@chainstream-io/cli 0.0.1

package/dist/index.js

@@ -0,0 +1,1468 @@
+#!/usr/bin/env node
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/lib/constants.ts
+var CHAINSTREAM_API_URL, TURNKEY_AUTH_PROXY_CONFIG_ID, SOLANA_RPC_URL, BASE_RPC_URL, BASE_CHAIN_ID;
+var init_constants = __esm({
+  "src/lib/constants.ts"() {
+    "use strict";
+    CHAINSTREAM_API_URL = process.env.CHAINSTREAM_API_URL ?? "https://api.chainstream.io";
+    TURNKEY_AUTH_PROXY_CONFIG_ID = process.env.TURNKEY_AUTH_PROXY_CONFIG_ID ?? "";
+    SOLANA_RPC_URL = process.env.SOLANA_RPC_URL ?? "https://api.mainnet-beta.solana.com";
+    BASE_RPC_URL = process.env.BASE_RPC_URL ?? "https://mainnet.base.org";
+    BASE_CHAIN_ID = Number(process.env.BASE_CHAIN_ID ?? "8453");
+  }
+});
+
+// src/lib/config.ts
+var config_exports = {};
+__export(config_exports, {
+  getConfigDir: () => getConfigDir,
+  getWalletMode: () => getWalletMode,
+  loadConfig: () => loadConfig,
+  saveConfig: () => saveConfig,
+  updateConfig: () => updateConfig
+});
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+function getConfigDir() {
+  if (!existsSync(CONFIG_DIR)) {
+    mkdirSync(CONFIG_DIR, { recursive: true });
+  }
+  return CONFIG_DIR;
+}
+function loadConfig() {
+  const defaults = {
+    baseUrl: CHAINSTREAM_API_URL
+  };
+  if (!existsSync(CONFIG_FILE)) return defaults;
+  try {
+    const raw = readFileSync(CONFIG_FILE, "utf-8");
+    const parsed = JSON.parse(raw);
+    return { ...defaults, ...parsed };
+  } catch {
+    return defaults;
+  }
+}
+function saveConfig(config) {
+  getConfigDir();
+  writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2) + "\n", "utf-8");
+}
+function updateConfig(patch) {
+  const current = loadConfig();
+  saveConfig({ ...current, ...patch });
+}
+function getWalletMode(config) {
+  if (config.turnkey?.sessionToken) return "turnkey";
+  if (config.rawWallet?.key) return "raw";
+  return void 0;
+}
+var CONFIG_DIR, CONFIG_FILE;
+var init_config = __esm({
+  "src/lib/config.ts"() {
+    "use strict";
+    init_constants();
+    CONFIG_DIR = join(homedir(), ".config", "chainstream");
+    CONFIG_FILE = join(CONFIG_DIR, "config.json");
+  }
+});
+
+// src/wallet/raw-wallet.ts
+import { privateKeyToAccount } from "viem/accounts";
+import { Keypair, VersionedTransaction } from "@solana/web3.js";
+import { sign as ed25519Sign } from "crypto";
+function bs58Decode(str) {
+  const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+  const BASE = 58;
+  const result = [0];
+  for (const char of str) {
+    let carry = ALPHABET.indexOf(char);
+    if (carry < 0) throw new Error(`Invalid base58 character: ${char}`);
+    for (let j = 0; j < result.length; j++) {
+      carry += result[j] * BASE;
+      result[j] = carry & 255;
+      carry >>= 8;
+    }
+    while (carry > 0) {
+      result.push(carry & 255);
+      carry >>= 8;
+    }
+  }
+  for (const char of str) {
+    if (char !== "1") break;
+    result.push(0);
+  }
+  return new Uint8Array(result.reverse());
+}
+var RawKeyWallet;
+var init_raw_wallet = __esm({
+  "src/wallet/raw-wallet.ts"() {
+    "use strict";
+    RawKeyWallet = class {
+      chain;
+      address;
+      privateKey;
+      constructor(key, chain) {
+        this.chain = chain;
+        this.privateKey = key;
+        if (chain === "evm") {
+          const hex = key.startsWith("0x") ? key : `0x${key}`;
+          const account = privateKeyToAccount(hex);
+          this.address = account.address;
+        } else {
+          const decoded = bs58Decode(key);
+          const keypair = Keypair.fromSecretKey(decoded);
+          this.address = keypair.publicKey.toBase58();
+        }
+      }
+      async signMessage(message) {
+        if (this.chain === "evm") {
+          const hex = this.privateKey.startsWith("0x") ? this.privateKey : `0x${this.privateKey}`;
+          const account = privateKeyToAccount(hex);
+          return account.signMessage({ message });
+        }
+        const decoded = bs58Decode(this.privateKey);
+        const secretKeyRaw = decoded.slice(0, 32);
+        const pkcs8Prefix = Buffer.from("302e020100300506032b657004220420", "hex");
+        const pkcs8Der = Buffer.concat([pkcs8Prefix, Buffer.from(secretKeyRaw)]);
+        const msgBytes = Buffer.from(message, "utf-8");
+        const sig = ed25519Sign(null, msgBytes, { key: pkcs8Der, format: "der", type: "pkcs8" });
+        return sig.toString("hex");
+      }
+      async signTransaction(serializedTx) {
+        const txBytes = Buffer.from(serializedTx, "base64");
+        if (this.chain === "solana") {
+          const tx = VersionedTransaction.deserialize(new Uint8Array(txBytes));
+          const decoded = bs58Decode(this.privateKey);
+          const keypair = Keypair.fromSecretKey(decoded);
+          tx.sign([keypair]);
+          return Buffer.from(tx.serialize()).toString("base64");
+        }
+        const hex = this.privateKey.startsWith("0x") ? this.privateKey : `0x${this.privateKey}`;
+        const account = privateKeyToAccount(hex);
+        const signedHex = await account.signTransaction({ type: "legacy" });
+        return Buffer.from(signedHex.slice(2), "hex").toString("base64");
+      }
+    };
+  }
+});
+
+// src/lib/turnkey.ts
+import { createSign, generateKeyPairSync } from "crypto";
+function generateP256KeyPair() {
+  const { publicKey, privateKey } = generateKeyPairSync("ec", {
+    namedCurve: "prime256v1",
+    publicKeyEncoding: { type: "spki", format: "der" },
+    privateKeyEncoding: { type: "pkcs8", format: "der" }
+  });
+  const pubBuf = Buffer.from(publicKey);
+  const uncompressedBytes = pubBuf.subarray(26);
+  const x = uncompressedBytes.subarray(1, 33);
+  const y = uncompressedBytes.subarray(33, 65);
+  const prefix = y[31] % 2 === 0 ? 2 : 3;
+  const compressedHex = Buffer.concat([Buffer.from([prefix]), x]).toString("hex");
+  const uncompressedHex = Buffer.from(uncompressedBytes).toString("hex");
+  return {
+    publicKeyHex: compressedHex,
+    uncompressedPublicKeyHex: uncompressedHex,
+    privateKeyDer: Buffer.from(privateKey).toString("base64")
+  };
+}
+function signRawP256(message, privateKeyDerBase64) {
+  const signer = createSign("SHA256");
+  signer.update(message);
+  signer.end();
+  const derSig = signer.sign({
+    key: Buffer.from(privateKeyDerBase64, "base64"),
+    format: "der",
+    type: "pkcs8"
+  });
+  return derToRawSignature(derSig);
+}
+function derToRawSignature(der) {
+  let offset = 0;
+  if (der[offset++] !== 48) throw new Error("Invalid DER signature");
+  offset++;
+  if (der[offset++] !== 2) throw new Error("Invalid DER signature");
+  const rLen = der[offset++];
+  const rBytes = der.subarray(offset, offset + rLen);
+  offset += rLen;
+  if (der[offset++] !== 2) throw new Error("Invalid DER signature");
+  const sLen = der[offset++];
+  const sBytes = der.subarray(offset, offset + sLen);
+  const r = padOrTrimTo32(rBytes);
+  const s = padOrTrimTo32(sBytes);
+  return Buffer.concat([r, s]).toString("hex");
