@byreal-io/byreal-cli-realclaw 0.3.13 → 0.4.1

package/dist/index.cjs

@@ -969,7 +969,7 @@ var require_command = __commonJS({
     var EventEmitter = require("node:events").EventEmitter;
     var childProcess = require("node:child_process");
     var path3 = require("node:path");
-    var fs2 = require("node:fs");
+    var fs3 = require("node:fs");
     var process3 = require("node:process");
     var { Argument: Argument2, humanReadableArgName } = require_argument();
     var { CommanderError: CommanderError2 } = require_error();
@@ -1902,10 +1902,10 @@ Expecting one of '${allowedValues.join("', '")}'`);
         const sourceExt = [".js", ".ts", ".tsx", ".mjs", ".cjs"];
         function findFile(baseDir, baseName) {
           const localBin = path3.resolve(baseDir, baseName);
-          if (fs2.existsSync(localBin)) return localBin;
+          if (fs3.existsSync(localBin)) return localBin;
           if (sourceExt.includes(path3.extname(baseName))) return void 0;
           const foundExt = sourceExt.find(
-            (ext) => fs2.existsSync(`${localBin}${ext}`)
+            (ext) => fs3.existsSync(`${localBin}${ext}`)
           );
           if (foundExt) return `${localBin}${foundExt}`;
           return void 0;
@@ -1917,7 +1917,7 @@ Expecting one of '${allowedValues.join("', '")}'`);
         if (this._scriptPath) {
           let resolvedScriptPath;
           try {
-            resolvedScriptPath = fs2.realpathSync(this._scriptPath);
+            resolvedScriptPath = fs3.realpathSync(this._scriptPath);
           } catch (err2) {
             resolvedScriptPath = this._scriptPath;
           }
@@ -3029,11 +3029,11 @@ var require_commander = __commonJS({
 });
 
 // src/core/constants.ts
-var INJECTED_VERSION, VERSION, CLI_NAME, NPM_PACKAGE, API_BASE_URL, API_ENDPOINTS, SOLANA_RPC_URL, SOLANA_CLUSTER, JUPITER_API_KEY, JUP_PAID_BASE, JUP_FREE_BASE, TITAN_API_URL, TITAN_AUTH_TOKEN, DFLOW_PAID_URL, DFLOW_FREE_URL, DFLOW_API_KEY, CONFIG_DIR, CONFIG_FILE, DEFAULTS, TABLE_CHARS, LOGO, EXPERIMENTAL_WARNING, DEFAULT_CONFIG, DIR_PERMISSIONS;
+var INJECTED_VERSION, VERSION, CLI_NAME, NPM_PACKAGE, API_BASE_URL, API_ENDPOINTS, SOLANA_RPC_URL, SOLANA_CLUSTER, JUPITER_API_KEY, JUP_PAID_BASE, JUP_FREE_BASE, TITAN_API_URL, TITAN_AUTH_TOKEN, DFLOW_PAID_URL, DFLOW_FREE_URL, DFLOW_API_KEY, CONFIG_DIR, CONFIG_FILE, SOLANA_MAINNET_CAIP2, PRIVY_API_BASE_PATH_DEFAULT, PRIVY_PROXY_URL_ENV, PRIVY_API_BASE_PATH_ENV, AGENT_TOKEN_ENV, REALCLAW_CONFIG_PATH, SKILL_AGENT_TOKEN_CONFIG_PATH, LEGACY_AGENT_TOKEN_PATH, PRIVY_STRATEGY_ID, PRIVY_STRATEGY_NAME, DEFAULTS, TABLE_CHARS, LOGO, EXPERIMENTAL_WARNING, DEFAULT_CONFIG, DIR_PERMISSIONS;
 var init_constants = __esm({
   "src/core/constants.ts"() {
     "use strict";
-    INJECTED_VERSION = true ? "0.3.13" : void 0;
+    INJECTED_VERSION = true ? "0.4.1" : void 0;
     VERSION = INJECTED_VERSION ?? process.env.npm_package_version ?? "0.0.0";
     CLI_NAME = "byreal-cli";
     NPM_PACKAGE = "@byreal-io/byreal-cli-realclaw";
@@ -3077,6 +3077,16 @@ var init_constants = __esm({
     DFLOW_API_KEY = process.env.DFLOW_API_KEY;
     CONFIG_DIR = "~/.config/byreal";
     CONFIG_FILE = "config.json";
+    SOLANA_MAINNET_CAIP2 = "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp";
+    PRIVY_API_BASE_PATH_DEFAULT = "/byreal/api/privy-proxy/v1";
+    PRIVY_PROXY_URL_ENV = process.env.PRIVY_PROXY_URL;
+    PRIVY_API_BASE_PATH_ENV = process.env.PRIVY_API_BASE_PATH;
+    AGENT_TOKEN_ENV = process.env.AGENT_TOKEN;
+    REALCLAW_CONFIG_PATH = "~/.openclaw/realclaw-config.json";
+    SKILL_AGENT_TOKEN_CONFIG_PATH = "~/.openclaw/skills/agent-token/scripts/config.json";
+    LEGACY_AGENT_TOKEN_PATH = "~/.openclaw/agent_token";
+    PRIVY_STRATEGY_ID = "byreal_cli";
+    PRIVY_STRATEGY_NAME = "Byreal CLI";
     DEFAULTS = {
       OUTPUT_FORMAT: "table",
       LIST_LIMIT: 100,
@@ -20229,7 +20239,7 @@ var require_constants = __commonJS({
 // node_modules/node-gyp-build/node-gyp-build.js
 var require_node_gyp_build = __commonJS({
   "node_modules/node-gyp-build/node-gyp-build.js"(exports2, module2) {
-    var fs2 = require("fs");
+    var fs3 = require("fs");
     var path3 = require("path");
     var os3 = require("os");
     var runtimeRequire = typeof __webpack_require__ === "function" ? __non_webpack_require__ : require;
@@ -20290,7 +20300,7 @@ var require_node_gyp_build = __commonJS({
     };
     function readdirSync(dir) {
       try {
-        return fs2.readdirSync(dir);
+        return fs3.readdirSync(dir);
       } catch (err2) {
         return [];
       }
@@ -20384,7 +20394,7 @@ var require_node_gyp_build = __commonJS({
       return typeof window !== "undefined" && window.process && window.process.type === "renderer";
     }
     function isAlpine(platform2) {
-      return platform2 === "linux" && fs2.existsSync("/etc/alpine-release");
+      return platform2 === "linux" && fs3.existsSync("/etc/alpine-release");
     }
     load.parseTags = parseTags;
     load.matchTags = matchTags;
@@ -36092,19 +36102,19 @@ var require_file_uri_to_path = __commonJS({
 // node_modules/bindings/bindings.js
 var require_bindings = __commonJS({
   "node_modules/bindings/bindings.js"(exports2, module2) {
-    var fs2 = require("fs");
+    var fs3 = require("fs");
     var path3 = require("path");
     var fileURLToPath = require_file_uri_to_path();
     var join4 = path3.join;
     var dirname = path3.dirname;
-    var exists = fs2.accessSync && function(path4) {
+    var exists = fs3.accessSync && function(path4) {
       try {
-        fs2.accessSync(path4);
+        fs3.accessSync(path4);
       } catch (e) {
         return false;
       }
       return true;
-    } || fs2.existsSync || path3.existsSync;
+    } || fs3.existsSync || path3.existsSync;
     var defaults = {
       arrow: process.env.NODE_BINDINGS_ARROW || " \u2192 ",
       compiled: process.env.NODE_BINDINGS_COMPILED_DIR || "compiled",
@@ -37826,6 +37836,117 @@ function configInvalidError(reason) {
     retryable: false
   });
 }
+function privyNotConfiguredError() {
+  return new ByrealError({
+    code: ErrorCodes.PRIVY_NOT_CONFIGURED,
+    type: "AUTH",
+    message: "Privy signing is not configured. The --execute flag requires a Privy agent token and proxy URL.",
+    suggestions: [
+      {
+        action: "setup-realclaw",
+        description: "Place ~/.openclaw/realclaw-config.json with baseUrl and wallets[]"
+      },
+      {
+        action: "setup-legacy",
+        description: "Or place ~/.openclaw/agent_token plus a Privy proxy URL in ~/.config/byreal/config.json",
+        command: "byreal-cli config set privy_proxy_url <url>"
+      },
+      {
+        action: "fallback-unsigned",
+        description: "Or drop --execute to keep the default behavior of emitting an unsigned transaction for an external signer"
+      }
+    ],
+    retryable: false
+  });
+}
+function privyWalletNotFoundError(walletAddress) {
+  return new ByrealError({
+    code: ErrorCodes.PRIVY_WALLET_NOT_FOUND,
+    type: "AUTH",
+    message: `No Privy agent token found for wallet address ${walletAddress}.`,
+    details: { walletAddress },
+    suggestions: [
+      {
+        action: "check-config",
+        description: 'Confirm ~/.openclaw/realclaw-config.json has a wallets[] entry with type="solana" matching this address'
+      },
+      {
+        action: "fallback-unsigned",
+        description: "Or drop --execute to skip Privy signing and emit an unsigned transaction (the default)"
+      }
+    ],
+    retryable: false
+  });
+}
+function privyAuthError(message) {
+  return new ByrealError({
+    code: ErrorCodes.PRIVY_AUTH_FAILED,
+    type: "AUTH",
+    message: `Privy authentication failed: ${message}`,
+    suggestions: [
+      {
+        action: "check-token",
+        description: "Verify that your agent token is valid and not expired. Tokens are revoked after grant revocation."
+      }
+    ],
+    retryable: false
+  });
+}
+function privyBadRequestError(message) {
+  return new ByrealError({
+    code: ErrorCodes.PRIVY_BAD_REQUEST,
+    type: "VALIDATION",
+    message: `Privy proxy rejected request: ${message}`,
+    retryable: false
+  });
+}
+function privyRateLimitedError() {
+  return new ByrealError({
+    code: ErrorCodes.PRIVY_RATE_LIMITED,
+    type: "NETWORK",
+    message: "Privy proxy rate-limited the request. Please retry later.",
+    retryable: true
+  });
+}
+function privyUpstreamError(message, retryable = true) {
+  return new ByrealError({
+    code: ErrorCodes.PRIVY_UPSTREAM_ERROR,
+    type: "NETWORK",
+    message: `Privy proxy upstream error: ${message}`,
+    retryable
+  });
+}
+function privyTimeoutError(timeoutMs) {
+  return new ByrealError({
+    code: ErrorCodes.PRIVY_TIMEOUT,
+    type: "NETWORK",
+    message: `Privy proxy did not respond within ${timeoutMs}ms.`,
+    retryable: true
+  });
+}
+function privyBusinessError(retCode, retMsg) {
+  return new ByrealError({
+    code: ErrorCodes.PRIVY_BUSINESS_ERROR,
+    type: "BUSINESS",
+    message: `Privy business error retCode=${retCode}: ${retMsg}`,
+    details: { retCode, retMsg },
+    retryable: false
+  });
+}
+function conflictingFlagsError(flagA, flagB) {
+  return new ByrealError({
+    code: ErrorCodes.INVALID_PARAMETER,
+    type: "VALIDATION",
+    message: `Conflicting flags: ${flagA} and ${flagB} cannot be used together.`,
+    suggestions: [
+      {
+        action: "pick-one",
+        description: `Use either ${flagA} or ${flagB}, not both.`
+      }
+    ],
+    retryable: false
+  });
+}
 function formatErrorForOutput(error) {
   if (error instanceof ByrealError) {
     return {
@@ -37860,6 +37981,15 @@ var init_errors = __esm({
       POSITION_NOT_FOUND: "POSITION_NOT_FOUND",
       // Auth errors
       MISSING_WALLET_ADDRESS: "MISSING_WALLET_ADDRESS",
+      // Privy signing errors
+      PRIVY_NOT_CONFIGURED: "PRIVY_NOT_CONFIGURED",
+      PRIVY_WALLET_NOT_FOUND: "PRIVY_WALLET_NOT_FOUND",
+      PRIVY_AUTH_FAILED: "PRIVY_AUTH_FAILED",
+      PRIVY_BAD_REQUEST: "PRIVY_BAD_REQUEST",
+      PRIVY_RATE_LIMITED: "PRIVY_RATE_LIMITED",
+      PRIVY_UPSTREAM_ERROR: "PRIVY_UPSTREAM_ERROR",
+      PRIVY_TIMEOUT: "PRIVY_TIMEOUT",
+      PRIVY_BUSINESS_ERROR: "PRIVY_BUSINESS_ERROR",
       // Config errors
       CONFIG_NOT_FOUND: "CONFIG_NOT_FOUND",
       CONFIG_INVALID: "CONFIG_INVALID",
@@ -37956,6 +38086,12 @@ function loadConfig() {
         ...parsed.defaults || {}
       }
     };
+    if (typeof parsed.privy_proxy_url === "string" && parsed.privy_proxy_url) {
+      config3.privy_proxy_url = parsed.privy_proxy_url;
+    }
+    if (typeof parsed.privy_api_base_path === "string" && parsed.privy_api_base_path) {
+      config3.privy_api_base_path = parsed.privy_api_base_path;
+    }
     return ok(config3);
   } catch (e) {
     if (e instanceof SyntaxError) {
@@ -38044,6 +38180,20 @@ function validateConfigValue(key, value) {
       }
       return ok(num);
     }
+    case "privy_proxy_url": {
+      try {
+        new URL(value);
+        return ok(value.replace(/\/+$/, ""));
+      } catch {
+        return err(validationError("privy_proxy_url must be a valid URL", "privy_proxy_url"));
+      }
+    }
+    case "privy_api_base_path": {
+      if (!value.startsWith("/")) {
+        return err(validationError("privy_api_base_path must start with /", "privy_api_base_path"));
+      }
+      return ok(value.replace(/\/+$/, ""));
+    }
     default:
       return ok(value);
   }
@@ -38062,7 +38212,9 @@ var init_config = __esm({
       "rpc_url",
       "cluster",
       "defaults.priority_fee_micro_lamports",
-      "defaults.slippage_bps"
+      "defaults.slippage_bps",
+      "privy_proxy_url",
+      "privy_api_base_path"
     ]);
   }
 });
@@ -62373,9 +62525,9 @@ var require_workspace = __commonJS({
         programName = (0, camelcase_1.default)(programName);
         if (workspaceCache[programName])
           return workspaceCache[programName];
-        const fs2 = require("fs");
+        const fs3 = require("fs");
         const path3 = require("path");
-        const anchorToml = toml.parse(fs2.readFileSync("Anchor.toml"));
+        const anchorToml = toml.parse(fs3.readFileSync("Anchor.toml"));
         const clusterId = anchorToml.provider.cluster;
         const programs = (_a = anchorToml.programs) === null || _a === void 0 ? void 0 : _a[clusterId];
         let programEntry;
@@ -62389,16 +62541,16 @@ var require_workspace = __commonJS({
           programId = programEntry.address;
         } else {
           const idlDirPath = path3.join("target", "idl");
-          const fileName = fs2.readdirSync(idlDirPath).find((name) => (0, camelcase_1.default)(path3.parse(name).name) === programName);
+          const fileName = fs3.readdirSync(idlDirPath).find((name) => (0, camelcase_1.default)(path3.parse(name).name) === programName);
           if (!fileName) {
             throw new Error(`Failed to find IDL of program \`${programName}\``);
           }
           idlPath = path3.join(idlDirPath, fileName);
         }
-        if (!fs2.existsSync(idlPath)) {
+        if (!fs3.existsSync(idlPath)) {
           throw new Error(`${idlPath} doesn't exist. Did you run \`anchor build\`?`);
         }
-        const idl = JSON.parse(fs2.readFileSync(idlPath));
+        const idl = JSON.parse(fs3.readFileSync(idlPath));
         if (programId) {
           idl.address = programId;
         }
@@ -84780,6 +84932,30 @@ init_config();
 var import_cli_table3 = __toESM(require_cli_table3(), 1);
 init_constants();
 
