@dev.sail.money/sailor 0.0.2-19 → 0.0.2-21

package/packages/cli/dist/index.cjs

@@ -35278,11 +35278,6 @@ function getChain(chainId) {
   return config;
 }
 
-// src/lib/io.ts
-var import_node_fs2 = __toESM(require("node:fs"), 1);
-var import_node_path = __toESM(require("node:path"), 1);
-var import_node_readline = require("node:readline");
-
 // ../sdk/dist/client.js
 init_esm2();
 
@@ -37727,6 +37722,46 @@ function buildSafeSetupInitializer(params) {
 function buildApprovedHashSignature(owner2) {
   return encodePacked(["bytes32", "bytes32", "uint8"], [pad(owner2, { size: 32 }), pad("0x", { size: 32 }), 1]);
 }
+var safeProxyFactoryAbi = [
+  {
+    type: "function",
+    name: "proxyCreationCode",
+    stateMutability: "pure",
+    inputs: [],
+    outputs: [{ name: "", type: "bytes" }]
+  }
+];
+function computeSafeProxyAddress(params) {
+  const { initializer, saltNonce, proxyCreationCode } = params;
+  const initCodeHash = keccak256(concat([
+    proxyCreationCode,
+    encodeAbiParameters([{ type: "address" }], [SAFE_V141.singletonL2])
+  ]));
+  const salt = keccak256(encodePacked(["bytes32", "uint256"], [keccak256(initializer), saltNonce]));
+  return getCreate2Address({
+    from: SAFE_V141.proxyFactory,
+    salt,
+    bytecodeHash: initCodeHash
+  });
+}
+function computeKernelBoundSalt(params) {
+  const { saltNonce, deployer, permissionSigner, manager, feePolicy } = params;
+  return BigInt(keccak256(encodeAbiParameters([
+    { type: "uint256" },
+    { type: "address" },
+    { type: "address" },
+    { type: "address" },
+    { type: "address" }
+  ], [saltNonce, deployer, permissionSigner, manager, feePolicy])));
+}
+function computeSailSmaAddress(params) {
+  const boundSalt = computeKernelBoundSalt(params);
+  return computeSafeProxyAddress({
+    initializer: params.initializer,
+    saltNonce: boundSalt,
+    proxyCreationCode: params.proxyCreationCode
+  });
+}
 function encodeSetManager(newManager) {
   return encodeFunctionData({
     abi: setManagerAbi,
@@ -37832,195 +37867,551 @@ async function estimatePermissionFee(publicClient, governance, permission) {
 var SAIL_INTELLIGENCE_BASE_URL = "https://api.sail.money";
 var SAIL_INTELLIGENCE_DOCS_URL = "https://api.sail.money/docs";
 
-// src/lib/io.ts
+// src/commands/account.ts
 init_esm2();
-function sailDir() {
-  return import_node_path.default.join(process.cwd(), ".sail");
-}
-function sailPath(...segments) {
-  return import_node_path.default.join(sailDir(), ...segments);
-}
-function readJsonFile(filePath) {
-  try {
-    return JSON.parse(import_node_fs2.default.readFileSync(filePath, "utf-8"));
-  } catch {
-    return null;
+
+// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/op-stack/contracts.js
+var contracts = {
+  gasPriceOracle: { address: "0x420000000000000000000000000000000000000F" },
+  l1Block: { address: "0x4200000000000000000000000000000000000015" },
+  l2CrossDomainMessenger: {
+    address: "0x4200000000000000000000000000000000000007"
+  },
+  l2Erc721Bridge: { address: "0x4200000000000000000000000000000000000014" },
+  l2StandardBridge: { address: "0x4200000000000000000000000000000000000010" },
+  l2ToL1MessagePasser: {
+    address: "0x4200000000000000000000000000000000000016"
   }
+};
+
+// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/op-stack/formatters.js
+init_fromHex();
+init_block2();
+init_transaction2();
+init_transactionReceipt();
+var formatters = {
+  block: /* @__PURE__ */ defineBlock({
+    format(args) {
+      const transactions = args.transactions?.map((transaction) => {
+        if (typeof transaction === "string")
+          return transaction;
+        const formatted = formatTransaction(transaction);
+        if (formatted.typeHex === "0x7e") {
+          formatted.isSystemTx = transaction.isSystemTx;
+          formatted.mint = transaction.mint ? hexToBigInt(transaction.mint) : void 0;
+          formatted.sourceHash = transaction.sourceHash;
+          formatted.type = "deposit";
+        }
+        return formatted;
+      });
+      return {
+        transactions,
+        stateRoot: args.stateRoot
+      };
+    }
+  }),
+  transaction: /* @__PURE__ */ defineTransaction({
+    format(args) {
+      const transaction = {};
+      if (args.type === "0x7e") {
+        transaction.isSystemTx = args.isSystemTx;
+        transaction.mint = args.mint ? hexToBigInt(args.mint) : void 0;
+        transaction.sourceHash = args.sourceHash;
+        transaction.type = "deposit";
+      }
+      return transaction;
+    }
+  }),
+  transactionReceipt: /* @__PURE__ */ defineTransactionReceipt({
+    format(args) {
+      return {
+        l1GasPrice: args.l1GasPrice ? hexToBigInt(args.l1GasPrice) : null,
+        l1GasUsed: args.l1GasUsed ? hexToBigInt(args.l1GasUsed) : null,
+        l1Fee: args.l1Fee ? hexToBigInt(args.l1Fee) : null,
+        l1FeeScalar: args.l1FeeScalar ? Number(args.l1FeeScalar) : null
+      };
+    }
+  })
+};
+
+// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/op-stack/serializers.js
+init_address();
+init_isAddress();
+init_concat();
+init_toHex();
+init_toRlp();
+init_serializeTransaction();
+function serializeTransaction2(transaction, signature) {
+  if (isDeposit(transaction))
+    return serializeTransactionDeposit(transaction);
+  return serializeTransaction(transaction, signature);
 }
-function writeJsonFile(filePath, data) {
-  import_node_fs2.default.mkdirSync(import_node_path.default.dirname(filePath), { recursive: true });
-  import_node_fs2.default.writeFileSync(filePath, `${JSON.stringify(data, null, 2)}
-`);
+var serializers = {
+  transaction: serializeTransaction2
+};
+function serializeTransactionDeposit(transaction) {
+  assertTransactionDeposit(transaction);
+  const { sourceHash, data, from: from14, gas, isSystemTx, mint, to, value } = transaction;
+  const serializedTransaction = [
+    sourceHash,
+    from14,
+    to ?? "0x",
+    mint ? toHex(mint) : "0x",
+    value ? toHex(value) : "0x",
+    gas ? toHex(gas) : "0x",
+    isSystemTx ? "0x1" : "0x",
+    data ?? "0x"
+  ];
+  return concatHex([
+    "0x7e",
+    toRlp(serializedTransaction)
+  ]);
 }
-function fileExists(filePath) {
-  return import_node_fs2.default.existsSync(filePath);
+function isDeposit(transaction) {
+  if (transaction.type === "deposit")
+    return true;
+  if (typeof transaction.sourceHash !== "undefined")
+    return true;
+  return false;
 }
-function nowIso() {
-  return `${(/* @__PURE__ */ new Date()).toISOString().slice(0, 19)}Z`;
+function assertTransactionDeposit(transaction) {
+  const { from: from14, to } = transaction;
+  if (from14 && !isAddress(from14))
+    throw new InvalidAddressError({ address: from14 });
+  if (to && !isAddress(to))
+    throw new InvalidAddressError({ address: to });
 }
-function appendActivity(event, baseSailDir = sailDir()) {
-  const filePath = import_node_path.default.join(baseSailDir, "activity.jsonl");
-  import_node_fs2.default.mkdirSync(import_node_path.default.dirname(filePath), { recursive: true });
-  let tagged = event;
-  if (!("safe" in event)) {
-    try {
-      const account2 = JSON.parse(
-        import_node_fs2.default.readFileSync(import_node_path.default.join(baseSailDir, "account.json"), "utf-8")
-      );
-      if (account2?.safe) tagged = { ...event, safe: account2.safe };
-    } catch {
+
+// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/op-stack/chainConfig.js
+var chainConfig = {
+  blockTime: 2e3,
+  contracts,
+  formatters,
+  serializers
+};
+
+// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/chains/definitions/arbitrum.js
+init_defineChain();
+var arbitrum = /* @__PURE__ */ defineChain({
+  id: 42161,
+  name: "Arbitrum One",
+  nativeCurrency: { name: "Ether", symbol: "ETH", decimals: 18 },
+  blockTime: 250,
+  rpcUrls: {
+    default: {
+      http: ["https://arb1.arbitrum.io/rpc"]
     }
-  }
-  import_node_fs2.default.appendFileSync(filePath, `${JSON.stringify(tagged)}
-`);
-}
-function parseEnvFile(filePath) {
-  const out = {};
-  if (!import_node_fs2.default.existsSync(filePath)) return out;
-  for (const rawLine of import_node_fs2.default.readFileSync(filePath, "utf-8").split("\n")) {
-    const line = rawLine.trim();
-    if (line === "" || line.startsWith("#")) continue;
-    const eq = line.indexOf("=");
-    if (eq < 0) continue;
-    const key = line.slice(0, eq).trim();
-    let value = line.slice(eq + 1).trim();
-    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
-      value = value.slice(1, -1);
+  },
+  blockExplorers: {
+    default: {
+      name: "Arbiscan",
+      url: "https://arbiscan.io",
+      apiUrl: "https://api.arbiscan.io/api"
+    }
+  },
+  contracts: {
+    multicall3: {
+      address: "0xca11bde05977b3631167028862be2a173976ca11",
+      blockCreated: 7654707
     }
-    out[key] = value;
-  }
-  return out;
-}
-function checksum4(address) {
-  return getAddress(address);
-}
-function makeClient(chainId) {
-  const env = parseEnvFile(sailPath(".env.local"));
-  const rpcUrl = env["RPC_URL"] ?? process.env["RPC_URL"] ?? "http://localhost:8545";
-  return new SailorClient({ rpcUrl, chainId });
-}
-var sharedRl = null;
-var muted = false;
-var lineQueue = [];
-var waiters = [];
-var inputClosed = false;
-function getRl() {
-  if (sharedRl) return sharedRl;
-  const isTty = process.stdin.isTTY === true;
-  const rl = (0, import_node_readline.createInterface)({ input: process.stdin, output: process.stdout, terminal: isTty });
-  if (isTty) {
-    const muteable = rl;
-    const original = muteable._writeToOutput.bind(rl);
-    muteable._writeToOutput = (text) => {
-      if (!muted) original(text);
-    };
   }
-  rl.on("line", (line) => {
-    const waiter = waiters.shift();
-    if (waiter) waiter(line);
-    else lineQueue.push(line);
-  });
-  rl.on("close", () => {
-    inputClosed = true;
-    while (waiters.length > 0) {
-      const waiter = waiters.shift();
-      waiter?.("");
+});
+
+// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/chains/definitions/base.js
+init_defineChain();
+var sourceId = 1;
+var base = /* @__PURE__ */ defineChain({
+  ...chainConfig,
+  id: 8453,
+  name: "Base",
+  nativeCurrency: { name: "Ether", symbol: "ETH", decimals: 18 },
+  rpcUrls: {
+    default: {
+      http: ["https://mainnet.base.org"]
     }
-  });
-  sharedRl = rl;
-  return rl;
-}
-function ask(query) {
-  getRl();
-  process.stdout.write(query);
-  return new Promise((resolve3) => {
-    const buffered = lineQueue.shift();
-    if (buffered !== void 0) {
-      resolve3(buffered);
-    } else if (inputClosed) {
-      resolve3("");
-    } else {
-      waiters.push(resolve3);
+  },
+  blockExplorers: {
+    default: {
+      name: "Basescan",
+      url: "https://basescan.org",
+      apiUrl: "https://api.basescan.org/api"
+    }
+  },
+  contracts: {
+    ...chainConfig.contracts,
+    disputeGameFactory: {
+      [sourceId]: {
+        address: "0x43edB88C4B80fDD2AdFF2412A7BebF9dF42cB40e"
+      }
+    },
+    l2OutputOracle: {
+      [sourceId]: {
+        address: "0x56315b90c40730925ec5485cf004d835058518A0"
+      }
+    },
+    multicall3: {
+      address: "0xca11bde05977b3631167028862be2a173976ca11",
+      blockCreated: 5022
+    },
+    portal: {
+      [sourceId]: {
+        address: "0x49048044D57e1C92A77f79988d21Fa8fAF74E97e",
+        blockCreated: 17482143
+      }
+    },
+    l1StandardBridge: {
+      [sourceId]: {
+        address: "0x3154Cf16ccdb4C6d922629664174b904d80F2C35",
+        blockCreated: 17482143
+      }
+    }
+  },
+  sourceId
+});
+var basePreconf = /* @__PURE__ */ defineChain({
+  ...base,
+  experimental_preconfirmationTime: 200,
+  rpcUrls: {
+    default: {
+      http: ["https://mainnet-preconf.base.org"]
     }
-  });
-}
-function closePrompts() {
-  if (sharedRl) {
-    sharedRl.close();
-    sharedRl = null;
-  }
-}
-async function prompt(question, def) {
-  const suffix = def !== void 0 ? ` (${def})` : "";
-  const answer = await ask(`${question}${suffix}: `);
-  const trimmed = answer.trim();
-  return trimmed === "" && def !== void 0 ? def : trimmed;
-}
-async function confirm(question) {
-  const answer = (await prompt(`${question} (y/N)`)).toLowerCase();
-  return answer === "y" || answer === "yes";
-}
-async function promptAddress(label, def) {
-  for (let attempt = 0; attempt < 5; attempt++) {
-    const raw = await prompt(label, def);
-    if (isAddress(raw)) return getAddress(raw);
-    console.log(`  "${raw}" is not a valid EVM address \u2014 try again.`);
-  }
-  throw new Error(`No valid address provided for: ${label}`);
-}
-async function promptHidden(question) {
-  const isTty = process.stdin.isTTY === true;
-  if (isTty) muted = true;
-  const answer = await ask(`${question}: `);
-  if (isTty) {
-    muted = false;
-    process.stdout.write("\n");
   }
-  return answer;
-}
+});
 
