@beclab/olaresid 0.1.1 → 0.1.3

package/src/cli.ts

@@ -1,7 +1,29 @@
 #!/usr/bin/env node
 
-import OlaresID from './index';
+import OlaresID, {
+	createRsaKeyPair,
+	pemToDer,
+	derToPem,
+	ipv4ToBytes4,
+	bytes4ToIpv4,
+	generateMnemonic,
+	getEthereumAddressFromMnemonic,
+	getEVMPrivateKeyFromMnemonic,
+	getDIDFromMnemonic,
+	generateDIDKeyData,
+	deriveDIDFromMnemonic,
+	TagTypeBuilder
+} from './index';
 import { debug } from './debug';
+import { normalizeToDomain } from './utils/olares-id';
+import * as fs from 'fs';
+import * as path from 'path';
+
+// CLI Version - read from package.json
+const packageJson = JSON.parse(
+	fs.readFileSync(path.join(__dirname, '../package.json'), 'utf-8')
+);
+const CLI_VERSION = packageJson.version;
 
 // 预设的网络配置
 const NETWORKS = {
@@ -9,13 +31,17 @@ const NETWORKS = {
 		rpc: 'https://sepolia.optimism.io',
 		contractDid: '0xe2D7c3a9013960E04d4E9F5F9B63fff37eEd97A8',
 		contractRootResolver: '0xeF727cb066Fee98F88Db84555830063b4A24ddfc',
-		contractAbiType: '0x7386fCBae6Ad4CCE1499d9153D99bc950B589718'
+		contractAbiType: '0x7386fCBae6Ad4CCE1499d9153D99bc950B589718',
+		contractRootResolver2: '0xcbC02aa08c77a374eC0D5A0403E108b7573d96e8',
+		supportSvcUrl: 'https://api-test.olares.com/did/support'
 	},
 	mainnet: {
 		rpc: 'https://optimism-rpc.publicnode.com',
 		contractDid: '0x5DA4Fa8E567d86e52Ef8Da860de1be8f54cae97D',
 		contractRootResolver: '0xE2EABA0979277A90511F8873ae1e8cA26B54E740',
-		contractAbiType: '0x9ae3F16bD99294Af1784beB1a0A5C84bf2636365'
+		contractAbiType: '0x9ae3F16bD99294Af1784beB1a0A5C84bf2636365',
+		contractRootResolver2: '0x7e7961aB771cA942CE4DB6e79579e016a33Dc95B',
+		supportSvcUrl: 'https://api.olares.com/did/support'
 	}
 };
 
@@ -25,16 +51,23 @@ interface CliOptions {
 	contractDid?: string;
 	contractResolver?: string;
 	contractAbi?: string;
+	contractRootResolver2?: string;
+	supportSvcUrl?: string;
 	json: boolean;
 	verbose: boolean;
 	debug: boolean;
 	debugLevel: string;
 	help: boolean;
+	output?: string;
+	keyLength?: number;
+	words?: number;
 }
 
 function parseArgs(): {
 	command: string;
+	subCommand?: string;
 	domain?: string;
+	value?: string;
 	options: CliOptions;
 } {
 	const args = process.argv.slice(2);
@@ -48,7 +81,19 @@ function parseArgs(): {
 	};
 
 	let command = '';
+	let subCommand: string | undefined;
 	let domain: string | undefined;
+	let value: string | undefined;
+
+	// Commands that don't have subcommands - next arg is domain directly
+	const commandsWithoutSubcommand = [
+		'info',
+		'owner',
+		'is-owner',
+		'transfer',
+		'fetch',
+		'fetch-domain'
+	];
 
 	for (let i = 0; i < args.length; i++) {
 		const arg = args[i];
@@ -56,7 +101,7 @@ function parseArgs(): {
 		if (arg === '--help' || arg === '-h') {
 			options.help = true;
 		} else if (arg === '--version' || arg === '-V') {
-			console.log('0.1.0');
+			console.log(CLI_VERSION);
 			process.exit(0);
 		} else if (arg === '--network' || arg === '-n') {
 			options.network = args[++i] || 'sepolia';
@@ -68,6 +113,16 @@ function parseArgs(): {
 			options.contractResolver = args[++i];
 		} else if (arg === '--contract-abi') {
 			options.contractAbi = args[++i];
+		} else if (arg === '--contract-resolver2') {
+			options.contractRootResolver2 = args[++i];
+		} else if (arg === '--support-svc-url') {
+			options.supportSvcUrl = args[++i];
+		} else if (arg === '--output' || arg === '-o') {
+			options.output = args[++i];
+		} else if (arg === '--key-length') {
+			options.keyLength = parseInt(args[++i], 10);
+		} else if (arg === '--words' || arg === '-w') {
+			options.words = parseInt(args[++i], 10);
 		} else if (arg === '--json' || arg === '-j') {
 			options.json = true;
 		} else if (arg === '--verbose' || arg === '-v') {
@@ -79,31 +134,113 @@ function parseArgs(): {
 		} else if (!command) {
 			command = arg;
 		} else if (
-			!domain &&
-			(command === 'fetch' || command === 'fetch-domain')
+			!subCommand &&
+			!commandsWithoutSubcommand.includes(command)
 		) {
+			// Only set subCommand if the command requires one
+			subCommand = arg;
+		} else if (!domain) {
 			domain = arg;
+		} else if (!value) {
+			value = arg;
 		}
 	}
 
-	return { command, domain, options };
+	return { command, subCommand, domain, value, options };
 }
 
 function showHelp(): void {
 	console.log(`
-DID CLI Tool v0.1.0
+DID CLI Tool v${CLI_VERSION}
 
 USAGE:
-  did-cli <command> [arguments] [options]
+  did-cli <command> [subcommand] [arguments] [options]
 
-COMMANDS:
-  fetch <domain>     Fetch domain information (alias: fetch-domain)
-  fetch-all          Fetch all domains from contract
-  config             Show network configurations
-  help               Show this help message
+NOTE:
+  Olares ID Format: You can use @ instead of the first dot in domain names.
+  Example: alice@example.com is equivalent to alice.example.com
+  Both formats work identically in all commands!
 
-ARGUMENTS:
-  <domain>           Domain name to fetch (e.g., example.olares.com)
+COMMANDS:
+  Query Commands:
+    info <domain>              Get domain metadata
+    owner <domain>             Get domain owner address
+    is-owner <domain>          Check if you are the domain owner (requires PRIVATE_KEY_OR_MNEMONIC)
+    
+  RSA Key Commands:
+    rsa generate               Generate a new RSA key pair
+    rsa get <domain>           Get RSA public key for domain
+    rsa set <domain> <file>    Set RSA public key from PEM file (requires PRIVATE_KEY_OR_MNEMONIC)
+    rsa remove <domain>        Remove RSA public key (requires PRIVATE_KEY_OR_MNEMONIC)
+    
+  IP Commands:
+    ip get <domain>            Get DNS A record (IPv4)
+    ip set <domain> <ip>       Set DNS A record (requires PRIVATE_KEY_OR_MNEMONIC)
+    ip remove <domain>         Remove DNS A record (requires PRIVATE_KEY_OR_MNEMONIC)
+    
+  Subdomain Commands:
+    subdomain register <parent> <label>
+                               Register a new subdomain (requires PRIVATE_KEY_OR_MNEMONIC)
+                               Use MNEMONIC env var for subdomain owner or auto-generates one
+    
+  Transfer Commands:
+    transfer <domain>          Transfer domain ownership to a new owner (requires PRIVATE_KEY_OR_MNEMONIC)
+                               Use MNEMONIC env var for new owner or auto-generates one
+    
+  Wallet Management Commands:
+    wallet evm add <domain>    Add EVM wallet to domain (requires PRIVATE_KEY_OR_MNEMONIC & EVM_PRIVATE_KEY)
+    wallet evm remove <domain> Remove EVM wallet from domain (requires PRIVATE_KEY_OR_MNEMONIC & EVM_PRIVATE_KEY)
+    wallet evm list <domain>   List all EVM wallets for domain
+    wallet solana add <domain> Add Solana wallet to domain (requires PRIVATE_KEY_OR_MNEMONIC & SOLANA_PRIVATE_KEY)
+    wallet solana remove <domain>
+                               Remove Solana wallet from domain (requires PRIVATE_KEY_OR_MNEMONIC & SOLANA_PRIVATE_KEY)
+    wallet solana list <domain>
+                               List all Solana wallets for domain
+    
+  Tag Management Commands:
+    tag define <domain> <tag-name> <type>
+                               Define a new tag type (requires PRIVATE_KEY_OR_MNEMONIC)
+                               Supported types: string, uint8, uint256, int8, int256, bool, address, bytes, bytes32
+                               Array types: string[], uint8[], etc.
+    tag set <domain> <tag-name> <value>
+                               Set tag value (requires PRIVATE_KEY_OR_MNEMONIC)
+                               Value can be a string or JSON for arrays/objects
+    tag get <domain> <tag-name>
+                               Get tag value (read-only)
+    tag remove <domain> <tag-name>
+                               Remove tag value (requires PRIVATE_KEY_OR_MNEMONIC)
+    tag list <domain>          List all tags with values for domain (read-only)
+    tag list-defined <domain>  List all defined tag types for domain (read-only)
+    tag set-tagger <domain> <tag-name> <address>
+                               Set tagger address for a tag (requires PRIVATE_KEY_OR_MNEMONIC)
+    tag get-tagger <domain> <tag-name>
+                               Get tagger address for a tag (read-only)
+    
+  Operator Commands:
+    operator get               Get current operator address
+    operator set <address>     Set operator address (requires PRIVATE_KEY_OR_MNEMONIC)
+    
+  Crypto Utility Commands:
+    crypto generate            Generate a new mnemonic phrase (--words option)
+                               Saves to file, use --output to specify file path
+    crypto address             Get Ethereum address from mnemonic (requires MNEMONIC env var)
+    crypto did                 Get DID from mnemonic (requires MNEMONIC env var)
+    crypto privatekey          Get EVM private key from mnemonic (requires MNEMONIC env var)
+                               Saves to file, use --output to specify file path
+    crypto derive              Derive all keys from mnemonic (requires MNEMONIC env var)
+                               Saves to file, use --output to specify file path
+    
+  Utility Commands:
+    convert pem-to-der <file>  Convert PEM file to DER hex
+    convert der-to-pem <hex>   Convert DER hex to PEM
+    convert ip-to-bytes <ip>   Convert IPv4 to bytes4
+    convert bytes-to-ip <hex>  Convert bytes4 to IPv4
+    
+  Legacy Commands:
+    fetch <domain>             Fetch domain information (alias: fetch-domain)
+    fetch-all                  Fetch all domains from contract
+    config                     Show network configurations
+    help                       Show this help message
 
