npm - @heyanon-arp/cli - Versions diffs - 0.0.17 → 0.0.19 - Mend

@heyanon-arp/cli 0.0.17 → 0.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.js CHANGED Viewed

@@ -345,6 +345,10 @@ var init_api = __esm({
       async discoverProfile(did) {
         return this.get(`/v1/discovery/agents/${encodeURIComponent(did)}/profile`);
       }
+      /** Public `GET /v1/discovery/agents/by-name/:name`. Resolves a unique name → composed profile (incl. DID). 404 if unknown. */
+      async discoverByName(name) {
+        return this.get(`/v1/discovery/agents/by-name/${encodeURIComponent(name)}`);
+      }
       /**
        * Public `GET /v1/escrow/config`. Returns the live on-chain V2
        * Config PDA (fees / pause / stakes / windows). No auth.
@@ -613,6 +617,14 @@ var init_api = __esm({
           query
         );
       }
+      /**
+       * Signed `GET /v1/escrow/disputes/:delegationId`. The autonomous arbiter's
+       * verdict for a disputed delegation — winner + DID, evaluator source,
+       * reasoning, status, and the on-chain resolve signature. Parties only.
+       */
+      async getDisputeResolution(delegationId, signer) {
+        return this.signedRequest("GET", `/v1/escrow/disputes/${encodeURIComponent(delegationId)}`, null, signer);
+      }
       /**
        * Build the same canonical-JSON signing input the arp-server's
        * `SignedRequestGuard` recomputes (`{ method, path, query, body }`),
@@ -722,7 +734,7 @@ var import_simple_update_notifier = __toESM(require("simple-update-notifier"));
 // package.json
 var package_default = {
   name: "@heyanon-arp/cli",
-  version: "0.0.17",
+  version: "0.0.19",
   description: "Command-line client for the Agent Relationship Protocol \u2014 register agents, sign envelopes, run escrowed work cycles on Solana.",
   license: "MIT",
   keywords: ["arp", "agent-relationship-protocol", "did", "solana", "escrow", "ed25519", "agents", "a2a", "cli"],
@@ -767,7 +779,7 @@ var package_default = {
 };
 // src/commands/agents.ts
-var import_sdk2 = require("@heyanon-arp/sdk");
+var import_sdk3 = require("@heyanon-arp/sdk");
 var import_chalk3 = __toESM(require("chalk"));
 init_api();
@@ -912,6 +924,7 @@ function formatAgentsTable(rows) {
 // src/state.ts
 var import_node_fs3 = require("fs");
 var import_node_path4 = require("path");
+var import_sdk2 = require("@heyanon-arp/sdk");
 init_api();
 // src/credentials.ts
@@ -1137,13 +1150,35 @@ function warnIfForeignOwner(agent, serverUrl) {
 `
   );
 }
-function resolveSenderAgent(cmdName, serverOverride, explicitFromDid) {
+function resolveSenderAgent(cmdName, serverOverride, explicitFromDid, explicitFromName) {
   const resolvedServerUrl = resolveServerUrl(serverOverride);
+  if (explicitFromDid && explicitFromName) {
+    throw new Error(`${cmdName}: pass either --from <name> OR --from-did <did>, not both.`);
+  }
   if (explicitFromDid) {
+    if (!explicitFromDid.startsWith("did:arp:")) {
+      throw new Error(`${cmdName}: --from-did expects a did:arp:<...> DID \u2014 for an agent name use '--from ${explicitFromDid}'.`);
+    }
     const agent = loadAgentOrThrow(serverOverride, explicitFromDid);
     warnIfForeignOwner(agent, resolvedServerUrl);
     return agent;
   }
+  if (explicitFromName) {
+    const wanted = (0, import_sdk2.normalizeName)(explicitFromName);
+    const named = listAgents().filter((row) => row.serverUrl === resolvedServerUrl && row.agent.name === wanted);
+    if (named.length === 1) {
+      warnIfForeignOwner(named[0].agent, resolvedServerUrl);
+      return named[0].agent;
+    }
+    if (named.length === 0) {
+      throw new Error(`${cmdName}: no local agent named '${wanted}' for ${resolvedServerUrl}. Pass its --from-did <did>, or register/recover that agent locally first.`);
+    }
+    const dups = named.map((row) => `  ${row.agent.did}`).join("\n");
+    throw new Error(
+      `${cmdName}: ${named.length} local agents share the name '${wanted}' for ${resolvedServerUrl} \u2014 ambiguous. Pass --from-did <did> instead. Candidates:
+${dups}`
+    );
+  }
   const onServer = listAgents().filter((row) => row.serverUrl === resolvedServerUrl);
   if (onServer.length === 1) {
     warnIfForeignOwner(onServer[0].agent, resolvedServerUrl);
@@ -1154,7 +1189,7 @@ function resolveSenderAgent(cmdName, serverOverride, explicitFromDid) {
   }
   const list = onServer.map((row) => `  ${row.agent.did}${row.agent.name ? ` (${row.agent.name})` : ""}`).join("\n");
   throw new Error(
-    `${cmdName}: ${onServer.length} agents registered for ${resolvedServerUrl} \u2014 refusing to silently sign as one of them. Pass --from-did <did> to disambiguate. Candidates:
+    `${cmdName}: ${onServer.length} agents registered for ${resolvedServerUrl} \u2014 refusing to silently sign as one of them. Pass --from <name> or --from-did <did> to disambiguate. Candidates:
 ${list}`
   );
 }
@@ -1173,16 +1208,16 @@ function listAgents() {
 var import_chalk2 = __toESM(require("chalk"));
 init_api();
 function registerLifecycleCommands(root) {
-  root.command("update").description("Update an agent profile (name / description / tags). At least one flag is required.").argument("[did]", "Agent DID (did:arp:...) \u2014 optional when --from-did is given OR exactly one agent is registered for the resolved server.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Alias for the positional <did> \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").option("--name <s>", "New display name").option("--description <s>", "New description").option("--tag <s>", "Capability tag \u2014 REPLACES the existing list. Repeatable: --tag translation --tag fr", accumulate, []).option("--clear-tags", "Drop all tags (cannot be combined with --tag)", false).option("--json", "Machine-readable mode \u2014 emit the updated profile as a single JSON object on stdout (AgentPublic). Prelude moves to stderr. ", false).action(
+  root.command("update").description("Update an agent profile (description / tags). At least one flag is required. The agent name is immutable and cannot be changed.").argument("[did]", "Agent DID (did:arp:...) \u2014 optional when --from-did is given OR exactly one agent is registered for the resolved server.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Alias for the positional <did> \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--description <s>", "New description").option("--tag <s>", "Capability tag \u2014 REPLACES the existing list. Repeatable: --tag translation --tag fr", accumulate, []).option("--clear-tags", "Drop all tags (cannot be combined with --tag)", false).option("--json", "Machine-readable mode \u2014 emit the updated profile as a single JSON object on stdout (AgentPublic). Prelude moves to stderr. ", false).action(
     async (did, opts) => {
       if (did !== void 0 && opts.fromDid !== void 0 && did !== opts.fromDid) {
         throw new Error(`update: positional <did> (${did}) and --from-did (${opts.fromDid}) disagree \u2014 pass only one`);
       }
       const explicitDid = did ?? opts.fromDid;
-      const targetDid = (explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("update", opts.server, void 0)).did;
+      const targetDid = (explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("update", opts.server, void 0, opts.from)).did;
       const body = buildUpdateBody(opts);
       if (Object.keys(body).length === 0) {
-        throw new Error("update: pass at least one of --name / --description / --tag / --clear-tags");
+        throw new Error("update: pass at least one of --description / --tag / --clear-tags");
       }
       const agent = await actSigned(targetDid, opts.server, opts.json, (api, signer) => api.updateAgent(targetDid, body, signer));
       updateAgentLocal(opts.server, targetDid, {
@@ -1206,7 +1241,6 @@ function buildUpdateBody(opts) {
     throw new Error("update: --clear-tags cannot be combined with --tag");
   }
   const body = {};
-  if (opts.name !== void 0) body.name = opts.name;
   if (opts.description !== void 0) body.description = opts.description;
   if (opts.clearTags) {
     body.tags = [];
@@ -1265,10 +1299,10 @@ function registerAgentsCommand(root) {
 }
 async function runAgents(opts) {
   const limit = parseLimit(opts.limit);
-  if (opts.sort && opts.sort !== import_sdk2.DiscoverySorts.REPUTATION && opts.sort !== import_sdk2.DiscoverySorts.RECENT && opts.sort !== import_sdk2.DiscoverySorts.CREATED) {
+  if (opts.sort && opts.sort !== import_sdk3.DiscoverySorts.REPUTATION && opts.sort !== import_sdk3.DiscoverySorts.RECENT && opts.sort !== import_sdk3.DiscoverySorts.CREATED) {
     throw new Error(`agents: --sort must be 'reputation', 'recent', or 'created' (got '${opts.sort}')`);
   }
-  const sort = opts.sort === import_sdk2.DiscoverySorts.RECENT ? import_sdk2.DiscoverySorts.RECENT : opts.sort === import_sdk2.DiscoverySorts.CREATED ? import_sdk2.DiscoverySorts.CREATED : import_sdk2.DiscoverySorts.REPUTATION;
+  const sort = opts.sort === import_sdk3.DiscoverySorts.RECENT ? import_sdk3.DiscoverySorts.RECENT : opts.sort === import_sdk3.DiscoverySorts.CREATED ? import_sdk3.DiscoverySorts.CREATED : import_sdk3.DiscoverySorts.REPUTATION;
   const api = new ArpApiClient(opts.server);
   progress(opts.json, import_chalk3.default.dim(`Server: ${api.serverUrl}`));
   const query = { limit, sort };
@@ -1277,7 +1311,7 @@ async function runAgents(opts) {
   if (opts.accountId) query.accountId = opts.accountId;
   if (opts.accepts) query.accepts = resolveAcceptsAsset(opts.accepts);
   if (opts.online) query.online = true;
-  if (sort === import_sdk2.DiscoverySorts.CREATED) {
+  if (sort === import_sdk3.DiscoverySorts.CREATED) {
     if (opts.after) query.after = opts.after;
   } else {
     query.page = parsePage(opts.page);
@@ -1316,10 +1350,10 @@ ${rule}`);
 `);
   }
   if (pagination.hasMore) {
-    if (sort === import_sdk2.DiscoverySorts.CREATED && pagination.nextCursor) {
+    if (sort === import_sdk3.DiscoverySorts.CREATED && pagination.nextCursor) {
       console.log(import_chalk3.default.dim(`
 Next page: re-run with --after ${pagination.nextCursor}`));
-    } else if (sort !== import_sdk2.DiscoverySorts.CREATED) {
+    } else if (sort !== import_sdk3.DiscoverySorts.CREATED) {
       console.log(import_chalk3.default.dim(`
 Next page: re-run with --page ${parsePage(opts.page) + 1}`));
     }
@@ -1358,7 +1392,7 @@ function parsePage(raw) {
   return n;
 }
 function resolveAcceptsAsset(input) {
-  const resolved = (0, import_sdk2.resolveAsset)(input);
+  const resolved = (0, import_sdk3.resolveAsset)(input);
   if (!resolved) {
     throw new Error(`agents: --accepts '${input}' is not a known asset shorthand or a valid CAIP-19 id.`);
   }
@@ -1394,9 +1428,9 @@ function registerAcceptPrefsCommands(agents) {
   });
   prefs.command("show").description(
     "Read an agent's published accept-prefs (any DID \u2014 the read is signed with YOUR local agent key; any registered agent may read). Buyers: run this BEFORE `delegation offer` so the offer matches"
-  ).argument("<did>", "Agent DID to inspect (any agent, not just your own)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--json", "Emit only the AcceptPrefs JSON (or null) on stdout \u2014 jq-pipeable", false).action(async (did, _opts, cmd) => {
+  ).argument("<did>", "Agent DID to inspect (any agent, not just your own)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Emit only the AcceptPrefs JSON (or null) on stdout \u2014 jq-pipeable", false).action(async (did, _opts, cmd) => {
     const opts = cmd.optsWithGlobals();
-    const sender = resolveSenderAgent("agents accept-prefs show", opts.server, opts.fromDid);
+    const sender = resolveSenderAgent("agents accept-prefs show", opts.server, opts.fromDid, opts.from);
     const api = new ArpApiClient(opts.server);
     progress(opts.json, import_chalk3.default.dim(`Server: ${api.serverUrl}`));
     progress(opts.json, import_chalk3.default.dim(`Signer: ${sender.did}`));
@@ -1487,11 +1521,11 @@ function printAcceptPrefs(prefs) {
 }
 // src/commands/assets.ts
-var import_sdk3 = require("@heyanon-arp/sdk");
+var import_sdk4 = require("@heyanon-arp/sdk");
 var import_chalk4 = __toESM(require("chalk"));
 function renderAssetsText() {
   const lines = [];
-  for (const [cluster, assets] of Object.entries(import_sdk3.ASSET_WHITELIST)) {
+  for (const [cluster, assets] of Object.entries(import_sdk4.ASSET_WHITELIST)) {
     lines.push(import_chalk4.default.bold(cluster));
     for (const a of assets) {
