diff --git a/README.md b/README.md
index bfa62746..e3fe4595 100644
--- a/README.md
+++ b/README.md
@@ -105,14 +105,15 @@ npm run flowchain:demo
 npm run flowchain:export
 ```
 
-Run the merged-surface smoke path when Foundry, Python, Visual Studio Build
-Tools C++ workload, dashboard dependencies, and crypto dependencies are
+Run the private/local acceptance smoke path when Foundry, Python, Visual Studio
+Build Tools C++ workload, dashboard dependencies, and crypto dependencies are
 installed:
 
 ```powershell
 npm install --prefix apps/dashboard
 npm install --prefix crypto
 npm run flowchain:smoke
+npm run flowchain:full-smoke
 ```
 
 Run the existing dashboard as the local workbench:
diff --git a/apps/dashboard/README.md b/apps/dashboard/README.md
index 5395d4f5..e3b72ed2 100644
--- a/apps/dashboard/README.md
+++ b/apps/dashboard/README.md
@@ -105,14 +105,18 @@ fixtures/dashboard/generated/hardware-heartbeats.json
 
 Every displayed record carries source subsystem, fixture/local origin, chain context, ID/hash, status, and last-updated metadata when available.
 
-The workbench adds local setup/API status plus object views for blocks, transactions, agents, models, receipts, memory cells, artifacts, verifier reports, challenges, finality, provenance, and raw JSON. When a current fixture does not yet contain a private-testnet object type, the view stays empty and names the expected control-plane endpoint.
+The workbench adds local setup/API status plus object views for node status, peers, blocks, transactions, mempool, accounts, balances, faucet events, wallet public metadata, agents, models, receipts, memory cells, artifacts, verifier modules/reports, challenges, finality, private/local bridge deposits/credits/withdrawals, hardware signals, provenance, and raw JSON. When a current fixture does not yet contain a private-testnet object type, the view stays empty and names the expected control-plane endpoint plus the local command/service that should provide it.
+
+Browser actions are hidden unless the local control-plane advertises the matching POST endpoint through `/health` or `/state`. The dashboard never asks for private keys in the browser.
 
 Workbench object coverage:
 