 OPTIONS:
   -n, --network <network>         Network to use (sepolia|mainnet) [default: sepolia]
@@ -111,6 +248,12 @@ OPTIONS:
   --contract-did <address>        Custom DID contract address
   --contract-resolver <address>   Custom RootResolver contract address
   --contract-abi <address>        Custom ABIType contract address
+  --contract-resolver2 <address>  Custom RootResolver2 contract address
+  --support-svc-url <url>         Custom support service URL
+  -o, --output <file>             Output file path (for generate commands)
+  --key-length <bits>             RSA key length in bits [default: 2048]
+  -w, --words <count>             Mnemonic word count: 12|15|18|21|24 [default: 12]
+  -j, --json                      Output in JSON format
   -v, --verbose                   Enable verbose debug output
   --debug                         Enable debug output
   --debug-level <level>           Set debug level (debug|info|warn|error) [default: info]
@@ -118,12 +261,130 @@ OPTIONS:
   -V, --version                   Show version number
 
 EXAMPLES:
-  did-cli fetch example.olares.com
-  did-cli fetch example.olares.com --network mainnet
-  did-cli fetch example.olares.com --json
-  did-cli fetch example.olares.com --debug
-  did-cli fetch-all --network sepolia
-  did-cli config
+  # Query domain info
+  did-cli info example.olares.com --network mainnet
+  did-cli owner example.olares.com
+  export PRIVATE_KEY_OR_MNEMONIC=0xYOUR_PRIVATE_KEY
+  did-cli is-owner example.olares.com
+  
+  # Olares ID format (use @ instead of first dot - like email addresses!)
+  # Both formats work identically: alice.example.com = alice@example.com
+  did-cli info alice@example.com
+  did-cli owner bob@sub.example.com
+  did-cli rsa get user@domain.com
+  did-cli ip set alice@example.com 192.168.1.100
+  did-cli tag get alice@example.com email
+  
+  # RSA key management
+  did-cli rsa generate --output ./my-key.pem --key-length 4096
+  did-cli rsa get example.olares.com
+  did-cli rsa set example.olares.com ./public-key.pem
+  did-cli rsa remove example.olares.com
+  
+  # IP management
+  did-cli ip get example.olares.com
+  did-cli ip set example.olares.com 192.168.1.100
+  did-cli ip remove example.olares.com
+  
+  # Subdomain management (auto-generate mnemonic for subdomain owner)
+  export PRIVATE_KEY_OR_MNEMONIC=0xYOUR_PRIVATE_KEY
+  did-cli subdomain register parent.com child
+  did-cli subdomain register parent.com child --words 24
+  
+  # Subdomain management (use existing mnemonic for subdomain owner)
+  export MNEMONIC="your twelve word mnemonic here"
+  did-cli subdomain register parent.com child
+  
+  # Subdomain management (JSON output)
+  did-cli subdomain register parent.com child --json
+  
+  # Transfer domain ownership (auto-generate mnemonic for new owner)
+  export PRIVATE_KEY_OR_MNEMONIC=0xYOUR_PRIVATE_KEY
+  did-cli transfer example.com
+  did-cli transfer example.com --words 24
+  
+  # Transfer domain ownership (use existing mnemonic for new owner)
+  export MNEMONIC="your twelve word mnemonic here"
+  did-cli transfer example.com
+  
+  # Crypto utilities
+  did-cli crypto generate --words 12
+  did-cli crypto generate --words 24 --output ./custom-path.txt
+  export MNEMONIC="your twelve word mnemonic here"
+  did-cli crypto address
+  did-cli crypto did
+  did-cli crypto privatekey --output ./my-private-key.txt
+  did-cli crypto derive --output ./my-keys.txt
+  
+  # Wallet management
+  export PRIVATE_KEY_OR_MNEMONIC=0xYOUR_PRIVATE_KEY
+  
+  # Add EVM wallet
+  export EVM_PRIVATE_KEY=0xWALLET_PRIVATE_KEY
+  did-cli wallet evm add example.com
+  
+  # Remove EVM wallet
+  did-cli wallet evm remove example.com
+  
+  # List EVM wallets
+  did-cli wallet evm list example.com
+  
+  # Add Solana wallet (base58 format)
+  export SOLANA_PRIVATE_KEY="5J7W..."
+  did-cli wallet solana add example.com
+  
+  # Add Solana wallet (JSON array format from Phantom)
+  export SOLANA_PRIVATE_KEY='[1,2,3,...]'
+  did-cli wallet solana add example.com
+  
+  # List Solana wallets
+  did-cli wallet solana list example.com
+  
+  # Tag management
+  export PRIVATE_KEY_OR_MNEMONIC=0xYOUR_PRIVATE_KEY
+  
+  # Define a simple tag
+  did-cli tag define example.com email string
+  
+  # Set tagger (usually yourself)
+  did-cli tag set-tagger example.com email 0xYourAddress
+  
+  # Set tag value
+  did-cli tag set example.com email "user@example.com"
+  
+  # Get tag value
+  did-cli tag get example.com email
+  
+  # List all tags
+  did-cli tag list example.com
+  
+  # Array type (quote to prevent shell interpretation)
+  did-cli tag define example.com links "string[]"
+  did-cli tag set-tagger example.com links 0xYourAddress
+  did-cli tag set example.com links '["https://x.com","https://github.com"]'
+  
+  # Remove tag
+  did-cli tag remove example.com email
+  
+  # Operator management
+  did-cli operator get
+  did-cli operator set 0x1234...
+  
+  # Utilities
+  did-cli convert pem-to-der ./public-key.pem
+  did-cli convert ip-to-bytes 192.168.1.1
+  did-cli convert bytes-to-ip 0xc0a80101
+
+ENVIRONMENT VARIABLES:
+  PRIVATE_KEY_OR_MNEMONIC         Private key (0x...) or mnemonic phrase for signing transactions
+                                  (required for write operations)
+  MNEMONIC                        Mnemonic phrase for generating owner identity
+                                  (used in subdomain registration, domain transfer, and crypto utilities)
+  EVM_PRIVATE_KEY                 EVM wallet private key for wallet management operations
+                                  (required for wallet evm add/remove commands)
+  SOLANA_PRIVATE_KEY              Solana wallet private key for wallet management operations
+                                  Format: base58 string or JSON array (e.g., "[1,2,3,...]")
+                                  (required for wallet solana add/remove commands)
 `);
 }
 
@@ -194,29 +455,2501 @@ async function fetchDomain(domain: string, options: CliOptions): Promise<void> {
 	}
 }
 
-async function main(): Promise<void> {
-	const { command, domain, options } = parseArgs();
+// ============================================================================
+// Helper Functions
+// ============================================================================
 
-	if (options.help || !command || command === 'help') {
-		showHelp();
-		return;
+function getConsole(options: CliOptions) {
+	let config;
+	if (
+		options.rpc &&
+		options.contractDid &&
+		options.contractResolver &&
+		options.contractAbi &&
+		options.contractRootResolver2 &&
+		options.supportSvcUrl
+	) {
+		config = {
+			rpc: options.rpc,
+			contractDid: options.contractDid,
+			contractRootResolver: options.contractResolver,
+			contractAbiType: options.contractAbi,
+			contractRootResolver2: options.contractRootResolver2,
+			supportSvcUrl: options.supportSvcUrl
+		};
+	} else if (NETWORKS[options.network as keyof typeof NETWORKS]) {
+		config = NETWORKS[options.network as keyof typeof NETWORKS];
+	} else {
+		throw new Error(`Unknown network: ${options.network}`);
 	}
 