       const key = `${a.symbol}:${cluster}`;
@@ -1507,7 +1541,7 @@ function renderAssetsText() {
 function registerAssetsCommand(root) {
   root.command("assets").description("List the payment-asset whitelist (per cluster) \u2014 currencies the server accepts for delegations").option("--json", "machine-readable output (the per-cluster whitelist table)").action((opts) => {
     if (opts.json) {
-      console.log(formatJson(import_sdk3.ASSET_WHITELIST));
+      console.log(formatJson(import_sdk4.ASSET_WHITELIST));
       return;
     }
     console.log(renderAssetsText());
@@ -1515,26 +1549,26 @@ function registerAssetsCommand(root) {
 }
 // src/commands/block.ts
-var import_sdk4 = require("@heyanon-arp/sdk");
+var import_sdk5 = require("@heyanon-arp/sdk");
 var import_chalk5 = __toESM(require("chalk"));
 init_api();
 function resolveSigningAgent(opts) {
-  return opts.fromDid !== void 0 ? loadAgentOrThrow(opts.server, opts.fromDid) : resolveSenderAgent("block", opts.server, void 0);
+  return opts.fromDid !== void 0 ? loadAgentOrThrow(opts.server, opts.fromDid) : resolveSenderAgent("block", opts.server, void 0, opts.from);
 }
 function formatBlockRow(b) {
-  const scope = b.scope === import_sdk4.InboxBlockScopes.ACCOUNT ? import_chalk5.default.yellow("account") : import_chalk5.default.cyan("did");
+  const scope = b.scope === import_sdk5.InboxBlockScopes.ACCOUNT ? import_chalk5.default.yellow("account") : import_chalk5.default.cyan("did");
   const reason = b.reason ? import_chalk5.default.dim(` \u2014 ${b.reason}`) : "";
   return `${scope.padEnd(7)}  ${b.did}${reason}  ${import_chalk5.default.dim(b.blockedAt)}`;
 }
 function registerBlockCommand(root) {
   const block = root.command("block").description("Manage your inbox blocklist \u2014 refuse inbound messages from an agent (and, by default, its whole owner account).");
-  block.command("add <did>").description("Block an agent. Default blocks the target\u2019s ENTIRE owner account (every sibling agent); --did-only blocks just this DID. You cannot block your own account.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent). The block applies account-wide regardless of which signs.").option("--did-only", "Block only this exact DID, not the whole owner account", false).option("--reason <text>", "Private note (max 512 chars), visible only to you").option("--json", "Machine-readable output", false).action(async (did, opts) => {
+  block.command("add <did>").description("Block an agent. Default blocks the target\u2019s ENTIRE owner account (every sibling agent); --did-only blocks just this DID. You cannot block your own account.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent). The block applies account-wide regardless of which signs.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--did-only", "Block only this exact DID, not the whole owner account", false).option("--reason <text>", "Private note (max 512 chars), visible only to you").option("--json", "Machine-readable output", false).action(async (did, opts) => {
     await runAdd(did, opts);
   });
-  block.command("remove <did>").alias("rm").description("Remove a block. Pass the same DID (+ --did-only flag) you blocked with.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent).").option("--did-only", "The original block was DID-level (didOnly)", false).option("--json", "Machine-readable output", false).action(async (did, opts) => {
+  block.command("remove <did>").alias("rm").description("Remove a block. Pass the same DID (+ --did-only flag) you blocked with.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent).").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--did-only", "The original block was DID-level (didOnly)", false).option("--json", "Machine-readable output", false).action(async (did, opts) => {
     await runRemove(did, opts);
   });
-  block.command("list").description("List your account\u2019s blocks. Each row shows the DID you named + scope \u2014 never the resolved owner account or its other agents.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent).").option("--json", "Machine-readable output \u2014 a JSON array.", false).action(async (opts) => {
+  block.command("list").description("List your account\u2019s blocks. Each row shows the DID you named + scope \u2014 never the resolved owner account or its other agents.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent).").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable output \u2014 a JSON array.", false).action(async (opts) => {
     await runList(opts);
   });
 }
@@ -1547,7 +1581,7 @@ async function runAdd(did, opts) {
     jsonOut(result);
     return;
   }
-  const what = result.scope === import_sdk4.InboxBlockScopes.ACCOUNT ? `the owner account of ${did} (all its agents)` : did;
+  const what = result.scope === import_sdk5.InboxBlockScopes.ACCOUNT ? `the owner account of ${did} (all its agents)` : did;
   console.log(import_chalk5.default.green(`\u2713 Blocked ${what}.`));
 }
 async function runRemove(did, opts) {
@@ -1663,15 +1697,15 @@ function unknownKey(key) {
 // src/commands/delegation.ts
 var import_node_fs4 = require("fs");
-var import_sdk10 = require("@heyanon-arp/sdk");
-var import_chalk8 = __toESM(require("chalk"));
+var import_sdk12 = require("@heyanon-arp/sdk");
+var import_chalk9 = __toESM(require("chalk"));
 init_api();
 // src/id-format.ts
-var import_sdk5 = require("@heyanon-arp/sdk");
+var import_sdk6 = require("@heyanon-arp/sdk");
 var UUID_RE = /^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$/;
 var OBJECT_ID_24_HEX_RE = /^[0-9a-f]{24}$/;
-var SHA256_PREFIX_RE = import_sdk5.SHA256_HEX_RE;
+var SHA256_PREFIX_RE = import_sdk6.SHA256_HEX_RE;
 var UUID_NO_DASHES_RE = /^[a-fA-F0-9]{32}$/;
 function describeNonUuidShape(raw) {
   if (raw === "") return "empty string";
@@ -1702,10 +1736,31 @@ function requireUuid(cmdName, raw, label) {
   throw new Error(hint ? `${base} \u2014 ${hint}` : base);
 }
-// src/commands/status.ts
-var import_sdk6 = require("@heyanon-arp/sdk");
+// src/resolve-recipient.ts
+var import_sdk7 = require("@heyanon-arp/sdk");
 var import_chalk7 = __toESM(require("chalk"));
 init_api();
+async function resolveRecipient(serverOverride, cmdName, input, opts = {}) {
+  if (input.startsWith("did:arp:")) {
+    if (!(0, import_sdk7.isValidDid)(input)) {
+      throw new Error(`${cmdName}: '${input}' starts with did:arp: but is not a valid DID (base58btc-encoded 32-byte Ed25519 pubkey).`);
+    }
+    return input;
+  }
+  const name = (0, import_sdk7.normalizeName)(input);
+  if (!(0, import_sdk7.isValidAgentName)(name)) {
+    throw new Error(`${cmdName}: '${input}' is neither a DID (did:arp:...) nor a valid agent name (lowercase a-z0-9_, 3-32 chars).`);
+  }
+  const api = new ArpApiClient(serverOverride);
+  const profile = await api.discoverByName(name);
+  warn(opts.json, import_chalk7.default.dim(`Resolved ${import_chalk7.default.cyan(name)} \u2192 ${profile.did}${profile.description ? ` (${profile.description})` : ""}`));
+  return profile.did;
+}
+// src/commands/status.ts
+var import_sdk8 = require("@heyanon-arp/sdk");
+var import_chalk8 = __toESM(require("chalk"));
+init_api();
 var UNTIL_PHASES = [
   "delegation.offered",
   "delegation.accepted",
@@ -1726,7 +1781,7 @@ var UNTIL_PHASES = [
 var WAIT_DEFAULT_INTERVAL_SEC = 3;
 var WAIT_DEFAULT_TIMEOUT_SEC = 300;
 function registerStatusCommand(root) {
-  root.command("status").description("Where am I in the work cycle? FSM state + next-action hint for ONE relationship (signed reads)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--json", "Machine-readable: single JSON object with the composed summary. Pipe-safe.", false).option(
+  root.command("status").description("Where am I in the work cycle? FSM state + next-action hint for ONE relationship (signed reads)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable: single JSON object with the composed summary. Pipe-safe.", false).option(
     "--wait",
     `Block and poll until you can act (\`nextActionOwner === 'me'\` OR \`nextActionOwner === 'either' AND relationshipState === 'active'\`) OR the cycle terminates (COMPLETE / closed / not_found). Exits immediately if either condition is already true at first read. Default cadence ${WAIT_DEFAULT_INTERVAL_SEC}s, --wait-timeout ${WAIT_DEFAULT_TIMEOUT_SEC}s. Pairs with --json so a wrapping script can branch on the new state. Exit code 124 on timeout (unix \`timeout\` convention). Combine with --wait-verbose to see per-tick state snapshots during long waits \u2014 useful for "is it alive or stuck?" diagnosis without spawning a separate \`inbox --tail\` shell.`,
     false
@@ -1751,11 +1806,11 @@ function registerStatusCommand(root) {
 }
 async function runStatus(relationshipId, opts) {
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("status", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("status", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
-    console.log(import_chalk7.default.dim(`Server: ${api.serverUrl}`));
-    console.log(import_chalk7.default.dim(`Signer: ${sender.did}`));
-    console.log(import_chalk7.default.dim(`Relationship: ${relationshipId}`));
+    console.log(import_chalk8.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk8.default.dim(`Signer: ${sender.did}`));
+    console.log(import_chalk8.default.dim(`Relationship: ${relationshipId}`));
   }
   const signer = makeSigner(sender);
   if (!opts.wait) {
@@ -1787,7 +1842,7 @@ async function runStatus(relationshipId, opts) {
 async function awaitFsmTransitionAfterAction(input) {
   const { api, signerDid, signer, relationshipId, untilPhase, waitIntervalSec, waitTimeoutSec, waitVerbose, json } = input;
   if (!json) {
-    console.log(import_chalk7.default.dim(`
+    console.log(import_chalk8.default.dim(`
 [--wait-until ${untilPhase}] polling relationship ${relationshipId} (interval=${waitIntervalSec}s timeout=${waitTimeoutSec}s)`));
   }
   const outcome = await runWaitLoop({
@@ -1804,13 +1859,13 @@ async function awaitFsmTransitionAfterAction(input) {
   }
 }
 async function runWaitLoop(opts) {
-  const isTerminal = (s) => s.cycleComplete || s.relationshipState === import_sdk6.RelationshipStates.CLOSED || s.relationshipState === "not_found";
+  const isTerminal = (s) => s.cycleComplete || s.relationshipState === import_sdk8.RelationshipStates.CLOSED || s.relationshipState === "not_found";
   const isActionable = (s) => {
     if (s.nextActionOwner === "me") {
       if (s.relationshipState === "unknown") return false;
       return true;
     }
-    if (s.nextActionOwner === "either" && s.relationshipState === import_sdk6.RelationshipStates.ACTIVE) {
+    if (s.nextActionOwner === "either" && s.relationshipState === import_sdk8.RelationshipStates.ACTIVE) {
       return true;
     }
     return false;
@@ -1826,7 +1881,7 @@ async function runWaitLoop(opts) {
   }
   if (isUntilReached !== null && isUntilReached(initial)) {
     if (opts.json) opts.log(JSON.stringify(initial));
-    else opts.log(import_chalk7.default.dim(`
+    else opts.log(import_chalk8.default.dim(`
 [--wait] Phase '${opts.until}' already reached \u2014 exiting without polling.`));
     return { timedOut: false, last: initial };
   }
@@ -1837,13 +1892,13 @@ async function runWaitLoop(opts) {
     else {
       if (opts.until !== void 0) {
         opts.log(
-          import_chalk7.default.yellow(
+          import_chalk8.default.yellow(
             `
 [--wait] Terminal state (${initial.relationshipState}, cycleComplete=${initial.cycleComplete}) reached before phase '${opts.until}' \u2014 exiting; phase unreachable.`
           )
         );
       } else {
-        opts.log(import_chalk7.default.dim(`
+        opts.log(import_chalk8.default.dim(`
 [--wait] Already terminal \u2014 exiting.`));
       }
     }
@@ -1851,15 +1906,15 @@ async function runWaitLoop(opts) {
   }
   if (opts.until === void 0 && isActionable(initial)) {
     if (opts.json) opts.log(JSON.stringify(initial));
-    else opts.log(import_chalk7.default.dim(`
+    else opts.log(import_chalk8.default.dim(`
 [--wait] Your turn already (nextActionOwner=${initial.nextActionOwner}) \u2014 exiting without polling.`));
     return { timedOut: false, last: initial };
   }
   if (!opts.json) {
     const blockerLabel = opts.until !== void 0 ? `Awaiting phase '${opts.until}'` : initial.nextActionOwner === "counterparty" ? "Counterparty owes the next move" : initial.nextActionOwner === "either" ? "Either side may act" : `Awaiting state change (currently ${initial.relationshipState}, nextActionOwner=${initial.nextActionOwner})`;