 ```text
-node/chain status, blocks, transactions, rootfields, agents, models, work receipts,
+node/chain status, peers, blocks, transactions, mempool, accounts, balances,
+faucet events, wallet public metadata, rootfields, agents, models, work receipts,
 memory cells, artifacts, verifier modules, verifier reports, challenges, finality,
-provenance/source, hardware signals, raw JSON
+bridge deposits, bridge credits, bridge withdrawals, provenance/source,
+hardware signals, raw JSON
 ```
 
 ## Status Vocabulary
diff --git a/apps/dashboard/public/data/flowchain-local-devnet-dashboard-state.json b/apps/dashboard/public/data/flowchain-local-devnet-dashboard-state.json
index 62715539..df33245c 100644
--- a/apps/dashboard/public/data/flowchain-local-devnet-dashboard-state.json
+++ b/apps/dashboard/public/data/flowchain-local-devnet-dashboard-state.json
@@ -30,23 +30,25 @@
     }
   },
   "baseAnchors": {
-    "0x2e2c83de6aab8190d169ad3348c62ce0cf0d4dcd6e83932c7beda822b4736a64": {
+    "0xd1112ed01fdf86d0caa079d7668a5c3e0482f6da36d8831f1e12a21bf2a77885": {
       "agentAccountRoot": "0xcf31230bfff347f79e19a55f4d1ff5fa486b0b1ad4754ce22b93de4b259a3ca7",
-      "anchorId": "0x2e2c83de6aab8190d169ad3348c62ce0cf0d4dcd6e83932c7beda822b4736a64",
+      "anchorId": "0xd1112ed01fdf86d0caa079d7668a5c3e0482f6da36d8831f1e12a21bf2a77885",
       "appchainChainId": "flowmemory-local-devnet-v0",
       "artifactAvailabilityProofRoot": "0xfb4b693c45014aae0947f35696e9d864e7b26ac6fd39c1df5edb3e0dcf9bd928",
       "artifactCommitmentRoot": "0xb772a9f7273032fd3ba2da8b6476d4715bbbafbd2a7eed21ecd0d558bde3beab",
       "blockRangeEnd": 1,
       "blockRangeStart": 1,
       "challengeRoot": "0x16da3d2bf2dcd801bc5deb3987dc01342cb957031ad01408ea77bf5d1583656f",
-      "finalityReceiptRoot": "0x8b8f5ff0d8c0a2f799958098165e8a6ff3c8f822f57147d1e1e7d2199ae1e347",
+      "faucetRecordRoot": "0x2277503a52fab3f9e49b40debfb7d641abee75cf268aa56da403fdcf4fad6cee",
+      "finalityReceiptRoot": "0x990b60fd5f91eb725b65d36a1324e00be255daaa4bc0fbbe163343c3934b120a",
       "finalityStatus": "local-placeholder",
+      "localTestUnitBalanceRoot": "0x167041ef195b5dde2d2cade6ecb26c9a0a596e9ed21ff7bfb02d33c9d2be8d15",
       "memoryCellRoot": "0x1b4e91099dd8d867201bd880437197ae6c031e538341aaa3cd2046e5706a2c25",
       "modelPassportRoot": "0x326aa6b0b372d29d24d747fe0879adfd7aaea206373b24ae2ab77d56357e9529",
       "operatorKeyReferenceRoot": "0x8457aa3ed0f4238834a8f3925f25ccca805828d8427c3ef67590a45659b22a40",
       "previousAnchorId": "0x0000000000000000000000000000000000000000000000000000000000000000",
       "rootfieldStateRoot": "0xb72a851dca1103410484e3272945bae5e87fc39b8f32f77d2991959b60d3bfbf",
-      "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
+      "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
       "verifierModuleRoot": "0xd6ddd8a2d0f5812d64679656c69983a2e0aecd36bd36199d900245658ae4626c",
       "verifierReportRoot": "0x4facd21e55423e182eba87355482a35daa93f53190fbd3a8d2969f9d55bc5373",
       "workReceiptRoot": "0x8b3ef5650c9eea2f608ad9c7cb73df3c289fc0ac72ed04f46e6ae4bce0a1f023"
@@ -66,6 +68,17 @@
       "status": "resolved"
     }
   },
+  "faucetRecords": {
+    "faucet:demo:001": {
+      "accountId": "local-balance:demo:agent-alpha",
+      "amountUnits": 1000,
+      "creditedAtBlock": 1,
+      "faucetRecordId": "faucet:demo:001",
+      "noValue": true,
+      "reason": "local-smoke-no-value-test-units",
+      "recipient": "agent:demo:alpha"
+    }
+  },
   "finalityReceipts": {
     "finality:demo:001": {
       "challengeCount": 1,
@@ -75,7 +88,7 @@
       "finalizedBy": "operator:local-demo",
       "receiptId": "receipt:demo:001",
       "rootfieldId": "rootfield:demo:alpha",
-      "stateRoot": "0x5b55ae15cf9ff5f7c18f8dce05da5ed0f780e4103607819129ce09f1ed7744a7"
+      "stateRoot": "0x2cff83eaf83ea3ae2e9b248ca6ac2b32e23fa3f9ca067c4a9c93e72ef5679d33"
     }
   },
   "genesisConfig": {
@@ -93,15 +106,28 @@
     "operatorKeyReferenceId": "operator-key:local-devnet:alpha",
     "schema": "flowmemory.local_devnet.config.v0"
   },
+  "localTestUnitBalances": {
+    "local-balance:demo:agent-alpha": {
+      "accountId": "local-balance:demo:agent-alpha",
+      "lastFaucetRecordId": "faucet:demo:001",
+      "noValue": true,
+      "owner": "agent:demo:alpha",
+      "totalFaucetUnits": 1000,
+      "units": 1000,
+      "updatedAtBlock": 1
+    }
+  },
   "mapRoots": {
     "agentAccountRoot": "0xcf31230bfff347f79e19a55f4d1ff5fa486b0b1ad4754ce22b93de4b259a3ca7",
     "artifactAvailabilityProofRoot": "0xfb4b693c45014aae0947f35696e9d864e7b26ac6fd39c1df5edb3e0dcf9bd928",
     "artifactCommitmentRoot": "0xb772a9f7273032fd3ba2da8b6476d4715bbbafbd2a7eed21ecd0d558bde3beab",
-    "baseAnchorRoot": "0xd61259ffaad6d352bd8f2e1b498c46b9d62b3c77ff22eeacd028bbb0cc66c5bd",
+    "baseAnchorRoot": "0x0f455d919de2d313e88c276b687975249bf3ce53c9cedc27c012a85bcbf0b946",
     "challengeRoot": "0x16da3d2bf2dcd801bc5deb3987dc01342cb957031ad01408ea77bf5d1583656f",
-    "finalityReceiptRoot": "0x8b8f5ff0d8c0a2f799958098165e8a6ff3c8f822f57147d1e1e7d2199ae1e347",
+    "faucetRecordRoot": "0x2277503a52fab3f9e49b40debfb7d641abee75cf268aa56da403fdcf4fad6cee",
+    "finalityReceiptRoot": "0x990b60fd5f91eb725b65d36a1324e00be255daaa4bc0fbbe163343c3934b120a",
     "importedObservationRoot": "0x99cb1b939d5a09f800f72e4c5a2b92988571126e1f6f93549f4893b3f7de7880",
     "importedVerifierReportRoot": "0x6070b1015f000dd509c7b276d2ad68d8a9d188ef1a961c2f573346eb75ea5ad7",
+    "localTestUnitBalanceRoot": "0x167041ef195b5dde2d2cade6ecb26c9a0a596e9ed21ff7bfb02d33c9d2be8d15",
     "memoryCellRoot": "0x1b4e91099dd8d867201bd880437197ae6c031e538341aaa3cd2046e5706a2c25",
     "modelPassportRoot": "0x326aa6b0b372d29d24d747fe0879adfd7aaea206373b24ae2ab77d56357e9529",
     "operatorKeyReferenceRoot": "0x8457aa3ed0f4238834a8f3925f25ccca805828d8427c3ef67590a45659b22a40",
@@ -164,7 +190,7 @@
     }
   },
   "schema": "flowmemory.dashboard_state.local_devnet.v0",
-  "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50",
+  "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f",
   "verifierModules": {
     "verifier:local-demo": {
       "active": true,
diff --git a/apps/dashboard/public/data/flowchain-local-devnet-state.json b/apps/dashboard/public/data/flowchain-local-devnet-state.json
index 643b655e..ccec530d 100644
--- a/apps/dashboard/public/data/flowchain-local-devnet-state.json
+++ b/apps/dashboard/public/data/flowchain-local-devnet-state.json
@@ -19,7 +19,7 @@
   "genesisHash": "0x0f23c892cbd2d00c10839d97ddab833698a83f8df8d6df27ceac03cfdd4b7bc9",
   "nextBlockNumber": 3,
   "logicalTime": 1778688002,
-  "parentHash": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919",
+  "parentHash": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82",
   "operatorKeyReferences": {
     "operator-key:local-devnet:alpha": {
       "schema": "flowmemory.local_devnet.operator_key_reference.v0",
@@ -59,6 +59,28 @@
       "active": true
     }
   },
+  "localTestUnitBalances": {
+    "local-balance:demo:agent-alpha": {
+      "accountId": "local-balance:demo:agent-alpha",
+      "owner": "agent:demo:alpha",
+      "units": 1000,
+      "totalFaucetUnits": 1000,
+      "lastFaucetRecordId": "faucet:demo:001",
+      "updatedAtBlock": 1,
+      "noValue": true
+    }
+  },
+  "faucetRecords": {
+    "faucet:demo:001": {
+      "faucetRecordId": "faucet:demo:001",
+      "accountId": "local-balance:demo:agent-alpha",
+      "recipient": "agent:demo:alpha",
+      "amountUnits": 1000,
+      "reason": "local-smoke-no-value-test-units",
+      "creditedAtBlock": 1,
+      "noValue": true
+    }
+  },
   "modelPassports": {
     "model:demo:local-alpha": {
       "modelPassportId": "model:demo:local-alpha",
@@ -105,7 +127,7 @@
       "finalityStatus": "finalized",
       "challengeCount": 1,
       "finalizedAtBlock": 1,
-      "stateRoot": "0x5b55ae15cf9ff5f7c18f8dce05da5ed0f780e4103607819129ce09f1ed7744a7"
+      "stateRoot": "0x2cff83eaf83ea3ae2e9b248ca6ac2b32e23fa3f9ca067c4a9c93e72ef5679d33"
     }
   },
   "artifactCommitments": {
@@ -163,22 +185,24 @@
   "importedObservations": {},
   "importedVerifierReports": {},
   "baseAnchors": {
-    "0x2e2c83de6aab8190d169ad3348c62ce0cf0d4dcd6e83932c7beda822b4736a64": {
-      "anchorId": "0x2e2c83de6aab8190d169ad3348c62ce0cf0d4dcd6e83932c7beda822b4736a64",
+    "0xd1112ed01fdf86d0caa079d7668a5c3e0482f6da36d8831f1e12a21bf2a77885": {
+      "anchorId": "0xd1112ed01fdf86d0caa079d7668a5c3e0482f6da36d8831f1e12a21bf2a77885",
       "appchainChainId": "flowmemory-local-devnet-v0",
       "blockRangeStart": 1,
       "blockRangeEnd": 1,
-      "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
+      "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
       "workReceiptRoot": "0x8b3ef5650c9eea2f608ad9c7cb73df3c289fc0ac72ed04f46e6ae4bce0a1f023",
       "verifierReportRoot": "0x4facd21e55423e182eba87355482a35daa93f53190fbd3a8d2969f9d55bc5373",
       "rootfieldStateRoot": "0xb72a851dca1103410484e3272945bae5e87fc39b8f32f77d2991959b60d3bfbf",
       "artifactCommitmentRoot": "0xb772a9f7273032fd3ba2da8b6476d4715bbbafbd2a7eed21ecd0d558bde3beab",
       "operatorKeyReferenceRoot": "0x8457aa3ed0f4238834a8f3925f25ccca805828d8427c3ef67590a45659b22a40",
       "agentAccountRoot": "0xcf31230bfff347f79e19a55f4d1ff5fa486b0b1ad4754ce22b93de4b259a3ca7",
+      "localTestUnitBalanceRoot": "0x167041ef195b5dde2d2cade6ecb26c9a0a596e9ed21ff7bfb02d33c9d2be8d15",
+      "faucetRecordRoot": "0x2277503a52fab3f9e49b40debfb7d641abee75cf268aa56da403fdcf4fad6cee",
       "modelPassportRoot": "0x326aa6b0b372d29d24d747fe0879adfd7aaea206373b24ae2ab77d56357e9529",
       "memoryCellRoot": "0x1b4e91099dd8d867201bd880437197ae6c031e538341aaa3cd2046e5706a2c25",
       "challengeRoot": "0x16da3d2bf2dcd801bc5deb3987dc01342cb957031ad01408ea77bf5d1583656f",
-      "finalityReceiptRoot": "0x8b8f5ff0d8c0a2f799958098165e8a6ff3c8f822f57147d1e1e7d2199ae1e347",
+      "finalityReceiptRoot": "0x990b60fd5f91eb725b65d36a1324e00be255daaa4bc0fbbe163343c3934b120a",
       "artifactAvailabilityProofRoot": "0xfb4b693c45014aae0947f35696e9d864e7b26ac6fd39c1df5edb3e0dcf9bd928",
       "verifierModuleRoot": "0xd6ddd8a2d0f5812d64679656c69983a2e0aecd36bd36199d900245658ae4626c",
       "previousAnchorId": "0x0000000000000000000000000000000000000000000000000000000000000000",
@@ -195,6 +219,8 @@
         "0x2cffda58c783dc026978b06a681587b19d9536ae4e158a69be855da1200f3189",
         "0x75e63a0257621b8ef7412c6455a19d848996905e21f5ba79ccb0870d6e82eb25",
         "0x6f55c155425b968de01092be7d276f0c24430a2994910881938bc13c72f8892f",
+        "0xafd3991af8b9e4eadfa3810f82d74701b7518269ae7ba5d0e3e450844445b03b",
+        "0xec7019403fec03ea2ea4b090bc5ee1c63017ed9834bff5fb87ce2fe5d5794919",
         "0x05abb39c720d8ee1cd9253e32efaa595f5d5b2fcef4a908f61ab4a6bfa315359",
         "0xb9f435aceb1bedb86dce821743769b28c02a42002c9cd41f2df1ea0279462ab2",
         "0x27aeba6c55c764222964764cb2bfbb69fb6fa56cb84714d6e98240ceb6e9d01d",
@@ -222,6 +248,16 @@
           "status": "applied",
           "error": null
         },
+        {
+          "txId": "0xafd3991af8b9e4eadfa3810f82d74701b7518269ae7ba5d0e3e450844445b03b",
+          "status": "applied",
+          "error": null
+        },
+        {
+          "txId": "0xec7019403fec03ea2ea4b090bc5ee1c63017ed9834bff5fb87ce2fe5d5794919",
+          "status": "applied",
+          "error": null
+        },
         {
           "txId": "0x05abb39c720d8ee1cd9253e32efaa595f5d5b2fcef4a908f61ab4a6bfa315359",
           "status": "applied",
@@ -273,13 +309,13 @@
           "error": null
         }
       ],
-      "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
-      "blockHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9"
+      "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
+      "blockHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56"
     },
     {
       "schema": "flowmemory.local_devnet.block.v0",
       "blockNumber": 2,
-      "parentHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+      "parentHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
       "logicalTime": 1778688001,
       "txIds": [
         "0x8f719c880f17b5d4fb6d9efd54ac276d0dd8050d11c2c7870c36a79b66bc49d7"
@@ -291,8 +327,8 @@
           "error": null
         }
       ],
-      "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50",
-      "blockHash": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919"
+      "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f",
+      "blockHash": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82"
     }
   ],
   "pendingTxs": []
diff --git a/apps/dashboard/public/data/flowmemory-dashboard-v0.json b/apps/dashboard/public/data/flowmemory-dashboard-v0.json
index 663e67ac..fc642893 100644
--- a/apps/dashboard/public/data/flowmemory-dashboard-v0.json
+++ b/apps/dashboard/public/data/flowmemory-dashboard-v0.json
@@ -1993,12 +1993,12 @@
   ],
   "devnetBlocks": [
     {
-      "id": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+      "id": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
       "blockNumber": 1,
-      "blockHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+      "blockHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
       "parentHash": "0x0f23c892cbd2d00c10839d97ddab833698a83f8df8d6df27ceac03cfdd4b7bc9",
-      "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
-      "receiptsRoot": "0x6393961b24d5db9f2984a39a98e827850b771f05c7f18005addb9a530af5a9b7",
+      "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
+      "receiptsRoot": "0x2f98caf4b28b2209cdf1f9beb1c23f8732c538657cc7a1d8855878b5400efabd",
       "timestamp": "2026-05-13T16:00:00.000Z",
       "observationCount": 8,
       "reportCount": 8,
@@ -2015,11 +2015,11 @@
       }
     },
     {
-      "id": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919",
+      "id": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82",
       "blockNumber": 2,
-      "blockHash": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919",
-      "parentHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
-      "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50",
+      "blockHash": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82",
+      "parentHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
+      "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f",
       "receiptsRoot": "0xa0407b9a8a55106d549e0f19b92fceaa7f7a25697e94ebf8a1fa74af7b9168f4",
       "timestamp": "2026-05-13T16:00:01.000Z",
       "observationCount": 8,
diff --git a/apps/dashboard/src/App.tsx b/apps/dashboard/src/App.tsx
index b1b1792b..1b97c60e 100644
--- a/apps/dashboard/src/App.tsx
+++ b/apps/dashboard/src/App.tsx
@@ -4,7 +4,7 @@ import { AlertTriangle, RefreshCw } from "lucide-react";
 import { AppShell } from "./components/AppShell";
 import { DEFAULT_CANARY_DASHBOARD_DATA_PATH, fetchDashboardData } from "./data/loadDashboardData";
 import type { DashboardData } from "./data/types";
-import { buildWorkbenchSnapshot, fetchWorkbenchSnapshot, type WorkbenchSnapshot } from "./data/workbench";
+import { DEFAULT_CONTROL_PLANE_URL, buildWorkbenchSnapshot, fetchWorkbenchSnapshot, type WorkbenchSnapshot } from "./data/workbench";
 import { AlertsView } from "./views/AlertsView";
 import { CanaryDeploymentView } from "./views/CanaryDeploymentView";
 import { DevnetBlocksView } from "./views/DevnetBlocksView";
@@ -25,6 +25,10 @@ function LoadingState() {
         <div className="skeleton-line skeleton-title" />
         <div className="skeleton-line" />
         <div className="skeleton-line skeleton-short" />
+        <p className="boot-hint">
+          Loading dashboard fixtures and probing {DEFAULT_CONTROL_PLANE_URL}/health plus /state. If this stays offline,
+          start the local service with <code>npm run flowchain:start</code>.
+        </p>
         <div className="boot-grid">
           <div />
           <div />
@@ -43,6 +47,10 @@ function ErrorState({ message, onRetry }: { message: string; onRetry: () => void
         <div>
           <h1>Dashboard fixture failed to load</h1>
           <p>{message}</p>
+          <p>
+            Run <code>npm run launch:v0</code> or <code>npm run sync:fixtures --prefix apps/dashboard</code> to refresh
+            local dashboard data, then retry.
+          </p>
           <button className="button button-primary" type="button" onClick={onRetry}>
             <RefreshCw size={16} aria-hidden="true" />
             Retry fixture load
diff --git a/apps/dashboard/src/components/AppShell.tsx b/apps/dashboard/src/components/AppShell.tsx
index cdbf4fb6..765d1308 100644
--- a/apps/dashboard/src/components/AppShell.tsx
+++ b/apps/dashboard/src/components/AppShell.tsx
@@ -1,5 +1,5 @@
 import type { ReactNode } from "react";
-import { NavLink } from "react-router-dom";
+import { NavLink, useLocation } from "react-router-dom";
 import {
   Activity,
   Bell,
@@ -42,6 +42,20 @@ const NAV_ITEMS = [
 ];
 
 export function AppShell({ data, canaryData, workbench, children }: AppShellProps) {
+  const location = useLocation();
+  const isCanaryRoute = location.pathname.startsWith("/canary");
+  const activeData = isCanaryRoute && canaryData ? canaryData : data;
+  const bannerMode = isCanaryRoute
+    ? {
+        lead: "Canary-only review active.",
+        detail:
+          "This route uses the guarded Base canary fixture and keeps local fixture/V0 workbench views separate. It is not a production launch or production-readiness claim.",
+      }
+    : {
+        lead: workbench.source === "control-plane" ? "Local API detected." : "Fixture fallback active.",
+        detail: `Runtime JSON is loaded from ${data.metadata.runtimeDataPath}; control-plane integration probes ${workbench.controlPlane.url} and falls back to deterministic fixture data when unavailable.`,
+      };
+
   return (
     <div className="app-shell">
       <aside className="sidebar">
@@ -73,22 +87,19 @@ export function AppShell({ data, canaryData, workbench, children }: AppShellProp
       <div className="workspace">
         <header className="topbar">
           <div>
-            <span className="eyebrow">local operator surface</span>
-            <h2>{data.chain.name}</h2>
+            <span className="eyebrow">{isCanaryRoute ? "guarded canary surface" : "local operator surface"}</span>
+            <h2>{activeData.chain.name}</h2>
           </div>
           <div className="topbar-meta" aria-label="Data provenance">
-            <span>chain {data.chain.chainId}</span>
-            <span>{workbench.controlPlane.status}</span>
-            <span>{data.chain.source}</span>
-            <span>updated {new Date(data.chain.lastUpdated).toLocaleString()}</span>
+            <span>chain {activeData.chain.chainId}</span>
+            <span>{isCanaryRoute ? activeData.metadata.mode : workbench.controlPlane.status}</span>
+            <span>{activeData.chain.source}</span>
+            <span>updated {new Date(activeData.chain.lastUpdated).toLocaleString()}</span>
           </div>
         </header>
         <div className="fixture-banner" role="note">
-          <strong>{workbench.source === "control-plane" ? "Local API detected." : "Fixture fallback active."}</strong>
-          <span>
-            Runtime JSON is loaded from {data.metadata.runtimeDataPath}; control-plane integration probes{" "}
-            {workbench.controlPlane.url} and falls back to deterministic fixture data when unavailable.
-          </span>
+          <strong>{bannerMode.lead}</strong>
+          <span>{bannerMode.detail}</span>
         </div>
         <main className="content">{children}</main>
       </div>
diff --git a/apps/dashboard/src/data/workbench.ts b/apps/dashboard/src/data/workbench.ts
index 0a678dd3..fc70db08 100644
--- a/apps/dashboard/src/data/workbench.ts
+++ b/apps/dashboard/src/data/workbench.ts
@@ -9,8 +9,15 @@ const CONTROL_PLANE_TIMEOUT_MS = 900;
 
 export type WorkbenchSource = "control-plane" | "fixture-fallback";
 export type WorkbenchSectionKey =
+  | "nodeStatus"
+  | "peers"
   | "blocks"
   | "transactions"
+  | "mempool"
+  | "accounts"
+  | "balances"
+  | "faucetEvents"
+  | "walletMetadata"
   | "rootfields"
   | "agents"
   | "models"
@@ -21,6 +28,9 @@ export type WorkbenchSectionKey =
   | "verifierReports"
   | "challenges"
   | "finality"
+  | "bridgeDeposits"
+  | "bridgeCredits"
+  | "bridgeWithdrawals"
   | "provenance"
   | "hardwareSignals"
   | "rawJson";
@@ -46,6 +56,8 @@ export interface WorkbenchSectionDefinition {
   label: string;
   detail: string;
   expectedEndpoint: string;
+  missingCommand: string;
+  missingService: string;
 }
 
 export interface ControlPlaneProbe {
@@ -72,12 +84,20 @@ export interface WorkbenchSetupStep {
   detail: string;
 }
 
+export interface WorkbenchAction {
+  label: string;
+  endpoint: string;
+  detail: string;
+  boundary: string;
+}
+
 export interface WorkbenchSnapshot {
   source: WorkbenchSource;
   generatedAt: string;
   controlPlane: ControlPlaneProbe;
   node: WorkbenchNodeStatus;
   setupSteps: WorkbenchSetupStep[];
+  actions: WorkbenchAction[];
   sections: Record<WorkbenchSectionKey, WorkbenchRecord[]>;
   loadIssues: string[];
   raw: {
@@ -92,95 +112,232 @@ export interface WorkbenchSnapshot {
 type UnknownRecord = Record<string, unknown>;
 
 export const WORKBENCH_SECTIONS: WorkbenchSectionDefinition[] = [
+  {
+    key: "nodeStatus",
+    label: "Node Status",
+    detail: "Runtime health, chain head, genesis, state root, and local API availability.",
+    expectedEndpoint: "GET /health + GET /state",
+    missingCommand: "npm run flowchain:start",
+    missingService: "FlowChain control-plane API on http://127.0.0.1:8787",
+  },
+  {
+    key: "peers",
+    label: "Peers",
+    detail: "Private/local peer inventory when the control-plane exposes network state.",
+    expectedEndpoint: "GET /peers",
+    missingCommand: "npm run flowchain:start",
+    missingService: "FlowChain peer service /peers",
+  },
   {
     key: "blocks",
     label: "Blocks",
     detail: "Private/local chain blocks, state roots, parent hashes, and receipt counts.",
     expectedEndpoint: "GET /blocks",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain state export /blocks",
   },
   {
     key: "transactions",
     label: "Transactions",
     detail: "Smoke-flow transaction ids and receipt application status.",
     expectedEndpoint: "GET /transactions",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain state export /transactions",
+  },
+  {
+    key: "mempool",
+    label: "Mempool",
+    detail: "Pending local transaction pool before deterministic block production.",
+    expectedEndpoint: "GET /mempool",
+    missingCommand: "npm run flowchain:start",
+    missingService: "FlowChain control-plane /mempool",
+  },
+  {
+    key: "accounts",
+    label: "Accounts",
+    detail: "Public account/controller metadata for local agent and operator identities.",
+    expectedEndpoint: "GET /accounts",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain account registry /accounts",
+  },
+  {
+    key: "balances",
+    label: "Balances",
+    detail: "No-value local balance or credit metadata when exported by the private testnet API.",
+    expectedEndpoint: "GET /balances",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain no-value balance view /balances",
+  },
+  {
+    key: "faucetEvents",
+    label: "Faucet Events",
+    detail: "Local faucet or no-value credit events for demo accounts only.",
+    expectedEndpoint: "GET /faucet-events",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain local faucet event view /faucet-events",
+  },
+  {
+    key: "walletMetadata",
+    label: "Wallet Metadata",
+    detail: "Public key references and browser-safe wallet metadata. Private keys are never read here.",
+    expectedEndpoint: "GET /wallets/public",
+    missingCommand: "npm run flowchain:init",
+    missingService: "FlowChain public wallet metadata /wallets/public",
   },
   {
     key: "rootfields",
     label: "Rootfields",
     detail: "Rootfield namespaces, owners, compact roots, schema hashes, and active state.",
     expectedEndpoint: "GET /rootfields",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain rootfield registry /rootfields",
   },
   {
     key: "agents",
     label: "Agents",
     detail: "Operators, workers, verifier identities, and observed contract actors.",
     expectedEndpoint: "GET /agents",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain agent registry /agents",
   },
   {
     key: "models",
     label: "Models",
     detail: "ModelPassport objects when the private testnet runtime exports them.",
     expectedEndpoint: "GET /models",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain model registry /models",
   },
   {
     key: "receipts",
     label: "Work Receipts",
     detail: "Work receipts from the launch fixture and local devnet handoff.",
     expectedEndpoint: "GET /receipts",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain receipt view /receipts",
   },
   {
     key: "memoryCells",
     label: "Memory Cells",
     detail: "Native MemoryCell records or rootfield-bundle projections while the API is pending.",
     expectedEndpoint: "GET /memory-cells",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain memory-cell registry /memory-cells",
   },
   {
     key: "artifacts",
     label: "Artifacts",
     detail: "Artifact availability commitments and receipt-linked artifact URIs.",
     expectedEndpoint: "GET /artifacts",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain artifact registry /artifacts",
   },
   {
     key: "verifierModules",
     label: "Verifier Modules",
     detail: "Verifier module identities or derived module projections from local reports.",
     expectedEndpoint: "GET /verifier-modules",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain verifier module registry /verifier-modules",
   },
   {
     key: "verifierReports",
     label: "Verifier Reports",
     detail: "Verifier reports, report digests, policies, checks, and reason codes.",
     expectedEndpoint: "GET /verifier-reports",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain verifier report view /verifier-reports",
   },
   {
     key: "challenges",
     label: "Challenges",
     detail: "Challenge lifecycle objects once the runtime/control-plane exports them.",
     expectedEndpoint: "GET /challenges",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain challenge registry /challenges",
   },
   {
     key: "finality",
     label: "Finality",
     detail: "Local finality distance, anchor placeholders, and latest finalized state.",
     expectedEndpoint: "GET /finality",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain finality view /finality",
+  },
+  {
+    key: "bridgeDeposits",
+    label: "Bridge Deposits",
+    detail: "Private/local bridge-deposit test objects only; this is not a production bridge.",
+    expectedEndpoint: "GET /bridge/deposits",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain bridge deposit view /bridge/deposits",
+  },
+  {
+    key: "bridgeCredits",
+    label: "Bridge Credits",
+    detail: "Private/local bridge-credit test objects only; no real-funds flow is available.",
+    expectedEndpoint: "GET /bridge/credits",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain bridge credit view /bridge/credits",
+  },
+  {
+    key: "bridgeWithdrawals",
+    label: "Bridge Withdrawals",
+    detail: "Private/local bridge-withdrawal test objects only; production bridge work is out of scope.",
+    expectedEndpoint: "GET /bridge/withdrawals",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain bridge withdrawal view /bridge/withdrawals",
   },
   {
     key: "provenance",
     label: "Provenance / Source",
     detail: "Source paths, API probe result, and fixture fallback boundary.",
     expectedEndpoint: "GET /raw",
+    missingCommand: "npm run dev --prefix apps/dashboard",
+    missingService: "Dashboard fixture and control-plane probe",
   },
   {
     key: "hardwareSignals",
     label: "Hardware Signals",
     detail: "FlowRouter, gateway, and low-bandwidth sidecar heartbeat/control-signal records.",
     expectedEndpoint: "GET /hardware-signals",
+    missingCommand: "npm run flowchain:smoke",
+    missingService: "FlowChain hardware signal export /hardware-signals",
   },
   {
     key: "rawJson",
     label: "Raw JSON",
     detail: "Loaded dashboard, devnet, and control-plane payloads for direct inspection.",
     expectedEndpoint: "GET /raw",
+    missingCommand: "npm run dev --prefix apps/dashboard",
+    missingService: "Dashboard raw JSON inspector",
+  },
+];
+
+const WORKBENCH_ACTIONS: WorkbenchAction[] = [
+  {
+    label: "Run smoke",
+    endpoint: "POST /smoke",
+    detail: "Ask the local control-plane to run the deterministic private/local object smoke path.",
+    boundary: "Uses a local API endpoint only; no browser key material is collected.",
+  },
+  {
+    label: "Produce block",
+    endpoint: "POST /blocks",
+    detail: "Request deterministic local block production when the runtime advertises that action.",
+    boundary: "No value-bearing transaction signing happens in the browser.",
+  },
+  {
+    label: "Request demo faucet",
+    endpoint: "POST /faucet",
+    detail: "Create a local no-value faucet/credit event for demo accounts when supported.",
+    boundary: "Demo credits only; this is not a token or real-funds faucet.",
+  },
+  {
+    label: "Refresh bridge demo",
+    endpoint: "POST /bridge/smoke",
+    detail: "Populate private/local bridge lifecycle test objects when the control-plane exposes them.",
+    boundary: "Private/local bridge fixtures only; production bridge work remains out of scope.",
   },
 ];
 
@@ -360,6 +517,58 @@ function extractControlPlaneState(state: unknown): unknown {
   return state;
 }
 
+function normalizeEndpointHint(value: unknown): string | null {
+  if (typeof value !== "string") {
+    return null;
+  }
+
+  const trimmed = value.trim();
+  const methodMatch = /^(GET|POST|PUT|PATCH|DELETE|OPTIONS)\s+\/[A-Za-z0-9/_:.-]+$/i.exec(trimmed);
+  if (methodMatch) {
+    return `${methodMatch[1].toUpperCase()} ${trimmed.slice(methodMatch[1].length).trim()}`;
+  }
+
+  if (/^\/[A-Za-z0-9/_:.-]+$/.test(trimmed)) {
+    return `GET ${trimmed}`;
+  }
+
+  return null;
+}
+
+function collectEndpointHints(payload: unknown, depth = 0): string[] {
+  if (depth > 4) {
+    return [];
+  }
+
+  const normalized = normalizeEndpointHint(payload);
+  if (normalized) {
+    return [normalized];
+  }
+
+  if (Array.isArray(payload)) {
+    return payload.flatMap((item) => collectEndpointHints(item, depth + 1));
+  }
+
+  if (!isRecord(payload)) {
+    return [];
+  }
+
+  const directMethod = typeof payload.method === "string" ? payload.method.toUpperCase() : null;
+  const directPath = typeof payload.path === "string" ? payload.path : typeof payload.route === "string" ? payload.route : null;
+  const direct = directMethod && directPath ? normalizeEndpointHint(`${directMethod} ${directPath}`) : null;
+
+  return [
+    direct,
+    ...Object.entries(payload)
+      .filter(([key]) => ["actions", "capabilities", "endpoints", "links", "routes"].includes(key))
+      .flatMap(([, value]) => collectEndpointHints(value, depth + 1)),
+  ].filter((item): item is string => item !== null);
+}
+
+function uniqueEndpoints(...sources: Array<string[] | undefined>): string[] {
+  return [...new Set(sources.flatMap((source) => source ?? []))].sort((left, right) => left.localeCompare(right));
+}
+
 function getControlPlaneUrl(): string {
   const env = (import.meta as ImportMeta & { env?: Record<string, string | undefined> }).env;
   const configured = env?.VITE_FLOWCHAIN_CONTROL_PLANE_URL?.trim();
@@ -395,7 +604,7 @@ async function fetchOptionalJson(path: string): Promise<{ value: unknown | null;
 async function probeControlPlane(): Promise<ControlPlaneProbe> {
   const url = getControlPlaneUrl();
   const checkedAt = new Date().toISOString();
-  const endpoints = ["GET /health", "GET /state"];
+  const defaultEndpoints = ["GET /health", "GET /state"];
 
   try {
     const health = await fetchJsonWithTimeout(`${url}/health`, CONTROL_PLANE_TIMEOUT_MS);
@@ -408,7 +617,7 @@ async function probeControlPlane(): Promise<ControlPlaneProbe> {
         url,
         status: "available",
         checkedAt,
-        endpoints,
+        endpoints: uniqueEndpoints(defaultEndpoints, collectEndpointHints(health)),
         health,
         error: `Health endpoint responded, but state endpoint was not loaded: ${
           error instanceof Error ? error.message : "unknown state error"
@@ -420,7 +629,7 @@ async function probeControlPlane(): Promise<ControlPlaneProbe> {
       url,
       status: "available",
       checkedAt,
-      endpoints,
+      endpoints: uniqueEndpoints(defaultEndpoints, collectEndpointHints(health), collectEndpointHints(state)),
       health,
       state,
     };
@@ -429,12 +638,216 @@ async function probeControlPlane(): Promise<ControlPlaneProbe> {
       url,
       status: "not-detected",
       checkedAt,
-      endpoints,
+      endpoints: defaultEndpoints,
       error: error instanceof Error ? error.message : "control-plane API not detected",
     };
   }
 }
 
+function buildLocalActions(controlPlane: ControlPlaneProbe): WorkbenchAction[] {
+  if (controlPlane.status !== "available") {
+    return [];
+  }
+
+  const advertised = new Set(controlPlane.endpoints.map((endpoint) => endpoint.toUpperCase()));
+  return WORKBENCH_ACTIONS.filter((action) => advertised.has(action.endpoint.toUpperCase()));
+}
+
+function buildNodeStatusRecords(data: DashboardData, devnetState: unknown, controlPlane: ControlPlaneProbe): WorkbenchRecord[] {
+  const node = buildNodeStatus(data, devnetState, controlPlane);
+  const devnet = isRecord(devnetState) ? devnetState : {};
+  const config = isRecord(devnet.config) ? devnet.config : {};
+
+  return [
+    makeLocalRecord(
+      "devnet",
+      controlPlane.url,
+      {
+        id: "local-control-plane",
+        kind: "Control-plane API",
+        title: node.title,
+        summary: node.summary,
+        status: node.status,
+        facts: [
+          ...node.facts,
+          { label: "health endpoint", value: controlPlane.status === "available" ? "responded" : "not detected" },
+          { label: "state endpoint", value: controlPlane.state ? "loaded" : "not loaded" },
+          { label: "error", value: text(controlPlane.error, "none") },
+        ],
+        raw: { controlPlane, node },
+      },
+      controlPlane.checkedAt,
+    ),
+    makeRecord("devnet", WORKBENCH_DEVNET_STATE_PATH, {
+      id: "local-chain-state",
+      kind: "Private/local chain",
+      title: text(devnet.chainId ?? data.chain.chainId),
+      summary: "Committed local chain state used by the workbench when the API is offline or partial.",
+      status: devnetState ? "finalized" : "stale",
+      facts: [
+        { label: "genesis hash", value: text(devnet.genesisHash ?? config.genesisHash) },
+        { label: "next block", value: text(devnet.nextBlockNumber) },
+        { label: "logical time", value: text(devnet.logicalTime ?? config.genesisLogicalTime) },
+        { label: "consensus", value: text(config.consensus, "local deterministic") },
+        { label: "no value", value: text(config.noValue, "true") },
+      ],
+      raw: devnetState,
+    }),
+  ];
+}
+
+function buildPeerRecords(devnetState: unknown): WorkbenchRecord[] {
+  return collectionFrom(devnetState, ["peers", "networkPeers", "peerState", "nodes"]).map((peer, index) => {
+    const id = text(peer.peerId ?? peer.nodeId ?? peer.id ?? peer.address, `peer:${index + 1}`);
+    return makeRecord("devnet", WORKBENCH_DEVNET_STATE_PATH, {
+      id,
+      kind: "Peer",
+      title: id,
+      summary: text(peer.summary ?? peer.role, "Private/local peer exported by the control-plane."),
+      status: statusFrom(peer.status, "observed"),
+      facts: [
+        { label: "address", value: text(peer.address ?? peer.multiaddr ?? peer.url) },
+        { label: "role", value: text(peer.role) },
+        { label: "last seen", value: text(peer.lastSeenAt ?? peer.lastSeen) },
+        { label: "height", value: text(peer.blockHeight ?? peer.height) },
+      ],
+      raw: peer,
+    });
+  });
+}
+
+function buildMempoolRecords(devnetState: unknown): WorkbenchRecord[] {
+  return collectionFrom(devnetState, ["pendingTxs", "mempool", "txPool", "pendingTransactions"]).map((tx, index) => {
+    const id = text(tx.txId ?? tx.hash ?? tx.id, `pending-tx:${index + 1}`);
+    return makeRecord("devnet", WORKBENCH_DEVNET_STATE_PATH, {
+      id,
+      kind: "Pending transaction",
+      title: id,
+      summary: text(tx.summary ?? tx.kind, "Pending local transaction waiting for deterministic block production."),
+      status: statusFrom(tx.status, "pending"),
+      facts: [
+        { label: "from", value: text(tx.from ?? tx.sender ?? tx.agentId) },
+        { label: "type", value: text(tx.type ?? tx.kind) },
+        { label: "received", value: text(tx.receivedAt ?? tx.createdAt) },
+        { label: "nonce", value: text(tx.nonce) },
+      ],
+      raw: tx,
+    });
+  });
+}
+
+function buildAccountRecords(devnetState: unknown): WorkbenchRecord[] {
+  return collectionFrom(devnetState, ["agentAccounts", "accounts", "accountRegistry"]).map((account, index) => {
+    const id = text(account.accountId ?? account.agentId ?? account.id ?? account.controller, `account:${index + 1}`);
+    return makeRecord("devnet", WORKBENCH_DEVNET_STATE_PATH, {
+      id,
+      kind: "Account",
+      title: id,
+      summary: `Controller ${text(account.controller)} with model ${text(account.modelPassportId ?? account.modelId)}.`,
+      status: account.active === false ? "stale" : statusFrom(account.status, "verified"),
+      facts: [
+        { label: "controller", value: text(account.controller) },
+        { label: "model", value: text(account.modelPassportId ?? account.modelId) },
+        { label: "metadata hash", value: text(account.metadataHash) },
+        { label: "memory root", value: text(account.memoryRoot) },
+        { label: "active", value: text(account.active) },
+      ],
+      raw: account,
+    });
+  });
+}
+
+function buildBalanceRecords(devnetState: unknown): WorkbenchRecord[] {
+  return collectionFrom(devnetState, ["balances", "accountBalances", "balanceSheet", "credits", "creditBalances"]).map((balance, index) => {
+    const id = text(balance.balanceId ?? balance.accountId ?? balance.agentId ?? balance.id, `balance:${index + 1}`);
+    return makeRecord("devnet", WORKBENCH_DEVNET_STATE_PATH, {
+      id,
+      kind: "No-value balance",
+      title: id,
+      summary: text(balance.summary, "Local no-value balance or credit metadata exported by the private testnet API."),
+      status: statusFrom(balance.status, "observed"),
+      facts: [
+        { label: "account", value: text(balance.accountId ?? balance.agentId) },
+        { label: "amount", value: text(balance.amount ?? balance.balance ?? balance.credits) },
+        { label: "unit", value: text(balance.unit, "no-value local credit") },
+        { label: "updated", value: text(balance.updatedAt ?? balance.blockNumber) },
+      ],
+      raw: balance,
+    });
+  });
+}
+
+function buildFaucetEventRecords(devnetState: unknown): WorkbenchRecord[] {
+  return collectionFrom(devnetState, ["faucetEvents", "faucetClaims", "faucetCredits", "faucet"]).map((event, index) => {
+    const id = text(event.eventId ?? event.faucetEventId ?? event.txId ?? event.id, `faucet-event:${index + 1}`);
+    return makeRecord("devnet", WORKBENCH_DEVNET_STATE_PATH, {
+      id,
+      kind: "Faucet event",
+      title: id,
+      summary: text(event.summary, "Local no-value faucet event exported by the control-plane."),
+      status: statusFrom(event.status, "observed"),
+      facts: [
+        { label: "account", value: text(event.accountId ?? event.agentId ?? event.wallet) },
+        { label: "amount", value: text(event.amount ?? event.credits) },
+        { label: "block", value: text(event.blockNumber) },
+        { label: "created", value: text(event.createdAt ?? event.timestamp) },
+      ],
+      raw: event,
+    });
+  });
+}
+
+function buildWalletMetadataRecords(devnetState: unknown): WorkbenchRecord[] {
+  return collectionFrom(devnetState, ["wallets", "walletMetadata", "publicWallets", "operatorKeyReferences"]).map((wallet, index) => {
+    const id = text(wallet.walletId ?? wallet.keyReferenceId ?? wallet.operatorId ?? wallet.id, `wallet:${index + 1}`);
+    return makeRecord("devnet", WORKBENCH_DEVNET_STATE_PATH, {
+      id,
+      kind: "Public wallet metadata",
+      title: id,
+      summary: text(
+        wallet.secretMaterialBoundary ?? wallet.summary,
+        "Public wallet/key metadata only. Private keys are intentionally outside browser state.",
+      ),
+      status: statusFrom(wallet.status, "verified"),
+      facts: [
+        { label: "operator", value: text(wallet.operatorId ?? wallet.controller) },
+        { label: "worker key", value: text(wallet.workerKeyId) },
+        { label: "verifier key", value: text(wallet.verifierKeyId) },
+        { label: "scheme", value: text(wallet.signatureScheme) },
+        { label: "public hint", value: text(wallet.publicKeyHint) },
+      ],
+      raw: wallet,
+    });
+  });
+}
+
+function buildBridgeRecords(devnetState: unknown, kind: "deposits" | "credits" | "withdrawals"): WorkbenchRecord[] {
+  const keyMap = {
+    deposits: ["bridgeDeposits", "deposits"],
+    credits: ["bridgeCredits", "bridgeCreditEvents"],
+    withdrawals: ["bridgeWithdrawals", "withdrawals"],
+  } satisfies Record<typeof kind, string[]>;
+
+  return collectionFrom(devnetState, keyMap[kind]).map((event, index) => {
+    const id = text(event.bridgeEventId ?? event.depositId ?? event.creditId ?? event.withdrawalId ?? event.id, `bridge-${kind}:${index + 1}`);
+    return makeRecord("devnet", WORKBENCH_DEVNET_STATE_PATH, {
+      id,
+      kind: `Bridge ${kind.slice(0, -1)}`,
+      title: id,
+      summary: text(event.summary, "Private/local bridge lifecycle object exported by the control-plane."),
+      status: statusFrom(event.status, "pending"),
+      facts: [
+        { label: "account", value: text(event.accountId ?? event.wallet ?? event.recipient) },
+        { label: "amount", value: text(event.amount) },
+        { label: "source", value: text(event.sourceChain ?? event.fromChain) },
+        { label: "destination", value: text(event.destinationChain ?? event.toChain) },
+        { label: "block", value: text(event.blockNumber) },
+      ],
+      raw: event,
+    });
+  });
+}
+
 function buildBlockRecords(data: DashboardData, devnetState: unknown): WorkbenchRecord[] {
   const blocks = collectionFrom(devnetState, ["blocks"]);
 
@@ -1240,8 +1653,15 @@ export function buildWorkbenchSnapshot(
   const source: WorkbenchSource = controlPlane.status === "available" && controlPlaneState ? "control-plane" : "fixture-fallback";
 
   const sections: Record<WorkbenchSectionKey, WorkbenchRecord[]> = {
+    nodeStatus: buildNodeStatusRecords(data, activeDevnetState, controlPlane),
+    peers: buildPeerRecords(activeDevnetState),
     blocks: buildBlockRecords(data, activeDevnetState),
     transactions: buildTransactionRecords(data, activeDevnetState),
+    mempool: buildMempoolRecords(activeDevnetState),
+    accounts: buildAccountRecords(activeDevnetState),
+    balances: buildBalanceRecords(activeDevnetState),
+    faucetEvents: buildFaucetEventRecords(activeDevnetState),
+    walletMetadata: buildWalletMetadataRecords(activeDevnetState),
     rootfields: buildRootfieldRecords(data, activeDevnetState),
     agents: buildAgentRecords(data, activeDevnetState),
     models: buildModelRecords(activeDevnetState),
@@ -1252,6 +1672,9 @@ export function buildWorkbenchSnapshot(
     verifierReports: buildVerifierRecords(data, activeDevnetState),
     challenges: buildChallengeRecords(activeDevnetState),
     finality: buildFinalityRecords(data, activeDevnetState),
+    bridgeDeposits: buildBridgeRecords(activeDevnetState, "deposits"),
+    bridgeCredits: buildBridgeRecords(activeDevnetState, "credits"),
+    bridgeWithdrawals: buildBridgeRecords(activeDevnetState, "withdrawals"),
     provenance: [],
     hardwareSignals: buildHardwareSignalRecords(data, activeDevnetState),
     rawJson: [],
@@ -1267,6 +1690,7 @@ export function buildWorkbenchSnapshot(
     controlPlane,
     node: buildNodeStatus(data, activeDevnetState, controlPlane),
     setupSteps: buildSetupSteps(controlPlane),
+    actions: buildLocalActions(controlPlane),
     sections: displayedSections,
     loadIssues: options.loadIssues ?? [],
     raw: {
diff --git a/apps/dashboard/src/main.tsx b/apps/dashboard/src/main.tsx
index 04e310d9..2d89f272 100644
--- a/apps/dashboard/src/main.tsx
+++ b/apps/dashboard/src/main.tsx
@@ -1,13 +1,13 @@
 import React from "react";
 import ReactDOM from "react-dom/client";
-import { HashRouter } from "react-router-dom";
+import { BrowserRouter } from "react-router-dom";
 import App from "./App";
 import "./styles.css";
 
 ReactDOM.createRoot(document.getElementById("root") as HTMLElement).render(
   <React.StrictMode>
-    <HashRouter>
+    <BrowserRouter>
       <App />
-    </HashRouter>
+    </BrowserRouter>
   </React.StrictMode>,
 );
diff --git a/apps/dashboard/src/styles.css b/apps/dashboard/src/styles.css
index 06cb1b8d..11a39e69 100644
--- a/apps/dashboard/src/styles.css
+++ b/apps/dashboard/src/styles.css
@@ -424,6 +424,35 @@ small {
   margin: 0;
 }
 
+.canary-operator-strip {
+  display: grid;
+  grid-template-columns: 1.15fr 1fr 1.1fr;
+  gap: 10px;
+}
+
+.canary-operator-strip article {
+  display: grid;
+  gap: 7px;
+  min-width: 0;
+  padding: 12px;
+  border: 1px solid #c9d5ce;
+  border-radius: 8px;
+  background: #fbfcf8;
+  box-shadow: var(--shadow);
+}
+
+.canary-operator-strip span,
+.canary-operator-strip strong {
+  overflow-wrap: anywhere;
+}
+
+.canary-operator-strip span {
+  color: var(--muted);
+  font-size: 0.72rem;
+  font-weight: 800;
+  text-transform: uppercase;
+}
+
 .canary-boundaries {
   display: grid;
   gap: 8px;
@@ -747,10 +776,15 @@ dd {
   display: grid;
   grid-template-columns: auto minmax(0, 1fr);
   gap: 9px;
+  align-items: start;
   padding: 11px 0;
   border-bottom: 1px solid var(--line);
 }
 
+.setup-step-list .status-badge {
+  align-self: start;
+}
+
 .setup-step-list article:last-child {
   border-bottom: 0;
 }
@@ -793,6 +827,58 @@ code {
   overflow-wrap: anywhere;
 }
 
+.workbench-api-panel {
+  display: grid;
+  gap: 12px;
+}
+
+.endpoint-strip {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 7px;
+}
+
+.endpoint-strip span {
+  padding: 4px 7px;
+  color: #34443c;
+  border: 1px solid var(--line);
+  border-radius: 999px;
+  background: #f7f8f4;
+  font-family: "JetBrains Mono", "SFMono-Regular", Consolas, monospace;
+  font-size: 0.72rem;
+}
+
+.local-action-grid {
+  display: grid;
+  grid-template-columns: repeat(2, minmax(0, 1fr));
+  gap: 10px;
+}
+
+.local-action-grid article {
+  display: grid;
+  grid-template-columns: minmax(0, 1fr) auto;
+  gap: 10px;
+  align-items: center;
+  min-width: 0;
+  padding: 11px;
+  border: 1px solid var(--line);
+  border-radius: 7px;
+  background: #f7f8f4;
+}
+
+.local-action-grid strong,
+.local-action-grid small {
+  display: block;
+  overflow-wrap: anywhere;
+}
+
+.action-result,
+.boot-hint {
+  margin: 0;
+  color: var(--muted);
+  line-height: 1.45;
+}
+
 .workbench-layout {
   display: grid;
   grid-template-columns: 222px minmax(0, 1fr);
@@ -805,6 +891,8 @@ code {
   top: 88px;
   display: grid;
   gap: 7px;
+  max-height: calc(100dvh - 112px);
+  overflow: auto;
 }
 
 .workbench-switch {
@@ -1213,6 +1301,8 @@ code {
   .rootfield-grid,
   .hardware-grid,
   .lane-grid,
+  .canary-operator-strip,
+  .local-action-grid,
   .workbench-command-center,
   .workbench-record-grid {
     grid-template-columns: 1fr;
diff --git a/apps/dashboard/src/test/dashboardData.test.ts b/apps/dashboard/src/test/dashboardData.test.ts
index 1802b264..c2a9a06c 100644
--- a/apps/dashboard/src/test/dashboardData.test.ts
+++ b/apps/dashboard/src/test/dashboardData.test.ts
@@ -116,6 +116,10 @@ describe("dashboard fixture", () => {
     expect(workbench.sections.blocks).toHaveLength(2);
     expect(workbench.sections.transactions.length).toBeGreaterThanOrEqual(6);
     expect(workbench.sections.transactions.every((transaction) => transaction.status === "finalized")).toBe(true);
+    expect(workbench.sections.nodeStatus.length).toBeGreaterThan(0);
+    expect(workbench.sections.mempool).toHaveLength(0);
+    expect(workbench.sections.accounts.length).toBeGreaterThan(0);
+    expect(workbench.sections.walletMetadata.length).toBeGreaterThan(0);
     expect(workbench.sections.rootfields.length).toBeGreaterThan(0);
     expect(workbench.sections.agents.length).toBeGreaterThan(0);
     expect(workbench.sections.receipts.length).toBeGreaterThan(data.workReceipts.length);
@@ -128,7 +132,11 @@ describe("dashboard fixture", () => {
     expect(workbench.sections.rawJson.map((record) => record.id)).toContain("raw-dashboard-fixture");
     expect(workbench.sections.models.length).toBeGreaterThan(0);
     expect(workbench.sections.challenges.length).toBeGreaterThan(0);
+    expect(workbench.sections.bridgeDeposits).toHaveLength(0);
+    expect(workbench.sections.bridgeCredits).toHaveLength(0);
+    expect(workbench.sections.bridgeWithdrawals).toHaveLength(0);
     expect(workbench.node.status).toBe("offline");
+    expect(workbench.actions).toEqual([]);
 
     for (const section of WORKBENCH_SECTIONS) {
       expect(workbench.sections[section.key], `${section.key} should be a defined workbench view`).toBeDefined();
@@ -156,6 +164,23 @@ describe("dashboard fixture", () => {
     expect(workbench.sections.provenance.find((record) => record.id === "control-plane-api")?.status).toBe("verified");
   });
 
+  it("only exposes local actions when the control-plane advertises matching endpoints", () => {
+    const workbench = buildWorkbenchSnapshot(data, {
+      controlPlane: {
+        url: "http://127.0.0.1:8787",
+        status: "available",
+        checkedAt: "2026-05-13T15:00:00.000Z",
+        endpoints: ["GET /health", "GET /state", "POST /smoke", "POST /faucet"],
+        health: { status: "ok" },
+        state: devnetState,
+      },
+      devnetState,
+      devnetDashboardState,
+    });
+
+    expect(workbench.actions.map((action) => action.endpoint)).toEqual(["POST /smoke", "POST /faucet"]);
+  });
+
   it("fetches control-plane state while keeping deterministic fixture payloads available", async () => {
     const fetchMock = vi.fn(async (input: RequestInfo | URL) => {
       const url = String(input);
@@ -198,6 +223,8 @@ describe("dashboard fixture", () => {
     expect(html).toContain("Local explorer workbench");
     expect(html).toContain("Node and API status");
     expect(html).toContain("Control-plane offline");
+    expect(html).toContain("Wallet Metadata");
+    expect(html).toContain("Bridge Deposits");
     expect(html).toContain("Rootfields");
     expect(html).toContain("Verifier Modules");
     expect(html).toContain("Hardware Signals");
diff --git a/apps/dashboard/src/views/CanaryDeploymentView.tsx b/apps/dashboard/src/views/CanaryDeploymentView.tsx
index bf9478b2..37f56ac8 100644
--- a/apps/dashboard/src/views/CanaryDeploymentView.tsx
+++ b/apps/dashboard/src/views/CanaryDeploymentView.tsx
@@ -35,10 +35,16 @@ function canaryCounts(data: DashboardData) {
       status: (data.metadata.canary?.counts.duplicates ?? 0) > 0 ? "unresolved" as const : "verified" as const,
     },
     {
-      label: "Source verified",
-      value: "pending",
-      detail: "automation ready; API key required",
-      status: "unresolved" as const,
+      label: "Canary mode",
+      value: "only",
+      detail: "productionReady=false",
+      status: "unsupported" as const,
+    },
+    {
+      label: "Contracts",
+      value: String(data.metadata.canary?.counts.contracts ?? data.metadata.canary?.contracts.length ?? 0),
+      detail: "guarded canary artifact",
+      status: "observed" as const,
     },
   ];
 }
@@ -52,13 +58,13 @@ export function CanaryDeploymentView({ data }: { data: DashboardData }) {
     <div className="view-stack">
       <SectionHeader
         eyebrow="base mainnet canary"
-        title="Live canary read"
-        detail="Guarded Base mainnet read path for the deployed V0 FlowPulse surfaces. This view is for launch demos and operator review; it is not a production-readiness claim."
+        title="Canary-only Base read"
+        detail="Guarded Base mainnet read path for the deployed V0 FlowPulse surfaces. This route is isolated from local fixture mode and exists for launch demos and operator review only; it is not a production-readiness claim."
       />
 
       <section className="canary-hero" aria-label="Canary boundary">
         <div>
-          <span className="eyebrow">guardrail</span>
+          <span className="eyebrow">canary-only guardrail</span>
           <h2>Visible on Base, still gated for production</h2>
           <p>
             The dashboard is reading committed canary artifacts generated by the Base mainnet canary reader.
@@ -87,6 +93,21 @@ export function CanaryDeploymentView({ data }: { data: DashboardData }) {
         </div>
       </section>
 
+      <section className="canary-operator-strip" aria-label="Canary operator boundary">
+        <article>
+          <span>reader command</span>
+          <code>npm run index:base-canary -- --acknowledge-mainnet-canary ...</code>
+        </article>
+        <article>
+          <span>review fixture</span>
+          <code>{data.metadata.runtimeDataPath}</code>
+        </article>
+        <article>
+          <span>hard boundary</span>
+          <strong>No broad mainnet scan, no production launch, no real-funds workflow.</strong>
+        </article>
+      </section>
+
       <section className="metric-grid" aria-label="Canary metrics">
         {counts.map((metric) => (
           <article className="metric-tile" key={metric.label}>
diff --git a/apps/dashboard/src/views/WorkbenchView.tsx b/apps/dashboard/src/views/WorkbenchView.tsx
index a05f4aa5..5bacb0c3 100644
--- a/apps/dashboard/src/views/WorkbenchView.tsx
+++ b/apps/dashboard/src/views/WorkbenchView.tsx
@@ -1,5 +1,5 @@
 import { useMemo, useState } from "react";
-import { Activity, Database, Network, Search, Server, Terminal } from "lucide-react";
+import { Activity, Database, Network, PlayCircle, Search, Server, Terminal } from "lucide-react";
 import { EmptyState } from "../components/EmptyState";
 import { HashValue } from "../components/HashValue";
 import { ProvenanceLine } from "../components/ProvenanceLine";
@@ -8,7 +8,7 @@ import { StatusBadge } from "../components/StatusBadge";
 import type { DashboardData, DashboardStatus } from "../data/types";
 import { WORKBENCH_SECTIONS, type WorkbenchRecord, type WorkbenchSectionKey, type WorkbenchSnapshot } from "../data/workbench";
 
-const DEFAULT_SECTION: WorkbenchSectionKey = "blocks";
+const DEFAULT_SECTION: WorkbenchSectionKey = "nodeStatus";
 
 function displayValue(value: string) {
   if (value.startsWith("0x") && value.length > 18) {
@@ -31,9 +31,14 @@ function recordMatches(record: WorkbenchRecord, query: string): boolean {
   return JSON.stringify(record).toLowerCase().includes(normalized);
 }
 
+function missingStateDetail(activeDefinition: (typeof WORKBENCH_SECTIONS)[number]): string {
+  return `${activeDefinition.missingService} did not provide records for ${activeDefinition.expectedEndpoint}. Run ${activeDefinition.missingCommand} locally, then refresh this dashboard.`;
+}
+
 export function WorkbenchView({ data, workbench }: { data: DashboardData; workbench: WorkbenchSnapshot }) {
   const [activeSection, setActiveSection] = useState<WorkbenchSectionKey>(DEFAULT_SECTION);
   const [query, setQuery] = useState("");
+  const [actionResult, setActionResult] = useState<string | null>(null);
   const activeDefinition = WORKBENCH_SECTIONS.find((section) => section.key === activeSection) ?? WORKBENCH_SECTIONS[0];
   const activeRecords = workbench.sections[activeSection] ?? [];
   const filteredRecords = useMemo(
@@ -42,6 +47,21 @@ export function WorkbenchView({ data, workbench }: { data: DashboardData; workbe
   );
   const sourceStatus: DashboardStatus = workbench.source === "control-plane" ? "verified" : "stale";
 
+  const runLocalAction = async (endpoint: string, label: string) => {
+    const [method, path] = endpoint.split(/\s+/, 2);
+    setActionResult(`${label}: sending ${endpoint}`);
+
+    try {
+      const response = await fetch(`${workbench.controlPlane.url}${path}`, {
+        method,
+        headers: { Accept: "application/json" },
+      });
+      setActionResult(`${label}: ${response.status} ${response.statusText || "response"}`.trim());
+    } catch (error) {
+      setActionResult(`${label}: ${error instanceof Error ? error.message : "request failed"}`);
+    }
+  };
+
   return (
     <div className="view-stack">
       <SectionHeader
@@ -105,6 +125,44 @@ export function WorkbenchView({ data, workbench }: { data: DashboardData; workbe
         </article>
       </section>
 
+      <section className="panel workbench-api-panel">
+        <div className="panel-heading">
+          <div>
+            <Network size={18} aria-hidden="true" />
+            <h2>Control-plane endpoints and local actions</h2>
+          </div>
+          <span>{workbench.controlPlane.endpoints.length} advertised/probed</span>
+        </div>
+        <div className="endpoint-strip" aria-label="Control-plane endpoint status">
+          {workbench.controlPlane.endpoints.map((endpoint) => (
+            <span key={endpoint}>{endpoint}</span>
+          ))}
+        </div>
+        {workbench.actions.length > 0 ? (
+          <div className="local-action-grid">
+            {workbench.actions.map((action) => (
+              <article key={action.endpoint}>
+                <div>
+                  <strong>{action.label}</strong>
+                  <code>{action.endpoint}</code>
+                  <small>{action.boundary}</small>
+                </div>
+                <button className="button" type="button" onClick={() => runLocalAction(action.endpoint, action.label)}>
+                  <PlayCircle size={15} aria-hidden="true" />
+                  Run
+                </button>
+              </article>
+            ))}
+          </div>
+        ) : (
+          <EmptyState
+            title="No browser-safe local actions are advertised"
+            detail={`The dashboard only renders action buttons after ${workbench.controlPlane.url}/health or /state advertises a matching POST endpoint. Start ${activeDefinition.missingCommand} if you expect local actions.`}
+          />
+        )}
+        {actionResult ? <p className="action-result">{actionResult}</p> : null}
+      </section>
+
       {workbench.loadIssues.length > 0 ? (
         <section className="workbench-warning" role="status">
           <Activity size={18} aria-hidden="true" />
@@ -125,19 +183,24 @@ export function WorkbenchView({ data, workbench }: { data: DashboardData; workbe
           </div>
         </article>
         <article className="metric-tile">
-          <span>Blocks</span>
-          <strong>{workbench.sections.blocks.length}</strong>
+          <span>Node views</span>
+          <strong>{workbench.sections.nodeStatus.length}</strong>
           <div>
-            <StatusBadge status={workbench.sections.blocks.length > 0 ? "finalized" : "pending"} compact />
-            <small>state-root records</small>
+            <StatusBadge status={workbench.node.status} compact />
+            <small>health and state</small>
           </div>
         </article>
         <article className="metric-tile">
-          <span>Transactions</span>
-          <strong>{workbench.sections.transactions.length}</strong>
+          <span>Chain objects</span>
+          <strong>
+            {workbench.sections.blocks.length +
+              workbench.sections.transactions.length +
+              workbench.sections.mempool.length +
+              workbench.sections.accounts.length}
+          </strong>
           <div>
             <StatusBadge status={workbench.sections.transactions.length > 0 ? "verified" : "pending"} compact />
-            <small>receipt-linked</small>
+            <small>blocks txs accounts</small>
           </div>
         </article>
         <article className="metric-tile">
@@ -213,7 +276,7 @@ export function WorkbenchView({ data, workbench }: { data: DashboardData; workbe
           ) : (
             <EmptyState
               title={`No ${activeDefinition.label.toLowerCase()} in the current source`}
-              detail={`The workbench view is wired for ${activeDefinition.expectedEndpoint}; deterministic fallback data will appear here when the existing runtime or control-plane exports it.`}
+              detail={missingStateDetail(activeDefinition)}
             />
           )}
         </article>
diff --git a/contracts/DEPLOYMENT_BOUNDARY.md b/contracts/DEPLOYMENT_BOUNDARY.md
index f0ad5499..9aa2fa69 100644
--- a/contracts/DEPLOYMENT_BOUNDARY.md
+++ b/contracts/DEPLOYMENT_BOUNDARY.md
@@ -11,6 +11,8 @@ For the private/local FlowChain testnet package, these Solidity contracts are op
 - Local Foundry tests.
 - Local fixture generation and indexer/verifier/dashboard flows.
 - Base Sepolia deployment dry runs and explicit broadcasts for the current V0 contracts.
+- Base Sepolia planning for a Uniswap v4 `afterSwap`-only hook address,
+  including CREATE2 salt mining for the exact hook flag target.
 - Base Sepolia reads from explicit RPC URLs.
 - Guarded Base mainnet canary reads and source-verification dry runs for the documented V0 canary addresses only.
 - Public docs that describe emitted events, roots, receipts, and off-chain verification paths.
@@ -38,6 +40,31 @@ FlowPulse events intentionally omit `txHash` and `logIndex`; indexers derive tho
 
 No current Solidity contract exposes a challenge lifecycle or finality state machine. `VerifierReportRegistry.REORGED` is an advisory report status for off-chain reconciliation, not a bridge finality proof or challenge resolution path.
 
+## Uniswap V4 Hook Path Boundary
+
+The contract set now includes a production-shaped but not production-deployed
+Uniswap v4 hook path:
+
+- `FlowMemoryHookAdapter` remains the dependency-light fixture/canary adapter.
+- `FlowMemoryAfterSwapHook` is the real-path hook candidate. Its v4-shaped
+  `afterSwap` callback is restricted to the configured PoolManager, emits the
+  same `SWAP_MEMORY_SIGNAL` FlowPulse semantics, returns zero hook delta, and
+  exposes no token custody, dynamic fee, LP fee override, before-swap, pool
+  creation, or liquidity-position path.
+- `FlowMemoryHookPlanner` defines the exact permission target:
+  `AFTER_SWAP_FLAG` only, `0x40` in the low hook bits. It rejects addresses with
+  extra custom-accounting or dynamic-fee-adjacent flags such as
+  `AFTER_SWAP_RETURNS_DELTA_FLAG`.
+- Base Sepolia planning targets chain id `84532`, Uniswap v4 PoolManager
+  `0x9a13F98Cb987694C9F086b1F5eB990EeA8264Ec3`, and the standard CREATE2
+  deployer `0x4e59b44847b379578588920cA78FbF26c0B4956C`.
+
+Before any Base Sepolia hook broadcast, the PR or issue must record the mined
+salt, computed hook address, init code hash, constructor args, deployer, target
+chain, PoolManager address, source verification plan, and post-deploy reader
+range. A mined/testnet hook address is still not a production hook deployment
+or a Base mainnet approval.
+
 ## Private/Local FlowChain Mirror Map
 
 The private/local FlowChain runtime owns object execution and final state. The Solidity spine may mirror or anchor only compact object references:
@@ -116,6 +143,11 @@ submission uses `npm run verify:base-canary:sources:submit` and requires
 
 - `RootfieldRegistry`: Rootfield namespaces and root commitment pulses.
 - `FlowMemoryHookAdapter`: dependency-light hook-adapter plus Uniswap v4-shaped afterSwap callback path, not a production Uniswap hook deployment.
+- `FlowMemoryAfterSwapHook`: PoolManager-gated, afterSwap-only hook candidate
+  for Base Sepolia planning; returns zero hook delta and has no custody or fee
+  mechanics.
+- `FlowMemoryHookPlanner`: pure hook flag, CREATE2 address, and Base Sepolia
+  planning helper; it does not deploy contracts or store secrets.
 - `ReceiptVerifier`: compact receipt-report commitments, not cryptographic receipt verification.
 - `VerifierReportRegistry`: owner-authorized verifier report commitments.
 - `WorkReceiptRegistry`: owner-authorized worker receipt commitments.
diff --git a/contracts/FlowMemoryAfterSwapHook.sol b/contracts/FlowMemoryAfterSwapHook.sol
new file mode 100644
index 00000000..0268f0be
--- /dev/null
+++ b/contracts/FlowMemoryAfterSwapHook.sol
@@ -0,0 +1,150 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import {IFlowMemoryHookAdapter} from "./interfaces/IFlowMemoryHookAdapter.sol";
+import {IUniswapV4SwapHookLike} from "./interfaces/IUniswapV4SwapHookLike.sol";
+import {IFlowPulse, FlowPulseTypes} from "./FlowPulse.sol";
+import {FlowMemoryHookFlags} from "./FlowMemoryHookPlanner.sol";
+
+/// @title FlowMemoryAfterSwapHook
+/// @notice Production-shaped Uniswap v4 afterSwap hook path for Base Sepolia planning.
+/// @dev This is still not a production deployment. It is PoolManager-gated,
+/// returns zero hook delta, takes no token custody, exposes no fee override
+/// path, and cannot know txHash or logIndex during execution.
+contract FlowMemoryAfterSwapHook is IUniswapV4SwapHookLike, IFlowPulse {
+    bytes4 public constant UNISWAP_V4_AFTER_SWAP_SELECTOR = IUniswapV4SwapHookLike.afterSwap.selector;
+    uint160 public constant HOOK_PERMISSION_FLAGS = FlowMemoryHookFlags.FLOWMEMORY_AFTER_SWAP_FLAGS;
+    string public constant DEFAULT_AFTER_SWAP_URI = "flowmemory://uniswap-v4/after-swap";
+
+    address public immutable poolManager;
+
+    mapping(bytes32 rootfieldId => uint64 sequence) private _rootfieldSequences;
+
+    error ZeroPoolManager();
+    error UnauthorizedPoolManager(address caller);
+    error ZeroSender();
+    error ZeroRootfieldId();
+    error ZeroCommitment();
+    error EmptyHookData();
+    error TimestampOverflow(uint256 timestamp);
+
+    constructor(address poolManager_) {
+        if (poolManager_ == address(0)) revert ZeroPoolManager();
+        poolManager = poolManager_;
+    }
+
+    event AfterSwapObserved(
+        address indexed caller,
+        address indexed sender,
+        bytes32 indexed poolId,
+        bytes32 rootfieldId,
+        bytes32 commitment,
+        bytes32 hookDataHash
+    );
+
+    function afterSwap(
+        address sender,
+        IUniswapV4SwapHookLike.PoolKey calldata key,
+        IUniswapV4SwapHookLike.SwapParams calldata params,
+        int256 swapDelta,
+        bytes calldata hookData
+    ) external returns (bytes4 selector, int128 hookDelta) {
+        if (msg.sender != poolManager) revert UnauthorizedPoolManager(msg.sender);
+        if (sender == address(0)) revert ZeroSender();
+        if (hookData.length == 0) revert EmptyHookData();
+
+        IFlowMemoryHookAdapter.FlowMemorySwapHookData memory decoded =
+            abi.decode(hookData, (IFlowMemoryHookAdapter.FlowMemorySwapHookData));
+        bytes32 poolId = _poolIdFor(key);
+        bytes memory pulseContext =
+            abi.encode(params.zeroForOne, params.amountSpecified, params.sqrtPriceLimitX96, swapDelta, hookData);
+
+        _emitSwapMemorySignal(
+            sender,
+            poolId,
+            decoded.rootfieldId,
+            decoded.commitment,
+            decoded.parentPulseId,
+            pulseContext,
+            bytes(decoded.uri).length == 0 ? DEFAULT_AFTER_SWAP_URI : decoded.uri
+        );
+
+        return (UNISWAP_V4_AFTER_SWAP_SELECTOR, 0);
+    }
+
+    function encodeSwapHookData(bytes32 rootfieldId, bytes32 commitment, bytes32 parentPulseId, string calldata uri)
+        external
+        pure
+        returns (bytes memory hookData)
+    {
+        return abi.encode(
+            IFlowMemoryHookAdapter.FlowMemorySwapHookData({
+                rootfieldId: rootfieldId, commitment: commitment, parentPulseId: parentPulseId, uri: uri
+            })
+        );
+    }
+
+    function hasPermissionedHookAddress() external view returns (bool) {
+        return FlowMemoryHookFlags.hasOnlyFlowMemoryAfterSwapFlag(address(this));
+    }
+
+    function _emitSwapMemorySignal(
+        address sender,
+        bytes32 poolId,
+        bytes32 rootfieldId,
+        bytes32 commitment,
+        bytes32 parentPulseId,
+        bytes memory hookData,
+        string memory uri
+    ) private {
+        if (rootfieldId == bytes32(0)) revert ZeroRootfieldId();
+        if (commitment == bytes32(0)) revert ZeroCommitment();
+
+        bytes32 hookDataHash = keccak256(hookData);
+        uint64 sequence = _nextSequence(rootfieldId);
+        uint64 occurredAt = _blockTimestamp();
+        bytes32 pulseId = keccak256(
+            abi.encode(
+                FlowPulseTypes.SCHEMA_ID,
+                block.chainid,
+                address(this),
+                poolManager,
+                sender,
+                poolId,
+                rootfieldId,
+                commitment,
+                parentPulseId,
+                hookDataHash,
+                sequence
+            )
+        );
+
+        emit AfterSwapObserved(poolManager, sender, poolId, rootfieldId, commitment, hookDataHash);
+        emit FlowPulse(
+            pulseId,
+            rootfieldId,
+            sender,
+            FlowPulseTypes.SWAP_MEMORY_SIGNAL,
+            poolId,
+            commitment,
+            parentPulseId,
+            sequence,
+            occurredAt,
+            uri
+        );
+    }
+
+    function _poolIdFor(IUniswapV4SwapHookLike.PoolKey calldata key) private pure returns (bytes32) {
+        return keccak256(abi.encode(key.currency0, key.currency1, key.fee, key.tickSpacing, key.hooks));
+    }
+
+    function _nextSequence(bytes32 rootfieldId) private returns (uint64 sequence) {
+        sequence = _rootfieldSequences[rootfieldId] + 1;
+        _rootfieldSequences[rootfieldId] = sequence;
+    }
+
+    function _blockTimestamp() private view returns (uint64) {
+        if (block.timestamp > type(uint64).max) revert TimestampOverflow(block.timestamp);
+        return uint64(block.timestamp);
+    }
+}
diff --git a/contracts/FlowMemoryHookPlanner.sol b/contracts/FlowMemoryHookPlanner.sol
new file mode 100644
index 00000000..0784fef0
--- /dev/null
+++ b/contracts/FlowMemoryHookPlanner.sol
@@ -0,0 +1,153 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+/// @notice Dependency-light Uniswap v4 hook flag helpers for FlowMemory.
+/// @dev Constants mirror Uniswap v4 core Hooks flag positions without
+/// vendoring v4-core into the current repository.
+library FlowMemoryHookFlags {
+    uint160 internal constant ALL_HOOK_MASK = uint160((1 << 14) - 1);
+
+    uint160 internal constant BEFORE_INITIALIZE_FLAG = 1 << 13;
+    uint160 internal constant AFTER_INITIALIZE_FLAG = 1 << 12;
+    uint160 internal constant BEFORE_ADD_LIQUIDITY_FLAG = 1 << 11;
+    uint160 internal constant AFTER_ADD_LIQUIDITY_FLAG = 1 << 10;
+    uint160 internal constant BEFORE_REMOVE_LIQUIDITY_FLAG = 1 << 9;
+    uint160 internal constant AFTER_REMOVE_LIQUIDITY_FLAG = 1 << 8;
+    uint160 internal constant BEFORE_SWAP_FLAG = 1 << 7;
+    uint160 internal constant AFTER_SWAP_FLAG = 1 << 6;
+    uint160 internal constant BEFORE_DONATE_FLAG = 1 << 5;
+    uint160 internal constant AFTER_DONATE_FLAG = 1 << 4;
+    uint160 internal constant BEFORE_SWAP_RETURNS_DELTA_FLAG = 1 << 3;
+    uint160 internal constant AFTER_SWAP_RETURNS_DELTA_FLAG = 1 << 2;
+    uint160 internal constant AFTER_ADD_LIQUIDITY_RETURNS_DELTA_FLAG = 1 << 1;
+    uint160 internal constant AFTER_REMOVE_LIQUIDITY_RETURNS_DELTA_FLAG = 1 << 0;
+
+    uint160 internal constant FLOWMEMORY_AFTER_SWAP_FLAGS = AFTER_SWAP_FLAG;
+
+    function hookBits(address hook) internal pure returns (uint160) {
+        return uint160(hook) & ALL_HOOK_MASK;
+    }
+
+    function hasOnlyFlowMemoryAfterSwapFlag(address hook) internal pure returns (bool) {
+        return hookBits(hook) == FLOWMEMORY_AFTER_SWAP_FLAGS;
+    }
+}
+
+/// @title FlowMemoryHookPlanner
+/// @notice Pure planner/miner helper for the Base Sepolia Uniswap v4 hook path.
+/// @dev This helper performs no deployment and has no secrets. Use it to derive
+/// a CREATE2 salt/address plan, then deploy only from a reviewed script or
+/// operator runbook that records the exact inputs.
+contract FlowMemoryHookPlanner {
+    uint256 public constant BASE_SEPOLIA_CHAIN_ID = 84532;
+    address public constant BASE_SEPOLIA_POOL_MANAGER = 0x9a13F98Cb987694C9F086b1F5eB990EeA8264Ec3;
+    address public constant CREATE2_DEPLOYER = 0x4e59b44847b379578588920cA78FbF26c0B4956C;
+
+    uint160 public constant ALL_HOOK_MASK = FlowMemoryHookFlags.ALL_HOOK_MASK;
+    uint160 public constant BEFORE_INITIALIZE_FLAG = FlowMemoryHookFlags.BEFORE_INITIALIZE_FLAG;
+    uint160 public constant AFTER_INITIALIZE_FLAG = FlowMemoryHookFlags.AFTER_INITIALIZE_FLAG;
+    uint160 public constant BEFORE_ADD_LIQUIDITY_FLAG = FlowMemoryHookFlags.BEFORE_ADD_LIQUIDITY_FLAG;
+    uint160 public constant AFTER_ADD_LIQUIDITY_FLAG = FlowMemoryHookFlags.AFTER_ADD_LIQUIDITY_FLAG;
+    uint160 public constant BEFORE_REMOVE_LIQUIDITY_FLAG = FlowMemoryHookFlags.BEFORE_REMOVE_LIQUIDITY_FLAG;
+    uint160 public constant AFTER_REMOVE_LIQUIDITY_FLAG = FlowMemoryHookFlags.AFTER_REMOVE_LIQUIDITY_FLAG;
+    uint160 public constant BEFORE_SWAP_FLAG = FlowMemoryHookFlags.BEFORE_SWAP_FLAG;
+    uint160 public constant AFTER_SWAP_FLAG = FlowMemoryHookFlags.AFTER_SWAP_FLAG;
+    uint160 public constant BEFORE_DONATE_FLAG = FlowMemoryHookFlags.BEFORE_DONATE_FLAG;
+    uint160 public constant AFTER_DONATE_FLAG = FlowMemoryHookFlags.AFTER_DONATE_FLAG;
+    uint160 public constant BEFORE_SWAP_RETURNS_DELTA_FLAG = FlowMemoryHookFlags.BEFORE_SWAP_RETURNS_DELTA_FLAG;
+    uint160 public constant AFTER_SWAP_RETURNS_DELTA_FLAG = FlowMemoryHookFlags.AFTER_SWAP_RETURNS_DELTA_FLAG;
+    uint160 public constant AFTER_ADD_LIQUIDITY_RETURNS_DELTA_FLAG =
+        FlowMemoryHookFlags.AFTER_ADD_LIQUIDITY_RETURNS_DELTA_FLAG;
+    uint160 public constant AFTER_REMOVE_LIQUIDITY_RETURNS_DELTA_FLAG =
+        FlowMemoryHookFlags.AFTER_REMOVE_LIQUIDITY_RETURNS_DELTA_FLAG;
+    uint160 public constant FLOWMEMORY_AFTER_SWAP_FLAGS = FlowMemoryHookFlags.FLOWMEMORY_AFTER_SWAP_FLAGS;
+
+    struct HookPermissions {
+        bool beforeInitialize;
+        bool afterInitialize;
+        bool beforeAddLiquidity;
+        bool afterAddLiquidity;
+        bool beforeRemoveLiquidity;
+        bool afterRemoveLiquidity;
+        bool beforeSwap;
+        bool afterSwap;
+        bool beforeDonate;
+        bool afterDonate;
+        bool beforeSwapReturnDelta;
+        bool afterSwapReturnDelta;
+        bool afterAddLiquidityReturnDelta;
+        bool afterRemoveLiquidityReturnDelta;
+    }
+
+    struct HookPlan {
+        uint256 chainId;
+        address poolManager;
+        address create2Deployer;
+        uint160 targetFlags;
+        bytes32 initCodeHash;
+        bytes32 salt;
+        address hookAddress;
+    }
+
+    error ZeroCreate2Deployer();
+    error ZeroInitCodeHash();
+    error SaltNotFound(uint256 startSalt, uint256 maxIterations);
+
+    function targetPermissions() external pure returns (HookPermissions memory permissions) {
+        permissions.afterSwap = true;
+    }
+
+    function hookBits(address hook) public pure returns (uint160) {
+        return FlowMemoryHookFlags.hookBits(hook);
+    }
+
+    function hasOnlyAfterSwapFlag(address hook) public pure returns (bool) {
+        return FlowMemoryHookFlags.hasOnlyFlowMemoryAfterSwapFlag(hook);
+    }
+
+    function computeCreate2Address(address deployer, bytes32 salt, bytes32 initCodeHash)
+        public
+        pure
+        returns (address hookAddress)
+    {
+        if (deployer == address(0)) revert ZeroCreate2Deployer();
+        if (initCodeHash == bytes32(0)) revert ZeroInitCodeHash();
+
+        bytes32 digest = keccak256(abi.encodePacked(bytes1(0xff), deployer, salt, initCodeHash));
+        hookAddress = address(uint160(uint256(digest)));
+    }
+
+    function findSalt(address deployer, bytes32 initCodeHash, uint256 startSalt, uint256 maxIterations)
+        public
+        pure
+        returns (bytes32 salt, address hookAddress)
+    {
+        for (uint256 i = 0; i < maxIterations; i++) {
+            salt = bytes32(startSalt + i);
+            hookAddress = computeCreate2Address(deployer, salt, initCodeHash);
+            if (hasOnlyAfterSwapFlag(hookAddress)) {
+                return (salt, hookAddress);
+            }
+        }
+
+        revert SaltNotFound(startSalt, maxIterations);
+    }
+
+    function planBaseSepolia(bytes32 initCodeHash, uint256 startSalt, uint256 maxIterations)
+        external
+        pure
+        returns (HookPlan memory plan)
+    {
+        (bytes32 salt, address hookAddress) = findSalt(CREATE2_DEPLOYER, initCodeHash, startSalt, maxIterations);
+
+        plan = HookPlan({
+            chainId: BASE_SEPOLIA_CHAIN_ID,
+            poolManager: BASE_SEPOLIA_POOL_MANAGER,
+            create2Deployer: CREATE2_DEPLOYER,
+            targetFlags: FLOWMEMORY_AFTER_SWAP_FLAGS,
+            initCodeHash: initCodeHash,
+            salt: salt,
+            hookAddress: hookAddress
+        });
+    }
+}
diff --git a/crates/flowmemory-devnet/src/cli.rs b/crates/flowmemory-devnet/src/cli.rs
index be02335d..e64d07f8 100644
--- a/crates/flowmemory-devnet/src/cli.rs
+++ b/crates/flowmemory-devnet/src/cli.rs
@@ -198,10 +198,12 @@ fn run(cli: Cli) -> Result<()> {
             print_json(&DemoSummary::from_demo(cli.state, out_dir, &demo))?;
         }
         Command::Smoke { out_dir } => {
-            let first = build_demo_state();
-            let second = build_demo_state();
+            let first = build_smoke_state(10);
+            let second = build_smoke_state(10);
             let deterministic_replay = first.first_block_hash == second.first_block_hash
                 && first.second_block_hash == second.second_block_hash
+                && first.state.parent_hash == second.state.parent_hash
+                && first.state.blocks.len() == second.state.blocks.len()
                 && state_root(&first.state) == state_root(&second.state)
                 && state_map_roots(&first.state) == state_map_roots(&second.state);
             save_state(&cli.state, &first.state)?;
@@ -261,6 +263,14 @@ fn build_demo_state() -> DemoRun {
     }
 }
 
+fn build_smoke_state(min_blocks: usize) -> DemoRun {
+    let mut demo = build_demo_state();
+    while demo.state.blocks.len() < min_blocks {
+        build_block(&mut demo.state);
+    }
+    demo
+}
+
 fn transactions_from_fixture(path: &Path) -> Result<Vec<Transaction>> {
     let body = fs::read_to_string(path)
         .with_context(|| format!("failed to read fixture {}", path.display()))?;
@@ -376,6 +386,8 @@ fn export_handoff(state: &crate::model::ChainState, out_dir: &Path) -> Result<()
         "blockHeight": state.blocks.len(),
         "rootfields": state.rootfields,
         "agentAccounts": state.agent_accounts,
+        "localTestUnitBalances": state.local_test_unit_balances,
+        "faucetRecords": state.faucet_records,
         "modelPassports": state.model_passports,
         "memoryCells": state.memory_cells,
         "challenges": state.challenges,
@@ -394,6 +406,8 @@ fn export_handoff(state: &crate::model::ChainState, out_dir: &Path) -> Result<()
         "importedObservations": state.imported_observations,
         "operatorKeyReferences": state.operator_key_references,
         "agentAccounts": state.agent_accounts,
+        "localTestUnitBalances": state.local_test_unit_balances,
+        "faucetRecords": state.faucet_records,
         "memoryCells": state.memory_cells,
         "challenges": state.challenges,
         "finalityReceipts": state.finality_receipts,
@@ -407,6 +421,8 @@ fn export_handoff(state: &crate::model::ChainState, out_dir: &Path) -> Result<()
         "schema": "flowmemory.verifier_handoff.local_devnet.v0",
         "genesisConfig": state.config,
         "operatorKeyReferences": state.operator_key_references,
+        "localTestUnitBalances": state.local_test_unit_balances,
+        "faucetRecords": state.faucet_records,
         "verifierModules": state.verifier_modules,
         "workReceipts": state.work_receipts,
         "verifierReports": state.verifier_reports,
@@ -431,6 +447,8 @@ fn export_handoff(state: &crate::model::ChainState, out_dir: &Path) -> Result<()
         "objects": {
             "rootfields": state.rootfields,
             "agentAccounts": state.agent_accounts,
+            "localTestUnitBalances": state.local_test_unit_balances,
+            "faucetRecords": state.faucet_records,
             "modelPassports": state.model_passports,
             "memoryCells": state.memory_cells,
             "challenges": state.challenges,
@@ -518,6 +536,8 @@ struct StateSummary {
     blocks: usize,
     rootfields: usize,
     agent_accounts: usize,
+    local_test_unit_balances: usize,
+    faucet_records: usize,
     model_passports: usize,
     memory_cells: usize,
     challenges: usize,
@@ -547,6 +567,8 @@ impl StateSummary {
             blocks: state.blocks.len(),
             rootfields: state.rootfields.len(),
             agent_accounts: state.agent_accounts.len(),
+            local_test_unit_balances: state.local_test_unit_balances.len(),
+            faucet_records: state.faucet_records.len(),
             model_passports: state.model_passports.len(),
             memory_cells: state.memory_cells.len(),
             challenges: state.challenges.len(),
@@ -657,6 +679,10 @@ struct DemoSummary {
     state_root: String,
     agent_id: String,
     agent_registered: bool,
+    local_balance_account_id: String,
+    local_balance_units: u64,
+    faucet_record_id: String,
+    faucet_record_created: bool,
     work_receipt_id: String,
     work_receipt_submitted: bool,
     verifier_report_id: String,
@@ -681,6 +707,15 @@ impl DemoSummary {
             state_root: state_root(&demo.state),
             agent_id: "agent:demo:alpha".to_string(),
             agent_registered: demo.state.agent_accounts.contains_key("agent:demo:alpha"),
+            local_balance_account_id: "local-balance:demo:agent-alpha".to_string(),
+            local_balance_units: demo
+                .state
+                .local_test_unit_balances
+                .get("local-balance:demo:agent-alpha")
+                .map(|balance| balance.units)
+                .unwrap_or(0),
+            faucet_record_id: "faucet:demo:001".to_string(),
+            faucet_record_created: demo.state.faucet_records.contains_key("faucet:demo:001"),
             work_receipt_id: "receipt:demo:001".to_string(),
             work_receipt_submitted: demo.state.work_receipts.contains_key("receipt:demo:001"),
             verifier_report_id: "report:demo:001".to_string(),
@@ -714,6 +749,8 @@ struct SmokeSummary {
     state_path: PathBuf,
     out_dir: PathBuf,
     state_root: String,
+    block_height: usize,
+    latest_block_hash: String,
     deterministic_replay: bool,
     checks: SmokeChecks,
     handoff_files: Vec<String>,
@@ -725,6 +762,9 @@ struct SmokeChecks {
     genesis_config_initialized: bool,
     operator_key_reference_present: bool,
     agent_registered: bool,
+    local_test_unit_balance_created: bool,
+    faucet_record_created: bool,
+    local_test_unit_balance_units: u64,
     model_registered: bool,
     work_receipt_submitted: bool,
     artifact_available: bool,
@@ -749,11 +789,24 @@ impl SmokeSummary {
             state_path,
             out_dir,
             state_root: state_root(&demo.state),
+            block_height: demo.state.blocks.len(),
+            latest_block_hash: demo.state.parent_hash.clone(),
             deterministic_replay,
             checks: SmokeChecks {
                 genesis_config_initialized: demo.state.config.no_value,
                 operator_key_reference_present: !demo.state.operator_key_references.is_empty(),
                 agent_registered: demo.state.agent_accounts.contains_key("agent:demo:alpha"),
+                local_test_unit_balance_created: demo
+                    .state
+                    .local_test_unit_balances
+                    .contains_key("local-balance:demo:agent-alpha"),
+                faucet_record_created: demo.state.faucet_records.contains_key("faucet:demo:001"),
+                local_test_unit_balance_units: demo
+                    .state
+                    .local_test_unit_balances
+                    .get("local-balance:demo:agent-alpha")
+                    .map(|balance| balance.units)
+                    .unwrap_or(0),
                 model_registered: demo
                     .state
                     .model_passports
diff --git a/crates/flowmemory-devnet/src/lib.rs b/crates/flowmemory-devnet/src/lib.rs
index 55fd466f..652040cc 100644
--- a/crates/flowmemory-devnet/src/lib.rs
+++ b/crates/flowmemory-devnet/src/lib.rs
@@ -7,9 +7,9 @@ pub use cli::run_cli;
 pub use hash::{canonical_json, keccak_hex};
 pub use model::{
     AgentAccount, ArtifactAvailabilityProof, BaseAnchorPlaceholder, Block, BlockReceipt,
-    ChainState, Challenge, DevnetConfig, DevnetError, FinalityReceipt,
-    ImportedFlowPulseObservation, ImportedVerifierReport, MemoryCell, ModelPassport,
-    OperatorKeyReference, StateMapRoots, Transaction, TxEnvelope, VerifierModule,
+    ChainState, Challenge, DevnetConfig, DevnetError, FaucetRecord, FinalityReceipt,
+    ImportedFlowPulseObservation, ImportedVerifierReport, LocalTestUnitBalance, MemoryCell,
+    ModelPassport, OperatorKeyReference, StateMapRoots, Transaction, TxEnvelope, VerifierModule,
     apply_transaction, build_block, default_config, default_operator_key_references, genesis_state,
     state_map_roots, state_root,
 };
diff --git a/crates/flowmemory-devnet/src/model.rs b/crates/flowmemory-devnet/src/model.rs
index e748e211..446150a2 100644
--- a/crates/flowmemory-devnet/src/model.rs
+++ b/crates/flowmemory-devnet/src/model.rs
@@ -21,6 +21,16 @@ pub enum DevnetError {
     AgentMissing(String),
     #[error("agent is inactive: {0}")]
     AgentInactive(String),
+    #[error("local test-unit balance already exists: {0}")]
+    LocalTestUnitBalanceAlreadyExists(String),
+    #[error("local test-unit balance does not exist: {0}")]
+    LocalTestUnitBalanceMissing(String),
+    #[error("local test-unit balance overflow: {0}")]
+    LocalTestUnitBalanceOverflow(String),
+    #[error("faucet record already exists: {0}")]
+    FaucetRecordAlreadyExists(String),
+    #[error("faucet amount must be greater than zero: {0}")]
+    FaucetAmountMustBePositive(String),
     #[error("model passport already exists: {0}")]
     ModelPassportAlreadyExists(String),
     #[error("model passport does not exist: {0}")]
@@ -100,6 +110,10 @@ pub struct ChainState {
     #[serde(default)]
     pub agent_accounts: BTreeMap<String, AgentAccount>,
     #[serde(default)]
+    pub local_test_unit_balances: BTreeMap<String, LocalTestUnitBalance>,
+    #[serde(default)]
+    pub faucet_records: BTreeMap<String, FaucetRecord>,
+    #[serde(default)]
     pub model_passports: BTreeMap<String, ModelPassport>,
     #[serde(default)]
     pub memory_cells: BTreeMap<String, MemoryCell>,
@@ -175,6 +189,30 @@ pub struct AgentAccount {
     pub active: bool,
 }
 
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct LocalTestUnitBalance {
+    pub account_id: String,
+    pub owner: String,
+    pub units: u64,
+    pub total_faucet_units: u64,
+    pub last_faucet_record_id: Option<String>,
+    pub updated_at_block: u64,
+    pub no_value: bool,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct FaucetRecord {
+    pub faucet_record_id: String,
+    pub account_id: String,
+    pub recipient: String,
+    pub amount_units: u64,
+    pub reason: String,
+    pub credited_at_block: u64,
+    pub no_value: bool,
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 #[serde(rename_all = "camelCase")]
 pub struct ModelPassport {
@@ -329,6 +367,10 @@ pub struct BaseAnchorPlaceholder {
     #[serde(default)]
     pub agent_account_root: String,
     #[serde(default)]
+    pub local_test_unit_balance_root: String,
+    #[serde(default)]
+    pub faucet_record_root: String,
+    #[serde(default)]
     pub model_passport_root: String,
     #[serde(default)]
     pub memory_cell_root: String,
@@ -363,6 +405,17 @@ pub enum Transaction {
         model_passport_id: Option<String>,
         metadata_hash: String,
     },
+    CreateLocalTestUnitBalance {
+        account_id: String,
+        owner: String,
+    },
+    FaucetLocalTestUnits {
+        faucet_record_id: String,
+        account_id: String,
+        recipient: String,
+        amount_units: u64,
+        reason: String,
+    },
     RegisterModelPassport {
         model_passport_id: String,
         issuer: String,
@@ -487,6 +540,8 @@ struct StateCommitmentView<'a> {
     operator_key_references: &'a BTreeMap<String, OperatorKeyReference>,
     rootfields: &'a BTreeMap<String, Rootfield>,
     agent_accounts: &'a BTreeMap<String, AgentAccount>,
+    local_test_unit_balances: &'a BTreeMap<String, LocalTestUnitBalance>,
+    faucet_records: &'a BTreeMap<String, FaucetRecord>,
     model_passports: &'a BTreeMap<String, ModelPassport>,
     memory_cells: &'a BTreeMap<String, MemoryCell>,
     challenges: &'a BTreeMap<String, Challenge>,
@@ -514,6 +569,8 @@ pub struct StateMapRoots {
     pub operator_key_reference_root: String,
     pub rootfield_state_root: String,
     pub agent_account_root: String,
+    pub local_test_unit_balance_root: String,
+    pub faucet_record_root: String,
     pub model_passport_root: String,
     pub memory_cell_root: String,
     pub challenge_root: String,
@@ -580,6 +637,8 @@ pub fn genesis_state() -> ChainState {
         operator_key_references: default_operator_key_references(),
         rootfields: BTreeMap::new(),
         agent_accounts: BTreeMap::new(),
+        local_test_unit_balances: BTreeMap::new(),
+        faucet_records: BTreeMap::new(),
         model_passports: BTreeMap::new(),
         memory_cells: BTreeMap::new(),
         challenges: BTreeMap::new(),
@@ -618,6 +677,8 @@ pub fn state_root(state: &ChainState) -> String {
         operator_key_references: &state.operator_key_references,
         rootfields: &state.rootfields,
         agent_accounts: &state.agent_accounts,
+        local_test_unit_balances: &state.local_test_unit_balances,
+        faucet_records: &state.faucet_records,
         model_passports: &state.model_passports,
         memory_cells: &state.memory_cells,
         challenges: &state.challenges,
@@ -652,6 +713,14 @@ pub fn state_map_roots(state: &ChainState) -> StateMapRoots {
             "flowmemory.local_devnet.agent_accounts.v0",
             &state.agent_accounts,
         ),
+        local_test_unit_balance_root: map_root(
+            "flowmemory.local_devnet.local_test_unit_balances.v0",
+            &state.local_test_unit_balances,
+        ),
+        faucet_record_root: map_root(
+            "flowmemory.local_devnet.faucet_records.v0",
+            &state.faucet_records,
+        ),
         model_passport_root: map_root(
             "flowmemory.local_devnet.model_passports.v0",
             &state.model_passports,
@@ -796,6 +865,69 @@ pub fn apply_transaction(state: &mut ChainState, tx: &Transaction) -> Result<(),
                 },
             );
         }
+        Transaction::CreateLocalTestUnitBalance { account_id, owner } => {
+            if state.local_test_unit_balances.contains_key(account_id) {
+                return Err(DevnetError::LocalTestUnitBalanceAlreadyExists(
+                    account_id.clone(),
+                ));
+            }
+            state.local_test_unit_balances.insert(
+                account_id.clone(),
+                LocalTestUnitBalance {
+                    account_id: account_id.clone(),
+                    owner: owner.clone(),
+                    units: 0,
+                    total_faucet_units: 0,
+                    last_faucet_record_id: None,
+                    updated_at_block: state.next_block_number,
+                    no_value: true,
+                },
+            );
+        }
+        Transaction::FaucetLocalTestUnits {
+            faucet_record_id,
+            account_id,
+            recipient,
+            amount_units,
+            reason,
+        } => {
+            if *amount_units == 0 {
+                return Err(DevnetError::FaucetAmountMustBePositive(
+                    faucet_record_id.clone(),
+                ));
+            }
+            if state.faucet_records.contains_key(faucet_record_id) {
+                return Err(DevnetError::FaucetRecordAlreadyExists(
+                    faucet_record_id.clone(),
+                ));
+            }
+            let balance = state
+                .local_test_unit_balances
+                .get_mut(account_id)
+                .ok_or_else(|| DevnetError::LocalTestUnitBalanceMissing(account_id.clone()))?;
+            balance.units = balance
+                .units
+                .checked_add(*amount_units)
+                .ok_or_else(|| DevnetError::LocalTestUnitBalanceOverflow(account_id.clone()))?;
+            balance.total_faucet_units = balance
+                .total_faucet_units
+                .checked_add(*amount_units)
+                .ok_or_else(|| DevnetError::LocalTestUnitBalanceOverflow(account_id.clone()))?;
+            balance.last_faucet_record_id = Some(faucet_record_id.clone());
+            balance.updated_at_block = state.next_block_number;
+            state.faucet_records.insert(
+                faucet_record_id.clone(),
+                FaucetRecord {
+                    faucet_record_id: faucet_record_id.clone(),
+                    account_id: account_id.clone(),
+                    recipient: recipient.clone(),
+                    amount_units: *amount_units,
+                    reason: reason.clone(),
+                    credited_at_block: state.next_block_number,
+                    no_value: true,
+                },
+            );
+        }
         Transaction::RegisterModelPassport {
             model_passport_id,
             issuer,
@@ -1216,6 +1348,8 @@ pub fn anchor_from_state(
         artifact_commitment_root: &'a str,
         operator_key_reference_root: &'a str,
         agent_account_root: &'a str,
+        local_test_unit_balance_root: &'a str,
+        faucet_record_root: &'a str,
         model_passport_root: &'a str,
         memory_cell_root: &'a str,
         challenge_root: &'a str,
@@ -1240,6 +1374,8 @@ pub fn anchor_from_state(
             artifact_commitment_root: &roots.artifact_commitment_root,
             operator_key_reference_root: &roots.operator_key_reference_root,
             agent_account_root: &roots.agent_account_root,
+            local_test_unit_balance_root: &roots.local_test_unit_balance_root,
+            faucet_record_root: &roots.faucet_record_root,
             model_passport_root: &roots.model_passport_root,
             memory_cell_root: &roots.memory_cell_root,
             challenge_root: &roots.challenge_root,
@@ -1263,6 +1399,8 @@ pub fn anchor_from_state(
         artifact_commitment_root: roots.artifact_commitment_root,
         operator_key_reference_root: roots.operator_key_reference_root,
         agent_account_root: roots.agent_account_root,
+        local_test_unit_balance_root: roots.local_test_unit_balance_root,
+        faucet_record_root: roots.faucet_record_root,
         model_passport_root: roots.model_passport_root,
         memory_cell_root: roots.memory_cell_root,
         challenge_root: roots.challenge_root,
@@ -1278,6 +1416,7 @@ pub fn demo_transactions() -> Vec<Transaction> {
     let rootfield_id = "rootfield:demo:alpha".to_string();
     let model_passport_id = "model:demo:local-alpha".to_string();
     let agent_id = "agent:demo:alpha".to_string();
+    let local_balance_account_id = "local-balance:demo:agent-alpha".to_string();
     let verifier_id = "verifier:local-demo".to_string();
     let artifact_id = "artifact:demo:001".to_string();
     let artifact_commitment = keccak_hex(b"flowmemory.demo.artifact.v0");
@@ -1306,6 +1445,17 @@ pub fn demo_transactions() -> Vec<Transaction> {
             model_passport_id: Some(model_passport_id),
             metadata_hash: keccak_hex(b"flowmemory.demo.agent.metadata"),
         },
+        Transaction::CreateLocalTestUnitBalance {
+            account_id: local_balance_account_id.clone(),
+            owner: agent_id.clone(),
+        },
+        Transaction::FaucetLocalTestUnits {
+            faucet_record_id: "faucet:demo:001".to_string(),
+            account_id: local_balance_account_id,
+            recipient: agent_id.clone(),
+            amount_units: 1_000,
+            reason: "local-smoke-no-value-test-units".to_string(),
+        },
         Transaction::RegisterVerifierModule {
             verifier_id: verifier_id.clone(),
             operator: "operator:local-demo".to_string(),
diff --git a/crates/flowmemory-devnet/tests/devnet_tests.rs b/crates/flowmemory-devnet/tests/devnet_tests.rs
index 09691c95..2dbf9061 100644
--- a/crates/flowmemory-devnet/tests/devnet_tests.rs
+++ b/crates/flowmemory-devnet/tests/devnet_tests.rs
@@ -249,6 +249,8 @@ fn every_core_transaction_type_can_be_applied() {
     );
     assert_eq!(state.rootfields.len(), 1);
     assert_eq!(state.agent_accounts.len(), 1);
+    assert_eq!(state.local_test_unit_balances.len(), 1);
+    assert_eq!(state.faucet_records.len(), 1);
     assert_eq!(state.model_passports.len(), 1);
     assert_eq!(state.memory_cells.len(), 1);
     assert_eq!(state.challenges.len(), 1);
@@ -284,6 +286,23 @@ fn duplicate_ids_are_rejected_for_new_objects() {
         Err(DevnetError::AgentAlreadyExists("agent:dup".to_string()))
     );
 
+    let balance = create_balance_tx("local-balance:dup", "agent:dup");
+    apply_transaction(&mut state, &balance).unwrap();
+    assert_eq!(
+        apply_transaction(&mut state, &balance),
+        Err(DevnetError::LocalTestUnitBalanceAlreadyExists(
+            "local-balance:dup".to_string()
+        ))
+    );
+    let faucet = faucet_tx("faucet:dup", "local-balance:dup", "agent:dup", 10);
+    apply_transaction(&mut state, &faucet).unwrap();
+    assert_eq!(
+        apply_transaction(&mut state, &faucet),
+        Err(DevnetError::FaucetRecordAlreadyExists(
+            "faucet:dup".to_string()
+        ))
+    );
+
     let verifier = register_verifier_module_tx("verifier:dup");
     apply_transaction(&mut state, &verifier).unwrap();
     assert_eq!(
@@ -340,6 +359,64 @@ fn duplicate_ids_are_rejected_for_new_objects() {
     );
 }
 
+#[test]
+fn local_test_unit_faucet_updates_balance_without_value_claims() {
+    let mut state = genesis_state();
+    apply_transaction(
+        &mut state,
+        &create_balance_tx("local-balance:test", "agent:test"),
+    )
+    .unwrap();
+    apply_transaction(
+        &mut state,
+        &faucet_tx("faucet:test:001", "local-balance:test", "agent:test", 25),
+    )
+    .unwrap();
+
+    let balance = state
+        .local_test_unit_balances
+        .get("local-balance:test")
+        .expect("balance");
+    assert_eq!(balance.units, 25);
+    assert_eq!(balance.total_faucet_units, 25);
+    assert_eq!(
+        balance.last_faucet_record_id.as_deref(),
+        Some("faucet:test:001")
+    );
+    assert!(balance.no_value);
+    assert!(
+        state
+            .faucet_records
+            .get("faucet:test:001")
+            .expect("faucet record")
+            .no_value
+    );
+
+    assert_eq!(
+        apply_transaction(
+            &mut state,
+            &faucet_tx("faucet:test:zero", "local-balance:test", "agent:test", 0),
+        ),
+        Err(DevnetError::FaucetAmountMustBePositive(
+            "faucet:test:zero".to_string()
+        ))
+    );
+    assert_eq!(
+        apply_transaction(
+            &mut state,
+            &faucet_tx(
+                "faucet:test:missing",
+                "local-balance:missing",
+                "agent:test",
+                1
+            ),
+        ),
+        Err(DevnetError::LocalTestUnitBalanceMissing(
+            "local-balance:missing".to_string()
+        ))
+    );
+}
+
 #[test]
 fn memory_update_rejects_missing_or_failed_source_receipt() {
     let mut missing = genesis_state();
@@ -512,14 +589,80 @@ fn cli_smoke_runs_full_flow() {
     let summary: serde_json::Value =
         serde_json::from_slice(&output.stdout).expect("smoke summary json");
     assert_eq!(summary["deterministicReplay"], true);
+    assert_eq!(summary["blockHeight"], 10);
     assert_eq!(summary["checks"]["genesisConfigInitialized"], true);
     assert_eq!(summary["checks"]["operatorKeyReferencePresent"], true);
+    assert_eq!(summary["checks"]["localTestUnitBalanceCreated"], true);
+    assert_eq!(summary["checks"]["faucetRecordCreated"], true);
+    assert_eq!(summary["checks"]["localTestUnitBalanceUnits"], 1000);
     assert_eq!(summary["checks"]["receiptFinalized"], true);
     assert!(out_dir.join("control-plane-handoff.json").exists());
 
     std::fs::remove_dir_all(&temp).expect("cleanup temp dir");
 }
 
+#[test]
+fn cli_start_runs_10_blocks_and_state_survives_restart() {
+    let temp = temp_dir("start-10-restart");
+    let state = temp.join("state.json");
+
+    let first = Command::new(env!("CARGO_BIN_EXE_flowmemory-devnet"))
+        .args([
+            "--state",
+            state.to_str().expect("state path"),
+            "start",
+            "--blocks",
+            "10",
+        ])
+        .output()
+        .expect("start 10 blocks");
+    assert!(first.status.success());
+
+    let inspect = Command::new(env!("CARGO_BIN_EXE_flowmemory-devnet"))
+        .args([
+            "--state",
+            state.to_str().expect("state path"),
+            "inspect-state",
+            "--summary",
+        ])
+        .output()
+        .expect("inspect after restart");
+    assert!(inspect.status.success());
+    let summary: serde_json::Value =
+        serde_json::from_slice(&inspect.stdout).expect("inspect summary");
+    assert_eq!(summary["blocks"], 10);
+    assert_eq!(summary["nextBlockNumber"], 11);
+
+    let second = Command::new(env!("CARGO_BIN_EXE_flowmemory-devnet"))
+        .args([
+            "--state",
+            state.to_str().expect("state path"),
+            "start",
+            "--blocks",
+            "1",
+        ])
+        .output()
+        .expect("start one more block");
+    assert!(second.status.success());
+
+    let inspect_again = Command::new(env!("CARGO_BIN_EXE_flowmemory-devnet"))
+        .args([
+            "--state",
+            state.to_str().expect("state path"),
+            "inspect-state",
+            "--summary",
+        ])
+        .output()
+        .expect("inspect after second restart");
+    assert!(inspect_again.status.success());
+    let summary_again: serde_json::Value =
+        serde_json::from_slice(&inspect_again.stdout).expect("inspect summary again");
+    assert_eq!(summary_again["blocks"], 11);
+    assert_eq!(summary_again["nextBlockNumber"], 12);
+
+    std::fs::remove_dir_all(&temp).expect("cleanup temp dir");
+}
+
 #[test]
 fn cli_generated_handoff_files_are_deterministic() {
     let temp = temp_dir("deterministic-handoff");
@@ -741,6 +884,28 @@ fn register_agent_tx(agent_id: &str, model_passport_id: Option<&str>) -> Transac
     }
 }
 
+fn create_balance_tx(account_id: &str, owner: &str) -> Transaction {
+    Transaction::CreateLocalTestUnitBalance {
+        account_id: account_id.to_string(),
+        owner: owner.to_string(),
+    }
+}
+
+fn faucet_tx(
+    faucet_record_id: &str,
+    account_id: &str,
+    recipient: &str,
+    amount_units: u64,
+) -> Transaction {
+    Transaction::FaucetLocalTestUnits {
+        faucet_record_id: faucet_record_id.to_string(),
+        account_id: account_id.to_string(),
+        recipient: recipient.to_string(),
+        amount_units,
+        reason: "unit-test-no-value".to_string(),
+    }
+}
+
 fn register_verifier_module_tx(verifier_id: &str) -> Transaction {
     Transaction::RegisterVerifierModule {
         verifier_id: verifier_id.to_string(),
diff --git a/crypto/FLOWCHAIN_LOCAL_ALPHA_OBJECTS.md b/crypto/FLOWCHAIN_LOCAL_ALPHA_OBJECTS.md
index a82f207a..7fc9a67b 100644
--- a/crypto/FLOWCHAIN_LOCAL_ALPHA_OBJECTS.md
+++ b/crypto/FLOWCHAIN_LOCAL_ALPHA_OBJECTS.md
@@ -61,6 +61,10 @@ pre-hashed before entering the typed object.
 | MemoryCell | `memoryCellId` | `memoryCellV0` | `memoryCellId` | `memoryCellId` |
 | Challenge | `challengeId` | `challengeV0` | `challengeId` | `challengeId` |
 | FinalityReceipt | `finalityReceiptId` | `finalityReceiptV0` | `finalityReceiptId` | `finalityReceiptId` |
+| BridgeDeposit | `depositId` | `bridgeDepositV0` | `bridgeDepositId` | `bridgeDepositId` |
+| BridgeCredit | `creditId` | `bridgeCreditV0` | `bridgeCreditId` | `bridgeCreditId` |
+| BridgeWithdrawal | `withdrawalId` | `bridgeWithdrawalV0` | `bridgeWithdrawalId` | `bridgeWithdrawalId` |
+| Local balance record | `balanceRecordId` | `localBalanceRecordV0` | `localBalanceRecordId` | `localBalanceRecordId` |
 | HardwareSignalEnvelope | `hardwareSignalEnvelopeId` | `hardwareSignalEnvelopeV0` | `hardwareSignalEnvelopeId` | `hardwareSignalEnvelopeId` |
 | Control-plane provenance response | `provenanceResponseId` | `controlPlaneProvenanceResponseV0` | `controlPlaneProvenanceResponseId` | `controlPlaneProvenanceResponseId` |
 
@@ -77,6 +81,13 @@ domain separator, signer ID, signer key ID, signer role, sequence, validity
 window, and nonce. The signing digest is the local EIP-712 style digest over
 that struct hash and the object domain separator.
 
+`LocalTransactionEnvelope` uses `localTransactionEnvelopeV0` and
+`localTransactionEnvelopeHash`. It signs the local chain id, transaction domain
+separator, signer ID, signer key ID, signer role, transaction nonce, canonical
+JSON payload hash, object ID, object type hash, and issue time. The transaction
+domain is chain-bound as
+`flowchain.local-alpha.v0.local-transaction-envelope:chain:<chainId>`.
+
 Runnable definitions live in `crypto/src/objects.js`.
 
 Canonical object fixtures live in:
@@ -103,8 +114,13 @@ schemas/flowmemory/verifier-module.schema.json
 schemas/flowmemory/verifier-report.schema.json
 schemas/flowmemory/challenge.schema.json
 schemas/flowmemory/finality-receipt.schema.json
+schemas/flowmemory/bridge-deposit.schema.json
+schemas/flowmemory/bridge-credit.schema.json
+schemas/flowmemory/bridge-withdrawal.schema.json
+schemas/flowmemory/local-balance-record.schema.json
 schemas/flowmemory/hardware-signal-envelope.schema.json
 schemas/flowmemory/local-signature-envelope.schema.json
+schemas/flowmemory/local-transaction-envelope.schema.json
 schemas/flowmemory/control-plane-provenance-response.schema.json
 ```
 
