Skip to main content

wireClient

Initialize with initializeFromShyConfig — see the Web SDK overview for the common setup pattern.

Non-standard options for this client: { operatorMode: true } to enable mint, burn, and operator-only routes.

Provider profile

const profile = client.getProviderProfile()
// → {
// provider: "circle_usdc",
// mode: "live",
// intentPath: "/wire/intent",
// settlementAsset: "USDC",
// supportedRails: ["blockchain", "ach"],
// requiresOperatorReview: false,
// supportedNetworks: ["ethereum", "polygon"],
// backingAsset: "USDC",
// issuerName: "Oneway"
// }

Asset and supply

await client.getAsset(assetId)
await client.getSupply(assetId)
// → { minted, burned, net } — publicly auditable conservation
await client.getBalance(assetId, accountCommitment)

getSupply is public. Aggregate mint-minus-burn conservation is verifiable without the issuer's cooperation or access to the linkage store.


Issue (deposit)

Issuing wraps an external stablecoin deposit into shywire anonymous-layer units.

const { txJson, intentId } = await client.buildIssueIntent({
amount: 1000,
destinationNetwork: 'ethereum',
destinationAddress: '0xabc...',
externalReference: 'deposit-ref-xyz'
})
// → TxType (intent) — dispatched to intentPath if configured

await client.createIssueIntent(args, { dispatch: true })
// build + POST to intentPath

After the issuer confirms the external deposit, the mint transaction is committed:

List 1: (assetId, amount, "mint") — no depositor identity
List 2: depositorCommitment — no asset amount

Transfer

const { txJson, transferId, nullifier } = await client.buildTransfer({
assetId: 'usdc-shywire',
amount: 250,
senderCommitment,
recipientCommitment,
memo: 'optional off-chain reference'
})
// → TxType 4
// transferId = H(randomNonce) — direction-free public identifier
// nullifier = H(senderCommit : assetId : nonce)

await client.submitTransfer(txJson)
// or
await client.transfer({ ... }) // combined
List 1: (assetId, amount, recipientHash) — no sender identity
List 2: senderCommitment — no amount, no recipient

Neither record alone reveals the sender, amount, or counterparty. An observer sees that a transfer event occurred and the aggregate supply is unchanged; they cannot determine who sent what to whom.


Redeem (withdrawal)

const { txJson, intentId } = await client.buildRedeemIntent({
amount: 500,
accountCommitment,
payoutRail: 'ach',
payoutNetwork: 'us_ach',
payoutDestination: 'routing:account'
})
// → dispatched to intentPath

await client.createRedeemIntent(args, { dispatch: true })

Validates that payoutRail is in supportedRails before building. The burn transaction committed on redemption:

List 1: (assetId, amount, "burn") — no redeemer identity
List 2: redeemerCommitment — no amount

AML compliance and reconcile authority

reconcile_authority: "issuer_read_only" means the issuer can resolve a transferId to the originating senderCommitment through the protected linkage store. This is the OFAC and AML compliance path:

  • The issuer can satisfy sanctions screening and regulatory requests by querying the linkage store
  • The issuer cannot write to or alter canonical ledger state through this authority
  • Public ledger observers see only aggregate supply and direction-free transfer identifiers
  • A regulator with lawful process directed at the issuer obtains individual attribution; no linkage material is on-chain

Supported rails

payoutRailDescription
blockchainOn-chain transfer to a wallet address
achUS ACH bank transfer
wireDomestic or international wire transfer

Available rails are declared in wire.provider_config.supported_rails and validated at build time.


Deployment guide

shywire-v1 is the transfer rail shared by shycustody, shycontracts, and shylots. It is not a standalone coin — it is the canonical anonymous state machine for mint, burn, transfer, and asset lifecycle. The embodiment determines what is being moved: financing claims in shycontracts, pooled warehouse shares in shycustody, or wrapped issuer transfers in shywire itself.

Value conservation and TODO circuit

The current scaffold stores amounts as int64 plaintext — acceptable for licensed enterprise deployments where the operator controls the runtime. The production circuit adds Pedersen commitments (BN254) so amounts are hidden from the canonical runtime while still provably conserved:

FieldCurrent scaffoldProduction circuit
TransferRecord.Amountint64 plaintextPedersen commitment
AccountRecord.Balanceint64 plaintextPedersen commitment
Nullifier derivationH(wallet_addr, tx_id)ZK-proven (hides wallet from node)

Stablecoin issuer

A stablecoin issuer with existing MSB licensing deploys shyware as a private-mode layer — merchants see a payment, not your balance or history; the issuer retains the account registry for FinCEN subpoena response; TotalSupply is publicly auditable by BFT consensus.

FinCEN compliance mapping:

Requirementshyware mechanism
KYC/AMLAccount registration requires wallet ECDSA proof; issuer holds off-chain KYC linked to account_commitment
Transaction monitoringIssuer queries admin API on demand (reactive, not proactive)
Travel RuleTransfer metadata in List 1; sender/recipient linkage available to issuer under legal process
Supply auditabilityGET /supply/{asset_id} public; enforced by BFT consensus

Provisioning sketch:

# Register asset
POST /assets { "asset_id": "usdp", "name": "USD Private", "decimals": 6 }

# Mint on deposit
POST /mint { "asset_id": "usdp", "account_commitment": "...", "amount": 1000000 }

# Burn on redemption
POST /burn { "asset_id": "usdp", "account_commitment": "...", "amount": 500000 }

Neobank

A neobank deploys shyware as its account layer. Users hold private balances — merchants see only that a payment occurred. The bank holds protected off-chain records and responds to subpoenas exactly as it does today.

// ACH deposit → Mint
await shywareClient.mint({ asset_id: "usd", account_commitment: commitment, amount: amountCents });

// ACH withdrawal → Burn
await shywareClient.burn({ asset_id: "usd", account_commitment: commitment, amount: amountCents });

// Subpoena response (operator-level, never public)
await shywareAdminClient.getAccountHistory(accountCommitment, assetId);

Sovereign digital currency

shyware resolves the CBDC political deadlock: private from counterparties (identical to cash), auditable by the state with legal process (identical to a bank account). The viable deployment path runs through private issuers under existing MSB licensing, not central banks. The supply invariant — TotalSupply == TotalMinted - TotalBurned enforced by BFT consensus — is a stronger supply guarantee than physical cash.

Identity model options: wallet ECDSA (H(wallet_address)), Didit biometric (H(person_secret)), or national ID hash — the protocol is identity-model agnostic.