Docs and guides for --use-wallet

pop-cli-for-appchains/guides/launch-a-chain/coretime.md

@@ -23,6 +23,9 @@ pop call chain --url <relay_endpoint>
 ◇  Enter the value for the parameter: para_id
 │  2000
 │
+◇  Do you want to use your browser wallet to sign the extrinsic? (Selecting 'No' will prompt you to manually enter the secret key URI for signing, e.g., '//Alice')
+│  No
+│
 ◇  Signer of the extrinsic:
 │  <CHAIN MANAGER ACCOUNT>
 ...
@@ -37,6 +40,11 @@ pop call chain --url <relay_endpoint>
 
 If the event `OnDemandOrderPlaced` is returned it means that your block will be validated and finalised!
 
+> Note:
+In the example above, you are prompted to provide a `<private-key>` to interact with the chain. However, this implies a potentially insecure way of handling private keys and should only be used for development accounts.
+For production accounts and enhanced security, Pop CLI offers the `--use-wallet` option to securely sign transactions. Refer to the [Securely sign transactions from CLI guide](../securely-sign-transactions-from-cli.md) for detailed instructions.
+
+
 ## Resources
 
 #### Learning Resources

pop-cli-for-appchains/guides/launch-a-chain/launch-a-chain-to-paseo.md

@@ -283,6 +283,9 @@ pop call chain --url ws://localhost:57731
 ◇  What would you like to do?
 │  Reserve a parachain ID 
 │
+◇  Do you want to use your browser wallet to sign the extrinsic? (Selecting 'No' will prompt you to manually enter the secret key URI for signing, e.g., '//Alice')
+│  No
+│
 ◇  Signer of the extrinsic:
 │  <CHAIN MANAGER ACCOUNT>
 │  
@@ -319,6 +322,9 @@ Now we register the para ID with the generated genesis state (`para-2000-genesis
 ◇  The value for `validation_code` might be too large to enter. You may enter the path to a file instead.
 │  para-2000.wasm
 │
+◇  Do you want to use your browser wallet to sign the extrinsic? (Selecting 'No' will prompt you to manually enter the secret key URI for signing, e.g., '//Alice')
+│  No
+│
 ◇  Signer of the extrinsic:
 │  <CHAIN MANAGER ACCOUNT>
 │
@@ -342,6 +348,10 @@ Your chain is now registered on Paseo and should produce a block!
 
 In order to validate and get your block finalised by the Relay chain, see [here](./coretime.md) how to acquire core time.
 
+> Note:
+In the examples above, you are prompted to provide a `<private-key>` to interact with the chain. However, this implies a potentially insecure way of handling private keys and should only be used for development accounts.
+For production accounts and enhanced security, Pop CLI offers the `--use-wallet` option to securely sign transactions. Refer to the [Securely sign transactions from CLI guide](../securely-sign-transactions-from-cli.md) for detailed instructions.
+
 ## Resources
 
 #### Learning Resources

pop-cli-for-appchains/guides/securely-sign-transactions-from-cli.md

@@ -0,0 +1,49 @@
+# Securely Sign Transactions from CLI
+Pop CLI provides an option to securely sign transactions from the CLI. It does this by opening a signing portal allowing you
+to sign the transactions using your browser extension wallet.
+
+## Example Usage
+For a full guide on calling a chain from Pop CLI, see the [Call a Chain](./call-a-chain.md) guide.
+
+Normally, you would provide `--suri=<private-key>` to interact with the chain. However, this implies a potentially insecure way of handling private keys and should only be used for development accounts.
+For production accounts and more secure signing, Pop CLI provides the `--use-wallet` option that you can use.
+
+Here is an example of calling a chain using `--use-wallet`:
+```bash
+pop call chain --pallet System --function remark --args "0x11" --url ws://localhost:9944/ --use-wallet --skip-confirm
+```
+
+This will open a signing portal in your browser. Pop CLI will display the following:
+```bash
+◇  Wallet signing portal started at http://127.0.0.1:9090.
+│
+◒  Waiting for signature... Press Ctrl+C to terminate early.
+```
+
+Your browser will open a new tab with the following screen at http://127.0.0.1:9090 (or similar if the port is already in use);
+<figure><img src="../../pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/unconnected-wallet.png" alt="" width="450"><figcaption><p>Signing Portal Initial Open</p></figcaption></figure>
+
+Click on the `Connect Wallet` button to connect your browser extension wallet.
+<figure><img src="../../pop-cli-for-smart-contracts/.gitbook/assets/use-wallet/connect-wallet.png" alt="" width="450"><figcaption><p>Connect Wallet</p></figcaption></figure>
+
+After connecting your wallet, you will have the option to choose your account and sign the transaction, and finally see the transaction details for signing.
+<figure><img src="../.gitbook/assets/use-wallet/connected-wallet.png" alt="" width="450"><figcaption><p>Transaction Details</p></figcaption></figure>
+
+Once ready to sign, pressing the `Submit` button will open your wallet for signature.
+> ⚠️ **It is important to verify transaction details in your wallet before signing.**
+
+<figure><img src="../.gitbook/assets/use-wallet/talisman-signing.png" alt="" width="450"><figcaption><p>Opened Wallet for Signing</p></figcaption></figure>
+
+Signing the transaction will show a success message in the portal. You may close the portal after signing.
+
+After the signed transaction is received, the portal will send the transaction payload to Pop CLI, which will then submit the transaction to the chain.
+
+```bash
+◆  Signed payload received.
+│
+◇  Extrinsic submitted with hash: "0x039076e2760eb1a4d41bf4daf009a0376ba128bd8c51cf365e4a5c5dee07a414"
+│
+◆  Do you want to perform another call?
+│  ○ Yes  / ● No
+└
+```