+// src/core/confirm.ts
+init_errors();
+function resolveExecutionMode(options) {
+  if (options.dryRun && options.execute) {
+    throw conflictingFlagsError("--dry-run", "--execute");
+  }
+  if (options.dryRun) return "dry-run";
+  if (options.execute) return "execute";
+  return "unsigned-tx";
+}
+function printDryRunBanner() {
+  console.error(source_default.yellow.bold("\n[DRY RUN] No transaction will be generated\n"));
+}
+function printPrivySignBanner() {
+  console.error(
+    source_default.green.bold(
+      "\n[PRIVY SIGN] Signing and broadcasting via Privy wallet\n"
+    )
+  );
+}
+
+// src/cli/output/formatters.ts
+init_errors();
+
 // src/core/amounts.ts
 function uiToRaw(uiAmount, decimals) {
   const parts = uiAmount.split(".");
@@ -84816,6 +84992,18 @@ function outputJson(data, startTime) {
 function outputErrorJson(error) {
   console.log(JSON.stringify({ success: false, error }, null, 2));
 }
+function safeResolveExecutionMode(options, format) {
+  try {
+    return resolveExecutionMode(options);
+  } catch (e) {
+    if (e instanceof ByrealError) {
+      if (format === "json") outputErrorJson(e.toJSON());
+      else outputErrorTable(e.toJSON());
+      process.exit(1);
+    }
+    throw e;
+  }
+}
 function createTable(headers) {
   return new import_cli_table3.default({
     head: headers.map((h) => source_default.cyan.bold(h)),
@@ -85051,6 +85239,12 @@ function outputConfigList(config3) {
     ["defaults.priority_fee_micro_lamports", String(config3.defaults.priority_fee_micro_lamports)],
     ["defaults.slippage_bps", String(config3.defaults.slippage_bps)]
   );
+  if (config3.privy_proxy_url) {
+    table.push(["privy_proxy_url", config3.privy_proxy_url]);
+  }
+  if (config3.privy_api_base_path) {
+    table.push(["privy_api_base_path", config3.privy_api_base_path]);
+  }
   console.log(table.toString());
 }
 function outputConfigValue(key, value) {
@@ -85547,6 +85741,31 @@ function outputRewardOrderResult(result) {
     console.log();
   }
 }
+function outputTransactionResult(signature) {
+  console.log(source_default.green("\n  Transaction submitted (not yet finalized)"));
+  console.log(source_default.gray(`    Signature: ${signature}`));
+  console.log(source_default.blue(`    https://solscan.io/tx/${signature}
+`));
+}
+function outputMultiBroadcastResult(result) {
+  const total = result.results.length;
+  const headline = result.failCount === 0 ? source_default.green(`
+  ${total} transactions submitted (not yet finalized)`) : source_default.yellow(
+    `
+  ${result.successCount}/${total} transactions submitted (${result.failCount} failed at submission)`
+  );
+  console.log(headline);
+  for (const r of result.results) {
+    const idx = `[${r.index + 1}/${total}]`;
+    if (r.signature) {
+      console.log(source_default.gray(`    ${idx} ${r.signature}`));
+      console.log(source_default.blue(`    ${idx} https://solscan.io/tx/${r.signature}`));
+    } else {
+      console.log(source_default.red(`    ${idx} failed: ${r.error ?? "unknown error"}`));
+    }
+  }
+  console.log();
+}
 
 // src/cli/commands/pools.ts
 async function listPools2(options, globalOptions) {
@@ -86104,12 +86323,38 @@ byreal-cli catalog show dex.pool.list
 | -v, --version | Show version |
 | -h, --help | Show help |
 
