Skip to content

feat(plugin): auctionlog — privacy-preserving audit trails via HCS#1471

Open
atharvalade wants to merge 3 commits intohiero-ledger:mainfrom
atharvalade:feat/auctionlog-plugin
Open

feat(plugin): auctionlog — privacy-preserving audit trails via HCS#1471
atharvalade wants to merge 3 commits intohiero-ledger:mainfrom
atharvalade:feat/auctionlog-plugin

Conversation

@atharvalade
Copy link

@atharvalade atharvalade commented Feb 21, 2026

Summary

New auctionlog plugin that publishes cryptographic commitment hashes to Hedera Consensus Service (HCS) topics, enabling tamper-evident public audit trails for auction and procurement workflows — without revealing any business-sensitive data.

Resolves #1194 (ETHDenver 2026 — Build the Best Hiero CLI Plugin)

What it does

At each critical stage of an auction (created → bidding-open → bidding-closed → awarded → settled → disputed), the plugin publishes a commitment hash to an HCS topic:

SHA-256({ auctionId, stage, cantonRef, adiTx, timestamp, nonce })

Anyone can verify the sequence and timing of events. Nobody can reverse-engineer the hash into actual bid values, delivery terms, or party identities.

Commands

Command Description
hcli auctionlog publish Publish a commitment hash for an auction stage to HCS
hcli auctionlog verify Re-compute and validate stored commitment hashes
hcli auctionlog export Export the full audit timeline as JSON or CSV
hcli auctionlog list List all tracked auctions with stage counts

Example usage

# Publish commitments at each stage
hcli auctionlog publish --auction-id AUCTION-001 --stage created --canton-ref canton-tx-abc
hcli auctionlog publish --auction-id AUCTION-001 --stage awarded --adi-tx 0xdeadbeef

# Verify integrity
hcli auctionlog verify --auction-id AUCTION-001

# Export for compliance review
hcli auctionlog export --auction-id AUCTION-001 --type csv --file audit-report.csv

# List all tracked auctions
hcli auctionlog list

Why this is useful beyond the hackathon

The publish → verify → export pattern is generic enough for any workflow that needs a tamper-evident public timeline on Hedera:

  • Procurement & RFP — prove bid timing and scoring fairness
  • Regulatory compliance — exportable JSON/CSV artifacts for audit
  • Supply chain — commitment hashes for shipment, customs, delivery milestones
  • Corporate governance — voting results, board resolutions, compliance checkpoints
  • Multi-party agreements — prove sequence of approvals without exposing terms

Architecture fit

  • Follows the exact Hiero CLI plugin architecture (manifest-driven, stateless handlers, CommandHandlerArgs injection)
  • Uses api.topic.createTopic() and api.topic.submitMessage() for HCS operations
  • State persisted under auctionlog-data namespace via api.state
  • Zod input/output schemas + Handlebars human templates — same pattern as topic, account, token plugins
  • CommandExecutionResult return type on all handlers

Testing

14 unit tests across all 4 commands, using the same makeArgs/makeLogger test helpers from @/__tests__/mocks/mocks:

auctionlog publish  — 6 tests (success, topic creation, reuse, invalid stage, missing ID, topic failure)
auctionlog verify   — 3 tests (valid hash, tampered hash, missing audit log)
auctionlog export   — 3 tests (JSON export, CSV export, no entries)
auctionlog list     — 2 tests (populated list, empty list)

All pass with npx jest --testPathPatterns="auctionlog" and npx tsc --noEmit is clean.