-	switch (command) {
-		case 'fetch':
-		case 'fetch-domain':
-			if (!domain) {
-				console.error('❌ Error: Domain argument is required');
-				console.error('Usage: did-cli fetch <domain> [options]');
-				process.exit(1);
+	return OlaresID.createConsole(
+		config.rpc,
+		config.contractDid,
+		config.contractRootResolver,
+		config.contractAbiType,
+		config.contractRootResolver2,
+		config.supportSvcUrl
+	);
+}
+
+function getPrivateKeyOrMnemonic(): string {
+	const key = process.env.PRIVATE_KEY_OR_MNEMONIC;
+	if (!key) {
+		console.error(
+			'❌ Error: Private key or mnemonic is required for this operation'
+		);
+		console.error(
+			'Please set PRIVATE_KEY_OR_MNEMONIC environment variable'
+		);
+		console.error(
+			'Example: export PRIVATE_KEY_OR_MNEMONIC=0xYOUR_PRIVATE_KEY'
+		);
+		console.error(
+			'Or:      export PRIVATE_KEY_OR_MNEMONIC="your twelve word mnemonic phrase here"'
+		);
+		process.exit(1);
+	}
+	return key;
+}
+
+// ============================================================================
+// Domain Info Commands
+// ============================================================================
+
+async function getDomainInfo(
+	domain: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const domainContext = didConsole.domain(domain);
+		const metaInfo = await domainContext.getMetaInfo();
+
+		if (options.json) {
+			console.log(JSON.stringify(metaInfo, null, 2));
+		} else {
+			console.log('📋 Domain Metadata:');
+			console.log(`  Name:            ${metaInfo.name}`);
+			console.log(`  DID:             ${metaInfo.did}`);
+			console.log(`  Token ID:        ${metaInfo.id}`);
+			console.log(`  Note:            ${metaInfo.note}`);
+			console.log(`  Allow Subdomain: ${metaInfo.allowSubdomain}`);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+async function getDomainOwner(
+	domain: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const domainContext = didConsole.domain(domain);
+		const owner = await domainContext.getOwner();
+
+		if (options.json) {
+			console.log(JSON.stringify({ owner }, null, 2));
+		} else {
+			console.log(`👤 Owner: ${owner}`);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+async function checkIsOwner(
+	domain: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		const didConsole = getConsole(options);
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const domainContext = didConsole.domain(domain);
+		const isOwner = await domainContext.isOwner();
+
+		if (options.json) {
+			console.log(JSON.stringify({ isOwner }, null, 2));
+		} else {
+			console.log(
+				isOwner ? '✅ You are the owner' : '❌ You are not the owner'
+			);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+// ============================================================================
+// RSA Key Commands
+// ============================================================================
+
+async function generateRsaKey(options: CliOptions): Promise<void> {
+	try {
+		const keyLength = options.keyLength || 2048;
+		const keyPair = await createRsaKeyPair(keyLength);
+
+		if (options.output) {
+			// Save to files
+			const publicKeyFile = options.output;
+			const privateKeyFile = options.output.replace(
+				/\.pem$/,
+				'-private.pem'
+			);
+
+			fs.writeFileSync(publicKeyFile, keyPair.rsaPublicKey);
+			fs.writeFileSync(privateKeyFile, keyPair.rsaPrivateKey);
+
+			console.log(`✅ RSA key pair generated (${keyLength} bits)`);
+			console.log(`📄 Public key:  ${publicKeyFile}`);
+			console.log(`🔐 Private key: ${privateKeyFile}`);
+		} else {
+			// When no output file is specified, still save to default files for security
+			const defaultPublicFile = './rsa-public.pem';
+			const defaultPrivateFile = './rsa-private.pem';
+			fs.writeFileSync(defaultPublicFile, keyPair.rsaPublicKey);
+			fs.writeFileSync(defaultPrivateFile, keyPair.rsaPrivateKey);
+
+			if (options.json) {
+				console.log(
+					JSON.stringify(
+						{
+							keyLength: keyLength,
+							publicKeyFile: defaultPublicFile,
+							privateKeyFile: defaultPrivateFile
+						},
+						null,
+						2
+					)
+				);
+			} else {
+				console.log(`✅ RSA key pair generated (${keyLength} bits)`);
+				console.log(`📄 Public key:  ${defaultPublicFile}`);
+				console.log(`🔐 Private key: ${defaultPrivateFile}`);
+				console.log('\n⚠️  SECURITY WARNING:');
+				console.log('  • Keep the private key secure! Never share it!');
+				console.log(
+					'  • Delete the file after copying to a secure location'
+				);
+				console.log(`  • Command: rm ${defaultPrivateFile}`);
+			}
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+async function getRsaKey(domain: string, options: CliOptions): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const domainContext = didConsole.domain(domain);
+		const rsaKey = await domainContext.getRSAPublicKey();
+
+		if (!rsaKey) {
+			console.log('❌ No RSA public key set for this domain');
+			process.exit(1);
+		}
+
+		if (options.json) {
+			console.log(JSON.stringify({ rsaPublicKey: rsaKey }, null, 2));
+		} else {
+			console.log('📄 RSA Public Key:');
+			console.log(rsaKey);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+async function setRsaKey(
+	domain: string,
+	pemFile: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		const didConsole = getConsole(options);
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		// Read PEM file
+		if (!fs.existsSync(pemFile)) {
+			console.error(`❌ Error: File not found: ${pemFile}`);
+			process.exit(1);
+		}
+
+		const rsaPublicKey = fs.readFileSync(pemFile, 'utf-8');
+		const domainContext = didConsole.domain(domain);
+		const result = await domainContext.setRSAPublicKey(rsaPublicKey);
+
+		if (result.success) {
+			console.log('✅ RSA public key set successfully');
+			console.log(`📝 Transaction: ${result.transactionHash}`);
+			if (result.gasUsed) {
+				console.log(`⛽ Gas used: ${result.gasUsed.toString()}`);
+			}
+		} else {
+			console.error(`❌ Failed: ${result.error}`);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+async function removeRsaKey(
+	domain: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		const didConsole = getConsole(options);
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const domainContext = didConsole.domain(domain);
+		const result = await domainContext.removeRSAPublicKey();
+
+		if (result.success) {
+			console.log('✅ RSA public key removed successfully');
+			console.log(`📝 Transaction: ${result.transactionHash}`);
+			if (result.gasUsed) {
+				console.log(`⛽ Gas used: ${result.gasUsed.toString()}`);
+			}
+		} else {
+			console.error(`❌ Failed: ${result.error}`);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+// ============================================================================
+// IP Commands
+// ============================================================================
+
+async function getIP(domain: string, options: CliOptions): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const domainContext = didConsole.domain(domain);
+		const ip = await domainContext.getIP();
+
+		if (!ip) {
+			console.log('❌ No IP address set for this domain');
+			process.exit(1);
+		}
+
+		if (options.json) {
+			console.log(JSON.stringify({ ip }, null, 2));
+		} else {
+			console.log(`🌐 IP Address: ${ip}`);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+async function setIP(
+	domain: string,
+	ip: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		const didConsole = getConsole(options);
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const domainContext = didConsole.domain(domain);
+		const result = await domainContext.setIP(ip);
+
+		if (result.success) {
+			console.log(`✅ IP address set to ${ip}`);
+			console.log(`📝 Transaction: ${result.transactionHash}`);
+			if (result.gasUsed) {
+				console.log(`⛽ Gas used: ${result.gasUsed.toString()}`);
+			}
+		} else {
+			console.error(`❌ Failed: ${result.error}`);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+async function removeIP(domain: string, options: CliOptions): Promise<void> {
+	try {
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		const didConsole = getConsole(options);
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const domainContext = didConsole.domain(domain);
+		const result = await domainContext.removeIP();
+
+		if (result.success) {
+			console.log('✅ IP address removed successfully');
+			console.log(`📝 Transaction: ${result.transactionHash}`);
+			if (result.gasUsed) {
+				console.log(`⛽ Gas used: ${result.gasUsed.toString()}`);
+			}
+		} else {
+			console.error(`❌ Failed: ${result.error}`);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+// ============================================================================
+// Operator Commands
+// ============================================================================
+
+async function getOperator(options: CliOptions): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const operator = await didConsole.getOperator();
+
+		if (options.json) {
+			console.log(JSON.stringify({ operator }, null, 2));
+		} else {
+			console.log(`👔 Operator: ${operator}`);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+async function setOperator(
+	address: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		const didConsole = getConsole(options);
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const result = await didConsole.setOperator(address);
+
+		if (result.success) {
+			console.log(`✅ Operator set to ${address}`);
+			console.log(`📝 Transaction: ${result.transactionHash}`);
+			if (result.gasUsed) {
+				console.log(`⛽ Gas used: ${result.gasUsed.toString()}`);
 			}
-			await fetchDomain(domain, options);
-			break;
+		} else {
+			console.error(`❌ Failed: ${result.error}`);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
 