+## Three Execution Modes (write commands)
+
+Every write command (\`swap execute\`, \`positions open/close/increase/decrease/claim/claim-rewards/claim-bonus/copy\`, all plugin write commands like \`jup swap\` / \`dflow swap\` / \`titan swap\` / \`kamino deposit/withdraw\` / \`rent reclaim\` / \`sweep execute\`) supports three modes:
+
+| Mode | Flag | What it does | Output |
+|------|------|--------------|--------|
+| **unsigned-tx** (default) | (none) | Emit base64 unsigned transaction(s) so an external signer can take over | \`{ unsignedTransactions: [...] }\` (identical to the pre-Privy CLI) |
+| **execute** | \`--execute\` | Sign + broadcast on-chain via Privy proxy | \`{ signature: "<txid>", explorer: "https://solscan.io/tx/<txid>" }\` (single tx) or \`{ results: [{index, signature?, error?}], successCount, failCount }\` (multi-tx) |
+| **dry-run** | \`--dry-run\` | Preview only \u2014 no transaction generated, no signing | Preview JSON / table |
+
+\`--dry-run\` and \`--execute\` are mutually exclusive (CLI errors on both).
+
+**Backward-compatible default**: every write command still emits unsigned transactions by default. To sign + broadcast through the Byreal Privy proxy, add \`--execute\` explicitly.
+
+### Privy Configuration
+
+\`--execute\` requires a Privy agent token + proxy URL. Sources (highest precedence first):
+
+1. Env vars: \`AGENT_TOKEN\`, \`PRIVY_PROXY_URL\`, \`PRIVY_API_BASE_PATH\`
+2. \`~/.openclaw/realclaw-config.json\` \u2014 \`{ baseUrl, apiBasePath?, wallets: [{ address, token, type: "solana" | "evm" }] }\`. The CLI picks the wallet whose \`address\` matches \`--wallet-address\` and whose \`type === "solana"\`.
+3. Legacy: \`~/.openclaw/agent_token\` (single-token file) plus \`~/.config/byreal/config.json#privy_proxy_url\` (or \`byreal-cli config set privy_proxy_url <url>\`).
+
+If Privy is not configured, \`--execute\` fails with \`PRIVY_NOT_CONFIGURED\` and includes actionable suggestions (configure realclaw / configure legacy / drop \`--execute\` to keep the default unsigned output). The CLI never silently degrades.
+
+If \`--wallet-address\` does not match any \`type=solana\` entry in \`realclaw-config.json\`, the CLI fails with \`PRIVY_WALLET_NOT_FOUND\` (rather than fall back to a different wallet's token).
+
 ## Hard Constraints (Do NOT violate)
 
 1. **\`-o json\` only for parsing** \u2014 when you need to extract values for the next command. When the user wants to **see** results, omit it \u2014 the CLI has built-in tables, K-line charts, and formatted analysis. Never fetch JSON then re-draw them yourself.
 2. **Never truncate on-chain data** \u2014 always display the FULL string for: transaction signatures, mint addresses, pool addresses, NFT addresses, wallet addresses. Never use \`xxx...yyy\`.
-3. **Never request or display private keys** \u2014 the CLI does not handle private keys. All write commands output unsigned transactions.
-4. **\`--wallet-address\` required for all write commands** \u2014 the user must provide their Solana wallet public key. No local wallet setup or keypair storage. Preview with \`--dry-run\` first, remove \`--dry-run\` to generate the unsigned transaction.
+3. **Never request or display private keys** \u2014 the CLI does not store private keys locally. Signing is performed by the Privy proxy via the agent token; private keys live in Privy.
+4. **\`--wallet-address\` required for all write commands** \u2014 the user must provide their Solana wallet public key. Default mode emits an unsigned transaction (back-compat); add \`--execute\` to sign + broadcast via Privy, or \`--dry-run\` to preview.
 5. **Large amounts (> $10,000)**: Require explicit user confirmation
 6. **High slippage (> 200 bps)**: Warn user before proceeding
 7. **Token amounts use UI format** \u2014 \`--amount 0.1\` means 0.1 tokens, not lamports. The CLI auto-resolves decimals from mint address. Never convert manually. Use \`--raw\` only for raw units.
@@ -86136,7 +86381,8 @@ Present on-chain data first, then external context, then synthesize how external
 | List tokens | \`byreal-cli tokens list\` |
 | Global stats | \`byreal-cli overview\` |
 | Swap preview | \`byreal-cli swap execute --input-mint <mint> --output-mint <mint> --amount <amount> --dry-run\` |
-| Swap execute | \`byreal-cli swap execute --input-mint <mint> --output-mint <mint> --amount <amount> --wallet-address <addr>\` |
+| Swap (unsigned) | \`byreal-cli swap execute --input-mint <mint> --output-mint <mint> --amount <amount> --wallet-address <addr>\` |
+| Swap (sign + broadcast) | \`byreal-cli swap execute --input-mint <mint> --output-mint <mint> --amount <amount> --wallet-address <addr> --execute\` |
 | List positions | \`byreal-cli positions list\` |
 | Open position (USD) | \`byreal-cli positions open --pool <addr> --price-lower <p> --price-upper <p> --amount-usd <usd> --wallet-address <addr>\` |
 | Open position (token) | \`byreal-cli positions open --pool <addr> --price-lower <p> --price-upper <p> --base <token> --amount <amount> --wallet-address <addr>\` |
@@ -86194,13 +86440,23 @@ For detailed parameter info on any command, run: \`byreal-cli catalog show <capa
 - **Incentive rewards** \u2192 \`positions claim-rewards\` (team-added pool incentives)
 - **Copy bonus** \u2192 \`positions claim-bonus\` (referral rewards from copy trading)
 
-### Claim Rewards / Bonus: 3-Step Flow
-\`claim-rewards\` and \`claim-bonus\` require a multi-step flow (backend co-signs):
-1. **Preview**: \`positions claim-rewards --dry-run --wallet-address <addr> -o json\`
-2. **Generate unsigned tx**: \`positions claim-rewards --wallet-address <addr> -o json\` \u2192 returns \`orderCode\` + \`unsignedTransactions\` (each with \`txPayload\`, \`txCode\`)
-3. **Submit signed tx**: After wallet signs each \`txPayload\`, call \`positions submit-rewards --order-code "ORD_xxx" --signed-payloads '[{"txCode":"TX_xxx","poolAddress":"...","signedTx":"<base64>"}]' --wallet-address <addr>\`
+### Claim Rewards / Bonus: One-Shot Atomic Command (with --execute)
+
+When \`--execute\` is set, \`claim-rewards\` and \`claim-bonus\` are atomic. The CLI internally does encode \u2192 Privy sign \u2192 backend submit, returns the final order result. **Do not chain skills or call \`submit-rewards\` manually when running with \`--execute\`.**
+
+\`\`\`
+byreal-cli positions claim-rewards --wallet-address <addr> --execute -o json
+# \u2192 { orderCode, txList: [...], claimTokenList: [...] }
+\`\`\`
+
+\`txList\` contains the on-chain signatures the backend broadcast. \`claimTokenList\` shows which tokens were claimed.
+
+**Default multi-step flow** (no \`--execute\` flag \u2014 back-compat for external signers):
+1. \`positions claim-rewards --wallet-address <addr> -o json\` \u2192 returns \`{ orderCode, unsignedTransactions: [{ poolAddress, txPayload, txCode, tokens }] }\`
+2. External signer signs each \`txPayload\`
+3. \`positions submit-rewards --order-code <orderCode> --signed-payloads '[{"txCode":"...","poolAddress":"...","signedTx":"<base64>"}]' --wallet-address <addr>\`
 
-**Critical**: Do NOT skip Step 3 \u2014 without \`submit-rewards\`, signed transactions are never broadcast. The \`orderCode\` ties steps together. For \`claim-bonus\`: same flow, replace \`claim-rewards\` with \`claim-bonus\` in Step 1-2.
+The multi-step flow is the default for backward compatibility; if Privy is configured, prefer \`--execute\` for the one-shot atomic command.
 
 ### Copy Bonus Epochs
 - **Accruing**: Current epoch, bonus accumulating
@@ -86211,7 +86467,7 @@ For detailed parameter info on any command, run: \`byreal-cli catalog show <capa
 \`positions open --dry-run\` and \`positions increase --dry-run\` automatically check wallet balance. If insufficient, response includes \`balanceWarnings\` (deficit) and \`walletBalances\` (all available tokens) \u2014 no need to run \`wallet balance\` separately.
 
 ### Config Keys
-Supported keys for \`config get/set\`: rpc_url, cluster, defaults.slippage_bps, defaults.priority_fee_micro_lamports
+Supported keys for \`config get/set\`: rpc_url, cluster, defaults.slippage_bps, defaults.priority_fee_micro_lamports, privy_proxy_url, privy_api_base_path
 
 ## Workflow: Finding Investment Opportunities
 
@@ -86229,7 +86485,7 @@ When the user asks about investment opportunities, potential pools, or yield far
    - USD budget: \`positions open --pool <id> --price-lower <p> --price-upper <p> --amount-usd <usd> --dry-run -o json\`
    - Token amount: \`positions open --pool <id> --price-lower <p> --price-upper <p> --base MintA --amount <amt> --dry-run -o json\`
 4. **If insufficient balance**: dry-run response includes \`balanceWarnings\` (deficit) + \`walletBalances\` (all tokens). Pick a swap source from ANY token in the wallet (prefer highest USD balance, stablecoins/SOL for lower slippage), swap to cover the deficit. **Wait 3-5 seconds** after swap before re-running dry-run (RPC propagation delay).
-5. **Execute**: remove \`--dry-run\`, add \`--wallet-address <addr>\` to generate the unsigned transaction
+5. **Run for real**: drop \`--dry-run\` (keep \`--wallet-address <addr>\`). The default emits an unsigned base64 transaction \`{ unsignedTransactions: [...] }\` for an external signer (back-compat). Add \`--execute\` to sign + broadcast via Privy directly \u2192 \`{ signature, explorer }\`.
 
 ## Workflow: Increase/Decrease Liquidity
 
@@ -86239,12 +86495,12 @@ When user wants to add more liquidity to an existing position or partially withd
 1. \`byreal-cli positions list -o json\` \u2014 find the position's NFT mint address
 2. \`byreal-cli positions increase --nft-mint <nft-mint> --amount-usd <usd> --dry-run -o json\` \u2014 preview (includes balance check)
 3. If insufficient balance \u2192 swap to get required tokens (see "Insufficient Balance" workflow)
-4. \`byreal-cli positions increase --nft-mint <nft-mint> --amount-usd <usd> --wallet-address <addr> -o json\` \u2014 generate unsigned transaction
+4. \`byreal-cli positions increase --nft-mint <nft-mint> --amount-usd <usd> --wallet-address <addr> -o json\` \u2014 emit unsigned tx (default). Add \`--execute\` to sign + broadcast via Privy.
 
 **Decrease liquidity** (partial withdrawal):
 1. \`byreal-cli positions list -o json\` \u2014 find the position's NFT mint address
 2. \`byreal-cli positions decrease --nft-mint <nft-mint> --percentage 50 --dry-run -o json\` \u2014 preview how much you'll receive
-3. \`byreal-cli positions decrease --nft-mint <nft-mint> --percentage 50 --wallet-address <addr> -o json\` \u2014 generate unsigned transaction
+3. \`byreal-cli positions decrease --nft-mint <nft-mint> --percentage 50 --wallet-address <addr> -o json\` \u2014 emit unsigned tx (default). Add \`--execute\` to sign + broadcast via Privy.
 
