.cargo/config.toml

+[target.x86_64-apple-darwin]
+linker = "o64-clang"
+rustflags = [
+    "-C",
+    "link-arg=-mmacosx-version-min=10.12",
+    "-C",
+    "target-feature=+crt-static",
+]

.dockerignore

+target/

.gitignore

 /target
+/.idea
\ No newline at end of file

.gitlab-ci.yml

 # Official language image. Look for the different tagged releases at:
 # https://hub.docker.com/r/library/rust/tags/
-image: "rust:latest"
 
 stages:
+  - tests
   - build
+  - release
 
-build:
+tests_linux:
+  stage: tests
+  image: rust:buster
+  script:
+    - cargo test
+
+build_linux:
   stage: build
-  # image used for this build
-  image: rust
-  # build script
+  image: rust:buster
   script:
+     # Build the project for Linux
     - cargo build --release
-  # output file
+    # Create Debian package
+    - cargo install cargo-deb
+    - cargo deb --no-build
+    - ls target/debian/*.deb | head -n 1 > debian_package.txt
   artifacts:
     paths:
       - target/release/gcli
-  # use cache to avoid re-downloading and re-building all dependencies
+      - target/debian/*.deb
+      - debian_package.txt
+  cache:
+    key: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
+    paths:
+      - target/release
+      - target/debian
+  only:
+    - tags
+
+build_macos:
+  stage: build
+  image: poka/rust-osxcross:latest
+  script:
+    # Install the required dependencies
+    - rustup target add x86_64-apple-darwin
+    # Build the project for macOS
+    - cargo build --release --target x86_64-apple-darwin
+    # Create the macOS bundle
+    - rm -rf target/macos
+    - mkdir -p target/macos
+    - cargo bundle --release --target x86_64-apple-darwin
+    # Add Info.plist and install_gcli.scpt
+    - cd target/x86_64-apple-darwin/release/bundle/osx
+    - mkdir -p gcli.app/Contents/Resources/Scripts
+    - cp /opt/Info.plist gcli.app/Contents/Info.plist
+    - cp /opt/install_gcli.scpt gcli.app/Contents/Resources/Scripts/install_gcli.scpt
+    - echo -e "Just unzip gcli.app and open it.\nenjoy" > instructions.txt
+    # Zip the gcli.app before moving it
+    - zip -r gcli.zip gcli.app instructions.txt
+    - mv gcli.zip ../../../../macos/ # target/macos/
+  artifacts:
+    paths:
+      - target/macos
   cache:
-    - key:
-        files:
-          - Cargo.lock
-      paths:
-        - target/release
-  # only build gcli when adding a tag
+    key: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
+    paths:
+      - target/macos
+  only:
+    - tags
+
+release:
+  stage: release
+  image: registry.gitlab.com/gitlab-org/release-cli:latest
+  script:
+    - echo "Creating a release..."
+    - apk update && apk add git
+    - git fetch --tags
+    - LAST_VERSION=$(git tag --sort=-v:refname | sed -n '2p')
+    - git log --pretty="format:- %s ([%h]($CI_PROJECT_URL/-/commit/%h)) " HEAD...$LAST_VERSION --reverse > release_description.txt
+  release:
+    name: "v$CI_COMMIT_TAG"
+    description: "Latest changes:\n$(cat release_description.txt)"
+    tag_name: "$CI_COMMIT_TAG"
+    assets:
+      links:
+        - name: "gcli v$CI_COMMIT_TAG for Linux (binary)"
+          url: "$CI_PROJECT_URL/-/jobs/artifacts/$CI_COMMIT_TAG/raw/target/release/gcli?job=build_linux"
+        - name: "gcli v$CI_COMMIT_TAG Debian Package"
+          url: "$CI_PROJECT_URL/-/jobs/artifacts/$CI_COMMIT_TAG/raw/$(cat debian_package.txt)?job=build_linux"
+        - name: "gcli v$CI_COMMIT_TAG for macOS"
+          url: "$CI_PROJECT_URL/-/jobs/artifacts/$CI_COMMIT_TAG/raw/target/macos/gcli.zip?job=build_macos"
   only:
-    - tags
+    - tags
\ No newline at end of file
+  dependencies:
+    - build_linux
+    - build_macos
+  artifacts:
+    paths:
+      - debian_package.txt

.vscode/settings.json

+{
+    "rust-analyzer.server.extraEnv": null,
+    "rust-analyzer.diagnostics.disabled": ["non_camel_case_types"],
+    "windicss.includeLanguages": {},
+}
\ No newline at end of file