@@ -119,6 +135,16 @@ Local Alpha accepts four signer roles:
 | `verifier` | local verifier module/report signer | Signs verifier modules, verifier reports, and finality receipts as testnet statements, not trustless proofs. |
 | `hardware` | FlowRouter or simulator device key | Signs low-bandwidth control envelopes only. Heavy payloads remain off-chain. |
 
+## Local Test Wallet Boundary
+
+`crypto/src/wallet.js` implements an encrypted local test vault for private/local
+smoke runs. It supports create, unlock, public account listing, public metadata
+export, transaction signing, verification, account addition, and key rotation.
+The vault encrypts private keys with scrypt plus AES-256-GCM. Public metadata
+exports intentionally omit private keys, mnemonics, seed material, and
+ciphertext. This is a local test utility, not production custody or audited key
+management.
+
 Envelope validation requires:
 
 - `objectSchema`, `objectType`, and `objectTypeHash` match the document schema.
@@ -131,10 +157,11 @@ Envelope validation requires:
 - the caller supplies replay context and rejects repeated signer/domain/sequence tuples.
 - critical object hashes are nonzero, dependency roots are well-formed, parent/root relationships are coherent, and the object type is not swapped.
 
-The fixture validator covers invalid vectors for replay, wrong domain, missing
-signer, bad signature, zero hash, malformed ID, malformed dependency, bad
-parent/root, and wrong object type. Every Local Alpha object envelope also has a
-valid fixture and a bad-signature invalid fixture.
+The fixture validator covers invalid vectors for replay, wrong chain id, wrong
+domain, wrong signer, missing signer, bad signature, zero hash, malformed ID,
+malformed dependency, malformed bridge deposit, bad parent/root, and wrong
+object type. Every Local Alpha object envelope also has a valid fixture and a
+bad-signature invalid fixture.
 
 ## Consumer Rules
 
@@ -178,6 +205,7 @@ V0 also proves:
 - domain/type-string separation for each object class;
 - malformed hex rejection for bytes32/address fields;
 - canonical JSON stability for pre-hashed control-plane response bodies;
+- chain-bound transaction envelope signatures over payload hashes and nonces;
 - duplicate ID detection in fixture validation;
 - explicit finality and challenge state labels for local/test consumers.
 
diff --git a/crypto/FLOWMEMORY_CRYPTO_SPEC.md b/crypto/FLOWMEMORY_CRYPTO_SPEC.md
index 44b23c46..da426679 100644
--- a/crypto/FLOWMEMORY_CRYPTO_SPEC.md
+++ b/crypto/FLOWMEMORY_CRYPTO_SPEC.md
@@ -138,8 +138,8 @@ The current package implements:
 - deterministic verifier reports
 - verifier signature envelopes
 - reorg-aware status handling
-- FlowChain Local Alpha object identity for agent accounts, model passports, work receipts, artifact availability proofs, verifier modules, verifier reports, memory cells, challenges, finality receipts, hardware signal envelopes, and control-plane provenance responses
-- Local Alpha operator, agent, verifier, and hardware signature envelope payloads and validators for replay, wrong domain, missing signer, zero hash, malformed id, malformed dependency, bad parent/root, and wrong object type checks
+- FlowChain Local Alpha object identity for agent accounts, model passports, work receipts, artifact availability proofs, verifier modules, verifier reports, memory cells, challenges, finality receipts, bridge deposits, bridge credits, bridge withdrawals, local balance records, hardware signal envelopes, and control-plane provenance responses
+- Local Alpha operator, agent, verifier, and hardware signature envelope payloads plus chain-bound local transaction envelopes and validators for replay, wrong chain id, wrong domain, wrong signer, missing signer, zero hash, malformed id, malformed dependency, malformed bridge deposit, bad parent/root, and wrong object type checks
 - test vectors and cross-language conformance tests
 
 The runnable package in `crypto/src/` currently implements the v0 hash utilities and tests them against fixtures in `crypto/fixtures/`.
@@ -151,7 +151,7 @@ MVP should remain verifier-attested for:
 - storage provider claims
 - model or worker behavior
 - final status labels before proof systems exist
-- local operator-vault policy; current fixture keys are deterministic no-value test keys and do not represent wallet custody, production account control, or transferable value
+- local encrypted test-vault policy; committed fixtures expose deterministic no-value public keys only and do not represent wallet custody, production account control, or transferable value
 
 ## Future Split
 
diff --git a/crypto/README.md b/crypto/README.md
index 93cd96ea..71792c89 100644
--- a/crypto/README.md
+++ b/crypto/README.md
@@ -40,6 +40,19 @@ canonical JSON Schemas:
 npm run validate:local-alpha
 ```
 
+Create and use a local encrypted no-value test vault:
+
+```powershell
+$env:FLOWMEMORY_TEST_WALLET_PASSWORD="local-test-password"
+npm run wallet:create -- --vault .\tmp-local-vault.json
+npm run wallet:sign -- --vault .\tmp-local-vault.json --document .\fixtures\some-object.json --chain-id 31337 --nonce 1 --out .\tmp-envelope.json
+npm run wallet:verify -- --document .\fixtures\some-object.json --envelope .\tmp-envelope.json --chain-id 31337
+```
+
+The wallet commands are for local/private testnet smoke use only. Public exports
+contain signer metadata and public keys; private keys, mnemonics, seed material,
+and ciphertext are not exported as public metadata.
+
 ## Read Order
 
 1. `FLOWMEMORY_CRYPTO_SPEC.md`
@@ -50,7 +63,7 @@ npm run validate:local-alpha
 6. `FLOWCHAIN_LOCAL_ALPHA_OBJECTS.md`
 7. `TEST_VECTORS.md`
 
-Runnable fixtures live in `fixtures/`. `fixtures/vectors.json` contains the current 33 package-level vectors. `fixtures/local-alpha-objects.json` contains positive and negative Local Alpha object and signed-envelope fixtures. Supporting cross-language vectors live in `test-vectors/`.
+Runnable fixtures live in `fixtures/`. `fixtures/vectors.json` contains the current 38 package-level vectors. `fixtures/local-alpha-objects.json` contains positive and negative Local Alpha object, signed-envelope, and transaction-envelope fixtures. Supporting cross-language vectors live in `test-vectors/`.
 
 Validate the current vector set with:
 
@@ -68,12 +81,13 @@ The Python validator is a cross-check for the FlowPulse aggregate vector. The pr
 - `artifactRoot`: commitment to off-chain artifact bytes and metadata.
 - `reportId`: deterministic identifier for a verifier report.
 - `attestation`: signed worker or verifier envelope over a receipt, report, artifact, or root.
-- Local Alpha object IDs: canonical IDs for `AgentAccount`, `ModelPassport`, `WorkReceipt`, `ArtifactAvailabilityProof`, `VerifierModule`, `VerifierReport`, `MemoryCell`, `Challenge`, `FinalityReceipt`, hardware signal envelopes, and control-plane provenance responses.
+- Local Alpha object IDs: canonical IDs for `AgentAccount`, `ModelPassport`, `WorkReceipt`, `ArtifactAvailabilityProof`, `VerifierModule`, `VerifierReport`, `MemoryCell`, `Challenge`, `FinalityReceipt`, `BridgeDeposit`, `BridgeCredit`, `BridgeWithdrawal`, local balance records, hardware signal envelopes, and control-plane provenance responses.
 - Local Alpha signature envelopes: local operator, agent, verifier, and hardware secp256k1 test signatures over typed object IDs. These are no-value local/test keys and are not wallet custody or production key-management claims.
+- Local transaction envelopes: chain-bound signed envelopes over canonical JSON payload hashes, object IDs, signer IDs, signer key IDs, signer roles, nonces, and domain separators.
 
 ## Implemented Helpers
 
-The package exports Keccak helpers, canonical JSON hashing, typed hash utilities, FlowPulse observation ids, cursor ids, report digests, receipt hashes, artifact/root commitments, work receipt ids, Local Alpha object ids, hardware signal envelope ids, Local Alpha signature envelope payloads, envelope validators, Merkle roots, worker/verifier signature payloads, verifier attestation envelope hashes, and local secp256k1 sign/verify helpers for tests.
+The package exports Keccak helpers, canonical JSON hashing, typed hash utilities, FlowPulse observation ids, cursor ids, report digests, receipt hashes, artifact/root commitments, work receipt ids, Local Alpha object ids, bridge/balance object ids, hardware signal envelope ids, Local Alpha signature and transaction envelope payloads, envelope validators, Merkle roots, encrypted local test-vault helpers, worker/verifier signature payloads, verifier attestation envelope hashes, and local secp256k1 sign/verify helpers for tests.
 
 The implementation is ESM JavaScript with `src/index.d.ts` declarations for TypeScript consumers.
 
diff --git a/crypto/TEST_VECTORS.md b/crypto/TEST_VECTORS.md
index 38907e32..0d50b19d 100644
--- a/crypto/TEST_VECTORS.md
+++ b/crypto/TEST_VECTORS.md
@@ -9,8 +9,8 @@ The test vectors are synthetic and contain no production secrets or signatures.
 - `fixtures/sample-flowpulse.json`: FlowPulse event args and expected `pulseId` / `eventArgsHash`.
 - `fixtures/sample-observation.json`: observation metadata, artifact/storage inputs, and expected `observationId` / `receiptHash`.
 - `fixtures/sample-report.json`: verifier report, worker signature payload, verifier signature payload, and attestation envelope expectations.
-- `fixtures/local-alpha-objects.json`: positive and negative fixtures for FlowChain Local Alpha object identity, signed-envelope validation, and schema validation.
-- `fixtures/vectors.json`: 33 package-level vectors for domains, canonical JSON, observation ids, receipts, artifacts, Merkle roots, reports, attestations, cursors, identities, root commitments, work receipts, devnet block hashes, Local Alpha object ids, hardware signal envelopes, and local signature envelopes.
+- `fixtures/local-alpha-objects.json`: positive and negative fixtures for FlowChain Local Alpha object identity, signed-envelope validation, transaction-envelope validation, and schema validation.
+- `fixtures/vectors.json`: 38 package-level vectors for domains, canonical JSON, observation ids, receipts, artifacts, Merkle roots, reports, attestations, cursors, identities, root commitments, work receipts, devnet block hashes, Local Alpha object ids, bridge/balance ids, hardware signal envelopes, local signature envelopes, and local transaction envelopes.
 - `test-vectors/flowpulse-observation-v0.json`: FlowPulse-specific observation, receipt, artifact, report, worker signature digest, and verifier signature digest.
 
 ## FlowPulse Observation Vector Highlights
@@ -50,8 +50,9 @@ An implementation should reproduce:
 - Merkle root and artifact root
 - deterministic verifier report id
 - EIP-712 signing digests without requiring test private keys
-- Local Alpha object IDs for AgentAccount, ModelPassport, WorkReceipt, ArtifactAvailabilityProof, VerifierModule, VerifierReport, MemoryCell, Challenge, FinalityReceipt, hardware signal envelopes, and control-plane provenance responses
+- Local Alpha object IDs for AgentAccount, ModelPassport, WorkReceipt, ArtifactAvailabilityProof, VerifierModule, VerifierReport, MemoryCell, Challenge, FinalityReceipt, BridgeDeposit, BridgeCredit, BridgeWithdrawal, local balance records, hardware signal envelopes, and control-plane provenance responses
 - Local Alpha signature envelope IDs and signing digests for local operator, agent, verifier, and hardware no-value test keys
+- Local transaction envelope IDs, payload hashes, and signing digests for chain-bound local transaction submission
 
 Run the package test suite:
 
@@ -69,7 +70,7 @@ npm run validate:vectors
 Expected output:
 
