Add --jwt-secret-path to lcli mock-el

[jimmygchen]

Description

Allow lcli mock-el to read a pre-shared JWT secret from a file via --jwt-secret-path, instead of always using the hardcoded DEFAULT_JWT_SECRET. This enables external tools (e.g. kurtosis ethereum-package) to provide their own JWT secret.

The two flags are mutually exclusive:

Flag	Behavior
--jwt-output-path	Current behavior: use default secret, write to file
--jwt-secret-path	Read secret from file, don't write anywhere

The new flag accepts a hex-encoded secret file (with or without 0x prefix).

Additional Info

No breaking changes — existing usage with only --jwt-output-path is unchanged.

[macladson]

LGTM!

Just wondering if jwt-secret-path and jwt-output-path should be mutually exclusive? Seems strange to write a output file when you are already providing an input file. Might be slightly tidier UX?

[pawanjay176]

Agree with Mac. I think the 2 flags should conflict. I don't see why we would want to read from a file and write to a different file either.

[dapplion]

Is it more clear to do here else if let Some(jwt_path) = jwt_output_path {
and then error in the final else?

[jimmygchen]

Done in e23b8d1.

[macladson]

Perfect!

[mergify]

Merge Queue Status

Rule: default

---

• ✅ Entered queue — 2026-02-20 13:49 UTC
• ✅ Checks passed · on draft merge queue: embarking unstable (8d4af65) and #8864 together #8875
• ✅ Merged — 2026-02-20 14:22 UTC · at e23b8d1f611fbe9155987175019a234291c7744a

This pull request spent 32 minutes 31 seconds in the queue, including 30 minutes 22 seconds running CI.

Required conditions to merge

• check-success=local-testnet-success
• check-success=test-suite-success