CHANGELOG.md

+# Changelog
+
+List of changelogs ordered from latest to oldest
+
+## [0.4.0] - 2025-02-xx
+### Changed
+- Old key files cannot be used directly anymore, they have to be migrated to the SQLite file database.  You can use the following commands for that:
+    - `gcli vault list-files` lists _old_ key files from previous versions
+    - `gcli vault migrate` which allows to migrate _old_ key files into the vault database
+- Some arguments and commands were adapted
+    - Arguments
+        - **SecretFormat** (`-S`): _cesium_ was renamed to _g1v1_ - but it will still work properly if using _cesium_
+        - Several arguments were renamed for clarity.  Examples:
+          - `<TARGET>` => `<USERNAME>`
+          - `<ACCOUNT_ID>` => `<ADDRESS>`
+    - Commands
+        - `gcli vault import` now has an optional **SecretFormat** `-S` argument with _substrate_ as default value
+            - It is now possible to import _substrate_ URI, _seed_, _g1v1_ id/secret (old "cesium") keys into the vault.
+        - `gcli vault list` now has sub-commands and only shows Addresses from the SQLite file database
+
+### Added
+- Support for SQLite file database to persist vault data
+- global `-v <NAME>` argument to select a vault Address by name (mutually exclusive with `-a <ADDRESS>` argument)
+- Already mentioned in the "Changed" section above, but it is now possible to add different kind of keys to the vault when doing `vault import`
+  - Default providing _substrate_ URI (or `-S substrate`): can be a mnemonic or a mini-secret ('0x' prefixed seed) together with optional derivation path; using Sr25519 crypto scheme
+  - `-S seed`: using the 32 character hexadecimal secret seed; using Sr25519 crypto scheme
+  - `-S g1v1` (or `-S cesium`): allows to input G1v1 `id` and `secret`; using Ed25519 crypto scheme
+- Added possibility to `derive` non _g1v1_/_cesium_ Addresses (see `gcli vault derive`)
+- Some commands were added
+  - `gcli vault list all` List all \<Base\> SS58 Addresses and their linked derivations in the vault
+  - `gcli vault list for` List \<Base\> and Derivation SS58 Addresses linked to the selected one
+  - `gcli vault list base` List all \<Base\> SS58 Addresses in the vault
+  - `gcli vault use` Use specific SS58 Address (changes the config Address)
+  - `gcli vault derive` Add a derivation to an existing SS58 Address
+  - `gcli vault rename` Give a meaningful name to an SS58 Address in the vault
+  - `gcli vault remove` Remove an SS58 Address from the vault together with its linked derivations
+  - `gcli vault inspect` Inspect a vault entry, retrieving its Substrate URI (will provide more data in a future version)
+  - `gcli vault list-files` (deprecated) List available key files (needs to be migrated with command `vault migrate` in order to use them)
+  - `gcli vault migrate` (deprecated) Migrate old key files into db (will have to provide password for each key)
+
+### Fixed
+- None
+
+### Deprecated
+- Two commands are now deprecated and will be removed in a future release
+  - `gcli vault list-files`
+  - `gcli vault migrate`
+
+### Removed
+- None
+
+### CI/CD
+- #45, !42:
+  - In linux build job, switch to "non-slim" Debian image which provides `libssl-dev` now required
+  - Introduce linux tests job (#46)
+- !38: Build deb and macos pkgs in parallel
+
+## [0.3.0] - 2024-10-10
+### Added
+- Previous version without changelog

Cargo.toml

 [package]
-authors = ["librelois <c@elo.tf>", "tuxmain <tuxmain@zettascript.org>"]
+authors = [
+    "librelois <c@elo.tf>",
+    "tuxmain <tuxmain@zettascript.org>",
+    "h30x <hugo@trentesaux.fr>",
+]
 edition = "2021"
-license = "AGPL-3.0"
+rust-version = "1.75.0"
+license = "AGPL-3.0-only"
 name = "gcli"
 repository = "https://git.duniter.org/clients/rust/gcli-v2s"
-version = "0.1.0"
+description = "A command-line interface for Duniter v2s uses"
+version = "0.4.0"
 