+}
+function padOrTrimTo32(buf) {
+  if (buf.length === 32) return buf;
+  if (buf.length === 33 && buf[0] === 0) return buf.subarray(1);
+  if (buf.length < 32) {
+    const padded = Buffer.alloc(32);
+    buf.copy(padded, 32 - buf.length);
+    return padded;
+  }
+  return buf.subarray(buf.length - 32);
+}
+function decodeJwtPayload(jwt) {
+  const parts = jwt.split(".");
+  if (parts.length !== 3) throw new Error("Invalid JWT");
+  const payloadB64 = parts[1].replace(/-/g, "+").replace(/_/g, "/");
+  return JSON.parse(Buffer.from(payloadB64, "base64").toString("utf-8"));
+}
+async function proxyRequest(path, body, configId) {
+  if (!configId) throw new Error("TURNKEY_AUTH_PROXY_CONFIG_ID not configured.");
+  const res = await fetch(`${AUTH_PROXY_BASE}${path}`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "X-Auth-Proxy-Config-ID": configId
+    },
+    body: JSON.stringify(body)
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    let detail = text;
+    try {
+      detail = JSON.parse(text).message ?? text;
+    } catch {
+    }
+    throw new Error(`Turnkey auth proxy error (${res.status}): ${detail}`);
+  }
+  return res.json();
+}
+async function otpInit(email, configId) {
+  return proxyRequest("/v1/otp_init", { otpType: "OTP_TYPE_EMAIL", contact: email }, configId);
+}
+async function otpVerify(otpId, otpCode, publicKeyHex, configId) {
+  return proxyRequest("/v1/otp_verify", { otpId, otpCode, publicKey: publicKeyHex }, configId);
+}
+async function checkAccount(email, configId, verificationToken) {
+  try {
+    const result = await proxyRequest(
+      "/v1/account",
+      { filterType: "EMAIL", filterValue: email, ...verificationToken && { verificationToken } },
+      configId
+    );
+    return { exists: !!result.organizationId, organizationId: result.organizationId };
+  } catch {
+    return { exists: false };
+  }
+}
+async function signup(email, configId, verificationToken, publicKeyHex, privateKeyDer) {
+  const decoded = decodeJwtPayload(verificationToken);
+  const verificationPublicKey = decoded.public_key ?? publicKeyHex;
+  const signupBody = {
+    userName: email.split("@")[0],
+    organizationName: email,
+    userEmail: email,
+    verificationToken,
+    apiKeys: [],
+    authenticators: [],
+    oauthProviders: [],
+    wallet: {
+      walletName: "ChainStream Wallet",
+      accounts: [
+        { curve: "CURVE_SECP256K1", pathFormat: "PATH_FORMAT_BIP32", path: "m/44'/60'/0'/0/0", addressFormat: "ADDRESS_FORMAT_ETHEREUM" },
+        { curve: "CURVE_ED25519", pathFormat: "PATH_FORMAT_BIP32", path: "m/44'/501'/0'/0'", addressFormat: "ADDRESS_FORMAT_SOLANA" }
+      ]
+    }
+  };
+  const signatureMessage = JSON.stringify({
+    signup: { email, apiKeys: signupBody.apiKeys, authenticators: signupBody.authenticators, oauthProviders: signupBody.oauthProviders },
+    tokenId: decoded.id,
+    type: "USAGE_TYPE_SIGNUP"
+  });
+  const signature = signRawP256(signatureMessage, privateKeyDer);
+  return proxyRequest("/v1/signup", {
+    ...signupBody,
+    clientSignature: {
+      message: signatureMessage,
+      publicKey: verificationPublicKey,
+      scheme: "CLIENT_SIGNATURE_SCHEME_API_P256",
+      signature
+    }
+  }, configId);
+}
+async function otpLogin(verificationToken, publicKeyHex, privateKeyDerBase64, configId) {
+  const decoded = decodeJwtPayload(verificationToken);
+  const tokenUsageMessage = JSON.stringify({
+    login: { publicKey: publicKeyHex },
+    tokenId: decoded.id,
+    type: "USAGE_TYPE_LOGIN"
+  });
+  const signature = signRawP256(tokenUsageMessage, privateKeyDerBase64);
+  return proxyRequest("/v1/otp_login", {
+    verificationToken,
+    publicKey: publicKeyHex,
+    clientSignature: {
+      message: tokenUsageMessage,
+      publicKey: decoded.public_key ?? publicKeyHex,
+      scheme: "CLIENT_SIGNATURE_SCHEME_API_P256",
+      signature
+    }
+  }, configId);
+}
+async function completeLogin(otpId, otpCode, configId, email) {
+  const keyPair = generateP256KeyPair();
+  const { verificationToken } = await otpVerify(otpId, otpCode, keyPair.publicKeyHex, configId);
+  const account = await checkAccount(email, configId, verificationToken);
+  let isNewUser = false;
+  if (!account.exists) {
+    await signup(email, configId, verificationToken, keyPair.publicKeyHex, keyPair.privateKeyDer);
+    isNewUser = true;
+  }
+  const { session } = await otpLogin(verificationToken, keyPair.publicKeyHex, keyPair.privateKeyDer, configId);
+  const sessionPayload = decodeJwtPayload(session);
+  return {
+    session,
+    keyPair,
+    organizationId: sessionPayload.organization_id ?? "",
+    sessionExpiry: sessionPayload.exp,
+    isNewUser
+  };
+}
+function createApiStamp(body, publicKeyHex, privateKeyDerBase64) {
+  const signer = createSign("SHA256");
+  signer.update(body);
+  signer.end();
+  const signature = signer.sign({
+    key: Buffer.from(privateKeyDerBase64, "base64"),
+    format: "der",
+    type: "pkcs8"
+  });
+  const stamp = JSON.stringify({
+    publicKey: publicKeyHex,
+    scheme: "SIGNATURE_SCHEME_TK_API_P256",
+    signature: signature.toString("hex")
+  });
+  return Buffer.from(stamp).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+async function turnkeyRequest(path, body, creds) {
+  const bodyStr = JSON.stringify(body);
+  const stamp = createApiStamp(bodyStr, creds.publicKeyHex, creds.privateKeyDer);
+  const res = await fetch(`${TURNKEY_API_BASE}${path}`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json", "X-Stamp": stamp },
+    body: bodyStr
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`Turnkey API error (${res.status}): ${text}`);
+  }
+  return res.json();
+}
+async function refreshTurnkeySession(publicKeyHex, privateKeyDer, organizationId, expirationSeconds = 900) {
+  const newKeyPair = generateP256KeyPair();
+  const body = JSON.stringify({
+    type: "ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V2",
+    timestampMs: Date.now().toString(),
+    organizationId,
+    parameters: {
+      targetPublicKey: newKeyPair.uncompressedPublicKeyHex,
+      expirationSeconds: String(expirationSeconds)
+    }
+  });
+  const stampHeader = createApiStamp(body, publicKeyHex, privateKeyDer);
+  const res = await fetch(`${TURNKEY_API_BASE}/public/v1/submit/create_read_write_session`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json", "X-Stamp": stampHeader },
+    body
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`Turnkey session refresh failed (${res.status}): ${text}`);
+  }
+  const data = await res.json();
+  const session = data.activity?.result?.createReadWriteSessionResultV2?.session;
+  if (!session) throw new Error("Turnkey session refresh: no session in response");
+  const payload = decodeJwtPayload(session);
+  return { session, expiry: payload.exp };
+}
+async function listWalletAccounts(creds) {
+  const walletsData = await turnkeyRequest(
+    "/public/v1/query/list_wallets",