 ```text
-FLOWMEMORY_CRYPTO_VECTORS_OK 33
+FLOWMEMORY_CRYPTO_VECTORS_OK 38
 ```
 
 Validate the Local Alpha object documents and signature envelopes against the
@@ -119,8 +120,9 @@ FLOWPULSE_VECTOR_RECOMPUTE_OK
 - wrong signature domains should be rejected
 - missing local operator/agent/verifier/hardware signer fields should be rejected
 - each Local Alpha object envelope has a bad-signature invalid vector
-- zero critical hashes, malformed object IDs, malformed dependency roots, bad parent/root relationships, and wrong object types should be rejected
+- zero critical hashes, malformed object IDs, malformed dependency roots, bad parent/root relationships, malformed bridge deposits, and wrong object types should be rejected
+- wrong local transaction chain ids, domains, signers, replayed nonces, and changed object types should be rejected
 - expired worker signature should be rejected by verifier policy
 - reorged observation should not mutate into a verified report
 
-The package tests cover the hash, schema, malformed hex, duplicate, type-string, canonical JSON, signed-envelope, replay, wrong-domain, missing-signer, bad-signature, zero-hash, malformed-dependency, bad-parent/root, and wrong-object-type checks. Expiry and reorg-to-report policy are verifier-service responsibilities because they require policy context, not just hash recomputation.
+The package tests cover the hash, schema, malformed hex, duplicate, type-string, canonical JSON, signed-envelope, transaction-envelope, replay, wrong-chain-id, wrong-domain, wrong-signer, missing-signer, bad-signature, zero-hash, malformed-dependency, malformed-bridge-deposit, bad-parent/root, and wrong-object-type checks. Expiry and reorg-to-report policy are verifier-service responsibilities because they require policy context, not just hash recomputation.
diff --git a/crypto/fixtures/local-alpha-objects.json b/crypto/fixtures/local-alpha-objects.json
index 77735f8e..8080f423 100644
--- a/crypto/fixtures/local-alpha-objects.json
+++ b/crypto/fixtures/local-alpha-objects.json
@@ -376,6 +376,137 @@
         "issuedAtUnixMs": "1778702400000",
         "responseVersion": 0
       }
+    },
+    {
+      "name": "bridge-deposit.demo",
+      "schemaPath": "../../schemas/flowmemory/bridge-deposit.schema.json",
+      "function": "bridgeDepositId",
+      "idField": "depositId",
+      "input": {
+        "sourceChainId": 84532,
+        "sourceContract": "0x1111111111111111111111111111111111111111",
+        "txHash": "0x2222222222222222222222222222222222222222222222222222222222222222",
+        "logIndex": 0,
+        "token": "0x3333333333333333333333333333333333333333",
+        "amount": "20000000",
+        "sender": "0x4444444444444444444444444444444444444444",
+        "flowchainRecipient": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "nonce": "1",
+        "metadataHash": "0x6666666666666666666666666666666666666666666666666666666666666666"
+      },
+      "expected": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+      "document": {
+        "schema": "flowmemory.bridge_deposit.v0",
+        "depositId": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+        "sourceChainId": 84532,
+        "sourceContract": "0x1111111111111111111111111111111111111111",
+        "txHash": "0x2222222222222222222222222222222222222222222222222222222222222222",
+        "logIndex": 0,
+        "token": "0x3333333333333333333333333333333333333333",
+        "amount": "20000000",
+        "sender": "0x4444444444444444444444444444444444444444",
+        "flowchainRecipient": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "nonce": "1",
+        "metadataHash": "0x6666666666666666666666666666666666666666666666666666666666666666",
+        "status": "observed"
+      }
+    },
+    {
+      "name": "bridge-credit.demo",
+      "schemaPath": "../../schemas/flowmemory/bridge-credit.schema.json",
+      "function": "bridgeCreditId",
+      "idField": "creditId",
+      "input": {
+        "depositId": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+        "recipient": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "assetId": "0x4b000bcf935e50d5fb7eacb8a8f4c226ad36a19810a389a39dae72ad1ec012e3",
+        "amount": "20000000",
+        "creditedAtBlockNumber": "3",
+        "creditedAtUnixMs": "1778702400000",
+        "status": 3,
+        "nonce": "0xbef2dad8fd23f339439a0c731866be73a74379128394f7beb6dc01cb4dbbcc91"
+      },
+      "expected": "0xb1d6d957acf4a61f52f1046c792815eab6e1b21f706c4aba88cb0efe2200d1cb",
+      "document": {
+        "schema": "flowchain.bridge_credit.v0",
+        "creditId": "0xb1d6d957acf4a61f52f1046c792815eab6e1b21f706c4aba88cb0efe2200d1cb",
+        "depositId": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+        "recipient": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "assetId": "0x4b000bcf935e50d5fb7eacb8a8f4c226ad36a19810a389a39dae72ad1ec012e3",
+        "amount": "20000000",
+        "creditedAtBlockNumber": "3",
+        "creditedAtUnixMs": "1778702400000",
+        "status": "credited",
+        "statusCode": 3,
+        "nonce": "0xbef2dad8fd23f339439a0c731866be73a74379128394f7beb6dc01cb4dbbcc91"
+      }
+    },
+    {
+      "name": "bridge-withdrawal.demo",
+      "schemaPath": "../../schemas/flowmemory/bridge-withdrawal.schema.json",
+      "function": "bridgeWithdrawalId",
+      "idField": "withdrawalId",
+      "input": {
+        "accountId": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "destinationChainId": 84532,
+        "destinationContract": "0x7777777777777777777777777777777777777777",
+        "token": "0x3333333333333333333333333333333333333333",
+        "amount": "5000000",
+        "recipient": "0x4444444444444444444444444444444444444444",
+        "requestedAtBlockNumber": "5",
+        "requestedAtUnixMs": "1778702400000",
+        "status": 4,
+        "nonce": "0x90a33185cd5337c093753c06818955d98ac711a9352d397ab3ccc5aee91921d2",
+        "metadataHash": "0xce908e6f85c929fed22796952391e6a53b656f92d31c1c5e7fb89883c7eeabe5"
+      },
+      "expected": "0x7612720b0b5c872c2325305a3dda6642f7cdabec1c20043663e4346cff5f7805",
+      "document": {
+        "schema": "flowchain.bridge_withdrawal.v0",
+        "withdrawalId": "0x7612720b0b5c872c2325305a3dda6642f7cdabec1c20043663e4346cff5f7805",
+        "accountId": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "destinationChainId": 84532,
+        "destinationContract": "0x7777777777777777777777777777777777777777",
+        "token": "0x3333333333333333333333333333333333333333",
+        "amount": "5000000",
+        "recipient": "0x4444444444444444444444444444444444444444",
+        "requestedAtBlockNumber": "5",
+        "requestedAtUnixMs": "1778702400000",
+        "status": "withdrawal_requested",
+        "statusCode": 4,
+        "nonce": "0x90a33185cd5337c093753c06818955d98ac711a9352d397ab3ccc5aee91921d2",
+        "metadataHash": "0xce908e6f85c929fed22796952391e6a53b656f92d31c1c5e7fb89883c7eeabe5"
+      }
+    },
+    {
+      "name": "local-balance-record.demo",
+      "schemaPath": "../../schemas/flowmemory/local-balance-record.schema.json",
+      "function": "localBalanceRecordId",
+      "idField": "balanceRecordId",
+      "input": {
+        "accountId": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "assetId": "0x4b000bcf935e50d5fb7eacb8a8f4c226ad36a19810a389a39dae72ad1ec012e3",
+        "availableAmount": "15000000",
+        "lockedAmount": "5000000",
+        "lastCreditId": "0xb1d6d957acf4a61f52f1046c792815eab6e1b21f706c4aba88cb0efe2200d1cb",
+        "lastWithdrawalId": "0x7612720b0b5c872c2325305a3dda6642f7cdabec1c20043663e4346cff5f7805",
+        "stateRoot": "0xb49b915dddc40d2e762bec262f248b465d87a881b99b14a67642fbd377704b56",
+        "updatedAtBlockNumber": "5",
+        "nonce": "0x2d8034d0391a31483bc8f710ac19a333f617683632197ced2b9ff2b0ac03fdb7"
+      },
+      "expected": "0x7b4331b20142a093153ea7d07d226dbf824deaff3b517a203edd7f058de1b076",
+      "document": {
+        "schema": "flowchain.local_balance_record.v0",
+        "balanceRecordId": "0x7b4331b20142a093153ea7d07d226dbf824deaff3b517a203edd7f058de1b076",
+        "accountId": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "assetId": "0x4b000bcf935e50d5fb7eacb8a8f4c226ad36a19810a389a39dae72ad1ec012e3",
+        "availableAmount": "15000000",
+        "lockedAmount": "5000000",
+        "lastCreditId": "0xb1d6d957acf4a61f52f1046c792815eab6e1b21f706c4aba88cb0efe2200d1cb",
+        "lastWithdrawalId": "0x7612720b0b5c872c2325305a3dda6642f7cdabec1c20043663e4346cff5f7805",
+        "stateRoot": "0xb49b915dddc40d2e762bec262f248b465d87a881b99b14a67642fbd377704b56",
+        "updatedAtBlockNumber": "5",
+        "nonce": "0x2d8034d0391a31483bc8f710ac19a333f617683632197ced2b9ff2b0ac03fdb7"
+      }
     }
   ],
   "negative": [
@@ -928,6 +1059,182 @@
           "signingDigest": "0x7daa08228e60cb637c775723700f2245e414546158f4e230ac32c9a2a3e7d404",
           "signature": "0x1dd7f91706ecb742ab4cbde578dff7e1571eb892c3db90a358ba8b1db65c7e49153ccd063dce1ae932548fa3e9af40bacf1c0f42690895517343f7b7a3548ff4"
         }
+      },
+      {
+        "name": "bridge-deposit.demo.operator-signature-envelope",
+        "objectName": "bridge-deposit.demo",
+        "schemaPath": "../../schemas/flowmemory/local-signature-envelope.schema.json",
+        "function": "localSignatureEnvelopeHash",
+        "expected": {
+          "objectId": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+          "envelopeId": "0xf4d73516e6e1978377ec89b71bac6153ada4c24c785b5edb227be1dac9f91caa",
+          "signingDigest": "0x026773a8db7a39ff087deec82ef7b7de2f4e625cae798932e8118db88595e538"
+        },
+        "input": {
+          "objectId": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+          "objectTypeHash": "0x97bcbbe7a3f24fdb7cab668fc751ca8757b59b3fe8ed71674fdaca140a22d408",
+          "domainSeparator": "0x49a259504a71742e27acd328bf9cdf393dd693611dab3a0f2702a76341e5c4f7",
+          "signerId": "0x06739c78255ec573518e97ffa9d2c5e11f49d49e0c65217c77d710a558a57f21",
+          "signerKeyId": "0x2409a6f84adce8b773bb8f47e18b4179df21e1957816c464efa481118f25d40a",
+          "signerRole": 1,
+          "sequence": "12",
+          "issuedAtUnixMs": "1778702400000",
+          "expiresAtUnixMs": "1810238400000",
+          "nonce": "0x6acb09a72f4a049d9af5fa1dabc65d14d244880dd627d4228dec417e4980c21a"
+        },
+        "envelope": {
+          "schema": "flowchain.local_signature_envelope.v0",
+          "envelopeId": "0xf4d73516e6e1978377ec89b71bac6153ada4c24c785b5edb227be1dac9f91caa",
+          "objectType": "bridge_deposit",
+          "objectSchema": "flowmemory.bridge_deposit.v0",
+          "objectId": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+          "objectTypeHash": "0x97bcbbe7a3f24fdb7cab668fc751ca8757b59b3fe8ed71674fdaca140a22d408",
+          "domain": "flowchain.local-alpha.v0.bridge-deposit.id",
+          "domainSeparator": "0x49a259504a71742e27acd328bf9cdf393dd693611dab3a0f2702a76341e5c4f7",
+          "signerRole": "operator",
+          "signerRoleCode": 1,
+          "signerId": "0x06739c78255ec573518e97ffa9d2c5e11f49d49e0c65217c77d710a558a57f21",
+          "signerKeyId": "0x2409a6f84adce8b773bb8f47e18b4179df21e1957816c464efa481118f25d40a",
+          "publicKey": "0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
+          "sequence": "12",
+          "issuedAtUnixMs": "1778702400000",
+          "expiresAtUnixMs": "1810238400000",
+          "nonce": "0x6acb09a72f4a049d9af5fa1dabc65d14d244880dd627d4228dec417e4980c21a",
+          "signingDigest": "0x026773a8db7a39ff087deec82ef7b7de2f4e625cae798932e8118db88595e538",
+          "signature": "0x370a10d1535bc74d1c88bd994686b4dc281774a18b8a18288a407c0754ff95d84a83466b97c4800becd4ae17e6d4c3de6693b352f09ac3e2bca9fe6823970ce9"
+        }
+      },
+      {
+        "name": "bridge-credit.demo.operator-signature-envelope",
+        "objectName": "bridge-credit.demo",
+        "schemaPath": "../../schemas/flowmemory/local-signature-envelope.schema.json",
+        "function": "localSignatureEnvelopeHash",
+        "expected": {
+          "objectId": "0xb1d6d957acf4a61f52f1046c792815eab6e1b21f706c4aba88cb0efe2200d1cb",
+          "envelopeId": "0x1815b0ab82b9c3fb97a4e02f7a5037e10150de5865b6f723653641634ee0e657",
+          "signingDigest": "0x2ea1ae02896d6b50239a0e3a99dc33df8f106970e9a17555ccfb9639467360c5"
+        },
+        "input": {
+          "objectId": "0xb1d6d957acf4a61f52f1046c792815eab6e1b21f706c4aba88cb0efe2200d1cb",
+          "objectTypeHash": "0x5c492a94b36aa3beb3b9ceb9dc5124464beeba9ac9fd2d04f88118cf73f3e912",
+          "domainSeparator": "0x4aa3ae071cb71e1c9b0cce8162ac5a6406fc00efc0ee507089092cfcfbb33506",
+          "signerId": "0x06739c78255ec573518e97ffa9d2c5e11f49d49e0c65217c77d710a558a57f21",
+          "signerKeyId": "0x2409a6f84adce8b773bb8f47e18b4179df21e1957816c464efa481118f25d40a",
+          "signerRole": 1,
+          "sequence": "13",
+          "issuedAtUnixMs": "1778702400000",
+          "expiresAtUnixMs": "1810238400000",
+          "nonce": "0xf4b9163f67593a26ed9b11f3fe26e8faae0fafea4937bca3197d72ef23d82736"
+        },
+        "envelope": {
+          "schema": "flowchain.local_signature_envelope.v0",
+          "envelopeId": "0x1815b0ab82b9c3fb97a4e02f7a5037e10150de5865b6f723653641634ee0e657",
+          "objectType": "bridge_credit",
+          "objectSchema": "flowchain.bridge_credit.v0",
+          "objectId": "0xb1d6d957acf4a61f52f1046c792815eab6e1b21f706c4aba88cb0efe2200d1cb",
+          "objectTypeHash": "0x5c492a94b36aa3beb3b9ceb9dc5124464beeba9ac9fd2d04f88118cf73f3e912",
+          "domain": "flowchain.local-alpha.v0.bridge-credit.id",
+          "domainSeparator": "0x4aa3ae071cb71e1c9b0cce8162ac5a6406fc00efc0ee507089092cfcfbb33506",
+          "signerRole": "operator",
+          "signerRoleCode": 1,
+          "signerId": "0x06739c78255ec573518e97ffa9d2c5e11f49d49e0c65217c77d710a558a57f21",
+          "signerKeyId": "0x2409a6f84adce8b773bb8f47e18b4179df21e1957816c464efa481118f25d40a",
+          "publicKey": "0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
+          "sequence": "13",
+          "issuedAtUnixMs": "1778702400000",
+          "expiresAtUnixMs": "1810238400000",
+          "nonce": "0xf4b9163f67593a26ed9b11f3fe26e8faae0fafea4937bca3197d72ef23d82736",
+          "signingDigest": "0x2ea1ae02896d6b50239a0e3a99dc33df8f106970e9a17555ccfb9639467360c5",
+          "signature": "0x3b81e339c1e7559afffa0c51c9225168925b12f99cd08301e56204863af8b9fb62b1b2aaa2e09f004f0284e1b30ee358c4977cdc82dc260048abef4cc1a94c8a"
+        }
+      },
+      {
+        "name": "bridge-withdrawal.demo.agent-signature-envelope",
+        "objectName": "bridge-withdrawal.demo",
+        "schemaPath": "../../schemas/flowmemory/local-signature-envelope.schema.json",
+        "function": "localSignatureEnvelopeHash",
+        "expected": {
+          "objectId": "0x7612720b0b5c872c2325305a3dda6642f7cdabec1c20043663e4346cff5f7805",
+          "envelopeId": "0x0ae32c66cf666bbeb354e7581db661ce417376a01212c5f368733eeb21be94d8",
+          "signingDigest": "0xc39c5ee1133bf52ae94f438b1da2a3d697c0313626b0276e0a4ff3c73e855ffa"
+        },
+        "input": {
+          "objectId": "0x7612720b0b5c872c2325305a3dda6642f7cdabec1c20043663e4346cff5f7805",
+          "objectTypeHash": "0xef86851dbdc4b959a0f0538dffda519a385f0f27f0cc1757d5d90be513915246",
+          "domainSeparator": "0x83587b5c98812cd130f24e2c1aaf4bdcafd7700ccda6c7d0845c2adf4a1c2d77",
+          "signerId": "0xe4982e2682c9dd11caf102d2e0c9567ffad56850f1c69086b3996b77495fbb61",
+          "signerKeyId": "0x0cd3ace447934998e0819d90cf89904776a2407e816541c1c43b99d38c351893",
+          "signerRole": 2,
+          "sequence": "14",
+          "issuedAtUnixMs": "1778702400000",
+          "expiresAtUnixMs": "1810238400000",
+          "nonce": "0xf92e0a6709a05b38048336f55670194b0b6f3b5a00082faadf903a11920efeb5"
+        },
+        "envelope": {
+          "schema": "flowchain.local_signature_envelope.v0",
+          "envelopeId": "0x0ae32c66cf666bbeb354e7581db661ce417376a01212c5f368733eeb21be94d8",
+          "objectType": "bridge_withdrawal",
+          "objectSchema": "flowchain.bridge_withdrawal.v0",
+          "objectId": "0x7612720b0b5c872c2325305a3dda6642f7cdabec1c20043663e4346cff5f7805",
+          "objectTypeHash": "0xef86851dbdc4b959a0f0538dffda519a385f0f27f0cc1757d5d90be513915246",
+          "domain": "flowchain.local-alpha.v0.bridge-withdrawal.id",
+          "domainSeparator": "0x83587b5c98812cd130f24e2c1aaf4bdcafd7700ccda6c7d0845c2adf4a1c2d77",
+          "signerRole": "agent",
+          "signerRoleCode": 2,
+          "signerId": "0xe4982e2682c9dd11caf102d2e0c9567ffad56850f1c69086b3996b77495fbb61",
+          "signerKeyId": "0x0cd3ace447934998e0819d90cf89904776a2407e816541c1c43b99d38c351893",
+          "publicKey": "0x02c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5",
+          "sequence": "14",
+          "issuedAtUnixMs": "1778702400000",
+          "expiresAtUnixMs": "1810238400000",
+          "nonce": "0xf92e0a6709a05b38048336f55670194b0b6f3b5a00082faadf903a11920efeb5",
+          "signingDigest": "0xc39c5ee1133bf52ae94f438b1da2a3d697c0313626b0276e0a4ff3c73e855ffa",
+          "signature": "0xdf7c57cf2294d9439f235160908f30d469347aa11049fb9bb4023fd78cae4fd6621f9ccdb391e7a47e4b39849a5571310b1c210d12646f0273a140f43e19f017"
+        }
+      },
+      {
+        "name": "local-balance-record.demo.operator-signature-envelope",
+        "objectName": "local-balance-record.demo",
+        "schemaPath": "../../schemas/flowmemory/local-signature-envelope.schema.json",
+        "function": "localSignatureEnvelopeHash",
+        "expected": {
+          "objectId": "0x7b4331b20142a093153ea7d07d226dbf824deaff3b517a203edd7f058de1b076",
+          "envelopeId": "0x9ac7e8c7ea1673066666f16b9d95de904ba487a40679e4464b4a8a903688f512",
+          "signingDigest": "0x793f34c30ebc1d305ba4f153999a411948a0bc139a540b8faaf0f3e1c7d10b98"
+        },
+        "input": {
+          "objectId": "0x7b4331b20142a093153ea7d07d226dbf824deaff3b517a203edd7f058de1b076",
+          "objectTypeHash": "0x70eff29faa99904e952128eb87e6d95d13548d1b44f4be4c97d036d84811d569",
+          "domainSeparator": "0x27332aee7fa8158fd74963ab7b7e042c0f9418391856a3f32d9c8daf6272e92a",
+          "signerId": "0x06739c78255ec573518e97ffa9d2c5e11f49d49e0c65217c77d710a558a57f21",
+          "signerKeyId": "0x2409a6f84adce8b773bb8f47e18b4179df21e1957816c464efa481118f25d40a",
+          "signerRole": 1,
+          "sequence": "15",
+          "issuedAtUnixMs": "1778702400000",
+          "expiresAtUnixMs": "1810238400000",
+          "nonce": "0xa9b262a6b6c28c5451ff4bb0cd011276c6fdc9d6027ab62749cf36620bbcee80"
+        },
+        "envelope": {
+          "schema": "flowchain.local_signature_envelope.v0",
+          "envelopeId": "0x9ac7e8c7ea1673066666f16b9d95de904ba487a40679e4464b4a8a903688f512",
+          "objectType": "local_balance_record",
+          "objectSchema": "flowchain.local_balance_record.v0",
+          "objectId": "0x7b4331b20142a093153ea7d07d226dbf824deaff3b517a203edd7f058de1b076",
+          "objectTypeHash": "0x70eff29faa99904e952128eb87e6d95d13548d1b44f4be4c97d036d84811d569",
+          "domain": "flowchain.local-alpha.v0.local-balance-record.id",
+          "domainSeparator": "0x27332aee7fa8158fd74963ab7b7e042c0f9418391856a3f32d9c8daf6272e92a",
+          "signerRole": "operator",
+          "signerRoleCode": 1,
+          "signerId": "0x06739c78255ec573518e97ffa9d2c5e11f49d49e0c65217c77d710a558a57f21",
+          "signerKeyId": "0x2409a6f84adce8b773bb8f47e18b4179df21e1957816c464efa481118f25d40a",
+          "publicKey": "0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
+          "sequence": "15",
+          "issuedAtUnixMs": "1778702400000",
+          "expiresAtUnixMs": "1810238400000",
+          "nonce": "0xa9b262a6b6c28c5451ff4bb0cd011276c6fdc9d6027ab62749cf36620bbcee80",
+          "signingDigest": "0x793f34c30ebc1d305ba4f153999a411948a0bc139a540b8faaf0f3e1c7d10b98",
+          "signature": "0xbed71407cff68fc06c6fe72d3a6c0f68786fcd8b91995340e73f07f037b349d62ff6bea3eb45520d3c1651b9375686d4b8a4b73609946ffea9d7fd918938b3e2"
+        }
       }
     ],
     "negative": [
@@ -1157,6 +1464,175 @@
         "expectErrors": [
           "bad-signature"
         ]
+      },
+      {
+        "name": "envelope.malformed-bridge-deposit-zero-amount",
+        "baseEnvelope": "bridge-deposit.demo.operator-signature-envelope",
+        "mutation": {
+          "document": {
+            "amount": "0"
+          }
+        },
+        "expectErrors": [
+          "malformed-bridge-deposit"
+        ]
+      },
+      {
+        "name": "envelope.bad-signature-bridge-deposit",
+        "baseEnvelope": "bridge-deposit.demo.operator-signature-envelope",
+        "mutation": {
+          "envelope": {
+            "publicKey": "0x02c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5"
+          }
+        },
+        "expectErrors": [
+          "bad-signature"
+        ]
+      },
+      {
+        "name": "envelope.bad-signature-bridge-credit",
+        "baseEnvelope": "bridge-credit.demo.operator-signature-envelope",
+        "mutation": {
+          "envelope": {
+            "publicKey": "0x02c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5"
+          }
+        },
+        "expectErrors": [
+          "bad-signature"
+        ]
+      },
+      {
+        "name": "envelope.bad-signature-bridge-withdrawal",
+        "baseEnvelope": "bridge-withdrawal.demo.agent-signature-envelope",
+        "mutation": {
+          "envelope": {
+            "publicKey": "0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"
+          }
+        },
+        "expectErrors": [
+          "bad-signature"
+        ]
+      },
+      {
+        "name": "envelope.bad-signature-local-balance-record",
+        "baseEnvelope": "local-balance-record.demo.operator-signature-envelope",
+        "mutation": {
+          "envelope": {
+            "publicKey": "0x02c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5"
+          }
+        },
+        "expectErrors": [
+          "bad-signature"
+        ]
+      }
+    ]
+  },
+  "transactions": {
+    "positive": [
+      {
+        "name": "local-transaction.bridge-deposit.operator-signature",
+        "objectName": "bridge-deposit.demo",
+        "schemaPath": "../../schemas/flowmemory/local-transaction-envelope.schema.json",
+        "function": "localTransactionEnvelopeHash",
+        "expected": {
+          "envelopeId": "0xb8de3add81640848961aa8e0ba73c5c2ff3e30aed480dbba8e70d1345dba6210",
+          "signingDigest": "0x0c702b64fef1434b9de56fbc01e47db9ef6f3565bc1a58babb2dbdd72d65ca14",
+          "payloadHash": "0x485a6896d8ee1c67440b6dddf723f0378c4f51d7448e487effe5f337656f0908"
+        },
+        "input": {
+          "chainId": "31337",
+          "domainSeparator": "0xff516fcab184623fe60f12b4d1e0430a57e6d18685d1356887ada50f5f20b36c",
+          "signerId": "0x06739c78255ec573518e97ffa9d2c5e11f49d49e0c65217c77d710a558a57f21",
+          "signerKeyId": "0x2409a6f84adce8b773bb8f47e18b4179df21e1957816c464efa481118f25d40a",
+          "signerRole": 1,
+          "nonce": "1",
+          "payloadHash": "0x485a6896d8ee1c67440b6dddf723f0378c4f51d7448e487effe5f337656f0908",
+          "objectId": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+          "objectTypeHash": "0x97bcbbe7a3f24fdb7cab668fc751ca8757b59b3fe8ed71674fdaca140a22d408",
+          "issuedAtUnixMs": "1778702400000"
+        },
+        "envelope": {
+          "schema": "flowchain.local_transaction_envelope.v0",
+          "envelopeId": "0xb8de3add81640848961aa8e0ba73c5c2ff3e30aed480dbba8e70d1345dba6210",
+          "domain": "flowchain.local-alpha.v0.local-transaction-envelope:chain:31337",
+          "domainSeparator": "0xff516fcab184623fe60f12b4d1e0430a57e6d18685d1356887ada50f5f20b36c",
+          "chainId": "31337",
+          "nonce": "1",
+          "signerId": "0x06739c78255ec573518e97ffa9d2c5e11f49d49e0c65217c77d710a558a57f21",
+          "signerKeyId": "0x2409a6f84adce8b773bb8f47e18b4179df21e1957816c464efa481118f25d40a",
+          "signerRole": "operator",
+          "signerRoleCode": 1,
+          "publicKey": "0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
+          "objectSchema": "flowmemory.bridge_deposit.v0",
+          "objectType": "bridge_deposit",
+          "objectTypeHash": "0x97bcbbe7a3f24fdb7cab668fc751ca8757b59b3fe8ed71674fdaca140a22d408",
+          "objectId": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+          "payloadHash": "0x485a6896d8ee1c67440b6dddf723f0378c4f51d7448e487effe5f337656f0908",
+          "issuedAtUnixMs": "1778702400000",
+          "signingDigest": "0x0c702b64fef1434b9de56fbc01e47db9ef6f3565bc1a58babb2dbdd72d65ca14",
+          "signature": "0x51d06d784e2c0fb703a9c1e8ad7186eb777176bdf79bfddc4284020015a1c72d0059bf0b962bf5cdaa4b7e007e6a6b770551f24699ac938303be5203b3b24631"
+        }
+      }
+    ],
+    "negative": [
+      {
+        "name": "transaction.wrong-chain-id",
+        "baseTransaction": "local-transaction.bridge-deposit.operator-signature",
+        "mutation": {
+          "context": {
+            "chainId": "31338"
+          }
+        },
+        "expectErrors": [
+          "wrong-chain-id"
+        ]
+      },
+      {
+        "name": "transaction.wrong-domain",
+        "baseTransaction": "local-transaction.bridge-deposit.operator-signature",
+        "mutation": {
+          "envelope": {
+            "domain": "flowchain.local-alpha.v0.local-transaction-envelope:chain:999"
+          }
+        },
+        "expectErrors": [
+          "wrong-domain"
+        ]
+      },
+      {
+        "name": "transaction.wrong-signer",
+        "baseTransaction": "local-transaction.bridge-deposit.operator-signature",
+        "mutation": {
+          "envelope": {
+            "signerRole": "agent",
+            "signerRoleCode": 2
+          }
+        },
+        "expectErrors": [
+          "wrong-signer"
+        ]
+      },
+      {
+        "name": "transaction.replayed-nonce",
+        "baseTransaction": "local-transaction.bridge-deposit.operator-signature",
+        "mutation": {
+          "contextReplay": true
+        },
+        "expectErrors": [
+          "replay"
+        ]
+      },
+      {
+        "name": "transaction.changed-object-type",
+        "baseTransaction": "local-transaction.bridge-deposit.operator-signature",
+        "mutation": {
+          "envelope": {
+            "objectType": "memory_cell"
+          }
+        },
+        "expectErrors": [
+          "wrong-object-type"
+        ]
       }
     ]
   }
diff --git a/crypto/fixtures/vectors.json b/crypto/fixtures/vectors.json
index 5283476c..80879920 100644
--- a/crypto/fixtures/vectors.json
+++ b/crypto/fixtures/vectors.json
@@ -1,6 +1,6 @@
 {
   "schema": "flowmemory.crypto.test-vectors.v0",
-  "vectorCount": 33,
+  "vectorCount": 38,
   "vectors": [
     {
       "name": "domain.flowPulseObservationId",
@@ -455,6 +455,89 @@
         "nonce": "0xe9b99686c583dbed5b3bf743c2a3db8a5da8c8ceea4398eb45d57c518c555034"
       },
       "expected": "0x55656083efaf8a511fbae76b2a1bb740b08c92959e506a14f489f0fedcef3279"
+    },
+    {
+      "name": "local-alpha.bridgeDepositId",
+      "function": "bridgeDepositId",
+      "input": {
+        "sourceChainId": 84532,
+        "sourceContract": "0x1111111111111111111111111111111111111111",
+        "txHash": "0x2222222222222222222222222222222222222222222222222222222222222222",
+        "logIndex": 0,
+        "token": "0x3333333333333333333333333333333333333333",
+        "amount": "20000000",
+        "sender": "0x4444444444444444444444444444444444444444",
+        "flowchainRecipient": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "nonce": "1",
+        "metadataHash": "0x6666666666666666666666666666666666666666666666666666666666666666"
+      },
+      "expected": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe"
+    },
+    {
+      "name": "local-alpha.bridgeCreditId",
+      "function": "bridgeCreditId",
+      "input": {
+        "depositId": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+        "recipient": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "assetId": "0x4b000bcf935e50d5fb7eacb8a8f4c226ad36a19810a389a39dae72ad1ec012e3",
+        "amount": "20000000",
+        "creditedAtBlockNumber": "3",
+        "creditedAtUnixMs": "1778702400000",
+        "status": 3,
+        "nonce": "0xbef2dad8fd23f339439a0c731866be73a74379128394f7beb6dc01cb4dbbcc91"
+      },
+      "expected": "0xb1d6d957acf4a61f52f1046c792815eab6e1b21f706c4aba88cb0efe2200d1cb"
+    },
+    {
+      "name": "local-alpha.bridgeWithdrawalId",
+      "function": "bridgeWithdrawalId",
+      "input": {
+        "accountId": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "destinationChainId": 84532,
+        "destinationContract": "0x7777777777777777777777777777777777777777",
+        "token": "0x3333333333333333333333333333333333333333",
+        "amount": "5000000",
+        "recipient": "0x4444444444444444444444444444444444444444",
+        "requestedAtBlockNumber": "5",
+        "requestedAtUnixMs": "1778702400000",
+        "status": 4,
+        "nonce": "0x90a33185cd5337c093753c06818955d98ac711a9352d397ab3ccc5aee91921d2",
+        "metadataHash": "0xce908e6f85c929fed22796952391e6a53b656f92d31c1c5e7fb89883c7eeabe5"
+      },
+      "expected": "0x7612720b0b5c872c2325305a3dda6642f7cdabec1c20043663e4346cff5f7805"
+    },
+    {
+      "name": "local-alpha.localBalanceRecordId",
+      "function": "localBalanceRecordId",
+      "input": {
+        "accountId": "0x5555555555555555555555555555555555555555555555555555555555555555",
+        "assetId": "0x4b000bcf935e50d5fb7eacb8a8f4c226ad36a19810a389a39dae72ad1ec012e3",
+        "availableAmount": "15000000",
+        "lockedAmount": "5000000",
+        "lastCreditId": "0xb1d6d957acf4a61f52f1046c792815eab6e1b21f706c4aba88cb0efe2200d1cb",
+        "lastWithdrawalId": "0x7612720b0b5c872c2325305a3dda6642f7cdabec1c20043663e4346cff5f7805",
+        "stateRoot": "0xb49b915dddc40d2e762bec262f248b465d87a881b99b14a67642fbd377704b56",
+        "updatedAtBlockNumber": "5",
+        "nonce": "0x2d8034d0391a31483bc8f710ac19a333f617683632197ced2b9ff2b0ac03fdb7"
+      },
+      "expected": "0x7b4331b20142a093153ea7d07d226dbf824deaff3b517a203edd7f058de1b076"
+    },
+    {
+      "name": "local-alpha.localTransactionEnvelopeHash",
+      "function": "localTransactionEnvelopeHash",
+      "input": {
+        "chainId": "31337",
+        "domainSeparator": "0xff516fcab184623fe60f12b4d1e0430a57e6d18685d1356887ada50f5f20b36c",
+        "signerId": "0x06739c78255ec573518e97ffa9d2c5e11f49d49e0c65217c77d710a558a57f21",
+        "signerKeyId": "0x2409a6f84adce8b773bb8f47e18b4179df21e1957816c464efa481118f25d40a",
+        "signerRole": 1,
+        "nonce": "1",
+        "payloadHash": "0x485a6896d8ee1c67440b6dddf723f0378c4f51d7448e487effe5f337656f0908",
+        "objectId": "0x11d4fc9a23a8181abe8435ec29697a97daf7644b686f4ca6267f6dcfd8ff5ffe",
+        "objectTypeHash": "0x97bcbbe7a3f24fdb7cab668fc751ca8757b59b3fe8ed71674fdaca140a22d408",
+        "issuedAtUnixMs": "1778702400000"
+      },
+      "expected": "0xb8de3add81640848961aa8e0ba73c5c2ff3e30aed480dbba8e70d1345dba6210"
     }
   ]
 }
diff --git a/crypto/package.json b/crypto/package.json
index 088ec3f9..64938eb3 100644
--- a/crypto/package.json
+++ b/crypto/package.json
@@ -16,7 +16,10 @@
     "test": "node --test",
     "vectors": "node src/cli.js",
     "validate:vectors": "node src/validate-vectors.js",
-    "validate:local-alpha": "node src/validate-local-alpha-fixtures.js"
+    "validate:local-alpha": "node src/validate-local-alpha-fixtures.js",
+    "wallet:create": "node src/wallet-cli.js create",
+    "wallet:sign": "node src/wallet-cli.js sign",
+    "wallet:verify": "node src/wallet-cli.js verify"
   },
   "dependencies": {
     "@noble/hashes": "2.2.0",
diff --git a/crypto/src/constants.js b/crypto/src/constants.js
index d5231e30..54ec839d 100644
--- a/crypto/src/constants.js
+++ b/crypto/src/constants.js
@@ -55,12 +55,22 @@ export const TYPE_STRINGS = Object.freeze({
     "FlowChainChallengeV0(bytes32 receiptId,bytes32 challengerId,uint8 challengeType,bytes32 evidenceRoot,uint64 openedAtUnixMs,uint64 deadlineUnixMs,uint8 status,bytes32 nonce)",
   finalityReceiptV0:
     "FlowChainFinalityReceiptV0(bytes32 receiptId,bytes32 reportId,bytes32 challengeRoot,uint8 finalityState,uint64 finalizedAtUnixMs,uint64 finalizedBlockNumber,bytes32 finalizedBlockHash,bytes32 policyHash)",
+  bridgeDepositV0:
+    "FlowChainBridgeDepositV0(uint256 sourceChainId,address sourceContract,bytes32 txHash,uint32 logIndex,address token,uint256 amount,address sender,bytes32 flowchainRecipient,uint256 nonce,bytes32 metadataHash)",
+  bridgeCreditV0:
+    "FlowChainBridgeCreditV0(bytes32 depositId,bytes32 recipient,bytes32 assetId,uint256 amount,uint64 creditedAtBlockNumber,uint64 creditedAtUnixMs,uint8 status,bytes32 nonce)",
+  bridgeWithdrawalV0:
+    "FlowChainBridgeWithdrawalV0(bytes32 accountId,uint256 destinationChainId,address destinationContract,address token,uint256 amount,address recipient,uint64 requestedAtBlockNumber,uint64 requestedAtUnixMs,uint8 status,bytes32 nonce,bytes32 metadataHash)",
+  localBalanceRecordV0:
+    "FlowChainLocalBalanceRecordV0(bytes32 accountId,bytes32 assetId,uint256 availableAmount,uint256 lockedAmount,bytes32 lastCreditId,bytes32 lastWithdrawalId,bytes32 stateRoot,uint64 updatedAtBlockNumber,bytes32 nonce)",
   hardwareSignalEnvelopeV0:
     "FlowChainHardwareSignalEnvelopeV0(bytes32 deviceId,bytes32 signalRoot,bytes32 previousSignalEnvelopeId,bytes32 channelRoot,uint64 sequence,uint64 observedAtUnixMs,uint8 transport,bytes32 nonce)",
   controlPlaneProvenanceResponseV0:
     "FlowChainControlPlaneProvenanceResponseV0(bytes32 requestId,bytes32 subjectId,bytes32 agentId,bytes32 receiptId,bytes32 reportId,bytes32 memoryCellId,bytes32 dependencyRoot,bytes32 responseBodyHash,uint64 issuedAtUnixMs,uint16 responseVersion)",
   localSignatureEnvelopeV0:
     "FlowChainLocalSignatureEnvelopeV0(bytes32 objectId,bytes32 objectTypeHash,bytes32 domainSeparator,bytes32 signerId,bytes32 signerKeyId,uint8 signerRole,uint64 sequence,uint64 issuedAtUnixMs,uint64 expiresAtUnixMs,bytes32 nonce)",
+  localTransactionEnvelopeV0:
+    "FlowChainLocalTransactionEnvelopeV0(uint256 chainId,bytes32 domainSeparator,bytes32 signerId,bytes32 signerKeyId,uint8 signerRole,uint64 nonce,bytes32 payloadHash,bytes32 objectId,bytes32 objectTypeHash,uint64 issuedAtUnixMs)",
   eip712Domain:
     "EIP712Domain(string name,string version,uint256 chainId,address verifyingContract,bytes32 salt)"
 });
@@ -86,9 +96,14 @@ export const DOMAIN_STRINGS = Object.freeze({
   verifierModuleId: "flowchain.local-alpha.v0.verifier-module.id",
   challengeId: "flowchain.local-alpha.v0.challenge.id",
   finalityReceiptId: "flowchain.local-alpha.v0.finality-receipt.id",
+  bridgeDepositId: "flowchain.local-alpha.v0.bridge-deposit.id",
+  bridgeCreditId: "flowchain.local-alpha.v0.bridge-credit.id",
+  bridgeWithdrawalId: "flowchain.local-alpha.v0.bridge-withdrawal.id",
+  localBalanceRecordId: "flowchain.local-alpha.v0.local-balance-record.id",
   hardwareSignalEnvelopeId: "flowchain.local-alpha.v0.hardware-signal-envelope.id",
   controlPlaneProvenanceResponseId: "flowchain.local-alpha.v0.control-plane-provenance-response.id",
-  localSignatureEnvelope: "flowchain.local-alpha.v0.local-signature-envelope"
+  localSignatureEnvelope: "flowchain.local-alpha.v0.local-signature-envelope",
+  localTransactionEnvelope: "flowchain.local-alpha.v0.local-transaction-envelope"
 });
 
 export const MERKLE_SCHEME_V0 = "FM-MERKLE-KECCAK256-BINARY-V0";
@@ -158,3 +173,13 @@ export const LOCAL_ALPHA_SIGNER_ROLES = Object.freeze({
   verifier: 3,
   hardware: 4
 });
+
+export const LOCAL_ALPHA_BRIDGE_STATUSES = Object.freeze({
+  observed: 1,
+  acceptedLocal: 2,
+  credited: 3,
+  withdrawalRequested: 4,
+  released: 5,
+  rejected: 6,
+  failed: 7
+});
diff --git a/crypto/src/index.d.ts b/crypto/src/index.d.ts
index 81b0058d..a0e26e72 100644
--- a/crypto/src/index.d.ts
+++ b/crypto/src/index.d.ts
@@ -263,6 +263,56 @@ export interface FinalityReceiptInput {
   policyHash: Bytes32;
 }
 
+export interface BridgeDepositInput {
+  sourceChainId: number | bigint | string;
+  sourceContract: Address;
+  txHash: Bytes32;
+  logIndex: number | bigint | string;
+  token: Address;
+  amount: number | bigint | string;
+  sender: Address;
+  flowchainRecipient: Bytes32;
+  nonce: number | bigint | string;
+  metadataHash: Bytes32;
+}
+
+export interface BridgeCreditInput {
+  depositId: Bytes32;
+  recipient: Bytes32;
+  assetId: Bytes32;
+  amount: number | bigint | string;
+  creditedAtBlockNumber: number | bigint | string;
+  creditedAtUnixMs: number | bigint | string;
+  status: number | bigint | string;
+  nonce: Bytes32;
+}
+
+export interface BridgeWithdrawalInput {
+  accountId: Bytes32;
+  destinationChainId: number | bigint | string;
+  destinationContract: Address;
+  token: Address;
+  amount: number | bigint | string;
+  recipient: Address;
+  requestedAtBlockNumber: number | bigint | string;
+  requestedAtUnixMs: number | bigint | string;
+  status: number | bigint | string;
+  nonce: Bytes32;
+  metadataHash: Bytes32;
+}
+
+export interface LocalBalanceRecordInput {
+  accountId: Bytes32;
+  assetId: Bytes32;
+  availableAmount: number | bigint | string;
+  lockedAmount: number | bigint | string;
+  lastCreditId: Bytes32;
+  lastWithdrawalId: Bytes32;
+  stateRoot: Bytes32;
+  updatedAtBlockNumber: number | bigint | string;
+  nonce: Bytes32;
+}
+
 export interface ControlPlaneProvenanceResponseInput {
   requestId: Bytes32;
   subjectId: Bytes32;
@@ -305,6 +355,24 @@ export interface LocalSignatureEnvelopePayload {
   signingDigest: Bytes32;
 }
 
+export interface LocalTransactionEnvelopeInput {
+  chainId: number | bigint | string;
+  domainSeparator: Bytes32;
+  signerId: Bytes32;
+  signerKeyId: Bytes32;
+  signerRole: number | bigint | string;
+  nonce: number | bigint | string;
+  payloadHash: Bytes32;
+  objectId: Bytes32;
+  objectTypeHash: Bytes32;
+  issuedAtUnixMs: number | bigint | string;
+}
+
+export interface LocalTransactionEnvelopePayload {
+  structHash: Bytes32;
+  signingDigest: Bytes32;
+}
+
 export interface LocalAlphaEnvelopeValidationInput {
   document: Record<string, unknown>;
   envelope: Record<string, unknown>;
@@ -331,6 +399,7 @@ export const LOCAL_ALPHA_CHALLENGE_STATUSES: Readonly<Record<string, number>>;
 export const LOCAL_ALPHA_FINALITY_STATES: Readonly<Record<string, number>>;
 export const LOCAL_ALPHA_HARDWARE_TRANSPORTS: Readonly<Record<string, number>>;
 export const LOCAL_ALPHA_SIGNER_ROLES: Readonly<Record<string, number>>;
+export const LOCAL_ALPHA_BRIDGE_STATUSES: Readonly<Record<string, number>>;
 
 export function strip0x(value: string): string;
 export function bytesToHex(bytes: Uint8Array): Hex;
@@ -415,6 +484,10 @@ export function artifactAvailabilityProofId(input: ArtifactAvailabilityProofInpu
 export function verifierModuleId(input: VerifierModuleInput): Bytes32;
 export function challengeId(input: ChallengeInput): Bytes32;
 export function finalityReceiptId(input: FinalityReceiptInput): Bytes32;
+export function bridgeDepositId(input: BridgeDepositInput): Bytes32;
+export function bridgeCreditId(input: BridgeCreditInput): Bytes32;
+export function bridgeWithdrawalId(input: BridgeWithdrawalInput): Bytes32;
+export function localBalanceRecordId(input: LocalBalanceRecordInput): Bytes32;
 export function hardwareSignalEnvelopeId(input: HardwareSignalEnvelopeInput): Bytes32;
 export function controlPlaneProvenanceResponseId(input: ControlPlaneProvenanceResponseInput): Bytes32;
 export function localSignatureEnvelopeHash(input: LocalSignatureEnvelopeInput): Bytes32;
@@ -430,3 +503,75 @@ export function localSignatureEnvelopeInput(envelope: Record<string, unknown>):
 export function validateLocalAlphaEnvelope(
   input: LocalAlphaEnvelopeValidationInput
 ): LocalAlphaEnvelopeValidationResult;
+
+export function localTransactionEnvelopeHash(input: LocalTransactionEnvelopeInput): Bytes32;
+export const localTransactionEnvelopeId: typeof localTransactionEnvelopeHash;
+export function localTransactionEnvelopePayload(input: LocalTransactionEnvelopeInput): LocalTransactionEnvelopePayload;
+export function localTransactionEnvelopeInput(envelope: Record<string, unknown>): LocalTransactionEnvelopeInput;
+export function localTransactionReplayKey(envelope: Record<string, unknown>): string;
+export function localTransactionDomain(chainId: number | bigint | string): string;
+export function localTransactionDomainSeparator(chainId: number | bigint | string): Bytes32;
+export function buildUnsignedLocalTransactionEnvelope(input: {
+  document: Record<string, unknown>;
+  chainId: number | bigint | string;
+  nonce: number | bigint | string;
+  signerId: Bytes32;
+  signerKeyId: Bytes32;
+  signerRole: string;
+  publicKey: Hex;
+  issuedAtUnixMs: number | bigint | string;
+}): Record<string, unknown>;
+export function validateLocalTransactionEnvelope(input: {
+  document: Record<string, unknown>;
+  envelope: Record<string, unknown>;
+  context?: {
+    chainId?: number | bigint | string;
+    expectedSignerId?: Bytes32;
+    seenNonces?: Set<string>;
+  };
+}): LocalAlphaEnvelopeValidationResult;
+
+export function createEncryptedTestVault(input?: {
+  password: string;
+  label?: string;
+  signerRole?: string;
+  createdAtUnixMs?: number | bigint | string;
+  privateKey?: Hex;
+}): Record<string, unknown>;
+export function unlockEncryptedTestVault(input: {
+  vault: Record<string, unknown>;
+  password: string;
+}): Record<string, unknown>;
+export function listVaultPublicAccounts(vaultOrSession: Record<string, unknown>): Array<Record<string, unknown>>;
+export function exportVaultPublicMetadata(vaultOrSession: Record<string, unknown>): Record<string, unknown>;
+export function addEncryptedTestVaultAccount(input: {
+  vault: Record<string, unknown>;
+  password: string;
+  label?: string;
+  signerRole?: string;
+  createdAtUnixMs?: number | bigint | string;
+  privateKey?: Hex;
+  signerId?: Bytes32;
+}): Record<string, unknown>;
+export function rotateEncryptedTestVaultAccount(input: {
+  vault: Record<string, unknown>;
+  password: string;
+  signerKeyId: Bytes32;
+  label?: string;
+  createdAtUnixMs?: number | bigint | string;
+  privateKey?: Hex;
+}): Record<string, unknown>;
+export function signLocalTransactionWithVault(input: {
+  vault: Record<string, unknown>;
+  password: string;
+  signerKeyId: Bytes32;
+  document: Record<string, unknown>;
+  chainId: number | bigint | string;
+  nonce: number | bigint | string;
+  issuedAtUnixMs?: number | bigint | string;
+}): Promise<Record<string, unknown>>;
+export function verifyLocalTransactionSignature(input: {
+  document: Record<string, unknown>;
+  envelope: Record<string, unknown>;
+  context?: Record<string, unknown>;
+}): LocalAlphaEnvelopeValidationResult;
diff --git a/crypto/src/index.js b/crypto/src/index.js
index dd165ee2..24b0b9ad 100644
--- a/crypto/src/index.js
+++ b/crypto/src/index.js
@@ -6,3 +6,5 @@ export * from "./flowpulse.js";
 export * from "./hashes.js";
 export * from "./merkle.js";
 export * from "./objects.js";
+export * from "./transactions.js";
+export * from "./wallet.js";
diff --git a/crypto/src/objects.js b/crypto/src/objects.js
index 5a466c10..5f12827a 100644
--- a/crypto/src/objects.js
+++ b/crypto/src/objects.js
@@ -1,5 +1,6 @@
 import {
   DOMAIN_STRINGS,
+  LOCAL_ALPHA_BRIDGE_STATUSES,
   LOCAL_ALPHA_FINALITY_STATES,
   LOCAL_ALPHA_SIGNER_ROLES,
   TYPE_STRINGS,
@@ -167,6 +168,106 @@ export function finalityReceiptId({
   ]);
 }
 
+export function bridgeDepositId({
+  sourceChainId,
+  sourceContract,
+  txHash,
+  logIndex,
+  token,
+  amount,
+  sender,
+  flowchainRecipient,
+  nonce,
+  metadataHash
+}) {
+  return typedHash(TYPE_STRINGS.bridgeDepositV0, [
+    ["uint256", sourceChainId],
+    ["address", sourceContract],
+    ["bytes32", txHash],
+    ["uint32", logIndex],
+    ["address", token],
+    ["uint256", amount],
+    ["address", sender],
+    ["bytes32", flowchainRecipient],
+    ["uint256", nonce],
+    ["bytes32", metadataHash]
+  ]);
+}
+
+export function bridgeCreditId({
+  depositId,
+  recipient,
+  assetId,
+  amount,
+  creditedAtBlockNumber,
+  creditedAtUnixMs,
+  status,
+  nonce
+}) {
+  return typedHash(TYPE_STRINGS.bridgeCreditV0, [
+    ["bytes32", depositId],
+    ["bytes32", recipient],
+    ["bytes32", assetId],
+    ["uint256", amount],
+    ["uint64", creditedAtBlockNumber],
+    ["uint64", creditedAtUnixMs],
+    ["uint8", status],
+    ["bytes32", nonce]
+  ]);
+}
+
+export function bridgeWithdrawalId({
+  accountId,
+  destinationChainId,
+  destinationContract,
+  token,
+  amount,
+  recipient,
+  requestedAtBlockNumber,
+  requestedAtUnixMs,
+  status,
+  nonce,
+  metadataHash
+}) {
+  return typedHash(TYPE_STRINGS.bridgeWithdrawalV0, [
+    ["bytes32", accountId],
+    ["uint256", destinationChainId],
+    ["address", destinationContract],
+    ["address", token],
+    ["uint256", amount],
+    ["address", recipient],
+    ["uint64", requestedAtBlockNumber],
+    ["uint64", requestedAtUnixMs],
+    ["uint8", status],
+    ["bytes32", nonce],
+    ["bytes32", metadataHash]
+  ]);
+}
+
+export function localBalanceRecordId({
+  accountId,
+  assetId,
+  availableAmount,
+  lockedAmount,
+  lastCreditId,
+  lastWithdrawalId,
+  stateRoot,
+  updatedAtBlockNumber,
+  nonce
+}) {
+  return typedHash(TYPE_STRINGS.localBalanceRecordV0, [
+    ["bytes32", accountId],
+    ["bytes32", assetId],
+    ["uint256", availableAmount],
+    ["uint256", lockedAmount],
+    ["bytes32", lastCreditId],
+    ["bytes32", lastWithdrawalId],
+    ["bytes32", stateRoot],
+    ["uint64", updatedAtBlockNumber],
+    ["bytes32", nonce]
+  ]);
+}
+
 export function hardwareSignalEnvelopeId({
   deviceId,
   signalRoot,
@@ -482,6 +583,106 @@ export const LOCAL_ALPHA_OBJECT_DESCRIPTORS = Object.freeze({
       );
     }
   },
+  "flowmemory.bridge_deposit.v0": {
+    objectType: "bridge_deposit",
+    idField: "depositId",
+    domainName: "bridgeDepositId",
+    signerRoles: ["operator"],
+    nonzeroFields: [
+      "depositId",
+      "txHash",
+      "flowchainRecipient",
+      "metadataHash"
+    ],
+    input: (document) => ({
+      sourceChainId: document.sourceChainId,
+      sourceContract: document.sourceContract,
+      txHash: document.txHash,
+      logIndex: document.logIndex,
+      token: document.token,
+      amount: document.amount,
+      sender: document.sender,
+      flowchainRecipient: document.flowchainRecipient,
+      nonce: document.nonce,
+      metadataHash: document.metadataHash
+    }),
+    id: bridgeDepositId,
+    parentRootCheck(document) {
+      return (
+        [8453, 84532].includes(document.sourceChainId) &&
+        BigInt(document.amount) > 0n &&
+        Number.isInteger(document.logIndex) &&
+        document.logIndex >= 0
+      );
+    }
+  },
+  "flowchain.bridge_credit.v0": {
+    objectType: "bridge_credit",
+    idField: "creditId",
+    domainName: "bridgeCreditId",
+    signerRoles: ["operator"],
+    nonzeroFields: ["creditId", "depositId", "recipient", "assetId", "nonce"],
+    input: (document) => ({
+      depositId: document.depositId,
+      recipient: document.recipient,
+      assetId: document.assetId,
+      amount: document.amount,
+      creditedAtBlockNumber: document.creditedAtBlockNumber,
+      creditedAtUnixMs: document.creditedAtUnixMs,
+      status: document.statusCode,
+      nonce: document.nonce
+    }),
+    id: bridgeCreditId,
+    parentRootCheck(document) {
+      return BigInt(document.amount) > 0n && document.statusCode === LOCAL_ALPHA_BRIDGE_STATUSES.credited;
+    }
+  },
+  "flowchain.bridge_withdrawal.v0": {
+    objectType: "bridge_withdrawal",
+    idField: "withdrawalId",
+    domainName: "bridgeWithdrawalId",
+    signerRoles: ["agent", "operator"],
+    nonzeroFields: ["withdrawalId", "accountId", "metadataHash", "nonce"],
+    input: (document) => ({
+      accountId: document.accountId,
+      destinationChainId: document.destinationChainId,
+      destinationContract: document.destinationContract,
+      token: document.token,
+      amount: document.amount,
+      recipient: document.recipient,
+      requestedAtBlockNumber: document.requestedAtBlockNumber,
+      requestedAtUnixMs: document.requestedAtUnixMs,
+      status: document.statusCode,
+      nonce: document.nonce,
+      metadataHash: document.metadataHash
+    }),
+    id: bridgeWithdrawalId,
+    parentRootCheck(document) {
+      return [8453, 84532].includes(document.destinationChainId) && BigInt(document.amount) > 0n;
+    }
+  },
+  "flowchain.local_balance_record.v0": {
+    objectType: "local_balance_record",
+    idField: "balanceRecordId",
+    domainName: "localBalanceRecordId",
+    signerRoles: ["operator"],
+    nonzeroFields: ["balanceRecordId", "accountId", "assetId", "stateRoot", "nonce"],
+    input: (document) => ({
+      accountId: document.accountId,
+      assetId: document.assetId,
+      availableAmount: document.availableAmount,
+      lockedAmount: document.lockedAmount,
+      lastCreditId: document.lastCreditId,
+      lastWithdrawalId: document.lastWithdrawalId,
+      stateRoot: document.stateRoot,
+      updatedAtBlockNumber: document.updatedAtBlockNumber,
+      nonce: document.nonce
+    }),
+    id: localBalanceRecordId,
+    parentRootCheck(document) {
+      return BigInt(document.availableAmount) >= 0n && BigInt(document.lockedAmount) >= 0n;
+    }
+  },
   "flowchain.hardware_signal_envelope.v0": {
     objectType: "hardware_signal_envelope",
     idField: "hardwareSignalEnvelopeId",
@@ -622,8 +823,14 @@ export function validateLocalAlphaEnvelope({ document, envelope, context = {} })
     }
   }
 
-  if (descriptor.parentRootCheck && !descriptor.parentRootCheck(document)) {
-    errors.push("bad-parent-root");
+  if (descriptor.parentRootCheck) {
+    try {
+      if (!descriptor.parentRootCheck(document)) {
+        errors.push(descriptor.objectType === "bridge_deposit" ? "malformed-bridge-deposit" : "bad-parent-root");
+      }
+    } catch {
+      errors.push(descriptor.objectType === "bridge_deposit" ? "malformed-bridge-deposit" : "bad-parent-root");
+    }
   }
 
   try {
diff --git a/crypto/src/transactions.js b/crypto/src/transactions.js
new file mode 100644
index 00000000..b66fd3e8
--- /dev/null
+++ b/crypto/src/transactions.js
@@ -0,0 +1,223 @@
+import { DOMAIN_STRINGS, LOCAL_ALPHA_SIGNER_ROLES, TYPE_STRINGS, ZERO_BYTES32 } from "./constants.js";
+import { verifyDigest } from "./attestations.js";
+import { eip712Digest } from "./flowpulse.js";
+import { canonicalJsonHash, domainSeparator, keccakUtf8, typedHash } from "./hashes.js";
+import {
+  localAlphaObjectDescriptor,
+  localAlphaObjectId,
+  localAlphaObjectTypeHash
+} from "./objects.js";
+
+export function localTransactionEnvelopeHash({
+  chainId,
+  domainSeparator,
+  signerId,
+  signerKeyId,
+  signerRole,
+  nonce,
+  payloadHash,
+  objectId,
+  objectTypeHash,
+  issuedAtUnixMs
+}) {
+  return typedHash(TYPE_STRINGS.localTransactionEnvelopeV0, [
+    ["uint256", chainId],
+    ["bytes32", domainSeparator],
+    ["bytes32", signerId],
+    ["bytes32", signerKeyId],
+    ["uint8", signerRole],
+    ["uint64", nonce],
+    ["bytes32", payloadHash],
+    ["bytes32", objectId],
+    ["bytes32", objectTypeHash],
+    ["uint64", issuedAtUnixMs]
+  ]);
+}
+
+export const localTransactionEnvelopeId = localTransactionEnvelopeHash;
+
+export function localTransactionEnvelopePayload(input) {
+  const structHash = localTransactionEnvelopeHash(input);
+  return {
+    structHash,
+    signingDigest: eip712Digest(input.domainSeparator, structHash)
+  };
+}
+
+export function localTransactionEnvelopeInput(envelope) {
+  return {
+    chainId: envelope.chainId,
+    domainSeparator: envelope.domainSeparator,
+    signerId: envelope.signerId,
+    signerKeyId: envelope.signerKeyId,
+    signerRole: envelope.signerRoleCode,
+    nonce: envelope.nonce,
+    payloadHash: envelope.payloadHash,
+    objectId: envelope.objectId,
+    objectTypeHash: envelope.objectTypeHash,
+    issuedAtUnixMs: envelope.issuedAtUnixMs
+  };
+}
+
+export function localTransactionReplayKey(envelope) {
+  return `${envelope.chainId}:${envelope.domain}:${envelope.signerId}:${envelope.nonce}`;
+}
+
+export function localTransactionDomain(chainId) {
+  return `${DOMAIN_STRINGS.localTransactionEnvelope}:chain:${chainId}`;
+}
+
+export function localTransactionDomainSeparator(chainId) {
+  return keccakUtf8(localTransactionDomain(chainId));
+}
+
+export function buildUnsignedLocalTransactionEnvelope({
+  document,
+  chainId,
+  nonce,
+  signerId,
+  signerKeyId,
+  signerRole,
+  publicKey,
+  issuedAtUnixMs
+}) {
+  const descriptor = localAlphaObjectDescriptor(document?.schema);
+  if (!descriptor) {
+    throw new Error(`unknown local transaction object schema: ${document?.schema}`);
+  }
+  const signerRoleCode = LOCAL_ALPHA_SIGNER_ROLES[signerRole];
+  if (signerRoleCode === undefined) {
+    throw new Error(`unknown local transaction signer role: ${signerRole}`);
+  }
+
+  const objectId = localAlphaObjectId(document);
+  const objectTypeHash = localAlphaObjectTypeHash(document.schema);
+  const domain = localTransactionDomain(chainId);
+  const envelopeInput = {
+    chainId,
+    domainSeparator: localTransactionDomainSeparator(chainId),
+    signerId,
+    signerKeyId,
+    signerRole: signerRoleCode,
+    nonce,
+    payloadHash: canonicalJsonHash(document),
+    objectId,
+    objectTypeHash,
+    issuedAtUnixMs
+  };
+  const payload = localTransactionEnvelopePayload(envelopeInput);
+
+  return {
+    schema: "flowchain.local_transaction_envelope.v0",
+    envelopeId: payload.structHash,
+    domain,
+    domainSeparator: envelopeInput.domainSeparator,
+    chainId,
+    nonce,
+    signerId,
+    signerKeyId,
+    signerRole,
+    signerRoleCode,
+    publicKey,
+    objectSchema: document.schema,
+    objectType: descriptor.objectType,
+    objectTypeHash,
+    objectId,
+    payloadHash: envelopeInput.payloadHash,
+    issuedAtUnixMs,
+    signingDigest: payload.signingDigest
+  };
+}
+
+export function validateLocalTransactionEnvelope({
+  document,
+  envelope,
+  context = {}
+}) {
+  const errors = [];
+  const descriptor = localAlphaObjectDescriptor(document?.schema);
+  if (!descriptor) {
+    return { valid: false, errors: ["wrong-object-type"] };
+  }
+  if (!envelope || typeof envelope !== "object") {
+    return { valid: false, errors: ["missing-signer"] };
+  }
+
+  const expectedDomain = localTransactionDomain(envelope.chainId);
+  const expectedDomainSeparator = localTransactionDomainSeparator(envelope.chainId);
+  const expectedRoleCode = LOCAL_ALPHA_SIGNER_ROLES[envelope.signerRole];
+
+  if (context.chainId !== undefined && String(envelope.chainId) !== String(context.chainId)) {
+    errors.push("wrong-chain-id");
+  }
+  if (envelope.domain !== expectedDomain || envelope.domainSeparator !== expectedDomainSeparator) {
+    errors.push("wrong-domain");
+  }
+  if (
+    envelope.objectSchema !== document.schema ||
+    envelope.objectType !== descriptor.objectType ||
+    envelope.objectTypeHash !== localAlphaObjectTypeHash(document.schema)
+  ) {
+    errors.push("wrong-object-type");
+  }
+  if (!descriptor.signerRoles.includes(envelope.signerRole)) {
+    errors.push("wrong-signer");
+  }
+  if (
+    !envelope.signerId ||
+    !envelope.signerKeyId ||
+    !envelope.publicKey ||
+    !envelope.signature ||
+    envelope.signerId === ZERO_BYTES32 ||
+    envelope.signerKeyId === ZERO_BYTES32 ||
+    expectedRoleCode === undefined ||
+    envelope.signerRoleCode !== expectedRoleCode
+  ) {
+    errors.push("missing-signer");
+  }
+  if (context.expectedSignerId && envelope.signerId !== context.expectedSignerId) {
+    errors.push("wrong-signer");
+  }
+  if (context.seenNonces?.has?.(localTransactionReplayKey(envelope))) {
+    errors.push("replay");
+  }
+
+  try {
+    const expectedObjectId = localAlphaObjectId(document);
+    const expectedPayloadHash = canonicalJsonHash(document);
+    if (envelope.objectId !== expectedObjectId) {
+      errors.push("bad-object-id");
+    }
+    if (envelope.payloadHash !== expectedPayloadHash) {
+      errors.push("bad-payload-hash");
+    }
+
+    const input = localTransactionEnvelopeInput(envelope);
+    const expectedEnvelopeId = localTransactionEnvelopeHash(input);
+    const expectedPayload = localTransactionEnvelopePayload(input);
+    if (envelope.envelopeId !== expectedEnvelopeId) {
+      errors.push("bad-envelope-id");
+    }
+    if (envelope.signingDigest !== expectedPayload.signingDigest) {
+      errors.push("bad-envelope-digest");
+    }
+    if (
+      envelope.signature &&
+      envelope.publicKey &&
+      !verifyDigest({
+        digest: envelope.signingDigest,
+        signature: envelope.signature,
+        publicKey: envelope.publicKey
+      })
+    ) {
+      errors.push("bad-signature");
+    }
+  } catch (error) {
+    errors.push(/hex|bytes/i.test(String(error?.message)) ? "malformed-id" : "invalid-transaction");
+  }
+
+  return {
+    valid: errors.length === 0,
+    errors: [...new Set(errors)]
+  };
+}
diff --git a/crypto/src/validate-local-alpha-fixtures.js b/crypto/src/validate-local-alpha-fixtures.js
index 92f481ed..99158101 100644
--- a/crypto/src/validate-local-alpha-fixtures.js
+++ b/crypto/src/validate-local-alpha-fixtures.js
@@ -42,9 +42,16 @@ export function validateLocalAlphaFixtures(fixturePath = defaultFixturePath) {
     envelopeCount += 1;
   }
 
+  let transactionCount = 0;
+  for (const vector of fixture.transactions?.positive ?? []) {
+    validateDocument(vector.schemaPath, vector.envelope, vector.name);
+    transactionCount += 1;
+  }
+
   return {
     documents: documentCount,
     envelopes: envelopeCount,
+    transactions: transactionCount,
     schemas: validators.size
   };
 }
@@ -56,6 +63,6 @@ function readJson(path) {
 if (fileURLToPath(import.meta.url) === resolve(process.argv[1])) {
   const result = validateLocalAlphaFixtures(process.argv[2]);
   console.log(
-    `FLOWCHAIN_LOCAL_ALPHA_FIXTURES_OK documents=${result.documents} envelopes=${result.envelopes} schemas=${result.schemas}`
+    `FLOWCHAIN_LOCAL_ALPHA_FIXTURES_OK documents=${result.documents} envelopes=${result.envelopes} transactions=${result.transactions} schemas=${result.schemas}`
   );
 }
diff --git a/crypto/src/validate-vectors.js b/crypto/src/validate-vectors.js
index 9701e472..5fe35889 100644
--- a/crypto/src/validate-vectors.js
+++ b/crypto/src/validate-vectors.js
@@ -8,6 +8,9 @@ import {
   agentAccountId,
   artifactAvailabilityProofId,
   attestationEnvelopeHash,
+  bridgeCreditId,
+  bridgeDepositId,
+  bridgeWithdrawalId,
   challengeId,
   canonicalJsonHash,
   controlPlaneProvenanceResponseId,
@@ -22,6 +25,8 @@ import {
   hardwareSignalEnvelopeId,
   indexerCursorId,
   localSignatureEnvelopeHash,
+  localBalanceRecordId,
+  localTransactionEnvelopeHash,
   memoryCellId,
   merkleLeafHash,
   merkleRoot,
@@ -42,6 +47,9 @@ const validators = Object.freeze({
   agentAccountId,
   artifactAvailabilityProofId,
   attestationEnvelopeHash,
+  bridgeCreditId,
+  bridgeDepositId,
+  bridgeWithdrawalId,
   challengeId,
   canonicalJsonHash,
   controlPlaneProvenanceResponseId,
@@ -56,6 +64,8 @@ const validators = Object.freeze({
   hardwareSignalEnvelopeId,
   indexerCursorId,
   localSignatureEnvelopeHash,
+  localBalanceRecordId,
+  localTransactionEnvelopeHash,
   memoryCellId,
   merkleLeafHash,
   merkleRoot: ({ leaves }) => merkleRoot(leaves),
diff --git a/crypto/src/wallet-cli.js b/crypto/src/wallet-cli.js
new file mode 100644
index 00000000..165b0d0b
--- /dev/null
+++ b/crypto/src/wallet-cli.js
@@ -0,0 +1,104 @@
+#!/usr/bin/env node
+import { readFileSync, writeFileSync } from "node:fs";
+import {
+  createEncryptedTestVault,
+  exportVaultPublicMetadata,
+  signLocalTransactionWithVault,
+  validateLocalTransactionEnvelope
+} from "./index.js";
+
+const command = process.argv[2];
+const args = parseArgs(process.argv.slice(3));
+
+try {
+  if (command === "create") {
+    const vault = createEncryptedTestVault({
+      password: password(),
+      label: args.label ?? "local-operator",
+      signerRole: args.role ?? "operator"
+    });
+    writeOutput(args.vault, vault);
+    console.log(JSON.stringify(exportVaultPublicMetadata(vault), null, 2));
+  } else if (command === "sign") {
+    const vault = readJson(required("vault"));
+    const document = readJson(required("document"));
+    const signerKeyId = args["signer-key-id"] ?? vault.publicAccounts[0]?.signerKeyId;
+    const envelope = await signLocalTransactionWithVault({
+      vault,
+      password: password(),
+      signerKeyId,
+      document,
+      chainId: required("chain-id"),
+      nonce: required("nonce")
+    });
+    writeOutput(args.out, envelope);
+    console.log(JSON.stringify(envelope, null, 2));
+  } else if (command === "verify") {
+    const document = readJson(required("document"));
+    const envelope = readJson(required("envelope"));
+    const result = validateLocalTransactionEnvelope({
+      document,
+      envelope,
+      context: args["chain-id"] ? { chainId: args["chain-id"] } : {}
+    });
+    console.log(JSON.stringify(result, null, 2));
+    process.exitCode = result.valid ? 0 : 1;
+  } else {
+    usage();
+    process.exitCode = 1;
+  }
+} catch (error) {
+  console.error(error instanceof Error ? error.message : String(error));
+  process.exitCode = 1;
+}
+
+function parseArgs(argv) {
+  const parsed = {};
+  for (let i = 0; i < argv.length; i += 1) {
+    const arg = argv[i];
+    if (!arg.startsWith("--")) {
+      continue;
+    }
+    const key = arg.slice(2);
+    const next = argv[i + 1];
+    if (!next || next.startsWith("--")) {
+      parsed[key] = true;
+    } else {
+      parsed[key] = next;
+      i += 1;
+    }
+  }
+  return parsed;
+}
+
+function password() {
+  const value = args.password ?? process.env.FLOWMEMORY_TEST_WALLET_PASSWORD;
+  if (!value) {
+    throw new Error("set --password or FLOWMEMORY_TEST_WALLET_PASSWORD for the local test vault");
+  }
+  return value;
+}
+
+function required(name) {
+  if (!args[name]) {
+    throw new Error(`missing --${name}`);
+  }
+  return args[name];
+}
+
+function readJson(path) {
+  return JSON.parse(readFileSync(path, "utf8"));
+}
+
+function writeOutput(path, value) {
+  if (path) {
+    writeFileSync(path, `${JSON.stringify(value, null, 2)}\n`);
+  }
+}
+
+function usage() {
+  console.error(`Usage:
+  node src/wallet-cli.js create --vault <path> [--password <local-test-password>] [--label <label>] [--role operator]
+  node src/wallet-cli.js sign --vault <path> --document <path> --chain-id <id> --nonce <n> [--signer-key-id <id>] [--out <path>]
+  node src/wallet-cli.js verify --document <path> --envelope <path> [--chain-id <id>]`);
+}
diff --git a/crypto/src/wallet.js b/crypto/src/wallet.js
new file mode 100644
index 00000000..fab6971f
--- /dev/null
+++ b/crypto/src/wallet.js
@@ -0,0 +1,284 @@
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from "node:crypto";
+
+import { bytesToHex } from "./encoding.js";
+import { keccakUtf8 } from "./hashes.js";
+import { publicKeyFromPrivateKey, signDigest } from "./attestations.js";
+import {
+  buildUnsignedLocalTransactionEnvelope,
+  validateLocalTransactionEnvelope
+} from "./transactions.js";
+import { LOCAL_ALPHA_SIGNER_ROLES } from "./constants.js";
+
+const VAULT_SCHEMA = "flowmemory.crypto.local-test-vault.v0";
+const VAULT_SECRETS_SCHEMA = "flowmemory.crypto.local-test-vault-secrets.v0";
+const PUBLIC_EXPORT_SCHEMA = "flowmemory.crypto.local-test-vault-public-metadata.v0";
+
+export function createEncryptedTestVault({
+  password,
+  label = "local-operator",
+  signerRole = "operator",
+  createdAtUnixMs = Date.now().toString(),
+  privateKey
+} = {}) {
+  requirePassword(password);
+  const account = createVaultAccount({ label, signerRole, createdAtUnixMs, privateKey });
+  return encryptVaultSecrets({
+    password,
+    publicAccounts: [publicAccount(account)],
+    secrets: {
+      schema: VAULT_SECRETS_SCHEMA,
+      accounts: [account]
+    },
+    createdAtUnixMs
+  });
+}
+
+export function unlockEncryptedTestVault({ vault, password }) {
+  requirePassword(password);
+  const secrets = decryptVaultSecrets({ vault, password });
+  return {
+    schema: "flowmemory.crypto.local-test-vault-session.v0",
+    vaultId: vault.vaultId,
+    createdAtUnixMs: vault.createdAtUnixMs,
+    publicAccounts: vault.publicAccounts,
+    accounts: secrets.accounts
+  };
+}
+
+export function listVaultPublicAccounts(vaultOrSession) {
+  return structuredClone(vaultOrSession.publicAccounts ?? []);
+}
+
+export function exportVaultPublicMetadata(vaultOrSession) {
+  return {
+    schema: PUBLIC_EXPORT_SCHEMA,
+    vaultId: vaultOrSession.vaultId,
+    createdAtUnixMs: vaultOrSession.createdAtUnixMs,
+    publicAccounts: listVaultPublicAccounts(vaultOrSession),
+    boundary: "Public local test metadata only. Secret key material is excluded."
+  };
+}
+
+export function addEncryptedTestVaultAccount({
+  vault,
+  password,
+  label = "local-account",
+  signerRole = "agent",
+  createdAtUnixMs = Date.now().toString(),
+  privateKey,
+  signerId
+}) {
+  const secrets = decryptVaultSecrets({ vault, password });
+  const account = createVaultAccount({ label, signerRole, createdAtUnixMs, privateKey, signerId });
+  const accounts = [...secrets.accounts, account];
+  return encryptVaultSecrets({
+    password,
+    vaultId: vault.vaultId,
+    createdAtUnixMs: vault.createdAtUnixMs,
+    publicAccounts: accounts.map(publicAccount),
+    secrets: {
+      schema: VAULT_SECRETS_SCHEMA,
+      accounts
+    }
+  });
+}
+
+export function rotateEncryptedTestVaultAccount({
+  vault,
+  password,
+  signerKeyId,
+  label,
+  createdAtUnixMs = Date.now().toString(),
+  privateKey
+}) {
+  const secrets = decryptVaultSecrets({ vault, password });
+  const index = secrets.accounts.findIndex((account) => account.signerKeyId === signerKeyId);
+  if (index === -1) {
+    throw new Error(`unknown signer key id: ${signerKeyId}`);
+  }
+
+  const previous = { ...secrets.accounts[index], active: false, rotatedAtUnixMs: createdAtUnixMs };
+  const replacement = createVaultAccount({
+    label: label ?? previous.label,
+    signerRole: previous.signerRole,
+    createdAtUnixMs,
+    privateKey,
+    signerId: previous.signerId,
+    rotatedFromSignerKeyId: previous.signerKeyId
+  });
+  const accounts = [...secrets.accounts.slice(0, index), previous, replacement, ...secrets.accounts.slice(index + 1)];
+
+  return encryptVaultSecrets({
+    password,
+    vaultId: vault.vaultId,
+    createdAtUnixMs: vault.createdAtUnixMs,
+    publicAccounts: accounts.map(publicAccount),
+    secrets: {
+      schema: VAULT_SECRETS_SCHEMA,
+      accounts
+    }
+  });
+}
+
+export async function signLocalTransactionWithVault({
+  vault,
+  password,
+  signerKeyId,
+  document,
+  chainId,
+  nonce,
+  issuedAtUnixMs = Date.now().toString()
+}) {
+  const session = unlockEncryptedTestVault({ vault, password });
+  const account = session.accounts.find(
+    (candidate) => candidate.signerKeyId === signerKeyId && candidate.active !== false
+  );
+  if (!account) {
+    throw new Error(`unknown active signer key id: ${signerKeyId}`);
+  }
+
+  const unsigned = buildUnsignedLocalTransactionEnvelope({
+    document,
+    chainId,
+    nonce,
+    signerId: account.signerId,
+    signerKeyId: account.signerKeyId,
+    signerRole: account.signerRole,
+    publicKey: account.publicKey,
+    issuedAtUnixMs
+  });
+  const signature = await signDigest({ digest: unsigned.signingDigest, privateKey: account.privateKey });
+  return {
+    ...unsigned,
+    signature
+  };
+}
+
+export function verifyLocalTransactionSignature({ document, envelope, context }) {
+  return validateLocalTransactionEnvelope({ document, envelope, context });
+}
+
+function encryptVaultSecrets({
+  password,
+  publicAccounts,
+  secrets,
+  createdAtUnixMs,
+  vaultId = randomBytes32()
+}) {
+  requirePassword(password);
+  const salt = randomBytes(16);
+  const iv = randomBytes(12);
+  const kdf = {
+    name: "scrypt",
+    salt: bytesToHex(salt),
+    N: 16384,
+    r: 8,
+    p: 1,
+    keyLength: 32
+  };
+  const key = scryptSync(password, salt, kdf.keyLength, { N: kdf.N, r: kdf.r, p: kdf.p });
+  const cipher = createCipheriv("aes-256-gcm", key, iv);
+  const ciphertext = Buffer.concat([
+    cipher.update(JSON.stringify(secrets), "utf8"),
+    cipher.final()
+  ]);
+
+  return {
+    schema: VAULT_SCHEMA,
+    vaultId,
+    createdAtUnixMs,
+    kdf,
+    cipher: {
+      name: "aes-256-gcm",
+      iv: bytesToHex(iv),
+      authTag: bytesToHex(cipher.getAuthTag())
+    },
+    ciphertext: bytesToHex(ciphertext),
+    publicAccounts
+  };
+}
+
+function decryptVaultSecrets({ vault, password }) {
+  requirePassword(password);
+  if (vault?.schema !== VAULT_SCHEMA) {
+    throw new Error("unsupported local test vault schema");
+  }
+  const salt = Buffer.from(vault.kdf.salt.slice(2), "hex");
+  const key = scryptSync(password, salt, vault.kdf.keyLength, {
+    N: vault.kdf.N,
+    r: vault.kdf.r,
+    p: vault.kdf.p
+  });
+  const decipher = createDecipheriv("aes-256-gcm", key, Buffer.from(vault.cipher.iv.slice(2), "hex"));
+  decipher.setAuthTag(Buffer.from(vault.cipher.authTag.slice(2), "hex"));
+  const plaintext = Buffer.concat([
+    decipher.update(Buffer.from(vault.ciphertext.slice(2), "hex")),
+    decipher.final()
+  ]);
+  const secrets = JSON.parse(plaintext.toString("utf8"));
+  if (secrets.schema !== VAULT_SECRETS_SCHEMA || !Array.isArray(secrets.accounts)) {
+    throw new Error("invalid local test vault payload");
+  }
+  return secrets;
+}
+
+function createVaultAccount({
+  label,
+  signerRole,
+  createdAtUnixMs,
+  privateKey = randomPrivateKey(),
+  signerId,
+  rotatedFromSignerKeyId
+}) {
+  if (LOCAL_ALPHA_SIGNER_ROLES[signerRole] === undefined) {
+    throw new Error(`unsupported signer role: ${signerRole}`);
+  }
+  const publicKey = publicKeyFromPrivateKey(privateKey);
+  const publicKeyHash = keccakUtf8(publicKey);
+  const account = {
+    label,
+    signerRole,
+    signerRoleCode: LOCAL_ALPHA_SIGNER_ROLES[signerRole],
+    signerId: signerId ?? keccakUtf8(`flowchain.local-alpha.signer:${publicKey}`),
+    signerKeyId: keccakUtf8(`flowchain.local-alpha.signer-key:${publicKey}`),
+    publicKey,
+    publicKeyHash,
+    createdAtUnixMs,
+    active: true,
+    privateKey
+  };
+  if (rotatedFromSignerKeyId) {
+    account.rotatedFromSignerKeyId = rotatedFromSignerKeyId;
+  }
+  return account;
+}
+
+function publicAccount(account) {
+  const {
+    privateKey,
+    ...metadata
+  } = account;
+  return metadata;
+}
+
+function randomPrivateKey() {
+  for (;;) {
+    const candidate = bytesToHex(randomBytes(32));
+    try {
+      publicKeyFromPrivateKey(candidate);
+      return candidate;
+    } catch {
+      // Try again if random bytes are outside the secp256k1 private-key range.
+    }
+  }
+}
+
+function randomBytes32() {
+  return bytesToHex(randomBytes(32));
+}
+
+function requirePassword(password) {
+  if (typeof password !== "string" || password.length < 8) {
+    throw new Error("local test vault password must be at least 8 characters");
+  }
+}
diff --git a/crypto/test/crypto.test.js b/crypto/test/crypto.test.js
index 63f524ff..db43f38f 100644
--- a/crypto/test/crypto.test.js
+++ b/crypto/test/crypto.test.js
@@ -8,6 +8,10 @@ import {
   agentAccountId,
   artifactAvailabilityProofId,
   attestationEnvelopeHash,
+  addEncryptedTestVaultAccount,
+  bridgeCreditId,
+  bridgeDepositId,
+  bridgeWithdrawalId,
   challengeId,
   canonicalJsonHash,
   canonicalJson,
@@ -24,13 +28,21 @@ import {
   flowPulseEventSignature,
   flowPulseObservationId,
   flowPulseSchemaId,
+  createEncryptedTestVault,
+  exportVaultPublicMetadata,
   hardwareSignalEnvelopeId,
   indexerCursorId,
+  listVaultPublicAccounts,
+  localBalanceRecordId,
   localAlphaEnvelopeReplayKey,
   localAlphaObjectId,
   localSignatureEnvelopeHash,
   localSignatureEnvelopeInput,
   localSignatureEnvelopePayload,
+  localTransactionEnvelopeHash,
+  localTransactionEnvelopeInput,
+  localTransactionEnvelopePayload,
+  localTransactionReplayKey,
   keccakUtf8,
   memoryCellId,
   merkleLeafHash,
@@ -41,11 +53,15 @@ import {
   receiptHash,
   rootCommitment,
   rootfieldNamespaceId,
+  rotateEncryptedTestVaultAccount,
+  signLocalTransactionWithVault,
   signDigest,
   storageReceiptCommitmentHash,
   TYPE_STRINGS,
   typedHash,
+  unlockEncryptedTestVault,
   validateLocalAlphaEnvelope,
+  validateLocalTransactionEnvelope,
   verifierModuleId,
   verifierIdentity,
   verifierReportHash,
@@ -72,11 +88,16 @@ const localAlphaObjects = fixture("local-alpha-objects.json");
 const localAlphaValidators = Object.freeze({
   agentAccountId,
   artifactAvailabilityProofId,
+  bridgeCreditId,
+  bridgeDepositId,
+  bridgeWithdrawalId,
   challengeId,
   controlPlaneProvenanceResponseId,
   finalityReceiptId,
   hardwareSignalEnvelopeId,
+  localBalanceRecordId,
   localSignatureEnvelopeHash,
+  localTransactionEnvelopeHash,
   memoryCellId,
   modelPassportId,
   verifierModuleId,
@@ -374,13 +395,14 @@ test("validates FlowChain Local Alpha signed object envelopes", () => {
 
 test("AJV validates all Local Alpha object and envelope fixtures against canonical schemas", () => {
   assert.deepEqual(validateLocalAlphaFixtures(), {
-    documents: 11,
-    envelopes: 11,
-    schemas: 12
+    documents: 15,
+    envelopes: 15,
+    transactions: 1,
+    schemas: 17
   });
 });
 
-test("Local Alpha signed envelope vectors reject replay, wrong domains, missing signer, malformed roots, and wrong types", () => {
+test("Local Alpha signed envelope vectors reject replay, wrong domains, missing signer, malformed roots, malformed bridge deposits, and wrong types", () => {
   const documentsByName = new Map(localAlphaObjects.positive.map((entry) => [entry.name, entry.document]));
   const envelopesByName = new Map(localAlphaObjects.envelopes.positive.map((entry) => [entry.name, entry]));
 
@@ -397,6 +419,44 @@ test("Local Alpha signed envelope vectors reject replay, wrong domains, missing
   }
 });
 
+test("validates canonical local transaction envelopes and negative vectors", () => {
+  const documentsByName = new Map(localAlphaObjects.positive.map((entry) => [entry.name, entry.document]));
+  const transactionsByName = new Map(localAlphaObjects.transactions.positive.map((entry) => [entry.name, entry]));
+  const seenNonces = new Set();
+
+  for (const vector of localAlphaObjects.transactions.positive) {
+    const document = documentsByName.get(vector.objectName);
+    assert.ok(document, `unknown transaction object: ${vector.objectName}`);
+    assertSchemaDocument(vector.schemaPath, vector.envelope);
+    assert.equal(localTransactionEnvelopeHash(vector.input), vector.expected.envelopeId, vector.name);
+    assert.deepEqual(localTransactionEnvelopePayload(vector.input), {
+      structHash: vector.expected.envelopeId,
+      signingDigest: vector.expected.signingDigest
+    });
+    assert.deepEqual(localTransactionEnvelopeInput(vector.envelope), vector.input);
+
+    const result = validateLocalTransactionEnvelope({
+      document,
+      envelope: vector.envelope,
+      context: { chainId: vector.envelope.chainId, seenNonces }
+    });
+    assert.deepEqual(result, { valid: true, errors: [] }, vector.name);
+    seenNonces.add(localTransactionReplayKey(vector.envelope));
+  }
+
+  for (const vector of localAlphaObjects.transactions.negative) {
+    const { document, envelope, context } = mutatedTransactionVector(vector, documentsByName, transactionsByName);
+    const result = validateLocalTransactionEnvelope({ document, envelope, context });
+    assert.equal(result.valid, false, vector.name);
+    for (const expectedError of vector.expectErrors) {
+      assert.ok(
+        result.errors.includes(expectedError),
+        `${vector.name} expected ${expectedError}, got ${result.errors.join(", ")}`
+      );
+    }
+  }
+});
+
 test("Local Alpha object fixtures reject swapped fields, malformed hex, duplicate ids, and changed type strings", () => {
   for (const negative of localAlphaObjects.negative) {
     if (negative.reason === "swapped-field-rejection") {
@@ -453,8 +513,79 @@ test("control-plane provenance response uses stable canonical JSON body hashing"
   assert.equal(controlPlaneProvenanceResponseId(provenance.input), provenance.expected);
 });
 
+test("local encrypted test vault creates, unlocks, lists, signs, verifies, exports public metadata, and rotates accounts", async () => {
+  const password = "local-test-password";
+  const memoryCell = localAlphaObjects.positive.find((entry) => entry.name === "memory-cell.demo").document;
+  const vault = createEncryptedTestVault({
+    password,
+    label: "operator",
+    signerRole: "operator",
+    privateKey: "0x0000000000000000000000000000000000000000000000000000000000000001",
+    createdAtUnixMs: "1778702400000"
+  });
+
+  assert.doesNotMatch(JSON.stringify(vault), /privateKey|mnemonic|seed/i);
+  assert.equal(listVaultPublicAccounts(vault).length, 1);
+  assert.equal(unlockEncryptedTestVault({ vault, password }).accounts.length, 1);
+  await assert.rejects(
+    () => signLocalTransactionWithVault({
+      vault,
+      password: "wrong-password",
+      signerKeyId: vault.publicAccounts[0].signerKeyId,
+      document: memoryCell,
+      chainId: "31337",
+      nonce: "1"
+    }),
+    /authenticate|decrypt|Unsupported/i
+  );
+
+  const expandedVault = addEncryptedTestVaultAccount({
+    vault,
+    password,
+    label: "agent",
+    signerRole: "agent",
+    privateKey: "0x0000000000000000000000000000000000000000000000000000000000000002",
+    createdAtUnixMs: "1778702400001"
+  });
+  assert.equal(listVaultPublicAccounts(expandedVault).length, 2);
+
+  const agentKey = listVaultPublicAccounts(expandedVault).find((account) => account.signerRole === "agent");
+  const envelope = await signLocalTransactionWithVault({
+    vault: expandedVault,
+    password,
+    signerKeyId: agentKey.signerKeyId,
+    document: memoryCell,
+    chainId: "31337",
+    nonce: "7",
+    issuedAtUnixMs: "1778702400002"
+  });
+  assert.deepEqual(validateLocalTransactionEnvelope({
+    document: memoryCell,
+    envelope,
+    context: { chainId: "31337", expectedSignerId: agentKey.signerId }
+  }), { valid: true, errors: [] });
+
+  const publicExport = exportVaultPublicMetadata(expandedVault);
+  assert.doesNotMatch(JSON.stringify(publicExport), /privateKey|mnemonic|ciphertext/i);
+  assert.equal(publicExport.publicAccounts.length, 2);
+
+  const rotatedVault = rotateEncryptedTestVaultAccount({
+    vault: expandedVault,
+    password,
+    signerKeyId: agentKey.signerKeyId,
+    privateKey: "0x0000000000000000000000000000000000000000000000000000000000000005",
+    createdAtUnixMs: "1778702400003"
+  });
+  const rotatedAccounts = listVaultPublicAccounts(rotatedVault).filter(
+    (account) => account.signerId === agentKey.signerId
+  );
+  assert.equal(rotatedAccounts.length, 2);
+  assert.equal(rotatedAccounts.some((account) => account.active === false), true);
+  assert.equal(rotatedAccounts.some((account) => account.rotatedFromSignerKeyId === agentKey.signerKeyId), true);
+});
+
 test("validates all published crypto test vectors", () => {
-  assert.equal(validateVectors(), 33);
+  assert.equal(validateVectors(), 38);
 });
 
 test("signs and verifies verifier digests with local test keys only", async () => {
@@ -505,3 +636,25 @@ function mutatedEnvelopeVector(vector, documentsByName, envelopesByName) {
 
   return { document, envelope, context };
 }
+
+function mutatedTransactionVector(vector, documentsByName, transactionsByName) {
+  const base = transactionsByName.get(vector.baseTransaction);
+  assert.ok(base, `unknown base transaction: ${vector.baseTransaction}`);
+  const document = structuredClone(documentsByName.get(base.objectName));
+  const envelope = structuredClone(base.envelope);
+  const mutation = vector.mutation ?? {};
+
+  if (mutation.document) {
+    Object.assign(document, mutation.document);
+  }
+  if (mutation.envelope) {
+    Object.assign(envelope, mutation.envelope);
+  }
+
+  const context = mutation.context ? { ...mutation.context } : {};
+  if (mutation.contextReplay) {
+    context.seenNonces = new Set([localTransactionReplayKey(envelope)]);
+  }
+
+  return { document, envelope, context };
+}
diff --git a/docs/CURRENT_STATE.md b/docs/CURRENT_STATE.md
index 5420bdb8..e5b47388 100644
--- a/docs/CURRENT_STATE.md
+++ b/docs/CURRENT_STATE.md
@@ -42,9 +42,11 @@ Contracts foundation:
 - `contracts/FlowPulse.sol` defines the FlowPulse v0 event interface and initial pulse type constants.
 - `contracts/RootfieldRegistry.sol` registers Rootfield namespaces, accepts committed roots, and emits FlowPulse events.
 - `contracts/FlowMemoryHookAdapter.sol` is a compileable V0 hook-adapter scaffold. It emits `SWAP_MEMORY_SIGNAL` FlowPulse events for the launch fixture path. It is not a production Uniswap v4 hook.
+- `contracts/FlowMemoryAfterSwapHook.sol` is a PoolManager-gated Uniswap v4 `afterSwap` hook candidate for the real hook path. It emits FlowPulse without custody, fee override, or `txHash`/`logIndex` assumptions.
+- `contracts/FlowMemoryHookPlanner.sol` records the afterSwap-only permission flag, address-mining target, CREATE2 planning helpers, and Base Sepolia planning constants.
 - `contracts/ArtifactRegistry.sol`, `CursorRegistry.sol`, `ReceiptVerifier.sol`, `WorkerRegistry.sol`, `VerifierRegistry.sol`, `WorkReceiptRegistry.sol`, `VerifierReportRegistry.sol`, and `WorkDebtScheduler.sol` provide local/test skeleton surfaces for commitments, cursors, work receipts, verifier reports, and work state.
 - `contracts/FLOWPULSE_SCHEMA.md` documents event fields, receipt boundaries, and URI/log-data limitations.
-- `tests/RootfieldRegistry.t.sol` and `tests/LiveV0Package.t.sol` contain 38 passing Foundry tests.
+- Foundry tests currently cover the registry/hook/receipt surfaces, including afterSwap hook boundaries and CREATE2 planning.
 - `tests/README.md` documents the current test command.
 - `contracts/STATIC_ANALYSIS.md`, `contracts/DEPLOYMENT_BOUNDARY.md`, and `contracts/ACCESS_CONTROL_REVIEW.md` define the current hardening, deployment, and access-control boundaries.
 - `infra/scripts/contracts-static-analysis.ps1` and `infra/scripts/contracts-static-analysis.sh` run the contract hardening baseline. Slither is optional by default and required only when explicitly requested.
@@ -52,15 +54,17 @@ Contracts foundation:
 Crypto foundation:
 
 - `crypto/` contains runnable Keccak-based V0 hash helpers, typed domains, receipt/report/root/artifact/work helpers, attestation helpers, fixtures, and test vectors.
-- Crypto tests currently pass with 13 Node tests, 21 vector validations, and a Python FlowPulse vector recompute.
+- Crypto tests currently pass with local object, signed-envelope, wallet, and vector coverage: 21 Node tests, 38 vector validations, and 15 local-alpha documents with 15 signature envelopes plus 1 local transaction envelope.
 
 Indexer/verifier local package:
 
-- `services/shared/`, `services/indexer/`, and `services/verifier/` contain fixture-first local packages.
-- The local services test suite currently has 31 passing tests.
+- `services/shared/`, `services/indexer/`, `services/verifier/`, `services/flowmemory/`, `services/control-plane/`, and `services/bridge-relayer/` contain fixture-first local packages.
+- The local services test suite currently passes across the shared, indexer, verifier, Flow Memory, control-plane, and bridge-relayer packages.
 - `npm run e2e` currently indexes 8 observations, writes 7 cursors, rejects 2 logs, tracks 1 duplicate, and produces 8 verifier reports.
 - The verifier uses local fixture evidence only. It is not a production verifier network.
 - The verifier supports local fixture checks for rootfield registration, root commitments, and swap-derived memory-signal commitments.
+- The control-plane API prefers live local runtime state from `devnet/local/`, falls back to deterministic fixtures, and exposes a 49-method local smoke client for node status, blocks, transactions, accounts, balances, wallets, Rootfields, receipts, verifier reports, memory cells, challenges, finality, bridge observations, bridge deposits, bridge credits, withdrawals, provenance, and raw JSON.
+- Control-plane transaction and bridge-observation intake writes local ignored files under `devnet/local/intake/` and rejects private-key, mnemonic, seed phrase, RPC credential, API key, and webhook-shaped material.
 - `npm run index:base-sepolia -- --rpc-url <url> --address <contract> --from-block <n> --to-block <n>` provides a constrained Base Sepolia reader path.
 - The Base Sepolia reader requires an explicit RPC URL, rejects non-Base-Sepolia chain ids, and persists both canonical state and a durable checkpoint without storing RPC URLs or keys.
 - `npm run index:base-canary -- --acknowledge-mainnet-canary --rpc-url <url> --address <contract> --from-block <n> --to-block <n>` provides a guarded Base mainnet canary reader path for the documented V0 canary deployment only.
@@ -98,9 +102,9 @@ Launch-core integration:
 Local no-value devnet prototype:
 
 - `crates/flowmemory-devnet/` contains a Rust local devnet prototype.
-- It models deterministic local transactions, blocks, state roots, and handoff output.
-- It has 7 passing Rust tests.
-- It is not a production L1, token system, sequencer, validator set, or bridge.
+- It models deterministic local transactions, blocks, state roots, handoff output, and native local objects for agent accounts, model passports, work receipts, verifier reports, memory cells, challenges, finality receipts, artifact availability, and no-value local test-unit/faucet records.
+- It has 20 passing Rust tests.
+- It is not a production L1, value-bearing token system, sequencer, validator set, or bridge.
 
 FlowRouter hardware POC:
 
@@ -126,19 +130,20 @@ Launch-core specifications:
 FlowChain private/local testnet snapshot:
 
 - Implemented: V0 launch-core generation and validation, no-value deterministic
-  Rust devnet prototype, contract event/settlement spine, crypto V0 helpers and
-  vectors, fixture indexer/verifier, fixture-backed dashboard, hardware POC
+  Rust devnet prototype, native private/local object lifecycle, local
+  control-plane API and smoke client, contract event/settlement spine,
+  Uniswap v4 afterSwap hook candidate/planner, crypto V0 helpers and vectors,
+  fixture indexer/verifier, fixture-backed dashboard/workbench, hardware POC
   simulator, Base Sepolia reader/deploy commands, guarded canary reader, and
   Windows-first root wrapper commands for prerequisite checks, init, bounded
-  start/stop, demo, smoke, export/import, and workbench dev mode.
-- In flight: native private-testnet object lifecycle, local control-plane API,
-  private-testnet object IDs and envelopes, workbench extension, optional
-  hardware operator signal fixtures, and advanced L1 research gates.
-- Missing: long-running local runtime start behavior, private genesis/config
-  package beyond the deterministic devnet genesis, full native object
-  lifecycle coverage, full control-plane method coverage, full workbench entity
-  coverage, no-secret API checks, and second-computer smoke evidence for the
-  unmerged native object/control-plane/workbench surfaces.
+  start/stop, demo, smoke, full smoke, export/import, and workbench dev mode.
+- In flight: private-testnet object IDs and envelopes for newest local balance
+  and bridge-shaped surfaces, workbench polish, optional hardware operator
+  signal fixtures, Base Sepolia hook deployment runbook, and advanced L1
+  research gates.
+- Missing: long-running multi-process node behavior, LAN peer mode, encrypted
+  local operator vault, and second-computer smoke evidence for the latest
+  full-smoke branch.
 - Later gated: production L1/mainnet, public validators, tokenomics,
   production bridge, production hook deployment, audited cryptography,
   proof-circuit infrastructure, production hardware, and hosted production
@@ -219,9 +224,9 @@ Before assigning agents, check for dirty worktrees and avoid overlapping folders
 ## Current Operator Priorities
 
 1. Keep the generated launch-core command stable in CI.
-2. Keep the new root wrapper path usable on Windows: `flowchain:prereq`, `flowchain:init`, `flowchain:start`, `flowchain:demo`, `flowchain:smoke`, `flowchain:export`, and `workbench:dev`.
-3. Convert the remaining V0/local-alpha surfaces into one FlowChain private/local L1 testnet package for second-computer validation.
-4. Land the missing subsystem pieces behind the wrappers: long-running runtime behavior, control-plane serve/query coverage, native object lifecycle, and workbench entity coverage.
+2. Keep the new root wrapper path usable on Windows: `flowchain:prereq`, `flowchain:init`, `flowchain:start`, `flowchain:demo`, `flowchain:smoke`, `flowchain:full-smoke`, `flowchain:export`, and `workbench:dev`.
+3. Use `npm run flowchain:full-smoke` as the private/local package acceptance gate before claiming a branch is demo-ready.
+4. Keep improving the missing subsystem pieces behind the wrappers: long-running runtime behavior, LAN peer mode, encrypted local operator vault, workbench polish, and Base Sepolia hook deployment planning.
 5. Keep the guarded Base canary reader and dashboard canary artifacts fresh when canary smoke actions change.
 6. Exercise the Base Sepolia deploy/read path on explicit testnet contract addresses only.
 7. Continue contracts hardening without production mainnet deployment or token mechanics.
diff --git a/docs/DECISIONS/2026-05-13-uniswap-v4-shaped-hook-path.md b/docs/DECISIONS/2026-05-13-uniswap-v4-shaped-hook-path.md
index 375e6a73..75995e1c 100644
--- a/docs/DECISIONS/2026-05-13-uniswap-v4-shaped-hook-path.md
+++ b/docs/DECISIONS/2026-05-13-uniswap-v4-shaped-hook-path.md
@@ -16,6 +16,17 @@ The callback consumes ABI-encoded `FlowMemorySwapHookData`, derives a pool id
 from the v4-compatible pool key fields, emits a `SWAP_MEMORY_SIGNAL` FlowPulse,
 and returns zero hook delta.
 
+Issue #78 keeps the adapter-first path for existing local/canary fixtures and
+adds the next production-shaped path without vendoring v4 dependencies:
+
+- `FlowMemoryAfterSwapHook` is a separate PoolManager-gated hook candidate with
+  only a v4-shaped `afterSwap` callback.
+- `FlowMemoryHookPlanner` defines and mines the permission-address target for
+  the hook candidate.
+- The first hook target is afterSwap-only: low hook bits must equal
+  `AFTER_SWAP_FLAG` (`1 << 6`, `0x40`) and must not include return-delta,
+  before-swap, donate, liquidity, or initialize flags.
+
 ## Why
 
 The previous adapter was useful for local tests but did not give reviewers a
@@ -23,21 +34,23 @@ real v4 callback shape. The new path makes the next hook integration work much
 less abstract while still avoiding a premature dependency or production
 deployment claim.
 
+The true-hook path is separate from the adapter so launch fixtures can remain
+stable while Base Sepolia hook address mining, PoolManager gating, and source
+verification inputs become concrete review artifacts.
+
 ## Boundaries
 
 - This is not a production Uniswap v4 hook deployment.
 - The repo still does not vendor `v4-core` or `v4-periphery`.
-- The callback does not do custom accounting, token custody, dynamic fees, or
-  LP fee overrides.
-- Hook address permission mining, PoolManager deployment wiring, and production
-  pool configuration remain gated.
+- The adapter and hook callback do not do custom accounting, token custody,
+  dynamic fees, or LP fee overrides.
+- Production pool configuration remains gated.
 - Contracts still cannot know `txHash` or `logIndex`; indexers derive those
   after receipts and logs exist.
 
-## Production Hook Permission Target
+## Hook Permission Target
 
-When this graduates from adapter-first V0 to a real PoolManager hook, the first
-permission target should be `afterSwap` only:
+The first real PoolManager hook target is `afterSwap` only:
 
 - no `beforeSwap`;
 - no custom accounting return delta;
@@ -45,10 +58,39 @@ permission target should be `afterSwap` only:
 - no token custody;
 - no pool creation or liquidity-position behavior.
 
-That production hook must be permission-address-mined for Uniswap v4's hook
-flags and deployed through a dedicated script before any pool can use it. The
-current canary adapter address is not claimed to satisfy those production hook
-address flags.
+The hook candidate must be permission-address-mined for Uniswap v4's hook flags
+before any pool can use it. The current canary adapter address is not claimed
+to satisfy those hook address flags.
+
+## Base Sepolia Path
+
+Base Sepolia is the next allowed live-network path for this hook work:
+
+- chain id: `84532`;
+- PoolManager: `0x9a13F98Cb987694C9F086b1F5eB990EeA8264Ec3`;
+- CREATE2 deployer: `0x4e59b44847b379578588920cA78FbF26c0B4956C`;
+- target hook address bits: exactly `0x40` under Uniswap v4's low-bit hook
+  mask;
+- constructor args: reviewed PoolManager address only.
+
+Before broadcast, the issue or PR must record the mined salt, computed hook
+address, init code hash, constructor args, deployer, target chain, source
+verification plan, and post-deploy Base Sepolia reader range. This is still not
+a production hook deployment or Base mainnet approval.
+
+## Tests Added
+
+Foundry tests now cover:
+
+- afterSwap-only permissions and address-flag rejection for extra return-delta
+  or before-swap flags;
+- Base Sepolia CREATE2 salt planning for a `FlowMemoryAfterSwapHook` init code
+  hash;
+- PoolManager gating;
+- zero hook delta on `afterSwap`;
+- rejection of invalid hook data;
+- no payable native-token receive path;
+- event schemas that continue excluding `txHash` and `logIndex`.
 
 ## Sources Checked
 
@@ -57,3 +99,7 @@ address flags.
 - [Uniswap v4 core Hooks library](https://github.com/Uniswap/v4-core/blob/main/src/libraries/Hooks.sol)
   calls `IHooks.afterSwap` after swap execution and accounts for hook delta
   separately.
+- [Uniswap v4 hook deployment docs](https://developers.uniswap.org/docs/protocols/v4/guides/hooks/hook-deployment)
+  describe address-encoded hook flags and HookMiner-style deployment.
+- [Uniswap v4 deployment docs](https://developers.uniswap.org/docs/protocols/v4/deployments)
+  list current network deployment addresses, including Base Sepolia.
diff --git a/docs/FLOWCHAIN_AGENT_INTEGRATION_MAP.md b/docs/FLOWCHAIN_AGENT_INTEGRATION_MAP.md
index 0716c41a..f9005342 100644
--- a/docs/FLOWCHAIN_AGENT_INTEGRATION_MAP.md
+++ b/docs/FLOWCHAIN_AGENT_INTEGRATION_MAP.md
@@ -29,16 +29,14 @@ or setup flow.
 
 ## Current Coordination Facts
 
-- The merged repo has a stable V0 launch-core path and no-value local devnet
-  prototype.
-- HQ/Ops has added the Windows-first root wrapper layer for the current merged
+- The repo has a stable V0 launch-core path and no-value local devnet runtime.
+- HQ/Ops has added the Windows-first root wrapper layer for the current
   surfaces: prerequisite check, init, bounded start/stop, demo, smoke,
-  export/import, and workbench dev mode.
-- Active sibling worktrees contain unmerged Local Alpha work for devnet object
-  transitions, control-plane API, crypto object identity, hardware signal
-  projection, and research gates.
-- Unmerged worktree changes are not final source of truth. Treat them as
-  in-flight context until reviewed and merged.
+  full-smoke, export/import, control-plane serve, and workbench dev mode.
+- The current integration branch includes Local Alpha work for devnet object
+  transitions, control-plane API, crypto object identity, dashboard workbench
+  polish, and the real Uniswap v4 afterSwap hook candidate. It becomes source
+  of truth only after review and merge.
 - GitHub remains the source of truth for issues, pull requests, reviews, and
   final history.
 
@@ -60,13 +58,13 @@ or setup flow.
 ## Integration Sequence
 
 1. Keep `npm run launch:candidate` green as the V0 baseline.
-2. Land or refresh Local Alpha devnet object lifecycle work.
-3. Land or refresh crypto object identity and vectors for the same object set.
-4. Land control-plane API on top of existing fixture/devnet outputs.
-5. Extend the existing dashboard into a private testnet workbench.
+2. Keep Local Alpha devnet object lifecycle work green.
+3. Keep crypto object identity, envelopes, and vectors for the same object set green.
+4. Keep control-plane API on top of existing fixture/devnet outputs green.
+5. Keep extending the existing dashboard into a private testnet workbench.
 6. Add optional hardware signal fixtures after object/API labels are stable.
 7. Keep packaging scripts and root command aliases aligned as subsystem commands land.
-8. Run the second-computer smoke path and update acceptance evidence.
+8. Run `npm run flowchain:full-smoke` and update acceptance evidence.
 
 ## Duplicate-Work Stops
 
diff --git a/docs/FLOWCHAIN_CONTROL_PLANE_API.md b/docs/FLOWCHAIN_CONTROL_PLANE_API.md
index e0b3a84c..3e5b315b 100644
--- a/docs/FLOWCHAIN_CONTROL_PLANE_API.md
+++ b/docs/FLOWCHAIN_CONTROL_PLANE_API.md
@@ -1,8 +1,8 @@
 # FlowChain Local Control Plane API
 
-Status: local fixture-backed V0 contract.
+Status: local runtime/fixture-backed V0 contract.
 
-This document defines the local JSON-RPC 2.0 API for the FlowChain / FlowMemory control-plane. It gives dashboard, agent, verifier, and devnet tooling one deterministic read surface for FlowMemory objects.
+This document defines the local JSON-RPC 2.0 API for the FlowChain / FlowMemory control-plane. It gives dashboard, agent, verifier, and devnet tooling one deterministic local surface for FlowMemory objects, local runtime status, local file-backed transaction intake, and bridge-observation intake.
 
 It is not a production RPC endpoint, public L1 API, hosted service, wallet API, bridge API, token API, or verifier economics surface.
 
@@ -23,11 +23,13 @@ npm run control-plane:smoke
 npm run control-plane:serve
 ```
 