pop-cli-for-appchains/pop-cli/call.md

@@ -34,10 +34,20 @@ If you already have the `SCALE`-encoded call data and want to submit the extrins
 pop call chain --call 0x00000411 --url ws://localhost:9944/ --suri //Alice
 ```
 
-**Additional options:**
+**Wallet Signing Portal for Browser Extension Signing**  
+Pop CLI includes a `--use-wallet` option that opens a signing portal, allowing you to sign transactions using a browser extension wallet.
+This eliminates the need to provide your account's private key directly in the command line. `--suri` can not be used with `--use-wallet`.
 
+Example usage of `--use-wallet`:
+```bash
+pop call chain --call 0x00000411 --url ws://localhost:9944/ --use-wallet
 ```
+
+### Additional options:
+
+``` bash
 pop call chain --help                                                     
+
 Call a chain
 
 Usage: pop call chain [OPTIONS]
@@ -60,6 +70,9 @@ Options:
 
           e.g. - for a dev account "//Alice" - with a password "//Alice///SECRET_PASSWORD"
 
+  -w, --use-wallet
+          Use a browser extension wallet to sign the extrinsic
+
   -c, --call <call>
           SCALE encoded bytes representing the call data of the extrinsic
 
@@ -71,4 +84,5 @@ Options:
 