 [dependencies]
-anyhow = "1.0"
-clap = { version = "4.1.9", features = ["derive"] }
-codec = { package = "parity-scale-codec", version = "3.4.0" }
-env_logger = "0.10"
-futures = "0.3.27"
-graphql_client = { version = "0.12.0", features = ["reqwest"] }
-hex = "0.4.3"
-log = "0.4.17"
-reqwest = "0.11.14"
-rpassword = "7.2.0"
-serde = { version = "1.0", features = ["derive"] }
-serde_json = "1.0.94"
-sp-core = { git = "https://github.com/duniter/substrate", branch = "duniter-substrate-v0.9.32" }
-subxt =  { git = "https://github.com/duniter/subxt.git", branch = "duniter-substrate-v0.9.32" }
-tokio = { version = "1.26.0", features = ["macros"] }
-confy = "0.5.1"
+# subxt is main dependency
+subxt = { git = 'https://github.com/duniter/subxt', branch = 'subxt-v0.37.0-duniter-substrate-v1.14.0', default-features = false, features = [
+    "substrate-compat",
+    "native",
+    "jsonrpsee",
+] }
+
+# substrate primitives dependencies
+sp-core = { git = "https://github.com/duniter/duniter-polkadot-sdk.git", branch = "duniter-substrate-v1.14.0" }
+sp-runtime = { git = "https://github.com/duniter/duniter-polkadot-sdk.git", branch = "duniter-substrate-v1.14.0" }
+
+# crates.io dependencies
+anyhow = "^1.0"
+clap = { version = "^4.5.19", features = ["derive"] }
+codec = { package = "parity-scale-codec", version = "^3.6.12" }
+env_logger = "^0.10"
+futures = "^0.3.30"
+graphql_client = { version = "^0.13.0", features = ["reqwest-rustls"] }
+hex = "^0.4.3"
+log = "^0.4.22"
+reqwest = { version = "^0.11.27", default-features = false, features = [
+    "rustls-tls",
+] }
+inquire = "^0.7.5"
+serde = { version = "^1.0", features = ["derive"] }
+serde_json = "^1.0.128"
+tokio = { version = "^1.40.0", features = ["macros"] }
+confy = "^0.5.1"
+bs58 = "^0.5.1"
+directories = "^5.0.1"
+comfy-table = "^7.1.1"
+sea-orm = { version = "1.1.0", features = [ "sqlx-sqlite", "runtime-tokio-native-tls", "macros" ] }
+
+# crypto
+scrypt = { version = "^0.11", default-features = false } # for old-style key generation
+# this is beta crate for password-encrypted files
+age = { default-features = false, version = "^0.10.0", features = ["armor"] }
+bip39 = { version = "^2.0.0", features = ["rand"] }                           # mnemonic
+colored = "2.1.0"
+
+# Tests
+rstest = "0.23.0"
+indoc = "2.0.5"
 
 # allows to build gcli for different runtimes and with different predefined networks 
 [features]
@@ -30,3 +63,8 @@ default = ["gdev"] # default runtime is "gdev", gdev network is available
 gdev = []
 gtest = []
 g1 = []
+
+[package.metadata.bundle]
+name = "gcli"
+identifier = "com.axiomteam.gcli"
+icon = ["gcli.png"]

Dockerfile

+# FROM rustlang/rust:nightly-slim as build
+# nightly needed for -Zgit=shallow-deps build but ahash problem with stdsimd
+FROM rust:latest as build
+# # Use musl Rust image
+# FROM clux/muslrust:1.75.0-stable as build
+
+WORKDIR /app
+
+# Copy the Cargo.toml and Cargo.lock files to leverage Docker's caching mechanism
+COPY Cargo.toml Cargo.lock ./
+
+# Build the dependencies of the application separately
+RUN --mount=type=cache,target=/app/target \
+    --mount=type=cache,target=/root/.cargo/registry \
+    mkdir src \
+    && echo "fn main() {}" > src/main.rs \
+    && cargo build --release \
+    && rm -r src
+
+# Copy the rest of the source code
+COPY ./res ./res
+COPY ./src ./src
+
+# Build the application
+RUN cargo build --release
+
+# Start release stage
+FROM debian as release
+
+# Set the working directory to the location of the built application
+WORKDIR /app
+
+# Copy the built application from the previous stage
+COPY --from=build /app/target/release/gcli .
+
+# Specify the entrypoint for the container
+ENTRYPOINT ["/app/gcli"]
\ No newline at end of file