 **Key distinction**: Use \`decrease\` to partially withdraw while keeping the position open. Use \`close\` to fully exit and burn the NFT.
 
@@ -86290,14 +86546,15 @@ When user asks vague questions like "\u6709\u4EC0\u4E48\u4ED3\u4F4D\u53EF\u4EE5
 
 Default to \`byreal-cli swap execute\`. Fall back to \`jup swap\` / \`dflow swap\` only if Byreal returns no route, or the user names an aggregator explicitly.
 
-## Workflow: Jupiter / DFlow Swap
+## Workflow: Jupiter / Titan / DFlow Swap
 
 \`\`\`
-byreal-cli jup swap   --input-mint <mint> --output-mint <mint> --amount <amt> [--dry-run] --wallet-address <addr>
-byreal-cli dflow swap --input-mint <mint> --output-mint <mint> --amount <amt> [--dry-run] --wallet-address <addr>
+byreal-cli jup swap   --input-mint <mint> --output-mint <mint> --amount <amt> [--dry-run|--execute] --wallet-address <addr>
+byreal-cli titan swap --input-mint <mint> --output-mint <mint> --amount <amt> [--dry-run|--execute] --wallet-address <addr>
+byreal-cli dflow swap --input-mint <mint> --output-mint <mint> --amount <amt> [--dry-run|--execute] --wallet-address <addr>
 \`\`\`
 
-Output: \`{ unsignedTransactions: [base64] }\`. DFlow optionally reads \`DFLOW_API_KEY\`.
+Default (no flag) emits \`{ unsignedTransactions: [base64] }\` for back-compat. \`--execute\` signs + broadcasts via Privy \u2192 output \`{ signature, explorer }\`. DFlow optionally reads \`DFLOW_API_KEY\`. Titan reads \`TITAN_AUTH_TOKEN\` if proxy unreachable.
 
 ## Workflow: Idle Yield with Kamino
 
@@ -86410,17 +86667,311 @@ async function resolveDecimals(mint) {
   return decimals;
 }
 
-// src/core/confirm.ts
-function resolveExecutionMode(options) {
-  if (options.dryRun) return "dry-run";
-  return "execute";
+// src/plugins/jupiter/commands.ts
+init_errors();
+
+// src/privy/config.ts
+var fs2 = __toESM(require("node:fs"), 1);
+init_constants();
+init_config();
+init_security();
+function loadRealclawConfig() {
+  const path3 = expandTilde(REALCLAW_CONFIG_PATH);
+  if (!fs2.existsSync(path3)) return null;
+  try {
+    const content = fs2.readFileSync(path3, "utf-8");
+    const parsed = JSON.parse(content);
+    if (!parsed || typeof parsed !== "object") return null;
+    const out = {};
+    const obj = parsed;
+    if (typeof obj.baseUrl === "string" && obj.baseUrl) out.baseUrl = obj.baseUrl;
+    if (typeof obj.apiBasePath === "string" && obj.apiBasePath)
+      out.apiBasePath = obj.apiBasePath;
+    if (Array.isArray(obj.wallets)) {
+      const wallets = [];
+      for (const raw of obj.wallets) {
+        if (!raw || typeof raw !== "object") continue;
+        const w = raw;
+        if (typeof w.address === "string" && typeof w.token === "string" && (w.type === "solana" || w.type === "evm")) {
+          wallets.push({
+            address: w.address,
+            token: w.token,
+            type: w.type
+          });
+        }
+      }
+      if (wallets.length > 0) out.wallets = wallets;
+    }
+    return out;
+  } catch {
+    return null;
+  }
 }
-function printDryRunBanner() {
-  console.log(source_default.yellow.bold("\n[DRY RUN] No transaction will be generated\n"));
+function loadSkillAgentTokenConfig() {
+  const path3 = expandTilde(SKILL_AGENT_TOKEN_CONFIG_PATH);
+  if (!fs2.existsSync(path3)) return null;
+  try {
+    const content = fs2.readFileSync(path3, "utf-8");
+    const parsed = JSON.parse(content);
+    if (!parsed || typeof parsed !== "object") return null;
+    const obj = parsed;
+    const out = {};
+    if (typeof obj.baseUrl === "string" && obj.baseUrl) out.baseUrl = obj.baseUrl;
+    if (typeof obj.apiBasePath === "string" && obj.apiBasePath)
+      out.apiBasePath = obj.apiBasePath;
+    return out;
+  } catch {
+    return null;
+  }
+}
+function loadAgentToken(walletAddress) {
+  const envToken = AGENT_TOKEN_ENV?.trim();
+  if (envToken) return envToken;
+  const realclaw = loadRealclawConfig();
+  if (realclaw?.wallets && realclaw.wallets.length > 0) {
+    const solWallets = realclaw.wallets.filter((w) => w.type === "solana");
+    if (solWallets.length > 0) {
+      if (walletAddress) {
+        const match = solWallets.find((w) => w.address === walletAddress);
+        if (match) return match.token;
+        return null;
+      }
+      return solWallets[0].token;
+    }
+  }
+  try {
+    const path3 = expandTilde(LEGACY_AGENT_TOKEN_PATH);
+    if (fs2.existsSync(path3)) {
+      const content = fs2.readFileSync(path3, "utf-8").trim();
+      if (content.length > 0) return content;
+    }
+  } catch {
+  }
+  return null;
+}
+function loadPrivyConfig() {
+  let proxyUrl;
+  let apiBasePath;
+  if (PRIVY_PROXY_URL_ENV) proxyUrl = PRIVY_PROXY_URL_ENV;
+  if (PRIVY_API_BASE_PATH_ENV) apiBasePath = PRIVY_API_BASE_PATH_ENV;
+  if (!proxyUrl || !apiBasePath) {
+    const realclaw = loadRealclawConfig();
+    if (realclaw) {
+      if (!proxyUrl && realclaw.baseUrl) proxyUrl = realclaw.baseUrl;
+      if (!apiBasePath && realclaw.apiBasePath) apiBasePath = realclaw.apiBasePath;
+    }
+  }
+  if (!proxyUrl || !apiBasePath) {
+    const skill = loadSkillAgentTokenConfig();
+    if (skill) {
+      if (!proxyUrl && skill.baseUrl) proxyUrl = skill.baseUrl;
+      if (!apiBasePath && skill.apiBasePath) apiBasePath = skill.apiBasePath;
+    }
+  }
+  if (!proxyUrl || !apiBasePath) {
+    const cfgResult = loadConfig();
+    if (cfgResult.ok) {
+      const cfg = cfgResult.value;
+      if (!proxyUrl && cfg.privy_proxy_url) proxyUrl = cfg.privy_proxy_url;
+      if (!apiBasePath && cfg.privy_api_base_path)
+        apiBasePath = cfg.privy_api_base_path;
+    }
+  }
+  if (!proxyUrl) return null;
+  return {
+    proxyUrl: proxyUrl.replace(/\/+$/, ""),
+    apiBasePath: (apiBasePath || PRIVY_API_BASE_PATH_DEFAULT).replace(/\/+$/, "")
+  };
 }
 
