ReferenceAdapters
RemoteCliAdapter
Delegates signing to a remote server that calls the sui CLI's keytool sign command. This lets
you use your real CLI keystore (~/.sui/sui_config/sui.keystore) from a browser-based dApp.
How It Works
- Run
npx @mysten/dev-wallet serve— starts a Vite dev server with signing middleware - The CLI detects if
suiis on your PATH and enables the Remote CLI adapter - The adapter lists available accounts from your CLI keystore
- Signing requests are sent to the server via HTTP
- The server calls
sui keytool signwith the transaction bytes - Signed bytes are returned to the browser
Usage
The Remote CLI adapter is primarily used automatically when running in standalone mode. You can also use it programmatically:
import { RemoteCliAdapter } from '@mysten/dev-wallet/adapters';
const adapter = new RemoteCliAdapter({
serverOrigin: 'http://localhost:5174',
token: 'your-auth-token',
});
await adapter.initialize(); // Restores imported accounts from CLI if pairedAPI
| Property / Method | Description |
|---|---|
id | 'remote-cli' |
name | 'Remote CLI Signer' |
allowAutoSign | false |
isPaired | Whether the adapter has an auth token |
initialize() | Restore auth token and imported accounts from localStorage |
listAvailableAccounts() | Fetch CLI keystore accounts not yet imported |
importAccount(options) | Import a CLI account by address |
removeAccount(address) | Remove an imported account |
getAccounts() | List imported accounts |
getAccount(address) | Look up a single imported account |
onAccountsChanged(callback) | Subscribe to account list changes |
destroy() | Clear token and imported accounts from localStorage |
Limitations
signPersonalMessage is not supported. The sui keytool sign command only accepts
TransactionData BCS bytes, not arbitrary personal messages. Attempting to sign a personal message
with a CLI account will throw an error.
- Account creation is not supported — manage keys via
sui keytool - Requires the
suiCLI to be installed and on PATH
Security
The CLI server uses token-based authentication (similar to Jupyter notebooks). The token is:
- Generated randomly when the server starts
- Passed via URL parameter in the browser
- Required for all signing requests
This is acceptable for a development-only tool running on localhost.