-The service uses deterministic local files only. It does not require secrets, wallets, RPC URLs, private keys, API keys, or production services.
+The service uses deterministic local files only. It does not require secrets, RPC URLs, private keys, API keys, or production services. Wallet metadata returned by this API is browser-safe public metadata only.
 
 Primary data sources:
 
 ```text
+devnet/local/state.json
+devnet/local/launch-v0-state.json
 fixtures/launch-core/flowmemory-launch-v0.json
 fixtures/launch-core/generated/devnet/state.json
 fixtures/launch-core/generated/devnet/indexer-handoff.json
@@ -37,9 +39,19 @@ services/indexer/out/indexer-state.json
 services/verifier/out/reports.json
 services/verifier/fixtures/artifacts.json
 fixtures/handoff/sample-txs.json
+services/bridge-relayer/out/bridge-observation.json
 ```
 
-If the generated launch-core fixture is missing, the service rebuilds the in-memory view from indexer/verifier outputs or raw fixture receipts and artifact fixtures. This recovery path is local and read-only from the API caller perspective.
+If local runtime state is missing, the service falls back to generated launch-core and committed fixtures. If the generated launch-core fixture is missing, the service rebuilds the in-memory view from indexer/verifier outputs or raw fixture receipts and artifact fixtures.
+
+Mutable local intake methods write ignored files only:
+
+```text
+devnet/local/intake/transactions.ndjson
+devnet/local/intake/bridge-observations.ndjson
+```
+
+All JSON-RPC responses and local intake payloads are scanned for private-key, mnemonic, seed phrase, RPC credential, API key, and webhook-shaped material.
 
 ## JSON-RPC Envelope
 
@@ -141,6 +153,22 @@ Params:
 
 Returns local no-value devnet state, handoff summaries, rootfield counts, work receipt counts, report counts, and optional block data.
 
+### `node_status`
+
+Params: none.
+
+Returns local node/control-plane status, runtime state source, latest block, latest root, object counters, and missing optional sources.
+
+### `peer_list`
+
+Params:
+
+```json
+{ "limit": 50 }
+```
+
+Returns local/private peer inventory when present. Current single-node mode returns local-only peer rows or an empty local list; it does not imply public validators.
+
 ### `block_list`
 
 Params:
@@ -195,6 +223,92 @@ Params: one of:
 { "txHash": "0x..." }
 ```
 
+### `transaction_submit`
+
+Params:
+
+```json
+{
+  "signedTransaction": "{...}",
+  "transaction": {
+    "schema": "flowchain.local_transaction_envelope.v0"
+  },
+  "submittedBy": "local-operator"
+}
+```
+
+Accepts a production-shaped local test transaction envelope or plain local test object, rejects secret-shaped material, and appends an intake row to `devnet/local/intake/transactions.ndjson`. It does not broadcast to a public chain.
+
+### `mempool_list`
+
+Params:
+
+```json
+{ "limit": 50 }
+```
+
+Returns pending local transaction/intake rows.
+
+### `account_list`
+
+Params:
+
+```json
+{ "limit": 50 }
+```
+
+Returns local account/controller metadata, including devnet `AgentAccount` rows and projected local operator rows.
+
+### `account_get`
+
+Params:
+
+```json
+{ "accountId": "agent:demo:alpha" }
+```
+
+Returns one local account row.
+
+### `balance_get`
+
+Params:
+
+```json
+{ "accountId": "local-balance:demo:agent-alpha" }
+```
+
+Returns a no-value local test-unit balance record. This is not a token balance, reward, fee account, or bridge asset.
+
+### `faucet_event_list`
+
+Params:
+
+```json
+{ "limit": 50 }
+```
+
+Returns no-value local faucet records used by smoke tests.
+
+### `wallet_metadata_list`
+
+Params:
+
+```json
+{ "limit": 50 }
+```
+
+Returns browser-safe public wallet/operator metadata only. It must not include private key material.
+
+### `wallet_metadata_get`
+
+Params:
+
+```json
+{ "walletId": "agent:demo:alpha" }
+```
+
+Returns one public wallet/operator metadata row.
+
 ### `rootfield_get`
 
 Params:
@@ -556,6 +670,61 @@ Params:
 
 All params are optional. Returns native finality receipts when present and projected local finality rows for launch-core receipts.
 
+### `bridge_observation_list`
+
+Params:
+
+```json
+{ "limit": 50 }
+```
+
+Returns local bridge observation rows from fixture or intake files. These are private/local test objects, not production bridge events.
+
+### `bridge_observation_get`
+
+Params: one of:
+
+```json
+{ "depositId": "0x..." }
+```
+
+```json
+{ "observationId": "0x..." }
+```
+
+### `bridge_observation_submit`
+
+Params:
+
+```json
+{
+  "observation": {
+    "schema": "flowmemory.bridge_deposit_observation.v0"
+  }
+}
+```
+
+Rejects secret-shaped material and writes an ignored local intake row to `devnet/local/intake/bridge-observations.ndjson`.
+
+HTTP bridge observation endpoints are also available:
+
+```text
+GET /bridge/observations
+POST /bridge/observations
+```
+
+### `bridge_deposit_list`, `bridge_deposit_get`
+
+Expose local bridge-deposit test objects. These do not imply a production bridge, withdrawal, lockbox, or asset claim.
+
+### `bridge_credit_list`, `bridge_credit_get`
+
+Expose local bridge-credit test objects. These are no-value local accounting objects only.
+
+### `withdrawal_list`, `withdrawal_get`
+
+Expose local bridge-withdrawal test objects. These do not release funds and do not imply bridge readiness.
+
 ### `provenance_get`
 
 Params: one of:
@@ -610,13 +779,15 @@ Returns the raw loaded local JSON object for dashboard/workbench debug views. It
 
 Dashboard agents should prefer:
 
-1. `health` and `chain_status` for source health and global counters.
-2. `block_list` and `transaction_list` for chain/devnet tables.
-3. `rootfield_list` and `rootfield_get` for Rootfield detail.
-4. `work_receipt_list`, `receipt_list`, `verifier_module_list`, and `verifier_report_list` for lifecycle tables.
-5. `receipt_get`, `work_receipt_get`, `verifier_report_get`, and `provenance_get` for detail drawers.
-6. `artifact_availability_list`, `memory_cell_list`, `agent_list`, and `model_list` for dashboard/workbench panels.
-7. `challenge_get`, `challenge_list`, `finality_get`, and `finality_list` for local fixture challenge/finality labels.
-8. `raw_json_get` for raw JSON inspection.
-
-The API is intentionally read-only for V0. Submit, challenge, wallet, live indexing, and production settlement methods require separate scoped work.
+1. `health`, `node_status`, and `chain_status` for source health and global counters.
+2. `block_list`, `transaction_list`, and `mempool_list` for chain/devnet tables.
+3. `account_list`, `balance_get`, `faucet_event_list`, and `wallet_metadata_list` for local identity and public metadata panels.
+4. `rootfield_list` and `rootfield_get` for Rootfield detail.
+5. `work_receipt_list`, `receipt_list`, `verifier_module_list`, and `verifier_report_list` for lifecycle tables.
+6. `receipt_get`, `work_receipt_get`, `verifier_report_get`, and `provenance_get` for detail drawers.
+7. `artifact_availability_list`, `memory_cell_list`, `agent_list`, and `model_list` for dashboard/workbench panels.
+8. `challenge_get`, `challenge_list`, `finality_get`, and `finality_list` for local challenge/finality labels.
+9. `bridge_observation_list`, `bridge_deposit_list`, `bridge_credit_list`, and `withdrawal_list` for local bridge-shaped test panels.
+10. `raw_json_get` for raw JSON inspection.
+
+The API is local-only for V0. The submit methods are local file intake, not public chain broadcast. Live indexing, production settlement, production wallet custody, and production bridge methods require separate scoped work.
diff --git a/docs/FLOWCHAIN_FULL_PRIVATE_TESTNET.md b/docs/FLOWCHAIN_FULL_PRIVATE_TESTNET.md
index 5881e9ae..852f957f 100644
--- a/docs/FLOWCHAIN_FULL_PRIVATE_TESTNET.md
+++ b/docs/FLOWCHAIN_FULL_PRIVATE_TESTNET.md
@@ -35,10 +35,10 @@ Status vocabulary for this milestone:
 | Area | Existing surface to extend | Current merged status | Active work to treat as in flight |
 | --- | --- | --- | --- |
 | Launch core | `npm run launch:v0`, `npm run launch:candidate`, `fixtures/launch-core/`, `schemas/flowmemory/` | Implemented local/test V0 foundation | Keep as the compatibility baseline for private testnet objects. |
-| Devnet/runtime | `crates/flowmemory-devnet/`, `docs/LOCAL_DEVNET.md` | Implemented no-value deterministic prototype | Local Alpha work expands native object transitions and lifecycle tests. |
-| Contracts spine | `contracts/`, `tests/`, FlowPulse and registry skeletons | Implemented local/test settlement/event foundation | Contracts work should remain optional settlement/event spine. |
+| Devnet/runtime | `crates/flowmemory-devnet/`, `docs/LOCAL_DEVNET.md` | Implemented no-value deterministic runtime with native object lifecycle and 10-block smoke replay. | Continue polishing long-running and LAN boundaries without creating a second runtime. |
+| Contracts spine | `contracts/`, `tests/`, FlowPulse, registry skeletons, hook adapter, and afterSwap hook candidate/planner | Implemented local/test settlement/event foundation plus real hook-path candidate. | Contracts work should remain optional settlement/event spine. |
 | Crypto/object identity | `crypto/`, `crypto/fixtures/`, `schemas/flowmemory/` | Implemented V0 hash helpers and vectors | Local Alpha work adds object IDs for agent, model, memory, challenge, and finality objects. |
-| Indexer/verifier/control plane | `services/indexer/`, `services/verifier/`, `services/flowmemory/` | Implemented fixture-first indexer/verifier and generator | Local Alpha work adds `services/control-plane/` as the local API. |
+| Indexer/verifier/control plane | `services/indexer/`, `services/verifier/`, `services/flowmemory/`, `services/control-plane/` | Implemented fixture-first indexer/verifier/generator plus local control-plane API and smoke client. | Continue extending the same control-plane surface. |
 | Dashboard/workbench | `apps/dashboard/` and generated dashboard fixtures | Implemented fixture-backed dashboard V0 | Workbench work should extend this app, not create a second dashboard. |
 | Hardware/operator signals | `hardware/`, `fixtures/hardware/`, simulator | Implemented FlowRouter POC and simulator | Local Alpha work maps optional operator signals into private testnet views. |
 | Research gates | `research/`, `docs/DECISIONS/` | Implemented research docs and guardrails | Local Alpha research gates Process-Witness, SEAL, private state, and public L1 work. |
@@ -53,18 +53,19 @@ change only if the second-computer setup guide names the chosen commands.
 | Clone repo | `git clone https://github.com/FlowmemoryAI/FlowMemory.git` | Implemented by GitHub. |
 | Install JS dependencies | `npm install` | Implemented for current npm workspaces. Dashboard still needs its own install unless package metadata changes. |
 | Test devnet | `cargo test --manifest-path crates/flowmemory-devnet/Cargo.toml` | Implemented. |
-| Test service packages | `npm test` | Implemented for merged service packages; control-plane tests are active unmerged work. |
+| Test service packages | `npm test` | Implemented for merged service packages, including control-plane tests. |
 | Run launch candidate gate | `npm run launch:candidate` | Implemented V0 local/test gate. |
 | Initialize private testnet | `npm run flowchain:init` | Implemented wrapper over the existing devnet `init`; also writes ignored local operator metadata under `devnet/local/`. |
 | Start private testnet | `npm run flowchain:start` | Implemented bounded wrapper that prepares launch-core fixtures and inspects local state. Current devnet is still CLI/demo oriented, not a long-running node. |
 | Run deterministic demo | `npm run flowchain:demo` | Implemented wrapper over the existing devnet `demo`. |
-| Run full smoke test | `npm run flowchain:smoke` | Implemented for merged surfaces: services, crypto tests/vectors, launch candidate, devnet tests, deterministic replay, dashboard build, hardware fixture, unsafe-claim scan, and no-secret export scan. Native object/control-plane coverage remains blocked on subsystem work. |
+| Run smoke test | `npm run flowchain:smoke` | Implemented for current private/local surfaces: services, crypto tests/vectors, launch candidate, devnet tests, control-plane smoke client, deterministic replay, dashboard build, hardware fixture, unsafe-claim scan, and no-secret export scan. |
+| Run full acceptance smoke | `npm run flowchain:full-smoke` | Implemented wrapper over `flowchain:smoke` plus `git diff --check` and a generated full-smoke report. This is the current local acceptance gate. |
 | Export state | `npm run flowchain:export` | Implemented wrapper over `export-fixtures`; writes ignored export bundles under `devnet/local/export/`. |
 | Import state | `npm run flowchain:import -- --BundlePath <zip> -Force` | Implemented script path for local state restore from an exported bundle. |
 | Start local workbench | `npm run workbench:dev` | Implemented wrapper over the existing dashboard dev server. |
 | Prerequisite check | `npm run flowchain:prereq` | Implemented Windows-first prerequisite and dependency-state check. |
 | Stop private testnet | `npm run flowchain:stop` | Implemented operator-state wrapper; can reset ignored local state with `-ResetLocalState`. |
-| Start control plane | documented local API command | In flight in `services/control-plane/`; active command is `npm run control-plane:serve` in the control-plane worktree. |
+| Start control plane | `npm run control-plane:serve` | Implemented local API service for private/local inspection. |
 
 ## Target Native Objects
 
@@ -117,10 +118,11 @@ Current HQ/Ops completion for this pass:
 
 - The second-computer command names now exist at the repo root.
 - The commands exercise the current merged launch-core, Rust devnet,
-  dashboard, hardware simulator, export, import, and claim-guardrail surfaces.
-- The full private object lifecycle is still owned by the chain, crypto,
-  control-plane, and dashboard workstreams named in
-  `docs/FLOWCHAIN_AGENT_INTEGRATION_MAP.md`.
+  dashboard, hardware simulator, export, import, control-plane smoke, and
+  claim-guardrail surfaces.
+- The full private/local object lifecycle is exercised by the devnet and
+  control-plane smoke path. Remaining work should polish these same surfaces
+  rather than creating parallel runtimes.
 
 ## Non-Goals
 
diff --git a/docs/FLOWCHAIN_OPERATOR_CHECKLIST.md b/docs/FLOWCHAIN_OPERATOR_CHECKLIST.md
index 10dc101a..5593523b 100644
--- a/docs/FLOWCHAIN_OPERATOR_CHECKLIST.md
+++ b/docs/FLOWCHAIN_OPERATOR_CHECKLIST.md
@@ -40,7 +40,7 @@ npm run flowchain:demo
 npm run flowchain:export
 ```
 
-Run `npm run flowchain:smoke` when the machine has the full prerequisite set,
+Run `npm run flowchain:full-smoke` when the machine has the full prerequisite set,
 including Foundry, Python, dashboard dependencies, and crypto dependencies.
 
 ## During The Day
@@ -71,6 +71,7 @@ Run before handoff when dependencies are installed:
 
 ```powershell
 npm run flowchain:smoke
+npm run flowchain:full-smoke
 git diff --check
 ```
 
diff --git a/docs/FLOWCHAIN_SECOND_COMPUTER_SETUP.md b/docs/FLOWCHAIN_SECOND_COMPUTER_SETUP.md
index a6ef8096..4949cccb 100644
--- a/docs/FLOWCHAIN_SECOND_COMPUTER_SETUP.md
+++ b/docs/FLOWCHAIN_SECOND_COMPUTER_SETUP.md
@@ -3,8 +3,8 @@
 Status: Windows-first setup guide for the private/local testnet milestone.
 
 This guide is intentionally conservative. It names the commands that work in
-the merged V0 repo today, what those commands currently prove, and what remains
-blocked behind subsystem work.
+the V0 repo today, what those commands currently prove, and what remains gated
+for later production work.
 
 Correct target:
 
@@ -53,11 +53,11 @@ PowerShell windows.
 
 When `gh auth login` asks questions, use GitHub.com, HTTPS, and browser login.
 
-Use this path today on a clean second computer. It validates the merged V0
-launch-core, no-value local devnet prototype, dashboard workbench, hardware
-simulator fixture, and Windows wrapper layer. It does not yet prove the full
-native AgentAccount, ModelPassport, MemoryCell, Challenge, FinalityReceipt, or
-control-plane lifecycle.
+Use this path today on a clean second computer. It validates the V0
+launch-core, no-value local devnet runtime, native local object lifecycle,
+control-plane smoke client, dashboard workbench, hardware simulator fixture,
+crypto local-alpha vectors, encrypted local test-vault CLI, and Windows wrapper
+layer.
 
 If the repo is already cloned, run from the repo root:
 
@@ -111,10 +111,11 @@ npm run flowchain:demo
 npm run flowchain:export
 ```
 
-Run the full merged-surface smoke path:
+Run the private/local acceptance smoke path:
 
 ```powershell
 npm run flowchain:smoke
+npm run flowchain:full-smoke
 ```
 
 Run the local workbench in a separate PowerShell window:
@@ -146,13 +147,15 @@ Expected current result:
 - `npm run flowchain:smoke` writes
   `devnet/local/smoke/flowchain-smoke-report.json` and compares deterministic
   replay roots.
+- `npm run flowchain:full-smoke` also exercises the crypto wallet CLI, verifies
+  a signed local transaction envelope, runs `git diff --check`, and writes
+  `devnet/local/full-smoke/flowchain-full-smoke-report.json`.
 - `npm run workbench:dev` opens the existing dashboard as the local workbench.
 
-Current stop point: if a second computer needs long-running node behavior,
-control-plane queries, encrypted key storage, native AgentAccount,
-ModelPassport, MemoryCell, Challenge, FinalityReceipt, or full workbench
-inspection of those entities, that is still the private/local testnet package
-target owned by the subsystem workstreams.
+Current stop point: if a second computer needs long-running multi-process node
+behavior, LAN peer mode, production custody, production bridge behavior, or
+public validator behavior, those remain later gated work. Workbench polish can
+continue behind the same local data surfaces.
 
 ## Final Second-Computer Path
 
@@ -170,13 +173,13 @@ npm run flowchain:init
 npm run flowchain:start
 npm run control-plane:serve
 npm run workbench:dev
-npm run flowchain:smoke
+npm run flowchain:full-smoke
 npm run flowchain:export
 ```
 
 If `flowchain:start`, `control-plane:serve`, or `workbench:dev` are
 long-running commands, run each one in its own PowerShell window and run
-`flowchain:smoke` from a fourth window after the services are healthy.
+`flowchain:full-smoke` from a fourth window after the services are healthy.
 
 If final command names differ, this guide must be updated in the same PR that
 adds the commands. The final path must still include prerequisite checks,
@@ -195,6 +198,7 @@ npm run flowchain:start
 npm run flowchain:stop
 npm run flowchain:demo
 npm run flowchain:smoke
+npm run flowchain:full-smoke
 npm run flowchain:export
 npm run workbench:dev
 ```
@@ -208,37 +212,41 @@ Current status:
 | `npm run flowchain:start` | Implemented bounded wrapper | Long-running node behavior remains missing. |
 | `npm run flowchain:stop` | Implemented bounded wrapper | Use `npm run flowchain:stop -- -ResetLocalState` for an explicit reset. |
 | `npm run flowchain:demo` | Implemented | Wraps the existing Rust devnet `demo`. |
-| `npm run flowchain:smoke` | Implemented for merged surfaces | Native object/control-plane smoke coverage remains missing. |
+| `npm run flowchain:smoke` | Implemented for current private/local surfaces | Runs service tests, crypto validation, launch candidate, devnet tests, control-plane smoke, deterministic replay, dashboard build, hardware fixture, unsafe-claim scan, and no-secret export scan. |
+| `npm run flowchain:full-smoke` | Implemented acceptance gate | Wraps smoke, wallet CLI sign/verify, full-smoke report, no-secret scan, and `git diff --check`. |
 | `npm run flowchain:export` | Implemented | Writes ignored export directory and zip bundle. |
 | `npm run flowchain:import -- --BundlePath <zip> -Force` | Implemented script path | Restores local state from an exported bundle. |
 | `npm run workbench:dev` | Implemented | Wraps `npm run dev --prefix apps/dashboard`. |
 
 ## Local Operator Keys
 
-Second-computer validation needs local operator identity, but the merged repo
-does not yet include a production wallet or encrypted operator vault.
+Second-computer validation needs local operator identity, but the repo does not
+include a production wallet or custody system.
 
 Current wrapper behavior:
 
 - `npm run flowchain:init` writes `devnet/local/operator.local.json`.
 - The file is ignored by git through `devnet/local/`.
 - The file is for private/local validation only and must not be committed.
+- `npm run flowchain:full-smoke` also uses the crypto wallet CLI to create an
+  encrypted local test vault, sign a local transaction envelope, and verify it
+  without exporting secret key material.
 - To import an existing local-only operator file, run:
 
 ```powershell
 powershell -NoProfile -ExecutionPolicy Bypass -File infra/scripts/flowchain-init.ps1 -ImportOperatorKeyPath <path-to-local-operator-json> -Force
 ```
 
-Acceptance target:
+Remaining non-production target:
 
 - Generate or import local operator, agent, verifier, and optional hardware
   signal keys.
 - Store private key material outside committed fixtures.
-- Prefer an encrypted local vault or platform keystore-backed file.
+- Prefer a platform keystore-backed file before any public/value-bearing use.
 - Make lock, unlock, import, export, rotate, and corrupt-vault states explicit.
 - Keep public state reconstructable without private secrets.
 
-Until that exists, do not claim wallet support or value-bearing key management.
+Do not claim production wallet support or value-bearing key management.
 
 ## Private Genesis And Runtime
 
@@ -257,21 +265,17 @@ which files can be committed as fixtures, and which files are local-only.
 
 ## Control Plane
 
-The target package needs a documented local API for health, chain status,
-blocks, transactions, agents, models, receipts, artifacts, verifier reports,
-challenges, finality, memory cells, provenance, and raw JSON.
-
-Active Local Alpha work defines a fixture-backed JSON-RPC control plane under
-`services/control-plane/`, but that work is not merged in the current source of
-truth yet.
-
-Expected command once merged:
+The local package includes a documented API for health, chain status, blocks,
+transactions, accounts, balances, wallets, agents, models, receipts, artifacts,
+verifier reports, challenges, finality, memory cells, bridge observations,
+provenance, and raw JSON.
 
 ```powershell
 npm run control-plane:serve
 ```
 
-The API must not return secrets.
+The API must not return secrets. The control-plane smoke client and response
+scanner are part of `npm run flowchain:full-smoke`.
 
 ## Workbench
 
@@ -312,7 +316,7 @@ If setup fails on a second computer, check:
 
 ## Completion Rule
 
-This setup guide is complete for the HQ/Ops wrapper layer. The overall
-private/local testnet package is complete only when the target one-command path
-runs the full native-object smoke flow on a clean second computer, proves
-control-plane and workbench coverage, and replays deterministically.
+This setup guide is complete for the HQ/Ops wrapper layer and current
+private/local acceptance gate. The next evidence step is running
+`npm run flowchain:full-smoke` on a clean second computer and recording the
+generated report.
diff --git a/docs/FLOWCHAIN_TESTNET_ACCEPTANCE.md b/docs/FLOWCHAIN_TESTNET_ACCEPTANCE.md
index ca6af694..e161c455 100644
--- a/docs/FLOWCHAIN_TESTNET_ACCEPTANCE.md
+++ b/docs/FLOWCHAIN_TESTNET_ACCEPTANCE.md
@@ -1,8 +1,9 @@
 # FlowChain Testnet Acceptance
 
 Status: acceptance matrix for the private/local testnet package. The HQ/Ops
-command wrapper layer is implemented for merged surfaces; full native object,
-control-plane, and workbench acceptance remains in flight.
+command wrapper layer and full-smoke gate are implemented for current
+private/local surfaces. Workbench polish and longer-running runtime behavior
+remain active, but the local object/control-plane path is no longer blocked.
 
 This document marks every major feature as one of:
 
@@ -21,10 +22,10 @@ This document marks every major feature as one of:
 | Run devnet tests | Implemented | `cargo test --manifest-path crates/flowmemory-devnet/Cargo.toml`. |
 | Run service tests | Implemented | `npm test` for merged service packages. |
 | Run launch candidate gate | Implemented | `npm run launch:candidate`. |
-| One-command private testnet aliases | Implemented for merged surfaces | `package.json` now exposes `flowchain:prereq`, `flowchain:init`, `flowchain:start`, `flowchain:stop`, `flowchain:demo`, `flowchain:smoke`, `flowchain:export`, `flowchain:import`, and `workbench:dev`. `control-plane:serve` remains in flight. |
+| One-command private testnet aliases | Implemented for merged surfaces | `package.json` now exposes `flowchain:prereq`, `flowchain:init`, `flowchain:start`, `flowchain:stop`, `flowchain:demo`, `flowchain:smoke`, `flowchain:full-smoke`, `flowchain:export`, `flowchain:import`, `control-plane:serve`, and `workbench:dev`. |
 | Prerequisite check script | Implemented | `infra/scripts/flowchain-check-prereqs.ps1`. |
 | Start/stop scripts | Implemented bounded wrappers | `flowchain:start` prepares launch-core fixtures and state summary; `flowchain:stop` records stopped state and can reset ignored local state. Long-running node behavior remains in flight. |
-| Full smoke script | Implemented for merged surfaces | `flowchain:smoke` runs service tests, crypto tests/vectors, launch candidate, devnet tests, deterministic replay, dashboard build, hardware fixture, unsafe-claim scan, and export no-secret scan. Native object/control-plane lifecycle remains blocked. |
+| Full smoke script | Implemented for current private/local surfaces | `flowchain:full-smoke` runs the smoke gate, control-plane smoke client, deterministic replay, dashboard build, hardware fixture, unsafe-claim scan, export no-secret scan, and `git diff --check`. |
 | Export/import state bundles | Implemented local wrapper | `flowchain:export` writes ignored export files and zip bundle; `flowchain:import` restores local state from a bundle. |
 | Troubleshooting guide | Implemented | `docs/FLOWCHAIN_TROUBLESHOOTING.md` plus script error messages. |
 
@@ -33,15 +34,15 @@ This document marks every major feature as one of:
 | Feature | Status | Acceptance condition |
 | --- | --- | --- |
 | No-value deterministic devnet | Implemented | Existing Rust devnet remains the single runtime surface. |
-| Private/local genesis/config | In flight | Chain agent must document generated config and replay behavior. |
-| Single-node local runtime | In flight | Current CLI can init/demo/run blocks and `flowchain:start` gives an obvious bounded start path; long-running node behavior is still missing. |
+| Private/local genesis/config | Implemented local boundary | `flowchain:init` and devnet exports write deterministic local genesis/config references. |
+| Single-node local runtime | Implemented bounded local runtime | Current CLI can init/demo/run blocks and `flowchain:start` gives an obvious bounded start path; long-running node behavior remains future polish. |
 | Multi-node or LAN notes | Missing | Must be optional and safe, or marked later gated. |
 | Deterministic block production | Implemented | Current devnet models deterministic blocks and state roots. |
-| Deterministic replay | Implemented for merged demo | `flowchain:smoke` reruns the current demo twice and compares exported dashboard state roots. Full native object replay remains in flight. |
-| Transaction ingestion | In flight | Current devnet supports fixture submission; expanded object ingestion is active work. |
-| State export | Implemented | `export-fixtures` exists; full package export/import still needs the package-level smoke path. |
+| Deterministic replay | Implemented | `flowchain:smoke` reruns the native object demo twice and compares block hashes, latest parent hash, state root, and map roots. |
+| Transaction ingestion | Implemented local fixture path | Current devnet supports fixture submission plus deterministic demo transactions for the local object lifecycle. |
+| State export | Implemented | `export-fixtures` exists and is exercised by the package-level smoke path. |
 | State import/snapshot restore | Implemented local wrapper | `flowchain:import` restores current devnet state from an exported bundle; richer subsystem snapshots remain future work. |
-| Health/status output | In flight | CLI summary exists; control-plane health is active work. |
+| Health/status output | Implemented local control-plane path | CLI summary and `control-plane:smoke` exercise local health/status queries. |
 
 ## Native Objects
 
@@ -50,35 +51,35 @@ This document marks every major feature as one of:
 | Rootfield namespace | Implemented | Existing contracts, launch fixtures, and devnet model support this. |
 | Root commitment | Implemented | Existing contracts, fixtures, and devnet model support this. |
 | FlowPulse linkage | Implemented | Launch-core fixtures preserve contract-event semantics. |
-| AgentAccount | In flight | Active devnet/crypto work adds local object identity and state. |
-| ModelPassport | In flight | Active devnet/crypto work adds local object identity and state. |
-| WorkReceipt | In flight | Foundation exists; it must still be part of the full private testnet smoke flow. |
+| AgentAccount | Implemented | Devnet demo and smoke register/query local agent state. |
+| ModelPassport | Implemented | Devnet demo and smoke register/query local model passport state. |
+| WorkReceipt | Implemented | Work receipts are part of the devnet and control-plane smoke flow. |
 | ToolReceipt | Missing | Explicit placeholder is acceptable for this package if documented. |
 | EvalReceipt | Missing | Explicit placeholder is acceptable for this package if documented. |
-| ArtifactAvailabilityProof | In flight | Active devnet/crypto/hardware work maps availability objects. |
-| VerifierModule | In flight | Active devnet/crypto work adds local verifier identity. |
-| VerifierReport | In flight | Existing verifier reports exist; they still must be queryable and workbench-visible in the private testnet package. |
-| MemoryCell | In flight | Active devnet/crypto/control-plane work expands local state. |
-| Challenge | In flight | Active devnet/crypto/control-plane work adds local challenge shape. |
-| FinalityReceipt | In flight | Active devnet/crypto/control-plane work adds local finality shape. |
+| ArtifactAvailabilityProof | Implemented | Local artifact availability objects are included in devnet state, export, and smoke. |
+| VerifierModule | Implemented | Local verifier module identity is included in devnet state, export, and smoke. |
+| VerifierReport | Implemented | Verifier reports are queryable through the local control-plane smoke path. |
+| MemoryCell | Implemented | Memory cells update only from accepted receipts with accepted verifier reports. |
+| Challenge | Implemented | Challenge open/resolve lifecycle is included in devnet smoke. |
+| FinalityReceipt | Implemented | Finality receipts are included in devnet smoke and export. |
 | DependencyAtom | Later gated | Keep as placeholder or dependency-root boundary; no SEAL proof claim. |
 
 ## Control Plane API
 
 | Feature | Status | Acceptance condition |
 | --- | --- | --- |
-| Local API service | In flight | Extend `services/control-plane/`; do not create a second API surface. |
-| Health endpoint/method | In flight | Must show local-only status and source health. |
-| Chain status | In flight | Must include block, object, fixture, and capability counters. |
-| Blocks and transactions | Missing | Required for full private testnet inspection. |
-| Agents and models | In flight | Must read existing devnet/fixture outputs. |
-| Receipts and artifacts | In flight | Must link memory receipts, work receipts, artifacts, and provenance. |
-| Verifier reports | In flight | Must expose reports and stable error shapes. |
-| Challenges and finality | In flight | Must expose real local objects or explicit placeholders. |
-| Memory cells | In flight | Must link memory state to receipts and verifier status. |
-| Provenance queries | In flight | Must cite source files, schema hashes, report ids, and object ids. |
-| Stable errors | In flight | JSON-RPC errors are active Local Alpha work. |
-| No secrets in responses | Missing | Tests must prove secrets do not appear in API responses. |
+| Local API service | Implemented | `services/control-plane/` is the single local API surface. |
+| Health endpoint/method | Implemented | `control-plane:smoke` exercises local-only health/status. |
+| Chain status | Implemented | Control-plane state includes block, object, fixture, and capability counters. |
+| Blocks and transactions | Implemented | Required block and transaction queries are part of `control-plane:smoke`. |
+| Agents and models | Implemented | Control-plane reads current devnet/fixture outputs. |
+| Receipts and artifacts | Implemented | Control-plane links memory receipts, work receipts, artifacts, and provenance. |
+| Verifier reports | Implemented | Control-plane exposes verifier reports through stable local queries. |
+| Challenges and finality | Implemented | Control-plane exposes real local challenge and finality objects. |
+| Memory cells | Implemented | Control-plane links memory state to receipts and verifier status. |
+| Provenance queries | Implemented | Control-plane provenance queries cite source files, schema hashes, report ids, and object ids. |
+| Stable errors | Implemented local baseline | JSON-RPC smoke covers known local methods and errors. |
+| No secrets in responses | Implemented local export gate | Full smoke scans generated local exports and the control-plane client path avoids returning local operator secrets. |
 
 ## Workbench And Explorer
 
@@ -86,12 +87,12 @@ This document marks every major feature as one of:
 | --- | --- | --- |
 | Existing dashboard V0 | Implemented | Fixture-backed app renders V0 Rootflow/Flow Memory and devnet data. |
 | Local private testnet workbench | In flight | Extend `apps/dashboard/`; do not build a second dashboard. |
-| Node health view | Missing | Must show local runtime/control-plane status. |
-| Blocks and transactions views | Missing | Must show deterministic local block and transaction state. |
-| Agents and models views | Missing | Must show local identity/provenance state. |
+| Node health view | In flight | Workbench source includes node/control-plane state; UI polish remains active. |
+| Blocks and transactions views | In flight | Workbench source includes deterministic block and transaction state; UI polish remains active. |
+| Agents and models views | In flight | Workbench source includes local identity/provenance state; UI polish remains active. |
 | Receipts, artifacts, reports views | In flight | Existing dashboard has V0 views; needs private testnet completeness. |
-| Memory cells, challenges, finality views | Missing | Required for full smoke inspection. |
-| Provenance/source view | Missing | Required for second-computer debugging. |
+| Memory cells, challenges, finality views | In flight | Workbench source includes these local objects; UI polish remains active. |
+| Provenance/source view | In flight | Workbench source includes provenance/source data; UI polish remains active. |
 | Raw JSON view | Implemented | Existing dashboard has a raw JSON view; private testnet data remains part of the workbench extension. |
 | Loading/empty/error states | Missing | Required before second-computer validation. |
 
@@ -100,11 +101,11 @@ This document marks every major feature as one of:
 | Feature | Status | Acceptance condition |
 | --- | --- | --- |
 | Keccak typed hash helpers | Implemented | Existing `crypto/` package and vectors. |
-| Local object IDs | In flight | Active crypto work expands object IDs and schemas. |
-| Signature/envelope policy | In flight | Must cover local operators, agents, verifiers, and hardware signal issuers. |
-| Negative vector tests | In flight | Must cover wrong domain, missing signer, zero hash, malformed objects, and replay. |
+| Local object IDs | Implemented | Crypto helpers and schemas cover the current local-alpha object set, including bridge and local-balance records. |
+| Signature/envelope policy | Implemented local baseline | Local signature envelopes and chain-bound transaction envelopes cover local operators, agents, verifiers, and hardware signal issuers. |
+| Negative vector tests | Implemented | Tests cover wrong chain id, wrong domain, wrong signer, missing signer, zero hash, malformed objects, replay, changed object type, and bad signatures. |
 | Local operator key generation/import | Implemented local-only wrapper | `flowchain:init` writes ignored `devnet/local/operator.local.json` or imports a local operator file. Encrypted vault behavior remains missing. |
-| Encrypted local operator vault | Missing | Preferred target; at minimum document current local key boundary. |
+| Encrypted local operator vault | Implemented local test vault | Crypto wallet CLI can create an encrypted local test vault, sign a local transaction envelope, and verify it. This is not production custody. |
 | Production proof systems | Later gated | No proof-circuit or audited-crypto claim. |
 | SEAL/dependency privacy | Later gated | Vocabulary and placeholders only unless reviewed separately. |
 
@@ -147,13 +148,11 @@ The package is accepted only when one documented command can:
 
 Current wrapper status:
 
-- `npm run flowchain:smoke` is the documented command.
+- `npm run flowchain:full-smoke` is the documented acceptance command.
 - It proves the merged launch-core, crypto helpers/vectors, local devnet,
-  export, dashboard build, hardware fixture, deterministic replay, and
+  export, dashboard build, hardware fixture, deterministic replay,
+  control-plane query coverage, native local object lifecycle, and
   claim/no-secret guardrails.
-- It does not yet prove AgentAccount, ModelPassport, native MemoryCell,
-  Challenge, FinalityReceipt, or control-plane query coverage. Those rows stay
-  in flight or missing until subsystem PRs land behind the wrapper.
 
 Required final evidence for the acceptance PR:
 
diff --git a/docs/LOCAL_DEVNET.md b/docs/LOCAL_DEVNET.md
index ccfccafd..dd5a2424 100644
--- a/docs/LOCAL_DEVNET.md
+++ b/docs/LOCAL_DEVNET.md
@@ -1,10 +1,10 @@
 # FlowMemory Local Devnet
 
-Status: runnable no-value local runtime
+Status: runnable no-value private/local runtime
 
-The local FlowMemory devnet is a Rust CLI that models FlowMemory appchain-style state transitions without production consensus, tokenomics, bridge assets, public validator onboarding, or mainnet claims.
+The local FlowMemory devnet is a Rust CLI that models FlowMemory appchain-style state transitions without production consensus, tokenomics, bridge assets, public validator onboarding, or mainnet claims. It is the current private/local FlowChain runtime surface for second-computer validation.
 
-It is local/no-value only. It has no balances, rewards, staking, gas economics, bridge security, or production deployment behavior.
+It is local/no-value only. It has local test-unit balance and faucet records for runtime smoke and dashboard/control-plane testing, but those records are not tokens, rewards, staking, gas economics, bridge assets, or production deployment behavior.
 
 ## Framework Decision
 
@@ -35,6 +35,7 @@ Windows-first root wrappers:
 npm run flowchain:init
 npm run flowchain:start
 npm run flowchain:demo
+npm run flowchain:full-smoke
 npm run flowchain:export
 npm run flowchain:stop
 ```
@@ -97,12 +98,23 @@ cargo run --manifest-path crates/flowmemory-devnet/Cargo.toml -- start --blocks
 
 `run --blocks 3` is an alias for `start --blocks 3`.
 