-// src/plugins/jupiter/commands.ts
+// src/privy/client.ts
+init_constants();
+init_types();
 init_errors();
+
+// src/privy/types.ts
+function isBgwEnvelope(env2) {
+  return env2 !== null && typeof env2 === "object" && "result" in env2 && typeof env2.result === "object";
+}
+function unwrapEnvelope(env2) {
+  if (isBgwEnvelope(env2)) return env2.result;
+  return env2;
+}
+
+// src/privy/client.ts
+var SIGN_PATH = "/sign/solana-transaction";
+var SIGN_TIMEOUT_MS = DEFAULTS.REQUEST_TIMEOUT_MS;
+async function privyPost(token, config3, path3, body) {
+  const url = `${config3.proxyUrl}${config3.apiBasePath}${path3}`;
+  if (process.env.DEBUG) {
+    console.error(`[DEBUG] Privy POST ${url}`);
+  }
+  let res;
+  try {
+    res = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${token}`,
+        "User-Agent": "byreal-cli"
+      },
+      body: JSON.stringify(body),
+      signal: AbortSignal.timeout(SIGN_TIMEOUT_MS)
+    });
+  } catch (e) {
+    if (e instanceof DOMException && e.name === "TimeoutError") {
+      return err(privyTimeoutError(SIGN_TIMEOUT_MS));
+    }
+    const msg = e?.message ?? "Network error";
+    return err(privyUpstreamError(msg, true));
+  }
+  if (res.status === 401 || res.status === 403) {
+    const text = await res.text().catch(() => "");
+    return err(privyAuthError(text || `HTTP ${res.status}`));
+  }
+  if (res.status === 422) {
+    const text = await res.text().catch(() => "");
+    return err(privyBadRequestError(text || `HTTP ${res.status}`));
+  }
+  if (res.status === 429) {
+    return err(privyRateLimitedError());
+  }
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    return err(privyUpstreamError(`HTTP ${res.status}: ${text}`, res.status >= 500));
+  }
+  let raw;
+  try {
+    raw = await res.json();
+  } catch {
+    return err(privyUpstreamError("Invalid JSON response from Privy proxy"));
+  }
+  const envelope = unwrapEnvelope(raw);
+  if (process.env.DEBUG) {
+    console.error(
+      `[DEBUG] Privy response: success=${envelope.success} retCode=${envelope.retCode} retMsg=${envelope.retMsg ?? ""}`
+    );
+  }
+  if (envelope.retCode !== 0 || envelope.success === false) {
+    const retMsg = envelope.retMsg ?? "";
+    return err(privyBusinessError(envelope.retCode, retMsg));
+  }
+  if (envelope.data === null || envelope.data === void 0) {
+    return err(privyUpstreamError("Empty data in Privy proxy response"));
+  }
+  return ok(envelope.data);
+}
+async function signTransaction(token, config3, unsignedTx) {
+  const body = {
+    transaction: unsignedTx,
+    broadcast: false,
+    strategyId: PRIVY_STRATEGY_ID,
+    strategyName: PRIVY_STRATEGY_NAME
+  };
+  const result = await privyPost(
+    token,
+    config3,
+    SIGN_PATH,
+    body
+  );
+  if (!result.ok) return result;
+  const nested = result.value.data?.signed_transaction;
+  if (nested) return ok(nested);
+  const flat = result.value.signedTransaction;
+  if (flat) return ok(flat);
+  return err(privyUpstreamError("No signed_transaction in Privy response"));
+}
+async function signAndBroadcast(token, config3, unsignedTx, caip2) {
+  const body = {
+    transaction: unsignedTx,
+    broadcast: true,
+    caip2,
+    strategyId: PRIVY_STRATEGY_ID,
+    strategyName: PRIVY_STRATEGY_NAME
+  };
+  const result = await privyPost(
+    token,
+    config3,
+    SIGN_PATH,
+    body
+  );
+  if (!result.ok) return result;
+  if (!result.value.hash) {
+    return err(privyUpstreamError("No transaction hash in Privy broadcast response"));
+  }
+  return ok(result.value.hash);
+}
+
+// src/privy/execute.ts
+init_constants();
+init_types();
+init_errors();
+function getPrivyContext(walletAddress) {
+  const config3 = loadPrivyConfig();
+  if (!config3) return null;
+  const token = loadAgentToken(walletAddress);
+  if (!token) {
+    if (walletAddress) {
+      const realclaw = loadRealclawConfig();
+      const hasSolWallets = realclaw?.wallets?.some((w) => w.type === "solana") ?? false;
+      if (hasSolWallets) {
+        throw privyWalletNotFoundError(walletAddress);
+      }
+    }
+    return null;
+  }
+  return { token, config: config3, caip2: SOLANA_MAINNET_CAIP2 };
+}
+function requirePrivyContext(walletAddress) {
+  const ctx = getPrivyContext(walletAddress);
+  if (!ctx) throw privyNotConfiguredError();
+  return ctx;
+}
+async function privyBroadcastOne(ctx, unsignedTx) {
+  if (process.env.DEBUG) {
+    console.error(source_default.gray("[DEBUG] Privy: signing + broadcasting transaction..."));
+  }
+  const r = await signAndBroadcast(ctx.token, ctx.config, unsignedTx, ctx.caip2);
+  if (!r.ok) return r;
+  return ok({ signature: r.value });
+}
+async function privyBroadcastMany(ctx, unsignedTxs) {
+  const results = [];
+  let successCount = 0;
+  let failCount = 0;
+  for (let i = 0; i < unsignedTxs.length; i++) {
+    if (process.env.DEBUG) {
+      console.error(
+        source_default.gray(`[DEBUG] Privy: broadcasting tx ${i + 1}/${unsignedTxs.length}...`)
+      );
+    }
+    const r = await signAndBroadcast(ctx.token, ctx.config, unsignedTxs[i], ctx.caip2);
+    if (r.ok) {
+      results.push({ index: i, signature: r.value });
+      successCount++;
+    } else {
+      results.push({ index: i, error: r.error.message });
+      failCount++;
+    }
+  }
+  return ok({ results, successCount, failCount });
+}
+async function privySignMany(ctx, unsignedTxs) {
+  const signedTxs = [];
+  for (let i = 0; i < unsignedTxs.length; i++) {
+    if (process.env.DEBUG) {
+      console.error(
+        source_default.gray(`[DEBUG] Privy: signing tx ${i + 1}/${unsignedTxs.length} (no broadcast)...`)
+      );
+    }
+    const r = await signTransaction(ctx.token, ctx.config, unsignedTxs[i]);
+    if (!r.ok) return r;
+    signedTxs.push({ index: i, signedTx: r.value });
+  }
+  return ok({ signedTxs });
+}
+
+// src/plugins/jupiter/commands.ts
 init_constants();
 
 // src/plugins/jupiter/api.ts
@@ -86765,11 +87316,11 @@ function fallbackHint(route) {
   return null;
 }
 function createJupSwapCommand() {
-  return new Command("swap").description("Swap tokens via Jupiter aggregator").requiredOption("--input-mint <address>", "Input token mint address").requiredOption("--output-mint <address>", "Output token mint address").requiredOption("--amount <amount>", "Amount to swap (UI amount, decimals auto-resolved)").option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview the swap without generating a transaction").action(async (options, cmdObj) => {
+  return new Command("swap").description("Swap tokens via Jupiter aggregator").requiredOption("--input-mint <address>", "Input token mint address").requiredOption("--output-mint <address>", "Output token mint address").requiredOption("--amount <amount>", "Amount to swap (UI amount, decimals auto-resolved)").option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview the swap without generating a transaction").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const e = missingWalletAddressError();
@@ -86831,7 +87382,7 @@ Error: ${msg}`));
           console.log(table.toString());
           const hint = fallbackHint(getLastRoute());
           if (hint) console.error(source_default.gray(`[byreal] ${hint}`));
-          console.log(source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction"));
+          console.log(source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy."));
         }
         return;
       }
@@ -86844,8 +87395,31 @@ Error: ${msg}`));
         format === "json" ? outputErrorJson(swapResult.error) : outputErrorTable(swapResult.error);
         process.exit(1);
       }
-      console.log(JSON.stringify({ unsignedTransactions: [swapResult.value.swapTransaction] }));
+      const base64 = swapResult.value.swapTransaction;
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, base64);
+      if (!broadcast.ok) {
+        format === "json" ? outputErrorJson(broadcast.error.toJSON()) : outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson({
+          signature: broadcast.value.signature,
+          explorer: `https://solscan.io/tx/${broadcast.value.signature}`
+        }, startTime);
+      } else {
+        outputTransactionResult(broadcast.value.signature);
+      }
     } catch (e) {
+      if (e instanceof ByrealError) {
+        format === "json" ? outputErrorJson(e.toJSON()) : outputErrorTable(e.toJSON());
+        process.exit(1);
+      }
       const message = e.message || "Jupiter swap failed";
       format === "json" ? outputErrorJson({ code: "API_ERROR", type: "NETWORK", message, retryable: true }) : console.error(source_default.red(`
 Error: ${message}`));
@@ -87196,11 +87770,11 @@ Error: ${msg}`));
   return walletAddress;
 }
 function createKaminoDepositCommand() {
-  return new Command("deposit").description("Deposit tokens to Kamino Lend").requiredOption("--amount <amount>", "Amount to deposit (UI amount, e.g. 2.0)").option("--mint <address>", "Token mint address", USDC_MINT).option("--reserve <address>", "Reserve address (auto-resolved from mint if omitted)").option("--market <address>", "Market address", KAMINO_MAIN_MARKET).option("--dry-run", "Preview without generating a transaction").action(async (options, cmdObj) => {
+  return new Command("deposit").description("Deposit tokens to Kamino Lend").requiredOption("--amount <amount>", "Amount to deposit (UI amount, e.g. 2.0)").option("--mint <address>", "Token mint address", USDC_MINT).option("--reserve <address>", "Reserve address (auto-resolved from mint if omitted)").option("--market <address>", "Market address", KAMINO_MAIN_MARKET).option("--dry-run", "Preview without generating a transaction").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = validateWallet(globalOptions.walletAddress, format);
     try {
       const reserve = options.reserve ?? resolveReserve(options.mint, options.market);
@@ -87226,7 +87800,7 @@ function createKaminoDepositCommand() {
           );
           console.log(source_default.cyan.bold("\n  Kamino Deposit Preview\n"));
           console.log(table.toString());
-          console.log(source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction"));
+          console.log(source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy."));
         }
         return;
       }
@@ -87240,8 +87814,31 @@ function createKaminoDepositCommand() {
         format === "json" ? outputErrorJson(result.error) : outputErrorTable(result.error);
         process.exit(1);
       }
-      console.log(JSON.stringify({ unsignedTransactions: [result.value.transaction] }));
+      const base64 = result.value.transaction;
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, base64);
+      if (!broadcast.ok) {
+        format === "json" ? outputErrorJson(broadcast.error.toJSON()) : outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson({
+          signature: broadcast.value.signature,
+          explorer: `https://solscan.io/tx/${broadcast.value.signature}`
+        }, startTime);
+      } else {
+        outputTransactionResult(broadcast.value.signature);
+      }
     } catch (e) {
+      if (e instanceof ByrealError) {
+        format === "json" ? outputErrorJson(e.toJSON()) : outputErrorTable(e.toJSON());
+        process.exit(1);
+      }
       const message = e.message || "Kamino deposit failed";
       format === "json" ? outputErrorJson({ code: "API_ERROR", type: "NETWORK", message, retryable: true }) : console.error(source_default.red(`
 Error: ${message}`));
@@ -87250,11 +87847,11 @@ Error: ${message}`));
   });
 }
 function createKaminoWithdrawCommand() {
-  return new Command("withdraw").description("Withdraw tokens from Kamino Lend").requiredOption("--amount <amount>", "Amount to withdraw (UI amount, e.g. 2.0)").option("--mint <address>", "Token mint address", USDC_MINT).option("--reserve <address>", "Reserve address (auto-resolved from mint if omitted)").option("--market <address>", "Market address", KAMINO_MAIN_MARKET).option("--dry-run", "Preview without generating a transaction").action(async (options, cmdObj) => {
+  return new Command("withdraw").description("Withdraw tokens from Kamino Lend").requiredOption("--amount <amount>", "Amount to withdraw (UI amount, e.g. 2.0)").option("--mint <address>", "Token mint address", USDC_MINT).option("--reserve <address>", "Reserve address (auto-resolved from mint if omitted)").option("--market <address>", "Market address", KAMINO_MAIN_MARKET).option("--dry-run", "Preview without generating a transaction").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = validateWallet(globalOptions.walletAddress, format);
     try {
       const reserve = options.reserve ?? resolveReserve(options.mint, options.market);
@@ -87280,7 +87877,7 @@ function createKaminoWithdrawCommand() {
           );
           console.log(source_default.cyan.bold("\n  Kamino Withdraw Preview\n"));
           console.log(table.toString());
-          console.log(source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction"));
+          console.log(source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy."));
         }
         return;
       }
@@ -87294,8 +87891,31 @@ function createKaminoWithdrawCommand() {
         format === "json" ? outputErrorJson(result.error) : outputErrorTable(result.error);
         process.exit(1);
       }
-      console.log(JSON.stringify({ unsignedTransactions: [result.value.transaction] }));
+      const base64 = result.value.transaction;
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, base64);
+      if (!broadcast.ok) {
+        format === "json" ? outputErrorJson(broadcast.error.toJSON()) : outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson({
+          signature: broadcast.value.signature,
+          explorer: `https://solscan.io/tx/${broadcast.value.signature}`
+        }, startTime);
+      } else {
+        outputTransactionResult(broadcast.value.signature);
+      }
     } catch (e) {
+      if (e instanceof ByrealError) {
+        format === "json" ? outputErrorJson(e.toJSON()) : outputErrorTable(e.toJSON());
+        process.exit(1);
+      }
       const message = e.message || "Kamino withdraw failed";
       format === "json" ? outputErrorJson({ code: "API_ERROR", type: "NETWORK", message, retryable: true }) : console.error(source_default.red(`
 Error: ${message}`));
@@ -87606,11 +88226,11 @@ async function findEmptyAccounts(connection, owner, programId, exceptions) {
 