+    { organizationId: creds.organizationId },
+    creds
+  );
+  const allAccounts = [];
+  for (const wallet of walletsData.wallets ?? []) {
+    const accountsData = await turnkeyRequest(
+      "/public/v1/query/list_wallet_accounts",
+      { organizationId: creds.organizationId, walletId: wallet.walletId, paginationOptions: { limit: "100" } },
+      creds
+    );
+    for (const acct of accountsData.accounts ?? []) {
+      allAccounts.push(acct);
+    }
+  }
+  return allAccounts;
+}
+async function getEvmAddress(creds) {
+  const accounts = await listWalletAccounts(creds);
+  const evm = accounts.find((a) => a.addressFormat === "ADDRESS_FORMAT_ETHEREUM");
+  if (!evm) throw new Error("No EVM wallet found in Turnkey.");
+  return evm.address;
+}
+async function getSolanaAddress(creds) {
+  const accounts = await listWalletAccounts(creds);
+  const sol = accounts.find((a) => a.addressFormat === "ADDRESS_FORMAT_SOLANA");
+  if (!sol) throw new Error("No Solana wallet found in Turnkey.");
+  return sol.address;
+}
+var AUTH_PROXY_BASE, TURNKEY_API_BASE, TURNKEY_CONFIG_ID;
+var init_turnkey = __esm({
+  "src/lib/turnkey.ts"() {
+    "use strict";
+    init_constants();
+    AUTH_PROXY_BASE = "https://authproxy.turnkey.com";
+    TURNKEY_API_BASE = "https://api.turnkey.com";
+    TURNKEY_CONFIG_ID = TURNKEY_AUTH_PROXY_CONFIG_ID;
+  }
+});
+
+// src/wallet/turnkey-wallet.ts
+var TurnkeyWallet;
+var init_turnkey_wallet = __esm({
+  "src/wallet/turnkey-wallet.ts"() {
+    "use strict";
+    init_turnkey();
+    TurnkeyWallet = class _TurnkeyWallet {
+      chain;
+      address;
+      creds;
+      constructor(creds, chain, address) {
+        this.creds = creds;
+        this.chain = chain;
+        this.address = address;
+      }
+      static async create(creds) {
+        const [evmAddr, solAddr] = await Promise.all([
+          getEvmAddress(creds),
+          getSolanaAddress(creds)
+        ]);
+        return {
+          evm: new _TurnkeyWallet(creds, "evm", evmAddr),
+          solana: new _TurnkeyWallet(creds, "solana", solAddr)
+        };
+      }
+      async signMessage(message) {
+        const payloadHex = Buffer.from(message, "utf-8").toString("hex");
+        const result = await turnkeyRequest(
+          "/public/v1/submit/sign_raw_payload",
+          {
+            type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
+            timestampMs: Date.now().toString(),
+            organizationId: this.creds.organizationId,
+            parameters: {
+              signWith: this.address,
+              payload: payloadHex,
+              encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
+              hashFunction: this.chain === "evm" ? "HASH_FUNCTION_KECCAK256" : "HASH_FUNCTION_NOT_APPLICABLE"
+            }
+          },
+          this.creds
+        );
+        const sigResult = result.activity?.result?.signRawPayloadResult;
+        if (!sigResult) throw new Error("Turnkey signMessage: no signature in response");
+        if (this.chain === "evm") {
+          return `0x${sigResult.r}${sigResult.s}`;
+        }
+        return `${sigResult.r}${sigResult.s}`;
+      }
+      async signTransaction(serializedTx) {
+        const txBytes = Buffer.from(serializedTx, "base64");
+        const unsignedHex = txBytes.toString("hex");
+        const txType = this.chain === "evm" ? "TRANSACTION_TYPE_ETHEREUM" : "TRANSACTION_TYPE_SOLANA";
+        const result = await turnkeyRequest(
+          "/public/v1/submit/sign_transaction",
+          {
+            type: "ACTIVITY_TYPE_SIGN_TRANSACTION_V2",
+            timestampMs: Date.now().toString(),
+            organizationId: this.creds.organizationId,
+            parameters: {
+              signWith: this.address,
+              unsignedTransaction: unsignedHex,
+              type: txType
+            }
+          },
+          this.creds
+        );
+        const signedHex = result.activity?.result?.signTransactionResult?.signedTransaction;
+        if (!signedHex) throw new Error("Turnkey signTransaction: no signed tx in response");
+        return Buffer.from(signedHex, "hex").toString("base64");
+      }
+    };
+  }
+});
+
+// src/wallet/index.ts
+var wallet_exports = {};
+__export(wallet_exports, {
+  createWallet: () => createWallet,
+  createWalletWithAddresses: () => createWalletWithAddresses
+});
+function createWallet(config, mode) {
+  if (mode === "raw" && config.rawWallet) {
+    return new RawKeyWallet(config.rawWallet.key, config.rawWallet.chain);
+  }
+  if (mode === "turnkey" && config.turnkey) {
+    return new TurnkeyWallet(config.turnkey, "evm", "");
+  }
+  throw new Error(
+    "No wallet configured. Run:\n  chainstream login           # Create Turnkey wallet\n  chainstream wallet set-raw  # Use raw private key (dev)"
+  );
+}
+async function createWalletWithAddresses(config, mode) {
+  if (mode === "raw" && config.rawWallet) {
+    const w = new RawKeyWallet(config.rawWallet.key, config.rawWallet.chain);
+    return config.rawWallet.chain === "evm" ? { evm: w } : { solana: w };
+  }
+  if (mode === "turnkey" && config.turnkey) {
+    const wallets = await TurnkeyWallet.create(config.turnkey);
+    return { evm: wallets.evm, solana: wallets.solana };
+  }
+  throw new Error("No wallet configured.");
+}
+var init_wallet = __esm({
+  "src/wallet/index.ts"() {
+    "use strict";
+    init_raw_wallet();
+    init_turnkey_wallet();
+  }
+});
+
+// src/lib/x402.ts
+var x402_exports = {};
+__export(x402_exports, {
+  autoPurchaseOnDemand: () => autoPurchaseOnDemand,
+  getPricing: () => getPricing,
+  getX402Fetch: () => getX402Fetch
+});
+import { x402Client } from "@x402/core/client";
+import { wrapFetchWithPayment } from "@x402/fetch";
+import { ExactEvmScheme } from "@x402/evm/exact/client";
+import { privateKeyToAccount as privateKeyToAccount2 } from "viem/accounts";
+function getX402Fetch(config) {
+  if (_x402Fetch) return _x402Fetch;
+  const client = new x402Client();
+  if (config.rawWallet?.chain === "evm") {
+    const hex = config.rawWallet.key.startsWith("0x") ? config.rawWallet.key : `0x${config.rawWallet.key}`;
+    const account = privateKeyToAccount2(hex);
+    client.register("eip155:*", new ExactEvmScheme(account));
+  } else if (config.rawWallet?.chain === "solana") {
+    process.stderr.write("[chainstream] Auto-purchase only supports EVM wallets currently.\n");
+  }
+  _x402Fetch = wrapFetchWithPayment(fetch, client);
+  return _x402Fetch;
+}
+async function autoPurchaseOnDemand(config, plan = "nano") {
+  const x402Fetch = getX402Fetch(config);
+  process.stderr.write(`[chainstream] No active subscription. Auto-purchasing ${plan} plan...
+`);
+  try {
+    const resp = await x402Fetch(`${config.baseUrl}/x402/purchase`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ plan })
+    });
+    if (!resp.ok) {
+      const text = await resp.text().catch(() => "");
+      process.stderr.write(`[chainstream] Purchase failed (${resp.status}): ${text}
+`);