-// src/lib/keys.ts
-var ROLES = ["manager", "permissionSigner"];
-function normalizeRole(input) {
-  const n = input.trim().toLowerCase().replace(/[-_\s]/g, "");
-  if (n === "manager" || n === "mgr" || n === "m" || n === "agent" || n === "agentwallet") {
-    return "manager";
-  }
-  if (n === "permissionsigner" || n === "signer" || n === "ps" || n === "permission" || n === "mandatesigner" || n === "mandate") {
-    return "permissionSigner";
+// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/chains/definitions/baseSepolia.js
+init_defineChain();
+var sourceId2 = 11155111;
+var baseSepolia = /* @__PURE__ */ defineChain({
+  ...chainConfig,
+  id: 84532,
+  network: "base-sepolia",
+  name: "Base Sepolia",
+  nativeCurrency: { name: "Sepolia Ether", symbol: "ETH", decimals: 18 },
+  rpcUrls: {
+    default: {
+      http: ["https://sepolia.base.org"]
+    }
+  },
+  blockExplorers: {
+    default: {
+      name: "Basescan",
+      url: "https://sepolia.basescan.org",
+      apiUrl: "https://api-sepolia.basescan.org/api"
+    }
+  },
+  contracts: {
+    ...chainConfig.contracts,
+    disputeGameFactory: {
+      [sourceId2]: {
+        address: "0xd6E6dBf4F7EA0ac412fD8b65ED297e64BB7a06E1"
+      }
+    },
+    l2OutputOracle: {
+      [sourceId2]: {
+        address: "0x84457ca9D0163FbC4bbfe4Dfbb20ba46e48DF254"
+      }
+    },
+    portal: {
+      [sourceId2]: {
+        address: "0x49f53e41452c74589e85ca1677426ba426459e85",
+        blockCreated: 4446677
+      }
+    },
+    l1StandardBridge: {
+      [sourceId2]: {
+        address: "0xfd0Bf71F60660E2f608ed56e1659C450eB113120",
+        blockCreated: 4446677
+      }
+    },
+    multicall3: {
+      address: "0xca11bde05977b3631167028862be2a173976ca11",
+      blockCreated: 1059647
+    }
+  },
+  testnet: true,
+  sourceId: sourceId2
+});
+var baseSepoliaPreconf = /* @__PURE__ */ defineChain({
+  ...baseSepolia,
+  experimental_preconfirmationTime: 200,
+  rpcUrls: {
+    default: {
+      http: ["https://sepolia-preconf.base.org"]
+    }
   }
-  return null;
-}
-function roleLabel(role) {
-  return role === "manager" ? "agent wallet" : "mandate signer";
+});
+
+// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/chains/definitions/unichain.js
+init_defineChain();
+var sourceId3 = 1;
+var unichain = /* @__PURE__ */ defineChain({
+  ...chainConfig,
+  id: 130,
+  name: "Unichain",
+  nativeCurrency: { name: "Ether", symbol: "ETH", decimals: 18 },
+  blockTime: 1e3,
+  rpcUrls: {
+    default: {
+      http: ["https://mainnet.unichain.org/"]
+    }
+  },
+  blockExplorers: {
+    default: {
+      name: "Uniscan",
+      url: "https://uniscan.xyz",
+      apiUrl: "https://api.uniscan.xyz/api"
+    }
+  },
+  contracts: {
+    ...chainConfig.contracts,
+    multicall3: {
+      address: "0xca11bde05977b3631167028862be2a173976ca11",
+      blockCreated: 0
+    },
+    disputeGameFactory: {
+      [sourceId3]: {
+        address: "0x2F12d621a16e2d3285929C9996f478508951dFe4"
+      }
+    },
+    portal: {
+      [sourceId3]: {
+        address: "0x0bd48f6B86a26D3a217d0Fa6FfE2B491B956A7a2"
+      }
+    },
+    l1StandardBridge: {
+      [sourceId3]: {
+        address: "0x81014F44b0a345033bB2b3B21C7a1A308B35fEeA"
+      }
+    }
+  },
+  sourceId: sourceId3
+});
+
+// src/lib/io.ts
+var import_node_fs2 = __toESM(require("node:fs"), 1);
+var import_node_path = __toESM(require("node:path"), 1);
+var import_node_readline = require("node:readline");
+init_esm2();
+function sailDir() {
+  return import_node_path.default.join(process.cwd(), ".sail");
 }
-function safeHex(safe) {
-  return safe.toLowerCase().replace(/^0x/, "").replace(/[^0-9a-f]/g, "");
+function sailPath(...segments) {
+  return import_node_path.default.join(sailDir(), ...segments);
 }
-function keyPath(role, safe) {
-  if (safe) {
-    return sailPath("keys", `${role}-0x${safeHex(safe)}.json`);
+function readJsonFile(filePath) {
+  try {
+    return JSON.parse(import_node_fs2.default.readFileSync(filePath, "utf-8"));
+  } catch {
+    return null;
   }
-  return sailPath("keys", `${role}.json`);
 }
-function legacyKeyPath(role, safe) {
-  return sailPath("keys", `${role}-${safeHex(safe)}.json`);
+function writeJsonFile(filePath, data) {
+  import_node_fs2.default.mkdirSync(import_node_path.default.dirname(filePath), { recursive: true });
+  import_node_fs2.default.writeFileSync(filePath, `${JSON.stringify(data, null, 2)}
+`);
 }
-function resolveKeyPath(role, safe) {
-  if (safe) {
-    const perSma = keyPath(role, safe);
-    if (fileExists(perSma)) return perSma;
-    const legacy = legacyKeyPath(role, safe);
-    if (fileExists(legacy)) return legacy;
-  }
-  return keyPath(role);
+function fileExists(filePath) {
+  return import_node_fs2.default.existsSync(filePath);
 }
-function keyExists(role, safe) {
-  return fileExists(resolveKeyPath(role, safe));
+function nowIso() {
+  return `${(/* @__PURE__ */ new Date()).toISOString().slice(0, 19)}Z`;
 }
-async function loadKeyring(role, safe) {
-  const keystore = readJsonFile(resolveKeyPath(role, safe));
-  if (!keystore) {
+function appendActivity(event, baseSailDir = sailDir()) {
+  const filePath = import_node_path.default.join(baseSailDir, "activity.jsonl");
+  import_node_fs2.default.mkdirSync(import_node_path.default.dirname(filePath), { recursive: true });
+  let tagged = event;
+  if (!("safe" in event)) {
+    try {
+      const account2 = JSON.parse(
+        import_node_fs2.default.readFileSync(import_node_path.default.join(baseSailDir, "account.json"), "utf-8")
+      );
+      if (account2?.safe) tagged = { ...event, safe: account2.safe };
+    } catch {
+    }
+  }
+  import_node_fs2.default.appendFileSync(filePath, `${JSON.stringify(tagged)}
+`);
+}
+function parseEnvFile(filePath) {
+  const out = {};
+  if (!import_node_fs2.default.existsSync(filePath)) return out;
+  for (const rawLine of import_node_fs2.default.readFileSync(filePath, "utf-8").split("\n")) {
+    const line = rawLine.trim();
+    if (line === "" || line.startsWith("#")) continue;
+    const eq = line.indexOf("=");
+    if (eq < 0) continue;
+    const key = line.slice(0, eq).trim();
+    let value = line.slice(eq + 1).trim();
+    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
+      value = value.slice(1, -1);
+    }
+    out[key] = value;
+  }
+  return out;
+}
+function checksum4(address) {
+  return getAddress(address);
+}
+function makeClient(chainId) {
+  const env = parseEnvFile(sailPath(".env.local"));
+  const rpcUrl = env["RPC_URL"] ?? process.env["RPC_URL"] ?? "http://localhost:8545";
+  return new SailorClient({ rpcUrl, chainId });
+}
+var sharedRl = null;
+var muted = false;
+var lineQueue = [];
+var waiters = [];
+var inputClosed = false;
+function getRl() {
+  if (sharedRl) return sharedRl;
+  const isTty = process.stdin.isTTY === true;
+  const rl = (0, import_node_readline.createInterface)({ input: process.stdin, output: process.stdout, terminal: isTty });
+  if (isTty) {
+    const muteable = rl;
+    const original = muteable._writeToOutput.bind(rl);
+    muteable._writeToOutput = (text) => {
+      if (!muted) original(text);
+    };
+  }
+  rl.on("line", (line) => {
+    const waiter = waiters.shift();
+    if (waiter) waiter(line);
+    else lineQueue.push(line);
+  });
+  rl.on("close", () => {
+    inputClosed = true;
+    while (waiters.length > 0) {
+      const waiter = waiters.shift();
+      waiter?.("");
+    }
+  });
+  sharedRl = rl;
+  return rl;
+}
+function ask(query) {
+  getRl();
+  process.stdout.write(query);
+  return new Promise((resolve3) => {
+    const buffered = lineQueue.shift();
+    if (buffered !== void 0) {
+      resolve3(buffered);
+    } else if (inputClosed) {
+      resolve3("");
+    } else {
+      waiters.push(resolve3);
+    }
+  });
+}
+function closePrompts() {
+  if (sharedRl) {
+    sharedRl.close();
+    sharedRl = null;
+  }
+}
+async function prompt(question, def) {
+  const suffix = def !== void 0 ? ` (${def})` : "";
+  const answer = await ask(`${question}${suffix}: `);
+  const trimmed = answer.trim();
+  return trimmed === "" && def !== void 0 ? def : trimmed;
+}
+async function confirm(question) {
+  const answer = (await prompt(`${question} (y/N)`)).toLowerCase();
+  return answer === "y" || answer === "yes";
+}
+async function promptAddress(label, def) {
+  for (let attempt = 0; attempt < 5; attempt++) {
+    const raw = await prompt(label, def);
+    if (isAddress(raw)) return getAddress(raw);
+    console.log(`  "${raw}" is not a valid EVM address \u2014 try again.`);
+  }
+  throw new Error(`No valid address provided for: ${label}`);
+}
+async function promptHidden(question) {
+  const isTty = process.stdin.isTTY === true;
+  if (isTty) muted = true;
+  const answer = await ask(`${question}: `);
+  if (isTty) {
+    muted = false;
+    process.stdout.write("\n");
+  }
+  return answer;
+}
+
+// src/lib/chain.ts
+var CHAINS = {
+  8453: base,
+  84532: baseSepolia,
+  42161: arbitrum,
+  130: unichain
+};
+function getChainById(chainId) {
+  const chain2 = CHAINS[chainId];
+  if (!chain2) {
+    throw new Error(
+      `Unsupported chainId: ${chainId}. Supported: 8453 (Base), 84532 (Base Sepolia), 42161 (Arbitrum), 130 (Unichain)`
+    );
+  }
+  return chain2;
+}
+var RPC_ENV_VARS = {
+  8453: "BASE_RPC_URL",
+  84532: "BASE_SEPOLIA_RPC_URL",
+  42161: "ARBITRUM_RPC_URL",
+  130: "UNICHAIN_RPC_URL"
+};
+function getRpcUrl(chainId) {
+  const env = parseEnvFile(sailPath(".env.local"));
+  const fromProject = env.RPC_URL;
+  if (fromProject?.trim()) return fromProject.trim();
+  const perChain = RPC_ENV_VARS[chainId];
+  const fromPerChain = perChain ? process.env[perChain] : void 0;
+  if (fromPerChain?.trim()) return fromPerChain.trim();
+  const fromEnv = process.env.RPC_URL;
+  return fromEnv?.trim() ? fromEnv.trim() : void 0;
+}
+
+// src/lib/keys.ts
+var ROLES = ["manager", "permissionSigner"];
+function normalizeRole(input) {
+  const n = input.trim().toLowerCase().replace(/[-_\s]/g, "");
+  if (n === "manager" || n === "mgr" || n === "m" || n === "agent" || n === "agentwallet") {
+    return "manager";
+  }
+  if (n === "permissionsigner" || n === "signer" || n === "ps" || n === "permission" || n === "mandatesigner" || n === "mandate") {
+    return "permissionSigner";
+  }
+  return null;
+}
+function roleLabel(role) {
+  return role === "manager" ? "agent wallet" : "mandate signer";
+}
+function safeHex(safe) {
+  return safe.toLowerCase().replace(/^0x/, "").replace(/[^0-9a-f]/g, "");
+}
+function keyPath(role, safe) {
+  if (safe) {
+    return sailPath("keys", `${role}-0x${safeHex(safe)}.json`);
+  }
+  return sailPath("keys", `${role}.json`);
+}
+function legacyKeyPath(role, safe) {
+  return sailPath("keys", `${role}-${safeHex(safe)}.json`);
+}
+function resolveKeyPath(role, safe) {
+  if (safe) {
+    const perSma = keyPath(role, safe);
+    if (fileExists(perSma)) return perSma;
+    const legacy = legacyKeyPath(role, safe);
+    if (fileExists(legacy)) return legacy;
+  }
+  return keyPath(role);
+}
+function keyExists(role, safe) {
+  return fileExists(resolveKeyPath(role, safe));
+}
+async function loadKeyring(role, safe) {
+  const keystore = readJsonFile(resolveKeyPath(role, safe));
+  if (!keystore) {
     throw new Error(
       `No ${roleLabel(role)} found.
 Run "sailor keys generate" and choose "${roleLabel(role)}" first.`
@@ -38157,360 +38548,136 @@ SMA created. Address: ${stored.safe}`);
       console.log(
         "\nOn-chain account creation is not wired up in this build yet \u2014\nclient.account.create is a stub until SailKernel is deployed and the\nSDK is connected. Nothing was created on-chain."
       );
-      return;
-    }
-    throw err;
-  }
-}
-
-// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/op-stack/contracts.js
-var contracts = {
-  gasPriceOracle: { address: "0x420000000000000000000000000000000000000F" },
-  l1Block: { address: "0x4200000000000000000000000000000000000015" },
-  l2CrossDomainMessenger: {
-    address: "0x4200000000000000000000000000000000000007"
-  },
-  l2Erc721Bridge: { address: "0x4200000000000000000000000000000000000014" },
-  l2StandardBridge: { address: "0x4200000000000000000000000000000000000010" },
-  l2ToL1MessagePasser: {
-    address: "0x4200000000000000000000000000000000000016"
-  }
-};
-
-// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/op-stack/formatters.js
-init_fromHex();
-init_block2();
-init_transaction2();
-init_transactionReceipt();
-var formatters = {
-  block: /* @__PURE__ */ defineBlock({
-    format(args) {
-      const transactions = args.transactions?.map((transaction) => {
-        if (typeof transaction === "string")
-          return transaction;
-        const formatted = formatTransaction(transaction);
-        if (formatted.typeHex === "0x7e") {
-          formatted.isSystemTx = transaction.isSystemTx;
-          formatted.mint = transaction.mint ? hexToBigInt(transaction.mint) : void 0;
-          formatted.sourceHash = transaction.sourceHash;
-          formatted.type = "deposit";
-        }
-        return formatted;
-      });
-      return {
-        transactions,
-        stateRoot: args.stateRoot
-      };
-    }
-  }),
-  transaction: /* @__PURE__ */ defineTransaction({
-    format(args) {
-      const transaction = {};
-      if (args.type === "0x7e") {
-        transaction.isSystemTx = args.isSystemTx;
-        transaction.mint = args.mint ? hexToBigInt(args.mint) : void 0;