Dockerfile.ci

+# Stage 1: Build environment with all dependencies
+FROM rust:slim-bookworm as builder
+
+# Install necessary dependencies
+RUN apt-get update && apt-get install -y \
+    clang \
+    llvm \
+    make \
+    file \
+    git \
+    curl \
+    cmake \
+    python3 \
+    python3-dev \
+    python3-pip
+
+# Clone osxcross repository and set up
+RUN git clone https://github.com/tpoechtrager/osxcross.git /opt/osxcross && \
+    cd /opt/osxcross && \
+    ./tools/get_dependencies.sh && \
+    cd /opt/osxcross/tarballs && \
+    curl -LO https://github.com/joseluisq/macosx-sdks/releases/download/10.12/MacOSX10.12.sdk.tar.xz && \
+    cd /opt/osxcross && \
+    UNATTENDED=yes ./build.sh
+
+# Stage 2: Create the final image with only the necessary files
+FROM rust:slim-bookworm
+
+# Install cargo-bundle
+RUN cargo install cargo-bundle
+
+RUN apt-get update && apt-get install -y --no-install-recommends clang zip; \
+    apt-get clean; \
+    rm -rf /var/lib/apt/lists/*;
+
+# Copy cargo plugins from the builder stage
+COPY --from=builder /opt/osxcross/target /opt/osxcross/target
+
+# Set environment variables for osxcross and Rust
+ENV PATH="/opt/osxcross/target/bin:/usr/local/cargo/bin:$PATH"
+ENV CC="o64-clang"
+ENV CXX="o64-clang++"
+
+# Add rust target for macOS
+RUN rustup target add x86_64-apple-darwin
+
+# Copy scripts
+COPY scripts/install_gcli.scpt /opt/install_gcli.scpt
+COPY scripts/Info.plist /opt/Info.plist
+
+# Define the entrypoint
+CMD ["bash"]

README.md

@@ -6,8 +6,18 @@ Using
 - https://github.com/duniter/substrate
 - https://github.com/duniter/subxt
 
+## Install
 Download from [release](https://git.duniter.org/clients/rust/gcli-v2s/-/releases) or build with `cargo build`.
 
+On debian derived systems you can also : 
+check on [release](https://git.duniter.org/clients/rust/gcli-v2s/-/releases) page for latest version then in bash cli :
+```
+GCLI_VERSION={change me with latest version (0.2.14 in 2024 summer) and remove {}}
+wget https://git.duniter.org/clients/rust/gcli-v2s/-/jobs/artifacts/$GCLI_VERSION/raw/target/debian/gcli_$GCLI_VERSION-1_amd64.deb?job=build_linux
+mv gcli_* gcli_package.deb
+dpkg -i gcli_package.deb
+```
+
 ## Usage
 
 If using a different runtime, update the metadata for the client to compile:
@@ -16,13 +26,13 @@ If using a different runtime, update the metadata for the client to compile:
 
 Send 10 ĞD from Alice to Ferdie:
 
-	cargo run -- --url ws://localhost:9944 --secret //Alice transfer 1000 5CiPPseXPECbkjWCa6MnjNokrgYjMqmKndv2rSnekmSK2DjL
+	cargo run -- --url ws://localhost:9944 --secret //Alice account transfer 1000 5CiPPseXPECbkjWCa6MnjNokrgYjMqmKndv2rSnekmSK2DjL
 
 List certifications and session keys that will expire within one month:
 
-	cargo run -- --url wss://gdev.p2p.legal:443/ws expire --blocks 432000
+	cargo run -- --url wss://gdev.p2p.legal:443/ws smith expire --blocks 432000
 
-For more examples see [in the example file](./doc/example.md).
+For more examples see [in the doc](./doc). `cargo run --` is replaced by `gcli` as if the binary was added to your path.
 
 #### Log level
 
@@ -55,8 +65,8 @@ Now the command `duniter-rpc` will open an SSH session and a bridge to your RPC
 When your node is ready to forge blocks, rotate keys and go online:
 
 ```bash
-gcli --secret "my secret phrase" update-keys
-gcli --secret "my secret phrase" go-online
+gcli --secret "my secret phrase" smith update-keys
+gcli --secret "my secret phrase" smith go-online
 ```
 