+      return { success: false };
+    }
+    const result = await resp.json();
+    process.stderr.write(`[chainstream] Subscription activated: ${result.plan} (expires: ${result.expires_at})
+`);
+    return {
+      success: true,
+      plan: result.plan,
+      expiresAt: result.expires_at
+    };
+  } catch (err) {
+    process.stderr.write(`[chainstream] Auto-purchase error: ${err instanceof Error ? err.message : err}
+`);
+    return { success: false };
+  }
+}
+async function getPricing(baseUrl) {
+  const resp = await fetch(`${baseUrl}/x402/pricing`);
+  if (!resp.ok) throw new Error(`Failed to get pricing (${resp.status})`);
+  return resp.json();
+}
+var _x402Fetch;
+var init_x402 = __esm({
+  "src/lib/x402.ts"() {
+    "use strict";
+    _x402Fetch = null;
+  }
+});
+
+// src/index.ts
+import { Command } from "commander";
+
+// src/lib/client.ts
+init_config();
+init_wallet();
+init_x402();
+import { ChainStreamClient } from "@chainstream-io/sdk";
+var _client = null;
+var _wallet = null;
+function createClient() {
+  if (_client) return _client;
+  const config = loadConfig();
+  const walletMode = getWalletMode(config);
+  if (walletMode) {
+    _wallet = createWallet(config, walletMode);
+    _client = new ChainStreamClient("", {
+      serverUrl: config.baseUrl,
+      walletSigner: _wallet
+    });
+    return _client;
+  }
+  if (config.apiKey) {
+    _client = new ChainStreamClient("", {
+      serverUrl: config.baseUrl,
+      apiKey: config.apiKey
+    });
+    return _client;
+  }
+  throw new Error(
+    "Not authenticated. Run one of:\n  chainstream login                  # Email OTP (creates Turnkey wallet)\n  chainstream login --key            # P-256 key (no email)\n  chainstream wallet set-raw         # Raw private key (dev)\n  chainstream config set --key apiKey --value <key>  # API key only"
+  );
+}
+function requireWallet() {
+  const config = loadConfig();
+  const walletMode = getWalletMode(config);
+  if (!walletMode) {
+    throw new Error(
+      "Wallet required for this operation. Run:\n  chainstream login           # Create Turnkey wallet\n  chainstream wallet set-raw  # Dev: use raw private key"
+    );
+  }
+  return createClient();
+}
+async function callWithAutoPayment(fn, retried = false) {
+  try {
+    return await fn();
+  } catch (err) {
+    const is402 = isPaymentRequired(err);
+    if (is402 && !retried && _wallet) {
+      const config = loadConfig();
+      const result = await autoPurchaseOnDemand(config);
+      if (result.success) {
+        _client = null;
+        createClient();
+        return callWithAutoPayment(fn, true);
+      }
+    }
+    throw err;
+  }
+}
+function isPaymentRequired(err) {
+  if (!err || typeof err !== "object") return false;
+  const axiosErr = err;
+  if (axiosErr.response?.status === 402) return true;
+  if (axiosErr.status === 402) return true;
+  if (axiosErr.message?.includes("402")) return true;
+  if (axiosErr.message?.includes("PAYMENT_REQUIRED")) return true;
+  return false;
+}
+
+// src/lib/validate.ts
+var VALID_CHAINS = /* @__PURE__ */ new Set(["sol", "bsc", "eth"]);
+var SOL_ADDRESS_RE = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+var EVM_ADDRESS_RE = /^0x[0-9a-fA-F]{40}$/;
+var CURRENCY_MAP = {
+  sol: {
+    SOL: "So11111111111111111111111111111111111111112",
+    USDC: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
+  },
+  bsc: {
+    BNB: "0x0000000000000000000000000000000000000000",
+    USDC: "0x8ac76a51cc950d9822d68b83fe1ad97b32cd580d"
+  },
+  eth: {
+    ETH: "0x0000000000000000000000000000000000000000",
+    USDC: "0xA0b86991c6218b36c1d19d4a2e9eb0ce3606eB48"
+  }
+};
+function validateChain(chain) {
+  if (!VALID_CHAINS.has(chain)) {
+    throw new Error(`Invalid chain "${chain}". Must be one of: ${[...VALID_CHAINS].join(", ")}`);
+  }
+}
+function validateAddress(address, chain) {
+  const isEvm = chain === "bsc" || chain === "eth";
+  const valid = isEvm ? EVM_ADDRESS_RE.test(address) : SOL_ADDRESS_RE.test(address);
+  if (!valid) {
+    throw new Error(`Invalid address for chain "${chain}": "${address}"`);
+  }
+}
+function validateSlippage(value) {
+  if (value < 1e-3 || value > 0.5) {
+    throw new Error(`Invalid slippage: ${value}. Must be between 0.001 (0.1%) and 0.5 (50%).`);
+  }
+}
+function resolveCurrency(nameOrAddress, chain) {
+  const upper = nameOrAddress.toUpperCase();
+  const resolved = CURRENCY_MAP[chain]?.[upper];
+  if (resolved) return resolved;
+  return nameOrAddress;
+}
+
+// src/lib/output.ts
+var EXPLORERS = {
+  sol: "https://solscan.io/tx/",
+  bsc: "https://bscscan.com/tx/",
+  eth: "https://etherscan.io/tx/"
+};
+function printResult(data, raw) {
+  if (raw) {
+    process.stdout.write(JSON.stringify(data) + "\n");
+  } else {
+    process.stdout.write(JSON.stringify(data, null, 2) + "\n");
+  }
+}
+function printError(message) {
+  process.stderr.write(`[chainstream] Error: ${message}
+`);
+}
+function exitOnError(err) {
+  const message = err instanceof Error ? err.message : String(err);
+  printError(message);
+  if (process.env.CHAINSTREAM_DEBUG && err instanceof Error && err.stack) {
+    process.stderr.write(err.stack + "\n");
+  }
+  process.exit(1);
+}
+function explorerUrl(chain, txHash) {
+  const base = EXPLORERS[chain] ?? EXPLORERS["eth"];
+  return `${base}${txHash}`;
+}
+
+// src/commands/token.ts
+function registerTokenCommands(program2) {
+  const token = program2.command("token").description("Token information and analytics");
+  token.command("search").description("Search tokens by keyword").requiredOption("--keyword <keyword>", "Search keyword (name, symbol, or address)").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").option("--limit <n>", "Max results", "20").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      const client = createClient();
+      const result = await callWithAutoPayment(
+        () => client.token.search({ q: opts.keyword, chains: [opts.chain], limit: Number(opts.limit) })
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  token.command("info").description("Get full token detail").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Token contract address").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.address, opts.chain);
+      const client = createClient();
+      const result = await callWithAutoPayment(
+        () => client.token.getToken(opts.chain, opts.address)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  token.command("security").description("Check token security (honeypot, mint auth, freeze auth)").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Token contract address").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.address, opts.chain);
+      const client = createClient();
+      const result = await callWithAutoPayment(