-        transaction.sourceHash = args.sourceHash;
-        transaction.type = "deposit";
-      }
-      return transaction;
-    }
-  }),
-  transactionReceipt: /* @__PURE__ */ defineTransactionReceipt({
-    format(args) {
-      return {
-        l1GasPrice: args.l1GasPrice ? hexToBigInt(args.l1GasPrice) : null,
-        l1GasUsed: args.l1GasUsed ? hexToBigInt(args.l1GasUsed) : null,
-        l1Fee: args.l1Fee ? hexToBigInt(args.l1Fee) : null,
-        l1FeeScalar: args.l1FeeScalar ? Number(args.l1FeeScalar) : null
-      };
-    }
-  })
-};
-
-// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/op-stack/serializers.js
-init_address();
-init_isAddress();
-init_concat();
-init_toHex();
-init_toRlp();
-init_serializeTransaction();
-function serializeTransaction2(transaction, signature) {
-  if (isDeposit(transaction))
-    return serializeTransactionDeposit(transaction);
-  return serializeTransaction(transaction, signature);
-}
-var serializers = {
-  transaction: serializeTransaction2
-};
-function serializeTransactionDeposit(transaction) {
-  assertTransactionDeposit(transaction);
-  const { sourceHash, data, from: from14, gas, isSystemTx, mint, to, value } = transaction;
-  const serializedTransaction = [
-    sourceHash,
-    from14,
-    to ?? "0x",
-    mint ? toHex(mint) : "0x",
-    value ? toHex(value) : "0x",
-    gas ? toHex(gas) : "0x",
-    isSystemTx ? "0x1" : "0x",
-    data ?? "0x"
-  ];
-  return concatHex([
-    "0x7e",
-    toRlp(serializedTransaction)
-  ]);
-}
-function isDeposit(transaction) {
-  if (transaction.type === "deposit")
-    return true;
-  if (typeof transaction.sourceHash !== "undefined")
-    return true;
-  return false;
-}
-function assertTransactionDeposit(transaction) {
-  const { from: from14, to } = transaction;
-  if (from14 && !isAddress(from14))
-    throw new InvalidAddressError({ address: from14 });
-  if (to && !isAddress(to))
-    throw new InvalidAddressError({ address: to });
-}
-
-// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/op-stack/chainConfig.js
-var chainConfig = {
-  blockTime: 2e3,
-  contracts,
-  formatters,
-  serializers
-};
-
-// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/chains/definitions/arbitrum.js
-init_defineChain();
-var arbitrum = /* @__PURE__ */ defineChain({
-  id: 42161,
-  name: "Arbitrum One",
-  nativeCurrency: { name: "Ether", symbol: "ETH", decimals: 18 },
-  blockTime: 250,
-  rpcUrls: {
-    default: {
-      http: ["https://arb1.arbitrum.io/rpc"]
-    }
-  },
-  blockExplorers: {
-    default: {
-      name: "Arbiscan",
-      url: "https://arbiscan.io",
-      apiUrl: "https://api.arbiscan.io/api"
-    }
-  },
-  contracts: {
-    multicall3: {
-      address: "0xca11bde05977b3631167028862be2a173976ca11",
-      blockCreated: 7654707
-    }
-  }
-});
-
-// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/chains/definitions/base.js
-init_defineChain();
-var sourceId = 1;
-var base = /* @__PURE__ */ defineChain({
-  ...chainConfig,
-  id: 8453,
-  name: "Base",
-  nativeCurrency: { name: "Ether", symbol: "ETH", decimals: 18 },
-  rpcUrls: {
-    default: {
-      http: ["https://mainnet.base.org"]
-    }
-  },
-  blockExplorers: {
-    default: {
-      name: "Basescan",
-      url: "https://basescan.org",
-      apiUrl: "https://api.basescan.org/api"
-    }
-  },
-  contracts: {
-    ...chainConfig.contracts,
-    disputeGameFactory: {
-      [sourceId]: {
-        address: "0x43edB88C4B80fDD2AdFF2412A7BebF9dF42cB40e"
-      }
-    },
-    l2OutputOracle: {
-      [sourceId]: {
-        address: "0x56315b90c40730925ec5485cf004d835058518A0"
-      }
-    },
-    multicall3: {
-      address: "0xca11bde05977b3631167028862be2a173976ca11",
-      blockCreated: 5022
-    },
-    portal: {
-      [sourceId]: {
-        address: "0x49048044D57e1C92A77f79988d21Fa8fAF74E97e",
-        blockCreated: 17482143
-      }
-    },
-    l1StandardBridge: {
-      [sourceId]: {
-        address: "0x3154Cf16ccdb4C6d922629664174b904d80F2C35",
-        blockCreated: 17482143
-      }
-    }
-  },
-  sourceId
-});
-var basePreconf = /* @__PURE__ */ defineChain({
-  ...base,
-  experimental_preconfirmationTime: 200,
-  rpcUrls: {
-    default: {
-      http: ["https://mainnet-preconf.base.org"]
-    }
-  }
-});
-
-// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/chains/definitions/baseSepolia.js
-init_defineChain();
-var sourceId2 = 11155111;
-var baseSepolia = /* @__PURE__ */ defineChain({
-  ...chainConfig,
-  id: 84532,
-  network: "base-sepolia",
-  name: "Base Sepolia",
-  nativeCurrency: { name: "Sepolia Ether", symbol: "ETH", decimals: 18 },
-  rpcUrls: {
-    default: {
-      http: ["https://sepolia.base.org"]
-    }
-  },
-  blockExplorers: {
-    default: {
-      name: "Basescan",
-      url: "https://sepolia.basescan.org",
-      apiUrl: "https://api-sepolia.basescan.org/api"
-    }
-  },
-  contracts: {
-    ...chainConfig.contracts,
-    disputeGameFactory: {
-      [sourceId2]: {
-        address: "0xd6E6dBf4F7EA0ac412fD8b65ED297e64BB7a06E1"
-      }
-    },
-    l2OutputOracle: {
-      [sourceId2]: {
-        address: "0x84457ca9D0163FbC4bbfe4Dfbb20ba46e48DF254"
-      }
-    },
-    portal: {
-      [sourceId2]: {
-        address: "0x49f53e41452c74589e85ca1677426ba426459e85",
-        blockCreated: 4446677
-      }
-    },
-    l1StandardBridge: {
-      [sourceId2]: {
-        address: "0xfd0Bf71F60660E2f608ed56e1659C450eB113120",
-        blockCreated: 4446677
-      }
-    },
-    multicall3: {
-      address: "0xca11bde05977b3631167028862be2a173976ca11",
-      blockCreated: 1059647
-    }
-  },
-  testnet: true,
-  sourceId: sourceId2
-});
-var baseSepoliaPreconf = /* @__PURE__ */ defineChain({
-  ...baseSepolia,
-  experimental_preconfirmationTime: 200,
-  rpcUrls: {
-    default: {
-      http: ["https://sepolia-preconf.base.org"]
-    }
-  }
-});
-
-// ../../node_modules/.pnpm/viem@2.51.3_bufferutil@4.1.0_typescript@5.9.3_utf-8-validate@5.0.10_zod@4.4.3/node_modules/viem/_esm/chains/definitions/unichain.js
-init_defineChain();
-var sourceId3 = 1;
-var unichain = /* @__PURE__ */ defineChain({
-  ...chainConfig,
-  id: 130,
-  name: "Unichain",
-  nativeCurrency: { name: "Ether", symbol: "ETH", decimals: 18 },
-  blockTime: 1e3,
-  rpcUrls: {
-    default: {
-      http: ["https://mainnet.unichain.org/"]
+      return;
     }
-  },
-  blockExplorers: {
-    default: {
-      name: "Uniscan",
-      url: "https://uniscan.xyz",
-      apiUrl: "https://api.uniscan.xyz/api"
+    throw err;
+  }
+}
+var SAIL_MAINNET_CHAINS = [8453, 42161, 130];
+async function fetchProxyCreationCode(preferredChainId) {
+  const rpcUrl = getRpcUrl(preferredChainId) ?? void 0;
+  const publicClient = createPublicClient({
+    chain: getChainById(preferredChainId),
+    transport: http(rpcUrl)
+  });
+  return await publicClient.readContract({
+    address: SAFE_V141.proxyFactory,
+    abi: safeProxyFactoryAbi,
+    functionName: "proxyCreationCode"
+  });
+}
+async function accountPredict(options) {
+  const stored = readJsonFile(sailPath("account.json"));
+  let ownerAddr;
+  if (options.owner) {
+    if (!isAddress(options.owner, { strict: false })) {
+      throw new Error(`Invalid --owner address: ${options.owner}`);
     }
-  },
-  contracts: {
-    ...chainConfig.contracts,
-    multicall3: {
-      address: "0xca11bde05977b3631167028862be2a173976ca11",
-      blockCreated: 0
-    },
-    disputeGameFactory: {
-      [sourceId3]: {
-        address: "0x2F12d621a16e2d3285929C9996f478508951dFe4"
-      }
-    },
-    portal: {
-      [sourceId3]: {
-        address: "0x0bd48f6B86a26D3a217d0Fa6FfE2B491B956A7a2"
-      }
-    },
-    l1StandardBridge: {
-      [sourceId3]: {
-        address: "0x81014F44b0a345033bB2b3B21C7a1A308B35fEeA"
-      }
+    ownerAddr = getAddress(options.owner);
+  } else {
+    if (!stored?.owner) {
+      throw new Error(
+        "No owner found in .sail/account.json. Pass --owner <address> or run sailor onboard first."
+      );
     }
-  },
-  sourceId: sourceId3
-});
-
-// src/lib/chain.ts
-var CHAINS = {
-  8453: base,
-  84532: baseSepolia,
-  42161: arbitrum,
-  130: unichain
-};
-function getChainById(chainId) {
-  const chain2 = CHAINS[chainId];
-  if (!chain2) {
+    ownerAddr = getAddress(stored.owner);
+  }
+  let managerAddr;
+  if (options.manager) {
+    if (!isAddress(options.manager, { strict: false })) {
+      throw new Error(`Invalid --manager address: ${options.manager}`);
+    }
+    managerAddr = getAddress(options.manager);
+  } else if (stored?.manager) {
+    managerAddr = getAddress(stored.manager);
+  } else {
     throw new Error(
-      `Unsupported chainId: ${chainId}. Supported: 8453 (Base), 84532 (Base Sepolia), 42161 (Arbitrum), 130 (Unichain)`
+      "The predicted address depends on the agent (manager) wallet, which is mixed into the kernel's CREATE2 salt.\nPass --manager <agent address> (create one first with `sailor keys`), or run after onboarding so it can be read from .sail/account.json."
     );
   }
-  return chain2;
-}
-var RPC_ENV_VARS = {
-  8453: "BASE_RPC_URL",
-  84532: "BASE_SEPOLIA_RPC_URL",
-  42161: "ARBITRUM_RPC_URL",
-  130: "UNICHAIN_RPC_URL"
-};
-function getRpcUrl(chainId) {
-  const env = parseEnvFile(sailPath(".env.local"));
-  const fromProject = env.RPC_URL;
-  if (fromProject?.trim()) return fromProject.trim();
-  const perChain = RPC_ENV_VARS[chainId];
-  const fromPerChain = perChain ? process.env[perChain] : void 0;
-  if (fromPerChain?.trim()) return fromPerChain.trim();
-  const fromEnv = process.env.RPC_URL;
-  return fromEnv?.trim() ? fromEnv.trim() : void 0;
+  const saltNonce = options.salt != null ? BigInt(options.salt) : 0n;
+  let chainIds;
+  if (options.chain) {
+    const chainId = Number(options.chain);
+    if (!(chainId in sailDeployments)) {
+      throw new Error(
+        `Chain ${chainId} has no Sail Protocol deployment. Supported: ${Object.keys(sailDeployments).join(", ")}`
+      );
+    }
+    chainIds = [chainId];
+  } else {
+    chainIds = SAIL_MAINNET_CHAINS;
+  }
+  const firstChain = chainIds[0];
+  const proxyCreationCode = await fetchProxyCreationCode(firstChain);
+  const results = chainIds.map((chainId) => {
+    const deployment = sailDeployments[chainId];
+    const viemChain = getChainById(chainId);
+    const initializer = buildSafeSetupInitializer({
+      owners: [ownerAddr],
+      threshold: 1n,
+      kernel: deployment.kernel,
+      safeModuleEnabler: deployment.safeModuleEnabler
+    });
+    const predictedAddress = computeSailSmaAddress({
+      initializer,
+      saltNonce,
+      deployer: ownerAddr,
+      permissionSigner: ownerAddr,
+      manager: managerAddr,
+      feePolicy: deployment.standardFeePolicy,
+      proxyCreationCode
+    });
+    return {
+      chainId,
+      name: viemChain.name,
+      predictedAddress,
+      kernel: deployment.kernel,
+      safeModuleEnabler: deployment.safeModuleEnabler
+    };
+  });
+  const uniqueAddresses = new Set(results.map((r) => r.predictedAddress.toLowerCase()));
+  const allSame = uniqueAddresses.size === 1;
+  if (options.json) {
+    console.log(
+      JSON.stringify(
+        {
+          salt: saltNonce.toString(),
+          owner: ownerAddr,
+          manager: managerAddr,
+          chains: results.map(({ chainId, name, predictedAddress }) => ({
+            chainId,
+            name,
+            predictedAddress
+          })),
+          allSame,
+          note: allSame ? "All chains produce the same address with this salt, owner, and manager." : "Addresses differ per chain because the kernel salt binds the chain-specific fee policy and the Safe initializer encodes chain-specific contract addresses (kernel, safeModuleEnabler). Cross-chain same-address requires deterministic protocol deployment or a registerExisting() flow."
+        },
+        null,
+        2
+      )
+    );
+    return;
+  }
+  console.log("\nPredicted Safe addresses");
+  console.log(`  Owner:   ${ownerAddr}`);
+  console.log(`  Manager: ${managerAddr}`);
+  console.log(`  Salt:    ${saltNonce}`);
+  console.log("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+  for (const { chainId, name, predictedAddress } of results) {
+    console.log(`  ${name.padEnd(14)} (${String(chainId).padEnd(5)}):  ${predictedAddress}`);
+  }
+  console.log("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+  if (allSame) {
+    console.log("\u2713 All chains produce the same address.");
+  } else {
+    console.log("\n\u26A0  Addresses differ across chains.");
+    console.log(
+      "   Root cause: SailKernel.createAccount binds the CREATE2 salt as\n   keccak256(saltNonce, deployer, permissionSigner, manager, feePolicy),\n   then SafeProxyFactory derives the address from that bound salt and the\n   Safe initializer. Both the fee policy and the initializer (kernel,\n   safeModuleEnabler) are chain-specific, so each chain yields a different\n   address even with the same owner, manager, and salt.\n\n   For cross-chain same-address the Sail Protocol needs one of:\n   A) Deterministic (CREATE2) deployment of kernel + safeModuleEnabler +\n      fee policy so they land at the same address on every chain.\n   B) A registerExisting() path allowing a plain Safe (deployed with a\n      chain-agnostic initializer) to be registered with the kernel."
+    );
+  }
+  console.log(`
+To deploy on this chain: sailor onboard --new-sma --salt ${saltNonce}`);
 }
 
