🛡️ Sentinel: [CRITICAL] Fix command injection in run_bitcoin_cli

Co-authored-by: bitcoiner-dev <75873427+bitcoiner-dev@users.noreply.github.com>

Author: google-labs-jules[bot]

CHANGELOG.md

@@ -6,6 +6,23 @@ All notable changes to this project will be documented in this file.
 
 - No changes yet.
 
+## [0.3.0] - 2026-03-27
+
+### Changed
+- Removed `quiet` mode from CLI surface and config plumbing:
+  - removed `--quiet` global flag,
+  - removed `ZINC_CLI_QUIET` env handling,
+  - removed persisted config key `quiet`,
+  - removed setup `--quiet-default`.
+- Updated command contract/docs to reflect the current global flag set.
+- Improved wallet/account config resolution and wallet-info consistency with effective runtime network/scheme values.
+- Improved wallet-info recency presentation in human output.
+
+### Fixed
+- Fixed account-switch address preview paths to use receive index `0` consistently.
+- Refined offer/PSBT input-source handling and stdin conflict validation.
+- Updated dependency pin to `zinc-core = =0.1.2`.
+
 ## [0.2.1] - 2026-03-26
 
 ### Fixed

COMMAND_CONTRACT_V1.md

@@ -25,7 +25,7 @@ This document defines the active `v1` command contract. It is additive with curr
 
 ## 3) Global Flags (Supported)
 
-`--agent`, `--quiet`, `--yes`, `--password`, `--password-env`, `--password-stdin`, `--reveal`, `--data-dir`, `--profile`, `--network`, `--scheme`, `--esplora-url`, `--ord-url`, `--ascii`, `--no-images`, `--thumb`, `--no-thumb`, `--correlation-id`, `--log-json`, `--idempotency-key`, `--network-timeout-secs`, `--network-retries`, `--policy-mode`
+`--agent`, `--yes`, `--password`, `--password-env`, `--password-stdin`, `--reveal`, `--data-dir`, `--profile`, `--network`, `--scheme`, `--esplora-url`, `--ord-url`, `--ascii`, `--no-images`, `--thumb`, `--no-thumb`, `--correlation-id`, `--log-json`, `--idempotency-key`, `--network-timeout-secs`, `--network-retries`, `--policy-mode`
 
 Global flags are supported both before and after command tokens.
 

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "zinc-wallet-cli"
-version = "0.2.1"
+version = "0.3.0"
 edition = "2021"
 rust-version = "1.88"
 license = "MIT"
@@ -76,7 +76,7 @@ tui-big-text = { version = "0.8.2", optional = true }
 figlet-rs = { version = "0.1.5", optional = true }
 supports-unicode = "3.0.0"
 
-zinc-core = { version = "=0.1.1" }
+zinc-core = { version = "=0.1.2" }
 rand = { version = "0.8", optional = true }
 bip39 = { version = "2.1.0", optional = true }
 image = { version = "0.25.10", features = ["avif", "webp"] }

USAGE.md

@@ -37,7 +37,6 @@ Environment defaults (optional):
 - `ZINC_CLI_DATA_DIR`
 - `ZINC_CLI_PASSWORD_ENV`
 - `ZINC_CLI_OUTPUT` (`human|agent`)
-- `ZINC_CLI_QUIET` (`1|true|yes|on`)
 - `ZINC_CLI_NETWORK`
 - `ZINC_CLI_SCHEME`
 - `ZINC_CLI_ESPLORA_URL`

src/cli.rs

@@ -9,8 +9,6 @@ pub enum PolicyMode {
     Strict,
 }
 
-
-
 #[derive(Parser, Debug, Clone)]
 #[command(
     name = "zinc-cli",
@@ -21,13 +19,13 @@ pub struct Cli {
     #[command(subcommand)]
     pub command: Command,
 
-
-    #[arg(long, global = true, help = "Agent mode (machine-readable JSON output)")]
+    #[arg(
+        long,
+        global = true,
+        help = "Agent mode (machine-readable JSON output)"
+    )]
     pub agent: bool,
 
-    #[arg(long, global = true, help = "Suppress all non-error output")]
-    pub quiet: bool,
-
     #[arg(long, global = true, help = "Automatically say yes to prompts")]
     pub yes: bool,
 
@@ -118,11 +116,7 @@ pub struct Cli {
     )]
     pub network_retries: u32,
 
-    #[arg(
-        long,
-        global = true,
-        help = "Disable inscription thumbnails"
-    )]
+    #[arg(long, global = true, help = "Disable inscription thumbnails")]
     pub no_thumb: bool,
 
     #[arg(
@@ -193,9 +187,6 @@ pub struct SetupArgs {
     pub default_esplora_url: Option<String>,
     #[arg(long)]
     pub default_ord_url: Option<String>,
-    #[arg(long)]
-    pub quiet_default: Option<bool>,
-
     #[arg(long)]
     pub restore_mnemonic: Option<String>,
     #[arg(long)]

src/commands/account.rs

@@ -25,10 +25,11 @@ pub async fn run(cli: &Cli, args: &AccountArgs) -> Result<CommandOutput, AppErro
             write_profile(&path, &profile)?;
 
             let session = load_wallet_session(cli)?;
-            let taproot_addr = session.wallet.peek_taproot_address(*index).to_string();
+            // Display the first receive address for the active account.
+            let taproot_addr = session.wallet.peek_taproot_address(0).to_string();
             let payment_addr = session
                 .wallet
-                .peek_payment_address(*index)
+                .peek_payment_address(0)
                 .map(|s| s.to_string());
 
             Ok(CommandOutput::AccountUse {

src/commands/config.rs

@@ -17,7 +17,6 @@ pub async fn run(cli: &Cli, args: &ConfigArgs) -> Result<CommandOutput, AppError
                 "data_dir": cli.data_dir.as_ref().map(|p| p.display().to_string()).or(config.data_dir.clone()).unwrap_or_else(|| "~/.zinc-cli".to_string()),
                 "password_env": cli.password_env.as_ref().or(config.password_env.as_ref()).cloned().unwrap_or_else(|| "ZINC_WALLET_PASSWORD".to_string()),
                 "agent": cli.agent,
-                "quiet": cli.quiet || config.quiet.unwrap_or(false),
                 "defaults": {
                     "network": config.network.clone(),
                     "scheme": config.scheme.clone(),
@@ -35,7 +34,12 @@ pub async fn run(cli: &Cli, args: &ConfigArgs) -> Result<CommandOutput, AppError
             save_persisted_config(&config)?;
             Ok(CommandOutput::ConfigSet {
                 key: field.as_str().to_string(),
-                value: applied.as_str().unwrap_or("").to_string().replace("\"", "").to_string(),
+                value: applied
+                    .as_str()
+                    .unwrap_or("")
+                    .to_string()
+                    .replace("\"", "")
+                    .to_string(),
                 saved: true,
             })
         }