HESTIAdocs

Connecting & your identity

How the console connects a wallet, derives your shielded identity from one signature, and what the status readouts mean.

Opening /app shows the connect screen: a blueprint dial, the line "Enter the shielded layer," and a single Connect wallet button. Everything about your shielded identity comes from that one action.

What happens on connect

  1. Wallet request. The console asks your browser wallet for an address using a custom transport over window.ethereum. Install any Base-compatible wallet first; if none is found the console tells you so.
  2. Chain switch. It asks the wallet to switch to the configured chain (Base / Base Sepolia / a local chain). If you decline, reads still work over the configured RPC and you can switch manually.
  3. One signature. It asks you to sign the fixed message hestia.io/keys/v1. This is a plain message signature — not a transaction — so it costs nothing and moves nothing.
  4. Key derivation. From that signature the console derives your four keys (deriveKeysFromSignature) — your identity. The secret keys live only in the page's memory.
  5. Client ready. It builds a Hestia client wired to your wallet (so the wallet signs and submits), an association provider that tracks the pool's deposits, and the proving artifacts served from /circuits. Then it syncs.
text
Connect ─► sign "hestia.io/keys/v1" ─► derive keys ─► Hestia.create ─► sync ─► ready
                (no gas, no tx)         (in-memory)      (browser)

The signature is your identity. Sign the canonical message with the same wallet and you always recreate the same shielded identity — there is nothing to back up. Sign something else, or connect a different wallet, and you get a different identity. The console always uses hestia.io/keys/v1.

Reading the panel

After connect, the utility bar reads Hestia/Console/<your address> with an ONLINE · BASE chip. The status strip gives you the live state:

ReadoutMeaning
agentYour connected public address.
leavesThe number of commitments (leaves) in the pool's tree — its size.
set·rootThe current association root your spends prove against.
↻ syncRe-pull chain events: refresh notes, balance, leaf count, and association root.

Press sync any time to bring your view up to date — for instance after someone pays you, so their note shows up in your balance.

Privacy during connect

  • The signature and key derivation happen in the browser; no key material is sent anywhere.
  • The console reads pool state through its backend indexer, which only ever serves public chain data (commitments, ciphertexts you trial-decrypt locally, nullifiers).
  • Your private balance is reconstructed on the device by decrypting note blobs with your viewing key — see the shielded pool.

With an identity in hand, continue to shield, send, withdraw.