 // src/lib/output.ts
@@ -38714,6 +38881,16 @@ async function capabilities(options = {}) {
 // src/commands/doctor.ts
 init_esm2();
 
+// src/lib/contract-check.ts
+async function checkContractExists(pc, address) {
+  try {
+    const code = await pc.getCode({ address });
+    return { address, hasCode: !!code && code !== "0x" };
+  } catch (err) {
+    return { address, hasCode: false, error: err.message.split("\n")[0] };
+  }
+}
+
 // src/lib/permission-resolver.ts
 var IPERMISSION_ABI = [
   {
@@ -38740,20 +38917,39 @@ var IPERMISSION_ABI = [
     outputs: [{ type: "bool" }]
   }
 ];
-async function resolvePermissionForCall(params) {
-  const { publicClient, account: account2, manager, call: call2, registeredPermissions, blockInfo } = params;
+function buildPermissionContext(params) {
+  const { account: account2, manager, call: call2, blockInfo } = params;
   const selector = call2.data.length >= 10 ? call2.data.slice(0, 10) : "0x00000000";
-  const ctx = {
+  return {
     account: account2,
     manager,
     submitter: manager,
-    // conservative: submitter = manager for off-chain probe
+    // runner submits dispatches from the manager (agent) wallet
     target: call2.target,
     selector,
     value: call2.value,
     blockTimestamp: blockInfo.timestamp,
     blockNumber: blockInfo.number
   };
+}
+async function probePermissionForCall(params) {
+  const { publicClient, permission, account: account2, manager, call: call2, blockInfo } = params;
+  const ctx = buildPermissionContext({ account: account2, manager, call: call2, blockInfo });
+  try {
+    const accepted = await publicClient.readContract({
+      address: permission,
+      abi: IPERMISSION_ABI,
+      functionName: "evaluate",
+      args: [call2.data, ctx]
+    });
+    return { accepted: Boolean(accepted), reverted: false };
+  } catch (err) {
+    return { accepted: false, reverted: true, error: err.message.split("\n")[0] };
+  }
+}
+async function resolvePermissionForCall(params) {
+  const { publicClient, account: account2, manager, call: call2, registeredPermissions, blockInfo } = params;
+  const ctx = buildPermissionContext({ account: account2, manager, call: call2, blockInfo });
   for (const permission of registeredPermissions) {
     try {
       const accepted = await publicClient.readContract({
@@ -38845,9 +39041,14 @@ async function doctor(options = {}) {
   const safe = options.account ? getAddress(options.account) : stored?.safe ? getAddress(stored.safe) : null;
   let permissions = [];
   let checks = [];
+  let permsNoCode = [];
   if (safe) {
     const mandates = await client.mandate.list(safe);
     permissions = mandates.map((m) => getAddress(m.permission));
+    if (permissions.length > 0) {
+      const codeChecks = await Promise.all(permissions.map((p) => checkContractExists(pc, p)));
+      permsNoCode = codeChecks.filter((c) => !c.hasCode && !c.error).map((c) => c.address);
+    }
     if (caps.dispatchModel === "conjunctive" && permissions.length > 0) {
       checks = await Promise.all(permissions.map((p) => probePassThrough(pc, p, safe)));
     }
@@ -38884,7 +39085,9 @@ async function doctor(options = {}) {
             manager: managerAddr ? { address: managerAddr, ...managerBal ?? {} } : null
           },
           account: safe,
+          saltNonce: stored?.saltNonce ?? null,
           permissions,
+          permissionsWithoutCode: permsNoCode,
           conjunctivePassThrough: caps.dispatchModel === "conjunctive" ? checks.map((c) => ({
             permission: c.permission,
             passesThrough: c.passesThrough,
@@ -38948,6 +39151,56 @@ async function doctor(options = {}) {
     return;
   }
   console.log(`Account: ${safe}`);
+  if (stored?.saltNonce != null) {
+    const saltNonce = BigInt(stored.saltNonce);
+    const MAINNET_CHAINS = [8453, 42161, 130];
+    try {
+      const proxyCreationCode = await pc.readContract({
+        address: SAFE_V141.proxyFactory,
+        abi: safeProxyFactoryAbi,
+        functionName: "proxyCreationCode"
+      });
+      const ownerAddr2 = stored.owner ? getAddress(stored.owner) : null;
+      const managerAddr2 = stored.manager ? getAddress(stored.manager) : null;
+      if (ownerAddr2 && managerAddr2) {
+        console.log(
+          `
+Multi-chain addresses (salt ${saltNonce}, owner ${ownerAddr2}, manager ${managerAddr2}):`
+        );
+        const CHAIN_NAMES = { 8453: "Base", 42161: "Arbitrum", 130: "Unichain" };
+        for (const cid of MAINNET_CHAINS) {
+          const dep = sailDeployments[cid];
+          const initializer = buildSafeSetupInitializer({
+            owners: [ownerAddr2],
+            threshold: 1n,
+            kernel: dep.kernel,
+            safeModuleEnabler: dep.safeModuleEnabler
+          });
+          const predicted = computeSailSmaAddress({
+            initializer,
+            saltNonce,
+            deployer: ownerAddr2,
+            permissionSigner: ownerAddr2,
+            manager: managerAddr2,
+            feePolicy: dep.standardFeePolicy,
+            proxyCreationCode
+          });
+          const isDeployed = predicted.toLowerCase() === safe.toLowerCase() && cid === chainId;
+          const label = isDeployed ? "deployed (this account)" : predicted;
+          console.log(`  ${CHAIN_NAMES[cid].padEnd(12)} (${cid}):  ${label}`);
+        }
+        console.log(
+          '  \u26A0  Addresses differ per chain (chain-specific kernel salt + initializer). Run "sailor account predict" for details.'
+        );
+      }
+    } catch {
+    }
+  } else if (stored) {
+    console.log(
+      "\nMulti-chain addresses: saltNonce not stored (deployed before salt tracking)."
+    );
+    console.log("  To enable: re-deploy with sailor onboard --new-sma --salt 0");
+  }
   if (permissions.length === 0) {
     console.log(
       "\n\u26A0 No permissions registered \u2014 every dispatch will be denied (NoPermissionsRegistered)."
@@ -38957,6 +39210,13 @@ async function doctor(options = {}) {
   }
   console.log(`
 Registered permissions (${permissions.length}):`);
+  if (permsNoCode.length > 0) {
+    console.log(
+      `
+\u26A0 ${permsNoCode.length} registered permission(s) have NO contract code on chain ${chainId} \u2014 dispatches naming them will fail. Verify the address (wrong chain?) or revoke:`
+    );
+    permsNoCode.forEach((p) => console.log(`    ${p}`));
+  }
   if (caps.dispatchModel === "selective") {
     permissions.forEach((p, i) => console.log(`  ${i + 1}. ${p}`));
     console.log("\nEach dispatch names one permission, so pass-through is not required.");
@@ -40295,18 +40555,21 @@ Project: ${project.name}`));
   say(
     () => console.log(
       `
-\u2192 Signing station:
-  Open ${channel.url} in your browser and connect your wallet
+\u2192 Open the Sailor dashboard to approve signing requests:
+  http://localhost:${projectPort(process.cwd())}/#/station
 `
     )
   );
   let smaAddress;
   let justCreated = false;
   let ownerAddress = project.getOwner();
+  let deployedSaltNonce;
   if (smaChoice.kind === "new") {
-    const created = await createSma(project, channel, publicClient, agentAddress, json);
+    const saltNonce = options.salt != null ? BigInt(options.salt) : 0n;
+    const created = await createSma(project, channel, publicClient, agentAddress, json, saltNonce);
     smaAddress = created.sma;
     ownerAddress = created.owner;
+    deployedSaltNonce = created.saltNonce;
     justCreated = true;
   } else {
     smaAddress = smaChoice.address;
@@ -40349,7 +40612,8 @@ Project: ${project.name}`));
     owner: ownerAddress ?? permissionSigner,
     permissionSigner,
     manager: onChainManager,
-    chainId: project.chainId
+    chainId: project.chainId,
+    saltNonce: deployedSaltNonce
   });
   if (options.skipMandate) {
     return { sma: smaAddress, agent: agentAddress, mandates: [], created: justCreated };
@@ -40500,7 +40764,7 @@ async function waitForRegistration(publicClient, kernel, account2, attempts) {
   }
   return false;
 }
-async function createSma(project, channel, publicClient, agentAddress, json = false) {
+async function createSma(project, channel, publicClient, agentAddress, json = false, saltNonce = 0n) {
   const say = (fn) => {
     if (!json) fn();
   };
@@ -40514,7 +40778,6 @@ async function createSma(project, channel, publicClient, agentAddress, json = fa
     kernel: project.contracts.kernel,
     safeModuleEnabler: deployment.safeModuleEnabler
   });
-  const saltNonce = BigInt(Date.now());
   const createAccountData = encodeFunctionData({
     abi: SailKernelAbi,
     functionName: "createAccount",
@@ -40565,6 +40828,7 @@ async function createSma(project, channel, publicClient, agentAddress, json = fa
   }
   const safeAddress = registered.args.account;
   say(() => console.log("\u2713", `SMA created at ${safeAddress}`));
+  say(() => console.log("   Salt:", saltNonce.toString(), "(stored in .sail/account.json \u2014 use for sailor account predict)"));
   appendActivity({
     ts: nowIso(),
     actor: "owner",
@@ -40573,9 +40837,10 @@ async function createSma(project, channel, publicClient, agentAddress, json = fa
     owner: ownerAddress,
     manager: agentAddress,
     txHash: response.txHash,
-    chainId: project.chainId
+    chainId: project.chainId,
+    saltNonce: saltNonce.toString()
   });
-  return { sma: safeAddress, owner: ownerAddress };
+  return { sma: safeAddress, owner: ownerAddress, saltNonce };
 }
 async function attachMandate(project, channel, publicClient, agentSigner, smaAddress, permissionSigner, template, opts = {}) {
   const say = (fn) => {
@@ -40723,7 +40988,8 @@ async function persistAccount(publicClient, account2) {
     permissionSigner: checksum4(account2.permissionSigner),
     manager: checksum4(account2.manager),
     chainId: account2.chainId,
-    createdAtBlock
+    createdAtBlock,
+    ...account2.saltNonce != null ? { saltNonce: account2.saltNonce.toString() } : {}
   };
   upsertAccountInList(stored);
   writeJsonFile(sailPath("account.json"), stored);
@@ -40834,8 +41100,8 @@ async function runDeploy(project, channel, options) {
   say(() => {
     console.log(
       `
-\u2192 Signing station:
-  Open ${channel.url} in your browser and connect your wallet
+\u2192 Open the Sailor dashboard to approve signing requests:
+  http://localhost:${projectPort(process.cwd())}/#/station
 `
     );
     console.log(`Pushing deploy request for "${contractName}"\u2026`);
@@ -41057,8 +41323,8 @@ ${spec.label} clone (${options.template})`);
     console.log(`  SMA:             ${sma}`);
     for (const d of spec.describe(initParams)) console.log(`  ${d.label}: ${d.value}`);
     console.log(`
-\u2192 Signing station:
-  Open ${channel.url} and connect your Owner wallet
+\u2192 Open the Sailor dashboard to approve signing requests:
+  http://localhost:${projectPort(process.cwd())}/#/station
 `);
   });
   const nonce = await publicClient.readContract({
@@ -41221,8 +41487,8 @@ async function runAttach(project, channel, options) {
   if (!json) {
     console.log(
       `
-\u2192 Signing station:
-  Open ${channel.url} in your browser and connect your wallet
+\u2192 Open the Sailor dashboard to approve signing requests:
+  http://localhost:${projectPort(process.cwd())}/#/station
 `
     );
   }
@@ -41304,8 +41570,8 @@ Revoking ${targets.length} permission(s) from ${sma}:`);
     for (const p of targets) console.log(`  ${nameFor(p) ?? p}  ${p}`);
     console.log(
       `
-\u2192 Signing station:
-  Open ${channel.url} in your browser and connect your Owner wallet
+\u2192 Open the Sailor dashboard to approve signing requests:
+  http://localhost:${projectPort(process.cwd())}/#/station
 `
     );
   });
@@ -41606,6 +41872,88 @@ function runForgeBuild() {
 
