Ika Cli

v1.0.2

Guide for using the Ika CLI tool for dWallet operations, validator management, system deployment, and network administration. Use when performing CLI-based d...

⭐ 0· 152·0 current·0 all-time

byOmer Sadika@omersadika

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for omersadika/ika-cli.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Ika Cli" (omersadika/ika-cli) from ClawHub.
Skill page: https://clawhub.ai/omersadika/ika-cli
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: ika, sui
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ika-cli

ClawHub CLI

Package manager switcher

npx clawhub@latest install ika-cli

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description match the runtime instructions and required binaries. The skill documents usage of the `ika` CLI for dWallet and validator operations and explicitly requires the `ika` and `sui` CLIs — both are expected for the stated functionality.

✓

Instruction Scope

SKILL.md is a command reference and examples for running `ika` and mentions deriving encryption keys from the Sui keystore, reading secret-share files, seed files, and optional config paths. These actions are directly related to dWallet operations; there is no instruction to read unrelated system files, exfiltrate data to external endpoints, or perform actions outside the stated domain.

✓

Install Mechanism

This is instruction-only (no install spec). The README suggests installing via Homebrew, GitHub releases, or building from source — all standard install guidance. There is no embedded download-and-extract install script in the skill itself.

✓

Credentials

The skill declares no required environment variables. It does rely on access to local artifacts (Sui keystore, secret-share files, optional config paths) which is proportionate to a CLI that performs signing/key operations. No unrelated credentials or config paths are requested.

✓

Persistence & Privilege

always:false and no install steps mean the skill does not request permanent elevated presence. It does not modify other skills or system-wide config per the provided content.

Assessment

This skill is a documentation/usage guide for the Ika CLI and appears internally consistent. Before using it: 1) Only install/use an ika binary you obtained from the official project (verify GitHub release checksums or build from source) because the CLI will access local secrets. 2) Be aware that the commands will read your Sui keystore, seed/secret-share files, and may submit transactions — only run them on a machine where those secrets are intended to be used. 3) When invoking the agent with this skill, review any auto-run commands (the agent can call the CLI) before allowing them; don’t supply secret files or keys to untrusted third parties. 4) If you need extra assurance, audit the actual ika binary you install (source/build provenance) and confirm Sui CLI is the official release.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis

Binsika, sui

latestvk97f8znhcmkk7hv4277rqj5db183kdnj

152downloads

0stars

2versions

Updated 1mo ago

v1.0.2

MIT-0

Ika CLI

Command-line interface for the Ika decentralized MPC signing network on Sui.

References (detailed command reference and JSON schemas)

references/commands.md - Full command reference with all flags, arguments, and examples
references/json-output.md - JSON output schemas for --json flag on every command

Install

# Via Homebrew (macOS/Linux)
brew install ika-xyz/tap/ika

# Or download pre-built binary from GitHub Releases
# https://github.com/dwallet-labs/ika/releases
# Available for: linux-x64, linux-arm64, macos-x64, macos-arm64, windows-x64

# Or build from source
cargo build --release -p ika

Requires: Sui CLI (sui keytool for key management)

Global Flags

All commands support these flags:

Flag	Description
`--json`	Output results as JSON (machine-parseable). Errors also output as JSON.
`--client.config <PATH>`	Custom Sui client config path
`--ika-config <PATH>`	Custom Ika network config path (default for all dwallet subcommands)
`--gas-budget <MIST>`	Override default gas budget (default for all dwallet subcommands)
`-y, --yes`	Skip confirmation prompts
`-q, --quiet`	Suppress human-readable output (JSON still printed with `--json -q`)

Command Overview

ika
├── start                      # Start local Ika network
├── network                    # Network info and addresses
├── dwallet                    # dWallet operations
│   ├── create                 # Create dWallet via DKG
│   ├── sign                   # Request signature
│   ├── future-sign            # Conditional/future signing
│   │   ├── create             # Create partial user signature
│   │   └── fulfill            # Complete future sign
│   ├── presign                # Request presign (batch up to 20)
│   ├── global-presign         # Global presign with network key
│   ├── import                 # Import external key as dWallet
│   ├── register-encryption-key
│   ├── get-encryption-key
│   ├── verify-presign
│   ├── get                    # Query dWallet info
│   ├── list                   # List owned dWallet capabilities
│   ├── list-presigns          # List presign caps by status/curve
│   ├── public-key             # Extract signing public key
│   ├── decrypt                # Decrypt on-chain encrypted share
│   ├── epoch                  # Query current network epoch
│   ├── pricing                # Current pricing info
│   ├── generate-keypair       # Offline keypair generation
│   └── share                  # User share management
│       ├── make-public
│       ├── re-encrypt
│       └── accept
├── config                     # Configuration management
│   ├── init                   # Fetch addresses + create Sui envs
│   ├── add-env                # Add env from local ika_config.json
│   ├── sync                   # Re-fetch latest contract addresses
│   └── show                   # Show current config
├── validator                  # Validator operations (30+ subcommands)
├── protocol                   # Protocol governance (feature-gated)
└── completion                 # Shell completions (bash/zsh/fish)