+        () => client.token.getSecurity(opts.chain, opts.address)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  token.command("holders").description("Get top token holders").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Token contract address").option("--limit <n>", "Max results", "20").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.address, opts.chain);
+      const client = createClient();
+      const result = await callWithAutoPayment(
+        () => client.token.getTopHolders(opts.chain, opts.address, { limit: Number(opts.limit) })
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  token.command("candles").description("Get OHLCV candlestick data").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Token contract address").requiredOption("--resolution <res>", "Resolution: 1m/5m/15m/1h/4h/1d").option("--from <timestamp>", "Start time (Unix seconds)").option("--to <timestamp>", "End time (Unix seconds)").option("--limit <n>", "Max candles", "100").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.address, opts.chain);
+      const client = createClient();
+      const params = {
+        resolution: opts.resolution,
+        limit: Number(opts.limit)
+      };
+      if (opts.from) params.from = Number(opts.from);
+      if (opts.to) params.to = Number(opts.to);
+      const result = await callWithAutoPayment(
+        () => client.token.getCandles(opts.chain, opts.address, params)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  token.command("pools").description("Get liquidity pools for a token").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Token contract address").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.address, opts.chain);
+      const client = createClient();
+      const result = await callWithAutoPayment(
+        () => client.token.getPools(opts.chain, opts.address)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+}
+
+// src/commands/market.ts
+function registerMarketCommands(program2) {
+  const market = program2.command("market").description("Market data and trending tokens");
+  market.command("trending").description("Get hot/trending tokens").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--duration <dur>", "Duration: 1h/6h/24h").option("--limit <n>", "Max results").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      const client = createClient();
+      const params = {};
+      if (opts.limit) params.limit = Number(opts.limit);
+      const result = await callWithAutoPayment(
+        () => client.ranking.getHotTokens(opts.chain, opts.duration, params)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  market.command("new").description("Get newly created tokens").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").option("--limit <n>", "Max results").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      const client = createClient();
+      const params = {};
+      if (opts.limit) params.limit = Number(opts.limit);
+      const result = await callWithAutoPayment(
+        () => client.ranking.getNewTokens(opts.chain, params)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  market.command("trades").description("Get recent trades").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").option("--token <address>", "Filter by token address").option("--limit <n>", "Max results").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      const client = createClient();
+      const params = {};
+      if (opts.token) params.tokenAddress = opts.token;
+      if (opts.limit) params.limit = Number(opts.limit);
+      const result = await callWithAutoPayment(
+        () => client.trade.getTrades(opts.chain, params)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+}
+
+// src/commands/wallet.ts
+init_config();
+import * as readline from "readline/promises";
+function registerWalletCommands(program2) {
+  const wallet = program2.command("wallet").description("Wallet analytics and management");
+  wallet.command("profile").description("Wallet profile: PnL + net worth + top holdings").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Wallet address").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.address, opts.chain);
+      const client = createClient();
+      const [pnl, netWorth, balance] = await callWithAutoPayment(
+        () => Promise.all([
+          client.wallet.getPnl(opts.chain, opts.address),
+          client.wallet.getNetWorth(opts.chain, opts.address),
+          client.wallet.getTokensBalance(opts.chain, opts.address)
+        ])
+      );
+      printResult({ pnl, netWorth, balance }, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  wallet.command("pnl").description("Get wallet PnL details").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Wallet address").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.address, opts.chain);
+      const client = createClient();
+      const result = await callWithAutoPayment(
+        () => client.wallet.getPnl(opts.chain, opts.address)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  wallet.command("holdings").description("Get wallet token balances").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Wallet address").option("--limit <n>", "Max results").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.address, opts.chain);
+      const client = createClient();
+      const params = {};
+      if (opts.limit) params.limit = Number(opts.limit);
+      const result = await callWithAutoPayment(
+        () => client.wallet.getTokensBalance(opts.chain, opts.address, params)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  wallet.command("activity").description("Get wallet transfer history").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Wallet address").option("--limit <n>", "Max results").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.address, opts.chain);
+      const client = createClient();
+      const params = {};
+      if (opts.limit) params.limit = Number(opts.limit);
+      const result = await callWithAutoPayment(
+        () => client.wallet.getWalletTransfers(opts.chain, opts.address, params)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  wallet.command("address").description("Show current wallet addresses").action(async () => {
+    try {
+      const config = loadConfig();
+      const walletMode = (await Promise.resolve().then(() => (init_config(), config_exports))).getWalletMode(config);
+      if (walletMode === "turnkey" && config.turnkey) {
+        const { createWalletWithAddresses: createWalletWithAddresses2 } = await Promise.resolve().then(() => (init_wallet(), wallet_exports));
+        const wallets = await createWalletWithAddresses2(config, "turnkey");
+        if (wallets.evm) process.stdout.write(`EVM:    ${wallets.evm.address}
+`);
+        if (wallets.solana) process.stdout.write(`Solana: ${wallets.solana.address}
+`);
+      } else if (config.rawWallet) {
+        const { createWallet: createWallet2 } = await Promise.resolve().then(() => (init_wallet(), wallet_exports));
+        const w = createWallet2(config, "raw");
+        process.stdout.write(`${w.chain.toUpperCase()}: ${w.address}
+`);
+      } else {