 ### Keys
@@ -66,3 +76,7 @@ Secret and/or public keys can always be passed using `--secret` and `--address`.
 Secret key format can be changed using `--secret-format` with the following values:
 * `substrate`: a Substrate secret address (optionally followed by a derivation path), or BIP39 mnemonic
 * `seed`: a 32-bytes seed in hexadecimal (Duniter v1 compatible)
+
+## Changelog
+
+For a detailed list of changes, see the [CHANGELOG](./CHANGELOG.md).
\ No newline at end of file

doc/config.md

+# Ğcli config 
+
+Some Ğcli commands require to have an address configured (for example to get account balance), some require to have a secret configured (to sign extrinsics).
+Ğcli allows to save the address you want in a config file and to overwrite parts in command line arguments. Example:
+
+```sh
+# save Alice address to config file
+gcli -S predefined -s Alice config save
+
+# show config 
+gcli config show
+# [stdout]
+# Ğcli config
+# duniter endpoint ws://localhost:9944
+# indexer endpoint http://localhost:8080/v1/graphql
+# address 5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY
+
+# use different address in command line
+gcli --address 5Fxune7f71ZbpP2FoY3mhYcmM596Erhv1gRue4nsPwkxMR4n config show
+# [stdout]
+# Ğcli config
+# duniter endpoint ws://localhost:9944
+# indexer endpoint http://localhost:8080/v1/graphql
+# address 5Fxune7f71ZbpP2FoY3mhYcmM596Erhv1gRue4nsPwkxMR4n
+```
+
+This also applies to rpc endpoint config (`--url`) or indexer config (`--indexer`).
+
+## Using password encrypted vault
+
+For convenience, default accounts are hardcoded in Ğcli without needing a password:
+
+```sh
+# when Alice address is stored in config file
+gcli account transfer 1 5Fxune7f71ZbpP2FoY3mhYcmM596Erhv1gRue4nsPwkxMR4n
+# no need for password to sign transaction
+```
+
+but in general usage, you want to store your secret in the local vault.
+
+Here is an example that:
+* adds a base _substrate_ account
+* adds a derivation on it
+* lists all available Addresses in the vault
+* selects that derivation Address
+* makes a transfer from selected Address
+
+```sh
+# add a new secret to the vault using substrate uri
+gcli vault import
+# [stdout]
+# gcli vault import
+# Substrate URI can be a mnemonic or a mini-secret ('0x' prefixed seed) together with optional derivation path
+# > Substrate URI:  ********
+# 
+# Trying to import for SS58 address :'5DfhGyQdFobKM8NsWvEeAKk5EQQgYe9AydgJ7rMB6E1EqRzV'
+# 
+# Enter password to protect the key
+# > Password ********
+# (Optional) Enter a name for the vault entry
+# > Name: test-mnemonic
+# Creating <Base> account Base[address:5DfhGyQdFobKM8NsWvEeAKk5EQQgYe9AydgJ7rMB6E1EqRzV, name:Some("test-mnemonic"), crypto_scheme:Some(Sr25519)]
+# Change done
+```
+
+```sh
+# add a derivation to that Address and give it name "firstDerive"
+gcli vault derive -a 5DfhGyQdFobKM8NsWvEeAKk5EQQgYe9AydgJ7rMB6E1EqRzV
+# [stdout]
+# Adding derivation to: Base[address:5DfhGyQdFobKM8NsWvEeAKk5EQQgYe9AydgJ7rMB6E1EqRzV, name:Some("test-mnemonic"), crypto_scheme:Some(Sr25519)]
+# 
+# Its parent hierarchy is this:
+# ┌─────────────────────────────────────────────────────────────────────────────────────┐
+# │ SS58 Address/G1v1 public key                       Crypto    Path     Name          │
+# ╞═════════════════════════════════════════════════════════════════════════════════════╡
+# │ 5DfhGyQdFobKM8NsWvEeAKk5EQQgYe9AydgJ7rMB6E1EqRzV   sr25519   <Base>   test-mnemonic │
+# └─────────────────────────────────────────────────────────────────────────────────────┘
+# 
+# The linked <Base> account is Base[address:5DfhGyQdFobKM8NsWvEeAKk5EQQgYe9AydgJ7rMB6E1EqRzV, name:Some("test-mnemonic"), crypto_scheme:Some(Sr25519)]
+# Enter password to decrypt the <Base> account key
+# > Password ********
+# 
+# > Derivation path: //1
+# 
+# Trying to create derivation with address '5GBNeWRhZc2jXu7D55rBimKYDk8PGk8itRYFTPfC8RJLKG5o'
+# 
+# (Optional) Enter a name for the vault entry
+# > Name: firstDerive
+# Creating derivation account Derivation[address:5GBNeWRhZc2jXu7D55rBimKYDk8PGk8itRYFTPfC8RJLKG5o, name:Some("firstDerive"), path:Some("//1"), parent:Some("5DfhGyQdFobKM8NsWvEeAKk5EQQgYe9AydgJ7rMB6E1EqRzV")]
+# Change done
+```
+
+```sh
+# list available Addresses in the vault
+gcli vault list all
+# [stdout]
+# available SS58 Addresses:
+# ┌───────────────────────────────────────────────────────────────────────────────────────┐
+# │ SS58 Address/G1v1 public key                         Crypto    Path     Name          │
+# ╞═══════════════════════════════════════════════════════════════════════════════════════╡
+# │ 5DfhGyQdFobKM8NsWvEeAKk5EQQgYe9AydgJ7rMB6E1EqRzV     sr25519   <Base>   test-mnemonic │
+# │ ├ 5GBNeWRhZc2jXu7D55rBimKYDk8PGk8itRYFTPfC8RJLKG5o             //1      firstDerive   │
+# └───────────────────────────────────────────────────────────────────────────────────────┘