-    opts.log(import_chalk7.default.dim(`
+    opts.log(import_chalk8.default.dim(`
 [--wait] ${blockerLabel}. Polling every ${opts.waitIntervalSec}s, timeout ${opts.waitTimeoutSec}s.`));
-    opts.log(import_chalk7.default.dim(`[--wait] Initial hint: ${initial.nextActionHint}`));
+    opts.log(import_chalk8.default.dim(`[--wait] Initial hint: ${initial.nextActionHint}`));
   }
   const startedAt = localNow();
   const deadline = startedAt + opts.waitTimeoutSec * 1e3;
@@ -1879,7 +1934,7 @@ async function runWaitLoop(opts) {
       } else {
         target = `nextActionOwner=${next.nextActionOwner}`;
       }
-      opts.log(import_chalk7.default.dim(`[--wait tick ${tickIndex}/${maxTicks}] state=${next.relationshipState}, ${formatPhaseSnapshot(next)} (${target})`));
+      opts.log(import_chalk8.default.dim(`[--wait tick ${tickIndex}/${maxTicks}] state=${next.relationshipState}, ${formatPhaseSnapshot(next)} (${target})`));
     }
     if (exitPredicate(next)) {
       const phaseReached = isUntilReached !== null ? isUntilReached(next) : false;
@@ -1889,16 +1944,16 @@ async function runWaitLoop(opts) {
         opts.log("");
         if (opts.until !== void 0) {
           if (phaseReached) {
-            opts.log(import_chalk7.default.green(`[--wait] Phase '${opts.until}' reached.`));
+            opts.log(import_chalk8.default.green(`[--wait] Phase '${opts.until}' reached.`));
           } else {
             opts.log(
-              import_chalk7.default.yellow(
+              import_chalk8.default.yellow(
                 `[--wait] Terminal state (${next.relationshipState}, cycleComplete=${next.cycleComplete}) reached before phase '${opts.until}' \u2014 phase unreachable.`
               )
             );
           }
         } else {
-          opts.log(import_chalk7.default.green(`[--wait] ${isTerminal(next) ? "Cycle terminated" : `Your turn (owner=${next.nextActionOwner})`}.`));
+          opts.log(import_chalk8.default.green(`[--wait] ${isTerminal(next) ? "Cycle terminated" : `Your turn (owner=${next.nextActionOwner})`}.`));
         }
         opts.log(formatStatusReport(next));
       }
@@ -1911,14 +1966,14 @@ async function runWaitLoop(opts) {
   } else {
     if (opts.until !== void 0) {
       opts.log(
-        import_chalk7.default.yellow(
+        import_chalk8.default.yellow(
           `
 [--wait] Timed out after ${opts.waitTimeoutSec}s without reaching phase '${opts.until}' (latest state: ${last.relationshipState}, hint: ${last.nextActionHint}).`
         )
       );
     } else {
       opts.log(
-        import_chalk7.default.yellow(`
+        import_chalk8.default.yellow(`
 [--wait] Timed out after ${opts.waitTimeoutSec}s without an actionable or terminal transition (your turn never came, cycle still in flight).`)
       );
     }
@@ -1946,41 +2001,41 @@ function parseUntilPhase(raw) {
 function isPhaseTerminallyUnreachable(phase, s) {
   if (untilPhaseMatched(phase, s)) return false;
   if (s.relationshipState === "not_found") return true;
-  if (s.relationshipState === import_sdk6.RelationshipStates.CLOSED && phase !== "relationship.closed") return true;
+  if (s.relationshipState === import_sdk8.RelationshipStates.CLOSED && phase !== "relationship.closed") return true;
   return false;
 }
 function untilPhaseMatched(phase, s) {
   switch (phase) {
     case "delegation.offered":
-      return s.latestDelegation?.state === import_sdk6.DelegationStates.OFFERED;
+      return s.latestDelegation?.state === import_sdk8.DelegationStates.OFFERED;
     case "delegation.accepted":
-      return s.latestDelegation?.state === import_sdk6.DelegationStates.ACCEPTED;
+      return s.latestDelegation?.state === import_sdk8.DelegationStates.ACCEPTED;
     case "delegation.locked":
-      return s.latestDelegation?.state === import_sdk6.DelegationStates.LOCKED;
+      return s.latestDelegation?.state === import_sdk8.DelegationStates.LOCKED;
     case "delegation.disputing":
-      return s.latestDelegation?.state === import_sdk6.DelegationStates.DISPUTING;
+      return s.latestDelegation?.state === import_sdk8.DelegationStates.DISPUTING;
     case "delegation.canceled":
-      return s.latestDelegation?.state === import_sdk6.DelegationStates.CANCELED;
+      return s.latestDelegation?.state === import_sdk8.DelegationStates.CANCELED;
     case "delegation.declined":
-      return s.latestDelegation?.state === import_sdk6.DelegationStates.DECLINED;
+      return s.latestDelegation?.state === import_sdk8.DelegationStates.DECLINED;
     case "work.requested":
-      return s.latestWorkLog?.state === import_sdk6.WorkLogStates.REQUESTED;
+      return s.latestWorkLog?.state === import_sdk8.WorkLogStates.REQUESTED;
     case "work.responded":
-      return s.latestWorkLog?.state === import_sdk6.WorkLogStates.RESPONDED;
+      return s.latestWorkLog?.state === import_sdk8.WorkLogStates.RESPONDED;
     case "receipt.proposed":
       return s.latestReceipt != null;
     case "relationship.pending":
-      return s.relationshipState === import_sdk6.RelationshipStates.PENDING;
+      return s.relationshipState === import_sdk8.RelationshipStates.PENDING;
     case "relationship.active":
-      return s.relationshipState === import_sdk6.RelationshipStates.ACTIVE;
+      return s.relationshipState === import_sdk8.RelationshipStates.ACTIVE;
     case "relationship.paused":
-      return s.relationshipState === import_sdk6.RelationshipStates.PAUSED;
+      return s.relationshipState === import_sdk8.RelationshipStates.PAUSED;
     case "relationship.closed":
-      return s.relationshipState === import_sdk6.RelationshipStates.CLOSED;
+      return s.relationshipState === import_sdk8.RelationshipStates.CLOSED;
     case "cycle.complete":
       return s.cycleComplete;
     case "cycle.released":
-      return s.latestDelegation?.state === import_sdk6.DelegationStates.COMPLETED;
+      return s.latestDelegation?.state === import_sdk8.DelegationStates.COMPLETED;
   }
 }
 function parseWaitInterval(raw) {
@@ -2031,7 +2086,7 @@ async function composeStatus(api, signerDid, relationshipId, signer) {
   const relationship = relationships.find((r) => r.relationshipId === relationshipId);
   const counterpartyDid = relationship ? relationship.pairDidA === signerDid ? relationship.pairDidB : relationship.pairDidA : inferCounterpartyFromEntities(signerDid, allDelegations);
   const delegations = allDelegations;
-  const latestDelegation = pickLatestLive(delegations, [...import_sdk6.DELEGATION_ACTIVE_STATES]);
+  const latestDelegation = pickLatestLive(delegations, [...import_sdk8.DELEGATION_ACTIVE_STATES]);
   const [workLogs, receipts] = await Promise.all([
     latestDelegation ? fetchAllPages(
       (after) => api.listWorkLogs(relationshipId, signer, { limit: 100, delegationId: latestDelegation.delegationId, ...after ? { after } : {} })
@@ -2095,8 +2150,8 @@ function findReceiptForWorkLog(receipts, workLog, allWorkLogs = [workLog]) {
   };
   const responseBody = workLog.responseOutput !== void 0 ? { type: "work_response", content: { delegation_id: workLog.delegationId, request_id: workLog.requestId, output: workLog.responseOutput } } : workLog.responseError !== void 0 ? { type: "work_response", content: { delegation_id: workLog.delegationId, request_id: workLog.requestId, error: workLog.responseError } } : null;
   if (!responseBody) return null;
-  const expectedRequestHash = (0, import_sdk6.canonicalSha256Hex)(requestBody);
-  const expectedResponseHash = (0, import_sdk6.canonicalSha256Hex)(responseBody);
+  const expectedRequestHash = (0, import_sdk8.canonicalSha256Hex)(requestBody);
+  const expectedResponseHash = (0, import_sdk8.canonicalSha256Hex)(responseBody);
   const matches = receipts.filter((r) => r.requestHash === expectedRequestHash && r.responseHash === expectedResponseHash);
   if (matches.length > 0) return pickLatest(matches);
   const respondedSiblings = allWorkLogs.filter((wl) => wl.delegationId === workLog.delegationId && (wl.responseOutput !== void 0 || wl.responseError !== void 0)).length;
@@ -2138,49 +2193,49 @@ function nextAction(input) {
       complete: false
     };
   }
-  if (relationship.state === import_sdk6.RelationshipStates.PENDING) {
+  if (relationship.state === import_sdk8.RelationshipStates.PENDING) {
     return {
       hint: "Relationship is PENDING \u2014 one side owes `heyarp send-handshake-response <peer> --decision accept | decline`",
       owner: "either",
       complete: false
     };
   }
-  if (relationship.state === import_sdk6.RelationshipStates.PAUSED) {
+  if (relationship.state === import_sdk8.RelationshipStates.PAUSED) {
     return { hint: "Relationship is PAUSED \u2014 owner must `heyarp unpause` before any envelopes flow", owner: "either", complete: false };
   }
-  if (relationship.state === import_sdk6.RelationshipStates.CLOSED) {
+  if (relationship.state === import_sdk8.RelationshipStates.CLOSED) {
     return { hint: "Relationship is CLOSED \u2014 terminal state, no further action possible. Start a fresh handshake to reopen.", owner: "none", complete: false };
   }
-  if (!latestDelegation || latestDelegation.state === import_sdk6.DelegationStates.DECLINED || latestDelegation.state === import_sdk6.DelegationStates.CANCELED) {
+  if (!latestDelegation || latestDelegation.state === import_sdk8.DelegationStates.DECLINED || latestDelegation.state === import_sdk8.DelegationStates.CANCELED) {
     return {
       hint: "No live delegation \u2014 buyer offers (terms only, no lock) `heyarp delegation offer <peer> --delegation-id <new-uuid> --title \u2026 --scope \u2026 --amount \u2026 --currency SOL:solana-devnet --deadline \u2026`, then funds the escrow lock AFTER the worker accepts via `heyarp delegation fund <del-id> --escrow-lock-from-file <path>`",
       owner: "either",
       complete: false
     };
   }
-  if (latestDelegation.state === import_sdk6.DelegationStates.DISPUTING) {
+  if (latestDelegation.state === import_sdk8.DelegationStates.DISPUTING) {
     return {
       hint: `Delegation ${latestDelegation.delegationId} is DISPUTING \u2014 the buyer opened an on-chain dispute (their stake is escrowed too). The operator may rule until the dispute window lapses; after that either party closes with \`heyarp escrow dispute close ${latestDelegation.delegationId}\` (escrow returns to the buyer, both stakes return). Deadline: \`heyarp escrow show ${latestDelegation.delegationId}\`. No envelopes to send meanwhile.`,
       owner: "none",
       complete: false
     };
   }
-  if (latestDelegation.state === import_sdk6.DelegationStates.COMPLETED) {
+  if (latestDelegation.state === import_sdk8.DelegationStates.COMPLETED) {
     return {
       hint: "Cycle COMPLETE \u2014 payment claimed on chain (lock paid; the receipt carries releaseStatus=paid)",
       owner: "none",
       complete: true
     };
   }
-  if (latestDelegation.state === import_sdk6.DelegationStates.FAILED || latestDelegation.state === import_sdk6.DelegationStates.REFUNDED || latestDelegation.state === import_sdk6.DelegationStates.DISPUTE_RESOLVED) {
+  if (latestDelegation.state === import_sdk8.DelegationStates.FAILED || latestDelegation.state === import_sdk8.DelegationStates.REFUNDED || latestDelegation.state === import_sdk8.DelegationStates.DISPUTE_RESOLVED) {
     const stateLabel = latestDelegation.state.toUpperCase();
-    const reason = latestDelegation.state === import_sdk6.DelegationStates.FAILED ? "on-chain escrow lock failed to finalise (typical causes: insufficient payer funds, wrong program-id, ProgramState PDA uninitialised \u2014 check `heyarp delegations <rel-id> --json | jq .[].escrowError` for the worker-side reason)" : latestDelegation.state === import_sdk6.DelegationStates.REFUNDED ? (
+    const reason = latestDelegation.state === import_sdk8.DelegationStates.FAILED ? "on-chain escrow lock failed to finalise (typical causes: insufficient payer funds, wrong program-id, ProgramState PDA uninitialised \u2014 check `heyarp delegations <rel-id> --json | jq .[].escrowError` for the worker-side reason)" : latestDelegation.state === import_sdk8.DelegationStates.REFUNDED ? (
       // Keyed on the DELEGATION row's releaseStatus, not the
       // receipt's: in the claim-expired path the worker never
       // submitted anything, so no receipt row exists to carry
       // the outcome — the delegation copy is always present
       // on indexer-driven terminals.