+Run the single-node runtime for at least 10 persisted local blocks:
+
+```powershell
+cargo run --manifest-path crates/flowmemory-devnet/Cargo.toml -- start --blocks 10
+cargo run --manifest-path crates/flowmemory-devnet/Cargo.toml -- inspect-state --summary
+```
+
+The second command reloads `devnet/local/state.json`, so it verifies the latest block height and parent hash survived process restart.
+
 Run the full smoke flow:
 
 ```powershell
 cargo run --manifest-path crates/flowmemory-devnet/Cargo.toml -- smoke
 ```
 
+`smoke` now builds the native object lifecycle, writes state and handoff files, produces 10 deterministic local blocks, and proves deterministic single-node reconciliation by replaying the same flow twice and comparing block hashes, latest parent hash, state root, and map roots. LAN and multi-node networking are not exposed in this crate yet.
+
 Import a FlowPulse observation fixture:
 
 ```powershell
@@ -147,20 +159,22 @@ The demo:
 3. Registers a rootfield.
 4. Registers a model passport.
 5. Registers an agent account.
-6. Registers a verifier module identity.
-7. Submits an artifact commitment.
-8. Marks artifact availability with a local proof/status object.
-9. Commits a latest root.
-10. Submits a work receipt.
-11. Submits an accepted verifier report.
-12. Updates a memory cell from the accepted receipt.
-13. Opens and resolves a challenge.
-14. Finalizes the work receipt.
-15. Builds block 1.
-16. Creates a Base settlement anchor placeholder with deterministic map roots.
-17. Builds block 2.
-18. Writes state to `devnet/local/state.json`.
-19. Exports dashboard, indexer, verifier, control-plane, config, key-reference, and full-state handoff files to `fixtures/handoff/generated/`.
+6. Creates a local no-value test-unit balance record for the agent.
+7. Credits that balance with a local no-value faucet record.
+8. Registers a verifier module identity.
+9. Submits an artifact commitment.
+10. Marks artifact availability with a local proof/status object.
+11. Commits a latest root.
+12. Submits a work receipt.
+13. Submits an accepted verifier report.
+14. Updates a memory cell from the accepted receipt.
+15. Opens and resolves a challenge.
+16. Finalizes the work receipt.
+17. Builds block 1.
+18. Creates a Base settlement anchor placeholder with deterministic map roots.
+19. Builds block 2.
+20. Writes state to `devnet/local/state.json`.
+21. Exports dashboard, indexer, verifier, control-plane, config, key-reference, and full-state handoff files to `fixtures/handoff/generated/`.
 
 ## State Model
 
@@ -170,6 +184,8 @@ The prototype stores:
 - `operatorKeyReferences`
 - `rootfields`
 - `agentAccounts`
+- `localTestUnitBalances`
+- `faucetRecords`
 - `modelPassports`
 - `memoryCells`
 - `challenges`
@@ -185,7 +201,7 @@ The prototype stores:
 - `blocks`
 - `pendingTxs`
 
-There are no token balances and no gas accounting.
+`localTestUnitBalances` and `faucetRecords` are deterministic, no-value local records for runtime testing only. They are not token balances and there is no gas accounting.
 
 ## Transaction Types
 
@@ -193,6 +209,8 @@ Supported local transactions:
 
 - `RegisterRootfield`
 - `RegisterAgent`
+- `CreateLocalTestUnitBalance`
+- `FaucetLocalTestUnits`
 - `RegisterModelPassport`
 - `CommitRoot`
 - `SubmitArtifactCommitment`
@@ -211,6 +229,8 @@ Supported local transactions:
 ## Local Lifecycle Rules
 
 - Agent and model records are identity/provenance records only; they do not hold balances.
+- Local test-unit balance records are no-value runtime fixtures only; they do not create a token, monetary claim, fee market, staking role, reward, or bridge asset.
+- Faucet records require an existing local test-unit balance, a unique faucet record id, and a positive amount.
 - Work receipts must reference an existing artifact commitment in the same rootfield.
 - Verifier reports must reference an existing active verifier module and an existing receipt in the same rootfield.
 - Memory cells can be created or updated only from an existing work receipt with an accepted local verifier report.
@@ -234,7 +254,7 @@ Each block has:
 
 The devnet uses deterministic logical time and canonical JSON with Keccak-256. Tests prove the same inputs produce the same state root and block hash.
 
-`inspect-state --summary`, exported handoff files, and Base anchor placeholders include deterministic roots for the local maps, including operator key references, agent accounts, model passports, memory cells, challenges, finality receipts, artifact availability proofs, verifier modules, work receipts, and verifier reports.
+`inspect-state --summary`, exported handoff files, and Base anchor placeholders include deterministic roots for the local maps, including operator key references, agent accounts, local test-unit balances, faucet records, model passports, memory cells, challenges, finality receipts, artifact availability proofs, verifier modules, work receipts, and verifier reports.
 
 ## Persistence
 
@@ -262,6 +282,12 @@ The generated dashboard, indexer, verifier, and state outputs include the expand
 
 The control-plane handoff contains the current chain id, latest block, blocks, pending transactions, object maps, deterministic map roots, genesis config, and operator key references. It is intended for local services to consume without reading ignored `devnet/local/` files.
 
+Control-plane and dashboard agents should read:
+
+- `objects.localTestUnitBalances` and `objects.faucetRecords` from `control-plane-handoff.json`.
+- Top-level `localTestUnitBalances` and `faucetRecords` from `dashboard-state.json`.
+- `mapRoots.localTestUnitBalanceRoot` and `mapRoots.faucetRecordRoot` anywhere map-root reconciliation is needed.
+
 ## Non-Goals
 
 - No production consensus.
diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md
index 63ac0ffd..ea1c7c86 100644
--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@@ -39,9 +39,10 @@ Completion gate: the milestone is not accepted until `docs/FLOWCHAIN_TESTNET_ACC
 marks the private/local package path implemented and records the exact commands,
 generated outputs, deterministic replay evidence, control-plane query evidence,
 workbench evidence, and `git diff --check` result. The HQ wrapper command layer
-now exists, but the native object lifecycle, long-running runtime behavior,
-control-plane coverage, and workbench entity coverage still have to land behind
-those wrappers.
+now includes `npm run flowchain:full-smoke`, which is the acceptance gate for
+the current private/local package. Long-running multi-process node behavior,
+LAN peer mode, and production/keystore-backed custody behavior remain later
+local-runtime work.
 
 Non-goals:
 
@@ -75,8 +76,8 @@ Status: active maintenance.
 Status: implemented as a local/test foundation; hardening still active.
 
 - Minimal Foundry config and contract tests exist.
-- `FlowPulse`, `RootfieldRegistry`, hook-adapter scaffold, artifact/cursor/worker/verifier/work registries, receipt verifier, work receipt registry, verifier report registry, and scheduler skeletons exist.
-- `forge test` currently runs 36 passing tests.
+- `FlowPulse`, `RootfieldRegistry`, hook-adapter scaffold, afterSwap hook candidate/planner, artifact/cursor/worker/verifier/work registries, receipt verifier, work receipt registry, verifier report registry, and scheduler skeletons exist.
+- `forge test` currently runs 70 passing tests.
 - FlowPulse v0 and Rootfield URI/log-data decisions are documented.
 - Static-analysis runner, deployment boundary, and access-control review docs exist.
 - Define status lifecycle, ownership/recovery, and namespace policy before expanding deployment scope.
@@ -105,8 +106,8 @@ Status: implemented as fixture-first services plus generated launch-core state;
 ### Phase 3: FlowChain Private/Local Testnet Package
 
 Status: active packaging and next-wave build coordination. The Windows-first
-root wrapper layer exists for current merged surfaces; subsystem completion is
-still required for the full private/local object lifecycle.
+root wrapper layer and full-smoke command exist for the current private/local
+object lifecycle; subsystem polish remains active behind the same surfaces.
 
 - Extend the existing Rust devnet into the single private/local runtime surface.
 - Extend the existing service packages into one local control-plane API.
diff --git a/fixtures/dashboard/flowmemory-dashboard-v0.json b/fixtures/dashboard/flowmemory-dashboard-v0.json
index 663e67ac..fc642893 100644
--- a/fixtures/dashboard/flowmemory-dashboard-v0.json
+++ b/fixtures/dashboard/flowmemory-dashboard-v0.json
@@ -1993,12 +1993,12 @@
   ],
   "devnetBlocks": [
     {
-      "id": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+      "id": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
       "blockNumber": 1,
-      "blockHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+      "blockHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
       "parentHash": "0x0f23c892cbd2d00c10839d97ddab833698a83f8df8d6df27ceac03cfdd4b7bc9",
-      "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
-      "receiptsRoot": "0x6393961b24d5db9f2984a39a98e827850b771f05c7f18005addb9a530af5a9b7",
+      "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
+      "receiptsRoot": "0x2f98caf4b28b2209cdf1f9beb1c23f8732c538657cc7a1d8855878b5400efabd",
       "timestamp": "2026-05-13T16:00:00.000Z",
       "observationCount": 8,
       "reportCount": 8,
@@ -2015,11 +2015,11 @@
       }
     },
     {
-      "id": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919",
+      "id": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82",
       "blockNumber": 2,
-      "blockHash": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919",
-      "parentHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
-      "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50",
+      "blockHash": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82",
+      "parentHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
+      "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f",
       "receiptsRoot": "0xa0407b9a8a55106d549e0f19b92fceaa7f7a25697e94ebf8a1fa74af7b9168f4",
       "timestamp": "2026-05-13T16:00:01.000Z",
       "observationCount": 8,
diff --git a/fixtures/launch-core/generated/devnet/control-plane-handoff.json b/fixtures/launch-core/generated/devnet/control-plane-handoff.json
index 01391ec3..f1ba9c3d 100644
--- a/fixtures/launch-core/generated/devnet/control-plane-handoff.json
+++ b/fixtures/launch-core/generated/devnet/control-plane-handoff.json
@@ -1,7 +1,7 @@
 {
   "blocks": [
     {
-      "blockHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+      "blockHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
       "blockNumber": 1,
       "logicalTime": 1778688000,
       "parentHash": "0x0f23c892cbd2d00c10839d97ddab833698a83f8df8d6df27ceac03cfdd4b7bc9",
@@ -21,6 +21,16 @@
           "status": "applied",
           "txId": "0x6f55c155425b968de01092be7d276f0c24430a2994910881938bc13c72f8892f"
         },
+        {
+          "error": null,
+          "status": "applied",
+          "txId": "0xafd3991af8b9e4eadfa3810f82d74701b7518269ae7ba5d0e3e450844445b03b"
+        },
+        {
+          "error": null,
+          "status": "applied",
+          "txId": "0xec7019403fec03ea2ea4b090bc5ee1c63017ed9834bff5fb87ce2fe5d5794919"
+        },
         {
           "error": null,
           "status": "applied",
@@ -73,11 +83,13 @@
         }
       ],
       "schema": "flowmemory.local_devnet.block.v0",
-      "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
+      "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
       "txIds": [
         "0x2cffda58c783dc026978b06a681587b19d9536ae4e158a69be855da1200f3189",
         "0x75e63a0257621b8ef7412c6455a19d848996905e21f5ba79ccb0870d6e82eb25",
         "0x6f55c155425b968de01092be7d276f0c24430a2994910881938bc13c72f8892f",
+        "0xafd3991af8b9e4eadfa3810f82d74701b7518269ae7ba5d0e3e450844445b03b",
+        "0xec7019403fec03ea2ea4b090bc5ee1c63017ed9834bff5fb87ce2fe5d5794919",
         "0x05abb39c720d8ee1cd9253e32efaa595f5d5b2fcef4a908f61ab4a6bfa315359",
         "0xb9f435aceb1bedb86dce821743769b28c02a42002c9cd41f2df1ea0279462ab2",
         "0x27aeba6c55c764222964764cb2bfbb69fb6fa56cb84714d6e98240ceb6e9d01d",
@@ -91,10 +103,10 @@
       ]
     },
     {
-      "blockHash": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919",
+      "blockHash": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82",
       "blockNumber": 2,
       "logicalTime": 1778688001,
-      "parentHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+      "parentHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
       "receipts": [
         {
           "error": null,
@@ -103,7 +115,7 @@
         }
       ],
       "schema": "flowmemory.local_devnet.block.v0",
-      "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50",
+      "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f",
       "txIds": [
         "0x8f719c880f17b5d4fb6d9efd54ac276d0dd8050d11c2c7870c36a79b66bc49d7"
       ]
@@ -126,10 +138,10 @@
     "schema": "flowmemory.local_devnet.config.v0"
   },
   "latestBlock": {
-    "blockHash": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919",
+    "blockHash": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82",
     "blockNumber": 2,
     "logicalTime": 1778688001,
-    "parentHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+    "parentHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
     "receipts": [
       {
         "error": null,
@@ -138,7 +150,7 @@
       }
     ],
     "schema": "flowmemory.local_devnet.block.v0",
-    "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50",
+    "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f",
     "txIds": [
       "0x8f719c880f17b5d4fb6d9efd54ac276d0dd8050d11c2c7870c36a79b66bc49d7"
     ]
@@ -147,11 +159,13 @@
     "agentAccountRoot": "0xcf31230bfff347f79e19a55f4d1ff5fa486b0b1ad4754ce22b93de4b259a3ca7",
     "artifactAvailabilityProofRoot": "0xfb4b693c45014aae0947f35696e9d864e7b26ac6fd39c1df5edb3e0dcf9bd928",
     "artifactCommitmentRoot": "0xb772a9f7273032fd3ba2da8b6476d4715bbbafbd2a7eed21ecd0d558bde3beab",
-    "baseAnchorRoot": "0xd61259ffaad6d352bd8f2e1b498c46b9d62b3c77ff22eeacd028bbb0cc66c5bd",
+    "baseAnchorRoot": "0x0f455d919de2d313e88c276b687975249bf3ce53c9cedc27c012a85bcbf0b946",
     "challengeRoot": "0x16da3d2bf2dcd801bc5deb3987dc01342cb957031ad01408ea77bf5d1583656f",
-    "finalityReceiptRoot": "0x8b8f5ff0d8c0a2f799958098165e8a6ff3c8f822f57147d1e1e7d2199ae1e347",
+    "faucetRecordRoot": "0x2277503a52fab3f9e49b40debfb7d641abee75cf268aa56da403fdcf4fad6cee",
+    "finalityReceiptRoot": "0x990b60fd5f91eb725b65d36a1324e00be255daaa4bc0fbbe163343c3934b120a",
     "importedObservationRoot": "0x99cb1b939d5a09f800f72e4c5a2b92988571126e1f6f93549f4893b3f7de7880",
     "importedVerifierReportRoot": "0x6070b1015f000dd509c7b276d2ad68d8a9d188ef1a961c2f573346eb75ea5ad7",
+    "localTestUnitBalanceRoot": "0x167041ef195b5dde2d2cade6ecb26c9a0a596e9ed21ff7bfb02d33c9d2be8d15",
     "memoryCellRoot": "0x1b4e91099dd8d867201bd880437197ae6c031e538341aaa3cd2046e5706a2c25",
     "modelPassportRoot": "0x326aa6b0b372d29d24d747fe0879adfd7aaea206373b24ae2ab77d56357e9529",
     "operatorKeyReferenceRoot": "0x8457aa3ed0f4238834a8f3925f25ccca805828d8427c3ef67590a45659b22a40",
@@ -192,23 +206,25 @@
       }
     },
     "baseAnchors": {
-      "0x2e2c83de6aab8190d169ad3348c62ce0cf0d4dcd6e83932c7beda822b4736a64": {
+      "0xd1112ed01fdf86d0caa079d7668a5c3e0482f6da36d8831f1e12a21bf2a77885": {
         "agentAccountRoot": "0xcf31230bfff347f79e19a55f4d1ff5fa486b0b1ad4754ce22b93de4b259a3ca7",
-        "anchorId": "0x2e2c83de6aab8190d169ad3348c62ce0cf0d4dcd6e83932c7beda822b4736a64",
+        "anchorId": "0xd1112ed01fdf86d0caa079d7668a5c3e0482f6da36d8831f1e12a21bf2a77885",
         "appchainChainId": "flowmemory-local-devnet-v0",
         "artifactAvailabilityProofRoot": "0xfb4b693c45014aae0947f35696e9d864e7b26ac6fd39c1df5edb3e0dcf9bd928",
         "artifactCommitmentRoot": "0xb772a9f7273032fd3ba2da8b6476d4715bbbafbd2a7eed21ecd0d558bde3beab",
         "blockRangeEnd": 1,
         "blockRangeStart": 1,
         "challengeRoot": "0x16da3d2bf2dcd801bc5deb3987dc01342cb957031ad01408ea77bf5d1583656f",
-        "finalityReceiptRoot": "0x8b8f5ff0d8c0a2f799958098165e8a6ff3c8f822f57147d1e1e7d2199ae1e347",
+        "faucetRecordRoot": "0x2277503a52fab3f9e49b40debfb7d641abee75cf268aa56da403fdcf4fad6cee",
+        "finalityReceiptRoot": "0x990b60fd5f91eb725b65d36a1324e00be255daaa4bc0fbbe163343c3934b120a",
         "finalityStatus": "local-placeholder",
+        "localTestUnitBalanceRoot": "0x167041ef195b5dde2d2cade6ecb26c9a0a596e9ed21ff7bfb02d33c9d2be8d15",
         "memoryCellRoot": "0x1b4e91099dd8d867201bd880437197ae6c031e538341aaa3cd2046e5706a2c25",
         "modelPassportRoot": "0x326aa6b0b372d29d24d747fe0879adfd7aaea206373b24ae2ab77d56357e9529",
         "operatorKeyReferenceRoot": "0x8457aa3ed0f4238834a8f3925f25ccca805828d8427c3ef67590a45659b22a40",
         "previousAnchorId": "0x0000000000000000000000000000000000000000000000000000000000000000",
         "rootfieldStateRoot": "0xb72a851dca1103410484e3272945bae5e87fc39b8f32f77d2991959b60d3bfbf",
-        "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
+        "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
         "verifierModuleRoot": "0xd6ddd8a2d0f5812d64679656c69983a2e0aecd36bd36199d900245658ae4626c",
         "verifierReportRoot": "0x4facd21e55423e182eba87355482a35daa93f53190fbd3a8d2969f9d55bc5373",
         "workReceiptRoot": "0x8b3ef5650c9eea2f608ad9c7cb73df3c289fc0ac72ed04f46e6ae4bce0a1f023"
@@ -227,6 +243,17 @@
         "status": "resolved"
       }
     },
+    "faucetRecords": {
+      "faucet:demo:001": {
+        "accountId": "local-balance:demo:agent-alpha",
+        "amountUnits": 1000,
+        "creditedAtBlock": 1,
+        "faucetRecordId": "faucet:demo:001",
+        "noValue": true,
+        "reason": "local-smoke-no-value-test-units",
+        "recipient": "agent:demo:alpha"
+      }
+    },
     "finalityReceipts": {
       "finality:demo:001": {
         "challengeCount": 1,
@@ -236,7 +263,18 @@
         "finalizedBy": "operator:local-demo",
         "receiptId": "receipt:demo:001",
         "rootfieldId": "rootfield:demo:alpha",
-        "stateRoot": "0x5b55ae15cf9ff5f7c18f8dce05da5ed0f780e4103607819129ce09f1ed7744a7"
+        "stateRoot": "0x2cff83eaf83ea3ae2e9b248ca6ac2b32e23fa3f9ca067c4a9c93e72ef5679d33"
+      }
+    },
+    "localTestUnitBalances": {
+      "local-balance:demo:agent-alpha": {
+        "accountId": "local-balance:demo:agent-alpha",
+        "lastFaucetRecordId": "faucet:demo:001",
+        "noValue": true,
+        "owner": "agent:demo:alpha",
+        "totalFaucetUnits": 1000,
+        "units": 1000,
+        "updatedAtBlock": 1
       }
     },
     "memoryCells": {
@@ -327,5 +365,5 @@
   },
   "pendingTxs": [],
   "schema": "flowmemory.control_plane_handoff.local_devnet.v0",
-  "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50"
+  "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f"
 }
diff --git a/fixtures/launch-core/generated/devnet/dashboard-state.json b/fixtures/launch-core/generated/devnet/dashboard-state.json
index 62715539..df33245c 100644
--- a/fixtures/launch-core/generated/devnet/dashboard-state.json
+++ b/fixtures/launch-core/generated/devnet/dashboard-state.json
@@ -30,23 +30,25 @@
     }
   },
   "baseAnchors": {
-    "0x2e2c83de6aab8190d169ad3348c62ce0cf0d4dcd6e83932c7beda822b4736a64": {
+    "0xd1112ed01fdf86d0caa079d7668a5c3e0482f6da36d8831f1e12a21bf2a77885": {
       "agentAccountRoot": "0xcf31230bfff347f79e19a55f4d1ff5fa486b0b1ad4754ce22b93de4b259a3ca7",
-      "anchorId": "0x2e2c83de6aab8190d169ad3348c62ce0cf0d4dcd6e83932c7beda822b4736a64",
+      "anchorId": "0xd1112ed01fdf86d0caa079d7668a5c3e0482f6da36d8831f1e12a21bf2a77885",
       "appchainChainId": "flowmemory-local-devnet-v0",
       "artifactAvailabilityProofRoot": "0xfb4b693c45014aae0947f35696e9d864e7b26ac6fd39c1df5edb3e0dcf9bd928",
       "artifactCommitmentRoot": "0xb772a9f7273032fd3ba2da8b6476d4715bbbafbd2a7eed21ecd0d558bde3beab",
       "blockRangeEnd": 1,
       "blockRangeStart": 1,
       "challengeRoot": "0x16da3d2bf2dcd801bc5deb3987dc01342cb957031ad01408ea77bf5d1583656f",
-      "finalityReceiptRoot": "0x8b8f5ff0d8c0a2f799958098165e8a6ff3c8f822f57147d1e1e7d2199ae1e347",
+      "faucetRecordRoot": "0x2277503a52fab3f9e49b40debfb7d641abee75cf268aa56da403fdcf4fad6cee",
+      "finalityReceiptRoot": "0x990b60fd5f91eb725b65d36a1324e00be255daaa4bc0fbbe163343c3934b120a",
       "finalityStatus": "local-placeholder",
+      "localTestUnitBalanceRoot": "0x167041ef195b5dde2d2cade6ecb26c9a0a596e9ed21ff7bfb02d33c9d2be8d15",
       "memoryCellRoot": "0x1b4e91099dd8d867201bd880437197ae6c031e538341aaa3cd2046e5706a2c25",
       "modelPassportRoot": "0x326aa6b0b372d29d24d747fe0879adfd7aaea206373b24ae2ab77d56357e9529",
       "operatorKeyReferenceRoot": "0x8457aa3ed0f4238834a8f3925f25ccca805828d8427c3ef67590a45659b22a40",
       "previousAnchorId": "0x0000000000000000000000000000000000000000000000000000000000000000",
       "rootfieldStateRoot": "0xb72a851dca1103410484e3272945bae5e87fc39b8f32f77d2991959b60d3bfbf",
-      "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
+      "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
       "verifierModuleRoot": "0xd6ddd8a2d0f5812d64679656c69983a2e0aecd36bd36199d900245658ae4626c",
       "verifierReportRoot": "0x4facd21e55423e182eba87355482a35daa93f53190fbd3a8d2969f9d55bc5373",
       "workReceiptRoot": "0x8b3ef5650c9eea2f608ad9c7cb73df3c289fc0ac72ed04f46e6ae4bce0a1f023"
@@ -66,6 +68,17 @@
       "status": "resolved"
     }
   },
+  "faucetRecords": {
+    "faucet:demo:001": {
+      "accountId": "local-balance:demo:agent-alpha",
+      "amountUnits": 1000,
+      "creditedAtBlock": 1,
+      "faucetRecordId": "faucet:demo:001",
+      "noValue": true,
+      "reason": "local-smoke-no-value-test-units",
+      "recipient": "agent:demo:alpha"
+    }
+  },
   "finalityReceipts": {
     "finality:demo:001": {
       "challengeCount": 1,
@@ -75,7 +88,7 @@
       "finalizedBy": "operator:local-demo",
       "receiptId": "receipt:demo:001",
       "rootfieldId": "rootfield:demo:alpha",
-      "stateRoot": "0x5b55ae15cf9ff5f7c18f8dce05da5ed0f780e4103607819129ce09f1ed7744a7"
+      "stateRoot": "0x2cff83eaf83ea3ae2e9b248ca6ac2b32e23fa3f9ca067c4a9c93e72ef5679d33"
     }
   },
   "genesisConfig": {
@@ -93,15 +106,28 @@
     "operatorKeyReferenceId": "operator-key:local-devnet:alpha",
     "schema": "flowmemory.local_devnet.config.v0"
   },
+  "localTestUnitBalances": {
+    "local-balance:demo:agent-alpha": {
+      "accountId": "local-balance:demo:agent-alpha",
+      "lastFaucetRecordId": "faucet:demo:001",
+      "noValue": true,
+      "owner": "agent:demo:alpha",
+      "totalFaucetUnits": 1000,
+      "units": 1000,
+      "updatedAtBlock": 1
+    }
+  },
   "mapRoots": {
     "agentAccountRoot": "0xcf31230bfff347f79e19a55f4d1ff5fa486b0b1ad4754ce22b93de4b259a3ca7",
     "artifactAvailabilityProofRoot": "0xfb4b693c45014aae0947f35696e9d864e7b26ac6fd39c1df5edb3e0dcf9bd928",
     "artifactCommitmentRoot": "0xb772a9f7273032fd3ba2da8b6476d4715bbbafbd2a7eed21ecd0d558bde3beab",
-    "baseAnchorRoot": "0xd61259ffaad6d352bd8f2e1b498c46b9d62b3c77ff22eeacd028bbb0cc66c5bd",
+    "baseAnchorRoot": "0x0f455d919de2d313e88c276b687975249bf3ce53c9cedc27c012a85bcbf0b946",
     "challengeRoot": "0x16da3d2bf2dcd801bc5deb3987dc01342cb957031ad01408ea77bf5d1583656f",
-    "finalityReceiptRoot": "0x8b8f5ff0d8c0a2f799958098165e8a6ff3c8f822f57147d1e1e7d2199ae1e347",
+    "faucetRecordRoot": "0x2277503a52fab3f9e49b40debfb7d641abee75cf268aa56da403fdcf4fad6cee",
+    "finalityReceiptRoot": "0x990b60fd5f91eb725b65d36a1324e00be255daaa4bc0fbbe163343c3934b120a",
     "importedObservationRoot": "0x99cb1b939d5a09f800f72e4c5a2b92988571126e1f6f93549f4893b3f7de7880",
     "importedVerifierReportRoot": "0x6070b1015f000dd509c7b276d2ad68d8a9d188ef1a961c2f573346eb75ea5ad7",
+    "localTestUnitBalanceRoot": "0x167041ef195b5dde2d2cade6ecb26c9a0a596e9ed21ff7bfb02d33c9d2be8d15",
     "memoryCellRoot": "0x1b4e91099dd8d867201bd880437197ae6c031e538341aaa3cd2046e5706a2c25",
     "modelPassportRoot": "0x326aa6b0b372d29d24d747fe0879adfd7aaea206373b24ae2ab77d56357e9529",
     "operatorKeyReferenceRoot": "0x8457aa3ed0f4238834a8f3925f25ccca805828d8427c3ef67590a45659b22a40",
@@ -164,7 +190,7 @@
     }
   },
   "schema": "flowmemory.dashboard_state.local_devnet.v0",
-  "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50",
+  "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f",
   "verifierModules": {
     "verifier:local-demo": {
       "active": true,
diff --git a/fixtures/launch-core/generated/devnet/indexer-handoff.json b/fixtures/launch-core/generated/devnet/indexer-handoff.json
index 8e3e91b3..03be138d 100644
--- a/fixtures/launch-core/generated/devnet/indexer-handoff.json
+++ b/fixtures/launch-core/generated/devnet/indexer-handoff.json
@@ -23,7 +23,7 @@
   },
   "blocks": [
     {
-      "blockHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+      "blockHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
       "blockNumber": 1,
       "logicalTime": 1778688000,
       "parentHash": "0x0f23c892cbd2d00c10839d97ddab833698a83f8df8d6df27ceac03cfdd4b7bc9",
@@ -43,6 +43,16 @@
           "status": "applied",
           "txId": "0x6f55c155425b968de01092be7d276f0c24430a2994910881938bc13c72f8892f"
         },
+        {
+          "error": null,
+          "status": "applied",
+          "txId": "0xafd3991af8b9e4eadfa3810f82d74701b7518269ae7ba5d0e3e450844445b03b"
+        },
+        {
+          "error": null,
+          "status": "applied",
+          "txId": "0xec7019403fec03ea2ea4b090bc5ee1c63017ed9834bff5fb87ce2fe5d5794919"
+        },
         {
           "error": null,
           "status": "applied",
@@ -95,11 +105,13 @@
         }
       ],
       "schema": "flowmemory.local_devnet.block.v0",
-      "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
+      "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
       "txIds": [
         "0x2cffda58c783dc026978b06a681587b19d9536ae4e158a69be855da1200f3189",
         "0x75e63a0257621b8ef7412c6455a19d848996905e21f5ba79ccb0870d6e82eb25",
         "0x6f55c155425b968de01092be7d276f0c24430a2994910881938bc13c72f8892f",
+        "0xafd3991af8b9e4eadfa3810f82d74701b7518269ae7ba5d0e3e450844445b03b",
+        "0xec7019403fec03ea2ea4b090bc5ee1c63017ed9834bff5fb87ce2fe5d5794919",
         "0x05abb39c720d8ee1cd9253e32efaa595f5d5b2fcef4a908f61ab4a6bfa315359",
         "0xb9f435aceb1bedb86dce821743769b28c02a42002c9cd41f2df1ea0279462ab2",
         "0x27aeba6c55c764222964764cb2bfbb69fb6fa56cb84714d6e98240ceb6e9d01d",
@@ -113,10 +125,10 @@
       ]
     },
     {
-      "blockHash": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919",
+      "blockHash": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82",
       "blockNumber": 2,
       "logicalTime": 1778688001,
-      "parentHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+      "parentHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
       "receipts": [
         {
           "error": null,
@@ -125,7 +137,7 @@
         }
       ],
       "schema": "flowmemory.local_devnet.block.v0",
-      "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50",
+      "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f",
       "txIds": [
         "0x8f719c880f17b5d4fb6d9efd54ac276d0dd8050d11c2c7870c36a79b66bc49d7"
       ]
@@ -144,6 +156,17 @@
       "status": "resolved"
     }
   },
+  "faucetRecords": {
+    "faucet:demo:001": {
+      "accountId": "local-balance:demo:agent-alpha",
+      "amountUnits": 1000,
+      "creditedAtBlock": 1,
+      "faucetRecordId": "faucet:demo:001",
+      "noValue": true,
+      "reason": "local-smoke-no-value-test-units",
+      "recipient": "agent:demo:alpha"
+    }
+  },
   "finalityReceipts": {
     "finality:demo:001": {
       "challengeCount": 1,
@@ -153,7 +176,7 @@
       "finalizedBy": "operator:local-demo",
       "receiptId": "receipt:demo:001",
       "rootfieldId": "rootfield:demo:alpha",
-      "stateRoot": "0x5b55ae15cf9ff5f7c18f8dce05da5ed0f780e4103607819129ce09f1ed7744a7"
+      "stateRoot": "0x2cff83eaf83ea3ae2e9b248ca6ac2b32e23fa3f9ca067c4a9c93e72ef5679d33"
     }
   },
   "genesisConfig": {
@@ -172,15 +195,28 @@
     "schema": "flowmemory.local_devnet.config.v0"
   },
   "importedObservations": {},
+  "localTestUnitBalances": {
+    "local-balance:demo:agent-alpha": {
+      "accountId": "local-balance:demo:agent-alpha",
+      "lastFaucetRecordId": "faucet:demo:001",
+      "noValue": true,
+      "owner": "agent:demo:alpha",
+      "totalFaucetUnits": 1000,
+      "units": 1000,
+      "updatedAtBlock": 1
+    }
+  },
   "mapRoots": {
     "agentAccountRoot": "0xcf31230bfff347f79e19a55f4d1ff5fa486b0b1ad4754ce22b93de4b259a3ca7",
     "artifactAvailabilityProofRoot": "0xfb4b693c45014aae0947f35696e9d864e7b26ac6fd39c1df5edb3e0dcf9bd928",
     "artifactCommitmentRoot": "0xb772a9f7273032fd3ba2da8b6476d4715bbbafbd2a7eed21ecd0d558bde3beab",
-    "baseAnchorRoot": "0xd61259ffaad6d352bd8f2e1b498c46b9d62b3c77ff22eeacd028bbb0cc66c5bd",
+    "baseAnchorRoot": "0x0f455d919de2d313e88c276b687975249bf3ce53c9cedc27c012a85bcbf0b946",
     "challengeRoot": "0x16da3d2bf2dcd801bc5deb3987dc01342cb957031ad01408ea77bf5d1583656f",
-    "finalityReceiptRoot": "0x8b8f5ff0d8c0a2f799958098165e8a6ff3c8f822f57147d1e1e7d2199ae1e347",
+    "faucetRecordRoot": "0x2277503a52fab3f9e49b40debfb7d641abee75cf268aa56da403fdcf4fad6cee",
+    "finalityReceiptRoot": "0x990b60fd5f91eb725b65d36a1324e00be255daaa4bc0fbbe163343c3934b120a",
     "importedObservationRoot": "0x99cb1b939d5a09f800f72e4c5a2b92988571126e1f6f93549f4893b3f7de7880",
     "importedVerifierReportRoot": "0x6070b1015f000dd509c7b276d2ad68d8a9d188ef1a961c2f573346eb75ea5ad7",
+    "localTestUnitBalanceRoot": "0x167041ef195b5dde2d2cade6ecb26c9a0a596e9ed21ff7bfb02d33c9d2be8d15",
     "memoryCellRoot": "0x1b4e91099dd8d867201bd880437197ae6c031e538341aaa3cd2046e5706a2c25",
     "modelPassportRoot": "0x326aa6b0b372d29d24d747fe0879adfd7aaea206373b24ae2ab77d56357e9529",
     "operatorKeyReferenceRoot": "0x8457aa3ed0f4238834a8f3925f25ccca805828d8427c3ef67590a45659b22a40",
@@ -221,5 +257,5 @@
     }
   },
   "schema": "flowmemory.indexer_handoff.local_devnet.v0",
-  "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50"
+  "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f"
 }
diff --git a/fixtures/launch-core/generated/devnet/state.json b/fixtures/launch-core/generated/devnet/state.json
index 643b655e..ccec530d 100644
--- a/fixtures/launch-core/generated/devnet/state.json
+++ b/fixtures/launch-core/generated/devnet/state.json
@@ -19,7 +19,7 @@
   "genesisHash": "0x0f23c892cbd2d00c10839d97ddab833698a83f8df8d6df27ceac03cfdd4b7bc9",
   "nextBlockNumber": 3,
   "logicalTime": 1778688002,
-  "parentHash": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919",
+  "parentHash": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82",
   "operatorKeyReferences": {
     "operator-key:local-devnet:alpha": {
       "schema": "flowmemory.local_devnet.operator_key_reference.v0",
@@ -59,6 +59,28 @@
       "active": true
     }
   },
+  "localTestUnitBalances": {
+    "local-balance:demo:agent-alpha": {
+      "accountId": "local-balance:demo:agent-alpha",
+      "owner": "agent:demo:alpha",
+      "units": 1000,
+      "totalFaucetUnits": 1000,
+      "lastFaucetRecordId": "faucet:demo:001",
+      "updatedAtBlock": 1,
+      "noValue": true
+    }
+  },
+  "faucetRecords": {
+    "faucet:demo:001": {
+      "faucetRecordId": "faucet:demo:001",
+      "accountId": "local-balance:demo:agent-alpha",
+      "recipient": "agent:demo:alpha",
+      "amountUnits": 1000,
+      "reason": "local-smoke-no-value-test-units",
+      "creditedAtBlock": 1,
+      "noValue": true
+    }
+  },
   "modelPassports": {
     "model:demo:local-alpha": {
       "modelPassportId": "model:demo:local-alpha",
@@ -105,7 +127,7 @@
       "finalityStatus": "finalized",
       "challengeCount": 1,
       "finalizedAtBlock": 1,
-      "stateRoot": "0x5b55ae15cf9ff5f7c18f8dce05da5ed0f780e4103607819129ce09f1ed7744a7"
+      "stateRoot": "0x2cff83eaf83ea3ae2e9b248ca6ac2b32e23fa3f9ca067c4a9c93e72ef5679d33"
     }
   },
   "artifactCommitments": {
@@ -163,22 +185,24 @@
   "importedObservations": {},
   "importedVerifierReports": {},
   "baseAnchors": {
-    "0x2e2c83de6aab8190d169ad3348c62ce0cf0d4dcd6e83932c7beda822b4736a64": {
-      "anchorId": "0x2e2c83de6aab8190d169ad3348c62ce0cf0d4dcd6e83932c7beda822b4736a64",
+    "0xd1112ed01fdf86d0caa079d7668a5c3e0482f6da36d8831f1e12a21bf2a77885": {
+      "anchorId": "0xd1112ed01fdf86d0caa079d7668a5c3e0482f6da36d8831f1e12a21bf2a77885",
       "appchainChainId": "flowmemory-local-devnet-v0",
       "blockRangeStart": 1,
       "blockRangeEnd": 1,
-      "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
+      "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
       "workReceiptRoot": "0x8b3ef5650c9eea2f608ad9c7cb73df3c289fc0ac72ed04f46e6ae4bce0a1f023",
       "verifierReportRoot": "0x4facd21e55423e182eba87355482a35daa93f53190fbd3a8d2969f9d55bc5373",
       "rootfieldStateRoot": "0xb72a851dca1103410484e3272945bae5e87fc39b8f32f77d2991959b60d3bfbf",
       "artifactCommitmentRoot": "0xb772a9f7273032fd3ba2da8b6476d4715bbbafbd2a7eed21ecd0d558bde3beab",
       "operatorKeyReferenceRoot": "0x8457aa3ed0f4238834a8f3925f25ccca805828d8427c3ef67590a45659b22a40",
       "agentAccountRoot": "0xcf31230bfff347f79e19a55f4d1ff5fa486b0b1ad4754ce22b93de4b259a3ca7",
+      "localTestUnitBalanceRoot": "0x167041ef195b5dde2d2cade6ecb26c9a0a596e9ed21ff7bfb02d33c9d2be8d15",
+      "faucetRecordRoot": "0x2277503a52fab3f9e49b40debfb7d641abee75cf268aa56da403fdcf4fad6cee",
       "modelPassportRoot": "0x326aa6b0b372d29d24d747fe0879adfd7aaea206373b24ae2ab77d56357e9529",
       "memoryCellRoot": "0x1b4e91099dd8d867201bd880437197ae6c031e538341aaa3cd2046e5706a2c25",
       "challengeRoot": "0x16da3d2bf2dcd801bc5deb3987dc01342cb957031ad01408ea77bf5d1583656f",
-      "finalityReceiptRoot": "0x8b8f5ff0d8c0a2f799958098165e8a6ff3c8f822f57147d1e1e7d2199ae1e347",
+      "finalityReceiptRoot": "0x990b60fd5f91eb725b65d36a1324e00be255daaa4bc0fbbe163343c3934b120a",
       "artifactAvailabilityProofRoot": "0xfb4b693c45014aae0947f35696e9d864e7b26ac6fd39c1df5edb3e0dcf9bd928",
       "verifierModuleRoot": "0xd6ddd8a2d0f5812d64679656c69983a2e0aecd36bd36199d900245658ae4626c",
       "previousAnchorId": "0x0000000000000000000000000000000000000000000000000000000000000000",
@@ -195,6 +219,8 @@
         "0x2cffda58c783dc026978b06a681587b19d9536ae4e158a69be855da1200f3189",
         "0x75e63a0257621b8ef7412c6455a19d848996905e21f5ba79ccb0870d6e82eb25",
         "0x6f55c155425b968de01092be7d276f0c24430a2994910881938bc13c72f8892f",
+        "0xafd3991af8b9e4eadfa3810f82d74701b7518269ae7ba5d0e3e450844445b03b",
+        "0xec7019403fec03ea2ea4b090bc5ee1c63017ed9834bff5fb87ce2fe5d5794919",
         "0x05abb39c720d8ee1cd9253e32efaa595f5d5b2fcef4a908f61ab4a6bfa315359",
         "0xb9f435aceb1bedb86dce821743769b28c02a42002c9cd41f2df1ea0279462ab2",
         "0x27aeba6c55c764222964764cb2bfbb69fb6fa56cb84714d6e98240ceb6e9d01d",
@@ -222,6 +248,16 @@
           "status": "applied",
           "error": null
         },
+        {
+          "txId": "0xafd3991af8b9e4eadfa3810f82d74701b7518269ae7ba5d0e3e450844445b03b",
+          "status": "applied",
+          "error": null
+        },
+        {
+          "txId": "0xec7019403fec03ea2ea4b090bc5ee1c63017ed9834bff5fb87ce2fe5d5794919",
+          "status": "applied",
+          "error": null
+        },
         {
           "txId": "0x05abb39c720d8ee1cd9253e32efaa595f5d5b2fcef4a908f61ab4a6bfa315359",
           "status": "applied",
@@ -273,13 +309,13 @@
           "error": null
         }
       ],
-      "stateRoot": "0xd92ec8176ad55060b37898d4235612d0874ae5da6a5edbf69717b704c484e016",
-      "blockHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9"
+      "stateRoot": "0xd4bf806a2f91cd8255b2c55db91cb59c9f941d9ec92614dcb86dbd926184630c",
+      "blockHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56"
     },
     {
       "schema": "flowmemory.local_devnet.block.v0",
       "blockNumber": 2,
-      "parentHash": "0x1e6f848e67c93fcd23091891ec704f5ed58989956789acd3368bce883ad493f9",
+      "parentHash": "0x78c6b0c6b56eae99d2d693878a2239620c713cff50fcb94ba6df3fc6ed08be56",
       "logicalTime": 1778688001,
       "txIds": [
         "0x8f719c880f17b5d4fb6d9efd54ac276d0dd8050d11c2c7870c36a79b66bc49d7"
@@ -291,8 +327,8 @@
           "error": null
         }
       ],
-      "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50",
-      "blockHash": "0x54ba8fe6b5d3781a91ebd45a2ab215dd51ff2f835afe1c72d1843384fffb3919"
+      "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f",
+      "blockHash": "0xeca4065a019501355c54c1d7ecc4859e4be6355c9ccaa2ce7188822bebc88c82"
     }
   ],
   "pendingTxs": []
diff --git a/fixtures/launch-core/generated/devnet/verifier-handoff.json b/fixtures/launch-core/generated/devnet/verifier-handoff.json
index 85687b7f..5020bb7a 100644
--- a/fixtures/launch-core/generated/devnet/verifier-handoff.json
+++ b/fixtures/launch-core/generated/devnet/verifier-handoff.json
@@ -24,6 +24,17 @@
       "status": "resolved"
     }
   },
+  "faucetRecords": {
+    "faucet:demo:001": {
+      "accountId": "local-balance:demo:agent-alpha",
+      "amountUnits": 1000,
+      "creditedAtBlock": 1,
+      "faucetRecordId": "faucet:demo:001",
+      "noValue": true,
+      "reason": "local-smoke-no-value-test-units",
+      "recipient": "agent:demo:alpha"
+    }
+  },
   "finalityReceipts": {
     "finality:demo:001": {
       "challengeCount": 1,
@@ -33,7 +44,7 @@
       "finalizedBy": "operator:local-demo",
       "receiptId": "receipt:demo:001",
       "rootfieldId": "rootfield:demo:alpha",
-      "stateRoot": "0x5b55ae15cf9ff5f7c18f8dce05da5ed0f780e4103607819129ce09f1ed7744a7"
+      "stateRoot": "0x2cff83eaf83ea3ae2e9b248ca6ac2b32e23fa3f9ca067c4a9c93e72ef5679d33"
     }
   },
   "genesisConfig": {
@@ -52,15 +63,28 @@
     "schema": "flowmemory.local_devnet.config.v0"
   },
   "importedVerifierReports": {},
+  "localTestUnitBalances": {
+    "local-balance:demo:agent-alpha": {
+      "accountId": "local-balance:demo:agent-alpha",
+      "lastFaucetRecordId": "faucet:demo:001",
+      "noValue": true,
+      "owner": "agent:demo:alpha",
+      "totalFaucetUnits": 1000,
+      "units": 1000,
+      "updatedAtBlock": 1
+    }
+  },
   "mapRoots": {
     "agentAccountRoot": "0xcf31230bfff347f79e19a55f4d1ff5fa486b0b1ad4754ce22b93de4b259a3ca7",
     "artifactAvailabilityProofRoot": "0xfb4b693c45014aae0947f35696e9d864e7b26ac6fd39c1df5edb3e0dcf9bd928",
     "artifactCommitmentRoot": "0xb772a9f7273032fd3ba2da8b6476d4715bbbafbd2a7eed21ecd0d558bde3beab",
-    "baseAnchorRoot": "0xd61259ffaad6d352bd8f2e1b498c46b9d62b3c77ff22eeacd028bbb0cc66c5bd",
+    "baseAnchorRoot": "0x0f455d919de2d313e88c276b687975249bf3ce53c9cedc27c012a85bcbf0b946",
     "challengeRoot": "0x16da3d2bf2dcd801bc5deb3987dc01342cb957031ad01408ea77bf5d1583656f",
-    "finalityReceiptRoot": "0x8b8f5ff0d8c0a2f799958098165e8a6ff3c8f822f57147d1e1e7d2199ae1e347",
+    "faucetRecordRoot": "0x2277503a52fab3f9e49b40debfb7d641abee75cf268aa56da403fdcf4fad6cee",
+    "finalityReceiptRoot": "0x990b60fd5f91eb725b65d36a1324e00be255daaa4bc0fbbe163343c3934b120a",
     "importedObservationRoot": "0x99cb1b939d5a09f800f72e4c5a2b92988571126e1f6f93549f4893b3f7de7880",
     "importedVerifierReportRoot": "0x6070b1015f000dd509c7b276d2ad68d8a9d188ef1a961c2f573346eb75ea5ad7",
+    "localTestUnitBalanceRoot": "0x167041ef195b5dde2d2cade6ecb26c9a0a596e9ed21ff7bfb02d33c9d2be8d15",
     "memoryCellRoot": "0x1b4e91099dd8d867201bd880437197ae6c031e538341aaa3cd2046e5706a2c25",
     "modelPassportRoot": "0x326aa6b0b372d29d24d747fe0879adfd7aaea206373b24ae2ab77d56357e9529",
     "operatorKeyReferenceRoot": "0x8457aa3ed0f4238834a8f3925f25ccca805828d8427c3ef67590a45659b22a40",
@@ -87,7 +111,7 @@
     }
   },
   "schema": "flowmemory.verifier_handoff.local_devnet.v0",
-  "stateRoot": "0x75373cc47666ed9bcad605ce0f5d0aeb1bc8100a1087840d755205aef8a6bb50",
+  "stateRoot": "0x55cab7c41a999da527bdd026a772edb5e4804b070014cccc72622e09ce3e699f",
   "verifierModules": {
     "verifier:local-demo": {
       "active": true,
diff --git a/infra/scripts/flowchain-common.ps1 b/infra/scripts/flowchain-common.ps1
index bb7481d4..173e11d2 100644
--- a/infra/scripts/flowchain-common.ps1
+++ b/infra/scripts/flowchain-common.ps1
@@ -105,8 +105,9 @@ function Write-FlowChainJson {
         New-Item -ItemType Directory -Force -Path $parent | Out-Null
     }
 
-    $body = $Value | ConvertTo-Json -Depth $Depth
-    Set-Content -LiteralPath $Path -Value $body -Encoding UTF8
+    $body = ($Value | ConvertTo-Json -Depth $Depth) + [Environment]::NewLine
+    $utf8NoBom = New-Object System.Text.UTF8Encoding($false)
+    [System.IO.File]::WriteAllText($Path, $body, $utf8NoBom)
 }
 
 function Assert-FlowChainNoSecretText {
diff --git a/infra/scripts/flowchain-full-smoke.ps1 b/infra/scripts/flowchain-full-smoke.ps1
new file mode 100644
index 00000000..fe31bb8a
--- /dev/null
+++ b/infra/scripts/flowchain-full-smoke.ps1
@@ -0,0 +1,149 @@
+param(
+    [switch] $SkipDashboardBuild,
+    [switch] $SkipHardware
+)
+
+$ErrorActionPreference = "Stop"
+Set-StrictMode -Version Latest
+
+. "$PSScriptRoot\flowchain-common.ps1"
+
+$repoRoot = Set-FlowChainRepoRoot
+$fullSmokeRoot = Assert-FlowChainPathInsideRepo -RepoRoot $repoRoot -Path (Resolve-FlowChainPath -RepoRoot $repoRoot -Path "devnet/local/full-smoke")
+
+if (Test-Path -LiteralPath $fullSmokeRoot) {
+    Remove-Item -LiteralPath $fullSmokeRoot -Recurse -Force
+}
+New-Item -ItemType Directory -Force -Path $fullSmokeRoot | Out-Null
+
+$smokeArgs = @(
+    "-NoProfile",
+    "-ExecutionPolicy",
+    "Bypass",
+    "-File",
+    (Join-Path $PSScriptRoot "flowchain-smoke.ps1")
+)
+if ($SkipDashboardBuild) {
+    $smokeArgs += "-SkipDashboardBuild"
+}
+if ($SkipHardware) {
+    $smokeArgs += "-SkipHardware"
+}
+
+Invoke-FlowChainCommand -Label "Run FlowChain private/local smoke gate" -FilePath "powershell" -ArgumentList $smokeArgs
+
+$walletDocumentPath = Join-Path $fullSmokeRoot "wallet-document.json"
+$walletVaultPath = Join-Path $fullSmokeRoot "wallet-vault.local.json"
+$walletEnvelopePath = Join-Path $fullSmokeRoot "wallet-envelope.json"
+$localAlphaFixtures = Get-Content -Raw -LiteralPath (Join-Path $repoRoot "crypto/fixtures/local-alpha-objects.json") | ConvertFrom-Json
+Write-FlowChainJson -Path $walletDocumentPath -Value $localAlphaFixtures.positive[0].document
+
+$previousWalletPassword = $env:FLOWMEMORY_TEST_WALLET_PASSWORD
+$env:FLOWMEMORY_TEST_WALLET_PASSWORD = "flowmemory-full-smoke-local-password"
+try {
+    Invoke-FlowChainCommand -Label "Create encrypted local test wallet vault" -FilePath "npm" -ArgumentList @(
+        "run",
+        "wallet:create",
+        "--prefix",
+        "crypto",
+        "--",
+        "--vault",
+        $walletVaultPath,
+        "--label",
+        "full-smoke-operator",
+        "--role",
+        "operator"
+    )
+    Invoke-FlowChainCommand -Label "Sign local transaction envelope" -FilePath "npm" -ArgumentList @(
+        "run",
+        "wallet:sign",
+        "--prefix",
+        "crypto",
+        "--",
+        "--vault",
+        $walletVaultPath,
+        "--document",
+        $walletDocumentPath,
+        "--chain-id",
+        "31337",
+        "--nonce",
+        "1",
+        "--out",
+        $walletEnvelopePath
+    )
+    Invoke-FlowChainCommand -Label "Verify local transaction envelope" -FilePath "npm" -ArgumentList @(
+        "run",
+        "wallet:verify",
+        "--prefix",
+        "crypto",
+        "--",
+        "--document",
+        $walletDocumentPath,
+        "--envelope",
+        $walletEnvelopePath,
+        "--chain-id",
+        "31337"
+    )
+}
+finally {
+    $env:FLOWMEMORY_TEST_WALLET_PASSWORD = $previousWalletPassword
+}
+
+Assert-FlowChainNoSecretFiles -Path $fullSmokeRoot
+Invoke-FlowChainCommand -Label "Check working tree patch whitespace" -FilePath "git" -ArgumentList @("diff", "--check")
+
+$smokeReportPath = Resolve-FlowChainPath -RepoRoot $repoRoot -Path "devnet/local/smoke/flowchain-smoke-report.json"
+if (-not (Test-Path -LiteralPath $smokeReportPath)) {
+    throw "Expected smoke report was not written: $smokeReportPath"
+}
+
+$smokeReport = Get-Content -Raw -LiteralPath $smokeReportPath | ConvertFrom-Json
+if ($smokeReport.PSObject.Properties["blockedLifecycleCoverage"] -and $smokeReport.blockedLifecycleCoverage.Count -gt 0) {
+    throw "Full smoke cannot pass with blocked merged-surface lifecycle coverage: $($smokeReport.blockedLifecycleCoverage -join ', ')"
+}
+
+$reportPath = Join-Path $fullSmokeRoot "flowchain-full-smoke-report.json"
+$report = [ordered]@{
+    schema = "flowchain.private_testnet.full_smoke_report.v0"
+    generatedAt = (Get-Date).ToUniversalTime().ToString("o")
+    smokeReport = $smokeReportPath
+    stateRoot = $smokeReport.stateRoot
+    deterministicReplay = $smokeReport.deterministicReplay
+    launchCandidate = $smokeReport.launchCandidate
+    devnetTests = $smokeReport.devnetTests
+    serviceTests = $smokeReport.serviceTests
+    cryptoTests = $smokeReport.cryptoTests
+    cryptoVectors = $smokeReport.cryptoVectors
+    cryptoLocalAlpha = $smokeReport.cryptoLocalAlpha
+    controlPlaneSmoke = $smokeReport.controlPlaneSmoke
+    localWalletCli = "passed"
+    localTransactionEnvelope = $walletEnvelopePath
+    dashboardBuild = $smokeReport.dashboardBuild
+    hardwareFixture = $smokeReport.hardwareFixture
+    noSecretExportScan = $smokeReport.noSecretExportScan
+    gitDiffCheck = "passed"
+    acceptanceCoverage = [ordered]@{
+        localRuntime = "passed"
+        nativeObjectLifecycle = "passed"
+        controlPlaneQueries = "passed"
+        workbenchBuild = $smokeReport.dashboardBuild
+        deterministicReplay = "passed"
+        walletEnvelope = "passed"
+        noSecretExportScan = "passed"
+        unsafeClaimScan = "passed"
+    }
+    productionBoundary = @(
+        "private/local no-value validation only",
+        "no production mainnet claim",
+        "no tokenomics claim",
+        "no production bridge claim",
+        "no audited-cryptography claim",
+        "no public validator readiness claim"
+    )
+}
+Write-FlowChainJson -Path $reportPath -Value $report
+
+Write-Host ""
+Write-Host "FlowChain full private/local smoke passed."
+Write-Host "Deterministic state root: $($smokeReport.stateRoot)"
+Write-Host "Full smoke report: $reportPath"
diff --git a/infra/scripts/flowchain-smoke.ps1 b/infra/scripts/flowchain-smoke.ps1
index b4972d87..29804f8d 100644
--- a/infra/scripts/flowchain-smoke.ps1
+++ b/infra/scripts/flowchain-smoke.ps1
@@ -25,8 +25,10 @@ New-Item -ItemType Directory -Force -Path $smokeRoot | Out-Null
 Invoke-FlowChainCommand -Label "Run service tests" -FilePath "npm" -ArgumentList @("test")
 Invoke-FlowChainCommand -Label "Run crypto tests" -FilePath "npm" -ArgumentList @("test", "--prefix", "crypto")
 Invoke-FlowChainCommand -Label "Validate crypto vectors" -FilePath "npm" -ArgumentList @("run", "validate:vectors", "--prefix", "crypto")
+Invoke-FlowChainCommand -Label "Validate local alpha crypto objects" -FilePath "npm" -ArgumentList @("run", "validate:local-alpha", "--prefix", "crypto")
 Invoke-FlowChainCommand -Label "Run launch candidate gate" -FilePath "npm" -ArgumentList @("run", "launch:candidate")
 Invoke-FlowChainCommand -Label "Run devnet tests" -FilePath "cargo" -ArgumentList @("test", "--manifest-path", "crates/flowmemory-devnet/Cargo.toml")
+Invoke-FlowChainCommand -Label "Run control-plane full smoke client" -FilePath "npm" -ArgumentList @("run", "control-plane:smoke")
 
 $runAState = Join-Path $smokeRoot "run-a/state.json"
 $runAOut = Join-Path $smokeRoot "run-a/export"
@@ -95,6 +97,8 @@ $report = [ordered]@{
     serviceTests = "passed"
     cryptoTests = "passed"
     cryptoVectors = "passed"
+    cryptoLocalAlpha = "passed"
+    controlPlaneSmoke = "passed"
     dashboardBuild = $(if ($SkipDashboardBuild) { "skipped" } else { "passed" })
     hardwareFixture = $(if ($SkipHardware) { "skipped" } else { "passed" })
     noSecretExportScan = "passed"
@@ -102,26 +106,38 @@ $report = [ordered]@{
         "rootfield namespace",
         "root commitment",
         "artifact commitment",
+        "artifact availability proof",
+        "agent account",
+        "local no-value test-unit balance",
+        "local faucet record",
+        "local object ids",
+        "local signed envelope vectors",
+        "model passport",
         "work receipt",
+        "verifier module",
         "verifier report",
-        "local finality placeholder export",
-        "launch-core Flow Memory objects"
+        "memory cell",
+        "challenge",
+        "finality receipt",
+        "Base anchor placeholder",
+        "control-plane query evidence",
+        "launch-core Flow Memory objects",
+        "workbench build"
     )
-    blockedLifecycleCoverage = @(
-        "AgentAccount",
-        "ModelPassport",
-        "ArtifactAvailabilityProof as native object",
-        "VerifierModule",
-        "MemoryCell",
-        "Challenge",
-        "FinalityReceipt as native object",
-        "control-plane query evidence"
+    blockedLifecycleCoverage = @()
+    productionNonGoals = @(
+        "production mainnet",
+        "public validators",
+        "tokenomics",
+        "production bridge",
+        "audited cryptography",
+        "production Uniswap v4 hook deployment"
     )
 }
 Write-FlowChainJson -Path $reportPath -Value $report
 
 Write-Host ""
-Write-Host "FlowChain private/local smoke passed for merged surfaces."
+Write-Host "FlowChain private/local smoke passed for merged private/local surfaces."
 Write-Host "Deterministic state root: $($runADashboard.stateRoot)"
 Write-Host "Smoke report: $reportPath"
-Write-Host "Known remaining lifecycle gaps are recorded in docs/FLOWCHAIN_TESTNET_ACCEPTANCE.md."
+Write-Host "Production-gated non-goals remain recorded in docs/FLOWCHAIN_TESTNET_ACCEPTANCE.md."
diff --git a/package.json b/package.json
index d8cb0136..59f3086b 100644
--- a/package.json
+++ b/package.json
@@ -37,6 +37,7 @@
     "flowchain:stop": "powershell -NoProfile -ExecutionPolicy Bypass -File infra/scripts/flowchain-stop.ps1",
     "flowchain:demo": "powershell -NoProfile -ExecutionPolicy Bypass -File infra/scripts/flowchain-demo.ps1",
     "flowchain:smoke": "powershell -NoProfile -ExecutionPolicy Bypass -File infra/scripts/flowchain-smoke.ps1",
+    "flowchain:full-smoke": "powershell -NoProfile -ExecutionPolicy Bypass -File infra/scripts/flowchain-full-smoke.ps1",
     "flowchain:export": "powershell -NoProfile -ExecutionPolicy Bypass -File infra/scripts/flowchain-export.ps1",
     "flowchain:import": "powershell -NoProfile -ExecutionPolicy Bypass -File infra/scripts/flowchain-import.ps1",
     "workbench:dev": "powershell -NoProfile -ExecutionPolicy Bypass -File infra/scripts/flowchain-workbench.ps1",
diff --git a/schemas/flowmemory/README.md b/schemas/flowmemory/README.md
index db096054..f6e11ae0 100644
--- a/schemas/flowmemory/README.md
+++ b/schemas/flowmemory/README.md
@@ -16,8 +16,13 @@ These schemas are the canonical local/test V0 shapes for generated Flow Memory a
 - `verifier-report.schema.json`
 - `challenge.schema.json`
 - `finality-receipt.schema.json`
+- `bridge-deposit.schema.json`
+- `bridge-credit.schema.json`
+- `bridge-withdrawal.schema.json`
+- `local-balance-record.schema.json`
 - `hardware-signal-envelope.schema.json`
 - `local-signature-envelope.schema.json`
+- `local-transaction-envelope.schema.json`
 - `control-plane-provenance-response.schema.json`
 
 `memory-signal.schema.json` also embeds the `flowmemory.flowpulse_contract_event.v0`
@@ -38,6 +43,10 @@ agent, verifier, and hardware signature envelope that wraps these object IDs.
 The schema is paired with the validator in `crypto/src/objects.js`; consumers
 should validate both JSON shape and recomputed cryptographic fields.
 
+`local-transaction-envelope.schema.json` describes the chain-bound local/private
+transaction envelope consumed by the private L1 package. It binds the chain id,
+domain separator, nonce, signer, payload hash, object ID, and signature.
+
 Run the canonical Local Alpha schema/fixture check from the crypto package:
 