-		default:
-			console.error(`❌ Unknown command: ${command}`);
-			console.error('Run "did-cli help" for usage information');
+// ============================================================================
+// Conversion Utilities
+// ============================================================================
+
+function convertPemToDer(pemFile: string, options: CliOptions): void {
+	try {
+		if (!fs.existsSync(pemFile)) {
+			console.error(`❌ Error: File not found: ${pemFile}`);
 			process.exit(1);
+		}
+
+		const pem = fs.readFileSync(pemFile, 'utf-8');
+		const der = pemToDer(pem);
+
+		if (options.json) {
+			console.log(JSON.stringify({ der }, null, 2));
+		} else {
+			console.log('🔄 DER Hex:');
+			console.log(der);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+function convertDerToPem(derHex: string, options: CliOptions): void {
+	try {
+		const pem = derToPem(derHex);
+
+		if (options.json) {
+			console.log(JSON.stringify({ pem }, null, 2));
+		} else {
+			console.log('🔄 PEM:');
+			console.log(pem);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+function convertIpToBytes(ip: string, options: CliOptions): void {
+	try {
+		const bytes = ipv4ToBytes4(ip);
+
+		if (options.json) {
+			console.log(JSON.stringify({ ip, bytes }, null, 2));
+		} else {
+			console.log(`🔄 ${ip} → ${bytes}`);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+function convertBytesToIp(bytes: string, options: CliOptions): void {
+	try {
+		const ip = bytes4ToIpv4(bytes);
+
+		if (options.json) {
+			console.log(JSON.stringify({ bytes, ip }, null, 2));
+		} else {
+			console.log(`🔄 ${bytes} → ${ip}`);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+// ============================================================================
+// Subdomain Commands
+// ============================================================================
+
+async function registerSubdomain(
+	parentDomain: string,
+	subdomain: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		const didConsole = getConsole(options);
+
+		// Initialize with signer
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const domain = didConsole.domain(parentDomain);
+
+		// Get or generate mnemonic for subdomain owner
+		let mnemonic: string;
+		const subdomainMnemonic = process.env.MNEMONIC;
+
+		if (subdomainMnemonic) {
+			mnemonic = subdomainMnemonic;
+			console.log('📝 Using mnemonic from MNEMONIC environment variable');
+		} else {
+			const wordCount = options.words || 12;
+			if (![12, 15, 18, 21, 24].includes(wordCount)) {
+				console.error(
+					'❌ Error: Word count must be one of: 12, 15, 18, 21, 24'
+				);
+				process.exit(1);
+			}
+			mnemonic = generateMnemonic(wordCount);
+
+			// Save mnemonic to file
+			const mnemonicFile = './subdomain-mnemonic.txt';
+			fs.writeFileSync(mnemonicFile, mnemonic, 'utf-8');
+
+			console.log(
+				`🔑 Generated ${wordCount}-word mnemonic for subdomain owner`
+			);
+			console.log(`📄 Mnemonic saved to: ${mnemonicFile}`);
+			console.log('\n⚠️  SECURITY WARNING:');
+			console.log(
+				'  • Keep this mnemonic secure! It controls the subdomain!'
+			);
+			console.log(
+				'  • Store it in a safe place (paper backup, hardware wallet, etc.)'
+			);
+			console.log(
+				'  • Delete the file after copying to a secure location'
+			);
+			console.log(`  • Command: rm ${mnemonicFile}`);
+			console.log('\n💡 To use this mnemonic for future operations:');
+			console.log(`  export MNEMONIC="$(cat ${mnemonicFile})"\n`);
+		}
+
+		// Register subdomain
+		console.log(`📋 Registering subdomain: ${subdomain}.${parentDomain}`);
+		console.log('⏳ Submitting transaction...\n');
+
+		const result = await domain.registerSubdomain(subdomain, mnemonic);
+
+		if (result.success) {
+			if (options.json) {
+				console.log(
+					JSON.stringify(
+						{
+							success: true,
+							subdomain: result.data.subdomain,
+							fullDomainName: result.data.fullDomainName,
+							owner: result.data.owner,
+							did: result.data.did,
+							transactionHash: result.transactionHash,
+							gasUsed: result.gasUsed?.toString(),
+							blockNumber: result.blockNumber
+						},
+						null,
+						2
+					)
+				);
+			} else {
+				console.log('✅ Subdomain registered successfully!\n');
+				console.log('═'.repeat(60));
+				console.log('Registration Details:');
+				console.log('═'.repeat(60));
+				console.log(`Subdomain label:    ${result.data.subdomain}`);
+				console.log(
+					`Full domain name:   ${result.data.fullDomainName}`
+				);
+				console.log(`Owner address:      ${result.data.owner}`);
+				console.log(`DID:                ${result.data.did}`);
+				console.log(`Transaction hash:   ${result.transactionHash}`);
+				console.log(
+					`Gas used:           ${result.gasUsed?.toString() || 'N/A'}`
+				);
+				console.log(
+					`Block number:       ${result.blockNumber || 'N/A'}`
+				);
+				console.log('═'.repeat(60));
+
+				const explorerUrl =
+					options.network === 'mainnet'
+						? `https://optimistic.etherscan.io/tx/${result.transactionHash}`
+						: `https://sepolia-optimism.etherscan.io/tx/${result.transactionHash}`;
+				console.log(`\n🔗 View on block explorer:`);
+				console.log(`   ${explorerUrl}\n`);
+			}
+		} else {
+			console.error('❌ Subdomain registration failed!');
+			console.error(`   Error: ${result.error}`);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		if (options.debug && error instanceof Error && error.stack) {
+			console.error('\nStack trace:');
+			console.error(error.stack);
+		}
+		process.exit(1);
+	}
+}
+
+/**
+ * Transfer domain ownership to a new owner
+ */
+async function transferDomain(
+	domain: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		const didConsole = getConsole(options);
+
+		// Initialize with current owner's signer
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const domainContext = didConsole.domain(domain);
+
+		// Get or generate mnemonic for new owner
+		let mnemonic: string;
+		const newOwnerMnemonic = process.env.MNEMONIC;
+
+		if (newOwnerMnemonic) {
+			mnemonic = newOwnerMnemonic;
+			console.log(
+				'📝 Using mnemonic from MNEMONIC environment variable for new owner'
+			);
+		} else {
+			const wordCount = options.words || 12;
+			if (![12, 15, 18, 21, 24].includes(wordCount)) {
+				console.error(
+					'❌ Error: Word count must be one of: 12, 15, 18, 21, 24'
+				);
+				process.exit(1);
+			}
+			mnemonic = generateMnemonic(wordCount);
+
+			// Save mnemonic to file
+			const mnemonicFile = './transfer-new-owner-mnemonic.txt';
+			fs.writeFileSync(mnemonicFile, mnemonic, 'utf-8');
+
+			console.log(
+				`🔑 Generated ${wordCount}-word mnemonic for new owner`
+			);
+			console.log(`📄 Mnemonic saved to: ${mnemonicFile}`);
+			console.log('\n⚠️  SECURITY WARNING:');
+			console.log(
+				'  • Keep this mnemonic secure! It controls the domain!'
+			);
+			console.log(
+				'  • Store it in a safe place (paper backup, hardware wallet, etc.)'
+			);
+			console.log(
+				'  • Delete the file after copying to a secure location'
+			);
+			console.log(`  • Command: rm ${mnemonicFile}`);
+			console.log('\n💡 To use this mnemonic for future operations:');
+			console.log(`  export MNEMONIC="$(cat ${mnemonicFile})"\n`);
+		}
+
+		// Transfer domain
+		console.log(`📋 Transferring domain: ${domain}`);
+		console.log('⏳ Submitting transactions...\n');
+
+		const result = await domainContext.transfer(mnemonic);
+
+		if (result.success) {
+			if (options.json) {
+				console.log(
+					JSON.stringify(
+						{
+							success: true,
+							domain: domain,
+							newOwner: result.data.newOwner,
+							newDid: result.data.newDid,
+							transferTxHash: result.data.transferTxHash,
+							setDidTxHash: result.data.setDidTxHash
+						},
+						null,
+						2
+					)
+				);
+			} else {
+				console.log('✅ Domain transfer successful!\n');
+				console.log('Transaction Details:');
+				console.log('  Domain:', domain);
+				console.log('  New Owner:', result.data.newOwner);
+				console.log('  New DID:', result.data.newDid);
+				console.log('  Transfer Tx:', result.data.transferTxHash);
+				console.log('  Set DID Tx:', result.data.setDidTxHash);
+				if (!newOwnerMnemonic) {
+					console.log(
+						'\n📝 New owner mnemonic saved to: ./transfer-new-owner-mnemonic.txt'
+					);
+				}
+			}
+		} else {
+			console.error('❌ Transfer failed:', result.error);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error('❌ Failed:', error);
+		if (error instanceof Error) {
+			console.error('   Message:', error.message);
+		}
+		process.exit(1);
+	}
+}
+
+/**
+ * Crypto utility: Generate mnemonic
+ */
+async function cryptoGenerate(options: CliOptions): Promise<void> {
+	try {
+		const wordCount = options.words || 12;
+		if (![12, 15, 18, 21, 24].includes(wordCount)) {
+			console.error(
+				'❌ Error: Word count must be one of: 12, 15, 18, 21, 24'
+			);
+			process.exit(1);
+		}
+
+		const mnemonic = generateMnemonic(wordCount);
+
+		// Save mnemonic to file
+		const outputFile = options.output || './mnemonic.txt';
+		fs.writeFileSync(outputFile, mnemonic, 'utf-8');
+
+		if (options.json) {
+			console.log(
+				JSON.stringify(
+					{
+						words: wordCount,
+						savedTo: outputFile
+					},
+					null,
+					2
+				)
+			);
+		} else {
+			console.log(`🔑 Generated ${wordCount}-word mnemonic`);
+			console.log(`📄 Mnemonic saved to: ${outputFile}`);
+			console.log('\n⚠️  SECURITY WARNING:');
+			console.log(
+				'  • Keep this mnemonic secure! It controls all derived keys!'
+			);
+			console.log(
+				'  • Store it in a safe place (paper backup, hardware wallet, etc.)'
+			);
+			console.log(
+				'  • Delete the file after copying to a secure location'
+			);
+			console.log(`  • Command: rm ${outputFile}`);
+			console.log('\n💡 To use the mnemonic:');
+			console.log(`  export MNEMONIC="$(cat ${outputFile})"`);
+		}
+	} catch (error) {
+		console.error('❌ Failed:', error);
+		if (error instanceof Error) {
+			console.error('   Message:', error.message);
+		}
+		process.exit(1);
+	}
+}
+
+/**
+ * Get mnemonic from environment variable
+ */
+function getMnemonic(): string {
+	const mnemonic = process.env.MNEMONIC;
+	if (!mnemonic) {