-      latestDelegation.releaseStatus === import_sdk6.LockStates.DISPUTE_CLOSED ? "the dispute window lapsed without an operator ruling and the dispute was closed \u2014 escrow returned to the buyer, both stakes returned (work was delivered but not paid)" : latestDelegation.releaseStatus === import_sdk6.LockStates.REVOKED ? "the work window lapsed without an on-chain submit \u2014 the buyer reclaimed the escrow AND the worker stake (claim_expired_work)" : "lock was refunded after expiry \u2014 no work was delivered against this delegation"
+      latestDelegation.releaseStatus === import_sdk8.LockStates.DISPUTE_CLOSED ? "the dispute window lapsed without an operator ruling and the dispute was closed \u2014 escrow returned to the buyer, both stakes returned (work was delivered but not paid)" : latestDelegation.releaseStatus === import_sdk8.LockStates.REVOKED ? "the work window lapsed without an on-chain submit \u2014 the buyer reclaimed the escrow AND the worker stake (claim_expired_work)" : "lock was refunded after expiry \u2014 no work was delivered against this delegation"
     ) : "admin closed the delegation via the dispute-resolution path";
     return {
       hint: `Delegation ${latestDelegation.delegationId} is ${stateLabel} (terminal) \u2014 ${reason}. Issue a fresh \`heyarp delegation offer <peer> --delegation-id <new-uuid> \u2026\` to retry (FSM does not auto-retry).`,
@@ -2188,7 +2243,7 @@ function nextAction(input) {
       complete: false
     };
   }
-  if (latestDelegation.state === import_sdk6.DelegationStates.OFFERED) {
+  if (latestDelegation.state === import_sdk8.DelegationStates.OFFERED) {
     const iAmOfferer = latestDelegation.offererDid === signerDid;
     const stateLabel = "OFFERED";
     return {
@@ -2197,7 +2252,7 @@ function nextAction(input) {
       complete: false
     };
   }
-  if (latestDelegation.state === import_sdk6.DelegationStates.ACCEPTED && !latestWorkLog) {
+  if (latestDelegation.state === import_sdk8.DelegationStates.ACCEPTED && !latestWorkLog) {
     const iAmOfferer = latestDelegation.offererDid === signerDid;
     return {
       hint: iAmOfferer ? `Delegation ${latestDelegation.delegationId} is ACCEPTED \u2014 you (buyer) owe \`heyarp wallet create-lock --delegation-id ${latestDelegation.delegationId} --condition-hash <hex> ... > lock.json\` then \`heyarp delegation fund ${latestDelegation.delegationId} --escrow-lock-from-file lock.json\` (fund the escrow lock; work begins once it is LOCKED on chain)` : `Delegation ${latestDelegation.delegationId} is ACCEPTED \u2014 counterparty (the buyer) owes \`heyarp delegation fund\` to lock the escrow; wait for the delegation to reach LOCKED before working`,
@@ -2205,7 +2260,7 @@ function nextAction(input) {
       complete: false
     };
   }
-  if (latestDelegation.state === import_sdk6.DelegationStates.PENDING_LOCK_FINALIZATION && !latestWorkLog) {
+  if (latestDelegation.state === import_sdk8.DelegationStates.PENDING_LOCK_FINALIZATION && !latestWorkLog) {
     return {
       hint: `Delegation ${latestDelegation.delegationId} is PENDING_LOCK_FINALIZATION \u2014 the escrow lock was funded and is awaiting on-chain confirmation; both sides wait (auto-advances to LOCKED). Poll with \`heyarp status ${relationship.relationshipId} --wait --until delegation.locked\`.`,
       owner: "none",
@@ -2220,7 +2275,7 @@ function nextAction(input) {
       complete: false
     };
   }
-  if (latestWorkLog.state === import_sdk6.WorkLogStates.REQUESTED) {
+  if (latestWorkLog.state === import_sdk8.WorkLogStates.REQUESTED) {
     const iAmPayee = latestWorkLog.payeeDid === signerDid;
     return {
       hint: iAmPayee ? `work_request ${latestWorkLog.requestId} is REQUESTED \u2014 you owe \`heyarp work respond\` (output OR --error)` : `work_request ${latestWorkLog.requestId} is REQUESTED \u2014 counterparty (payee) owes \`heyarp work respond\``,
@@ -2272,349 +2327,84 @@ function formatStatusReport(s) {
   const lines = [];
   lines.push(cycleHeadline(s));
   lines.push("");
-  lines.push(import_chalk7.default.bold("Relationship"));
+  lines.push(import_chalk8.default.bold("Relationship"));
   lines.push(`  state:        ${stateColor(s.relationshipState)}`);
-  if (s.counterpartyDid) lines.push(`  counterparty: ${import_chalk7.default.cyan(s.counterpartyDid)}`);
+  if (s.counterpartyDid) lines.push(`  counterparty: ${import_chalk8.default.cyan(s.counterpartyDid)}`);
   lines.push("");
-  lines.push(import_chalk7.default.bold("Latest delegation"));
+  lines.push(import_chalk8.default.bold("Latest delegation"));
   if (s.latestDelegation) {
     lines.push(`  ${s.latestDelegation.delegationId}  state=${stateColor(s.latestDelegation.state)}`);
-    lines.push(`  offerer:      ${import_chalk7.default.cyan(s.latestDelegation.offererDid)}`);
+    lines.push(`  offerer:      ${import_chalk8.default.cyan(s.latestDelegation.offererDid)}`);
     if (s.latestDelegation.title) lines.push(`  title:        ${s.latestDelegation.title}`);
     if (s.latestDelegation.scopeSummary) lines.push(`  scope:        ${s.latestDelegation.scopeSummary}`);
   } else {
-    lines.push(import_chalk7.default.dim("  (none)"));
+    lines.push(import_chalk8.default.dim("  (none)"));
   }
   lines.push("");
-  lines.push(import_chalk7.default.bold("Latest work_log"));
+  lines.push(import_chalk8.default.bold("Latest work_log"));
   if (s.latestWorkLog) {
     lines.push(`  request_id=${s.latestWorkLog.requestId}  state=${stateColor(s.latestWorkLog.state)}`);
   } else {
-    lines.push(import_chalk7.default.dim("  (none)"));
+    lines.push(import_chalk8.default.dim("  (none)"));
   }
   lines.push("");
-  lines.push(import_chalk7.default.bold("Latest receipt"));
+  lines.push(import_chalk8.default.bold("Latest receipt"));
   if (s.latestReceipt) {
     lines.push(`  ${stateColor("proposed")}  verdict=${s.latestReceipt.verdictProposed}`);
   } else {
-    lines.push(import_chalk7.default.dim("  (none)"));
+    lines.push(import_chalk8.default.dim("  (none)"));
   }
   lines.push("");
-  lines.push(import_chalk7.default.bold("Next action"));
-  const ownerLabel = s.nextActionOwner === "me" ? import_chalk7.default.green("me") : s.nextActionOwner === "counterparty" ? import_chalk7.default.yellow("counterparty") : s.nextActionOwner === "either" ? import_chalk7.default.cyan("either side") : import_chalk7.default.dim("\u2014");
+  lines.push(import_chalk8.default.bold("Next action"));
+  const ownerLabel = s.nextActionOwner === "me" ? import_chalk8.default.green("me") : s.nextActionOwner === "counterparty" ? import_chalk8.default.yellow("counterparty") : s.nextActionOwner === "either" ? import_chalk8.default.cyan("either side") : import_chalk8.default.dim("\u2014");
   lines.push(`  whose turn:   ${ownerLabel}`);
   lines.push(`  hint:         ${s.nextActionHint}`);
-  if (s.cycleComplete) lines.push(`  ${import_chalk7.default.green("\u2713 Cycle complete.")}`);
+  if (s.cycleComplete) lines.push(`  ${import_chalk8.default.green("\u2713 Cycle complete.")}`);
   return lines.join("\n");
 }
 function cycleHeadline(s) {
   if (s.cycleComplete) {
-    return `${import_chalk7.default.bold("Cycle:")} ${import_chalk7.default.green.bold("COMPLETE")} ${import_chalk7.default.dim("\u2014 payment proven on chain")}`;
+    return `${import_chalk8.default.bold("Cycle:")} ${import_chalk8.default.green.bold("COMPLETE")} ${import_chalk8.default.dim("\u2014 payment proven on chain")}`;
   }
   switch (s.relationshipState) {
     case "not_found":
-      return `${import_chalk7.default.bold("Cycle:")} ${import_chalk7.default.red.bold("NOT FOUND")} ${import_chalk7.default.dim("\u2014 relationship missing or signer is not a member")}`;
+      return `${import_chalk8.default.bold("Cycle:")} ${import_chalk8.default.red.bold("NOT FOUND")} ${import_chalk8.default.dim("\u2014 relationship missing or signer is not a member")}`;
     case "unknown":
-      return `${import_chalk7.default.bold("Cycle:")} ${import_chalk7.default.yellow.bold("UNKNOWN")} ${import_chalk7.default.dim("\u2014 state probe inconclusive; hint below is advisory")}`;
-    case import_sdk6.RelationshipStates.CLOSED:
-      return `${import_chalk7.default.bold("Cycle:")} ${import_chalk7.default.red.bold("CLOSED")} ${import_chalk7.default.dim("\u2014 relationship terminal, no further protocol action")}`;
-    case import_sdk6.RelationshipStates.PAUSED:
-      return `${import_chalk7.default.bold("Cycle:")} ${import_chalk7.default.yellow.bold("PAUSED")} ${import_chalk7.default.dim("\u2014 relationship soft-disabled, resume to continue")}`;
-    case import_sdk6.RelationshipStates.PENDING:
-      return `${import_chalk7.default.bold("Cycle:")} ${import_chalk7.default.yellow.bold("PENDING")} ${import_chalk7.default.dim("\u2014 awaiting handshake_response")}`;
-    case import_sdk6.RelationshipStates.ACTIVE:
+      return `${import_chalk8.default.bold("Cycle:")} ${import_chalk8.default.yellow.bold("UNKNOWN")} ${import_chalk8.default.dim("\u2014 state probe inconclusive; hint below is advisory")}`;
+    case import_sdk8.RelationshipStates.CLOSED:
+      return `${import_chalk8.default.bold("Cycle:")} ${import_chalk8.default.red.bold("CLOSED")} ${import_chalk8.default.dim("\u2014 relationship terminal, no further protocol action")}`;
+    case import_sdk8.RelationshipStates.PAUSED:
+      return `${import_chalk8.default.bold("Cycle:")} ${import_chalk8.default.yellow.bold("PAUSED")} ${import_chalk8.default.dim("\u2014 relationship soft-disabled, resume to continue")}`;
+    case import_sdk8.RelationshipStates.PENDING:
+      return `${import_chalk8.default.bold("Cycle:")} ${import_chalk8.default.yellow.bold("PENDING")} ${import_chalk8.default.dim("\u2014 awaiting handshake_response")}`;
+    case import_sdk8.RelationshipStates.ACTIVE:
     default:
-      return `${import_chalk7.default.bold("Cycle:")} ${import_chalk7.default.cyan.bold("ACTIVE")} ${import_chalk7.default.dim('\u2014 work in progress; see "Next action" below')}`;
+      return `${import_chalk8.default.bold("Cycle:")} ${import_chalk8.default.cyan.bold("ACTIVE")} ${import_chalk8.default.dim('\u2014 work in progress; see "Next action" below')}`;
   }
 }
 function stateColor(state) {
-  const c = state === "active" || state === "accepted" || state === "locked" || state === "responded" || state === "completed" ? import_chalk7.default.green : state === "pending" || state === "requested" || state === "offered" || state === "pending_lock_finalization" ? import_chalk7.default.yellow : state === "closed" || state === "declined" || state === "canceled" || state === "replaced" || state === "not_found" || // Terminal failure states deserve the same red
+  const c = state === "active" || state === "accepted" || state === "locked" || state === "responded" || state === "completed" ? import_chalk8.default.green : state === "pending" || state === "requested" || state === "offered" || state === "pending_lock_finalization" ? import_chalk8.default.yellow : state === "closed" || state === "declined" || state === "canceled" || state === "replaced" || state === "not_found" || // Terminal failure states deserve the same red
   // treatment as declined/canceled so an operator
   // scanning `heyarp status` immediately sees
   // "this is dead, don't follow the hint blindly".