 // src/commands/mandate.ts
 init_esm2();
+
+// src/lib/permission-explainer.ts
+var import_node_fs11 = require("node:fs");
+var import_node_path10 = require("node:path");
+function explainPermission(name, sourcePath) {
+  const resolved = sourcePath ?? (0, import_node_path10.join)(process.cwd(), "mandates", `${name}.sol`);
+  let src;
+  try {
+    src = (0, import_node_fs11.readFileSync)(resolved, "utf8");
+  } catch {
+    return null;
+  }
+  return parseStructured(src) ?? parseNatSpec(src) ?? parseRequires(src);
+}
+function parseStructured(src) {
+  if (!src.includes("ENFORCED ON-CHAIN")) return null;
+  const lines = src.split("\n");
+  const result = {
+    source: "structured",
+    enforced: [],
+    notEnforced: []
+  };
+  const headerLines = [];
+  for (const line of lines) {
+    const t = line.trim();
+    if (t.startsWith("import ") || t.startsWith("contract ") || t.startsWith("abstract contract ")) break;
+    if (t.startsWith("//")) headerLines.push(t.slice(2));
+  }
+  let section = null;
+  for (const raw of headerLines) {
+    const trimmed = raw.trim();
+    if (/^─+$/.test(trimmed)) continue;
+    if (trimmed.includes("ENFORCED ON-CHAIN")) {
+      section = "enforced";
+      continue;
+    }
+    if (trimmed.includes("NOT ENFORCED")) {
+      section = "notEnforced";
+      continue;
+    }
+    if (trimmed.includes("VERIFY BEFORE USE")) {
+      section = null;
+      continue;
+    }
+    if (section === null) {
+      const kv = trimmed.match(/^(Protocol|Version|Chain|Target)\s*:\s*(.+)$/i);
+      if (kv) {
+        const key = kv[1].toLowerCase();
+        result[key] = kv[2].trim();
+      }
+    }
+    if (section && trimmed.startsWith("\u2022")) {
+      const bullet = trimmed.slice(1).trim();
+      if (bullet) result[section].push(bullet);
+    }
+  }
+  if (result.enforced.length === 0 && !result.protocol) return null;
+  return result;
+}
+function parseNatSpec(src) {
+  const enforced = [];
+  const notEnforced = [];
+  for (const line of src.split("\n")) {
+    const t = line.trim();
+    const notice = t.match(/^\/\/\/\s*@notice\s+(.+)$/);
+    if (notice) enforced.push(notice[1].trim());
+    const dev = t.match(/^\/\/\/\s*@dev\s+(.+)$/);
+    if (dev) notEnforced.push(dev[1].trim());
+  }
+  if (enforced.length === 0 && notEnforced.length === 0) return null;
+  return { source: "natspec", enforced, notEnforced };
+}
+function parseRequires(src) {
+  const enforced = [];
+  const re = /require\s*\([^,)]+,\s*["']([^"']+)["']\)/g;
+  let m;
+  while ((m = re.exec(src)) !== null) enforced.push(m[1]);
+  if (enforced.length === 0) return null;
+  return { source: "require-only", enforced, notEnforced: [] };
+}
+
+// src/commands/mandate.ts
 async function fetchOnChainPermissions(account2) {
   try {
     const project = new ProjectContext();
@@ -41672,11 +42020,15 @@ ${permissions.length} permission(s) tracked for SMA ${account2.safe}:
     console.log(`    ${p.address}`);
     console.log(`    ${status2}`);
   }
+  const store = new MandateStore();
   const draft = {
     account: account2.safe,
     chainId: account2.chainId,
-    // Exclude permissions revoked on-chain — the draft reflects the live set.
-    permissions: permissions.filter((p) => !p.revokedOnChain).map((p) => ({ address: p.address, label: p.label })),
+    permissions: permissions.filter((p) => !p.revokedOnChain).map((p) => {
+      const mandate2 = store.find(p.address);
+      const explanation = explainPermission(p.label, mandate2?.sourcePath) ?? void 0;
+      return { address: p.address, label: p.label, explanation };
+    }),
     createdAt: (/* @__PURE__ */ new Date()).toISOString()
   };
   writeJsonFile(sailPath("mandate-draft.json"), draft);
@@ -41739,8 +42091,231 @@ ${unregistered.length} permission(s) are not yet registered on this SMA. Initiat
 \u2713 Saved to .sail/mandate.json \u2014 agent is ready to run.`);
 }
 