+		console.error('❌ Error: MNEMONIC environment variable is required');
+		console.error('Please set MNEMONIC environment variable');
+		console.error(
+			'Example: export MNEMONIC="your twelve word mnemonic phrase here"'
+		);
+		console.error(
+			'\n⚠️  Important: Always use quotes for mnemonic phrases!'
+		);
+		process.exit(1);
+	}
+	return mnemonic;
+}
+
+/**
+ * Crypto utility: Get Ethereum address from mnemonic
+ */
+async function cryptoGetAddress(options: CliOptions): Promise<void> {
+	try {
+		const mnemonic = getMnemonic();
+		const address = await getEthereumAddressFromMnemonic(mnemonic);
+
+		if (options.json) {
+			console.log(
+				JSON.stringify(
+					{
+						address: address
+					},
+					null,
+					2
+				)
+			);
+		} else {
+			console.log('🏠 Ethereum Address:');
+			console.log(`   ${address}`);
+		}
+	} catch (error) {
+		console.error('❌ Failed:', error);
+		if (error instanceof Error) {
+			console.error('   Message:', error.message);
+		}
+		process.exit(1);
+	}
+}
+
+/**
+ * Crypto utility: Get DID from mnemonic
+ */
+async function cryptoGetDID(options: CliOptions): Promise<void> {
+	try {
+		const mnemonic = getMnemonic();
+		const did = await getDIDFromMnemonic(mnemonic);
+
+		if (options.json) {
+			console.log(
+				JSON.stringify(
+					{
+						did: did
+					},
+					null,
+					2
+				)
+			);
+		} else {
+			console.log('🆔 DID:');
+			console.log(`   ${did}`);
+		}
+	} catch (error) {
+		console.error('❌ Failed:', error);
+		if (error instanceof Error) {
+			console.error('   Message:', error.message);
+		}
+		process.exit(1);
+	}
+}
+
+/**
+ * Crypto utility: Get EVM private key from mnemonic
+ */
+async function cryptoGetPrivateKey(options: CliOptions): Promise<void> {
+	try {
+		const mnemonic = getMnemonic();
+		const privateKey = await getEVMPrivateKeyFromMnemonic(mnemonic);
+
+		// Save private key to file
+		const outputFile = options.output || './private-key.txt';
+		fs.writeFileSync(outputFile, privateKey, 'utf-8');
+
+		if (options.json) {
+			console.log(
+				JSON.stringify(
+					{
+						savedTo: outputFile
+					},
+					null,
+					2
+				)
+			);
+		} else {
+			console.log('🔑 EVM Private Key generated');
+			console.log(`📄 Private key saved to: ${outputFile}`);
+			console.log('\n⚠️  SECURITY WARNING:');
+			console.log('  • Keep this private key secure! Never share it!');
+			console.log(
+				'  • Delete the file after copying to a secure location'
+			);
+			console.log(`  • Command: rm ${outputFile}`);
+		}
+	} catch (error) {
+		console.error('❌ Failed:', error);
+		if (error instanceof Error) {
+			console.error('   Message:', error.message);
+		}
+		process.exit(1);
+	}
+}
+
+/**
+ * Crypto utility: Derive all keys from mnemonic
+ */
+async function cryptoDerive(options: CliOptions): Promise<void> {
+	try {
+		const mnemonic = getMnemonic();
+		const { owner, did } = await deriveDIDFromMnemonic(mnemonic);
+		const privateKey = await getEVMPrivateKeyFromMnemonic(mnemonic);
+
+		// Save all keys to file
+		const outputFile = options.output || './derived-keys.txt';
+		const fileContent = `Ethereum Address: ${owner}\nDID: ${did}\nPrivate Key: ${privateKey}`;
+		fs.writeFileSync(outputFile, fileContent, 'utf-8');
+
+		if (options.json) {
+			console.log(
+				JSON.stringify(
+					{
+						address: owner,
+						did: did,
+						savedTo: outputFile
+					},
+					null,
+					2
+				)
+			);
+		} else {
+			console.log('🔐 Derived Keys:');
+			console.log('  Address:', owner);
+			console.log('  DID:', did);
+			console.log(`\n📄 All keys saved to: ${outputFile}`);
+			console.log('\n⚠️  SECURITY WARNING:');
+			console.log('  • Keep these credentials secure! Never share them!');
+			console.log(
+				'  • Private key included in file - handle with extreme care!'
+			);
+			console.log(
+				'  • Delete the file after copying to a secure location'
+			);
+			console.log(`  • Command: rm ${outputFile}`);
+		}
+	} catch (error) {
+		console.error('❌ Failed:', error);
+		if (error instanceof Error) {
+			console.error('   Message:', error.message);
+		}
+		process.exit(1);
+	}
+}
+
+// ============================================================================
+// Wallet Management Commands
+// ============================================================================
+
+async function walletEvm(
+	action: string,
+	domain: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const domainContext = didConsole.domain(domain);
+
+		switch (action) {
+			case 'add': {
+				const evmPrivateKey = process.env.EVM_PRIVATE_KEY;
+				if (!evmPrivateKey) {
+					console.error(
+						'❌ Error: EVM_PRIVATE_KEY environment variable is required'
+					);
+					console.error(
+						'   Set it with: export EVM_PRIVATE_KEY="0x..."'
+					);
+					process.exit(1);
+				}
+
+				const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+				await didConsole.setSigner(privateKeyOrMnemonic);
+
+				console.log(`\n💼 Adding EVM wallet to domain: ${domain}`);
+				const result = await domainContext.addEVMWallet(evmPrivateKey);
+
+				if (result.success) {
+					if (options.json) {
+						console.log(
+							JSON.stringify(
+								{
+									success: true,
+									domain,
+									address: result.data?.address,
+									transactionHash: result.transactionHash,
+									gasUsed: result.gasUsed?.toString(),
+									blockNumber: result.blockNumber
+								},
+								null,
+								2
+							)
+						);
+					} else {
+						console.log(`\n✅ EVM wallet added successfully!`);
+						console.log(`   Address: ${result.data?.address}`);
+						console.log(
+							`   Transaction: ${result.transactionHash}`
+						);
+						console.log(
+							`   Gas used: ${result.gasUsed?.toString()}`
+						);
+					}
+				} else {
+					console.error(`\n❌ Failed: ${result.error}`);
+					process.exit(1);
+				}
+				break;
+			}
+
+			case 'remove': {
+				const evmPrivateKey = process.env.EVM_PRIVATE_KEY;
+				if (!evmPrivateKey) {
+					console.error(
+						'❌ Error: EVM_PRIVATE_KEY environment variable is required'
+					);
+					console.error(
+						'   Set it with: export EVM_PRIVATE_KEY="0x..."'
+					);
+					process.exit(1);
+				}
+
+				const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+				await didConsole.setSigner(privateKeyOrMnemonic);
+
+				console.log(`\n🗑️  Removing EVM wallet from domain: ${domain}`);
+				const result = await domainContext.removeEVMWallet(
+					evmPrivateKey
+				);
+
+				if (result.success) {
+					if (options.json) {
+						console.log(
+							JSON.stringify(
+								{
+									success: true,
+									domain,
+									address: result.data?.address,
+									transactionHash: result.transactionHash,
+									gasUsed: result.gasUsed?.toString(),
+									blockNumber: result.blockNumber
+								},
+								null,
+								2
+							)
+						);
+					} else {
+						console.log(`\n✅ EVM wallet removed successfully!`);
+						console.log(`   Address: ${result.data?.address}`);
+						console.log(
+							`   Transaction: ${result.transactionHash}`
+						);
+					}
+				} else {
+					console.error(`\n❌ Failed: ${result.error}`);
+					process.exit(1);
+				}
+				break;
+			}
+
+			case 'list': {
+				console.log(`\n📋 Listing EVM wallets for domain: ${domain}`);
+				const wallets = await domainContext.getEVMWallets();
+
+				if (options.json) {
+					console.log(
+						JSON.stringify(
+							{
+								domain,
+								wallets,
+								count: wallets.length
+							},
+							null,
+							2
+						)
+					);
+				} else {
+					if (wallets.length === 0) {
+						console.log(`   No EVM wallets found`);
+					} else {
+						console.log(`   Found ${wallets.length} wallet(s):`);
+						wallets.forEach((addr, i) => {
+							console.log(`   ${i + 1}. ${addr}`);
+						});
+					}
+				}
+				break;
+			}
+
+			default:
+				console.error(`❌ Unknown action: ${action}`);
+				console.error('   Valid actions: add, remove, list');
+				process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+async function walletSolana(
+	action: string,
+	domain: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const domainContext = didConsole.domain(domain);
+
+		switch (action) {
+			case 'add': {
+				const solanaPrivateKey = process.env.SOLANA_PRIVATE_KEY;
+				if (!solanaPrivateKey) {
+					console.error(
+						'❌ Error: SOLANA_PRIVATE_KEY environment variable is required'
+					);
+					console.error(
+						'   Set it with: export SOLANA_PRIVATE_KEY="[1,2,3,...]"'
+					);
+					console.error(
+						'   Or: export SOLANA_PRIVATE_KEY="base58string"'
+					);
+					process.exit(1);
+				}
+
+				const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+				await didConsole.setSigner(privateKeyOrMnemonic);
+
+				console.log(`\n💼 Adding Solana wallet to domain: ${domain}`);
+				const result = await domainContext.addSolanaWallet(
+					solanaPrivateKey
+				);
+
+				if (result.success) {
+					if (options.json) {
+						console.log(
+							JSON.stringify(
+								{
+									success: true,
+									domain,
+									address: result.data?.address,
+									addressHex: result.data?.addressHex,
+									transactionHash: result.transactionHash,
+									gasUsed: result.gasUsed?.toString(),
+									blockNumber: result.blockNumber
+								},
+								null,
+								2
+							)
+						);
+					} else {
+						console.log(`\n✅ Solana wallet added successfully!`);
+						console.log(`   Address: ${result.data?.address}`);
+						console.log(
+							`   Transaction: ${result.transactionHash}`
+						);
+						console.log(
+							`   Gas used: ${result.gasUsed?.toString()}`
+						);
+					}
+				} else {
+					console.error(`\n❌ Failed: ${result.error}`);
+					process.exit(1);
+				}
+				break;
+			}
+
+			case 'remove': {
+				const solanaPrivateKey = process.env.SOLANA_PRIVATE_KEY;
+				if (!solanaPrivateKey) {
+					console.error(
+						'❌ Error: SOLANA_PRIVATE_KEY environment variable is required'
+					);
+					console.error(
+						'   Set it with: export SOLANA_PRIVATE_KEY="[1,2,3,...]"'
+					);
+					console.error(
+						'   Or: export SOLANA_PRIVATE_KEY="base58string"'
+					);
+					process.exit(1);
+				}
+
+				const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+				await didConsole.setSigner(privateKeyOrMnemonic);