+        process.stdout.write("No wallet configured. Run: chainstream login\n");
+      }
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  wallet.command("balance").description("Show current wallet balance").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      const config = loadConfig();
+      let address;
+      if (config.rawWallet) {
+        const { createWallet: createWallet2 } = await Promise.resolve().then(() => (init_wallet(), wallet_exports));
+        address = createWallet2(config, "raw").address;
+      }
+      if (!address) throw new Error("No wallet configured. Run: chainstream login");
+      const client = createClient();
+      const result = await callWithAutoPayment(
+        () => client.wallet.getTokensBalance(opts.chain, address)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  wallet.command("set-raw").description("Set raw private key (dev/testing only)").requiredOption("--chain <chain>", "Chain: evm/solana").action(async (opts) => {
+    try {
+      const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+      process.stdout.write("\u26A0 WARNING: Raw private key will be stored in plaintext.\n");
+      process.stdout.write("  Use Turnkey (chainstream login) for production.\n\n");
+      const key = await rl.question("Enter private key: ");
+      rl.close();
+      if (!key.trim()) throw new Error("Empty key provided.");
+      updateConfig({
+        rawWallet: { key: key.trim(), chain: opts.chain }
+      });
+      process.stdout.write(`Raw wallet set (${opts.chain}). Run 'chainstream wallet address' to verify.
+`);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  wallet.command("pricing").description("Show available x402 quota plans").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      const config = loadConfig();
+      const { getPricing: getPricing2 } = await Promise.resolve().then(() => (init_x402(), x402_exports));
+      const plans = await getPricing2(config.baseUrl);
+      printResult(plans, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+}
+
+// src/commands/kyt.ts
+function registerKytCommands(program2) {
+  const kyt = program2.command("kyt").description("KYT address risk assessment");
+  kyt.command("risk").description("Assess address risk score").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--address <address>", "Address to assess").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.address, opts.chain);
+      const client = createClient();
+      const result = await callWithAutoPayment(
+        () => client.kyt.getAddressRisk(opts.address)
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+}
+
+// src/commands/dex.ts
+import * as readline2 from "readline/promises";
+function registerDexCommands(program2) {
+  const dex = program2.command("dex").description("DEX swap, quote, and token creation");
+  dex.command("quote").description("Get swap quote (read-only)").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--input-token <addr>", "Input token (address or SOL/ETH/BNB/USDC)").requiredOption("--output-token <addr>", "Output token (address or SOL/ETH/BNB/USDC)").requiredOption("--amount <amount>", "Input amount (smallest unit)").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      const inputToken = resolveCurrency(opts.inputToken, opts.chain);
+      const outputToken = resolveCurrency(opts.outputToken, opts.chain);
+      const client = createClient();
+      const result = await callWithAutoPayment(
+        () => client.dex.quote(opts.chain, {
+          inputMint: inputToken,
+          outputMint: outputToken,
+          amount: opts.amount
+        })
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  dex.command("swap").description("[FINANCIAL] Execute token swap (irreversible)").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--from <address>", "Sender wallet address").requiredOption("--input-token <addr>", "Input token (address or SOL/ETH/BNB/USDC)").requiredOption("--output-token <addr>", "Output token (address or SOL/ETH/BNB/USDC)").requiredOption("--amount <amount>", "Input amount (smallest unit)").option("--slippage <n>", "Slippage tolerance (e.g. 0.01 = 1%)", "0.01").option("--raw", "Single-line JSON output").option("--yes", "Skip confirmation prompt").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      validateAddress(opts.from, opts.chain);
+      if (opts.slippage) validateSlippage(Number(opts.slippage));
+      const inputToken = resolveCurrency(opts.inputToken, opts.chain);
+      const outputToken = resolveCurrency(opts.outputToken, opts.chain);
+      const client = requireWallet();
+      process.stderr.write("Fetching quote...\n");
+      const quote = await callWithAutoPayment(
+        () => client.dex.quote(opts.chain, {
+          inputMint: inputToken,
+          outputMint: outputToken,
+          amount: opts.amount
+        })
+      );
+      process.stderr.write("\n--- Swap Summary ---\n");
+      process.stderr.write(`Chain:        ${opts.chain}
+`);
+      process.stderr.write(`Input:        ${inputToken}
+`);
+      process.stderr.write(`Output:       ${outputToken}
+`);
+      process.stderr.write(`Amount:       ${opts.amount}
+`);
+      process.stderr.write(`Slippage:     ${opts.slippage}
+`);
+      process.stderr.write(`Quote:        ${JSON.stringify(quote)}
+`);
+      process.stderr.write("--------------------\n\n");
+      if (!opts.yes) {
+        const rl = readline2.createInterface({ input: process.stdin, output: process.stderr });
+        const answer = await rl.question("Confirm swap? (y/N): ");
+        rl.close();
+        if (answer.toLowerCase() !== "y") {
+          process.stderr.write("Swap cancelled.\n");
+          return;
+        }
+      }
+      process.stderr.write("Building transaction...\n");
+      const swapResult = await callWithAutoPayment(
+        () => client.dex.swap(opts.chain, {
+          userAddress: opts.from,
+          inputMint: inputToken,
+          outputMint: outputToken,
+          amount: opts.amount,
+          slippage: Number(opts.slippage)
+        })
+      );
+      const { createWallet: createWallet2 } = await Promise.resolve().then(() => (init_wallet(), wallet_exports));
+      const { loadConfig: loadConfig2, getWalletMode: getWalletMode2 } = await Promise.resolve().then(() => (init_config(), config_exports));
+      const config = loadConfig2();
+      const walletMode = getWalletMode2(config);
+      if (!walletMode) throw new Error("Wallet required for swap.");
+      const wallet = createWallet2(config, walletMode);
+      process.stderr.write("Signing transaction...\n");
+      const signedTx = await wallet.signTransaction(swapResult.serializedTx);
+      process.stderr.write("Broadcasting transaction...\n");
+      const sendResult = await client.transaction.send(opts.chain, {
+        signedTx
+      });
+      if (sendResult.jobId) {
+        process.stderr.write(`Job ${sendResult.jobId} submitted. Waiting for confirmation...