Curves, Algorithms, and Hash Schemes

Commands accept named values (not numeric IDs):

Parameter	Accepted values
`--curve`	`secp256k1`, `secp256r1`, `ed25519`, `ristretto`
`--signature-algorithm`	`ecdsa`, `taproot`, `eddsa`, `schnorrkel`
`--hash-scheme`	`keccak256`, `sha256`, `double-sha256`, `sha512`, `merlin`

Quick Start

Create a dWallet

# Register encryption key first (derives from active Sui address by default)
ika dwallet register-encryption-key --curve secp256k1

# Create a secp256k1 dWallet (IKA/SUI coins auto-detected from wallet)
ika dwallet create \
  --curve secp256k1 \
  --output-secret ./my_dwallet_secret.bin
# Output: dWallet ID, Cap ID, Public Key

# Sign a message
ika dwallet sign \
  --dwallet-cap-id <CAP_ID> \
  --dwallet-id <DWALLET_ID> \
  --message <HEX_MESSAGE> \
  --signature-algorithm ecdsa \
  --hash-scheme keccak256 \
  --secret-share ./my_dwallet_secret.bin \
  --presign-cap-id <PRESIGN_CAP_ID> \
  --wait

Secret Share Handling

The secret share can be provided in three ways (in priority order):

--secret-share <file> — read from a local file
--secret-share-hex <hex> — pass directly as hex
Omit both — the CLI derives the decryption key from your Sui keystore (seed args), fetches the encrypted share from chain, and decrypts it. Requires --dwallet-id.

Batch Presigns

# Create 10 presigns in a single transaction (max 20)
ika dwallet presign \
  --dwallet-id <DWALLET_ID> \
  --signature-algorithm ecdsa \
  --count 10 \
  --wait

List and Inspect

# List all owned dWallet capabilities
ika dwallet list

# List presign caps grouped by status and curve
ika dwallet list-presigns

# Extract the signing public key from a dWallet
ika dwallet public-key --dwallet-id <DWALLET_ID>

# Query current network epoch
ika dwallet epoch

Future Signing (two-step)

# Step 1: Create partial user signature
ika dwallet future-sign create \
  --dwallet-id <DWALLET_ID> \
  --message <HEX_MESSAGE> \
  --hash-scheme sha256 \
  --presign-cap-id <PRESIGN_CAP_ID> \
  --signature-algorithm ecdsa \
  --secret-share ./my_secret.bin

# Step 2: Fulfill (complete the sign)
ika dwallet future-sign fulfill \
  --partial-cap-id <PARTIAL_CAP_ID> \
  --dwallet-cap-id <DWALLET_CAP_ID> \
  --dwallet-id <DWALLET_ID> \
  --message <HEX_MESSAGE> \
  --signature-algorithm ecdsa \
  --hash-scheme sha256 \
  --wait

Seed derivation: Encryption keys are derived stateless from the active Sui keystore address. Use --seed-file <PATH> for raw 32-byte seed, --address <ADDR> for a specific keystore address, or --encryption-key-index <N> for multiple keys per address. Pass --legacy-hash for keys registered before the V2 hash fix (only affects non-SECP256K1 curves).

Auto-detection: IKA/SUI coins are auto-detected from the active wallet. Curve, DKG output, and presign output are auto-fetched from chain when --dwallet-id and --presign-cap-id are provided.

Validator Operations

# Create validator info
ika validator make-validator-info <NAME> <DESC> <IMG_URL> <PROJECT_URL> <HOST> <GAS_PRICE> <ADDRESS>

# Become a validator candidate
ika validator become-candidate <VALIDATOR_INFO_PATH>

# Join the committee
ika validator join-committee --validator-cap-id <CAP_ID>

Key Management

Sui wallet keys are managed by sui keytool:

sui keytool generate ed25519          # Generate new keypair
sui keytool list                       # List known keys
sui keytool import <MNEMONIC>          # Import key from mnemonic

dWallet encryption keys are derived stateless from Sui keystore addresses (no local file storage). The CLI uses keccak256(keypair_bytes || index) to derive a 32-byte seed, then hashes with domain separators to produce class-groups and Ed25519 keys.

JSON Output

All commands support --json for structured output:

ika dwallet get --dwallet-id <ID> --json
ika dwallet list --json
ika dwallet list-presigns --json
ika validator get-validator-metadata --json

Comments

Loading comments...