+
+				console.log(
+					`\n🗑️  Removing Solana wallet from domain: ${domain}`
+				);
+				const result = await domainContext.removeSolanaWallet(
+					solanaPrivateKey
+				);
+
+				if (result.success) {
+					if (options.json) {
+						console.log(
+							JSON.stringify(
+								{
+									success: true,
+									domain,
+									address: result.data?.address,
+									addressHex: result.data?.addressHex,
+									transactionHash: result.transactionHash,
+									gasUsed: result.gasUsed?.toString(),
+									blockNumber: result.blockNumber
+								},
+								null,
+								2
+							)
+						);
+					} else {
+						console.log(`\n✅ Solana wallet removed successfully!`);
+						console.log(`   Address: ${result.data?.address}`);
+						console.log(
+							`   Transaction: ${result.transactionHash}`
+						);
+					}
+				} else {
+					console.error(`\n❌ Failed: ${result.error}`);
+					process.exit(1);
+				}
+				break;
+			}
+
+			case 'list': {
+				console.log(
+					`\n📋 Listing Solana wallets for domain: ${domain}`
+				);
+				const wallets = await domainContext.getSolanaWallets();
+
+				if (options.json) {
+					console.log(
+						JSON.stringify(
+							{
+								domain,
+								wallets,
+								count: wallets.length
+							},
+							null,
+							2
+						)
+					);
+				} else {
+					if (wallets.length === 0) {
+						console.log(`   No Solana wallets found`);
+					} else {
+						console.log(`   Found ${wallets.length} wallet(s):`);
+						wallets.forEach((addr, i) => {
+							console.log(`   ${i + 1}. ${addr}`);
+						});
+					}
+				}
+				break;
+			}
+
+			default:
+				console.error(`❌ Unknown action: ${action}`);
+				console.error('   Valid actions: add, remove, list');
+				process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+// ========================================
+// Tag Management Functions
+// ========================================
+
+/**
+ * Define a simple tag type
+ */
+async function tagDefine(
+	domain: string,
+	tagName: string,
+	typeString: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const domainContext = didConsole.domain(domain);
+		const tagCtx = domainContext.tag();
+
+		console.log(`\n📝 Defining tag "${tagName}" for domain: ${domain}`);
+		console.log(`   Type: ${typeString}`);
+
+		// Parse type string and create TagTypeBuilder
+		let tagType: TagTypeBuilder;
+
+		// Support simple types: string, uint8, uint256, int8, int256, bool, address, bytes, bytes32
+		// Match pattern: (type)(size)(array)?
+		// Examples: uint8, string[], bytes32[]
+		const match = typeString.match(
+			/^(uint|int|bytes|string|bool|address)(\d*)(\[\])?$/
+		);
+		if (!match) {
+			throw new Error(
+				`Invalid type string: ${typeString}. Supported: string, uint8, uint256, int8, int256, bool, address, bytes, bytes32, and arrays (e.g., string[], uint8[])`
+			);
+		}
+
+		const [, baseType, size, isArray] = match;
+
+		// Create base type
+		switch (baseType) {
+			case 'string':
+				tagType = TagTypeBuilder.string();
+				break;
+			case 'uint':
+				const uintSize = size ? parseInt(size) : 256;
+				tagType = TagTypeBuilder.uint(uintSize);
+				break;
+			case 'int':
+				const intSize = size ? parseInt(size) : 256;
+				tagType = TagTypeBuilder.int(intSize);
+				break;
+			case 'bool':
+				tagType = TagTypeBuilder.bool();
+				break;
+			case 'address':
+				tagType = TagTypeBuilder.address();
+				break;
+			case 'bytes':
+				if (size) {
+					const bytesSize = parseInt(size);
+					tagType = TagTypeBuilder.fixedBytes(bytesSize);
+				} else {
+					tagType = TagTypeBuilder.bytes();
+				}
+				break;
+			default:
+				throw new Error(`Unsupported type: ${baseType}`);
+		}
+
+		// Wrap in array if needed
+		if (isArray) {
+			tagType = TagTypeBuilder.array(tagType);
+		}
+
+		const result = await tagCtx.defineTag(tagName, tagType);
+
+		if (result.success) {
+			if (options.json) {
+				console.log(
+					JSON.stringify(
+						{
+							success: true,
+							domain,
+							tagName,
+							type: typeString,
+							transactionHash: result.transactionHash,
+							gasUsed: result.gasUsed?.toString(),
+							blockNumber: result.blockNumber
+						},
+						null,
+						2
+					)
+				);
+			} else {
+				console.log(`\n✅ Tag "${tagName}" defined successfully`);
+				console.log(`   Transaction: ${result.transactionHash}`);
+				if (options.verbose) {
+					console.log(`   Block: ${result.blockNumber}`);
+					console.log(`   Gas used: ${result.gasUsed?.toString()}`);
+				}
+			}
+		} else {
+			console.error(`\n❌ Failed to define tag`);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+/**
+ * Set tag value
+ */
+async function tagSet(
+	domain: string,
+	tagName: string,
+	valueStr: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const domainContext = didConsole.domain(domain);
+		const tagCtx = domainContext.tag();
+
+		console.log(`\n📝 Setting tag "${tagName}" for domain: ${domain}`);
+		console.log(`   Value: ${valueStr}`);
+
+		// Try to parse value as JSON, otherwise use as string
+		let value: any;
+		try {
+			value = JSON.parse(valueStr);
+		} catch {
+			value = valueStr;
+		}
+
+		const result = await tagCtx.setTag(domain, tagName, value);
+
+		if (result.success) {
+			if (options.json) {
+				console.log(
+					JSON.stringify(
+						{
+							success: true,
+							domain,
+							tagName,
+							value,
+							transactionHash: result.transactionHash,
+							gasUsed: result.gasUsed?.toString(),
+							blockNumber: result.blockNumber
+						},
+						null,
+						2
+					)
+				);
+			} else {
+				console.log(`\n✅ Tag "${tagName}" set successfully`);
+				console.log(`   Transaction: ${result.transactionHash}`);
+				if (options.verbose) {
+					console.log(`   Block: ${result.blockNumber}`);
+					console.log(`   Gas used: ${result.gasUsed?.toString()}`);
+				}
+			}
+		} else {
+			console.error(`\n❌ Failed to set tag`);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+/**
+ * Get tag value
+ */
+async function tagGet(
+	domain: string,
+	tagName: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const domainContext = didConsole.domain(domain);
+		const tagCtx = domainContext.tag();
+
+		console.log(`\n📖 Getting tag "${tagName}" for domain: ${domain}`);
+
+		const value = await tagCtx.getTag(domain, tagName);
+
+		if (value !== null && value !== undefined) {
+			if (options.json) {
+				console.log(
+					JSON.stringify(
+						{
+							success: true,
+							domain,
+							tagName,
+							value
+						},
+						(_, v) => (typeof v === 'bigint' ? v.toString() : v),
+						2
+					)
+				);
+			} else {
+				console.log(`\n✅ Tag value:`);
+				if (typeof value === 'object') {
+					console.log(
+						`   ${JSON.stringify(
+							value,
+							(_, v) =>
+								typeof v === 'bigint' ? v.toString() : v,
+							2
+						)}`
+					);
+				} else {
+					console.log(`   ${value}`);
+				}
+			}
+		} else {
+			if (options.json) {
+				console.log(
+					JSON.stringify({
+						success: true,
+						domain,
+						tagName,
+						value: null
+					})
+				);
+			} else {
+				console.log(
+					`\n   Tag "${tagName}" has no value (or does not exist)`
+				);
+			}
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+/**
+ * Remove tag value
+ */
+async function tagRemove(
+	domain: string,
+	tagName: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const domainContext = didConsole.domain(domain);
+		const tagCtx = domainContext.tag();
+
+		console.log(`\n🗑️  Removing tag "${tagName}" for domain: ${domain}`);
+
+		const result = await tagCtx.removeTag(domain, tagName);
+
+		if (result.success) {
+			if (options.json) {
+				console.log(
+					JSON.stringify(
+						{
+							success: true,
+							domain,
+							tagName,
+							transactionHash: result.transactionHash,
+							gasUsed: result.gasUsed?.toString(),
+							blockNumber: result.blockNumber
+						},
+						null,
+						2
+					)
+				);
+			} else {
+				console.log(`\n✅ Tag "${tagName}" value removed successfully`);
+				console.log(`   Transaction: ${result.transactionHash}`);
+				if (options.verbose) {
+					console.log(`   Block: ${result.blockNumber}`);
+					console.log(`   Gas used: ${result.gasUsed?.toString()}`);
+				}
+			}
+		} else {
+			console.error(`\n❌ Failed to remove tag`);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+/**
+ * List all tags for a domain
+ */
+async function tagList(domain: string, options: CliOptions): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const domainContext = didConsole.domain(domain);
+
+		console.log(`\n📋 Listing all tags for domain: ${domain}`);
+
+		const tags = await domainContext.getAllTags();
+
+		if (options.json) {
+			console.log(
+				JSON.stringify(
+					{
+						success: true,
+						domain,
+						count: tags.length,
+						tags
+					},
+					(_, v) => (typeof v === 'bigint' ? v.toString() : v),
+					2
+				)
+			);
+		} else {
+			console.log(`\n✅ Found ${tags.length} tags:\n`);
+			for (const tag of tags) {
+				console.log(`   Tag: "${tag.name}"`);
+				if (typeof tag.value === 'object' && tag.value !== null) {
+					console.log(
+						`     Value: ${JSON.stringify(tag.value, (_, v) =>
+							typeof v === 'bigint' ? v.toString() : v
+						)}`
+					);
+				} else {
+					console.log(`     Value: ${tag.value}`);
+				}
+			}
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+/**
+ * List all defined tag types for a domain
+ */
+async function tagListDefined(
+	domain: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const domainContext = didConsole.domain(domain);
+
+		console.log(`\n📋 Listing defined tag types for domain: ${domain}`);
+
+		const tags = await domainContext.getDefinedTags();
+
+		if (options.json) {
+			console.log(
+				JSON.stringify(
+					{
+						success: true,
+						domain,
+						count: tags.length,
+						tags
+					},
+					null,
+					2
+				)
+			);
+		} else {
+			console.log(`\n✅ Found ${tags.length} defined tag types:\n`);
+			for (const tagName of tags) {
+				console.log(`   - ${tagName}`);
+			}
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+/**
+ * Set tagger for a tag
+ */