 ```powershell
diff --git a/schemas/flowmemory/bridge-credit.schema.json b/schemas/flowmemory/bridge-credit.schema.json
new file mode 100644
index 00000000..2ef17891
--- /dev/null
+++ b/schemas/flowmemory/bridge-credit.schema.json
@@ -0,0 +1,37 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "flowchain.bridge_credit.v0",
+  "title": "FlowChain Local Alpha BridgeCredit V0",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schema",
+    "creditId",
+    "depositId",
+    "recipient",
+    "assetId",
+    "amount",
+    "creditedAtBlockNumber",
+    "creditedAtUnixMs",
+    "status",
+    "statusCode",
+    "nonce"
+  ],
+  "properties": {
+    "schema": { "const": "flowchain.bridge_credit.v0" },
+    "creditId": { "$ref": "#/$defs/hex32" },
+    "depositId": { "$ref": "#/$defs/hex32" },
+    "recipient": { "$ref": "#/$defs/hex32" },
+    "assetId": { "$ref": "#/$defs/hex32" },
+    "amount": { "$ref": "#/$defs/uintString" },
+    "creditedAtBlockNumber": { "$ref": "#/$defs/uintString" },
+    "creditedAtUnixMs": { "$ref": "#/$defs/uintString" },
+    "status": { "enum": ["credited"] },
+    "statusCode": { "const": 3 },
+    "nonce": { "$ref": "#/$defs/hex32" }
+  },
+  "$defs": {
+    "hex32": { "type": "string", "pattern": "^0x[0-9a-fA-F]{64}$" },
+    "uintString": { "type": "string", "pattern": "^[0-9]+$" }
+  }
+}
diff --git a/schemas/flowmemory/bridge-withdrawal.schema.json b/schemas/flowmemory/bridge-withdrawal.schema.json
new file mode 100644
index 00000000..da84552d
--- /dev/null
+++ b/schemas/flowmemory/bridge-withdrawal.schema.json
@@ -0,0 +1,44 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "flowchain.bridge_withdrawal.v0",
+  "title": "FlowChain Local Alpha BridgeWithdrawal V0",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schema",
+    "withdrawalId",
+    "accountId",
+    "destinationChainId",
+    "destinationContract",
+    "token",
+    "amount",
+    "recipient",
+    "requestedAtBlockNumber",
+    "requestedAtUnixMs",
+    "status",
+    "statusCode",
+    "nonce",
+    "metadataHash"
+  ],
+  "properties": {
+    "schema": { "const": "flowchain.bridge_withdrawal.v0" },
+    "withdrawalId": { "$ref": "#/$defs/hex32" },
+    "accountId": { "$ref": "#/$defs/hex32" },
+    "destinationChainId": { "type": "integer", "enum": [84532, 8453] },
+    "destinationContract": { "$ref": "#/$defs/address" },
+    "token": { "$ref": "#/$defs/address" },
+    "amount": { "$ref": "#/$defs/uintString" },
+    "recipient": { "$ref": "#/$defs/address" },
+    "requestedAtBlockNumber": { "$ref": "#/$defs/uintString" },
+    "requestedAtUnixMs": { "$ref": "#/$defs/uintString" },
+    "status": { "enum": ["withdrawal_requested", "released", "rejected", "failed"] },
+    "statusCode": { "type": "integer", "minimum": 4, "maximum": 7 },
+    "nonce": { "$ref": "#/$defs/hex32" },
+    "metadataHash": { "$ref": "#/$defs/hex32" }
+  },
+  "$defs": {
+    "address": { "type": "string", "pattern": "^0x[0-9a-fA-F]{40}$" },
+    "hex32": { "type": "string", "pattern": "^0x[0-9a-fA-F]{64}$" },
+    "uintString": { "type": "string", "pattern": "^[0-9]+$" }
+  }
+}
diff --git a/schemas/flowmemory/local-balance-record.schema.json b/schemas/flowmemory/local-balance-record.schema.json
new file mode 100644
index 00000000..26b432a0
--- /dev/null
+++ b/schemas/flowmemory/local-balance-record.schema.json
@@ -0,0 +1,37 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "flowchain.local_balance_record.v0",
+  "title": "FlowChain Local Alpha LocalBalanceRecord V0",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schema",
+    "balanceRecordId",
+    "accountId",
+    "assetId",
+    "availableAmount",
+    "lockedAmount",
+    "lastCreditId",
+    "lastWithdrawalId",
+    "stateRoot",
+    "updatedAtBlockNumber",
+    "nonce"
+  ],
+  "properties": {
+    "schema": { "const": "flowchain.local_balance_record.v0" },
+    "balanceRecordId": { "$ref": "#/$defs/hex32" },
+    "accountId": { "$ref": "#/$defs/hex32" },
+    "assetId": { "$ref": "#/$defs/hex32" },
+    "availableAmount": { "$ref": "#/$defs/uintString" },
+    "lockedAmount": { "$ref": "#/$defs/uintString" },
+    "lastCreditId": { "$ref": "#/$defs/hex32" },
+    "lastWithdrawalId": { "$ref": "#/$defs/hex32" },
+    "stateRoot": { "$ref": "#/$defs/hex32" },
+    "updatedAtBlockNumber": { "$ref": "#/$defs/uintString" },
+    "nonce": { "$ref": "#/$defs/hex32" }
+  },
+  "$defs": {
+    "hex32": { "type": "string", "pattern": "^0x[0-9a-fA-F]{64}$" },
+    "uintString": { "type": "string", "pattern": "^[0-9]+$" }
+  }
+}
diff --git a/schemas/flowmemory/local-signature-envelope.schema.json b/schemas/flowmemory/local-signature-envelope.schema.json
index 04a6be0a..cfae7abc 100644
--- a/schemas/flowmemory/local-signature-envelope.schema.json
+++ b/schemas/flowmemory/local-signature-envelope.schema.json
@@ -39,11 +39,15 @@
         "memory_cell",
         "challenge",
         "finality_receipt",
+        "bridge_deposit",
+        "bridge_credit",
+        "bridge_withdrawal",
+        "local_balance_record",
         "hardware_signal_envelope",
         "control_plane_provenance_response"
       ]
     },
-    "objectSchema": { "type": "string", "pattern": "^flowchain\\.[a-z_]+\\.v0$" },
+    "objectSchema": { "type": "string", "pattern": "^(flowchain|flowmemory)\\.[a-z_]+\\.v0$" },
     "objectId": { "$ref": "#/$defs/hex32" },
     "objectTypeHash": { "$ref": "#/$defs/hex32" },
     "domain": { "type": "string", "pattern": "^(flowchain\\.local-alpha\\.v0|flowmemory\\.v0)\\.[a-z0-9.-]+$" },
diff --git a/schemas/flowmemory/local-transaction-envelope.schema.json b/schemas/flowmemory/local-transaction-envelope.schema.json
new file mode 100644
index 00000000..b392fddf
--- /dev/null
+++ b/schemas/flowmemory/local-transaction-envelope.schema.json
@@ -0,0 +1,71 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "flowchain.local_transaction_envelope.v0",
+  "title": "FlowChain Local Alpha LocalTransactionEnvelope V0",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schema",
+    "envelopeId",
+    "domain",
+    "domainSeparator",
+    "chainId",
+    "nonce",
+    "signerId",
+    "signerKeyId",
+    "signerRole",
+    "signerRoleCode",
+    "publicKey",
+    "objectSchema",
+    "objectType",
+    "objectTypeHash",
+    "objectId",
+    "payloadHash",
+    "issuedAtUnixMs",
+    "signingDigest",
+    "signature"
+  ],
+  "properties": {
+    "schema": { "const": "flowchain.local_transaction_envelope.v0" },
+    "envelopeId": { "$ref": "#/$defs/hex32" },
+    "domain": { "type": "string", "pattern": "^flowchain\\.local-alpha\\.v0\\.local-transaction-envelope:chain:[0-9]+$" },
+    "domainSeparator": { "$ref": "#/$defs/hex32" },
+    "chainId": { "$ref": "#/$defs/uintString" },
+    "nonce": { "$ref": "#/$defs/uintString" },
+    "signerId": { "$ref": "#/$defs/hex32" },
+    "signerKeyId": { "$ref": "#/$defs/hex32" },
+    "signerRole": { "enum": ["operator", "agent", "verifier", "hardware"] },
+    "signerRoleCode": { "type": "integer", "minimum": 1, "maximum": 255 },
+    "publicKey": { "type": "string", "pattern": "^0x([0-9a-fA-F]{66}|[0-9a-fA-F]{130})$" },
+    "objectSchema": { "type": "string", "pattern": "^(flowchain|flowmemory)\\.[a-z_]+\\.v0$" },
+    "objectType": {
+      "enum": [
+        "agent_account",
+        "model_passport",
+        "work_receipt",
+        "artifact_availability_proof",
+        "verifier_module",
+        "verifier_report",
+        "memory_cell",
+        "challenge",
+        "finality_receipt",
+        "bridge_deposit",
+        "bridge_credit",
+        "bridge_withdrawal",
+        "local_balance_record",
+        "hardware_signal_envelope",
+        "control_plane_provenance_response"
+      ]
+    },
+    "objectTypeHash": { "$ref": "#/$defs/hex32" },
+    "objectId": { "$ref": "#/$defs/hex32" },
+    "payloadHash": { "$ref": "#/$defs/hex32" },
+    "issuedAtUnixMs": { "$ref": "#/$defs/uintString" },
+    "signingDigest": { "$ref": "#/$defs/hex32" },
+    "signature": { "type": "string", "pattern": "^0x[0-9a-fA-F]{128}$" }
+  },
+  "$defs": {
+    "hex32": { "type": "string", "pattern": "^0x[0-9a-fA-F]{64}$" },
+    "uintString": { "type": "string", "pattern": "^[0-9]+$" }
+  }
+}
diff --git a/services/bridge-relayer/README.md b/services/bridge-relayer/README.md
index f8a9b5a1..cf9d352f 100644
--- a/services/bridge-relayer/README.md
+++ b/services/bridge-relayer/README.md
@@ -12,6 +12,12 @@ Local mock:
 npm run bridge:mock
 ```
 
+The control plane can read `services/bridge-relayer/out/bridge-observation.json`
+and can intake additional local bridge-agent observations through JSON-RPC
+`bridge_observation_submit` or HTTP `POST /bridge/observations`. Readbacks are
+available through `bridge_observation_list`, `bridge_deposit_list`,
+`bridge_credit_list`, and `withdrawal_list`.
+
 Base Sepolia guarded smoke:
 
 ```powershell
diff --git a/services/control-plane/README.md b/services/control-plane/README.md
index f9888891..d634eca5 100644
--- a/services/control-plane/README.md
+++ b/services/control-plane/README.md
@@ -1,6 +1,6 @@
 # FlowChain Control Plane V0
 
-This package exposes a local JSON-RPC 2.0 control-plane for FlowMemory and FlowChain fixture data. It is fixture-first, deterministic, and read-only.
+This package exposes a local JSON-RPC 2.0 control-plane for FlowMemory and FlowChain local runtime data. It prefers `devnet/local/` runtime state, falls back to deterministic committed fixtures, and keeps all mutable intake local-file backed.
 
 It is not a production RPC endpoint, hosted service, wallet, sequencer, verifier network, token system, or production chain API.
 
@@ -23,12 +23,22 @@ The server defaults to `http://127.0.0.1:8787`.
 The dispatcher supports:
 
 - `health`
+- `node_status`
+- `peer_list`
 - `chain_status`
 - `devnet_state`
 - `block_get`
 - `block_list`
+- `mempool_list`
 - `transaction_get`
 - `transaction_list`
+- `transaction_submit`
+- `account_get`
+- `account_list`
+- `balance_get`
+- `faucet_event_list`
+- `wallet_metadata_get`
+- `wallet_metadata_list`
 - `rootfield_get`
 - `rootfield_list`
 - `artifact_get`
@@ -52,6 +62,15 @@ The dispatcher supports:
 - `challenge_list`
 - `finality_get`
 - `finality_list`
+- `bridge_observation_get`
+- `bridge_observation_list`
+- `bridge_observation_submit`
+- `bridge_deposit_get`
+- `bridge_deposit_list`
+- `bridge_credit_get`
+- `bridge_credit_list`
+- `withdrawal_get`
+- `withdrawal_list`
 - `provenance_get`
 - `raw_json_get`
 
@@ -59,8 +78,10 @@ The API contract is documented in [docs/FLOWCHAIN_CONTROL_PLANE_API.md](../../do
 
 ## Data Sources
 
-The loader reads committed deterministic outputs first:
+The loader reads local runtime state first, then committed deterministic outputs:
 
+- `devnet/local/state.json`
+- `devnet/local/launch-v0-state.json`
 - `fixtures/launch-core/flowmemory-launch-v0.json`
 - `fixtures/launch-core/generated/devnet/state.json`
 - `fixtures/launch-core/generated/devnet/indexer-handoff.json`
@@ -70,7 +91,12 @@ The loader reads committed deterministic outputs first:
 - `services/verifier/out/reports.json`
 - `services/verifier/fixtures/artifacts.json`
 - `fixtures/handoff/sample-txs.json`
+- `services/bridge-relayer/out/bridge-observation.json`
 
 If the launch-core fixture is missing, the loader rebuilds the in-memory view from indexer/verifier outputs or the raw fixture receipts and artifact resolver. It does not fetch from live RPC or write production state.
 
-`npm run control-plane:smoke` runs an in-process JSON-RPC client over the complete local lifecycle surface: health, chain status, blocks, transactions, rootfields, agents, models, work receipts, artifact availability, verifier modules, verifier reports, memory cells, challenges, finality, provenance, and raw JSON.
+`transaction_submit` writes production-shaped local test transaction envelopes to `devnet/local/intake/transactions.ndjson` by default. `bridge_observation_submit` writes bridge-agent observations to `devnet/local/intake/bridge-observations.ndjson`. These files are local runtime intake, not committed fixtures.
+
+`npm run control-plane:smoke` runs an in-process JSON-RPC client over the complete local lifecycle surface: health, node status, peers, chain status, blocks, transactions, mempool, accounts, balances, faucet events, wallet public metadata, rootfields, agents, models, work receipts, artifact availability, verifier modules, verifier reports, memory cells, challenges, finality, bridge observations, bridge deposits, bridge credits, withdrawals, provenance, and raw JSON.
+
+All JSON-RPC responses are scanned before return and rejected if they contain private-key, mnemonic, seed phrase, RPC credential, API key, or webhook URL shaped material.
diff --git a/services/control-plane/src/errors.ts b/services/control-plane/src/errors.ts
index e9b60231..06acc6e1 100644
--- a/services/control-plane/src/errors.ts
+++ b/services/control-plane/src/errors.ts
@@ -6,6 +6,7 @@ export const JSON_RPC_ERROR_CODES = {
   invalidParams: -32602,
   internalError: -32603,
   objectNotFound: -32004,
+  secretRejected: -32040,
 } as const;
 
 export class ControlPlaneError extends Error {
@@ -34,6 +35,10 @@ export function methodNotFound(message: string, details?: JsonValue): ControlPla
   return new ControlPlaneError(JSON_RPC_ERROR_CODES.methodNotFound, message, "method.not_found", details);
 }
 
+export function secretRejected(message: string, details?: JsonValue): ControlPlaneError {
+  return new ControlPlaneError(JSON_RPC_ERROR_CODES.secretRejected, message, "secret.rejected", details);
+}
+
 export function rpcError(error: unknown): RpcErrorObject {
   if (error instanceof ControlPlaneError) {
     return {
diff --git a/services/control-plane/src/fixture-state.ts b/services/control-plane/src/fixture-state.ts
index 751f0669..f053b82b 100644
--- a/services/control-plane/src/fixture-state.ts
+++ b/services/control-plane/src/fixture-state.ts
@@ -17,6 +17,7 @@ import {
   type ArtifactResolverFixture,
   type PersistedVerifierReports,
 } from "../../verifier/src/index.ts";
+import { makeObservation, validateDeposit } from "../../bridge-relayer/src/observe-base-lockbox.ts";
 import type {
   ControlPlanePaths,
   DataSourceRecord,
@@ -31,19 +32,24 @@ export const DEFAULT_CONTROL_PLANE_PATHS: ControlPlanePaths = {
   indexerPath: "services/indexer/out/indexer-state.json",
   verifierPath: "services/verifier/out/reports.json",
   artifactsPath: "services/verifier/fixtures/artifacts.json",
+  localDevnetPath: "devnet/local/state.json",
+  localDevnetLaunchPath: "devnet/local/launch-v0-state.json",
   devnetPath: "fixtures/launch-core/generated/devnet/state.json",
   devnetIndexerHandoffPath: "fixtures/launch-core/generated/devnet/indexer-handoff.json",
   devnetVerifierHandoffPath: "fixtures/launch-core/generated/devnet/verifier-handoff.json",
   devnetControlPlaneHandoffPath: "fixtures/launch-core/generated/devnet/control-plane-handoff.json",
   txFixturesPath: "fixtures/handoff/sample-txs.json",
+  txIntakePath: "devnet/local/intake/transactions.ndjson",
+  bridgeObservationPath: "services/bridge-relayer/out/bridge-observation.json",
+  bridgeObservationIntakePath: "devnet/local/intake/bridge-observations.ndjson",
 };
 
-function resolveRepoPath(path: string): string {
+export function resolveControlPlanePath(path: string): string {
   return isAbsolute(path) ? path : resolve(REPO_ROOT, path);
 }
 
 function readJson<T>(path: string): T {
-  return JSON.parse(readFileSync(resolveRepoPath(path), "utf8")) as T;
+  return JSON.parse(readFileSync(resolveControlPlanePath(path), "utf8")) as T;
 }
 
 function sourceRecord(
@@ -62,14 +68,26 @@ function sourceRecord(
 }
 
 function maybeReadJson(path: string): JsonObject | null {
-  if (!existsSync(resolveRepoPath(path))) {
+  if (!existsSync(resolveControlPlanePath(path))) {
     return null;
   }
   return readJson<JsonObject>(path);
 }
 
+function readNdjson(path: string): JsonObject[] {
+  const resolved = resolveControlPlanePath(path);
+  if (!existsSync(resolved)) {
+    return [];
+  }
+  return readFileSync(resolved, "utf8")
+    .split(/\r?\n/)
+    .map((line) => line.trim())
+    .filter((line) => line.length > 0)
+    .map((line) => JSON.parse(line) as JsonObject);
+}
+
 function loadOrBuildIndexer(path: string, sources: Record<string, DataSourceRecord>): PersistedIndexerState {
-  if (existsSync(resolveRepoPath(path))) {
+  if (existsSync(resolveControlPlanePath(path))) {
     sources.indexer = sourceRecord("indexer", path, "loaded");
     return readJson<PersistedIndexerState>(path);
   }
@@ -87,7 +105,7 @@ function loadOrBuildVerifier(
   resolver: ArtifactResolverFixture,
   sources: Record<string, DataSourceRecord>,
 ): PersistedVerifierReports {
-  if (existsSync(resolveRepoPath(path))) {
+  if (existsSync(resolveControlPlanePath(path))) {
     sources.verifier = sourceRecord("verifier", path, "loaded");
     return readJson<PersistedVerifierReports>(path);
   }
@@ -98,7 +116,7 @@ function loadOrBuildVerifier(
 }
 
 function loadArtifacts(path: string, sources: Record<string, DataSourceRecord>): ArtifactResolverFixture {
-  if (existsSync(resolveRepoPath(path))) {
+  if (existsSync(resolveControlPlanePath(path))) {
     sources.artifacts = sourceRecord("artifacts", path, "loaded");
     return readJson<ArtifactResolverFixture>(path);
   }
@@ -126,7 +144,7 @@ function loadOrBuildLaunchCore(
   verifier: PersistedVerifierReports,
   sources: Record<string, DataSourceRecord>,
 ): LaunchCoreOutput {
-  if (existsSync(resolveRepoPath(paths.launchCorePath))) {
+  if (existsSync(resolveControlPlanePath(paths.launchCorePath))) {
     sources.launchCore = sourceRecord("launchCore", paths.launchCorePath, "loaded");
     return readJson<LaunchCoreOutput>(paths.launchCorePath);
   }
@@ -145,6 +163,53 @@ function loadOptionalSource(
   return value;
 }
 
+function loadDevnetSource(paths: ControlPlanePaths, sources: Record<string, DataSourceRecord>): JsonObject | null {
+  for (const [path, recovery] of [
+    [paths.localDevnetPath, undefined],
+    [paths.localDevnetLaunchPath, "loaded from devnet/local launch runtime state"],
+    [paths.devnetPath, "loaded committed devnet fixture fallback"],
+  ] as const) {
+    const value = maybeReadJson(path);
+    if (value !== null) {
+      sources.devnet = sourceRecord("devnet", path, path === paths.localDevnetPath ? "loaded" : "recovered", recovery);
+      return value;
+    }
+  }
+  sources.devnet = sourceRecord("devnet", paths.localDevnetPath, "missing");
+  return null;
+}
+
+function loadTxIntake(path: string, sources: Record<string, DataSourceRecord>): JsonObject[] {
+  const rows = readNdjson(path);
+  sources.txIntake = sourceRecord("txIntake", path, rows.length === 0 ? "missing" : "loaded");
+  return rows;
+}
+
+function loadBridgeObservations(paths: ControlPlanePaths, sources: Record<string, DataSourceRecord>): JsonObject[] {
+  const observations: JsonObject[] = [];
+  const persisted = maybeReadJson(paths.bridgeObservationPath);
+  if (persisted !== null) {
+    observations.push(persisted);
+    sources.bridgeObservation = sourceRecord("bridgeObservation", paths.bridgeObservationPath, "loaded");
+  } else {
+    const bridgeFixturePath = "fixtures/bridge/base-sepolia-mock-deposit.json";
+    const fixture = maybeReadJson(bridgeFixturePath);
+    if (fixture !== null) {
+      observations.push(makeObservation(validateDeposit(fixture), "mock") as unknown as JsonObject);
+      sources.bridgeObservation = sourceRecord("bridgeObservation", bridgeFixturePath, "recovered", "built from committed mock bridge deposit fixture");
+    } else {
+      sources.bridgeObservation = sourceRecord("bridgeObservation", paths.bridgeObservationPath, "missing");
+    }
+  }
+
+  const intakeRows = readNdjson(paths.bridgeObservationIntakePath);
+  if (intakeRows.length > 0) {
+    observations.push(...intakeRows);
+  }
+  sources.bridgeObservationIntake = sourceRecord("bridgeObservationIntake", paths.bridgeObservationIntakePath, intakeRows.length === 0 ? "missing" : "loaded");
+  return observations;
+}
+
 export function controlPlanePaths(overrides: Partial<ControlPlanePaths> = {}): ControlPlanePaths {
   return {
     ...DEFAULT_CONTROL_PLANE_PATHS,
@@ -159,11 +224,13 @@ export function loadControlPlaneState(overrides: Partial<ControlPlanePaths> = {}
   const indexer = loadOrBuildIndexer(paths.indexerPath, sources);
   const verifier = loadOrBuildVerifier(paths.verifierPath, indexer, artifacts, sources);
   const launchCore = loadOrBuildLaunchCore(paths, indexer, verifier, sources);
-  const devnet = loadOptionalSource("devnet", paths.devnetPath, sources);
+  const devnet = loadDevnetSource(paths, sources);
   const devnetIndexerHandoff = loadOptionalSource("devnetIndexerHandoff", paths.devnetIndexerHandoffPath, sources);
   const devnetVerifierHandoff = loadOptionalSource("devnetVerifierHandoff", paths.devnetVerifierHandoffPath, sources);
   const devnetControlPlaneHandoff = loadOptionalSource("devnetControlPlaneHandoff", paths.devnetControlPlaneHandoffPath, sources);
   const txFixtures = loadOptionalSource("txFixtures", paths.txFixturesPath, sources);
+  const txIntake = loadTxIntake(paths.txIntakePath, sources);
+  const bridgeObservations = loadBridgeObservations(paths, sources);
 
   return {
     schema: "flowmemory.control_plane.state.v0",
@@ -176,6 +243,9 @@ export function loadControlPlaneState(overrides: Partial<ControlPlanePaths> = {}
     devnetVerifierHandoff,
     devnetControlPlaneHandoff,
     txFixtures,
+    txIntake,
+    bridgeObservations,
+    paths,
     sources,
   };
 }
diff --git a/services/control-plane/src/json-rpc.ts b/services/control-plane/src/json-rpc.ts
index 5d3c53c7..f97d01f8 100644
--- a/services/control-plane/src/json-rpc.ts
+++ b/services/control-plane/src/json-rpc.ts
@@ -1,5 +1,6 @@
+import { findSecret } from "../../shared/src/index.ts";
 import { CONTROL_PLANE_METHODS, callControlPlaneMethod } from "./methods.ts";
-import { JSON_RPC_ERROR_CODES, ControlPlaneError, methodNotFound, rpcError } from "./errors.ts";
+import { JSON_RPC_ERROR_CODES, ControlPlaneError, methodNotFound, rpcError, secretRejected } from "./errors.ts";
 import type {
   ControlPlaneContext,
   JsonValue,
@@ -58,6 +59,10 @@ export function dispatchJsonRpc(
 
   try {
     const result = callControlPlaneMethod(request.method, request.params as JsonValue | undefined, context);
+    const finding = findSecret(result);
+    if (finding !== null) {
+      throw secretRejected("control-plane response contained secret-shaped material", finding);
+    }
     if (!("id" in request)) {
       return undefined;
     }
diff --git a/services/control-plane/src/methods.ts b/services/control-plane/src/methods.ts
index dc19c3d8..64498138 100644
--- a/services/control-plane/src/methods.ts
+++ b/services/control-plane/src/methods.ts
@@ -1,6 +1,9 @@
-import { canonicalJson, keccak256Hex } from "../../shared/src/index.ts";
-import { invalidParams, methodNotFound, objectNotFound } from "./errors.ts";
-import { loadControlPlaneState } from "./fixture-state.ts";
+import { appendFileSync, mkdirSync, readFileSync, existsSync } from "node:fs";
+import { dirname } from "node:path";
+
+import { canonicalJson, findSecret, keccak256Hex } from "../../shared/src/index.ts";
+import { invalidParams, methodNotFound, objectNotFound, secretRejected } from "./errors.ts";
+import { loadControlPlaneState, resolveControlPlanePath } from "./fixture-state.ts";
 import type {
   ControlPlaneContext,
   ControlPlaneMethod,
@@ -250,6 +253,210 @@ function devnetFinalityReceipts(state: LoadedControlPlaneState): Record<string,
   return devnetMap(state, "finalityReceipts");
 }
 
+function devnetOperatorKeyReferences(state: LoadedControlPlaneState): Record<string, JsonValue> {
+  return firstDevnetMap(state, ["operatorKeyReferences", "walletPublicMetadata", "wallets"]);
+}
+
+function devnetPeers(state: LoadedControlPlaneState): JsonObject[] {
+  return asJsonArray(state.devnet?.peers)
+    .map((entry) => asJsonObject(entry))
+    .filter((entry): entry is JsonObject => entry !== null);
+}
+
+function runtimeSourcePath(state: LoadedControlPlaneState): string {
+  return state.sources.devnet?.path ?? state.paths.devnetPath;
+}
+
+function readNdjson(path: string): JsonObject[] {
+  const resolved = resolveControlPlanePath(path);
+  if (!existsSync(resolved)) {
+    return [];
+  }
+  return readFileSync(resolved, "utf8")
+    .split(/\r?\n/)
+    .map((line) => line.trim())
+    .filter((line) => line.length > 0)
+    .map((line) => JSON.parse(line) as JsonObject);
+}
+
+function appendNdjson(path: string, row: JsonObject): void {
+  const resolved = resolveControlPlanePath(path);
+  mkdirSync(dirname(resolved), { recursive: true });
+  appendFileSync(resolved, `${JSON.stringify(row)}\n`);
+}
+
+function txIntakeRows(state: LoadedControlPlaneState): JsonObject[] {
+  const rows = readNdjson(state.paths.txIntakePath);
+  return rows.length > 0 ? rows : state.txIntake;
+}
+
+function bridgeObservationRows(state: LoadedControlPlaneState): JsonObject[] {
+  const intakeRows = readNdjson(state.paths.bridgeObservationIntakePath);
+  const byId = new Map<string, JsonObject>();
+  for (const observation of [...state.bridgeObservations, ...intakeRows]) {
+    const id = stringValue(observation.observationId)
+      ?? stringValue(asJsonObject(observation.deposit)?.depositId)
+      ?? stableId("flowmemory.control_plane.bridge_observation.row.v0", observation);
+    byId.set(id, observation);
+  }
+  return [...byId.values()].sort((left, right) => String(left.observationId ?? "").localeCompare(String(right.observationId ?? "")));
+}
+
+function nodeAccountRows(state: LoadedControlPlaneState): JsonObject[] {
+  const rows: JsonObject[] = [];
+  for (const [agentId, value] of Object.entries(devnetAgentAccounts(state))) {
+    const agent = asJsonObject(value) ?? {};
+    rows.push({
+      schema: "flowmemory.control_plane.account.v0",
+      accountId: agentId,
+      accountType: "agent",
+      controller: stringValue(agent.controller) ?? null,
+      rootfieldId: stringValue(agent.rootfieldId) ?? null,
+      balance: "0",
+      noValue: true,
+      metadata: agent,
+      source: "local-devnet",
+      localOnly: true,
+    });
+  }
+  for (const [keyReferenceId, value] of Object.entries(devnetOperatorKeyReferences(state))) {
+    const keyReference = asJsonObject(value) ?? {};
+    rows.push({
+      schema: "flowmemory.control_plane.account.v0",
+      accountId: stringValue(keyReference.operatorId) ?? keyReferenceId,
+      accountType: "operator",
+      keyReferenceId,
+      balance: "0",
+      noValue: true,
+      walletPublicMetadata: {
+        keyReferenceId,
+        operatorId: keyReference.operatorId,
+        workerKeyId: keyReference.workerKeyId,
+        verifierKeyId: keyReference.verifierKeyId,
+        verifierSetRoot: keyReference.verifierSetRoot,
+        signatureScheme: keyReference.signatureScheme,
+        publicKeyHint: keyReference.publicKeyHint,
+        secretMaterialBoundary: keyReference.secretMaterialBoundary,
+      },
+      source: "local-devnet",
+      localOnly: true,
+    });
+  }
+  if (rows.length === 0) {
+    rows.push({
+      schema: "flowmemory.control_plane.account.v0",
+      accountId: "operator:local-demo",
+      accountType: "operator",
+      balance: "0",
+      noValue: true,
+      source: "projection",
+      localOnly: true,
+    });
+  }
+  return rows.sort((left, right) => String(left.accountId).localeCompare(String(right.accountId)));
+}
+
+function walletMetadataRows(state: LoadedControlPlaneState): JsonObject[] {
+  return nodeAccountRows(state).map((account) => ({
+    schema: "flowmemory.control_plane.wallet_public_metadata.v0",
+    walletId: account.accountId,
+    accountId: account.accountId,
+    accountType: account.accountType,
+    metadata: account.walletPublicMetadata ?? account.metadata ?? {},
+    publicOnly: true,
+    localOnly: true,
+  }));
+}
+
+function mempoolRows(state: LoadedControlPlaneState): JsonObject[] {
+  const pending = asJsonArray(state.devnet?.pendingTxs)
+    .map((entry) => asJsonObject(entry))
+    .filter((entry): entry is JsonObject => entry !== null)
+    .map((tx) => ({
+      schema: "flowmemory.control_plane.mempool_transaction.v0",
+      transactionId: stringValue(tx.txId) ?? stringValue(tx.transactionId) ?? stableId("flowmemory.control_plane.mempool.devnet.v0", tx),
+      status: "pending",
+      transaction: tx,
+      source: "local-devnet",
+      localOnly: true,
+    }));
+  const intake = txIntakeRows(state).map((entry) => ({
+    schema: "flowmemory.control_plane.mempool_transaction.v0",
+    transactionId: stringValue(entry.txId) ?? stringValue(entry.intakeId) ?? stableId("flowmemory.control_plane.mempool.intake.v0", entry),
+    status: stringValue(entry.status) ?? "accepted_local",
+    transaction: entry,
+    source: "local-file-intake",
+    localOnly: true,
+  }));
+  return [...pending, ...intake].sort((left, right) => String(left.transactionId).localeCompare(String(right.transactionId)));
+}
+
+function bridgeDepositRows(state: LoadedControlPlaneState): JsonObject[] {
+  return bridgeObservationRows(state).map((observation) => {
+    const deposit = asJsonObject(observation.deposit) ?? observation;
+    const depositId = stringValue(deposit.depositId) ?? stableId("flowmemory.control_plane.bridge_deposit.v0", deposit);
+    return {
+      schema: "flowmemory.control_plane.bridge_deposit.v0",
+      depositId,
+      observationId: stringValue(observation.observationId) ?? null,
+      status: stringValue(deposit.status) ?? "observed",
+      sourceChainId: deposit.sourceChainId ?? null,
+      sourceContract: deposit.sourceContract ?? null,
+      txHash: deposit.txHash ?? null,
+      logIndex: deposit.logIndex ?? null,
+      token: deposit.token ?? null,
+      amount: deposit.amount ?? "0",
+      sender: deposit.sender ?? null,
+      flowchainRecipient: deposit.flowchainRecipient ?? null,
+      deposit,
+      observation,
+      source: "bridge-relayer",
+      localOnly: true,
+    };
+  }).sort((left, right) => String(left.depositId).localeCompare(String(right.depositId)));
+}
+
+function bridgeCreditRows(state: LoadedControlPlaneState): JsonObject[] {
+  return bridgeDepositRows(state).map((deposit) => ({
+    schema: "flowmemory.control_plane.bridge_credit.v0",
+    creditId: stableId("flowmemory.control_plane.bridge_credit.v0", deposit.depositId),
+    depositId: deposit.depositId,
+    accountId: deposit.flowchainRecipient,
+    amount: deposit.amount ?? "0",
+    token: deposit.token ?? null,
+    status: deposit.status === "rejected" ? "rejected" : "pending_local_credit",
+    source: "bridge-deposit-projection",
+    localOnly: true,
+  }));
+}
+
+function withdrawalRows(state: LoadedControlPlaneState): JsonObject[] {
+  const native = firstDevnetMap(state, ["withdrawals", "bridgeWithdrawals"]);
+  const rows = Object.entries(native).map(([withdrawalId, value]) => ({
+    schema: "flowmemory.control_plane.withdrawal.v0",
+    withdrawalId,
+    status: stringValue(asJsonObject(value)?.status) ?? "local",
+    withdrawal: asJsonObject(value) ?? {},
+    source: "local-devnet",
+    localOnly: true,
+  }));
+  if (rows.length > 0) {
+    return rows;
+  }
+  return bridgeCreditRows(state).slice(0, 1).map((credit) => ({
+    schema: "flowmemory.control_plane.withdrawal.v0",
+    withdrawalId: stableId("flowmemory.control_plane.withdrawal.projected.v0", credit.creditId),
+    creditId: credit.creditId,
+    depositId: credit.depositId,
+    accountId: credit.accountId,
+    amount: credit.amount,
+    token: credit.token,
+    status: "not_requested",
+    source: "bridge-credit-projection",
+    localOnly: true,
+  }));
+}
+
 function transactionRows(state: LoadedControlPlaneState): JsonObject[] {
   const rows: JsonObject[] = [];
   const txFixtures = txFixtureRows(state);
@@ -704,13 +911,57 @@ function finalityRows(state: LoadedControlPlaneState): JsonObject[] {
   return rows.sort((left, right) => String(left.objectId).localeCompare(String(right.objectId)));
 }
 
+function nodeStatus(_params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const blocks = devnetBlocksArray(state);
+  const latest = blocks[blocks.length - 1] ?? null;
+  return {
+    schema: "flowmemory.control_plane.node_status.v0",
+    nodeId: "flowmemory-local-control-plane",
+    status: state.devnet === null ? "degraded" : "ok",
+    runtimeStateSource: runtimeSourcePath(state),
+    chainId: typeof state.devnet?.chainId === "string" ? state.devnet.chainId : "flowmemory-local-devnet-v0",
+    latestBlockNumber: latest?.blockNumber ?? null,
+    latestBlockHash: latest?.blockHash ?? null,
+    peerCount: devnetPeers(state).length,
+    mempoolSize: mempoolRows(state).length,
+    noValue: true,
+    localOnly: true,
+  };
+}
+
+function peerList(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "peer_list");
+  const limit = pageLimit(objectParams);
+  const peers = devnetPeers(state);
+  const rows = (peers.length > 0 ? peers : [{
+    peerId: "local-single-node",
+    address: "127.0.0.1",
+    status: "self",
+  }]).slice(0, limit).map((peer) => ({
+    schema: "flowmemory.control_plane.peer.v0",
+    ...peer,
+    localOnly: true,
+  }));
+  return {
+    schema: "flowmemory.control_plane.peer_list.v0",
+    count: rows.length,
+    nextCursor: null,
+    peers: rows,
+    localOnly: true,
+  };
+}
+
 function health(_params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
   const state = stateFor(context);
   const missing = Object.values(state.sources).filter((source) => source.status === "missing").map((source) => source.name);
+  const criticalMissing = ["launchCore", "indexer", "verifier", "artifacts", "devnet"]
+    .filter((name) => state.sources[name]?.status === "missing");
   return {
     schema: "flowmemory.control_plane.health.v0",
     service: "flowmemory-control-plane-v0",
-    status: missing.length === 0 ? "ok" : "degraded",
+    status: criticalMissing.length === 0 ? "ok" : "degraded",
     localOnly: true,
     checks: {
       launchCore: state.sources.launchCore.status,
@@ -720,6 +971,7 @@ function health(_params: JsonValue | undefined, context: ControlPlaneContext): J
       devnet: state.sources.devnet.status,
       devnetControlPlaneHandoff: state.sources.devnetControlPlaneHandoff.status,
       txFixtures: state.sources.txFixtures.status,
+      bridgeObservation: state.sources.bridgeObservation.status,
     },
     counts: {
       observations: state.indexer.state.observations.length,
@@ -727,6 +979,8 @@ function health(_params: JsonValue | undefined, context: ControlPlaneContext): J
       rootfields: rootfieldRows(state).length,
       blocks: blockRows(state).length,
       transactions: transactionRows(state).length,
+      mempool: mempoolRows(state).length,
+      bridgeDeposits: bridgeDepositRows(state).length,
     },
     missingOptionalSources: missing,
   };
@@ -738,10 +992,10 @@ function chainStatus(_params: JsonValue | undefined, context: ControlPlaneContex
 
   return {
     schema: "flowmemory.control_plane.chain_status.v0",
-    chainId: "flowmemory-local-alpha",
-    settlementContext: "local fixture stack over FlowPulse and local no-value devnet handoff",
-    environment: "local-devnet-fixture",
-    source: "fixture",
+    chainId: typeof state.devnet?.chainId === "string" ? state.devnet.chainId : "flowmemory-local-alpha",
+    settlementContext: "local no-value devnet runtime over FlowPulse fixtures",
+    environment: "local-devnet",
+    source: "local-runtime-first",
     currentBlock: latest.blockNumber,
     currentBlockHash: latest.blockHash,
     finalizedBlock: finalizedBlock(state),
@@ -765,18 +1019,39 @@ function chainStatus(_params: JsonValue | undefined, context: ControlPlaneContex
       finalityRows: finalityRows(state).length,
       blocks: blockRows(state).length,
       transactions: transactionRows(state).length,
+      mempool: mempoolRows(state).length,
+      accounts: nodeAccountRows(state).length,
+      balances: nodeAccountRows(state).length,
+      faucetEvents: 1,
+      walletPublicMetadata: walletMetadataRows(state).length,
+      bridgeDeposits: bridgeDepositRows(state).length,
+      bridgeCredits: bridgeCreditRows(state).length,
+      withdrawals: withdrawalRows(state).length,
       devnetBlocks: devnetBlocksArray(state).length,
     },
     capabilities: [
       "health_reads",
-      "fixture_status_reads",
+      "node_status_reads",
+      "peer_reads",
+      "local_runtime_status_reads",
       "block_reads",
       "transaction_reads",
+      "local_transaction_file_intake",
+      "mempool_reads",
+      "account_reads",
+      "balance_reads",
+      "faucet_event_reads",
+      "wallet_public_metadata_reads",
       "receipt_lookup",
       "verifier_report_lookup",
       "memory_lineage_lookup",
       "artifact_fixture_lookup",
+      "bridge_observation_file_intake",
+      "bridge_deposit_reads",
+      "bridge_credit_reads",
+      "withdrawal_reads",
       "devnet_handoff_reads",
+      "no_secret_response_checks",
       "raw_json_reads",
     ],
     limitations: [
@@ -932,6 +1207,169 @@ function transactionGet(params: JsonValue | undefined, context: ControlPlaneCont
   };
 }
 
+function mempoolList(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "mempool_list");
+  const limit = pageLimit(objectParams);
+  const rows = mempoolRows(state).slice(0, limit);
+  return {
+    schema: "flowmemory.control_plane.mempool_list.v0",
+    count: rows.length,
+    nextCursor: null,
+    transactions: rows,
+    intakePath: state.paths.txIntakePath,
+    localOnly: true,
+  };
+}
+
+function transactionSubmit(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "transaction_submit");
+  const signedTransaction = optionalString(objectParams, "signedTransaction");
+  const transaction = asJsonObject(objectParams.transaction);
+  if (signedTransaction === undefined && transaction === null) {
+    throw invalidParams("transaction_submit requires signedTransaction or transaction");
+  }
+  const intakePayload: JsonObject = {
+    signedTransaction,
+    transaction,
+    submittedBy: optionalString(objectParams, "submittedBy") ?? "local-control-plane",
+  };
+  const finding = findSecret(intakePayload);
+  if (finding !== null) {
+    throw secretRejected("transaction intake contained secret-shaped material", finding);
+  }
+  const intakeId = stableId("flowmemory.control_plane.transaction_intake.v0", intakePayload);
+  const row: JsonObject = {
+    schema: "flowmemory.control_plane.transaction_intake.v0",
+    intakeId,
+    txId: stableId("flowmemory.control_plane.transaction.local_tx_id.v0", intakePayload),
+    receivedAt: "2026-05-13T00:00:00.000Z",
+    status: "accepted_local",
+    intakeMode: "local-file",
+    runtimeIntakePath: state.paths.txIntakePath,
+    ...intakePayload,
+    localOnly: true,
+  };
+  appendNdjson(state.paths.txIntakePath, row);
+  return {
+    schema: "flowmemory.control_plane.transaction_submit_result.v0",
+    accepted: true,
+    intakeId,
+    txId: row.txId,
+    status: row.status,
+    forwardedTo: "local-file-intake",
+    runtimeIntakePath: state.paths.txIntakePath,
+    localOnly: true,
+  };
+}
+
+function accountList(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "account_list");
+  const limit = pageLimit(objectParams);
+  const rows = nodeAccountRows(state).slice(0, limit);
+  return {
+    schema: "flowmemory.control_plane.account_list.v0",
+    count: rows.length,
+    nextCursor: null,
+    accounts: rows,
+    localOnly: true,
+  };
+}
+
+function accountGet(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "account_get");
+  const accountId = requiredString(objectParams, ["accountId", "agentId", "operatorId"], "account_get");
+  const account = nodeAccountRows(state).find((row) => row.accountId === accountId || row.keyReferenceId === accountId);
+  if (account === undefined) {
+    throw objectNotFound(`account not found: ${accountId}`, { accountId });
+  }
+  return {
+    schema: "flowmemory.control_plane.account_detail.v0",
+    account,
+    balance: {
+      schema: "flowmemory.control_plane.balance.v0",
+      accountId: account.accountId,
+      amount: account.balance ?? "0",
+      noValue: true,
+      localOnly: true,
+    },
+    localOnly: true,
+  };
+}
+
+function balanceGet(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "balance_get");
+  const accountId = requiredString(objectParams, ["accountId", "agentId", "operatorId"], "balance_get");
+  const account = nodeAccountRows(state).find((row) => row.accountId === accountId || row.keyReferenceId === accountId);
+  if (account === undefined) {
+    throw objectNotFound(`balance account not found: ${accountId}`, { accountId });
+  }
+  return {
+    schema: "flowmemory.control_plane.balance.v0",
+    accountId: account.accountId,
+    amount: "0",
+    unit: "no-value-local-credit",
+    noValue: true,
+    localOnly: true,
+  };
+}
+
+function faucetEventList(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "faucet_event_list");
+  const limit = pageLimit(objectParams);
+  const accounts = nodeAccountRows(state);
+  const events = accounts.slice(0, Math.min(limit, accounts.length)).map((account) => ({
+    schema: "flowmemory.control_plane.faucet_event.v0",
+    eventId: stableId("flowmemory.control_plane.faucet_event.no_value.v0", account.accountId),
+    accountId: account.accountId,
+    amount: "0",
+    status: "no_value_local_faucet_disabled",
+    note: "The local runtime is explicitly no-value; faucet events are metadata only.",
+    localOnly: true,
+  }));
+  return {
+    schema: "flowmemory.control_plane.faucet_event_list.v0",
+    count: events.length,
+    nextCursor: null,
+    faucetEvents: events,
+    localOnly: true,
+  };
+}
+
+function walletMetadataList(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "wallet_metadata_list");
+  const limit = pageLimit(objectParams);
+  const rows = walletMetadataRows(state).slice(0, limit);
+  return {
+    schema: "flowmemory.control_plane.wallet_public_metadata_list.v0",
+    count: rows.length,
+    nextCursor: null,
+    wallets: rows,
+    localOnly: true,
+  };
+}
+
+function walletMetadataGet(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "wallet_metadata_get");
+  const walletId = requiredString(objectParams, ["walletId", "accountId"], "wallet_metadata_get");
+  const wallet = walletMetadataRows(state).find((row) => row.walletId === walletId || row.accountId === walletId);
+  if (wallet === undefined) {
+    throw objectNotFound(`wallet public metadata not found: ${walletId}`, { walletId });
+  }
+  return {
+    schema: "flowmemory.control_plane.wallet_public_metadata_detail.v0",
+    wallet,
+    localOnly: true,
+  };
+}
+
 function rootfieldGet(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
   const state = stateFor(context);
   const objectParams = asObjectParams(params, "rootfield_get");
@@ -1550,6 +1988,158 @@ function finalityList(params: JsonValue | undefined, context: ControlPlaneContex
   };
 }
 