+```
+
+```sh
+# Use "firstDerive" derivation Address (changes the config Address)
+gcli vault use -v firstDerive
+# [stdout]
+# Using: Derivation[address:5GBNeWRhZc2jXu7D55rBimKYDk8PGk8itRYFTPfC8RJLKG5o, name:Some("firstDerive"), path:Some("//1"), parent:Some("5DfhGyQdFobKM8NsWvEeAKk5EQQgYe9AydgJ7rMB6E1EqRzV")]
+# Configuration updated!
+```
+
+After saving your secret to the vault, you will be able to unlock it with the password:
+
+```sh
+gcli account transfer 123 5Fxune7f71ZbpP2FoY3mhYcmM596Erhv1gRue4nsPwkxMR4n
+# [stdout]
+# (Vault: Derivation[address:5GBNeWRhZc2jXu7D55rBimKYDk8PGk8itRYFTPfC8RJLKG5o, name:Some("firstDerive"), path:Some("//1"), parent:Some("5DfhGyQdFobKM8NsWvEeAKk5EQQgYe9AydgJ7rMB6E1EqRzV")])
+# > Password ********
+# transaction submitted to the network, waiting 6 seconds...
+# transfered 1.23 ĞD (5GBNeWRhZc2jXu7D55rBimKYDk8PGk8itRYFTPfC8RJLKG5o → 5Fxune7f71ZbpP2FoY3mhYcmM596Erhv1gRue4nsPwkxMR4n)
+```
+
+You can display the secret files location:
+
+```sh
+gcli vault where
+# [stdout]
+# /home/hugo/.local/share/gcli
+```
+
+---
+
+There are more commands and options available; please use `--help` argument in any of the commands to get their description.
+
+A few examples:
+
+```sh
+gcli --help
+# [stdout]
+# A command-line interface for Duniter v2s uses
+# 
+# Usage: gcli [OPTIONS] <COMMAND>
+# 
+# Commands:
+#   account     Account (balance, transfer...)
+#   identity    Identity (get, create, confirm, revoke...)
+#   smith       Smith (certify, go-online, go-offline...)
+#   tech        Tech (list members, proposals, vote...)
+#   ud          Universal Dividend (claim...)
+#   oneshot     Oneshot account (balance, create, consume...)
+#   blockchain  Blockchain (current block, runtime info...)
+#   indexer     Indexer (check, latest block)
+#   config      Config (show, save...)
+#   vault       Key management (import, generate, list...)
+#   help        Print this message or the help of the given subcommand(s)
+# 
+# Options:
+#   -i, --indexer <INDEXER>              Overwrite indexer endpoint
+#       --no-indexer                     Do not use indexer
+#   -s, --secret <SECRET>                Secret key or BIP39 mnemonic (only used when secret format is compatible) (eventually followed by derivation path)
+#   -S, --secret-format <SECRET_FORMAT>  Secret key format (seed, substrate, g1v1)
+#   -a <ADDRESS>                         SS58 Address
+#   -v <NAME>                            Name of an SS58 Address in the vault
+#   -u, --url <URL>                      Overwrite duniter websocket RPC endpoint
+#   -n, --network <NETWORK>              Target network (local, gdev, gtest...)
+#       --no-wait                        prevent waiting for extrinsic completion
+#   -o, --output-format <OUTPUT_FORMAT>  Output format (human, json, ...) [default: human]
+#   -h, --help                           Print help
+#   -V, --version                        Print version
+```
+
+```sh
+gcli vault --help
+# [stdout]
+# Key management (import, generate, list...)
+# 
+# Usage: gcli vault <COMMAND>
+# 
+# Commands:
+#   list        List available SS58 Addresses in the vault
+#   use         Use specific SS58 Address (changes the config Address)
+#   generate    Generate a mnemonic
+#   import      Import key from (substrate uri) or other format with interactive prompt
+#   derive      Add a derivation to an existing SS58 Address
+#   rename      Give a meaningful name to an SS58 Address in the vault
+#   remove      Remove an SS58 Address from the vault together with its linked derivations
+#   inspect     Inspect a vault entry, retrieving its Substrate URI (will provide more data in a future version)
+#   list-files  (deprecated) List available key files (needs to be migrated with command `vault migrate` in order to use them)
+#   migrate     (deprecated) Migrate old key files into db (will have to provide password for each key)
+#   where       Show where vault db (or old keys) is stored
+#   help        Print this message or the help of the given subcommand(s)
+# 
+# Options:
+#   -h, --help  Print help
+```
+
+And some commands have a more detailed description when requesting `--help` from them:
+
+```sh
+gcli vault derive --help
+# [stdout]
+# Add a derivation to an existing SS58 Address.
+# 
+# Only "sr25519" crypto scheme is supported for derivations.
+# 
+# Use command `vault list base` to see available <Base> account and their crypto scheme
+# And then use command 'vault list for' to find all accounts linked to that <Base> account.
+# 
+# Usage: gcli vault derive <-a <ADDRESS>|-v <NAME>>
+# 
+# Options:
+#   -a <ADDRESS>
+#           SS58 Address
+# 
+#   -v <NAME>
+#           Name of an SS58 Address in the vault
+# 
+#   -h, --help
+#           Print help (see a summary with '-h')
+```
\ No newline at end of file