   -h, --help
           Print help (see a summary with '-h')
+
 ```

pop-cli-for-smart-contracts/guides/securely-sign-transactions-from-cli.md

@@ -0,0 +1,54 @@
+# Securely Sign Transactions from CLI
+Pop CLI provides an option to securely sign transactions from the CLI. It does this by opening a signing portal allowing you
+to sign the transactions using your browser extension wallet.
+
+## Example Usage: Deploying a Contract
+For a full guide on deploying a contract, see the [Deploy Your Contract Locally](./deploy-your-contract-locally.md) guide.
+
+Normally, you would provide `--suri=<private-key>` to interact with the chain. However, this implies a potentially insecure way of handling private keys and should only be used for development accounts.
+For production accounts and more secure signing, Pop CLI provides the `--use-wallet` option that you can use.
+
+Here is an example of deploying a contract using `--use-wallet`:
+```bash
+pop up contract --constructor new --args false --use-wallet
+```
+
+This will open a signing portal in your browser. Pop CLI will display the following:
+```bash
+◇  Wallet signing portal started at http://127.0.0.1:9090.
+│
+◒  Waiting for signature... Press Ctrl+C to terminate early.
+```
+
+Your browser will open a new tab with the following screen at http://127.0.0.1:9090 (or similar if the port is already in use);
+<figure><img src="../.gitbook/assets/use-wallet/unconnected-wallet.png" alt="" width="450"><figcaption><p>Signing Portal Initial Open</p></figcaption></figure>
+
+Click on the `Connect Wallet` button to connect your browser extension wallet.
+<figure><img src="../.gitbook/assets/use-wallet/connect-wallet.png" alt="" width="450"><figcaption><p>Connect Wallet</p></figcaption></figure>
+
+After connecting your wallet, you will have the option to choose your account and sign the transaction, and finally see the transaction details for signing.
+Note that for contract calls, the portal will perform a dry-run to alert you if the transaction will succeed, and also estimate the gas costs.
+<figure><img src="../.gitbook/assets/use-wallet/connected-wallet.png" alt="" width="450"><figcaption><p>Transaction Details</p></figcaption></figure>
+
+If the transaction will fail, the dry-run alert will change:
+<figure><img src="../.gitbook/assets/use-wallet/fail-dry-run.png" alt="" width="450"><figcaption><p>Failing Dry Run</p></figcaption></figure>
+
+In this case, you can expand the dry-run alert to see the error details. This example shows an error of the account not having enough funds:
+<figure><img src="../.gitbook/assets/use-wallet/expanded-dry-run-fail.png" alt="" width="450"><figcaption><p>Expanded Failing Dry Run</p></figcaption></figure>
+
+Once ready to sign, pressing the `Submit` button will open your wallet for signature.
+> ⚠️ **It is important to verify transaction details in your wallet before signing.**
+
+<figure><img src="../.gitbook/assets/use-wallet/talisman-signing.png" alt="" width="450"><figcaption><p>Opened Wallet for Signing</p></figcaption></figure>
+
+Signing the transaction will show a success message in the portal. You may close the portal after signing.
+
+After the signed transaction is received, the portal will send the transaction payload to Pop CLI, which will then submit the transaction to the chain.
+
+```bash
+◆  Signed payload received.
+│
+◇  Contract deployed and instantiated:
+● The contract address is "5F1P99TD63qZ9bnoxrK7kuzwMWuU7kKKVJJZoVKBYoVQtQeR"
+● The contract code hash is "0x9e4bbfc311f58aaffb63d7570651567d40dd76f301f601a0f0a61f3204d49e5b"
+```

pop-cli-for-smart-contracts/pop-cli/call.md

@@ -30,59 +30,73 @@ Example executing the `flip()` message:
 pop call contract -p ./my_contract --contract $INSTANTIATED_CONTRACT_ADDRESS --message flip --suri //Alice -x
 ```
 
-**Additional options:**
+**Wallet Signing Portal for Browser Extension Signing**  
+Pop CLI includes a `--use-wallet` option that opens a signing portal, allowing you to sign transactions using a browser extension wallet. 
+This eliminates the need to provide your account's private key directly in the command line. `--suri` can not be used with `--use-wallet`
 
+Example usage of `--use-wallet`:
+```bash
+pop call contract -p ./my_contract --use-wallet --contract $INSTANTIATED_CONTRACT_ADDRESS --message flip
 ```
-pop call contract --help
 
-Call a contract
+### Additional options:
+```bash
+
+``` bash
+pop call contract --help
 
-Usage: pop call contract [OPTIONS] --contract <contract> --message <MESSAGE> --suri <suri>
+Usage: pop call contract [OPTIONS]
 
 Options:
   -p, --path <PATH>
-          Path to the contract build folder
+          Path to the contract build directory or a contract artifact
 
-      --contract <contract>
+  -c, --contract <CONTRACT>
           The address of the contract to call
-          
+
           [env: CONTRACT=]
 
   -m, --message <MESSAGE>
           The name of the contract message to call
 
-      --args [<ARGS>...]
-          The constructor arguments, encoded as strings
+  -a, --args [<ARGS>...]
+          The message arguments, encoded as strings
+
+  -v, --value <VALUE>
+          The value to be transferred as part of the call
 
-      --value <value>
-          Transfers an initial balance to the instantiated contract
-
           [default: 0]
 
-      --gas <gas>
-          Maximum amount of gas to be used for this command. If not specified it will perform a dry-run to estimate the gas consumed for the instantiation
+  -g, --gas <gas>
+          Maximum amount of gas to be used for this command. If not specified it will perform a dry-run to estimate the gas consumed for the call
 
-      --proof-size <PROOF_SIZE>
+  -P, --proof-size <PROOF_SIZE>
           Maximum proof size for this command. If not specified it will perform a dry-run to estimate the proof size required
 
-      --url <url>
+  -u, --url <URL>
           Websocket endpoint of a node
-
-          [default: ws://localhost:9944]
 
-  -s, --suri <suri>
-          Secret key URI for the account deploying the contract.
-
+          [default: ws://localhost:9944/]
+
+  -s, --suri <SURI>
+          Secret key URI for the account calling the contract.
+
           e.g. - for a dev account "//Alice" - with a password "//Alice///SECRET_PASSWORD"
 
-           [default: //Alice]
+          [default: //Alice]
+
+  -w, --use-wallet
+          Use a browser extension wallet to sign the extrinsic
 
   -x, --execute
           Submit an extrinsic for on-chain execution
 
-      --dry-run
+  -D, --dry-run
           Perform a dry-run via RPC to estimate the gas usage. This does not submit a transaction
 
   -d, --dev
           Enables developer mode, bypassing certain user prompts for faster testing. Recommended for testing and local development only
+
+  -h, --help
+          Print help (see a summary with '-h')
 ```