 // src/plugins/rent/commands.ts
 function createRentReclaimCommand() {
-  return new Command("reclaim").description("Close empty token accounts to reclaim SOL rent").option("--dry-run", "Scan and report without generating transactions").option("--include-token2022", "Also close empty Token-2022 accounts").option("--exclude <mints>", "Comma-separated mint addresses to never close").action(async (options, cmdObj) => {
+  return new Command("reclaim").description("Close empty token accounts to reclaim SOL rent").option("--dry-run", "Scan and report without generating transactions").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").option("--include-token2022", "Also close empty Token-2022 accounts").option("--exclude <mints>", "Comma-separated mint addresses to never close").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const e = missingWalletAddressError();
@@ -87669,13 +88289,33 @@ Error: ${msg}`));
             acctTable.push([a.pubkey, a.mint, progLabel]);
           }
           console.log(acctTable.toString());
-          console.log(source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction(s)"));
+          console.log(source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy."));
         }
         return;
       }
       const txs = await buildCloseTransactions(walletAddress, scan.emptyAccounts);
-      console.log(JSON.stringify({ unsignedTransactions: txs }));
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: txs }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastMany(ctx, txs);
+      if (!broadcast.ok) {
+        format === "json" ? outputErrorJson(broadcast.error.toJSON()) : outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson(broadcast.value, startTime);
+      } else {
+        outputMultiBroadcastResult(broadcast.value);
+      }
+      if (broadcast.value.failCount > 0) process.exit(1);
     } catch (e) {
+      if (e instanceof ByrealError) {
+        format === "json" ? outputErrorJson(e.toJSON()) : outputErrorTable(e.toJSON());
+        process.exit(1);
+      }
       const message = e.message || "Rent reclaim failed";
       format === "json" ? outputErrorJson({ code: "RPC_ERROR", type: "SYSTEM", message, retryable: true }) : console.error(source_default.red(`
 Error: ${message}`));
@@ -87848,11 +88488,11 @@ async function executeSweep(params) {
 