+// src/commands/mandate-simulate.ts
+var import_node_fs12 = require("node:fs");
+init_esm2();
+function parseExpect(raw, where) {
+  if (raw === void 0) return void 0;
+  const v = raw.toLowerCase();
+  if (v === "pass" || v === "fail") return v;
+  throw new Error(`${where}: "expect" must be "pass" or "fail" \u2014 got "${raw}".`);
+}
+function resolveSampleCalls(options) {
+  const hasInline = options.target !== void 0 || options.calldata !== void 0;
+  if (options.calls && hasInline) {
+    throw new Error("Provide EITHER --calls <file> OR inline --target/--calldata, not both.");
+  }
+  if (options.calls) {
+    let raw;
+    try {
+      raw = JSON.parse((0, import_node_fs12.readFileSync)(options.calls, "utf8"));
+    } catch (err) {
+      throw new Error(`Could not read --calls file "${options.calls}": ${err.message}`);
+    }
+    if (!Array.isArray(raw) || raw.length === 0) {
+      throw new Error(`--calls file must be a non-empty JSON array of { target, calldata, ... }.`);
+    }
+    return raw.map((entry, i) => parseCallEntry(entry, i));
+  }
+  if (!hasInline) {
+    throw new Error(
+      "No sample calls. Pass --target <addr> --calldata <hex> for one call, or --calls <file.json> for a batch."
+    );
+  }
+  if (!options.target || !options.calldata) {
+    throw new Error("Inline call requires BOTH --target <addr> and --calldata <hex>.");
+  }
+  return [
+    parseCallEntry(
+      {
+        target: options.target,
+        calldata: options.calldata,
+        value: options.value,
+        expect: options.expect,
+        label: options.label
+      },
+      0
+    )
+  ];
+}
+function parseCallEntry(entry, index2) {
+  const where = `call[${index2}]`;
+  const target = entry.target;
+  if (typeof target !== "string" || !isAddress(target, { strict: false })) {
+    throw new Error(`${where}: "target" must be a valid address \u2014 got ${JSON.stringify(target)}.`);
+  }
+  const data = entry.calldata ?? entry.data;
+  if (typeof data !== "string" || !isHex(data)) {
+    throw new Error(`${where}: "calldata" must be a 0x-prefixed hex string.`);
+  }
+  let value = 0n;
+  if (entry.value !== void 0 && entry.value !== null && entry.value !== "") {
+    try {
+      value = BigInt(entry.value);
+    } catch {
+      throw new Error(`${where}: "value" must be an integer (wei) \u2014 got ${JSON.stringify(entry.value)}.`);
+    }
+  }
+  const label = typeof entry.label === "string" && entry.label.trim() ? entry.label.trim() : `call ${index2 + 1}`;
+  return {
+    label,
+    target: getAddress(target),
+    data,
+    value,
+    expect: parseExpect(entry.expect, where)
+  };
+}
+function managerAddress(safe) {
+  const stored = readJsonFile(sailPath("account.json"));
+  if (stored?.manager && isAddress(stored.manager, { strict: false })) {
+    return getAddress(stored.manager);
+  }
+  const ks = readJsonFile(resolveKeyPath("manager", safe));
+  return ks?.address ? getAddress(`0x${ks.address.replace(/^0x/, "")}`) : null;
+}
+async function mandateSimulate(options) {
+  const json = !!options.json;
+  const project = new ProjectContext();
+  const chainId = project.chainId;
+  const rpcUrl = getRpcUrl(chainId) ?? getChainById(chainId).rpcUrls.default.http[0];
+  const pc = createPublicClient({ chain: getChainById(chainId), transport: http(rpcUrl) });
+  const store = new MandateStore();
+  const tracked = store.find(options.address);
+  const rawPermission = tracked?.address ?? options.address;
+  if (!isAddress(rawPermission, { strict: false })) {
+    throw new Error(`--address must be a permission address or a tracked name: ${options.address}`);
+  }
+  const permission = getAddress(rawPermission);
+  const stored = readJsonFile(sailPath("account.json"));
+  if (options.sma && !isAddress(options.sma, { strict: false })) {
+    throw new Error(`Invalid --sma address: ${options.sma}`);
+  }
+  const accountRaw = options.sma ?? stored?.safe;
+  if (!accountRaw) {
+    throw new Error("No SMA. Pass --sma <address> or create one (.sail/account.json).");
+  }
+  const account2 = getAddress(accountRaw);
+  const resolvedManager = managerAddress(options.sma ?? stored?.safe);
+  const manager = resolvedManager ?? account2;
+  const managerIsStandIn = resolvedManager === null;
+  const calls = resolveSampleCalls(options);
+  let blockInfo = { number: 0n, timestamp: 0n };
+  let blockStale = false;
+  try {
+    const block = await pc.getBlock();
+    blockInfo = { number: block.number ?? 0n, timestamp: block.timestamp ?? 0n };
+  } catch {
+    blockStale = true;
+  }
+  const results = await Promise.all(
+    calls.map(async (c, i) => {
+      const [probe, codeCheck] = await Promise.all([
+        probePermissionForCall({
+          publicClient: pc,
+          permission,
+          account: account2,
+          manager,
+          call: { target: c.target, value: c.value, data: c.data },
+          blockInfo
+        }),
+        checkContractExists(pc, c.target)
+      ]);
+      const result = probe.accepted ? "pass" : "fail";
+      return {
+        index: i,
+        label: c.label,
+        target: c.target,
+        value: c.value.toString(),
+        result,
+        reverted: probe.reverted,
+        revertReason: probe.error,
+        expect: c.expect ?? null,
+        match: c.expect ? c.expect === result : null,
+        targetHasCode: codeCheck.hasCode,
+        targetCheckError: codeCheck.error
+      };
+    })
+  );
+  const mismatches = results.filter((r) => r.match === false);
+  const noCodeTargets = results.filter((r) => !r.targetHasCode && !r.targetCheckError);
+  const ok = mismatches.length === 0;
+  if (json) {
+    emit(true, () => {
+    }, {
+      status: ok ? "ok" : "mismatch",
+      spendsGas: false,
+      probe: "off-chain eth_call (evaluate)",
+      chainId,
+      permission,
+      sma: account2,
+      submitter: manager,
+      submitterIsStandIn: managerIsStandIn,
+      blockNumber: blockInfo.number.toString(),
+      blockContextStale: blockStale,
+      results: results.map((r) => ({
+        index: r.index,
+        label: r.label,
+        target: r.target,
+        value: r.value,
+        result: r.result,
+        reverted: r.reverted,
+        revertReason: r.revertReason,
+        expect: r.expect,
+        match: r.match,
+        targetHasCode: r.targetHasCode,
+        targetCheckError: r.targetCheckError
+      })),
+      mismatches: mismatches.length,
+      noCodeTargets: noCodeTargets.map((r) => r.target),
+      ok
+    });
+    if (!ok) process.exit(1);
+    return;
+  }
+  console.log("\nsailor mandate simulate \u2014 off-chain probe (eth_call). Spends NO gas, signs nothing.");
+  console.log(
+    "Shows what the permission's evaluate() returns for these calls. It does NOT guarantee\nthe permission is correct \u2014 only what it does for exactly these inputs."
+  );
+  console.log("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+  console.log(`Permission: ${permission}`);
+  console.log(`SMA:        ${account2}`);
+  console.log(
+    `Submitter:  ${manager}${managerIsStandIn ? "  (stand-in: no manager key found locally)" : "  (agent wallet)"}`
+  );
+  console.log(`Chain:      ${chainId}   block ${blockInfo.number}${blockStale ? "  \u26A0 could not fetch block \u2014 time/block-gated permissions may show false negatives" : ""}`);
+  console.log("");
+  for (const r of results) {
+    const verdict = r.result === "pass" ? "PASS  " : r.reverted ? "REVERT" : "FAIL  ";
+    const expectStr = r.expect === null ? "" : r.match ? `  expected ${r.expect}  \u2713 MATCH` : `  expected ${r.expect}  \u2717 MISMATCH`;
+    console.log(`[${r.index + 1}] ${verdict}  ${r.label}${expectStr}`);
+    const codeNote = r.targetCheckError ? `\u26A0 could not verify contract code (${r.targetCheckError})` : r.targetHasCode ? "\u2713 contract present" : `\u26A0 NO contract code on chain ${chainId} \u2014 this call would fail on-chain regardless of the permission`;
+    console.log(`     target ${r.target}   ${codeNote}`);
+    if (r.reverted && r.revertReason) {
+      console.log(`     evaluate() reverted: ${r.revertReason}`);
+    }
+  }
+  console.log("");
+  if (results.every((r) => r.expect === null)) {
+    console.log(`Probed ${results.length} call(s). No expectations were supplied (informational only).`);
+  } else {
+    const matched = results.filter((r) => r.match === true).length;
+    const checked = results.filter((r) => r.expect !== null).length;
+    if (ok) {
+      console.log(`Result: ${matched}/${checked} matched expectations. \u2713`);
+    } else {
+      console.log(`Result: ${matched}/${checked} matched, ${mismatches.length} MISMATCH. \u2717`);
+    }
+  }
+  if (noCodeTargets.length > 0) {
+    console.log(
+      `\u26A0 ${noCodeTargets.length} target(s) have no contract code on chain ${chainId} \u2014 likely a wrong or wrong-chain address.`
+    );
+  }
+  if (!ok) process.exit(1);
+}
+
 // src/commands/rotate-signer.ts
-var import_node_fs11 = require("node:fs");
+var import_node_fs13 = require("node:fs");
 init_esm2();
 var PENDING_REATTACH_FILE = ["state", "pending-reattach.json"];
 async function rotateSigner(options) {
@@ -41851,8 +42426,8 @@ SMA:            ${smaAddress}`);
     }
     console.log(
       `
-\u2192 Signing station:
-  Open ${channel.url} in your browser and connect the owner wallet (${owner2}).
+\u2192 Open the Sailor dashboard to approve signing requests:
+  http://localhost:${projectPort(process.cwd())}/#/station
 `
     );
   });
@@ -42127,7 +42702,7 @@ function writePending(pending) {
 }
 function clearPending() {
   try {
-    (0, import_node_fs11.rmSync)(sailPath(...PENDING_REATTACH_FILE), { force: true });
+    (0, import_node_fs13.rmSync)(sailPath(...PENDING_REATTACH_FILE), { force: true });
   } catch {
   }
 }
@@ -42167,8 +42742,8 @@ async function ownerConnect(options) {
   try {
     await channel.start();
     if (!options.json) {
-      console.log("\u2192 Open this in your browser and connect your wallet:");
-      console.log(`  ${channel.url}/#/station`);
+      console.log("\u2192 Open the Sailor dashboard and connect your wallet:");
+      console.log(`  http://localhost:${projectPort(projectRoot)}/#/station`);
       if (channel.remote) console.log("  (using the running signing station)");
       console.log("\nWaiting for a wallet connection\u2026");
     }
@@ -42213,30 +42788,30 @@ function ownerShow(options) {
 }
 