pop-cli-for-smart-contracts/pop-cli/up.md

@@ -14,75 +14,82 @@ To deploy (upload and instantiate) a smart contract:
 pop up contract -p ./my_contract --constructor new --args "false" --suri //Alice
 ```
 
+Alternatively, you can use the `--use-wallet` option for a more secure signing method:
+```bash
+pop up contract -p ./my_contract --constructor new --args "false" --use-wallet
+```
 > ℹ️ If you don't specify a live chain, `pop` will automatically spawn a local node for testing purposes.
 
 Some of the options available are:
 
 * Specify the contract `constructor` to use, which in this example is `new()`.
 * Specify the argument (`args`) to the constructor, which in this example is `false`.
 * Specify the account uploading and instantiating the contract with `--suri`, which in this example is the default development account of `//Alice`. For other accounts, the actual secret key must be provided e.g. an 0x prefixed 64 bit hex string, or the seed phrase.
+    * Alternatively, use the `--use-wallet` option to sign transactions using a browser extension wallet. This is more secure than providing your account's private key directly in the command line. 
 
-> ⚠️ **Use only for development**: Use a safer method of signing here before using this feature with production projects. We will be looking to provide alternative solutions in the future!
+> ⚠️ **Use `--suri` only for development**: Using `--suri` should only be done with development accounts. Consider using `--use-wallet` for production accounts.
 
 * You also can specify the url of your node with `--url ws://your-endpoint`, by default it is using `ws://localhost:9944`.
 
 For more information about the options, check [cargo-contract documentation](https://github.com/paritytech/cargo-contract/blob/master/crates/extrinsics/README.md#instantiate).
 
+### Additional options:
 
-
-**Additional options:**
-
-```
+``` bash
 pop up contract --help
 
-Deploy a smart contract to a node
-
 Usage: pop up contract [OPTIONS]
 
 Options:
   -p, --path <PATH>
-          Path to the contract build folder
+          Path to the contract build directory
 
-      --constructor <constructor>
+  -c, --constructor <CONSTRUCTOR>
           The name of the contract constructor to call
 
           [default: new]
 
-      --args [<ARGS>...]
+  -a, --args [<ARGS>...]
           The constructor arguments, encoded as strings
 
-      --value <value>
+  -v, --value <VALUE>
           Transfers an initial balance to the instantiated contract
 
           [default: 0]
 
-      --gas <gas>
+  -g, --gas <gas>
           Maximum amount of gas to be used for this command. If not specified it will perform a dry-run to estimate the gas consumed for the instantiation
 
-      --proof-size <PROOF_SIZE>
+  -P, --proof-size <PROOF_SIZE>
           Maximum proof size for the instantiation. If not specified it will perform a dry-run to estimate the proof size required
 
-      --salt <SALT>
+  -S, --salt <SALT>
           A salt used in the address derivation of the new contract. Use to create multiple instances of the same contract code from the same account
 
-      --url <url>
-          Websocket endpoint of a node
+  -u, --url <URL>
+          Websocket endpoint of a chain
 
-          [default: ws://localhost:9944]
+          [default: ws://localhost:9944/]
 
-  -s, --suri <suri>
+  -s, --suri <SURI>
           Secret key URI for the account deploying the contract.
 
           e.g. - for a dev account "//Alice" - with a password "//Alice///SECRET_PASSWORD"
 
           [default: //Alice]
 
-      --dry-run
+  -w, --use-wallet
+          Use your browser wallet to sign a transaction
+
+  -D, --dry-run
           Perform a dry-run via RPC to estimate the gas usage. This does not submit a transaction
 
-  -u, --upload-only
+  -U, --upload-only
           Uploads the contract only, without instantiation
 
   -y, --skip-confirm
-          Before start a local node, do not ask the user for confirmation
+          Automatically source or update the needed binary required without prompting for confirmation
+
+  -h, --help
+          Print help (see a summary with '-h')
 ```