Files changed

  • New: src/plugins/auctionlog/ — 24 files (manifest, types, index, 4 commands with handler/input/output/index each, README, 4 test files)
  • Modified: src/core/shared/config/cli-options.ts — 2 lines added (import + array entry)

Documentation

Full plugin README at src/plugins/auctionlog/README.md with:

  • Architecture overview
  • All commands with flags, examples, and expected output
  • Privacy guarantee explanation
  • State management details
  • Core API integration table
  • Test summary

@atharvalade atharvalade requested a review from a team as a code owner February 21, 2026 12:03
@atharvalade
feat(plugin): add auctionlog plugin for privacy-preserving audit trails
ca92b81 
Adds a new 'auctionlog' plugin that publishes cryptographic commitment
hashes to Hedera Consensus Service (HCS) topics. This enables tamper-
evident public audit trails for auction workflows without revealing any
business-sensitive data like bid values, delivery terms, or identities.

Commands:
  - publish: publish a commitment hash for an auction stage to HCS
  - verify: re-compute and validate stored commitment hashes
  - export: export the full audit timeline as JSON or CSV
  - list: list all tracked auctions with stage counts

The commitment is SHA-256(auctionId, stage, cantonRef, adiTx, timestamp,
nonce). Only the hash and stage are published publicly — the preimage
fields stay local. Anyone can verify timing and ordering; nobody can
reverse-engineer the business data.

Includes:
  - Zod input/output schemas with strict validation
  - Handlebars templates for human-readable CLI output
  - State persistence under 'auctionlog-data' namespace
  - 14 unit tests across all 4 commands
  - Plugin README with usage examples and expected output

Resolves hiero-ledger#1194

Signed-off-by: atharvalade <atharvalade@users.noreply.github.com>
@atharvalade
feat(cli-options): register auctionlog plugin in default plugin state
0f25103 
Import and add auctionlogPluginManifest to DEFAULT_PLUGIN_STATE so the
auctionlog commands are available out of the box.

Part of hiero-ledger#1194

Signed-off-by: atharvalade <atharvalade@users.noreply.github.com>
@atharvalade atharvalade force-pushed the feat/auctionlog-plugin branch from 23e7cb1 to 0f25103 Compare February 21, 2026 12:08
@atharvalade atharvalade requested a review from a team as a code owner February 21, 2026 18:23
@atharvalade
feat(auctionlog): harden plugin with on-chain verification, stage ord…
6e99f72 
…ering, secure nonces, and redact mode

- Replace insecure Math.random() nonce with crypto.randomBytes(16)
- Add two-layer verification: local SHA-256 + on-chain mirror node (api.mirror)
- Enforce chronological stage ordering; reject duplicate stage publications
- Allow 'disputed' at any time after auction creation
- Replace Canton/ADI-specific fields with generic 'metadata' field
- Add --on-chain flag to verify command (fetches HCS messages via mirror node)
- Add --redact flag to export command (strips nonces/metadata for safe sharing)
- Fix CSV export with proper field escaping for commas/quotes/newlines
- Harden file write error handling in export (validate dir exists, catch errors)
- Fix keccak256 naming inconsistency — consistently document as SHA-256
- Use shared makeArgs/makeLogger test helpers in all test files
- Expand test suite from 14 to 25 tests (new: stage ordering, on-chain verify,
  redact mode, mirror failure graceful degradation, hash determinism)
- Update Zod schemas, Handlebars templates, and README to reflect all changes
- TypeScript: npx tsc --noEmit is clean; all 25 tests pass

Signed-off-by: Atharva Lade <ladeatharva@gmail.com>
@atharvalade atharvalade force-pushed the feat/auctionlog-plugin branch from ea25f78 to 6e99f72 Compare February 21, 2026 18:24
@devmab devmab added this to Hiero CLI Feb 26, 2026
@devmab devmab moved this to In Progress in Hiero CLI Feb 26, 2026
@devmab devmab moved this from In Progress to Backlog in Hiero CLI Mar 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeromy-cannon jeromy-cannon Awaiting requested review from jeromy-cannon jeromy-cannon is a code owner automatically assigned from hiero-ledger/github-maintainers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Hiero CLI
Status: Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bounty: Build the Best Hiero CLI Plugin (Open Track)

1 participant

@atharvalade