igloo-shell is the CLI-first operator host for FROSTR. It manages local profiles, encrypted vault material, per-profile daemons, relay profiles, onboarding, recovery, profile export, and trusted key rotation.
This repo is self-contained as a project manual. General FROSTR protocol and system background is documented at the workspace level.
- Beta.
- managed local profiles and profile manifests
- encrypted vault storage for secret artifacts
- per-profile daemon lifecycle and runtime control
- operator-facing package flows:
onboardimportrecoverrotate-keyrotate-keysetkeygen
- relay profile and peer-policy management
Prerequisites:
- Rust toolchain installed
Build and test the workspace:
cargo check --workspace --offline
cargo test --workspace --offlineInspect local shell-managed state:
cargo run -p igloo-shell-cli -- relays list
cargo run -p igloo-shell-cli -- profile listGenerate local dev material:
scripts/devnet.sh genStart the local devnet:
scripts/devnet.sh startRun the shell-owned smoke checks:
scripts/devnet.sh smoke
scripts/test-node-e2e.shUnlock and inspect a local profile:
cargo run -p igloo-shell-cli -- profile loadprofile load is the normal entrypoint for an existing local profile:
- omit the profile id to use the numbered picker
- default behavior unlocks the profile, prints status and next commands, then exits
--startstarts or reuses the daemon and attaches to the daemon log--daemonstarts or reuses the daemon in the background and exits
Other operator entrypoints:
cargo run -p igloo-shell-cli -- onboard <package-or-path>
cargo run -p igloo-shell-cli -- import <bfprofile-or-path>
cargo run -p igloo-shell-cli -- recover <bfshare-or-path>
cargo run -p igloo-shell-cli -- rotate-key <bfonboard-or-path> --profile <profile-id>
cargo run -p igloo-shell-cli -- rotate-keyset init --profile <profile-id> --threshold <n> --count <n>
cargo run -p igloo-shell-cli -- rotate-keyset show --workspace <path>
cargo run -p igloo-shell-cli -- rotate-keyset generate --workspace <path>
cargo run -p igloo-shell-cli -- keygenMode rules:
recoveris recovery-only forbfsharerotate-keyis the in-place rotated-share adoption path for a singlebfonboardrotate-keysetis the operator-side trusted rotation workflow that gathers thresholdbfshareinputs, replaces the local profile, and emits remotebfonboardpackagesonboard,import,recover,rotate-key, androtate-keyset generatesupport--daemon- profile-producing flows also support
--startfor immediate foreground attach
Once a profile is running, the main operator surface is:
cargo run -p igloo-shell-cli -- daemon status --profile <profile-id>
cargo run -p igloo-shell-cli -- runtime status --profile <profile-id>
cargo run -p igloo-shell-cli -- peer list --profile <profile-id>
cargo run -p igloo-shell-cli -- policy show --profile <profile-id>
cargo run -p igloo-shell-cli -- daemon logs --profile <profile-id> --followUseful supporting commands:
cargo run -p igloo-shell-cli -- profile backup <profile-id>
cargo run -p igloo-shell-cli -- export <profile-id> --out <dir> --format raw
cargo run -p igloo-shell-cli -- relays list
cargo run -p igloo-shell-cli -- relays set <id> --label <label> <url>...
cargo run -p igloo-shell-cli -- relays default <id>Repo-local script entrypoints:
scripts/devnet.sh gen
scripts/devnet.sh start
scripts/devnet.sh status
scripts/devnet.sh smoke
scripts/devnet.sh start-responders
scripts/devnet-tmux.sh start
scripts/test-node-e2e.sh
scripts/ws_soak.sh --iterations 25 --out dev/audit/work/evidence/ws-soak-$(date +%F).txtDeveloper material generated by scripts/devnet.sh gen includes:
- managed profiles for
alice,bob, andcarol - relay and runtime state under
.tmp/devnet/by default - lower-level runtime artifacts under
.tmp/devnet/material/
Those raw material files are developer utilities. Normal operator workflows should use managed profiles and package commands.