 // src/commands/run.ts
-var import_node_fs13 = __toESM(require("node:fs"), 1);
-var import_node_path10 = __toESM(require("node:path"), 1);
+var import_node_fs15 = __toESM(require("node:fs"), 1);
+var import_node_path11 = __toESM(require("node:path"), 1);
 var import_node_url = require("node:url");
 init_esm2();
 
 // src/lib/process.ts
-var import_node_fs12 = __toESM(require("node:fs"), 1);
+var import_node_fs14 = __toESM(require("node:fs"), 1);
 function agentPidPath() {
   return sailPath("agent.pid");
 }
 function writeAgentPid() {
-  import_node_fs12.default.mkdirSync(sailPath(), { recursive: true });
-  import_node_fs12.default.writeFileSync(agentPidPath(), `${process.pid}
+  import_node_fs14.default.mkdirSync(sailPath(), { recursive: true });
+  import_node_fs14.default.writeFileSync(agentPidPath(), `${process.pid}
 `);
 }
 function clearAgentPid() {
   try {
-    import_node_fs12.default.rmSync(agentPidPath());
+    import_node_fs14.default.rmSync(agentPidPath());
   } catch {
   }
 }
 function readAgentPid() {
   try {
-    const pid = Number.parseInt(import_node_fs12.default.readFileSync(agentPidPath(), "utf-8").trim(), 10);
+    const pid = Number.parseInt(import_node_fs14.default.readFileSync(agentPidPath(), "utf-8").trim(), 10);
     return Number.isNaN(pid) ? null : pid;
   } catch {
     return null;
@@ -42266,7 +42841,7 @@ var ERC20_BALANCE_ABI = [
 function loadAgentData(filePath) {
   if (!filePath) return {};
   try {
-    const parsed = JSON.parse(import_node_fs13.default.readFileSync(filePath, "utf-8"));
+    const parsed = JSON.parse(import_node_fs15.default.readFileSync(filePath, "utf-8"));
     return parsed && typeof parsed === "object" ? parsed : {};
   } catch {
     return {};
@@ -42275,8 +42850,8 @@ function loadAgentData(filePath) {
 async function loadAgent() {
   const candidates = ["src/agent.ts", "src/agent.js", "dist/agent.js", "dist/src/agent.js"];
   for (const rel of candidates) {
-    const abs = import_node_path10.default.join(process.cwd(), rel);
-    if (!import_node_fs13.default.existsSync(abs)) continue;
+    const abs = import_node_path11.default.join(process.cwd(), rel);
+    if (!import_node_fs15.default.existsSync(abs)) continue;
     let mod2;
     if (abs.endsWith(".ts")) {
       const { tsImport } = await import("tsx/esm/api");
@@ -42763,14 +43338,14 @@ async function sessionResume() {
 }
 
 // src/commands/station.ts
-var import_node_fs14 = require("node:fs");
-var import_node_path11 = require("node:path");
-var RUNTIME_SERVER_FILE2 = (0, import_node_path11.join)(".sail", "runtime", "server.json");
+var import_node_fs16 = require("node:fs");
+var import_node_path12 = require("node:path");
+var RUNTIME_SERVER_FILE2 = (0, import_node_path12.join)(".sail", "runtime", "server.json");
 function readState(projectRoot) {
-  const file = (0, import_node_path11.join)(projectRoot, RUNTIME_SERVER_FILE2);
-  if (!(0, import_node_fs14.existsSync)(file)) return null;
+  const file = (0, import_node_path12.join)(projectRoot, RUNTIME_SERVER_FILE2);
+  if (!(0, import_node_fs16.existsSync)(file)) return null;
   try {
-    return JSON.parse((0, import_node_fs14.readFileSync)(file, "utf8"));
+    return JSON.parse((0, import_node_fs16.readFileSync)(file, "utf8"));
   } catch {
     return null;
   }
@@ -42842,9 +43417,9 @@ async function stationStop(options) {
   }
   const daemon = await discoverDaemon(projectRoot);
   if (!daemon) {
-    const file = (0, import_node_path11.join)(projectRoot, RUNTIME_SERVER_FILE2);
+    const file = (0, import_node_path12.join)(projectRoot, RUNTIME_SERVER_FILE2);
     try {
-      if ((0, import_node_fs14.existsSync)(file)) (0, import_node_fs14.rmSync)(file);
+      if ((0, import_node_fs16.existsSync)(file)) (0, import_node_fs16.rmSync)(file);
     } catch {
     }
     emit(options.json, () => console.log("Station process not found; cleared stale state."), {
@@ -42860,9 +43435,9 @@ async function stationStop(options) {
       pid: state.pid
     });
   } catch {
-    const file = (0, import_node_path11.join)(projectRoot, RUNTIME_SERVER_FILE2);
+    const file = (0, import_node_path12.join)(projectRoot, RUNTIME_SERVER_FILE2);
     try {
-      if ((0, import_node_fs14.existsSync)(file)) (0, import_node_fs14.rmSync)(file);
+      if ((0, import_node_fs16.existsSync)(file)) (0, import_node_fs16.rmSync)(file);
     } catch {
     }
     emit(options.json, () => console.log("Station process not found; cleared stale state."), {
@@ -42917,15 +43492,15 @@ async function status() {
 