 // src/plugins/consolidate/commands.ts
 function createSweepExecuteCommand() {
-  return new Command("execute").description("Consolidate dust tokens into USDC (or SOL)").option("--target-mint <address>", "Target token to consolidate into", "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v").option("--max-value-usd <amount>", "Only sweep tokens below this USD value", "0.5").option("--exclude <mints>", "Comma-separated mint addresses to skip").option("--dry-run", "Preview consolidation plan without generating transactions").action(async (options, cmdObj) => {
+  return new Command("execute").description("Consolidate dust tokens into USDC (or SOL)").option("--target-mint <address>", "Target token to consolidate into", "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v").option("--max-value-usd <amount>", "Only sweep tokens below this USD value", "0.5").option("--exclude <mints>", "Comma-separated mint addresses to skip").option("--dry-run", "Preview consolidation plan without generating transactions").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const e = missingWalletAddressError();
@@ -87936,7 +88576,7 @@ Error: ${msg}`));
             ]);
           }
           console.log(tokenTable.toString());
-          console.log(source_default.yellow("\n  Remove --dry-run to generate the unsigned transactions"));
+          console.log(source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy."));
         }
         return;
       }
@@ -87961,12 +88601,36 @@ Error: ${msg}`));
         }
         return;
       }
-      console.log(JSON.stringify({
-        unsignedTransactions: swapTransactions,
-        swapCount: swapTransactions.length,
-        ...failures.length > 0 ? { failures } : {}
-      }));
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({
+          unsignedTransactions: swapTransactions,
+          swapCount: swapTransactions.length,
+          ...failures.length > 0 ? { failures } : {}
+        }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastMany(ctx, swapTransactions);
+      if (!broadcast.ok) {
+        format === "json" ? outputErrorJson(broadcast.error.toJSON()) : outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson({ ...broadcast.value, ...failures.length > 0 ? { failures } : {} }, startTime);
+      } else {
+        outputMultiBroadcastResult(broadcast.value);
+        if (failures.length > 0) {
+          console.log(source_default.gray(`  ${failures.length} token(s) skipped (failed to quote):`));
+          for (const f of failures) console.log(source_default.gray(`    ${f.mint}: ${f.reason}`));
+        }
+      }
+      if (broadcast.value.failCount > 0) process.exit(1);
     } catch (e) {
+      if (e instanceof ByrealError) {
+        format === "json" ? outputErrorJson(e.toJSON()) : outputErrorTable(e.toJSON());
+        process.exit(1);
+      }
       const message = e.message || "Token consolidation failed";
       format === "json" ? outputErrorJson({ code: "API_ERROR", type: "NETWORK", message, retryable: true }) : console.error(source_default.red(`
 Error: ${message}`));
@@ -88223,11 +88887,11 @@ function fallbackHint2(route) {
   return null;
 }
 function createTitanSwapCommand() {
-  return new Command("swap").description("Swap tokens via Titan Exchange aggregator").requiredOption("--input-mint <address>", "Input token mint address").requiredOption("--output-mint <address>", "Output token mint address").requiredOption("--amount <amount>", "Amount to swap (UI amount, decimals auto-resolved)").option("--swap-mode <mode>", "Swap mode: ExactIn or ExactOut", "ExactIn").option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview the swap without generating a transaction").action(async (options, cmdObj) => {
+  return new Command("swap").description("Swap tokens via Titan Exchange aggregator").requiredOption("--input-mint <address>", "Input token mint address").requiredOption("--output-mint <address>", "Output token mint address").requiredOption("--amount <amount>", "Amount to swap (UI amount, decimals auto-resolved)").option("--swap-mode <mode>", "Swap mode: ExactIn or ExactOut", "ExactIn").option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview the swap without generating a transaction").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const e = missingWalletAddressError();
@@ -88293,12 +88957,35 @@ Error: ${msg}`));
           console.log(table.toString());
           const hint = fallbackHint2(getLastRoute2());
           if (hint) console.error(source_default.gray(`[byreal] ${hint}`));
-          console.log(source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction"));
+          console.log(source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy."));
         }
         return;
       }
-      console.log(JSON.stringify({ unsignedTransactions: [quote.transaction] }));
+      const base64 = quote.transaction;
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, base64);
+      if (!broadcast.ok) {
+        format === "json" ? outputErrorJson(broadcast.error.toJSON()) : outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson({
+          signature: broadcast.value.signature,
+          explorer: `https://solscan.io/tx/${broadcast.value.signature}`
+        }, startTime);
+      } else {
+        outputTransactionResult(broadcast.value.signature);
+      }
     } catch (e) {
+      if (e instanceof ByrealError) {
+        format === "json" ? outputErrorJson(e.toJSON()) : outputErrorTable(e.toJSON());
+        process.exit(1);
+      }
       const message = e.message || "Titan swap failed";
       format === "json" ? outputErrorJson({ code: "API_ERROR", type: "NETWORK", message, retryable: true }) : console.error(source_default.red(`
 Error: ${message}`));
@@ -88473,11 +89160,11 @@ function fallbackHint3(route) {
   return null;
 }
 function createDFlowSwapCommand() {
-  return new Command("swap").description("Swap tokens via DFlow order-flow aggregator").requiredOption("--input-mint <address>", "Input token mint address").requiredOption("--output-mint <address>", "Output token mint address").requiredOption("--amount <amount>", "Amount to swap (UI amount, decimals auto-resolved)").option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview the swap without generating a transaction").action(async (options, cmdObj) => {
+  return new Command("swap").description("Swap tokens via DFlow order-flow aggregator").requiredOption("--input-mint <address>", "Input token mint address").requiredOption("--output-mint <address>", "Output token mint address").requiredOption("--amount <amount>", "Amount to swap (UI amount, decimals auto-resolved)").option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview the swap without generating a transaction").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const e = missingWalletAddressError();
@@ -88543,12 +89230,35 @@ Error: ${msg}`));
           console.log(table.toString());
           const hint = fallbackHint3(getLastRoute3());
           if (hint) console.error(source_default.gray(`[byreal] ${hint}`));
-          console.log(source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction"));
+          console.log(source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy."));
         }
         return;
       }
-      console.log(JSON.stringify({ unsignedTransactions: [quote.transaction] }));
+      const base64 = quote.transaction;
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, base64);
+      if (!broadcast.ok) {
+        format === "json" ? outputErrorJson(broadcast.error.toJSON()) : outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson({
+          signature: broadcast.value.signature,
+          explorer: `https://solscan.io/tx/${broadcast.value.signature}`
+        }, startTime);
+      } else {
+        outputTransactionResult(broadcast.value.signature);
+      }
     } catch (e) {
+      if (e instanceof ByrealError) {
+        format === "json" ? outputErrorJson(e.toJSON()) : outputErrorTable(e.toJSON());
+        process.exit(1);
+      }
       const message = e.message || "DFlow swap failed";
       format === "json" ? outputErrorJson({ code: "API_ERROR", type: "NETWORK", message, retryable: true }) : console.error(source_default.red(`
 Error: ${message}`));
@@ -89316,21 +90026,38 @@ async function resolveUiAmounts(quote) {
     uiOutAmount: rawToUi(quote.outAmount, outputDecimals)
   };
 }
+function emitError(format, error) {
+  if (error instanceof ByrealError) {
+    if (format === "json") {
+      outputErrorJson(error.toJSON());
+    } else {
+      outputErrorTable(error.toJSON());
+    }
+  } else {
+    const message = error?.message ?? "Unknown error";
+    if (format === "json") {
+      outputErrorJson({ code: "UNKNOWN_ERROR", type: "SYSTEM", message, retryable: false });
+    } else {
+      console.error(source_default.red(`
+Error: ${message}`));
+    }
+  }
+  process.exit(1);
+}
 function createSwapExecuteCommand() {
-  return new Command("execute").description("Preview or generate a swap transaction").requiredOption("--input-mint <address>", "Input token mint address").requiredOption("--output-mint <address>", "Output token mint address").requiredOption("--amount <amount>", "Amount to swap (UI amount, decimals auto-resolved)").option("--swap-mode <mode>", "Swap mode: in or out", "in").option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview the swap without generating a transaction").action(async (options, cmdObj) => {
+  return new Command("execute").description("Preview, sign, or emit a swap transaction").requiredOption("--input-mint <address>", "Input token mint address").requiredOption("--output-mint <address>", "Output token mint address").requiredOption("--amount <amount>", "Amount to swap (UI amount, decimals auto-resolved)").option("--swap-mode <mode>", "Swap mode: in or out", "in").option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview the swap without generating a transaction").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    let mode;
+    try {
+      mode = resolveExecutionMode(options);
+    } catch (e) {
+      emitError(format, e);
+    }
     const userPublicKey = globalOptions.walletAddress;
     if (!userPublicKey) {
-      const err2 = missingWalletAddressError();
-      if (format === "json") {
-        outputErrorJson(err2.toJSON());
-      } else {
-        outputErrorTable(err2.toJSON());
-      }
-      process.exit(1);
+      emitError(format, missingWalletAddressError());
     }
     try {
       new import_web3124.PublicKey(userPublicKey);
@@ -89361,12 +90088,12 @@ Error: Invalid wallet address: ${userPublicKey}`));
         userPublicKey
       });
       if (!quoteResult.ok) {
-        if (format === "json") {
-          outputErrorJson(quoteResult.error);
-        } else {
-          outputErrorTable(quoteResult.error);
-        }
-        process.exit(1);
+        emitError(format, new ByrealError({
+          code: quoteResult.error.code,
+          type: quoteResult.error.type,
+          message: quoteResult.error.message,
+          retryable: quoteResult.error.retryable
+        }));
       }
       const quote = quoteResult.value;
       const { uiInAmount, uiOutAmount } = await resolveUiAmounts(quote);
@@ -89389,7 +90116,7 @@ Error: Invalid wallet address: ${userPublicKey}`));
           outputJson({ mode: "dry-run", ...quote, uiInAmount, uiOutAmount, inAmountUsd, outAmountUsd }, startTime);
         } else {
           outputSwapQuoteTable(quote, uiInAmount, uiOutAmount);
-          console.log(source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction"));
+          console.log(source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy."));
         }
         return;
       }
@@ -89403,16 +90130,30 @@ Error: ${errMsg}`));
         }
         process.exit(1);
       }
-      console.log(JSON.stringify({ unsignedTransactions: [quote.transaction] }));
-    } catch (e) {
-      const message = e.message || "Failed to resolve token decimals";
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [quote.transaction] }));
+        return;
+      }
+      const ctx = requirePrivyContext(userPublicKey);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, quote.transaction);
+      if (!broadcast.ok) {
+        emitError(format, broadcast.error);
+      }
       if (format === "json") {
-        outputErrorJson({ code: "VALIDATION_ERROR", type: "VALIDATION", message, retryable: false });
+        outputJson(
+          {
+            signature: broadcast.value.signature,
+            explorer: `https://solscan.io/tx/${broadcast.value.signature}`,
+            quote: { ...quote, uiInAmount, uiOutAmount }
+          },
+          startTime
+        );
       } else {
-        console.error(source_default.red(`
-Error: ${message}`));
+        outputTransactionResult(broadcast.value.signature);
       }
-      process.exit(1);
+    } catch (e) {
+      emitError(format, e);
     }
   });
 }
@@ -89628,11 +90369,11 @@ function createPositionsOpenCommand() {
   ).option(
     "--amount-usd <usd>",
     "Investment amount in USD (auto-calculates token split, mutually exclusive with --amount)"
-  ).option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview the position without opening").action(async (options, cmdObj) => {
+  ).option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview the position without opening").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const err2 = missingWalletAddressError();
@@ -89876,7 +90617,7 @@ function createPositionsOpenCommand() {
           } else {
             console.log(source_default.green("\n  Balance check: sufficient"));
             console.log(
-              source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction")
+              source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy.")
             );
           }
         }
@@ -89892,7 +90633,29 @@ function createPositionsOpenCommand() {
         otherAmountMax
       });
       const base64 = serializeTransaction(result.transaction);
-      console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, base64);
+      if (!broadcast.ok) {
+        if (format === "json") outputErrorJson(broadcast.error.toJSON());
+        else outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson(
+          {
+            signature: broadcast.value.signature,
+            explorer: `https://solscan.io/tx/${broadcast.value.signature}`
+          },
+          startTime
+        );
+      } else {
+        outputTransactionResult(broadcast.value.signature);
+      }
     } catch (e) {
       const message = e.message || "Unknown SDK error";
       if (format === "json") {
@@ -89923,11 +90686,11 @@ function createPositionsIncreaseCommand() {
   ).option(
     "--amount-usd <usd>",
     "Investment amount in USD (auto-calculates token split, mutually exclusive with --amount)"
-  ).option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview without executing").action(async (options, cmdObj) => {
+  ).option("--slippage <bps>", "Slippage tolerance in basis points").option("--raw", "Amount is already in raw (smallest unit) format").option("--dry-run", "Preview without executing").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const err2 = missingWalletAddressError();
@@ -90174,7 +90937,7 @@ Error: ${errMsg}`));
           } else {
             console.log(source_default.green("\n  Balance check: sufficient"));
             console.log(
-              source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction")
+              source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy.")
             );
           }
         }
@@ -90188,7 +90951,29 @@ Error: ${errMsg}`));
         otherAmountMax
       });
       const base64 = serializeTransaction(result.transaction);
-      console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, base64);
+      if (!broadcast.ok) {
+        if (format === "json") outputErrorJson(broadcast.error.toJSON());
+        else outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson(
+          {
+            signature: broadcast.value.signature,
+            explorer: `https://solscan.io/tx/${broadcast.value.signature}`
+          },