+`);
+        const jobResult = await client.waitForJob(sendResult.jobId);
+        const result = {
+          ...jobResult,
+          explorer: explorerUrl(opts.chain, (sendResult.signature ?? jobResult.hash) || "")
+        };
+        printResult(result, opts.raw);
+      } else {
+        const result = {
+          ...sendResult,
+          explorer: explorerUrl(opts.chain, sendResult.signature ?? "")
+        };
+        printResult(result, opts.raw);
+      }
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  dex.command("create").description("[FINANCIAL] Create token on launchpad").requiredOption("--chain <chain>", "Chain: sol/bsc/eth").requiredOption("--name <name>", "Token name").requiredOption("--symbol <symbol>", "Token symbol").requiredOption("--uri <uri>", "Metadata URI (IPFS/HTTP)").option("--platform <platform>", "Launchpad: pumpfun/raydium").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      validateChain(opts.chain);
+      const client = requireWallet();
+      const result = await callWithAutoPayment(
+        () => client.dex.createToken(opts.chain, {
+          name: opts.name,
+          symbol: opts.symbol,
+          uri: opts.uri,
+          platform: opts.platform
+        })
+      );
+      printResult(result, opts.raw);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+}
+
+// src/commands/job.ts
+function registerJobCommands(program2) {
+  const job = program2.command("job").description("Job status polling");
+  job.command("status").description("Check job status").requiredOption("--id <jobId>", "Job ID").option("--wait", "Wait for job completion via SSE").option("--timeout <ms>", "Wait timeout in milliseconds", "60000").option("--raw", "Single-line JSON output").action(async (opts) => {
+    try {
+      const client = createClient();
+      if (opts.wait) {
+        process.stderr.write(`Waiting for job ${opts.id}...
+`);
+        const result = await callWithAutoPayment(
+          () => client.waitForJob(opts.id, Number(opts.timeout))
+        );
+        printResult(result, opts.raw);
+      } else {
+        const result = await callWithAutoPayment(
+          () => client.job.get(opts.id)
+        );
+        printResult(result, opts.raw);
+      }
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+}
+
+// src/commands/auth.ts
+init_config();
+
+// src/lib/keystore.ts
+init_config();
+import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2, readdirSync, unlinkSync } from "fs";
+import { join as join2 } from "path";
+var KEYS_DIR = join2(getConfigDir(), "keys");
+var DEFAULT_PROFILE = "default";
+function ensureKeysDir() {
+  if (!existsSync2(KEYS_DIR)) {
+    mkdirSync2(KEYS_DIR, { recursive: true, mode: 448 });
+  }
+}
+function privatePath(profile) {
+  return join2(KEYS_DIR, `${profile}.private`);
+}
+function publicPath(profile) {
+  return join2(KEYS_DIR, `${profile}.public`);
+}
+function metaPath(profile) {
+  return join2(KEYS_DIR, `${profile}.json`);
+}
+function hasKey(profile = DEFAULT_PROFILE) {
+  return existsSync2(privatePath(profile)) && existsSync2(publicPath(profile));
+}
+function loadKey(profile = DEFAULT_PROFILE) {
+  if (!hasKey(profile)) return void 0;
+  try {
+    const privateKeyDer = readFileSync2(privatePath(profile), "utf-8").trim();
+    const publicKeyHex = readFileSync2(publicPath(profile), "utf-8").trim();
+    let uncompressedPublicKeyHex = "";
+    let organizationId;
+    if (existsSync2(metaPath(profile))) {
+      const meta = JSON.parse(readFileSync2(metaPath(profile), "utf-8"));
+      uncompressedPublicKeyHex = meta.uncompressedPublicKeyHex ?? "";
+      organizationId = meta.organizationId;
+    }
+    return { publicKeyHex, uncompressedPublicKeyHex, privateKeyDer, organizationId };
+  } catch {
+    return void 0;
+  }
+}
+function saveKey(keyPair, profile = DEFAULT_PROFILE) {
+  ensureKeysDir();
+  writeFileSync2(privatePath(profile), keyPair.privateKeyDer, { mode: 384 });
+  writeFileSync2(publicPath(profile), keyPair.publicKeyHex, { mode: 384 });
+  writeFileSync2(
+    metaPath(profile),
+    JSON.stringify({
+      uncompressedPublicKeyHex: keyPair.uncompressedPublicKeyHex,
+      ...keyPair.organizationId ? { organizationId: keyPair.organizationId } : {}
+    }, null, 2),
+    { mode: 384 }
+  );
+}
+
+// src/commands/auth.ts
+init_turnkey();
+import * as readline3 from "readline/promises";
+function registerAuthCommands(program2) {
+  program2.command("login").description("Authenticate via Email OTP (default) or P-256 key (--key)").argument("[email]", "Email address for OTP login").option("--key", "Use P-256 key login (no email required)").action(async (email, opts) => {
+    try {
+      if (opts.key) {
+        await doKeyLogin();
+      } else {
+        await doEmailLogin(email);
+      }
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  program2.command("verify").description("Verify email OTP (second step of login)").requiredOption("--otp-id <id>", "OTP ID from login step").requiredOption("--code <code>", "OTP code from email").requiredOption("--email <email>", "Email used in login step").action(async (opts) => {
+    try {
+      const configId = TURNKEY_CONFIG_ID;
+      if (!configId) throw new Error("TURNKEY_AUTH_PROXY_CONFIG_ID not set.");
+      process.stderr.write("Verifying OTP...\n");
+      const result = await completeLogin(opts.otpId, opts.code, configId, opts.email);
+      saveKey({
+        publicKeyHex: result.keyPair.publicKeyHex,
+        uncompressedPublicKeyHex: result.keyPair.uncompressedPublicKeyHex,
+        privateKeyDer: result.keyPair.privateKeyDer,
+        organizationId: result.organizationId
+      });
+      updateConfig({
+        turnkey: {
+          publicKeyHex: result.keyPair.publicKeyHex,
+          privateKeyDer: result.keyPair.privateKeyDer,
+          organizationId: result.organizationId,
+          sessionToken: result.session,
+          sessionExpiry: result.sessionExpiry
+        }
+      });
+      if (result.isNewUser) {
+        process.stdout.write("Welcome! Your ChainStream wallet has been created.\n");
+        process.stdout.write("Run 'chainstream wallet address' to see your addresses.\n");
+      } else {
+        process.stdout.write("Logged in successfully.\n");
+      }
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  program2.command("logout").description("Clear session (P-256 keys preserved)").action(() => {
+    const config = loadConfig();
+    if (config.turnkey) {
+      updateConfig({ turnkey: void 0 });
+      process.stdout.write("Logged out. P-256 keys preserved in ~/.config/chainstream/keys/\n");
+      process.stdout.write("Run 'chainstream login --key' to re-authenticate.\n");
+    } else {
+      process.stdout.write("Not logged in via Turnkey.\n");
+    }
+  });
+}
+async function doKeyLogin() {
+  const existingKey = loadKey();
+  if (existingKey?.organizationId) {
+    process.stderr.write("Refreshing session with existing P-256 key...\n");
+    const { session, expiry } = await refreshTurnkeySession(
+      existingKey.publicKeyHex,
+      existingKey.privateKeyDer,
+      existingKey.organizationId
+    );
+    updateConfig({
+      turnkey: {
+        publicKeyHex: existingKey.publicKeyHex,
+        privateKeyDer: existingKey.privateKeyDer,
+        organizationId: existingKey.organizationId,
+        sessionToken: session,
+        sessionExpiry: expiry
+      }
+    });
+    process.stdout.write("Logged in (key-based session refresh).\n");
+    return;
+  }
+  if (hasKey()) {
+    process.stderr.write("Found P-256 key but no organizationId.\n");
+    process.stderr.write("You need to complete initial login via email first.\n");
+    process.stderr.write("Run: chainstream login <your-email>\n");
+    return;
+  }
+  process.stderr.write("No existing key found.\n");
+  process.stderr.write("First-time users must log in via email to create a wallet:\n");
+  process.stderr.write("  chainstream login <your-email>\n\n");
+  process.stderr.write("After initial setup, you can use 'chainstream login --key' for future logins.\n");
+}
+async function doEmailLogin(email) {
+  const configId = TURNKEY_CONFIG_ID;
+  if (!configId) throw new Error("TURNKEY_AUTH_PROXY_CONFIG_ID not set. Contact ChainStream support.");
+  if (!email) {
+    const rl2 = readline3.createInterface({ input: process.stdin, output: process.stderr });
+    email = await rl2.question("Enter your email: ");
+    rl2.close();
+    if (!email?.trim()) throw new Error("Email required.");
+    email = email.trim();
+  }
+  process.stderr.write(`Sending OTP to ${email}...