doc/example.md

 # Examples of gcli commands for copy-paste
 
-Useful when developing: replace `gcli` by `cargo run --` to build in debug mode and launch gcli.
-
-## Mnemonics
-
-Used in duniter-indexer genesis config:  
-`pipe paddle ketchup filter life ice feel embody glide quantum ride usage`
-
-with derivations:
-
-- `//2` → `test1`
-- `//4` → `test2`
-- `//6` → `test3`
-
-Used in substrate for Alice, Bob and Co:  
-`bottom drive obey lake curtain smoke basket hold race lonely fit walk`
-
-with derivations:
-
-- `//Alice`
-- `//Bob`
-- `//Charlie`
-- ...
-
 ## Configuration
 
-It can be handful to use Gcli with a configuration file to avoid passing arguments on every command.
+It can be handful to use Ǧcli with a configuration file to avoid passing arguments on every command.
 
 ```sh
 # show config commands
@@ -34,19 +11,41 @@ gcli config
 gcli config where
 # save config to use gdev network for next commands
 gcli --network gdev config save
+# save config to use Alice predefined account
+gcli -S predefined -s Alice config save
+# the arguments above can be combined
+# command below sets local network and predefined secret
+gcli --network local -S predefined -s Alice config save
 ```
 
+In the following, we assume this last command was run. More about the config in [config.md](./config.md).
+
 ## Commands
 
+Here is a list of useful commands
+
 ```sh
 # get duniter current block
-gcli current-block
-# get balance of test1 account
-gcli --address 5FeggKqw2AbnGZF9Y9WPM2QTgzENS3Hit94Ewgmzdg5a3LNa get-balance
-# get information about test1 identity (needs indexer)
-gcli identity --username test1
-# show address of given secret
-gcli --secret "pipe paddle ketchup filter life ice feel embody glide quantum ride usage"//2 show-address
+gcli blockchain current-block
+# get balance of configured account
+gcli account balance
+# get identity information without indexer
+gcli --no-indexer identity get -a 5Hn2LeMZXPFitMwrmrGucwtAPSLEiP4o5zTF7kHzMBtEkJUr 
+# get information about Alice identity (needs indexer)
+gcli identity get --username Alice
+# claim universal dividends
+gcli ud claim
+# transfer 5000 units
+gcli account transfer 5000 5E4i8vcNjnrDp21Sbnp32WHm2gz8YP3GGFwmdpfg5bHd8Whb
+```
+
+For testing purpose it can be useful to submit extrinsic without waiting for result and create block manually. 
+
+```sh
+# only submit extrinsic to network and do not listen to result
+gcli --no-wait account transfer 1234 5FeggKqw2AbnGZF9Y9WPM2QTgzENS3Hit94Ewgmzdg5a3LNa
+# create block manually (with manual sealing)
+gcli blockchain create-block
 ```
 