-  state === "failed" || state === "refunded" || state === "dispute_resolved" ? import_chalk7.default.red : import_chalk7.default.cyan;
+  state === "failed" || state === "refunded" || state === "dispute_resolved" ? import_chalk8.default.red : import_chalk8.default.cyan;
   return c(state);
 }
 // src/commands/wallet.ts
-var import_sdk9 = require("@heyanon-arp/sdk");
+var import_sdk11 = require("@heyanon-arp/sdk");
 var import_utils = require("@noble/hashes/utils");
-var import_web32 = require("@solana/web3.js");
+var import_web3 = require("@solana/web3.js");
 init_api();
 init_config();
 // src/solana/escrow-ix.ts
-var import_sdk7 = require("@heyanon-arp/sdk");
-var import_web3 = require("@solana/web3.js");
-var SPL_TOKEN_PROGRAM_ID = new import_web3.PublicKey(import_sdk7.SPL_TOKEN_PROGRAM_ID_BASE58);
-var ASSOCIATED_TOKEN_PROGRAM_ID = new import_web3.PublicKey(import_sdk7.ASSOCIATED_TOKEN_PROGRAM_ID_BASE58);
-var NATIVE_SOL_MINT = new import_web3.PublicKey(import_sdk7.NATIVE_SOL_MINT_BASE58);
-function deriveLockPda(programId, lockId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk7.ESCROW_PDA_SEEDS.LOCK), Buffer.from(lockId)], programId)[0];
-}
-function deriveEscrowPda(programId, lockId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk7.ESCROW_PDA_SEEDS.ESCROW), Buffer.from(lockId)], programId)[0];
-}
-function deriveConfigPda(programId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk7.ESCROW_PDA_SEEDS.CONFIG)], programId)[0];
-}
-function deriveStakeVaultPda(programId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk7.ESCROW_PDA_SEEDS.STAKE_VAULT)], programId)[0];
-}
-function deriveCollateralConfigPda(programId, mint) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk7.ESCROW_PDA_SEEDS.COLLATERAL), mint.toBuffer()], programId)[0];
-}
-function deriveDisputeResolutionPda(programId, lockId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk7.ESCROW_PDA_SEEDS.DISPUTE_RESOLUTION), Buffer.from(lockId)], programId)[0];
-}
-function deriveOperatorAuthPda(programId, operator) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk7.ESCROW_PDA_SEEDS.OPERATOR_AUTH), operator.toBuffer()], programId)[0];
-}
-function deriveEventAuthorityPda(programId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk7.ESCROW_PDA_SEEDS.EVENT_AUTHORITY)], programId)[0];
-}
-function deriveAta(owner, mint) {
-  return import_web3.PublicKey.findProgramAddressSync([owner.toBuffer(), SPL_TOKEN_PROGRAM_ID.toBuffer(), mint.toBuffer()], ASSOCIATED_TOKEN_PROGRAM_ID)[0];
-}
-function eventCpiTail(programId) {
-  return [
-    { pubkey: deriveEventAuthorityPda(programId), isSigner: false, isWritable: false },
-    { pubkey: programId, isSigner: false, isWritable: false }
-  ];
-}
-function meta(pubkey, opts = {}) {
-  return { pubkey, isSigner: opts.signer === true, isWritable: opts.writable === true };
-}
-function noArgIx(programId, name, keys) {
-  return new import_web3.TransactionInstruction({ programId, keys, data: Buffer.from((0, import_sdk7.buildLifecycleIxData)(name)) });
-}
-function buildCreateLockIx(input) {
-  const { programId, lockId } = input;
-  const native = input.mint === null;
-  const data = Buffer.from((0, import_sdk7.buildCreateLockIxData)({ lockId, amount: input.amount, conditionHash: input.conditionHash }, { native }));
-  const head = [
-    meta(input.payer, { signer: true, writable: true }),
-    meta(input.payee),
-    meta(deriveConfigPda(programId)),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(deriveCollateralConfigPda(programId, input.mint ?? NATIVE_SOL_MINT))
-  ];
-  const keys = native ? [...head, meta(deriveEscrowPda(programId, lockId), { writable: true }), meta(import_web3.SystemProgram.programId), ...eventCpiTail(programId)] : [
-    ...head,
-    meta(input.mint),
-    meta(deriveAta(input.payer, input.mint), { writable: true }),
-    meta(deriveEscrowPda(programId, lockId), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    meta(SPL_TOKEN_PROGRAM_ID),
-    ...eventCpiTail(programId)
-  ];
-  return new import_web3.TransactionInstruction({ programId, keys, data });
-}
-function buildAcceptLockIx(input) {
-  const { programId, lockId } = input;
-  return noArgIx(programId, "accept_lock", [
-    meta(input.payee, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveStakeVaultPda(programId), { writable: true }),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildSubmitWorkIx(input) {
-  const { programId, lockId } = input;
-  return noArgIx(programId, "submit_work", [
-    meta(input.payee, { signer: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildClaimWorkPaymentIx(input) {
-  const { programId, lockId } = input;
-  if (input.mint === null) {
-    return noArgIx(programId, "claim_work_payment_native", [
-      meta(input.authority, { signer: true, writable: true }),
-      meta(deriveStakeVaultPda(programId), { writable: true }),
-      meta(deriveLockPda(programId, lockId), { writable: true }),
-      meta(deriveEscrowPda(programId, lockId), { writable: true }),
-      meta(input.payer, { writable: true }),
-      meta(input.payee, { writable: true }),
-      meta(input.feeRecipient, { writable: true }),
-      meta(import_web3.SystemProgram.programId),
-      ...eventCpiTail(programId)
-    ]);
-  }
-  return noArgIx(programId, "claim_work_payment", [
-    meta(input.authority, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveStakeVaultPda(programId), { writable: true }),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(input.mint),
-    meta(deriveEscrowPda(programId, lockId), { writable: true }),
-    meta(input.payer, { writable: true }),
-    meta(input.payee, { writable: true }),
-    meta(deriveAta(input.payee, input.mint), { writable: true }),
-    meta(input.feeRecipient),
-    meta(deriveAta(input.feeRecipient, input.mint), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    meta(SPL_TOKEN_PROGRAM_ID),
-    meta(ASSOCIATED_TOKEN_PROGRAM_ID),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildCancelLockIx(input) {
-  const { programId, lockId } = input;
-  if (input.mint === null) {
-    return noArgIx(programId, "cancel_lock_native", [
-      meta(input.payer, { signer: true, writable: true }),
-      meta(deriveLockPda(programId, lockId), { writable: true }),
-      meta(deriveEscrowPda(programId, lockId), { writable: true }),
-      meta(import_web3.SystemProgram.programId),
-      ...eventCpiTail(programId)
-    ]);
-  }
-  return noArgIx(programId, "cancel_lock", [
-    meta(input.payer, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(input.mint),
-    meta(deriveEscrowPda(programId, lockId), { writable: true }),
-    meta(deriveAta(input.payer, input.mint), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    meta(SPL_TOKEN_PROGRAM_ID),
-    meta(ASSOCIATED_TOKEN_PROGRAM_ID),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildClaimExpiredWorkIx(input) {
-  const { programId, lockId } = input;
-  if (input.mint === null) {
-    return noArgIx(programId, "claim_expired_work_native", [
-      meta(input.payer, { signer: true, writable: true }),
-      meta(deriveStakeVaultPda(programId), { writable: true }),
-      meta(deriveLockPda(programId, lockId), { writable: true }),
-      meta(deriveEscrowPda(programId, lockId), { writable: true }),
-      meta(import_web3.SystemProgram.programId),
-      ...eventCpiTail(programId)
-    ]);
-  }
-  return noArgIx(programId, "claim_expired_work", [
-    meta(input.payer, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveStakeVaultPda(programId), { writable: true }),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(input.mint),
-    meta(deriveEscrowPda(programId, lockId), { writable: true }),
-    meta(deriveAta(input.payer, input.mint), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    meta(SPL_TOKEN_PROGRAM_ID),
-    meta(ASSOCIATED_TOKEN_PROGRAM_ID),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildOpenDisputeIx(input) {
-  const { programId, lockId } = input;
-  return noArgIx(programId, "open_dispute", [
-    meta(input.payer, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveStakeVaultPda(programId), { writable: true }),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildResolveDisputeIx(input) {
-  const { programId, lockId } = input;
-  const native = input.mint === null;
-  const data = Buffer.from((0, import_sdk7.buildResolveDisputeIxData)(input.args, { native }));
-  if (native) {
-    return new import_web3.TransactionInstruction({
-      programId,
-      data,
-      keys: [
-        meta(input.operator, { signer: true, writable: true }),
-        meta(deriveOperatorAuthPda(programId, input.operator)),
-        meta(deriveStakeVaultPda(programId), { writable: true }),
-        meta(deriveLockPda(programId, lockId), { writable: true }),
-        meta(deriveDisputeResolutionPda(programId, lockId), { writable: true }),
-        meta(deriveEscrowPda(programId, lockId), { writable: true }),
-        meta(input.payer, { writable: true }),
-        meta(input.winner, { writable: true }),
-        meta(input.feeRecipient, { writable: true }),
-        meta(input.treasury, { writable: true }),
-        meta(import_web3.SystemProgram.programId),
-        ...eventCpiTail(programId)
-      ]
-    });
-  }
-  return new import_web3.TransactionInstruction({
-    programId,
-    data,
-    keys: [
-      meta(input.operator, { signer: true, writable: true }),
-      meta(deriveOperatorAuthPda(programId, input.operator)),
-      meta(deriveConfigPda(programId)),
-      meta(deriveStakeVaultPda(programId), { writable: true }),
-      meta(deriveLockPda(programId, lockId), { writable: true }),
-      meta(deriveDisputeResolutionPda(programId, lockId), { writable: true }),
-      meta(input.mint),
-      meta(deriveEscrowPda(programId, lockId), { writable: true }),
-      meta(input.payer, { writable: true }),
-      meta(input.winner, { writable: true }),
-      meta(deriveAta(input.winner, input.mint), { writable: true }),
-      meta(input.feeRecipient),
-      meta(deriveAta(input.feeRecipient, input.mint), { writable: true }),
-      meta(input.treasury, { writable: true }),
-      meta(import_web3.SystemProgram.programId),
-      meta(SPL_TOKEN_PROGRAM_ID),
-      meta(ASSOCIATED_TOKEN_PROGRAM_ID),
-      ...eventCpiTail(programId)
-    ]
-  });
-}
-function buildCloseDisputeIx(input) {
-  const { programId, lockId } = input;
-  if (input.mint === null) {
-    return noArgIx(programId, "close_dispute_native", [
-      meta(input.authority, { signer: true, writable: true }),
-      meta(deriveStakeVaultPda(programId), { writable: true }),
-      meta(deriveLockPda(programId, lockId), { writable: true }),
-      meta(deriveEscrowPda(programId, lockId), { writable: true }),
-      meta(input.payer, { writable: true }),
-      meta(input.payee, { writable: true }),
-      meta(import_web3.SystemProgram.programId),
-      ...eventCpiTail(programId)
-    ]);
-  }
-  return noArgIx(programId, "close_dispute", [
-    meta(input.authority, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveStakeVaultPda(programId), { writable: true }),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(input.mint),
-    meta(deriveEscrowPda(programId, lockId), { writable: true }),
-    meta(input.payer, { writable: true }),
-    meta(deriveAta(input.payer, input.mint), { writable: true }),
-    meta(input.payee, { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    meta(SPL_TOKEN_PROGRAM_ID),
-    meta(ASSOCIATED_TOKEN_PROGRAM_ID),
-    ...eventCpiTail(programId)
-  ]);
-}
-async function fetchLockAccount(conn, programId, delegationId) {
-  const lockId = (0, import_sdk7.deriveLockId)(delegationId);
-  const lockPda = deriveLockPda(programId, lockId);
-  const info = await conn.getAccountInfo(lockPda);
-  if (!info) return null;
-  return { lockId, lockPda, lock: (0, import_sdk7.decodeLockAccount)(Uint8Array.from(info.data)) };
-}
+var import_sdk9 = require("@heyanon-arp/sdk");
 // src/commands/token-amount.ts
-var import_sdk8 = require("@heyanon-arp/sdk");
+var import_sdk10 = require("@heyanon-arp/sdk");
 function toBaseUnits(amountDecimal, decimals) {
-  if (!(0, import_sdk8.isDecimalAmountString)(amountDecimal)) {
+  if (!(0, import_sdk10.isDecimalAmountString)(amountDecimal)) {
     throw new Error(`amount '${amountDecimal}' is not a non-negative decimal number`);
   }
   if (!Number.isInteger(decimals) || decimals < 0 || decimals > 255) {
@@ -2643,8 +2433,8 @@ function normaliseDelegationId(raw) {
   }
   throw new Error(`wallet: --delegation-id must be either 'del_<uuid>' or a bare canonical-lowercase UUID (got '${raw}')`);
 }
-var SPL_TOKEN_PROGRAM_ID2 = new import_web32.PublicKey(import_sdk9.SPL_TOKEN_PROGRAM_ID_BASE58);
-var ASSOCIATED_TOKEN_PROGRAM_ID2 = new import_web32.PublicKey(import_sdk9.ASSOCIATED_TOKEN_PROGRAM_ID_BASE58);
+var SPL_TOKEN_PROGRAM_ID2 = new import_web3.PublicKey(import_sdk11.SPL_TOKEN_PROGRAM_ID_BASE58);
+var ASSOCIATED_TOKEN_PROGRAM_ID2 = new import_web3.PublicKey(import_sdk11.ASSOCIATED_TOKEN_PROGRAM_ID_BASE58);
 var FALLBACK_RPC_URL = "https://api.mainnet-beta.solana.com";
 function resolveRpcUrl(opts) {
   if (opts.rpcUrl !== void 0 && opts.rpcUrl !== "") return opts.rpcUrl;
@@ -2664,7 +2454,7 @@ function redactRpcUrl(url) {
     return "<redacted>";
   }
 }
-var FALLBACK_PROGRAM_ID = import_sdk9.ESCROW_PROGRAM_ID_BASE58;
+var FALLBACK_PROGRAM_ID = import_sdk11.ESCROW_PROGRAM_ID_BASE58;
 async function resolveProgramIdWithSource(api, opts) {
   if (opts.programId !== void 0 && opts.programId !== "") {
     return { programId: opts.programId, source: "flag" };
@@ -2747,14 +2537,14 @@ function registerDerivePdas(cmd) {
 async function derivePdasHandler(opts) {
   const normalisedDelegationId = normaliseDelegationId(opts.delegationId);
   const api = new ArpApiClient(opts.server);
-  const programId = new import_web32.PublicKey(await resolveProgramIdStrict(api, opts, "wallet derive-pdas"));
-  const lockIdBytes = (0, import_sdk9.deriveLockId)(normalisedDelegationId);
+  const programId = new import_web3.PublicKey(await resolveProgramIdStrict(api, opts, "wallet derive-pdas"));
+  const lockIdBytes = (0, import_sdk11.deriveLockId)(normalisedDelegationId);
   const lockIdSeed = Buffer.from(lockIdBytes);
   const lockIdHex = Buffer.from(lockIdBytes).toString("hex");
-  const [lockPda] = import_web32.PublicKey.findProgramAddressSync([Buffer.from("lock"), lockIdSeed], programId);
-  const [escrowPda] = import_web32.PublicKey.findProgramAddressSync([Buffer.from("escrow"), lockIdSeed], programId);
-  const [configPda] = import_web32.PublicKey.findProgramAddressSync([Buffer.from("config")], programId);
-  const [eventAuthorityPda] = import_web32.PublicKey.findProgramAddressSync([Buffer.from("__event_authority")], programId);
+  const [lockPda] = import_web3.PublicKey.findProgramAddressSync([Buffer.from("lock"), lockIdSeed], programId);
+  const [escrowPda] = import_web3.PublicKey.findProgramAddressSync([Buffer.from("escrow"), lockIdSeed], programId);
+  const [configPda] = import_web3.PublicKey.findProgramAddressSync([Buffer.from("config")], programId);
+  const [eventAuthorityPda] = import_web3.PublicKey.findProgramAddressSync([Buffer.from("__event_authority")], programId);
   return {
     delegation_id: normalisedDelegationId,
     lock_id_hex: lockIdHex,
@@ -2767,11 +2557,11 @@ async function derivePdasHandler(opts) {
   };
 }
 var TERMINAL_METHOD = {
-  [import_sdk9.LockStates.PAID]: "claim_work_payment",
-  [import_sdk9.LockStates.CANCELED]: "cancel_lock",
-  [import_sdk9.LockStates.REVOKED]: "claim_expired_work",
-  [import_sdk9.LockStates.DISPUTE_RESOLVED]: "resolve_dispute",
-  [import_sdk9.LockStates.DISPUTE_CLOSED]: "close_dispute"
+  [import_sdk11.LockStates.PAID]: "claim_work_payment",
+  [import_sdk11.LockStates.CANCELED]: "cancel_lock",
+  [import_sdk11.LockStates.REVOKED]: "claim_expired_work",
+  [import_sdk11.LockStates.DISPUTE_RESOLVED]: "resolve_dispute",
+  [import_sdk11.LockStates.DISPUTE_CLOSED]: "close_dispute"
 };
 function registerVerifyRelease(cmd) {
   cmd.command("verify-release").description(
@@ -2782,7 +2572,7 @@ function registerVerifyRelease(cmd) {
   ).option(
     "--program-id <pubkey>",
     "Deployed ARP escrow program id. STRICT: flag > ARP_ESCROW_PROGRAM_ID env > GET /v1/escrow/config > FAIL \u2014 a wrong-program read would silently report lock_never_created."
