Skip to content

Subkey commands: act on EVM vault operator sub-accounts#30

Merged
amayvs merged 2 commits into
mainfrom
amay/evm-vault-operator-auth
Jul 14, 2026
Merged

Subkey commands: act on EVM vault operator sub-accounts#30
amayvs merged 2 commits into
mainfrom
amay/evm-vault-operator-auth

Conversation

@amayvs

@amayvs amayvs commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds --vault-operator-address (requires --l1-key) to register-subkey, list-subkeys, get-subkey, revoke-subkey, and update-subkey-allowed-cidrs: the v2 SIWE auth targets the operator address while the message is signed by the owner's eth key, so subkey operations act on the operator's subkeys — how API traders trade an EVM-owned vault (operator_signer_type=eip191). The operator address is the vault's operator_account.
  • evm_onboard_and_auth(target_address=…) skips GET /onboarding and the onboarding POST for operator targets (operators are created by vault creation, never POST /v2/onboarding) and authenticates directly.
  • The subkey-registration payload is unchanged — account context comes from the JWT.

Testing

  • Operator-target auth flow test (no onboarding calls; operator in PARADEX-STARKNET-ACCOUNT; owner address in the SIWE message), command plumb-through test, and --vault-operator-address without --l1-key rejection.
  • Full suite: 91 passed.

Usage

paradex-cli register-subkey 0x<subkey_pubkey> --name vault-bot \
  --l1-key $PARADEX_L1_PRIVATE_KEY \
  --vault-operator-address 0x<vault operator_account> --env testnet

amayvs added 2 commits July 13, 2026 16:19
Adds --vault-operator-address (requires --l1-key) to register-subkey,
list-subkeys, get-subkey, revoke-subkey and update-subkey-allowed-cidrs:
the v2 SIWE auth targets the operator address while the message is still
signed by the owner's eth key, so subkey operations act on the operator's
subkeys — the way API traders trade an EVM-owned vault
(operator_signer_type=eip191).

evm_onboard_and_auth(target_address=...) skips GET /onboarding and the
onboarding POST for operator targets (operators are onboarded by vault
creation, never POST /v2/onboarding) and authenticates directly.
CI's rich/typer versions render BadParameter inside an ANSI panel with
box-drawing and wrapping; normalize the output before asserting so the
test passes under both plain and rich rendering.
@amayvs
amayvs merged commit 5f55f3f into main Jul 14, 2026
2 checks passed
@amayvs
amayvs deleted the amay/evm-vault-operator-auth branch July 14, 2026 22:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants