Skip to content

Step 4: Cast Your Vote

Cast a yes vote on the proposal:

Terminal window
ckb-firewall vote --proposal tutorial-abc123 --vote yes

The CLI will prompt for your private key with masked input:

? Validator private key (32-byte hex): ****...

Enter your 32-byte secp256k1 private key. The CLI:

  1. Derives the compressed public key from the private key
  2. Checks that the pubkey is in the authorized validator set by verifying a Merkle membership proof against the validatorMerkleRoot in the BLKL governance header
  3. Rejects the key if it is not an authorized validator
  4. Signs the vote: blake2b({ domain: "ckb-firewall:vote", proposalIdHash, vote, timestamp, pubkey })
  5. Stores the vote locally with the signature and Merkle proof
  6. Updates the voteDigestHash

Expected output:

✔ Vote recorded
Proposal: tutorial-abc123
Vote: YES
Signed at: 2026-06-04T12:00:00.000Z
Votes so far: 1/3 required

Verify the vote was recorded:

Terminal window
ckb-firewall proposals

The proposal should now show 1/3 yes votes.

Continue to Step 5.