-  ).option("--from-did <did>", "Accepted for scripting symmetry with the signing commands; verify-release reads on-chain state only and needs no signer, so this is ignored.").option("--json", "Emit JSON instead of human text. jq-pipeable.", false).action(async (opts) => {
+  ).option("--from-did <did>", "Accepted for scripting symmetry with the signing commands; verify-release reads on-chain state only and needs no signer, so this is ignored.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Emit JSON instead of human text. jq-pipeable.", false).action(async (opts) => {
     try {
       const out = await verifyReleaseHandler(opts);
       if (opts.json) {
@@ -2813,13 +2603,13 @@ function registerVerifyRelease(cmd) {
 async function verifyReleaseHandler(opts) {
   const normalisedDelegationId = normaliseDelegationId(opts.delegationId);
   const api = new ArpApiClient(opts.server);
-  const programId = new import_web32.PublicKey(await resolveProgramIdStrict(api, opts));
+  const programId = new import_web3.PublicKey(await resolveProgramIdStrict(api, opts));
   const rpcUrl = resolveRpcUrlStrict(opts);
-  const conn = new import_web32.Connection(rpcUrl, "confirmed");
-  const fetched = await fetchLockAccount(conn, programId, normalisedDelegationId);
-  const lockId = (0, import_sdk9.deriveLockId)(normalisedDelegationId);
-  const lockPda = deriveLockPda(programId, lockId);
-  const escrowPda = deriveEscrowPda(programId, lockId);
+  const conn = new import_web3.Connection(rpcUrl, "confirmed");
+  const fetched = await (0, import_sdk9.fetchLockAccount)(conn, programId, normalisedDelegationId);
+  const lockId = (0, import_sdk11.deriveLockId)(normalisedDelegationId);
+  const lockPda = (0, import_sdk9.deriveLockPda)(programId, lockId);
+  const escrowPda = (0, import_sdk9.deriveEscrowPda)(programId, lockId);
   if (!fetched) {
     return {
       delegation_id: normalisedDelegationId,
@@ -2838,7 +2628,7 @@ async function verifyReleaseHandler(opts) {
     lock_pda: lockPda.toBase58(),
     escrow_pda: escrowPda.toBase58(),
     lock_account_exists: true,
-    released: status === import_sdk9.LockStates.PAID,
+    released: status === import_sdk11.LockStates.PAID,
     status,
     ...TERMINAL_METHOD[status] !== void 0 ? { release_method: TERMINAL_METHOD[status] } : {},
     lock_state: lock.stateByte,
@@ -2848,23 +2638,23 @@ async function verifyReleaseHandler(opts) {
 }
 function renderStatusLine(status) {
   switch (status) {
-    case import_sdk9.LockStates.PAID:
+    case import_sdk11.LockStates.PAID:
       return "\u2713 paid \u2014 claim_work_payment landed (buyer approval or post-review self-claim); the payee was paid net of any protocol fee";
-    case import_sdk9.LockStates.CREATED:
+    case import_sdk11.LockStates.CREATED:
       return "\u2717 created \u2014 funded, awaiting the worker accept_lock (stake) \u2014 or a buyer cancel";
-    case import_sdk9.LockStates.IN_PROGRESS:
+    case import_sdk11.LockStates.IN_PROGRESS:
       return "\u2717 in_progress \u2014 worker accepted + staked; work window running";
-    case import_sdk9.LockStates.SUBMITTED:
+    case import_sdk11.LockStates.SUBMITTED:
       return "\u2717 submitted \u2014 work delivered on-chain; review window running (buyer claims to approve, disputes to refuse; worker self-claims after expiry)";
-    case import_sdk9.LockStates.DISPUTING:
+    case import_sdk11.LockStates.DISPUTING:
       return "\u2717 disputing \u2014 buyer disputed; operator has the dispute window to rule, after that either party can close";
-    case import_sdk9.LockStates.CANCELED:
+    case import_sdk11.LockStates.CANCELED:
       return "\u2717 canceled \u2014 buyer canceled pre-accept; escrow returned";
-    case import_sdk9.LockStates.REVOKED:
+    case import_sdk11.LockStates.REVOKED:
       return "\u2717 revoked \u2014 work window lapsed unsubmitted; buyer reclaimed the escrow + the worker stake";
-    case import_sdk9.LockStates.DISPUTE_RESOLVED:
+    case import_sdk11.LockStates.DISPUTE_RESOLVED:
       return "\u2717 dispute_resolved \u2014 operator ruled; winner took the escrow per the on-chain split";
-    case import_sdk9.LockStates.DISPUTE_CLOSED:
+    case import_sdk11.LockStates.DISPUTE_CLOSED:
       return "\u2717 dispute_closed \u2014 dispute window lapsed unresolved; escrow returned to the buyer, stakes returned";
     case "lock_never_created":
       return "\u2717 lock_never_created \u2014 no Lock PDA on this cluster/program; create_lock never fired (or wrong --rpc-url/--program-id)";
@@ -2873,7 +2663,7 @@ function renderStatusLine(status) {
 function registerCreateLock(cmd) {
   cmd.command("create-lock").description(
     "Build + sign a create_lock Solana tx (native SOL or an SPL token); output JSON ready for attachments.escrow_lock. This command does NOT submit the tx to chain \u2014 it only signs the blob locally. Run this AFTER the worker accepts your offer; the actual on-chain submission happens inside `heyarp delegation fund <delegation-id> --escrow-lock-from-file <path>` (the server's escrow worker picks up the signed blob from the fund envelope's attachments and posts it). Watch for the `lock_id` appearing on-chain only AFTER `delegation fund` runs, not after this command."
-  ).option("--server <url>", "Override server URL for sender-key resolution").option("--from-did <did>", "Sender DID (= payer of the lock). Required when more than one agent on the host.").requiredOption("--delegation-id <id>", "Delegation UUID (drives the lock_id derivation)").requiredOption("--recipient-pubkey <base58>", "Payee Solana pubkey (recipient agent's settlement_pubkey)").option("--amount-lamports <int>", "NATIVE SOL: lock amount in lamports (1 SOL = 1_000_000_000). Required when --mint-pubkey is omitted; not allowed with it.").option("--mint-pubkey <base58>", "SPL token mint to lock. Omit for native SOL. Must be a legacy SPL Token mint (Token-2022 is not supported).").option("--amount-base-units <int>", "SPL: lock amount in the mint's base units (e.g. 1000000 = 1 USDC at 6 decimals). Canonical SPL amount input.").option(
+  ).option("--server <url>", "Override server URL for sender-key resolution").option("--from-did <did>", "Sender DID (= payer of the lock). Required when more than one agent on the host.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").requiredOption("--delegation-id <id>", "Delegation UUID (drives the lock_id derivation)").requiredOption("--recipient-pubkey <base58>", "Payee Solana pubkey (recipient agent's settlement_pubkey)").option("--amount-lamports <int>", "NATIVE SOL: lock amount in lamports (1 SOL = 1_000_000_000). Required when --mint-pubkey is omitted; not allowed with it.").option("--mint-pubkey <base58>", "SPL token mint to lock. Omit for native SOL. Must be a legacy SPL Token mint (Token-2022 is not supported).").option("--amount-base-units <int>", "SPL: lock amount in the mint's base units (e.g. 1000000 = 1 USDC at 6 decimals). Canonical SPL amount input.").option(
     "--amount <decimal>",
     "SPL: lock amount as a human decimal (e.g. 1.5); converted using the mint's on-chain decimals. Convenience alternative to --amount-base-units."
   ).requiredOption("--condition-hash <hex>", "32-byte hex condition_hash from `heyarp escrow derive-condition-hash` (binds the delegation terms)").option(
@@ -3007,7 +2797,7 @@ async function resolveCreateLockAsset(conn, opts, payer, clusterCaip2) {
   if (amount === 0n) {
     throw new Error("wallet create-lock: lock amount must be greater than zero.");
   }
-  const [payerAta] = import_web32.PublicKey.findProgramAddressSync([payer.toBuffer(), SPL_TOKEN_PROGRAM_ID2.toBuffer(), mint.toBuffer()], ASSOCIATED_TOKEN_PROGRAM_ID2);
+  const [payerAta] = import_web3.PublicKey.findProgramAddressSync([payer.toBuffer(), SPL_TOKEN_PROGRAM_ID2.toBuffer(), mint.toBuffer()], ASSOCIATED_TOKEN_PROGRAM_ID2);
   const ataInfo = await conn.getAccountInfo(payerAta);
   if (!ataInfo) {
     throw new Error(
@@ -3017,8 +2807,8 @@ async function resolveCreateLockAsset(conn, opts, payer, clusterCaip2) {
   if (ataInfo.data.length < 72) {
     throw new Error(`wallet create-lock: payer token account ${payerAta.toBase58()} is malformed (data length ${ataInfo.data.length} < 72).`);
   }
-  const ataMint = new import_web32.PublicKey(ataInfo.data.subarray(0, 32));
-  const ataOwner = new import_web32.PublicKey(ataInfo.data.subarray(32, 64));
+  const ataMint = new import_web3.PublicKey(ataInfo.data.subarray(0, 32));
+  const ataOwner = new import_web3.PublicKey(ataInfo.data.subarray(32, 64));
   if (!ataMint.equals(mint)) {
     throw new Error(`wallet create-lock: payer token account ${payerAta.toBase58()} is for mint ${ataMint.toBase58()}, not ${mint.toBase58()}.`);
   }
@@ -3039,7 +2829,7 @@ async function resolveCreateLockAsset(conn, opts, payer, clusterCaip2) {
   };
 }
 async function createLockHandler(opts) {
-  const agent = resolveSenderAgent("wallet create-lock", opts.server, opts.fromDid);
+  const agent = resolveSenderAgent("wallet create-lock", opts.server, opts.fromDid, opts.from);
   const payerKp = keypairFromAgent(agent);
   const normalisedDelegationId = normaliseDelegationId(opts.delegationId);
   const payee = parsePubkey(opts.recipientPubkey, "--recipient-pubkey");
@@ -3050,18 +2840,18 @@ async function createLockHandler(opts) {
   if (clusterTag !== 0 && clusterTag !== 1) {
     throw new Error(`--cluster-tag must be 0 (devnet) or 1 (mainnet) (got ${clusterTag})`);
   }
-  const clusterCaip2 = clusterTag === 1 ? import_sdk9.SOLANA_CLUSTER_IDS["solana-mainnet"] : import_sdk9.SOLANA_CLUSTER_IDS["solana-devnet"];
+  const clusterCaip2 = clusterTag === 1 ? import_sdk11.SOLANA_CLUSTER_IDS["solana-mainnet"] : import_sdk11.SOLANA_CLUSTER_IDS["solana-devnet"];
   const expectedLockAsset = typeof opts.mintPubkey === "string" && opts.mintPubkey !== "" ? { kind: "spl", mint: parsePubkey(opts.mintPubkey, "--mint-pubkey").toBase58(), cluster: clusterCaip2 } : { kind: "native" };
   if (!offlineMode) {
     await preflightLockCurrency(api, agent, normalisedDelegationId, expectedLockAsset);
   }
-  const programId = new import_web32.PublicKey(await resolveProgramId(api, opts));
+  const programId = new import_web3.PublicKey(await resolveProgramId(api, opts));
   const rpcUrl = resolveRpcUrl(opts);
-  const conn = new import_web32.Connection(rpcUrl, "confirmed");
+  const conn = new import_web3.Connection(rpcUrl, "confirmed");
   const asset = await resolveCreateLockAsset(conn, opts, payerKp.publicKey, clusterCaip2);
   const amount = asset.amount;
-  const lockIdBytes = (0, import_sdk9.deriveLockId)(normalisedDelegationId);
-  const ix = buildCreateLockIx({
+  const lockIdBytes = (0, import_sdk11.deriveLockId)(normalisedDelegationId);
+  const ix = (0, import_sdk9.buildCreateLockIx)({
     programId,
     lockId: lockIdBytes,
     payer: payerKp.publicKey,
@@ -3070,11 +2860,14 @@ async function createLockHandler(opts) {
     conditionHash,
     mint: asset.kind === "spl" ? asset.mint : null
   });
-  const tx = new import_web32.Transaction().add(ix);
+  const tx = new import_web3.Transaction().add(ix);
   tx.feePayer = payerKp.publicKey;
-  const { blockhash } = await conn.getLatestBlockhash("confirmed");
+  const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash("confirmed");
   tx.recentBlockhash = blockhash;
   tx.sign(payerKp);
+  process.stderr.write(
+    "\u26A0 create-lock: this signed blob is valid for only ~60-90s \u2014 run `heyarp delegation fund` NOW. If you wait, the create_lock tx is silently dropped on-chain and the delegation fails; re-run create-lock to retry.\n"
+  );
   const blob = tx.serialize({ requireAllSignatures: true, verifySignatures: true });
   return {
     signed_tx_blob: blob.toString("base64"),
@@ -3097,22 +2890,26 @@ async function createLockHandler(opts) {
     // Record the program id the create_lock ix was built against.