+`);
+  const { otpId } = await otpInit(email, configId);
+  const rl = readline3.createInterface({ input: process.stdin, output: process.stderr });
+  const code = await rl.question("Enter OTP code: ");
+  rl.close();
+  if (!code?.trim()) throw new Error("OTP code required.");
+  process.stderr.write("Verifying...\n");
+  const result = await completeLogin(otpId, code.trim(), configId, email);
+  saveKey({
+    publicKeyHex: result.keyPair.publicKeyHex,
+    uncompressedPublicKeyHex: result.keyPair.uncompressedPublicKeyHex,
+    privateKeyDer: result.keyPair.privateKeyDer,
+    organizationId: result.organizationId
+  });
+  updateConfig({
+    turnkey: {
+      publicKeyHex: result.keyPair.publicKeyHex,
+      privateKeyDer: result.keyPair.privateKeyDer,
+      organizationId: result.organizationId,
+      sessionToken: result.session,
+      sessionExpiry: result.sessionExpiry
+    }
+  });
+  if (result.isNewUser) {
+    process.stdout.write("Welcome! Your ChainStream wallet has been created (EVM + Solana).\n");
+    process.stdout.write("Run 'chainstream wallet address' to see your addresses.\n");
+  } else {
+    process.stdout.write("Logged in successfully.\n");
+  }
+}
+
+// src/commands/config-cmd.ts
+init_config();
+function registerConfigCommands(program2) {
+  const config = program2.command("config").description("Configuration management");
+  config.command("set").description("Set a configuration value").requiredOption("--key <key>", "Config key (apiKey, baseUrl)").requiredOption("--value <value>", "Config value").action((opts) => {
+    try {
+      const allowedKeys = ["apiKey", "baseUrl"];
+      if (!allowedKeys.includes(opts.key)) {
+        throw new Error(`Invalid key "${opts.key}". Allowed: ${allowedKeys.join(", ")}`);
+      }
+      updateConfig({ [opts.key]: opts.value });
+      process.stdout.write(`Set ${opts.key} = ${opts.key === "apiKey" ? "***" : opts.value}
+`);
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  config.command("get").description("Show configuration").option("--key <key>", "Specific key to show").action((opts) => {
+    try {
+      const cfg = loadConfig();
+      if (opts.key) {
+        const value = cfg[opts.key];
+        if (value === void 0) {
+          process.stdout.write(`${opts.key}: (not set)
+`);
+        } else if (opts.key === "apiKey" && typeof value === "string") {
+          process.stdout.write(`${opts.key}: ${value.slice(0, 8)}...${value.slice(-4)}
+`);
+        } else {
+          process.stdout.write(`${opts.key}: ${JSON.stringify(value)}
+`);
+        }
+      } else {
+        const display = {
+          apiKey: cfg.apiKey ? `${cfg.apiKey.slice(0, 8)}...` : void 0,
+          baseUrl: cfg.baseUrl,
+          walletMode: getWalletMode(cfg),
+          turnkey: cfg.turnkey ? { organizationId: cfg.turnkey.organizationId } : void 0,
+          rawWallet: cfg.rawWallet ? { chain: cfg.rawWallet.chain } : void 0
+        };
+        process.stdout.write(JSON.stringify(display, null, 2) + "\n");
+      }
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+  config.command("auth").description("Show current authentication status").action(() => {
+    try {
+      const cfg = loadConfig();
+      const mode = getWalletMode(cfg);
+      if (mode === "turnkey") {
+        process.stdout.write(`Auth: Turnkey (org: ${cfg.turnkey.organizationId})
+`);
+        const expiry = new Date(cfg.turnkey.sessionExpiry * 1e3);
+        const expired = Date.now() > cfg.turnkey.sessionExpiry * 1e3;
+        process.stdout.write(`Session: ${expired ? "expired" : "active"} (expires: ${expiry.toISOString()})
+`);
+      } else if (mode === "raw") {
+        process.stdout.write(`Auth: Raw Key (${cfg.rawWallet.chain})
+`);
+      } else if (cfg.apiKey) {
+        process.stdout.write(`Auth: API Key (${cfg.apiKey.slice(0, 8)}...)
+`);
+      } else {
+        process.stdout.write("Auth: Not configured\n");
+        process.stdout.write("  Run: chainstream login           # Turnkey wallet\n");
+        process.stdout.write("  Run: chainstream config set apiKey <key>  # API key\n");
+      }
+    } catch (err) {
+      exitOnError(err);
+    }
+  });
+}
+
+// src/index.ts
+var program = new Command();
+program.name("chainstream").version("0.1.0").description("ChainStream CLI \u2014 on-chain data and DeFi execution for AI agents");
+registerTokenCommands(program);
+registerMarketCommands(program);
+registerWalletCommands(program);
+registerKytCommands(program);
+registerDexCommands(program);
+registerJobCommands(program);
+registerAuthCommands(program);
+registerConfigCommands(program);
+program.parseAsync().catch((err) => {
+  process.stderr.write(`[chainstream] ${err.message}
+`);
+  process.exit(1);
+});
+//# sourceMappingURL=index.js.map