+          startTime
+        );
+      } else {
+        outputTransactionResult(broadcast.value.signature);
+      }
     } catch (e) {
       const message = e.message || "Unknown SDK error";
       if (format === "json") {
@@ -90213,11 +90998,11 @@ function createPositionsDecreaseCommand() {
   return new Command("decrease").description("Remove part of the liquidity from a position (keeps position open)").requiredOption("--nft-mint <address>", "Position NFT mint address").option("--percentage <1-100>", "Percentage of liquidity to remove").option(
     "--amount-usd <usd>",
     "USD amount of liquidity to remove (mutually exclusive with --percentage)"
-  ).option("--slippage <bps>", "Slippage tolerance in basis points").option("--dry-run", "Preview without executing").action(async (options, cmdObj) => {
+  ).option("--slippage <bps>", "Slippage tolerance in basis points").option("--dry-run", "Preview without executing").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const hasPercentage = options.percentage !== void 0;
     const hasAmountUsd = options.amountUsd !== void 0;
     if (hasPercentage && hasAmountUsd) {
@@ -90403,7 +91188,7 @@ Error: ${errMsg}`));
         } else {
           outputPositionDecreasePreview(previewData);
           console.log(
-            source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction")
+            source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy.")
           );
         }
         return;
@@ -90425,7 +91210,29 @@ Error: ${errMsg}`));
         });
       }
       const base64 = serializeTransaction(result.transaction);
-      console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, base64);
+      if (!broadcast.ok) {
+        if (format === "json") outputErrorJson(broadcast.error.toJSON());
+        else outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson(
+          {
+            signature: broadcast.value.signature,
+            explorer: `https://solscan.io/tx/${broadcast.value.signature}`
+          },
+          startTime
+        );
+      } else {
+        outputTransactionResult(broadcast.value.signature);
+      }
     } catch (e) {
       const message = e.message || "Unknown SDK error";
       if (format === "json") {
@@ -90447,11 +91254,11 @@ SDK Error: ${message}`));
   });
 }
 function createPositionsCloseCommand() {
-  return new Command("close").description("Close a position (remove all liquidity)").requiredOption("--nft-mint <address>", "Position NFT mint address").option("--slippage <bps>", "Slippage tolerance in basis points").option("--dry-run", "Preview the close without executing").action(async (options, cmdObj) => {
+  return new Command("close").description("Close a position (remove all liquidity)").requiredOption("--nft-mint <address>", "Position NFT mint address").option("--slippage <bps>", "Slippage tolerance in basis points").option("--dry-run", "Preview the close without executing").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const err2 = missingWalletAddressError();
@@ -90525,7 +91332,7 @@ Error: ${errMsg}`));
         } else {
           outputPositionClosePreview(previewData);
           console.log(
-            source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction")
+            source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy.")
           );
         }
         return;
@@ -90538,7 +91345,29 @@ Error: ${errMsg}`));
         slippage
       });
       const base64 = serializeTransaction(result.transaction);
-      console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, base64);
+      if (!broadcast.ok) {
+        if (format === "json") outputErrorJson(broadcast.error.toJSON());
+        else outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson(
+          {
+            signature: broadcast.value.signature,
+            explorer: `https://solscan.io/tx/${broadcast.value.signature}`
+          },
+          startTime
+        );
+      } else {
+        outputTransactionResult(broadcast.value.signature);
+      }
     } catch (e) {
       const message = e.message || "Unknown SDK error";
       if (format === "json") {
@@ -90563,11 +91392,11 @@ function createPositionsClaimCommand() {
   return new Command("claim").description("Claim accumulated fees from positions").requiredOption(
     "--nft-mints <addresses>",
     "Comma-separated NFT mint addresses (from positions list)"
-  ).option("--dry-run", "Preview the claim without executing").action(async (options, cmdObj) => {
+  ).option("--dry-run", "Preview the claim without executing").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const err2 = missingWalletAddressError();
@@ -90671,20 +91500,53 @@ Error: ${errMsg}`));
         outputJson({ mode: "dry-run", entries: enrichedEntries }, startTime);
       } else {
         outputPositionClaimPreview(enrichedEntries);
-        console.log(source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction(s)"));
+        console.log(source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy."));
       }
       return;
     }
     const unsignedTransactions = entries.map((entry) => entry.txPayload);
-    console.log(JSON.stringify({ unsignedTransactions }));
+    if (mode === "unsigned-tx") {
+      console.log(JSON.stringify({ unsignedTransactions }));
+      return;
+    }
+    try {
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastMany(ctx, unsignedTransactions);
+      if (!broadcast.ok) {
+        if (format === "json") outputErrorJson(broadcast.error.toJSON());
+        else outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson(broadcast.value, startTime);
+      } else {
+        outputMultiBroadcastResult(broadcast.value);
+      }
+      if (broadcast.value.failCount > 0) process.exit(1);
+    } catch (e) {
+      if (e instanceof ByrealError) {
+        if (format === "json") outputErrorJson(e.toJSON());
+        else outputErrorTable(e.toJSON());
+      } else {
+        const message = e.message || "Unknown error";
+        if (format === "json") {
+          outputErrorJson({ code: "UNKNOWN_ERROR", type: "SYSTEM", message, retryable: false });
+        } else {
+          console.error(source_default.red(`
+Error: ${message}`));
+        }
+      }
+      process.exit(1);
+    }
   });
 }
 function createPositionsClaimRewardsCommand() {
-  return new Command("claim-rewards").description("Claim incentive rewards from positions").option("--dry-run", "Preview unclaimed rewards without claiming").action(async (options, cmdObj) => {
+  return new Command("claim-rewards").description("Claim incentive rewards from positions").option("--dry-run", "Preview unclaimed rewards without claiming").option("--execute", "Sign via Privy and submit to backend (default emits unsigned tx for external signers)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const err2 = missingWalletAddressError();
@@ -90744,7 +91606,7 @@ function createPositionsClaimRewardsCommand() {
             console.log(source_default.gray("\n  No unclaimed incentive rewards.\n"));
           } else {
             console.log(
-              source_default.yellow("\n  Remove --dry-run to generate the unsigned transaction(s)")
+              source_default.yellow("\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy.")
             );
           }
         }
@@ -90762,6 +91624,7 @@ function createPositionsClaimRewardsCommand() {
         return;
       }
       const positionAddresses = [...new Set(allRewards.map((r) => r.positionAddress))];
+      if (mode === "execute") requirePrivyContext(walletAddress);
       const encodeResult = await api.encodeReward({
         walletAddress,
         positionAddresses,
@@ -90787,14 +91650,52 @@ function createPositionsClaimRewardsCommand() {
         }
         return;
       }
-      const txPayloads = rewardEncodeItems.map((item) => ({
-        poolAddress: item.poolAddress,
-        txPayload: item.txPayload,
-        txCode: item.txCode,
-        tokens: item.rewardClaimInfo
-      }));
-      console.log(JSON.stringify({ orderCode, unsignedTransactions: txPayloads }));
+      if (mode === "unsigned-tx") {
+        const txPayloads = rewardEncodeItems.map((item) => ({
+          poolAddress: item.poolAddress,
+          txPayload: item.txPayload,
+          txCode: item.txCode,
+          tokens: item.rewardClaimInfo
+        }));
+        console.log(JSON.stringify({ orderCode, unsignedTransactions: txPayloads }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const signResult = await privySignMany(
+        ctx,
+        rewardEncodeItems.map((item) => item.txPayload)
+      );
+      if (!signResult.ok) {
+        if (format === "json") outputErrorJson(signResult.error.toJSON());
+        else outputErrorTable(signResult.error.toJSON());
+        process.exit(1);
+      }
+      const submitResult = await api.submitRewardOrder({
+        orderCode,
+        walletAddress,
+        signedTxPayload: rewardEncodeItems.map((item, i) => ({
+          txCode: item.txCode,
+          poolAddress: item.poolAddress,
+          signedTx: signResult.value.signedTxs[i].signedTx
+        }))
+      });
+      if (!submitResult.ok) {
+        if (format === "json") outputErrorJson(submitResult.error);
+        else outputErrorTable(submitResult.error);
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson(submitResult.value, startTime);
+      } else {
+        outputRewardOrderResult(submitResult.value);
+      }
     } catch (e) {
+      if (e instanceof ByrealError) {
+        if (format === "json") outputErrorJson(e.toJSON());
+        else outputErrorTable(e.toJSON());
+        process.exit(1);
+      }
       const message = e.message || "Unknown error";
       if (format === "json") {
         outputErrorJson({ code: "SDK_ERROR", type: "SYSTEM", message, retryable: false });
@@ -90810,11 +91711,11 @@ Error: ${message}`));
   });
 }
 function createPositionsClaimBonusCommand() {
-  return new Command("claim-bonus").description("Claim CopyFarmer bonus rewards").option("--dry-run", "Preview claimable bonus without claiming").action(async (options, cmdObj) => {
+  return new Command("claim-bonus").description("Claim CopyFarmer bonus rewards").option("--dry-run", "Preview claimable bonus without claiming").option("--execute", "Sign via Privy and submit to backend (default emits unsigned tx for external signers)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const err2 = missingWalletAddressError();
@@ -90865,7 +91766,7 @@ function createPositionsClaimBonusCommand() {
           outputBonusPreview(overview, epochs);
           if (canClaim) {
             console.log(
-              source_default.yellow(`  Remove --dry-run to claim $${claimableEpoch.totalBonusUsd} bonus
+              source_default.yellow(`  Remove --dry-run to emit an unsigned tx; add --execute to claim $${claimableEpoch.totalBonusUsd} bonus via Privy.
 `)
             );
           } else {
@@ -90885,6 +91786,7 @@ function createPositionsClaimBonusCommand() {
         }
         return;
       }
+      if (mode === "execute") requirePrivyContext(walletAddress);
       const encodeResult = await api.encodeReward({
         walletAddress,
         positionAddresses: [],
@@ -90910,14 +91812,52 @@ function createPositionsClaimBonusCommand() {
         }
         return;
       }
-      const txPayloads = rewardEncodeItems.map((item) => ({
-        poolAddress: item.poolAddress,
-        txPayload: item.txPayload,
-        txCode: item.txCode,
-        tokens: item.rewardClaimInfo
-      }));
-      console.log(JSON.stringify({ orderCode, unsignedTransactions: txPayloads }));
+      if (mode === "unsigned-tx") {
+        const txPayloads = rewardEncodeItems.map((item) => ({
+          poolAddress: item.poolAddress,
+          txPayload: item.txPayload,
+          txCode: item.txCode,
+          tokens: item.rewardClaimInfo
+        }));
+        console.log(JSON.stringify({ orderCode, unsignedTransactions: txPayloads }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const signResult = await privySignMany(
+        ctx,
+        rewardEncodeItems.map((item) => item.txPayload)
+      );
+      if (!signResult.ok) {
+        if (format === "json") outputErrorJson(signResult.error.toJSON());
+        else outputErrorTable(signResult.error.toJSON());
+        process.exit(1);
+      }
+      const submitResult = await api.submitRewardOrder({
+        orderCode,
+        walletAddress,
+        signedTxPayload: rewardEncodeItems.map((item, i) => ({
+          txCode: item.txCode,
+          poolAddress: item.poolAddress,
+          signedTx: signResult.value.signedTxs[i].signedTx
+        }))
+      });
+      if (!submitResult.ok) {
+        if (format === "json") outputErrorJson(submitResult.error);
+        else outputErrorTable(submitResult.error);
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson(submitResult.value, startTime);
+      } else {
+        outputRewardOrderResult(submitResult.value);
+      }
     } catch (e) {
+      if (e instanceof ByrealError) {
+        if (format === "json") outputErrorJson(e.toJSON());
+        else outputErrorTable(e.toJSON());
+        process.exit(1);
+      }
       const message = e.message || "Unknown error";
       if (format === "json") {
         outputErrorJson({ code: "SDK_ERROR", type: "SYSTEM", message, retryable: false });
@@ -91181,11 +92121,11 @@ function createTopPositionsCommand() {
 function createCopyPositionCommand() {
   return new Command("copy").description(
     "Copy an existing position with referral bonus"
-  ).requiredOption("--position <address>", "Position PDA address to copy").requiredOption("--amount-usd <usd>", "Investment amount in USD").option("--slippage <bps>", "Slippage tolerance in basis points").option("--dry-run", "Preview the copy without executing").action(async (options, cmdObj) => {
+  ).requiredOption("--position <address>", "Position PDA address to copy").requiredOption("--amount-usd <usd>", "Investment amount in USD").option("--slippage <bps>", "Slippage tolerance in basis points").option("--dry-run", "Preview the copy without executing").option("--execute", "Sign + broadcast on-chain via Privy (default emits unsigned tx for back-compat)").action(async (options, cmdObj) => {
     const globalOptions = cmdObj.optsWithGlobals();
     const format = globalOptions.output;
     const startTime = Date.now();
-    const mode = resolveExecutionMode(options);
+    const mode = safeResolveExecutionMode(options, format);
     const walletAddress = globalOptions.walletAddress;
     if (!walletAddress) {
       const err2 = missingWalletAddressError();
@@ -91368,7 +92308,7 @@ Error: ${errMsg}`));
             console.log(source_default.green("\n  Balance check: sufficient"));
             console.log(
               source_default.yellow(
-                "\n  Remove --dry-run to generate the unsigned transaction"
+                "\n  Remove --dry-run to emit an unsigned transaction; add --execute to sign + broadcast via Privy."
               )
             );
           }
@@ -91386,7 +92326,29 @@ Error: ${errMsg}`));
         refererPosition: options.position
       });
       const base64 = serializeTransaction(result.transaction);
-      console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+      if (mode === "unsigned-tx") {
+        console.log(JSON.stringify({ unsignedTransactions: [base64] }));
+        return;
+      }
+      const ctx = requirePrivyContext(walletAddress);
+      printPrivySignBanner();
+      const broadcast = await privyBroadcastOne(ctx, base64);
+      if (!broadcast.ok) {
+        if (format === "json") outputErrorJson(broadcast.error.toJSON());
+        else outputErrorTable(broadcast.error.toJSON());
+        process.exit(1);
+      }
+      if (format === "json") {
+        outputJson(
+          {
+            signature: broadcast.value.signature,
+            explorer: `https://solscan.io/tx/${broadcast.value.signature}`
+          },
+          startTime
+        );
+      } else {
+        outputTransactionResult(broadcast.value.signature);
+      }
     } catch (e) {
       const message = e.message || "Unknown SDK error";
       if (format === "json") {