     // `delegation offer` cross-checks this pre-flight so a stale
     // ESCRoW... fallback lock doesn't ship silently.
-    program_id: programId.toBase58()
+    program_id: programId.toBase58(),
+    // Blockhash + its expiry slot — the ~60-90s submission window for
+    // this blob (see CreateLockOutput docs).
+    blockhash,
+    last_valid_block_height: lastValidBlockHeight
   };
 }
 function keypairFromAgent(agent) {
   const stored = base64ToBytes(agent.settlementSecretKeyB64);
   if (stored.length === 32) {
-    return import_web32.Keypair.fromSeed(stored);
+    return import_web3.Keypair.fromSeed(stored);
   }
   if (stored.length === 64) {
-    return import_web32.Keypair.fromSecretKey(stored);
+    return import_web3.Keypair.fromSecretKey(stored);
   }
   throw new Error(`agent ${agent.did}: settlementSecretKeyB64 must decode to 32 bytes (Ed25519 seed) or 64 bytes (Solana expanded form); got ${stored.length}`);
 }
 function parsePubkey(value, flag) {
   try {
-    return new import_web32.PublicKey(value);
+    return new import_web3.PublicKey(value);
   } catch (err) {
     throw new Error(`${flag}: invalid base58 pubkey '${value}': ${err.message}`);
   }
@@ -3145,7 +2942,7 @@ function registerDelegationCommands(root) {
   registerCancel(cmd);
 }
 function registerOffer(parent) {
-  parent.command("offer").description("Open a new delegation addressed to <recipient-did> with the agreed terms INLINE (no escrow lock \u2014 fund AFTER acceptance via `delegation fund`).").argument("<recipient-did>", "Recipient agent DID (did:arp:...)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--delegation-id <uuid>", "Override the auto-generated delegation id (UUID). Reuse the SAME id at `heyarp delegation fund` time. Useful for replay / scripting.").option("--title <s>", "Required: human-readable title for the offer").option("--brief <json>", "Optional structured brief (JSON object)").option("--criterion <s>", "acceptance_criteria \u2014 repeatable; pass --criterion once per bullet", collectRepeated, []).option("--deadline <rfc3339>", 'Optional RFC 3339 deadline (e.g. "2026-12-31T23:59:59Z")').option("--scope <text>", "scope_summary \u2014 short prose describing the agreed work. Required.").option("--amount <s>", 'Optional decimal-as-string amount (e.g. "10.00"). REQUIRES --currency if set.').option("--currency <s>", `Asset identifier: shorthand (${import_sdk10.WELL_KNOWN_ASSET_KEYS.join("|")}) OR raw CAIP-19 string.`).option("--currency-decimals <n>", "Decimal places for base-unit conversion (0-18). Required only when --currency is raw CAIP-19.").option("--currency-symbol <s>", 'Optional UI hint ("USDC", "SOL"). Max 16 chars.').option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk10.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  parent.command("offer").description("Open a new delegation addressed to <recipient-did> with the agreed terms INLINE (no escrow lock \u2014 fund AFTER acceptance via `delegation fund`).").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (did:arp:...)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--delegation-id <uuid>", "Override the auto-generated delegation id (UUID). Reuse the SAME id at `heyarp delegation fund` time. Useful for replay / scripting.").option("--title <s>", "Required: human-readable title for the offer").option("--brief <json>", "Optional structured brief (JSON object)").option("--criterion <s>", "acceptance_criteria \u2014 repeatable; pass --criterion once per bullet", collectRepeated, []).option("--deadline <rfc3339>", 'Optional RFC 3339 deadline (e.g. "2026-12-31T23:59:59Z")').option("--scope <text>", "scope_summary \u2014 short prose describing the agreed work. Required.").option("--amount <s>", 'Optional decimal-as-string amount (e.g. "10.00"). REQUIRES --currency if set.').option("--currency <s>", `Asset identifier: shorthand (${import_sdk12.WELL_KNOWN_ASSET_KEYS.join("|")}) OR raw CAIP-19 string.`).option("--currency-decimals <n>", "Decimal places for base-unit conversion (0-18). Required only when --currency is raw CAIP-19.").option("--currency-symbol <s>", 'Optional UI hint ("USDC", "SOL"). Max 16 chars.').option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk12.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"offer", delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude + the "reference this delegation" hints move to stderr; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
     false
@@ -3260,16 +3057,16 @@ async function runOffer(recipientDid, opts) {
       "delegation offer: --verbose and --json are mutually exclusive. --json emits the structured server response; --verbose adds dumps that would break `--json | jq`."
     );
   }
-  requireDid("delegation offer", recipientDid, "<recipient-did>");
+  recipientDid = await resolveRecipient(opts.server, "delegation offer", recipientDid, { json: opts.json });
   const ttlSeconds = parseTtl("delegation offer", opts.ttl);
   if (!opts.title || opts.title.length === 0) {
     throw new Error("delegation offer: --title is required (server-side validator rejects empty offers)");
   }
   const terms = parseOfferTerms("delegation offer", opts);
   const offeredAssetId = terms.currency?.asset_id;
-  if (offeredAssetId && !(0, import_sdk10.isWhitelistedAssetId)(offeredAssetId)) {
+  if (offeredAssetId && !(0, import_sdk12.isWhitelistedAssetId)(offeredAssetId)) {
     console.error(
-      import_chalk8.default.yellow(
+      import_chalk9.default.yellow(
         `warning: currency '${offeredAssetId}' is not in the static payment whitelist \u2014 the server will reject the offer (DELEGATION_ASSET_NOT_ALLOWED) unless its deploy registers this asset. See 'heyarp assets'.`
       )
     );
@@ -3286,45 +3083,45 @@ async function runOffer(recipientDid, opts) {
     );
   }
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("delegation offer", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("delegation offer", opts.server, opts.fromDid, opts.from);
   const content = {
-    action: import_sdk10.DelegationActions.OFFER,
+    action: import_sdk12.DelegationActions.OFFER,
     delegation_id: delegationId,
     title: opts.title,
     ...terms
   };
   const body = { type: "delegation", content };
-  progress(opts.json, import_chalk8.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk8.default.dim(`Sender: ${sender.did}`));
-  progress(opts.json, import_chalk8.default.dim(`Recipient: ${recipientDid}`));
-  progress(opts.json, import_chalk8.default.dim(`Delegation: ${delegationId}`));
+  progress(opts.json, import_chalk9.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk9.default.dim(`Sender: ${sender.did}`));
+  progress(opts.json, import_chalk9.default.dim(`Recipient: ${recipientDid}`));
+  progress(opts.json, import_chalk9.default.dim(`Delegation: ${delegationId}`));
   let result;
   try {
     result = await sendDelegationEnvelope({ api, sender, recipientDid, body, ttlSeconds, verbose: opts.verbose, server: opts.server });
   } catch (err) {
-    if (err instanceof ApiError && err.payload.code === import_sdk10.DelegationOfferRejectionCodes.ASSET_NOT_ALLOWED) {
+    if (err instanceof ApiError && err.payload.code === import_sdk12.DelegationOfferRejectionCodes.ASSET_NOT_ALLOWED) {
       const d = err.payload.details;
-      console.error(import_chalk8.default.yellow(`
+      console.error(import_chalk9.default.yellow(`
 The server's payment-asset whitelist rejected this currency.`));
       if (d !== void 0) {
-        console.error(import_chalk8.default.dim(`  offered:  ${JSON.stringify(d.offered)}`));
-        console.error(import_chalk8.default.dim(`  accepted: ${JSON.stringify(d.accepted)}`));
+        console.error(import_chalk9.default.dim(`  offered:  ${JSON.stringify(d.offered)}`));
+        console.error(import_chalk9.default.dim(`  accepted: ${JSON.stringify(d.accepted)}`));
       }
-      console.error(import_chalk8.default.dim(`
+      console.error(import_chalk9.default.dim(`
 See the whitelist (shorthand keys + canonical decimals):
   heyarp assets
 then re-offer with a whitelisted --currency.`));
     }
-    if (err instanceof ApiError && err.payload.code === import_sdk10.DelegationOfferRejectionCodes.PRICING_MISMATCH) {
+    if (err instanceof ApiError && err.payload.code === import_sdk12.DelegationOfferRejectionCodes.PRICING_MISMATCH) {
       const d = err.payload.details;
-      console.error(import_chalk8.default.yellow(`
+      console.error(import_chalk9.default.yellow(`
 The recipient's published accept-prefs rejected this offer${d?.reason ? ` (mismatch: ${d.reason})` : ""}.`));
       if (d !== void 0) {
-        console.error(import_chalk8.default.dim(`  accepted: ${JSON.stringify(d.accepted)}`));
-        console.error(import_chalk8.default.dim(`  offered:  ${JSON.stringify(d.offered)}`));
+        console.error(import_chalk9.default.dim(`  accepted: ${JSON.stringify(d.accepted)}`));
+        console.error(import_chalk9.default.dim(`  offered:  ${JSON.stringify(d.offered)}`));
       }
       console.error(
-        import_chalk8.default.dim(
+        import_chalk9.default.dim(
           `
 Check what the recipient accepts BEFORE offering:
   heyarp agents accept-prefs show ${recipientDid}
@@ -3332,12 +3129,12 @@ then re-run with matching --currency / --amount.`
         )
       );
     }
-    if (err instanceof ApiError && err.payload.code === import_sdk10.DelegationOfferRejectionCodes.CAPACITY_EXCEEDED) {
+    if (err instanceof ApiError && err.payload.code === import_sdk12.DelegationOfferRejectionCodes.CAPACITY_EXCEEDED) {
       const d = err.payload.details;
       const cap = d?.maxActive === 0 ? "closed for new offers (busy)" : `at capacity (${d?.currentActive}/${d?.maxActive} active delegations)`;
-      console.error(import_chalk8.default.yellow(`
+      console.error(import_chalk9.default.yellow(`
 The recipient is ${cap}.`));
-      console.error(import_chalk8.default.dim("\nThis is TRANSIENT \u2014 your terms are fine. Retry the same offer later, or pick another worker (`heyarp agents --tag \u2026`)."));
+      console.error(import_chalk9.default.dim("\nThis is TRANSIENT \u2014 your terms are fine. Retry the same offer later, or pick another worker (`heyarp agents --tag \u2026`)."));
     }
     throw err;
   }
@@ -3355,15 +3152,15 @@ The recipient is ${cap}.`));
     });
   } else {
     printIngestResult(result);
-    console.log(import_chalk8.default.dim(`
+    console.log(import_chalk9.default.dim(`
 Reference this delegation on subsequent calls with:`));
-    console.log(import_chalk8.default.dim(`  heyarp delegation accept ${result.relationshipId} ${delegationId}`));
-    console.log(import_chalk8.default.dim(`  heyarp delegation decline ${result.relationshipId} ${delegationId}`));
-    console.log(import_chalk8.default.dim(`  heyarp delegation cancel  ${result.relationshipId} ${delegationId}`));
-    console.log(import_chalk8.default.dim(`
+    console.log(import_chalk9.default.dim(`  heyarp delegation accept ${result.relationshipId} ${delegationId}`));
+    console.log(import_chalk9.default.dim(`  heyarp delegation decline ${result.relationshipId} ${delegationId}`));
+    console.log(import_chalk9.default.dim(`  heyarp delegation cancel  ${result.relationshipId} ${delegationId}`));
+    console.log(import_chalk9.default.dim(`
 After the worker accepts, fund the escrow lock:`));
-    console.log(import_chalk8.default.dim(`  heyarp wallet create-lock --delegation-id ${delegationId} --condition-hash <hex> ... > lock.json`));
-    console.log(import_chalk8.default.dim(`  heyarp delegation fund ${delegationId} --escrow-lock-from-file lock.json`));
+    console.log(import_chalk9.default.dim(`  heyarp wallet create-lock --delegation-id ${delegationId} --condition-hash <hex> ... > lock.json`));
+    console.log(import_chalk9.default.dim(`  heyarp delegation fund ${delegationId} --escrow-lock-from-file lock.json`));
   }
   if (opts.waitUntil && !opts.json) {
     const untilPhase = parseUntilPhase(opts.waitUntil);
@@ -3385,7 +3182,7 @@ After the worker accepts, fund the escrow lock:`));
   }
 }
 function registerFund(parent) {
-  parent.command("fund").description("Fund an ACCEPTED delegation with the escrow lock (buyer-only). Run AFTER the worker accepts the offer.").argument("<delegation-id>", "Delegation UUID (the one you offered + the worker accepted)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk10.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  parent.command("fund").description("Fund an ACCEPTED delegation with the escrow lock (buyer-only). Run AFTER the worker accepts the offer.").argument("<delegation-id>", "Delegation UUID (the one you offered + the worker accepted)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk12.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"fund", delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude moves off stdout; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
     false
@@ -3426,7 +3223,7 @@ async function runFund(delegationId, opts) {
     );
   }
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("delegation fund", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("delegation fund", opts.server, opts.fromDid, opts.from);
   const signer = makeSigner(sender);
   const resolved = await resolveFundRefs("delegation fund", api, signer, { delegationId, selfDid: sender.did });
   if (escrowResult.lockProgramId !== void 0) {
@@ -3443,23 +3240,23 @@ async function runFund(delegationId, opts) {
     }
     if (result2.kind === "skipped_no_expected_program_id") {
       console.error(
-        import_chalk8.default.yellow(
+        import_chalk9.default.yellow(
           "\u26A0 delegation fund: no authoritative expected program-id available (--program-id missing, ARP_ESCROW_PROGRAM_ID env unset, server protocol-fee unreachable). Pre-flight skipped; server-side ESC_LOCK_TX_PROGRAM_ID_MISMATCH check is the only backstop. Set ARP_ESCROW_PROGRAM_ID or pass --program-id to enable pre-flight."