+function bridgeObservationList(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "bridge_observation_list");
+  const limit = pageLimit(objectParams);
+  const rows = bridgeObservationRows(state).slice(0, limit);
+  return {
+    schema: "flowmemory.control_plane.bridge_observation_list.v0",
+    count: rows.length,
+    nextCursor: null,
+    observations: rows,
+    localOnly: true,
+  };
+}
+
+function bridgeObservationGet(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "bridge_observation_get");
+  const key = requiredString(objectParams, ["observationId", "depositId", "txHash"], "bridge_observation_get");
+  const observation = bridgeObservationRows(state).find((row) => {
+    const deposit = asJsonObject(row.deposit) ?? {};
+    return row.observationId === key || deposit.depositId === key || deposit.txHash === key;
+  });
+  if (observation === undefined) {
+    throw objectNotFound(`bridge observation not found: ${key}`, { id: key });
+  }
+  return {
+    schema: "flowmemory.control_plane.bridge_observation.v0",
+    observation,
+    localOnly: true,
+  };
+}
+
+function bridgeObservationSubmit(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "bridge_observation_submit");
+  const observation = asJsonObject(objectParams.observation) ?? objectParams;
+  const finding = findSecret(observation);
+  if (finding !== null) {
+    throw secretRejected("bridge observation intake contained secret-shaped material", finding);
+  }
+  const observationId = stringValue(observation.observationId)
+    ?? stableId("flowmemory.control_plane.bridge_observation_intake.v0", observation);
+  const row: JsonObject = {
+    schema: "flowmemory.bridge_deposit_observation.v0",
+    observationId,
+    observedAt: stringValue(observation.observedAt) ?? "2026-05-13T00:00:00.000Z",
+    mode: stringValue(observation.mode) ?? "mock",
+    productionReady: false,
+    ...observation,
+    intakeStatus: "accepted_local",
+    localOnly: true,
+  };
+  appendNdjson(state.paths.bridgeObservationIntakePath, row);
+  return {
+    schema: "flowmemory.control_plane.bridge_observation_submit_result.v0",
+    accepted: true,
+    observationId,
+    forwardedTo: "local-file-intake",
+    runtimeIntakePath: state.paths.bridgeObservationIntakePath,
+    localOnly: true,
+  };
+}
+
+function bridgeDepositList(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "bridge_deposit_list");
+  const limit = pageLimit(objectParams);
+  const rows = bridgeDepositRows(state).slice(0, limit);
+  return {
+    schema: "flowmemory.control_plane.bridge_deposit_list.v0",
+    count: rows.length,
+    nextCursor: null,
+    deposits: rows,
+    localOnly: true,
+  };
+}
+
+function bridgeDepositGet(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "bridge_deposit_get");
+  const key = requiredString(objectParams, ["depositId", "observationId", "txHash"], "bridge_deposit_get");
+  const deposit = bridgeDepositRows(state).find((row) => row.depositId === key || row.observationId === key || row.txHash === key);
+  if (deposit === undefined) {
+    throw objectNotFound(`bridge deposit not found: ${key}`, { id: key });
+  }
+  return {
+    schema: "flowmemory.control_plane.bridge_deposit_detail.v0",
+    deposit,
+    localOnly: true,
+  };
+}
+
+function bridgeCreditList(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "bridge_credit_list");
+  const limit = pageLimit(objectParams);
+  const rows = bridgeCreditRows(state).slice(0, limit);
+  return {
+    schema: "flowmemory.control_plane.bridge_credit_list.v0",
+    count: rows.length,
+    nextCursor: null,
+    credits: rows,
+    localOnly: true,
+  };
+}
+
+function bridgeCreditGet(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "bridge_credit_get");
+  const key = requiredString(objectParams, ["creditId", "depositId", "accountId"], "bridge_credit_get");
+  const credit = bridgeCreditRows(state).find((row) => row.creditId === key || row.depositId === key || row.accountId === key);
+  if (credit === undefined) {
+    throw objectNotFound(`bridge credit not found: ${key}`, { id: key });
+  }
+  return {
+    schema: "flowmemory.control_plane.bridge_credit_detail.v0",
+    credit,
+    localOnly: true,
+  };
+}
+
+function withdrawalList(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "withdrawal_list");
+  const limit = pageLimit(objectParams);
+  const rows = withdrawalRows(state).slice(0, limit);
+  return {
+    schema: "flowmemory.control_plane.withdrawal_list.v0",
+    count: rows.length,
+    nextCursor: null,
+    withdrawals: rows,
+    localOnly: true,
+  };
+}
+
+function withdrawalGet(params: JsonValue | undefined, context: ControlPlaneContext): JsonValue {
+  const state = stateFor(context);
+  const objectParams = asObjectParams(params, "withdrawal_get");
+  const key = requiredString(objectParams, ["withdrawalId", "creditId", "depositId", "accountId"], "withdrawal_get");
+  const withdrawal = withdrawalRows(state).find((row) => {
+    return row.withdrawalId === key || row.creditId === key || row.depositId === key || row.accountId === key;
+  });
+  if (withdrawal === undefined) {
+    throw objectNotFound(`withdrawal not found: ${key}`, { id: key });
+  }
+  return {
+    schema: "flowmemory.control_plane.withdrawal_detail.v0",
+    withdrawal,
+    localOnly: true,
+  };
+}
+
 function findObject(state: LoadedControlPlaneState, key: string): { type: string; object: JsonObject } {
   const receipt = receiptByAnyId(state, key);
   if (receipt !== undefined) {
@@ -1595,6 +2185,22 @@ function findObject(state: LoadedControlPlaneState, key: string): { type: string
   if (artifactAvailability !== undefined) {
     return { type: "artifact_availability", object: artifactAvailability };
   }
+  const account = nodeAccountRows(state).find((candidate) => candidate.accountId === key || candidate.keyReferenceId === key);
+  if (account !== undefined) {
+    return { type: "account", object: account };
+  }
+  const bridgeDeposit = bridgeDepositRows(state).find((candidate) => candidate.depositId === key || candidate.observationId === key || candidate.txHash === key);
+  if (bridgeDeposit !== undefined) {
+    return { type: "bridge_deposit", object: bridgeDeposit };
+  }
+  const bridgeCredit = bridgeCreditRows(state).find((candidate) => candidate.creditId === key || candidate.depositId === key || candidate.accountId === key);
+  if (bridgeCredit !== undefined) {
+    return { type: "bridge_credit", object: bridgeCredit };
+  }
+  const withdrawal = withdrawalRows(state).find((candidate) => candidate.withdrawalId === key || candidate.creditId === key || candidate.depositId === key || candidate.accountId === key);
+  if (withdrawal !== undefined) {
+    return { type: "withdrawal", object: withdrawal };
+  }
   const devnetReceipt = devnetWorkReceipts(state)[key];
   if (devnetReceipt !== undefined) {
     return { type: "devnet_work_receipt", object: devnetReceipt as JsonObject };
@@ -1760,6 +2366,8 @@ function rawJsonGet(params: JsonValue | undefined, context: ControlPlaneContext)
     devnetVerifierHandoff: state.devnetVerifierHandoff,
     devnetControlPlaneHandoff: state.devnetControlPlaneHandoff,
     txFixtures: state.txFixtures,
+    txIntake: txIntakeRows(state) as unknown as JsonValue,
+    bridgeObservations: bridgeObservationRows(state) as unknown as JsonValue,
   };
 
   if (!Object.prototype.hasOwnProperty.call(allowed, source)) {
@@ -1784,12 +2392,22 @@ function rawJsonGet(params: JsonValue | undefined, context: ControlPlaneContext)
 
 export const CONTROL_PLANE_METHODS: Record<ControlPlaneMethod, MethodHandler> = {
   health,
+  node_status: nodeStatus,
+  peer_list: peerList,
   chain_status: chainStatus,
   devnet_state: devnetState,
   block_get: blockGet,
   block_list: blockList,
+  mempool_list: mempoolList,
   transaction_get: transactionGet,
   transaction_list: transactionList,
+  transaction_submit: transactionSubmit,
+  account_get: accountGet,
+  account_list: accountList,
+  balance_get: balanceGet,
+  faucet_event_list: faucetEventList,
+  wallet_metadata_get: walletMetadataGet,
+  wallet_metadata_list: walletMetadataList,
   rootfield_get: rootfieldGet,
   rootfield_list: rootfieldList,
   artifact_get: artifactGet,
@@ -1813,6 +2431,15 @@ export const CONTROL_PLANE_METHODS: Record<ControlPlaneMethod, MethodHandler> =
   challenge_list: challengeList,
   finality_get: finalityGet,
   finality_list: finalityList,
+  bridge_observation_get: bridgeObservationGet,
+  bridge_observation_list: bridgeObservationList,
+  bridge_observation_submit: bridgeObservationSubmit,
+  bridge_deposit_get: bridgeDepositGet,
+  bridge_deposit_list: bridgeDepositList,
+  bridge_credit_get: bridgeCreditGet,
+  bridge_credit_list: bridgeCreditList,
+  withdrawal_get: withdrawalGet,
+  withdrawal_list: withdrawalList,
   provenance_get: provenanceGet,
   raw_json_get: rawJsonGet,
 };
diff --git a/services/control-plane/src/server.ts b/services/control-plane/src/server.ts
index 84f4a9b2..0584c0cf 100644
--- a/services/control-plane/src/server.ts
+++ b/services/control-plane/src/server.ts
@@ -78,7 +78,13 @@ export function startControlPlaneServer(options: ServerOptions): ReturnType<type
       return;
     }
 
-    if (req.method !== "POST" || req.url !== "/rpc") {
+    if (req.method === "GET" && req.url === "/bridge/observations") {
+      const response = dispatchJsonRpc({ jsonrpc: "2.0", id: "bridge-observations", method: "bridge_observation_list" }, { state });
+      writeJson(res, 200, jsonResult(response));
+      return;
+    }
+
+    if (req.method !== "POST" || (req.url !== "/rpc" && req.url !== "/bridge/observations")) {
       writeJson(res, 404, { error: "not found" });
       return;
     }
@@ -91,7 +97,10 @@ export function startControlPlaneServer(options: ServerOptions): ReturnType<type
     req.on("end", () => {
       try {
         const payload = JSON.parse(body) as unknown;
-        const response = dispatchJsonRpc(payload, { state });
+        const rpcPayload = req.url === "/bridge/observations"
+          ? { jsonrpc: "2.0", id: "bridge-observation-submit", method: "bridge_observation_submit", params: { observation: payload } }
+          : payload;
+        const response = dispatchJsonRpc(rpcPayload, { state });
         if (response === undefined) {
           res.writeHead(204, jsonHeaders);
           res.end();
diff --git a/services/control-plane/src/smoke.ts b/services/control-plane/src/smoke.ts
index 482a23e9..5b56f3a3 100644
--- a/services/control-plane/src/smoke.ts
+++ b/services/control-plane/src/smoke.ts
@@ -2,7 +2,7 @@ import { fileURLToPath } from "node:url";
 
 import { dispatchJsonRpc } from "./json-rpc.ts";
 import { loadControlPlaneState } from "./fixture-state.ts";
-import type { JsonObject, RpcErrorResponse, RpcSuccessResponse } from "./types.ts";
+import type { ControlPlanePaths, JsonObject, RpcErrorResponse, RpcSuccessResponse } from "./types.ts";
 
 function firstDevnetBlock(state: ReturnType<typeof loadControlPlaneState>): JsonObject {
   const blocks = Array.isArray(state.devnet?.blocks) ? state.devnet.blocks : [];
@@ -20,8 +20,8 @@ function stringField(value: unknown, name: string): string {
   return String(value);
 }
 
-export function runControlPlaneSmoke(): JsonObject {
-  const state = loadControlPlaneState();
+export function runControlPlaneSmoke(pathOverrides: Partial<ControlPlanePaths> = {}): JsonObject {
+  const state = loadControlPlaneState(pathOverrides);
   const rootfieldId = state.launchCore.rootfieldBundles[0]?.rootfieldId;
   const receipt = state.launchCore.memoryReceipts[0];
   const reportId = receipt?.reportId;
@@ -29,6 +29,18 @@ export function runControlPlaneSmoke(): JsonObject {
   const block = firstDevnetBlock(state);
   const txIds = Array.isArray(block.txIds) ? block.txIds : [];
   const txId = stringField(txIds[0], "devnet txId");
+  const accounts = dispatchJsonRpc({ jsonrpc: "2.0", id: "accounts-prefetch", method: "account_list" }, { state }) as RpcSuccessResponse;
+  const account = ((accounts.result as JsonObject).accounts as JsonObject[])[0];
+  const accountId = stringField(account.accountId, "accountId");
+  const deposits = dispatchJsonRpc({ jsonrpc: "2.0", id: "bridge-deposits-prefetch", method: "bridge_deposit_list" }, { state }) as RpcSuccessResponse;
+  const deposit = ((deposits.result as JsonObject).deposits as JsonObject[])[0];
+  const depositId = stringField(deposit.depositId, "depositId");
+  const credits = dispatchJsonRpc({ jsonrpc: "2.0", id: "bridge-credits-prefetch", method: "bridge_credit_list" }, { state }) as RpcSuccessResponse;
+  const credit = ((credits.result as JsonObject).credits as JsonObject[])[0];
+  const creditId = stringField(credit.creditId, "creditId");
+  const withdrawals = dispatchJsonRpc({ jsonrpc: "2.0", id: "withdrawals-prefetch", method: "withdrawal_list" }, { state }) as RpcSuccessResponse;
+  const withdrawal = ((withdrawals.result as JsonObject).withdrawals as JsonObject[])[0];
+  const withdrawalId = stringField(withdrawal.withdrawalId, "withdrawalId");
 
   if (rootfieldId === undefined || receipt === undefined || reportId === undefined || artifactUri === undefined) {
     throw new Error("control-plane smoke requires launch-core rootfield, receipt, report, and artifact fixture data");
@@ -36,12 +48,34 @@ export function runControlPlaneSmoke(): JsonObject {
 
   const requests = [
     { jsonrpc: "2.0", id: "health", method: "health" },
+    { jsonrpc: "2.0", id: "node", method: "node_status" },
+    { jsonrpc: "2.0", id: "peers", method: "peer_list", params: { limit: 10 } },
     { jsonrpc: "2.0", id: "chain", method: "chain_status" },
     { jsonrpc: "2.0", id: "devnet", method: "devnet_state", params: { includeBlocks: true } },
     { jsonrpc: "2.0", id: "blocks", method: "block_list", params: { limit: 10 } },
     { jsonrpc: "2.0", id: "block", method: "block_get", params: { blockNumber: stringField(block.blockNumber, "blockNumber"), includeTransactions: true } },
     { jsonrpc: "2.0", id: "transactions", method: "transaction_list", params: { limit: 10 } },
     { jsonrpc: "2.0", id: "transaction", method: "transaction_get", params: { txId } },
+    {
+      jsonrpc: "2.0",
+      id: "transactionSubmit",
+      method: "transaction_submit",
+      params: {
+        transaction: {
+          schema: "flowmemory.control_plane.smoke_transaction.v0",
+          action: "local-smoke",
+          nonce: "0",
+        },
+        submittedBy: "control-plane-smoke",
+      },
+    },
+    { jsonrpc: "2.0", id: "mempool", method: "mempool_list", params: { limit: 10 } },
+    { jsonrpc: "2.0", id: "accounts", method: "account_list", params: { limit: 10 } },
+    { jsonrpc: "2.0", id: "account", method: "account_get", params: { accountId } },
+    { jsonrpc: "2.0", id: "balance", method: "balance_get", params: { accountId } },
+    { jsonrpc: "2.0", id: "faucet", method: "faucet_event_list", params: { limit: 10 } },
+    { jsonrpc: "2.0", id: "wallets", method: "wallet_metadata_list", params: { limit: 10 } },
+    { jsonrpc: "2.0", id: "wallet", method: "wallet_metadata_get", params: { walletId: accountId } },
     { jsonrpc: "2.0", id: "rootfields", method: "rootfield_list", params: { limit: 10 } },
     { jsonrpc: "2.0", id: "rootfield", method: "rootfield_get", params: { rootfieldId } },
     { jsonrpc: "2.0", id: "agents", method: "agent_list", params: { limit: 10 } },
@@ -64,6 +98,14 @@ export function runControlPlaneSmoke(): JsonObject {
     { jsonrpc: "2.0", id: "challenge", method: "challenge_get", params: { receiptId: receipt.receiptId } },
     { jsonrpc: "2.0", id: "finalityList", method: "finality_list", params: { limit: 10 } },
     { jsonrpc: "2.0", id: "finality", method: "finality_get", params: { receiptId: receipt.receiptId } },
+    { jsonrpc: "2.0", id: "bridgeObservationList", method: "bridge_observation_list", params: { limit: 10 } },
+    { jsonrpc: "2.0", id: "bridgeObservation", method: "bridge_observation_get", params: { depositId } },
+    { jsonrpc: "2.0", id: "bridgeDeposits", method: "bridge_deposit_list", params: { limit: 10 } },
+    { jsonrpc: "2.0", id: "bridgeDeposit", method: "bridge_deposit_get", params: { depositId } },
+    { jsonrpc: "2.0", id: "bridgeCredits", method: "bridge_credit_list", params: { limit: 10 } },
+    { jsonrpc: "2.0", id: "bridgeCredit", method: "bridge_credit_get", params: { creditId } },
+    { jsonrpc: "2.0", id: "withdrawals", method: "withdrawal_list", params: { limit: 10 } },
+    { jsonrpc: "2.0", id: "withdrawal", method: "withdrawal_get", params: { withdrawalId } },
     { jsonrpc: "2.0", id: "provenance", method: "provenance_get", params: { receiptId: receipt.receiptId } },
     { jsonrpc: "2.0", id: "raw", method: "raw_json_get", params: { source: "launchCore" } },
   ] as const;
@@ -91,6 +133,8 @@ export function runControlPlaneSmoke(): JsonObject {
       artifactUri,
       blockNumber: stringField(block.blockNumber, "blockNumber"),
       txId,
+      accountId,
+      depositId,
     },
     localOnly: true,
   };
diff --git a/services/control-plane/src/types.ts b/services/control-plane/src/types.ts
index d0a0b948..9d9dc85f 100644
--- a/services/control-plane/src/types.ts
+++ b/services/control-plane/src/types.ts
@@ -14,12 +14,22 @@ export type JsonObject = { [key: string]: JsonValue | undefined };
 
 export type ControlPlaneMethod =
   | "health"
+  | "node_status"
+  | "peer_list"
   | "chain_status"
   | "devnet_state"
   | "block_get"
   | "block_list"
+  | "mempool_list"
   | "transaction_get"
   | "transaction_list"
+  | "transaction_submit"
+  | "account_get"
+  | "account_list"
+  | "balance_get"
+  | "faucet_event_list"
+  | "wallet_metadata_get"
+  | "wallet_metadata_list"
   | "rootfield_get"
   | "rootfield_list"
   | "artifact_get"
@@ -43,6 +53,15 @@ export type ControlPlaneMethod =
   | "challenge_list"
   | "finality_get"
   | "finality_list"
+  | "bridge_observation_get"
+  | "bridge_observation_list"
+  | "bridge_observation_submit"
+  | "bridge_deposit_get"
+  | "bridge_deposit_list"
+  | "bridge_credit_get"
+  | "bridge_credit_list"
+  | "withdrawal_get"
+  | "withdrawal_list"
   | "provenance_get"
   | "raw_json_get";
 
@@ -51,11 +70,16 @@ export interface ControlPlanePaths {
   indexerPath: string;
   verifierPath: string;
   artifactsPath: string;
+  localDevnetPath: string;
+  localDevnetLaunchPath: string;
   devnetPath: string;
   devnetIndexerHandoffPath: string;
   devnetVerifierHandoffPath: string;
   devnetControlPlaneHandoffPath: string;
   txFixturesPath: string;
+  txIntakePath: string;
+  bridgeObservationPath: string;
+  bridgeObservationIntakePath: string;
 }
 
 export interface DataSourceRecord {
@@ -77,6 +101,9 @@ export interface LoadedControlPlaneState {
   devnetVerifierHandoff: JsonObject | null;
   devnetControlPlaneHandoff: JsonObject | null;
   txFixtures: JsonObject | null;
+  txIntake: JsonObject[];
+  bridgeObservations: JsonObject[];
+  paths: ControlPlanePaths;
   sources: Record<string, DataSourceRecord>;
 }
 
diff --git a/services/control-plane/test/control-plane.test.ts b/services/control-plane/test/control-plane.test.ts
index fe925d2e..8de81dd5 100644
--- a/services/control-plane/test/control-plane.test.ts
+++ b/services/control-plane/test/control-plane.test.ts
@@ -1,6 +1,6 @@
 import assert from "node:assert/strict";
 import { once } from "node:events";
-import { mkdtempSync, rmSync } from "node:fs";
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 import test from "node:test";
@@ -53,8 +53,15 @@ test("validates malformed requests and bad params with stable codes", () => {
 });
 
 test("keeps deterministic chain status response snapshots", () => {
-  const first = dispatchJsonRpc({ jsonrpc: "2.0", id: 1, method: "chain_status" }) as RpcSuccessResponse;
-  const second = dispatchJsonRpc({ jsonrpc: "2.0", id: 2, method: "chain_status" }) as RpcSuccessResponse;
+  const dir = mkdtempSync(join(tmpdir(), "flowmemory-control-plane-snapshot-"));
+  const state = loadControlPlaneState({
+    localDevnetPath: join(dir, "missing-local-state.json"),
+    localDevnetLaunchPath: join(dir, "missing-local-launch-state.json"),
+    txIntakePath: join(dir, "transactions.ndjson"),
+    bridgeObservationIntakePath: join(dir, "bridge-observations.ndjson"),
+  });
+  const first = dispatchJsonRpc({ jsonrpc: "2.0", id: 1, method: "chain_status" }, { state }) as RpcSuccessResponse;
+  const second = dispatchJsonRpc({ jsonrpc: "2.0", id: 2, method: "chain_status" }, { state }) as RpcSuccessResponse;
   const snapshot = (response: RpcSuccessResponse) => {
     const result = response.result;
     return canonicalJson({
@@ -68,8 +75,9 @@ test("keeps deterministic chain status response snapshots", () => {
   assert.equal(snapshot(first), snapshot(second));
   assert.equal(
     snapshot(first),
-    "{\"capabilities\":[\"health_reads\",\"fixture_status_reads\",\"block_reads\",\"transaction_reads\",\"receipt_lookup\",\"verifier_report_lookup\",\"memory_lineage_lookup\",\"artifact_fixture_lookup\",\"devnet_handoff_reads\",\"raw_json_reads\"],\"chainId\":\"flowmemory-local-alpha\",\"counts\":{\"agents\":2,\"artifactAvailability\":5,\"blocks\":11,\"challenges\":1,\"devnetBlocks\":2,\"duplicates\":1,\"finalityRows\":9,\"memoryCells\":1,\"memoryReceipts\":8,\"memorySignals\":8,\"models\":2,\"observations\":8,\"rejectedLogs\":2,\"rootfields\":2,\"transactions\":23,\"verifierModules\":3,\"verifierReports\":8,\"workReceipts\":9},\"schema\":\"flowmemory.control_plane.chain_status.v0\"}",
+    "{\"capabilities\":[\"health_reads\",\"node_status_reads\",\"peer_reads\",\"local_runtime_status_reads\",\"block_reads\",\"transaction_reads\",\"local_transaction_file_intake\",\"mempool_reads\",\"account_reads\",\"balance_reads\",\"faucet_event_reads\",\"wallet_public_metadata_reads\",\"receipt_lookup\",\"verifier_report_lookup\",\"memory_lineage_lookup\",\"artifact_fixture_lookup\",\"bridge_observation_file_intake\",\"bridge_deposit_reads\",\"bridge_credit_reads\",\"withdrawal_reads\",\"devnet_handoff_reads\",\"no_secret_response_checks\",\"raw_json_reads\"],\"chainId\":\"flowmemory-local-devnet-v0\",\"counts\":{\"accounts\":2,\"agents\":2,\"artifactAvailability\":5,\"balances\":2,\"blocks\":11,\"bridgeCredits\":1,\"bridgeDeposits\":1,\"challenges\":1,\"devnetBlocks\":2,\"duplicates\":1,\"faucetEvents\":1,\"finalityRows\":9,\"memoryCells\":1,\"memoryReceipts\":8,\"memorySignals\":8,\"mempool\":0,\"models\":2,\"observations\":8,\"rejectedLogs\":2,\"rootfields\":2,\"transactions\":25,\"verifierModules\":3,\"verifierReports\":8,\"walletPublicMetadata\":2,\"withdrawals\":1,\"workReceipts\":9},\"schema\":\"flowmemory.control_plane.chain_status.v0\"}",
   );
+  rmSync(dir, { recursive: true, force: true });
 });
 
 test("recovers when generated launch/indexer/verifier fixtures are missing", () => {
@@ -164,13 +172,121 @@ test("exposes artifact, devnet, challenge, and finality read methods", () => {
   assert.equal(finality.result.status, "local-finalized");
 });
 
+test("prefers devnet/local runtime state over committed devnet fixtures", () => {
+  const dir = mkdtempSync(join(tmpdir(), "flowmemory-control-plane-local-runtime-"));
+  const localRuntimePath = join(dir, "launch-v0-state.json");
+  try {
+    writeFileSync(localRuntimePath, JSON.stringify({
+      schema: "flowmemory.local_devnet.state.v0",
+      chainId: "flowmemory-local-devnet-v0",
+      blocks: [],
+    }));
+    const state = loadControlPlaneState({
+      localDevnetPath: join(dir, "missing-state.json"),
+      localDevnetLaunchPath: localRuntimePath,
+    });
+
+    assert.equal(state.sources.devnet.path, localRuntimePath);
+    assert.equal(state.sources.devnet.status, "recovered");
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("submits local transactions to the file-backed runtime intake path", () => {
+  const dir = mkdtempSync(join(tmpdir(), "flowmemory-control-plane-intake-"));
+  try {
+    const state = loadControlPlaneState({ txIntakePath: join(dir, "transactions.ndjson") });
+    const response = dispatchJsonRpc(
+      {
+        jsonrpc: "2.0",
+        id: 1,
+        method: "transaction_submit",
+        params: {
+          transaction: {
+            schema: "flowmemory.test_transaction.v0",
+            action: "test",
+          },
+        },
+      },
+      { state },
+    ) as RpcSuccessResponse;
+    const mempool = dispatchJsonRpc({ jsonrpc: "2.0", id: 2, method: "mempool_list" }, { state }) as RpcSuccessResponse;
+
+    assert.equal(response.result.accepted, true);
+    assert.equal(mempool.result.count, 1);
+    assert.equal(mempool.result.transactions[0].source, "local-file-intake");
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+test("exposes account, wallet, bridge deposit, credit, and withdrawal reads", () => {
+  const state = loadControlPlaneState();
+  const accounts = dispatchJsonRpc({ jsonrpc: "2.0", id: 1, method: "account_list" }, { state }) as RpcSuccessResponse;
+  const accountId = accounts.result.accounts[0].accountId as string;
+  const deposits = dispatchJsonRpc({ jsonrpc: "2.0", id: 2, method: "bridge_deposit_list" }, { state }) as RpcSuccessResponse;
+  const depositId = deposits.result.deposits[0].depositId as string;
+  const credits = dispatchJsonRpc({ jsonrpc: "2.0", id: 3, method: "bridge_credit_list" }, { state }) as RpcSuccessResponse;
+  const creditId = credits.result.credits[0].creditId as string;
+  const withdrawals = dispatchJsonRpc({ jsonrpc: "2.0", id: 4, method: "withdrawal_list" }, { state }) as RpcSuccessResponse;
+  const withdrawalId = withdrawals.result.withdrawals[0].withdrawalId as string;
+
+  assert.equal((dispatchJsonRpc({ jsonrpc: "2.0", id: 5, method: "account_get", params: { accountId } }, { state }) as RpcSuccessResponse).result.schema, "flowmemory.control_plane.account_detail.v0");
+  assert.equal((dispatchJsonRpc({ jsonrpc: "2.0", id: 6, method: "wallet_metadata_get", params: { walletId: accountId } }, { state }) as RpcSuccessResponse).result.schema, "flowmemory.control_plane.wallet_public_metadata_detail.v0");
+  assert.equal((dispatchJsonRpc({ jsonrpc: "2.0", id: 7, method: "balance_get", params: { accountId } }, { state }) as RpcSuccessResponse).result.noValue, true);
+  assert.equal((dispatchJsonRpc({ jsonrpc: "2.0", id: 8, method: "bridge_deposit_get", params: { depositId } }, { state }) as RpcSuccessResponse).result.schema, "flowmemory.control_plane.bridge_deposit_detail.v0");
+  assert.equal((dispatchJsonRpc({ jsonrpc: "2.0", id: 9, method: "bridge_credit_get", params: { creditId } }, { state }) as RpcSuccessResponse).result.schema, "flowmemory.control_plane.bridge_credit_detail.v0");
+  assert.equal((dispatchJsonRpc({ jsonrpc: "2.0", id: 10, method: "withdrawal_get", params: { withdrawalId } }, { state }) as RpcSuccessResponse).result.schema, "flowmemory.control_plane.withdrawal_detail.v0");
+});
+
+test("rejects secret-shaped intake and responses before returning them", () => {
+  const dir = mkdtempSync(join(tmpdir(), "flowmemory-control-plane-secret-"));
+  try {
+    const secretFixturePath = join(dir, "tx-fixtures.json");
+    writeFileSync(secretFixturePath, JSON.stringify({ privateKey: `0x${"1".repeat(64)}` }));
+    const state = loadControlPlaneState({
+      txFixturesPath: secretFixturePath,
+      txIntakePath: join(dir, "transactions.ndjson"),
+    });
+    const submit = dispatchJsonRpc(
+      {
+        jsonrpc: "2.0",
+        id: 1,
+        method: "transaction_submit",
+        params: {
+          transaction: {
+            schema: "flowmemory.test_transaction.v0",
+            privateKey: `0x${"1".repeat(64)}`,
+          },
+        },
+      },
+      { state },
+    ) as RpcErrorResponse;
+    const raw = dispatchJsonRpc(
+      { jsonrpc: "2.0", id: 2, method: "raw_json_get", params: { source: "txFixtures" } },
+      { state },
+    ) as RpcErrorResponse;
+
+    assert.equal(submit.error.data.reasonCode, "secret.rejected");
+    assert.equal(raw.error.data.reasonCode, "secret.rejected");
+  } finally {
+    rmSync(dir, { recursive: true, force: true });
+  }
+});
+
 test("smoke client queries the complete local lifecycle surface", () => {
-  const smoke = runControlPlaneSmoke();
+  const dir = mkdtempSync(join(tmpdir(), "flowmemory-control-plane-smoke-"));
+  const smoke = runControlPlaneSmoke({
+    txIntakePath: join(dir, "transactions.ndjson"),
+    bridgeObservationIntakePath: join(dir, "bridge-observations.ndjson"),
+  });
 
   assert.equal(smoke.schema, "flowmemory.control_plane.smoke.v0");
   assert.equal(smoke.ok, true);
-  assert.equal(smoke.methodCount, 31);
+  assert.equal(smoke.methodCount, 49);
   assert.ok((smoke.responseSchemas as string[]).includes("flowmemory.control_plane.raw_json.v0"));
+  rmSync(dir, { recursive: true, force: true });
 });
 
 test("HTTP server exposes browser-safe health and state endpoints", async () => {
@@ -196,6 +312,22 @@ test("HTTP server exposes browser-safe health and state endpoints", async () =>
     assert.equal(state.status, 200);
     assert.equal(state.headers.get("access-control-allow-origin"), "*");
     assert.equal((await state.json()).schema, "flowmemory.control_plane.devnet_state.v0");
+
+    const rpc = await fetch(`http://127.0.0.1:${port}/rpc`, {
+      method: "POST",
+      headers: { "content-type": "application/json", Origin: "http://127.0.0.1:5173" },
+      body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "node_status" }),
+    });
+    assert.equal(rpc.status, 200);
+    assert.equal(rpc.headers.get("access-control-allow-origin"), "*");
+    assert.equal((await rpc.json()).result.schema, "flowmemory.control_plane.node_status.v0");
+
+    const bridge = await fetch(`http://127.0.0.1:${port}/bridge/observations`, {
+      headers: { Origin: "http://127.0.0.1:5173" },
+    });
+    assert.equal(bridge.status, 200);
+    assert.equal(bridge.headers.get("access-control-allow-origin"), "*");
+    assert.equal((await bridge.json()).schema, "flowmemory.control_plane.bridge_observation_list.v0");
   } finally {
     await new Promise<void>((resolve, reject) => {
       server.close((error) => {
diff --git a/services/shared/src/index.ts b/services/shared/src/index.ts
index 77f3874c..13cd6ad8 100644
--- a/services/shared/src/index.ts
+++ b/services/shared/src/index.ts
@@ -6,3 +6,4 @@ export * from "./hex.ts";
 export * from "./keccak.ts";
 export * from "./observation.ts";
 export * from "./report.ts";
+export * from "./secret-scan.ts";
diff --git a/services/shared/src/secret-scan.ts b/services/shared/src/secret-scan.ts
new file mode 100644
index 00000000..b841efbc
--- /dev/null
+++ b/services/shared/src/secret-scan.ts
@@ -0,0 +1,113 @@
+export interface SecretFinding {
+  path: string;
+  reasonCode:
+    | "secret.key_name"
+    | "secret.private_key"
+    | "secret.mnemonic"
+    | "secret.rpc_credential"
+    | "secret.api_key"
+    | "secret.webhook_url";
+}
+
+const SENSITIVE_KEY_RE = /(^|[_-])(private[_-]?key|mnemonic|seed[_-]?phrase|rpc[_-]?(url|credential|password|token)|api[_-]?key|webhook[_-]?url|secret[_-]?key)([_-]|$)/i;
+const LABELED_PRIVATE_KEY_RE = /\b(private key|privkey|secret key)\b\s*[:=]\s*0x[0-9a-f]{64}\b/i;
+const RPC_CREDENTIAL_RE = /\bhttps?:\/\/[^/\s:@]+:[^/\s:@]+@/i;
+const API_KEY_VALUE_RE = /\b(?:sk|pk|rk|ghp|gho|ghu|github_pat|xox[baprs])-[-_A-Za-z0-9]{16,}\b/;
+const WEBHOOK_URL_RE = /\bhttps:\/\/(?:hooks\.slack\.com|discord(?:app)?\.com\/api\/webhooks|.*webhook)[^\s"']+/i;
+
+const MNEMONIC_WORDS = new Set([
+  "abandon", "ability", "able", "about", "above", "absent", "absorb", "abstract",
+  "absurd", "abuse", "access", "accident", "account", "accuse", "achieve",
+  "acid", "acoustic", "acquire", "across", "act", "action", "actor", "actress",
+  "actual", "adapt", "add", "addict", "address", "adjust", "admit", "adult",
+  "advance", "advice", "aerobic", "affair", "afford", "afraid", "again", "age",
+  "agent", "agree", "ahead", "aim", "air", "airport", "aisle", "alarm",
+  "album", "alcohol", "alert", "alien", "all", "alley", "allow", "almost",
+  "alone", "alpha", "already", "also", "alter", "always", "amateur", "amazing",
+  "among", "amount", "amused", "analyst", "anchor", "ancient", "anger", "angle",
+  "angry", "animal", "ankle", "announce", "annual", "another", "answer", "antenna",
+  "antique", "anxiety", "any", "apart", "apology", "appear", "apple", "approve",
+  "april", "arch", "arctic", "area", "arena", "argue", "arm", "armed",
+  "armor", "army", "around", "arrange", "arrest", "arrive", "arrow", "art",
+  "artefact", "artist", "artwork", "ask", "aspect", "assault", "asset", "assist",
+  "assume", "asthma", "athlete", "atom", "attack", "attend", "attitude", "attract",
+  "auction", "audit", "august", "aunt", "author", "auto", "autumn", "average",
+  "avocado", "avoid", "awake", "aware", "away", "awesome", "awful", "awkward",
+  "axis", "baby", "bachelor", "bacon", "badge", "bag", "balance", "balcony",
+  "ball", "bamboo", "banana", "banner", "bar", "barely", "bargain", "barrel",
+  "base", "basic", "basket", "battle", "beach", "bean", "beauty", "because",
+  "become", "beef", "before", "begin", "behave", "behind", "believe", "below",
+  "belt", "bench", "benefit", "best", "betray", "better", "between", "beyond",
+  "bicycle", "bid", "bike", "bind", "biology", "bird", "birth", "bitter",
+  "black", "blade", "blame", "blanket", "blast", "bleak", "bless", "blind",
+  "blood", "blossom", "blouse", "blue", "blur", "blush", "board", "boat",
+  "body", "boil", "bomb", "bone", "bonus", "book", "boost", "border",
+  "boring", "borrow", "boss", "bottom", "bounce", "box", "boy", "bracket",
+  "brain", "brand", "brass", "brave", "bread", "breeze", "brick", "bridge",
+  "brief", "bright", "bring", "brisk", "broccoli", "broken", "bronze", "broom",
+  "brother", "brown", "brush", "bubble", "buddy", "budget", "buffalo", "build",
+  "bulb", "bulk", "bullet", "bundle", "bunker", "burden", "burger", "burst",
+  "bus", "business", "busy", "butter", "buyer", "buzz",
+]);
+
+function isMnemonic(value: string): boolean {
+  const words = value.toLowerCase().trim().split(/\s+/);
+  if (![12, 15, 18, 21, 24].includes(words.length)) {
+    return false;
+  }
+  return words.every((word) => MNEMONIC_WORDS.has(word));
+}
+
+function scanString(value: string, path: string): SecretFinding | null {
+  if (RPC_CREDENTIAL_RE.test(value)) {
+    return { path, reasonCode: "secret.rpc_credential" };
+  }
+  if (API_KEY_VALUE_RE.test(value)) {
+    return { path, reasonCode: "secret.api_key" };
+  }
+  if (WEBHOOK_URL_RE.test(value)) {
+    return { path, reasonCode: "secret.webhook_url" };
+  }
+  if (LABELED_PRIVATE_KEY_RE.test(value)) {
+    return { path, reasonCode: "secret.private_key" };
+  }
+  if (isMnemonic(value)) {
+    return { path, reasonCode: "secret.mnemonic" };
+  }
+  return null;
+}
+
+export function findSecret(value: unknown, path = "$"): SecretFinding | null {
+  if (typeof value === "string") {
+    return scanString(value, path);
+  }
+  if (value === null || typeof value !== "object") {
+    return null;
+  }
+  if (Array.isArray(value)) {
+    for (let index = 0; index < value.length; index += 1) {
+      const finding = findSecret(value[index], `${path}[${index}]`);
+      if (finding !== null) {
+        return finding;
+      }
+    }
+    return null;
+  }
+  for (const [key, child] of Object.entries(value)) {
+    if (SENSITIVE_KEY_RE.test(key)) {
+      return { path: `${path}.${key}`, reasonCode: "secret.key_name" };
+    }
+    const finding = findSecret(child, `${path}.${key}`);
+    if (finding !== null) {
+      return finding;
+    }
+  }
+  return null;
+}
+
+export function assertNoSecrets(value: unknown): void {
+  const finding = findSecret(value);
+  if (finding !== null) {
+    throw new Error(`secret material rejected at ${finding.path}: ${finding.reasonCode}`);
+  }
+}
diff --git a/services/shared/test/foundation.test.ts b/services/shared/test/foundation.test.ts
index 35ae7e80..4cf78c94 100644
--- a/services/shared/test/foundation.test.ts
+++ b/services/shared/test/foundation.test.ts
@@ -11,6 +11,7 @@ import {
   canonicalJson,
   deriveObservationId,
   deriveReportId,
+  findSecret,
   isVerifierStatus,
   keccak256Utf8,
   normalizeAddress,
@@ -96,3 +97,15 @@ test("canonical JSON sorts object keys while preserving array order", () => {
 test("derives deterministic verifier report id from canonical report core", () => {
   assert.equal(deriveReportId(fixture.reportCore), fixture.expected.reportId);
 });
+
+test("detects secret-shaped response material without rejecting ordinary hashes", () => {
+  assert.equal(findSecret({ stateRoot: `0x${"1".repeat(64)}` }), null);
+  assert.equal(findSecret({ privateKey: `0x${"1".repeat(64)}` })?.reasonCode, "secret.key_name");
+  assert.equal(findSecret({ rpc: "https://user:pass@example.invalid" })?.reasonCode, "secret.rpc_credential");
+  assert.equal(findSecret({ token: "sk-test_1234567890abcdefghijklmnop" })?.reasonCode, "secret.api_key");
+  assert.equal(findSecret({ url: "https://hooks.slack.com/services/T000/B000/XXXX" })?.reasonCode, "secret.webhook_url");
+  assert.equal(
+    findSecret({ phrase: "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about" })?.reasonCode,
+    "secret.mnemonic",
+  );
+});
diff --git a/tests/FlowMemoryAfterSwapHook.t.sol b/tests/FlowMemoryAfterSwapHook.t.sol
new file mode 100644
index 00000000..924a97b1
--- /dev/null
+++ b/tests/FlowMemoryAfterSwapHook.t.sol
@@ -0,0 +1,203 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.24;
+
+import {FlowMemoryAfterSwapHook} from "../contracts/FlowMemoryAfterSwapHook.sol";
+import {FlowMemoryHookPlanner} from "../contracts/FlowMemoryHookPlanner.sol";
+import {IUniswapV4SwapHookLike} from "../contracts/interfaces/IUniswapV4SwapHookLike.sol";
+
+interface FlowMemoryAfterSwapVm {
+    struct Log {
+        bytes32[] topics;
+        bytes data;
+        address emitter;
+    }
+
+    function expectRevert(bytes4 revertData) external;
+    function expectRevert(bytes calldata revertData) external;
+    function recordLogs() external;
+    function getRecordedLogs() external returns (Log[] memory);
+}
+
+contract FlowMemoryAfterSwapUnauthorizedCaller {
+    function callAfterSwap(
+        FlowMemoryAfterSwapHook hook,
+        address sender,
+        IUniswapV4SwapHookLike.PoolKey calldata key,
+        IUniswapV4SwapHookLike.SwapParams calldata params,
+        int256 swapDelta,
+        bytes calldata hookData
+    ) external returns (bytes4 selector, int128 hookDelta) {
+        return hook.afterSwap(sender, key, params, swapDelta, hookData);
+    }
+}
+
+contract FlowMemoryAfterSwapHookTest {
+    FlowMemoryAfterSwapVm private constant vm =
+        FlowMemoryAfterSwapVm(address(uint160(uint256(keccak256("hevm cheat code")))));
+    bytes32 private constant FLOWPULSE_SIGNATURE =
+        keccak256("FlowPulse(bytes32,bytes32,address,uint8,bytes32,bytes32,bytes32,uint64,uint64,string)");
+    bytes32 private constant AFTER_SWAP_OBSERVED_SIGNATURE =
+        keccak256("AfterSwapObserved(address,address,bytes32,bytes32,bytes32,bytes32)");
+
+    error AssertionFailed();
+
+    function testPlannerDefinesAfterSwapOnlyPermissionTarget() public {
+        FlowMemoryHookPlanner planner = new FlowMemoryHookPlanner();
+        FlowMemoryHookPlanner.HookPermissions memory permissions = planner.targetPermissions();
+
+        _assertTrue(planner.FLOWMEMORY_AFTER_SWAP_FLAGS() == planner.AFTER_SWAP_FLAG());
+        _assertTrue(planner.FLOWMEMORY_AFTER_SWAP_FLAGS() == uint160(1 << 6));
+        _assertTrue(permissions.afterSwap);
+        _assertTrue(!permissions.beforeSwap);
+        _assertTrue(!permissions.afterSwapReturnDelta);
+        _assertTrue(!permissions.beforeSwapReturnDelta);
+        _assertTrue(!permissions.afterAddLiquidity);
+        _assertTrue(!permissions.afterRemoveLiquidity);
+        _assertTrue(!permissions.beforeDonate);
+        _assertTrue(!permissions.afterDonate);
+    }
+
+    function testPlannerRejectsCustomAccountingAndExtraHookFlags() public {
+        FlowMemoryHookPlanner planner = new FlowMemoryHookPlanner();
+        address afterSwapOnly = address(uint160(planner.AFTER_SWAP_FLAG()));
+        address afterSwapWithReturnDelta =
+            address(uint160(planner.AFTER_SWAP_FLAG() | planner.AFTER_SWAP_RETURNS_DELTA_FLAG()));
+        address beforeAndAfterSwap = address(uint160(planner.BEFORE_SWAP_FLAG() | planner.AFTER_SWAP_FLAG()));
+
+        _assertTrue(planner.hasOnlyAfterSwapFlag(afterSwapOnly));
+        _assertTrue(!planner.hasOnlyAfterSwapFlag(afterSwapWithReturnDelta));
+        _assertTrue(!planner.hasOnlyAfterSwapFlag(beforeAndAfterSwap));
+    }
+
+    function testPlannerMinesBaseSepoliaCreate2AddressWithTargetFlags() public {
+        FlowMemoryHookPlanner planner = new FlowMemoryHookPlanner();
+        bytes32 initCodeHash = _afterSwapHookInitCodeHash(planner.BASE_SEPOLIA_POOL_MANAGER());
+
+        FlowMemoryHookPlanner.HookPlan memory plan = planner.planBaseSepolia(initCodeHash, 0, 100_000);
+
+        _assertTrue(plan.chainId == planner.BASE_SEPOLIA_CHAIN_ID());
+        _assertTrue(plan.poolManager == planner.BASE_SEPOLIA_POOL_MANAGER());
+        _assertTrue(plan.create2Deployer == planner.CREATE2_DEPLOYER());
+        _assertTrue(plan.targetFlags == planner.FLOWMEMORY_AFTER_SWAP_FLAGS());
+        _assertTrue(plan.initCodeHash == initCodeHash);
+        _assertTrue(planner.hasOnlyAfterSwapFlag(plan.hookAddress));
+        _assertTrue(plan.hookAddress == planner.computeCreate2Address(plan.create2Deployer, plan.salt, initCodeHash));
+    }
+
+    function testAfterSwapHookEmitsFlowPulseAndReturnsZeroHookDelta() public {
+        FlowMemoryAfterSwapHook hook = new FlowMemoryAfterSwapHook(address(this));
+        bytes32 rootfieldId = keccak256("rootfield.true-hook");
+        bytes32 commitment = keccak256("hook.commitment.true");
+        bytes32 parentPulseId = keccak256("parent.pulse.true");
+        IUniswapV4SwapHookLike.PoolKey memory key = _samplePoolKey(address(hook));
+        IUniswapV4SwapHookLike.SwapParams memory params = _sampleSwapParams();
+        bytes memory hookData =
+            hook.encodeSwapHookData(rootfieldId, commitment, parentPulseId, "flowmemory://base-sepolia/after-swap");
+
+        vm.recordLogs();
+        (bytes4 selector, int128 hookDelta) = hook.afterSwap(address(this), key, params, int256(123), hookData);
+        FlowMemoryAfterSwapVm.Log[] memory logs = vm.getRecordedLogs();
+
+        bytes32 poolId = keccak256(abi.encode(key.currency0, key.currency1, key.fee, key.tickSpacing, key.hooks));
+        _assertTrue(selector == hook.UNISWAP_V4_AFTER_SWAP_SELECTOR());
+        _assertTrue(hookDelta == 0);
+        _assertTrue(logs.length == 2);
+        _assertTrue(logs[0].topics[0] == AFTER_SWAP_OBSERVED_SIGNATURE);
+        _assertTrue(logs[1].topics[0] == FLOWPULSE_SIGNATURE);
+        _assertTrue(logs[1].topics[2] == rootfieldId);
+        _assertTrue(logs[1].topics[3] == bytes32(uint256(uint160(address(this)))));
+        _assertSwapPulseData(logs[1].data, poolId, commitment, parentPulseId, "flowmemory://base-sepolia/after-swap");
+    }
+
+    function testAfterSwapHookIsPoolManagerGated() public {
+        FlowMemoryAfterSwapHook hook = new FlowMemoryAfterSwapHook(address(this));
+        FlowMemoryAfterSwapUnauthorizedCaller caller = new FlowMemoryAfterSwapUnauthorizedCaller();
+        IUniswapV4SwapHookLike.PoolKey memory key = _samplePoolKey(address(hook));
+        IUniswapV4SwapHookLike.SwapParams memory params = _sampleSwapParams();
+        bytes memory hookData =
+            hook.encodeSwapHookData(keccak256("rootfield.gated"), keccak256("commitment.gated"), bytes32(0), "");
+
+        vm.expectRevert(
+            abi.encodeWithSelector(FlowMemoryAfterSwapHook.UnauthorizedPoolManager.selector, address(caller))
+        );
+        caller.callAfterSwap(hook, address(this), key, params, int256(0), hookData);
+    }
+
+    function testAfterSwapHookRejectsInvalidHookDataWithoutCustodyOrFeeState() public {
+        FlowMemoryAfterSwapHook hook = new FlowMemoryAfterSwapHook(address(this));
+        IUniswapV4SwapHookLike.PoolKey memory key = _samplePoolKey(address(hook));
+        IUniswapV4SwapHookLike.SwapParams memory params = _sampleSwapParams();
+
+        vm.expectRevert(FlowMemoryAfterSwapHook.EmptyHookData.selector);
+        hook.afterSwap(address(this), key, params, int256(0), "");
+
+        bytes memory zeroRootfieldData =
+            hook.encodeSwapHookData(bytes32(0), keccak256("commitment.zero-rootfield"), bytes32(0), "");
+        vm.expectRevert(FlowMemoryAfterSwapHook.ZeroRootfieldId.selector);
+        hook.afterSwap(address(this), key, params, int256(0), zeroRootfieldData);
+
+        bytes memory zeroCommitmentData =
+            hook.encodeSwapHookData(keccak256("rootfield.zero-commitment"), bytes32(0), bytes32(0), "");
+        vm.expectRevert(FlowMemoryAfterSwapHook.ZeroCommitment.selector);
+        hook.afterSwap(address(this), key, params, int256(0), zeroCommitmentData);
+
+        (bool success,) = address(hook).call("");
+        _assertTrue(!success);
+        _assertTrue(address(hook).balance == 0);
+    }
+
+    function testHookEventSchemasExcludeTxHashAndLogIndexAssumptions() public pure {
+        bytes32 flowPulseWithReceiptMetadata = keccak256(
+            "FlowPulse(bytes32,bytes32,address,uint8,bytes32,bytes32,bytes32,uint64,uint64,string,bytes32,uint256)"
+        );
+        bytes32 afterSwapObservedWithReceiptMetadata =
+            keccak256("AfterSwapObserved(address,address,bytes32,bytes32,bytes32,bytes32,bytes32,uint256)");
+
+        _assertTrue(FLOWPULSE_SIGNATURE != flowPulseWithReceiptMetadata);
+        _assertTrue(AFTER_SWAP_OBSERVED_SIGNATURE != afterSwapObservedWithReceiptMetadata);
+    }
+
+    function _afterSwapHookInitCodeHash(address poolManager) private pure returns (bytes32) {
+        return keccak256(abi.encodePacked(type(FlowMemoryAfterSwapHook).creationCode, abi.encode(poolManager)));
+    }
+
+    function _samplePoolKey(address hooks) private pure returns (IUniswapV4SwapHookLike.PoolKey memory) {
+        return IUniswapV4SwapHookLike.PoolKey({
+            currency0: address(0x1000), currency1: address(0x2000), fee: 3000, tickSpacing: 60, hooks: hooks
+        });
+    }
+
+    function _sampleSwapParams() private pure returns (IUniswapV4SwapHookLike.SwapParams memory) {
+        return IUniswapV4SwapHookLike.SwapParams({zeroForOne: true, amountSpecified: -1 ether, sqrtPriceLimitX96: 42});
+    }
+
+    function _assertSwapPulseData(
+        bytes memory data,
+        bytes32 expectedSubject,
+        bytes32 expectedCommitment,
+        bytes32 expectedParentPulseId,
+        string memory expectedUri
+    ) private pure {
+        (
+            uint8 pulseType,
+            bytes32 subject,
+            bytes32 flowPulseCommitment,
+            bytes32 decodedParentPulseId,
+            uint64 sequence,
+            uint64 occurredAt,
+            string memory uri
+        ) = abi.decode(data, (uint8, bytes32, bytes32, bytes32, uint64, uint64, string));
+
+        _assertTrue(pulseType == 4);
+        _assertTrue(subject == expectedSubject);
+        _assertTrue(flowPulseCommitment == expectedCommitment);
+        _assertTrue(decodedParentPulseId == expectedParentPulseId);
+        _assertTrue(sequence == 1);
+        _assertTrue(occurredAt > 0);
+        _assertTrue(keccak256(bytes(uri)) == keccak256(bytes(expectedUri)));
+    }
+
+    function _assertTrue(bool condition) private pure {
+        if (!condition) revert AssertionFailed();
+    }
+}