 ## Indexer commands

docker/README.md

+# Docker
+
+Docker image for gcli is useful for people with docker-based infrastructure or old system with old glibc or libssl.
+
+## Build
+
+```sh
+./docker/build.sh
+```
+
+## Use
+
+To use gcli, run it with docker:
+
+```sh
+docker run --rm gcli
+```
+
+Ğcli uses folders to store config and vault. You can bind local folders to these locations:
+
+```sh
+# create folders
+mkdir -p $HOME/.config/gcli/
+mkdir -p $HOME/.local/share/gcli/
+# run gcli in docker with there folders
+docker run --rm \
+--mount type=bind,src=$HOME/.config/gcli/,dst=/root/.config/gcli \
+--mount type=bind,src=$HOME/.local/share/gcli/,dst=/root/.local/share/gcli \
+gcli
+```
+
+An alias can be useful:
+
+```sh
+# define alias
+alias docker_gcli="docker run --rm \
+--mount type=bind,src=$HOME/.config/gcli/,dst=/root/.config/gcli \
+--mount type=bind,src=$HOME/.local/share/gcli/,dst=/root/.local/share/gcli \
+gcli"
+# then simply call
+docker_gcli --help
+```

docker/build.sh

+#!/bin/bash
+
+# Also generated by chatGPT
+
+# Name of your Docker image
+IMAGE_NAME="gcli"
+
+# Version of your Docker image
+IMAGE_VERSION="latest"
+
+# Build and tag the Docker image using Docker Buildx
+docker buildx build -t "$IMAGE_NAME:$IMAGE_VERSION" .
+
+# Optionally, you can push the image to a Docker registry
+# docker push "$IMAGE_NAME:$IMAGE_VERSION"

res/README.md

+# Resources
+
+## Graphql schema and queries for Duniter indexer
+
+Update the schema with:
+
+```sh
+# install graphql client cli
+cargo install graphql_client_cli
+# download schema from node
+graphql-client introspect-schema https://squid.gdev.coinduf.eu/v1/graphql --output ./res/indexer-schema.json
+```
+
+...
+
+## Metadata
+
+To update the scale-encoded Duniter metadata, spawn a node and run the subxt command.
+
+```sh
+# install subxt
+cargo install subxt
+# spawn a node listening on localhost:9944
+duniter --dev
+# fetch the metadata with subxt
+subxt metadata -f bytes > res/metadata.scale
+```

res/indexer-queries.graphql

+query IdentityNameByIndex($index: Int!) {
+  identity(where: { index: { _eq: $index } }) {
+    name
+  }
+}
+
+query NamesByIndexes($indexes: [Int!]!) {
+  identity(where: { index: { _in: $indexes } }) {
+    index
+    name
+  }
+}
+
+query IdentityInfo($index: Int!) {
+  identity(where: { index: { _eq: $index } }) {
+    name
+    certIssued(orderBy: { expireOn: DESC }, where: { isActive: { _eq: true } }) {
+      receiver {
+        name
+      }
+    }
+    certReceived(orderBy: { expireOn: DESC }, where: { isActive: { _eq: true } }) {
+      issuer {
+        name
+      }
+    }
+    linkedAccount {
+      id
+    }
+    smith {
+      smithStatus
+      smithCertIssued(orderBy: { createdOn: DESC }) {
+        receiver {
+          identity {
+            name
+          }
+        }
+      }
+      smithCertReceived(orderBy: { createdOn: DESC }) {
+        issuer {
+          identity {
+            name
+          }
+        }
+      }
+    }
+  }
+}
+
 query IdentityNameByPubkey($pubkey: String!) {
-  identity(where: { pubkey: { _eq: $pubkey } }) {
+  identity(where: { account: { id: { _eq: $pubkey } } }) {
     name
   }
 }
 
-query IdentityPubkeyByName($name: String!) {
-  identity_by_pk(name: $name) {
-    pubkey
+query WasIdentityNameByPubkey($pubkey: String!) {
+  accountByPk(id: $pubkey) {
+    wasIdentity {
+      identity {
+        name
+      }
+    }
   }
 }
 
 query LatestBlock {
-  parameters(where: { key: { _eq: "last_indexed_block_number" } }) {
-    value
+  block(limit: 1, orderBy: { height: DESC }) {
+    height
+    hash
+  }
+}
+
+query BlockByNumber($number: Int!) {
+  block(where: { height: { _eq: $number } }) {
+    height
+    hash
   }
 }
 
 query GenesisHash {
-  block(where: {number: {_eq: 0}}) {
+  block(where: { height: { _eq: 0 } }) {
     hash
   }
 }