+async function tagSetTagger(
+	domain: string,
+	tagName: string,
+	taggerAddress: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const privateKeyOrMnemonic = getPrivateKeyOrMnemonic();
+		await didConsole.setSigner(privateKeyOrMnemonic);
+
+		const domainContext = didConsole.domain(domain);
+
+		console.log(
+			`\n🔐 Setting tagger for tag "${tagName}" in domain: ${domain}`
+		);
+		console.log(`   Tagger address: ${taggerAddress}`);
+
+		const result = await domainContext.setTagger(tagName, taggerAddress);
+
+		if (result.success) {
+			if (options.json) {
+				console.log(
+					JSON.stringify(
+						{
+							success: true,
+							domain,
+							tagName,
+							taggerAddress,
+							transactionHash: result.transactionHash,
+							gasUsed: result.gasUsed?.toString(),
+							blockNumber: result.blockNumber
+						},
+						null,
+						2
+					)
+				);
+			} else {
+				console.log(`\n✅ Tagger set successfully`);
+				console.log(`   Transaction: ${result.transactionHash}`);
+				if (options.verbose) {
+					console.log(`   Block: ${result.blockNumber}`);
+					console.log(`   Gas used: ${result.gasUsed?.toString()}`);
+				}
+			}
+		} else {
+			console.error(`\n❌ Failed to set tagger`);
+			process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+/**
+ * Get tagger for a tag
+ */
+async function tagGetTagger(
+	domain: string,
+	tagName: string,
+	options: CliOptions
+): Promise<void> {
+	try {
+		const didConsole = getConsole(options);
+		const domainContext = didConsole.domain(domain);
+		const tagCtx = domainContext.tag();
+
+		console.log(
+			`\n🔍 Getting tagger for tag "${tagName}" in domain: ${domain}`
+		);
+
+		const taggerAddress = await tagCtx.getTagger(tagName);
+
+		if (options.json) {
+			console.log(
+				JSON.stringify(
+					{
+						success: true,
+						domain,
+						tagName,
+						taggerAddress
+					},
+					null,
+					2
+				)
+			);
+		} else {
+			console.log(`\n✅ Tagger address: ${taggerAddress}`);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		process.exit(1);
+	}
+}
+
+async function main(): Promise<void> {
+	const parsed = parseArgs();
+	const { command, subCommand, value, options } = parsed;
+	// Support Olares ID format (user@domain.com) by converting to standard domain format
+	const domain = parsed.domain ? normalizeToDomain(parsed.domain) : undefined;
+
+	if (options.help || !command || command === 'help') {
+		showHelp();
+		return;
+	}
+
+	// Set debug options
+	if (options.verbose || options.debug) {
+		debug.enable();
+		debug.setLevel(options.debugLevel as any);
+	}
+
+	try {
+		switch (command) {
+			// Query commands
+			case 'info':
+				if (!domain) {
+					console.error('❌ Error: Domain argument is required');
+					console.error('Usage: did-cli info <domain>');
+					process.exit(1);
+				}
+				await getDomainInfo(domain, options);
+				break;
+
+			case 'owner':
+				if (!domain) {
+					console.error('❌ Error: Domain argument is required');
+					console.error('Usage: did-cli owner <domain>');
+					process.exit(1);
+				}
+				await getDomainOwner(domain, options);
+				break;
+
+			case 'is-owner':
+				if (!domain) {
+					console.error('❌ Error: Domain argument is required');
+					console.error('Usage: did-cli is-owner <domain>');
+					console.error(
+						'Note: Set PRIVATE_KEY_OR_MNEMONIC environment variable first'
+					);
+					process.exit(1);
+				}
+				await checkIsOwner(domain, options);
+				break;
+
+			// Transfer command
+			case 'transfer':
+				if (!domain) {
+					console.error('❌ Error: Domain argument is required');
+					console.error('Usage: did-cli transfer <domain>');
+					console.error('Options: --words 12|24 (default: 12)');
+					console.error(
+						'Note: Set PRIVATE_KEY_OR_MNEMONIC environment variable first'
+					);
+					console.error(
+						'Optional: Set MNEMONIC environment variable for new owner (auto-generates if not set)'
+					);
+					process.exit(1);
+				}
+				await transferDomain(domain, options);
+				break;
+
+			// RSA commands
+			case 'rsa':
+				if (!subCommand) {
+					console.error('❌ Error: RSA subcommand is required');
+					console.error(
+						'Usage: did-cli rsa <generate|get|set|remove> [args]'
+					);
+					process.exit(1);
+				}
+				switch (subCommand) {
+					case 'generate':
+						await generateRsaKey(options);
+						break;
+					case 'get':
+						if (!domain) {
+							console.error(
+								'❌ Error: Domain argument is required'
+							);
+							process.exit(1);
+						}
+						await getRsaKey(domain, options);
+						break;
+					case 'set':
+						if (!domain || !value) {
+							console.error(
+								'❌ Error: Domain and PEM file path are required'
+							);
+							console.error(
+								'Usage: did-cli rsa set <domain> <pem-file>'
+							);
+							console.error(
+								'Note: Set PRIVATE_KEY_OR_MNEMONIC environment variable first'
+							);
+							process.exit(1);
+						}
+						await setRsaKey(domain, value, options);
+						break;
+					case 'remove':
+						if (!domain) {
+							console.error(
+								'❌ Error: Domain argument is required'
+							);
+							process.exit(1);
+						}
+						await removeRsaKey(domain, options);
+						break;
+					default:
+						console.error(
+							`❌ Unknown RSA subcommand: ${subCommand}`
+						);
+						process.exit(1);
+				}
+				break;
+
+			// IP commands
+			case 'ip':
+				if (!subCommand) {
+					console.error('❌ Error: IP subcommand is required');
+					console.error('Usage: did-cli ip <get|set|remove> [args]');
+					process.exit(1);
+				}
+				switch (subCommand) {
+					case 'get':
+						if (!domain) {
+							console.error(
+								'❌ Error: Domain argument is required'
+							);
+							process.exit(1);
+						}
+						await getIP(domain, options);
+						break;
+					case 'set':
+						if (!domain || !value) {
+							console.error(
+								'❌ Error: Domain and IP address are required'
+							);
+							console.error(
+								'Usage: did-cli ip set <domain> <ip-address>'
+							);
+							console.error(
+								'Note: Set PRIVATE_KEY_OR_MNEMONIC environment variable first'
+							);
+							process.exit(1);
+						}
+						await setIP(domain, value, options);
+						break;
+					case 'remove':
+						if (!domain) {
+							console.error(
+								'❌ Error: Domain argument is required'
+							);
+							process.exit(1);
+						}
+						await removeIP(domain, options);
+						break;
+					default:
+						console.error(
+							`❌ Unknown IP subcommand: ${subCommand}`
+						);
+						process.exit(1);
+				}
+				break;
+
+			// Subdomain commands
+			case 'subdomain':
+				if (!subCommand) {
+					console.error('❌ Error: Subdomain subcommand is required');
+					console.error(
+						'Usage: did-cli subdomain <register> <parent-domain> <subdomain-label>'
+					);
+					process.exit(1);
+				}
+				switch (subCommand) {
+					case 'register':
+						if (!domain || !value) {
+							console.error(
+								'❌ Error: Parent domain and subdomain label are required'
+							);
+							console.error(
+								'Usage: did-cli subdomain register <parent-domain> <subdomain-label>'
+							);
+							console.error(
+								'Options: --words 12|24 (default: 12)'
+							);
+							console.error(
+								'Note: Set PRIVATE_KEY_OR_MNEMONIC environment variable first'
+							);
+							console.error(
+								'Optional: Set MNEMONIC environment variable for subdomain owner (auto-generates if not set)'
+							);
+							process.exit(1);
+						}
+						await registerSubdomain(domain, value, options);
+						break;
+					default:
+						console.error(
+							`❌ Unknown subdomain subcommand: ${subCommand}`
+						);
+						process.exit(1);
+				}
+				break;
+
+			// Operator commands
+			case 'operator':
+				if (!subCommand) {
+					console.error('❌ Error: Operator subcommand is required');
+					console.error('Usage: did-cli operator <get|set> [args]');
+					process.exit(1);
+				}
+				switch (subCommand) {
+					case 'get':
+						await getOperator(options);
+						break;
+					case 'set':
+						if (!domain) {
+							console.error(
+								'❌ Error: Operator address is required'
+							);
+							console.error(
+								'Usage: did-cli operator set <address>'
+							);
+							console.error(
+								'Note: Set PRIVATE_KEY_OR_MNEMONIC environment variable first'
+							);
+							process.exit(1);
+						}
+						await setOperator(domain, options);
+						break;
+					default:
+						console.error(
+							`❌ Unknown operator subcommand: ${subCommand}`
+						);
+						process.exit(1);
+				}
+				break;
+
+			// Crypto utilities
+			case 'crypto':
+				if (!subCommand) {
+					console.error('❌ Error: Crypto subcommand is required');
+					console.error(
+						'Usage: did-cli crypto <generate|address|did|privatekey|derive> [mnemonic]'
+					);
+					process.exit(1);
+				}
+				switch (subCommand) {
+					case 'generate':
+						await cryptoGenerate(options);
+						break;
+					case 'address':
+						await cryptoGetAddress(options);
+						break;
+					case 'did':
+						await cryptoGetDID(options);
+						break;
+					case 'privatekey':
+						await cryptoGetPrivateKey(options);
+						break;
+					case 'derive':
+						await cryptoDerive(options);
+						break;
+					default:
+						console.error(
+							`❌ Unknown crypto subcommand: ${subCommand}`
+						);
+						console.error(
+							'Available: generate, address, did, privatekey, derive'
+						);
+						process.exit(1);
+				}
+				break;
+
+			// Conversion utilities
+			case 'convert':
+				if (!subCommand) {
+					console.error('❌ Error: Conversion type is required');
+					console.error(
+						'Usage: did-cli convert <pem-to-der|der-to-pem|ip-to-bytes|bytes-to-ip> <value>'
+					);
+					process.exit(1);
+				}
+				switch (subCommand) {
+					case 'pem-to-der':
+						if (!domain) {
+							console.error(
+								'❌ Error: PEM file path is required'
+							);
+							process.exit(1);
+						}
+						convertPemToDer(domain, options);
+						break;
+					case 'der-to-pem':
+						if (!domain) {
+							console.error(
+								'❌ Error: DER hex string is required'
+							);
+							process.exit(1);
+						}
+						convertDerToPem(domain, options);
