data): now public; BLKL v2 only (v1 hard-rejected, matching the contract and TypeScript SDK).encode_registry_payload(payload)andencode_governance_header(gh): public encoding helpers.encode_registry_payloadreturnsResultand validates identifier length ≤ 255 before encoding.- Builder module:
build_firewall_lock_args(config),build_firewall_lock_script(config),build_firewall_spend_cell_deps(config)— encode the v2FirewallLockArgsbyte layout and assemble cell deps for spending firewall-protected cells. error_codesmodule: all 13 on-chain codes (5–17) aspub const i8, names matching the frozen v1 contract mapping (InvalidArgsLayout=5,UnsupportedVersion=6,UnsupportedFlags=7,MissingRegistryCellDep=8…MissingInnerLockCellDep=13,InvalidInnerLockScript=14,InnerLockRejected=15,OutputScriptParseFailed=16,AmbiguousRegistryCellDep=17).FirewallErrorimplementsDisplayandstd::error::Error.- Optional
serdefeature: derivesSerialize/Deserializeon all public types. - Optional
testnetfeature: exposestestnetmodule withRPC_URL, governance constants, and placeholder contract outpoints. - Dep-matching uses exact 66-byte type args length (not
>= 66), matching the on-chain resolver. parse_entriesbounds-checks entry count against remaining buffer beforeVec::with_capacityto prevent OOM on malicious input.- Governance header parsing bounded within
[offset, offset + gov_len)so a malformedgov_header_lencannot read into the entry section. - 20+ unit tests; new
error_code_values_match_contracttest pins all 13 constants against the contract source. - Crate metadata:
description,repository,keywords,categoriesfor crates.io publication.
- All "GOV1 v2" references updated to "GOV1 v3" across architecture, blacklist-registry, and governance pages; GOV1 v2 is no longer accepted by the on-chain contracts.
- Signing preimage corrected to the 5-field 136-byte blake2b preimage (
proposalIdHash || voteDigestHash || oldRoot || newRoot || reviewWindowEndMs) in two locations. rust-sdk.mdrewritten from a "coming soon" stub to full v0.3.0 API reference covering all public functions, feature flags, and error codes.- Overview page Rust tab updated from placeholder to a working
check_transactionsnippet. - CHANGELOG entries added for
@ckb-firewall/sdkv0.3.2,@ckb-firewall/cliv0.2.3, andckb-transaction-firewall-sdkv0.3.0. - Stale JSON key names in testnet deployment notes fixed (
registryScript→registrySpec,blacklistRegistryTypeScriptDeployOutPoint→blacklistRegistryDeployOutPoint). - Governance-lock tx hash suffix in testnet-deployment page corrected.
- Glossary page added under Reference: 37 terms covering binary formats (BLKL, GOV1, FirewallLockArgs), contracts, architecture concepts, SDK types, and governance vocabulary.
- Interactive preview system: all docs pages now auto-mark the first occurrence of each glossary term with a dotted underline. Hovering (desktop) shows a definition popover; tapping (mobile) shows a bottom sheet. Extended to inline
<code>symbols (TypeScript SDK types/functions, Rust SDK types, contract entry points) which show actual source snippets on hover/tap. File-path references show a file-location panel. Self-contained TypeScript and Rust syntax highlighter with no CDN dependency.
- Bump
@ckb-firewall/clito 0.1.2 and@ckb-firewall/sdkto 0.2.5. - Add npm package links to Starlight getting-started and CLI reference pages.