 // src/commands/ui.ts
 var import_node_child_process2 = require("node:child_process");
-var import_node_fs15 = __toESM(require("node:fs"), 1);
+var import_node_fs17 = __toESM(require("node:fs"), 1);
 var import_node_net2 = __toESM(require("node:net"), 1);
-var import_node_path12 = __toESM(require("node:path"), 1);
-var UI_STATE_FILE = import_node_path12.default.join(".sail", "runtime", "ui.json");
+var import_node_path13 = __toESM(require("node:path"), 1);
+var UI_STATE_FILE = import_node_path13.default.join(".sail", "runtime", "ui.json");
 function readState2(projectRoot) {
-  const file = import_node_path12.default.join(projectRoot, UI_STATE_FILE);
-  if (!import_node_fs15.default.existsSync(file)) return null;
+  const file = import_node_path13.default.join(projectRoot, UI_STATE_FILE);
+  if (!import_node_fs17.default.existsSync(file)) return null;
   try {
-    return JSON.parse(import_node_fs15.default.readFileSync(file, "utf-8"));
+    return JSON.parse(import_node_fs17.default.readFileSync(file, "utf-8"));
   } catch {
     return null;
   }
@@ -42948,15 +43523,15 @@ function findFreePort(from14) {
 }
 async function uiCommand() {
   const distDir = cliDistDir();
-  const uiDistDir = import_node_path12.default.join(packageRoot(), "packages", "ui", "dist");
-  const serverBundle = import_node_path12.default.resolve(distDir, "server.cjs");
+  const uiDistDir = import_node_path13.default.join(packageRoot(), "packages", "ui", "dist");
+  const serverBundle = import_node_path13.default.resolve(distDir, "server.cjs");
   const projectRoot = process.cwd();
-  const sailDir2 = import_node_path12.default.join(projectRoot, ".sail");
+  const sailDir2 = import_node_path13.default.join(projectRoot, ".sail");
   const port = await findFreePort(projectPort(projectRoot));
-  if (!import_node_fs15.default.existsSync(serverBundle)) {
+  if (!import_node_fs17.default.existsSync(serverBundle)) {
     throw new Error(`Server bundle not found at ${serverBundle}. Re-run the sailor build.`);
   }
-  if (!import_node_fs15.default.existsSync(import_node_path12.default.join(uiDistDir, "index.html"))) {
+  if (!import_node_fs17.default.existsSync(import_node_path13.default.join(uiDistDir, "index.html"))) {
     throw new Error(`UI dist not found at ${uiDistDir}. Re-run the sailor build.`);
   }
   const existing = readState2(projectRoot);
@@ -42974,9 +43549,9 @@ async function uiCommand() {
   if (!isAlive(child.pid)) {
     throw new Error(`Sailor UI process exited immediately. Check that the server bundle is intact.`);
   }
-  import_node_fs15.default.mkdirSync(import_node_path12.default.join(projectRoot, ".sail", "runtime"), { recursive: true });
-  import_node_fs15.default.writeFileSync(
-    import_node_path12.default.join(projectRoot, UI_STATE_FILE),
+  import_node_fs17.default.mkdirSync(import_node_path13.default.join(projectRoot, ".sail", "runtime"), { recursive: true });
+  import_node_fs17.default.writeFileSync(
+    import_node_path13.default.join(projectRoot, UI_STATE_FILE),
     JSON.stringify({ pid: child.pid, port, startedAt: (/* @__PURE__ */ new Date()).toISOString() }, null, 2)
   );
   console.log(`Sailor UI started at http://localhost:${port}  (pid ${child.pid})`);
@@ -42987,7 +43562,7 @@ function uiStatus() {
   if (state && isAlive(state.pid)) {
     console.log(`\u25CF running  http://localhost:${state.port}  (pid ${state.pid})`);
   } else {
-    if (state) import_node_fs15.default.rmSync(import_node_path12.default.join(process.cwd(), UI_STATE_FILE), { force: true });
+    if (state) import_node_fs17.default.rmSync(import_node_path13.default.join(process.cwd(), UI_STATE_FILE), { force: true });
     console.log("\u25CB Sailor UI is not running");
   }
 }
@@ -42999,12 +43574,12 @@ function uiStop() {
     return;
   }
   if (!isAlive(state.pid)) {
-    import_node_fs15.default.rmSync(import_node_path12.default.join(projectRoot, UI_STATE_FILE), { force: true });
+    import_node_fs17.default.rmSync(import_node_path13.default.join(projectRoot, UI_STATE_FILE), { force: true });
     console.log("Sailor UI is not running (stale state file removed).");
     return;
   }
   process.kill(state.pid, "SIGTERM");
-  import_node_fs15.default.rmSync(import_node_path12.default.join(projectRoot, UI_STATE_FILE), { force: true });
+  import_node_fs17.default.rmSync(import_node_path13.default.join(projectRoot, UI_STATE_FILE), { force: true });
   console.log(`Stopped Sailor UI (pid ${state.pid}).`);
 }
 
@@ -43058,6 +43633,12 @@ keys.command("export-ci").description(
 ).action(action(keysExportCi));
 var account = program2.command("account").description("Manage the Sail SMA");
 account.command("create").description("Create a new Sail SMA on-chain").action(action(accountCreate));
+account.command("predict").description(
+  "Compute the deterministic Safe address for a given owner + manager + salt (no gas, no deployment)"
+).option("--owner <address>", "Owner EOA address (defaults to .sail/account.json)").option(
+  "--manager <address>",
+  "Agent (manager) wallet \u2014 mixed into the kernel salt (defaults to .sail/account.json)"
+).option("--salt <n>", "CREATE2 salt nonce (default: 0)").option("--chain <id>", "Show prediction for one chain only").option("--json", "Emit machine-readable JSON").action(actionWith(accountPredict));
 account.command("rotate-signer").description("Rotate the SMA's delegated signer (agent wallet) and re-approve its mandates").option("--sma <address>", "SMA to rotate (defaults to the active account)").option("--to <address>", "Rotate to an existing agent-wallet address instead of generating one").option("--generate", "Generate a fresh local agent wallet (default when --to is omitted)").option("--skip-reattach", "Do not re-approve the previously-attached mandates").option("--reattach-only", "Skip rotation; only re-approve mandates (resume after funding)").option("--json", "Machine-readable output").action(actionWith(rotateSigner));
 var mandate = program2.command("mandate").description("Manage mandates");
 mandate.command("prepare").description("Prepare a mandate draft for review and signing in the UI (MetaMask)").action(action(mandatePrepare));
@@ -43067,8 +43648,11 @@ mandate.command("attach").description("Register an already-deployed permission o
 mandate.command("deploy-clone").description("Deploy + register a standalone clone permission (e.g. boundedApprove) via the signing UI").requiredOption("--template <key>", "Standalone clone template key (e.g. boundedApprove)").requiredOption("--sma <address>", "SMA to deploy the clone for and register it on").option("--tokens <csv>", "Comma-separated allowed token addresses").option("--spenders <csv>", "Comma-separated allowed spender addresses").option("--max <amount>", "Max amount per tx in base units (default: uint256 max)").option("--label <label>", "Human-readable label to track this permission under").option("--json", "Emit machine-readable JSON").action(actionWith(mandateDeployClone));
 mandate.command("revoke").description("Revoke permission(s) from an SMA (EIP-712 RevokePermissions, owner-authorized)").option("--address <permissionOrName>", "Permission address, or a name tracked locally").requiredOption("--sma <address>", "Safe (SMA) to revoke the permission(s) from").option("--all", "Revoke every permission currently registered on the SMA").option("--json", "Output JSON").action(actionWith(mandateRevoke));
 mandate.command("templates").description("Show how to author your own permission contract (and any community-deployed addresses)").option("--json", "Emit machine-readable JSON").action(actionWith(mandateTemplates));
+mandate.command("simulate").description(
+  "Probe a permission against sample calls off-chain (eth_call, NO gas) \u2014 prove it accepts the calls you want and rejects the ones you don't, before authorizing on-chain"
+).requiredOption("--address <permissionOrName>", "Permission to probe (address or tracked name)").option("--sma <address>", "SMA to probe as (ctx.account; defaults to .sail/account.json)").option("--target <address>", "Inline single call: target contract address").option("--calldata <hex>", "Inline single call: 0x-prefixed calldata").option("--value <wei>", "Inline single call: ETH value in wei (default 0)").option("--expect <pass|fail>", "Inline single call: expected outcome (sets non-zero exit on mismatch)").option("--label <text>", "Inline single call: human-readable label").option("--calls <file>", "Batch: JSON array of { target, calldata, value?, expect?, label? }").option("--json", "Emit machine-readable JSON").action(actionWith(mandateSimulate));
 mandate.command("list").description("List permission contracts deployed from this project").action(action(async () => mandateContractsList()));
-program2.command("onboard").description("Set up an SMA, register a permission, confirm the agent is operational").option("--sma <address>", "Use a specific SMA address instead of prompting").option("--new-sma", "Create a new SMA via SailKernel").option("--template <kindOrAddress>", "Register this permission contract (kind, label, or address)").option("--skip-mandate", "Skip the permission registration step").option("--json", "Emit machine-readable JSON (implies non-interactive)").action(actionWith(onboard));
+program2.command("onboard").description("Set up an SMA, register a permission, confirm the agent is operational").option("--sma <address>", "Use a specific SMA address instead of prompting").option("--new-sma", "Create a new SMA via SailKernel").option("--salt <n>", "CREATE2 salt for deterministic Safe address (default: 0; use 0 for first SMA, increment for subsequent)").option("--template <kindOrAddress>", "Register this permission contract (kind, label, or address)").option("--skip-mandate", "Skip the permission registration step").option("--json", "Emit machine-readable JSON (implies non-interactive)").action(actionWith(onboard));
 var station = program2.command("station").description("Manage the persistent signing station (browser signing daemon)");
 station.command("start").description("Start the signing station and keep it running (blocks \u2014 run in the background)").option("--json", "Emit machine-readable JSON").action(actionWith(stationStart));
 station.command("status").description("Show whether a signing station is running for this project").option("--json", "Emit machine-readable JSON").action(actionWith(stationStatus));