+						break;
+					case 'ip-to-bytes':
+						if (!domain) {
+							console.error('❌ Error: IP address is required');
+							process.exit(1);
+						}
+						convertIpToBytes(domain, options);
+						break;
+					case 'bytes-to-ip':
+						if (!domain) {
+							console.error(
+								'❌ Error: Bytes4 hex string is required'
+							);
+							process.exit(1);
+						}
+						convertBytesToIp(domain, options);
+						break;
+					default:
+						console.error(
+							`❌ Unknown conversion type: ${subCommand}`
+						);
+						process.exit(1);
+				}
+				break;
+
+			case 'wallet':
+				if (!subCommand) {
+					console.error('❌ Error: Wallet subcommand is required');
+					console.error(
+						'Usage: did-cli wallet <evm|solana> <add|remove|list> <domain>'
+					);
+					process.exit(1);
+				}
+
+				switch (subCommand) {
+					case 'evm':
+						if (!domain || !value) {
+							console.error(
+								'❌ Error: wallet evm requires <action> and <domain>'
+							);
+							console.error(
+								'Usage: did-cli wallet evm <add|remove|list> <domain>'
+							);
+							process.exit(1);
+						}
+						await walletEvm(domain, value, options);
+						break;
+					case 'solana':
+						if (!domain || !value) {
+							console.error(
+								'❌ Error: wallet solana requires <action> and <domain>'
+							);
+							console.error(
+								'Usage: did-cli wallet solana <add|remove|list> <domain>'
+							);
+							process.exit(1);
+						}
+						await walletSolana(domain, value, options);
+						break;
+					default:
+						console.error(`❌ Unknown wallet type: ${subCommand}`);
+						console.error(
+							'Usage: did-cli wallet <evm|solana> <add|remove|list> <domain>'
+						);
+						process.exit(1);
+				}
+				break;
+
+			// Tag commands
+			case 'tag':
+				if (!subCommand) {
+					console.error('❌ Error: Tag subcommand is required');
+					console.error(
+						'Usage: did-cli tag <define|set|get|remove|list|list-defined|set-tagger|get-tagger> [args]'
+					);
+					process.exit(1);
+				}
+
+				switch (subCommand) {
+					case 'define':
+						if (!domain || !value) {
+							console.error(
+								'❌ Error: tag define requires <domain>, <tag-name> and <type>'
+							);
+							console.error(
+								'Usage: did-cli tag define <domain> <tag-name> <type>'
+							);
+							console.error(
+								'   Supported types: string, uint8, uint256, int8, int256, bool, address, bytes, bytes32'
+							);
+							console.error(
+								'   Array types: string[], uint8[], etc.'
+							);
+							console.error(
+								'\nNote: Set PRIVATE_KEY_OR_MNEMONIC environment variable first'
+							);
+							process.exit(1);
+						}
+						// For define command: domain=tagName, value=type
+						// We need to get the actual domain from the previous positional arg
+						// This is a bit tricky with current parsing, let's handle it
+						{
+							const args = process.argv.slice(2);
+							const defineIdx = args.indexOf('define');
+							if (defineIdx >= 0 && args.length > defineIdx + 3) {
+								const actualDomain = args[defineIdx + 1];
+								const tagName = args[defineIdx + 2];
+								const typeString = args[defineIdx + 3];
+								await tagDefine(
+									actualDomain,
+									tagName,
+									typeString,
+									options
+								);
+							} else {
+								console.error(
+									'❌ Error: Missing arguments for tag define'
+								);
+								console.error(
+									'Usage: did-cli tag define <domain> <tag-name> <type>'
+								);
+								process.exit(1);
+							}
+						}
+						break;
+
+					case 'set':
+						if (!domain || !value) {
+							console.error(
+								'❌ Error: tag set requires <domain>, <tag-name> and <value>'
+							);
+							console.error(
+								'Usage: did-cli tag set <domain> <tag-name> <value>'
+							);
+							console.error(
+								'   Value can be a string or JSON (e.g., \'["item1","item2"]\' for arrays)'
+							);
+							console.error(
+								'\nNote: Set PRIVATE_KEY_OR_MNEMONIC environment variable first'
+							);
+							process.exit(1);
+						}
+						{
+							const args = process.argv.slice(2);
+							const setIdx = args.indexOf('set');
+							if (setIdx >= 0 && args.length > setIdx + 3) {
+								const actualDomain = args[setIdx + 1];
+								const tagName = args[setIdx + 2];
+								const valueStr = args[setIdx + 3];
+								await tagSet(
+									actualDomain,
+									tagName,
+									valueStr,
+									options
+								);
+							} else {
+								console.error(
+									'❌ Error: Missing arguments for tag set'
+								);
+								console.error(
+									'Usage: did-cli tag set <domain> <tag-name> <value>'
+								);
+								process.exit(1);
+							}
+						}
+						break;
+
+					case 'get':
+						if (!domain) {
+							console.error(
+								'❌ Error: tag get requires <domain> and <tag-name>'
+							);
+							console.error(
+								'Usage: did-cli tag get <domain> <tag-name>'
+							);
+							process.exit(1);
+						}
+						{
+							const args = process.argv.slice(2);
+							const getIdx = args.indexOf('get');
+							if (getIdx >= 0 && args.length > getIdx + 2) {
+								const actualDomain = args[getIdx + 1];
+								const tagName = args[getIdx + 2];
+								await tagGet(actualDomain, tagName, options);
+							} else {
+								console.error(
+									'❌ Error: Missing arguments for tag get'
+								);
+								console.error(
+									'Usage: did-cli tag get <domain> <tag-name>'
+								);
+								process.exit(1);
+							}
+						}
+						break;
+
+					case 'remove':
+						if (!domain) {
+							console.error(
+								'❌ Error: tag remove requires <domain> and <tag-name>'
+							);
+							console.error(
+								'Usage: did-cli tag remove <domain> <tag-name>'
+							);
+							console.error(
+								'\nNote: Set PRIVATE_KEY_OR_MNEMONIC environment variable first'
+							);
+							process.exit(1);
+						}
+						{
+							const args = process.argv.slice(2);
+							const removeIdx = args.indexOf('remove');
+							if (removeIdx >= 0 && args.length > removeIdx + 2) {
+								const actualDomain = args[removeIdx + 1];
+								const tagName = args[removeIdx + 2];
+								await tagRemove(actualDomain, tagName, options);
+							} else {
+								console.error(
+									'❌ Error: Missing arguments for tag remove'
+								);
+								console.error(
+									'Usage: did-cli tag remove <domain> <tag-name>'
+								);
+								process.exit(1);
+							}
+						}
+						break;
+
+					case 'list':
+						if (!domain) {
+							console.error(
+								'❌ Error: Domain argument is required'
+							);
+							console.error('Usage: did-cli tag list <domain>');
+							process.exit(1);
+						}
+						await tagList(domain, options);
+						break;
+
+					case 'list-defined':
+						if (!domain) {
+							console.error(
+								'❌ Error: Domain argument is required'
+							);
+							console.error(
+								'Usage: did-cli tag list-defined <domain>'
+							);
+							process.exit(1);
+						}
+						await tagListDefined(domain, options);
+						break;
+
+					case 'set-tagger':
+						if (!domain || !value) {
+							console.error(
+								'❌ Error: tag set-tagger requires <domain>, <tag-name> and <tagger-address>'
+							);
+							console.error(
+								'Usage: did-cli tag set-tagger <domain> <tag-name> <tagger-address>'
+							);
+							console.error(
+								'\nNote: Set PRIVATE_KEY_OR_MNEMONIC environment variable first'
+							);
+							process.exit(1);
+						}
+						{
+							const args = process.argv.slice(2);
+							const setTaggerIdx = args.indexOf('set-tagger');
+							if (
+								setTaggerIdx >= 0 &&
+								args.length > setTaggerIdx + 3
+							) {
+								const actualDomain = args[setTaggerIdx + 1];
+								const tagName = args[setTaggerIdx + 2];
+								const taggerAddress = args[setTaggerIdx + 3];
+								await tagSetTagger(
+									actualDomain,
+									tagName,
+									taggerAddress,
+									options
+								);
+							} else {
+								console.error(
+									'❌ Error: Missing arguments for tag set-tagger'
+								);
+								console.error(
+									'Usage: did-cli tag set-tagger <domain> <tag-name> <tagger-address>'
+								);
+								process.exit(1);
+							}
+						}
+						break;
+
+					case 'get-tagger':
+						if (!domain) {
+							console.error(
+								'❌ Error: tag get-tagger requires <domain> and <tag-name>'
+							);
+							console.error(
+								'Usage: did-cli tag get-tagger <domain> <tag-name>'
+							);
+							process.exit(1);
+						}
+						{
+							const args = process.argv.slice(2);
+							const getTaggerIdx = args.indexOf('get-tagger');
+							if (
+								getTaggerIdx >= 0 &&
+								args.length > getTaggerIdx + 2
+							) {
+								const actualDomain = args[getTaggerIdx + 1];
+								const tagName = args[getTaggerIdx + 2];
+								await tagGetTagger(
+									actualDomain,
+									tagName,
+									options
+								);
+							} else {
+								console.error(
+									'❌ Error: Missing arguments for tag get-tagger'
+								);
+								console.error(
+									'Usage: did-cli tag get-tagger <domain> <tag-name>'
+								);
+								process.exit(1);
+							}
+						}
+						break;
+
+					default:
+						console.error(
+							`❌ Unknown tag subcommand: ${subCommand}`
+						);
+						console.error(
+							'Usage: did-cli tag <define|set|get|remove|list|list-defined|set-tagger|get-tagger> [args]'
+						);
+						process.exit(1);
+				}
+				break;
+
+			// Legacy commands
+			case 'fetch':
+			case 'fetch-domain':
+				if (!domain) {
+					console.error('❌ Error: Domain argument is required');
+					console.error('Usage: did-cli fetch <domain> [options]');
+					process.exit(1);
+				}
+				await fetchDomain(domain, options);
+				break;
+
+			default:
+				console.error(`❌ Unknown command: ${command}`);
+				console.error('Run "did-cli help" for usage information');
+				process.exit(1);
+		}
+	} catch (error) {
+		console.error(
+			'❌ Error:',
+			error instanceof Error ? error.message : String(error)
+		);
+		if (debug.isEnabled()) {
+			debug.error('Full error details:', error);
+		}
+		process.exit(1);
 	}
 }