         )
       );
     }
   }
-  const content = { action: import_sdk10.DelegationActions.FUND, delegation_id: delegationId };
+  const content = { action: import_sdk12.DelegationActions.FUND, delegation_id: delegationId };
   const body = { type: "delegation", content };
   const attachments = { escrow_lock: escrowResult.attachment };
-  progress(opts.json, import_chalk8.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk8.default.dim(`Sender: ${sender.did}`));
-  progress(opts.json, import_chalk8.default.dim(`Recipient: ${resolved.recipientDid}`));
-  progress(opts.json, import_chalk8.default.dim(`Relationship: ${resolved.relationshipId}`));
-  progress(opts.json, import_chalk8.default.dim(`Delegation: ${delegationId} (action=fund)`));
+  progress(opts.json, import_chalk9.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk9.default.dim(`Sender: ${sender.did}`));
+  progress(opts.json, import_chalk9.default.dim(`Recipient: ${resolved.recipientDid}`));
+  progress(opts.json, import_chalk9.default.dim(`Relationship: ${resolved.relationshipId}`));
+  progress(opts.json, import_chalk9.default.dim(`Delegation: ${delegationId} (action=fund)`));
   {
     const a = escrowResult.attachment;
-    progress(opts.json, import_chalk8.default.dim(`Escrow lock attached: lock_id=${a.lock_id} amount=${a.amount} asset_id=${a.asset_id}`));
+    progress(opts.json, import_chalk9.default.dim(`Escrow lock attached: lock_id=${a.lock_id} amount=${a.amount} asset_id=${a.asset_id}`));
   }
   const result = await sendDelegationEnvelope({
     api,
@@ -3485,7 +3282,7 @@ async function runFund(delegationId, opts) {
     });
   } else {
     printIngestResult(result);
-    console.log(import_chalk8.default.dim("\nThe worker waits for the on-chain lock to confirm (LOCKED), then begins work."));
+    console.log(import_chalk9.default.dim("\nThe worker waits for the on-chain lock to confirm (LOCKED), then begins work."));
   }
   if (opts.waitUntil && !opts.json) {
     const untilPhase = parseUntilPhase(opts.waitUntil);
@@ -3534,7 +3331,7 @@ async function resolveFundRefs(cmdName, api, signer, args) {
   );
 }
 function registerAccept(parent) {
-  parent.command("accept").description("Accept a PROPOSED delegation \u2014 promotes to ACCEPTED. Counterparty-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  parent.command("accept").description("Accept a PROPOSED delegation \u2014 promotes to ACCEPTED. Counterparty-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"accept", delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude + pending-lock poll chatter move off stdout; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
     false
@@ -3546,11 +3343,11 @@ function registerAccept(parent) {
   });
 }
 function registerDecline(parent) {
-  parent.command("decline").description("Decline a PROPOSED delegation \u2014 moves to DECLINED. Counterparty-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").requiredOption(
+  parent.command("decline").description("Decline a PROPOSED delegation \u2014 moves to DECLINED. Counterparty-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").requiredOption(
     "--reason <code>",
     // surface the closed enum at help time so operators
     // don't have to read source to find acceptable values.
-    `Required: decline reason code (one of: ${import_sdk10.DECLINE_REASONS.join(", ")}). Carried in body.content.reason so the counterparty's reactor can branch on it.`
+    `Required: decline reason code (one of: ${import_sdk12.DECLINE_REASONS.join(", ")}). Carried in body.content.reason so the counterparty's reactor can branch on it.`
   ).option("--reason-detail <s>", 'Optional free-text elaboration alongside --reason (e.g. "rate floor 0.20 USDC"). Max 512 chars.').option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"decline", delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude + pending-lock poll chatter move off stdout; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
@@ -3563,7 +3360,7 @@ function registerDecline(parent) {
   });
 }
 function registerCancel(parent) {
-  parent.command("cancel").description("Cancel an OFFERED delegation \u2014 moves to CANCELED. Offerer-only (the OTHER side uses decline).").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  parent.command("cancel").description("Cancel an OFFERED delegation \u2014 moves to CANCELED. Offerer-only (the OTHER side uses decline).").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"cancel", delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude + pending-lock poll chatter move off stdout; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
     false
@@ -3587,16 +3384,16 @@ async function runFollowupAction(relationshipId, delegationId, action, opts) {
   const lockWaitTimeoutSec = parseLockWaitTimeout(cmdName, opts.lockWaitTimeout);
   const lockWaitIntervalSec = parseLockWaitInterval(cmdName, opts.lockWaitInterval);
   let declinePayload = null;
-  if (action === import_sdk10.DelegationActions.DECLINE) {
+  if (action === import_sdk12.DelegationActions.DECLINE) {
     const reason = parseDeclineReason(cmdName, opts.reason);
     const validatedDetail = parseReasonDetail(cmdName, opts.reasonDetail);
     declinePayload = validatedDetail ? { reason, reasonDetail: validatedDetail } : { reason };
   }
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent(cmdName, opts.server, opts.fromDid);
+  const sender = resolveSenderAgent(cmdName, opts.server, opts.fromDid, opts.from);
   const signer = makeSigner(sender);
   const resolved = await resolveDelegationRefs(cmdName, api, signer, { relationshipId, delegationId, action, selfDid: sender.did });
-  if (resolved.state === import_sdk10.DelegationStates.PENDING_LOCK_FINALIZATION && opts.waitForLock !== false) {
+  if (resolved.state === import_sdk12.DelegationStates.PENDING_LOCK_FINALIZATION && opts.waitForLock !== false) {
     await awaitDelegationLockFinalized(cmdName, api, signer, {
       relationshipId,
       delegationId,
@@ -3618,10 +3415,10 @@ async function runFollowupAction(relationshipId, delegationId, action, opts) {
     if (declinePayload.reasonDetail) content.reason_detail = declinePayload.reasonDetail;
   }
   const body = { type: "delegation", content };
-  progress(opts.json, import_chalk8.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk8.default.dim(`Sender: ${sender.did}`));
-  progress(opts.json, import_chalk8.default.dim(`Relationship: ${relationshipId}`));
-  progress(opts.json, import_chalk8.default.dim(`Delegation: ${delegationId} (action=${action}${action === import_sdk10.DelegationActions.DECLINE ? `, reason=${content.reason}` : ""})`));
+  progress(opts.json, import_chalk9.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk9.default.dim(`Sender: ${sender.did}`));
+  progress(opts.json, import_chalk9.default.dim(`Relationship: ${relationshipId}`));
+  progress(opts.json, import_chalk9.default.dim(`Delegation: ${delegationId} (action=${action}${action === import_sdk12.DelegationActions.DECLINE ? `, reason=${content.reason}` : ""})`));
   const result = await sendDelegationEnvelope({
     api,
     sender,
@@ -3650,9 +3447,9 @@ async function runFollowupAction(relationshipId, delegationId, action, opts) {
 async function sendDelegationEnvelope(args) {
   const nextSequence = (args.sender.lastSenderSequence ?? 0) + 1;
   const protectedBlock = {
-    protocol_version: import_sdk10.CURRENT_PROTOCOL_VERSION,
-    purpose: import_sdk10.Purpose.ENVELOPE,
-    message_id: (0, import_sdk10.uuidV4)(),
+    protocol_version: import_sdk12.CURRENT_PROTOCOL_VERSION,
+    purpose: import_sdk12.Purpose.ENVELOPE,
+    message_id: (0, import_sdk12.uuidV4)(),
     sender_did: args.sender.did,
     recipient_did: args.recipientDid,
     // `relationship_id: null` matches the handshake
@@ -3661,20 +3458,20 @@ async function sendDelegationEnvelope(args) {
     // existing relationship row.
     relationship_id: null,
     sender_sequence: nextSequence,
-    sender_nonce: (0, import_sdk10.senderNonce)(),
-    timestamp: (0, import_sdk10.rfc3339)(),
-    expires_at: (0, import_sdk10.expiresAt)(args.ttlSeconds),
+    sender_nonce: (0, import_sdk12.senderNonce)(),
+    timestamp: (0, import_sdk12.rfc3339)(),
+    expires_at: (0, import_sdk12.expiresAt)(args.ttlSeconds),
     delivery_id: null
   };
   const signer = makeSigner(args.sender);
-  const envelope = (0, import_sdk10.signEnvelope)({
+  const envelope = (0, import_sdk12.signEnvelope)({
     protected: protectedBlock,
     body: args.body,
     identitySecretKey: signer.identitySecretKey,
     attachments: args.attachments
   });
   if (args.verbose) {
-    console.log(import_chalk8.default.bold("\nEnvelope (pre-send):"));
+    console.log(import_chalk9.default.bold("\nEnvelope (pre-send):"));
     console.log(formatJson(envelope));
   }
   try {
@@ -3682,7 +3479,7 @@ async function sendDelegationEnvelope(args) {
     updateAgentLocal(args.server, args.sender.did, { lastSenderSequence: nextSequence });
     return result;
   } catch (err) {
-    if (err instanceof ApiError && (0, import_sdk10.isPostCommitErrorCode)(err.payload.code)) {
+    if (err instanceof ApiError && (0, import_sdk12.isPostCommitErrorCode)(err.payload.code)) {
       updateAgentLocal(args.server, args.sender.did, { lastSenderSequence: nextSequence });
     }
     throw err;
@@ -3704,7 +3501,7 @@ async function resolveDelegationRefs(cmdName, api, signer, args) {
     );
   }
   let recipientDid;
-  if (args.action === import_sdk10.DelegationActions.CANCEL) {
+  if (args.action === import_sdk12.DelegationActions.CANCEL) {
     const firstEvents = await api.listEvents(args.relationshipId, signer, { since: 0, limit: 1 });
     const handshake = firstEvents[0];
     if (!handshake) {
@@ -3729,7 +3526,7 @@ async function resolveDelegationRefs(cmdName, api, signer, args) {
 async function awaitDelegationLockFinalized(cmdName, api, signer, args) {
   const log = args.log ?? ((line) => console.log(line));
   log(
-    import_chalk8.default.dim(
+    import_chalk9.default.dim(
       `
 [--wait-for-lock] delegation ${args.delegationId} is awaiting on-chain lock confirmation; polling until ready (interval=${args.intervalSec}s timeout=${args.timeoutSec}s)`
     )
@@ -3744,7 +3541,7 @@ async function awaitDelegationLockFinalized(cmdName, api, signer, args) {
       after = page[page.length - 1].id;
     }
   };
-  const outcome = await (0, import_sdk10.pollUntil)({
+  const outcome = await (0, import_sdk12.pollUntil)({
     fetch: fetchRow,
     // Match on either "row not found at all" OR "state moved
     // past pending_lock_finalization". The post-poll branch
@@ -3754,7 +3551,7 @@ async function awaitDelegationLockFinalized(cmdName, api, signer, args) {
     // rows return cleanly. Polling on null would loop pointlessly
     // until the deadline fires and surface a misleading "timed
     // out" message for what's actually a wrong-id problem.
-    predicate: (row2) => row2 === null || row2.state !== import_sdk10.DelegationStates.PENDING_LOCK_FINALIZATION,
+    predicate: (row2) => row2 === null || row2.state !== import_sdk12.DelegationStates.PENDING_LOCK_FINALIZATION,
     intervalMs: args.intervalSec * 1e3,
     timeoutMs: args.timeoutSec * 1e3,
     // Swallow ONLY transient errors. A 4xx during the poll is a
@@ -3768,7 +3565,7 @@ async function awaitDelegationLockFinalized(cmdName, api, signer, args) {
       if (err instanceof ApiError && err.status >= 400 && err.status < 500) {
         throw err;
       }
-      log(import_chalk8.default.dim(`  poll: transient fetch error (${err instanceof Error ? err.message : String(err)})`));
+      log(import_chalk9.default.dim(`  poll: transient fetch error (${err instanceof Error ? err.message : String(err)})`));
     }
   });
   if (outcome.kind === "timeout") {
@@ -3785,12 +3582,12 @@ async function awaitDelegationLockFinalized(cmdName, api, signer, args) {
       `${cmdName}: delegation ${args.delegationId} disappeared from relationship ${args.relationshipId} during --wait-for-lock pre-flight. Re-check the delegation id with \`heyarp delegations ${args.relationshipId}\`.`
     );
   }
-  if (row.state !== import_sdk10.DelegationStates.OFFERED) {
+  if (row.state !== import_sdk12.DelegationStates.OFFERED) {
     throw new Error(
       `${cmdName}: delegation ${args.delegationId} transitioned to '${row.state}' while waiting for on-chain lock confirmation; cannot ${args.action}. Re-read the delegation timeline with \`heyarp delegations ${args.relationshipId}\` to see the latest state.`
     );
   }
-  log(import_chalk8.default.dim(`[--wait-for-lock] delegation ${args.delegationId} ready (state=${row.state}); proceeding with ${args.action}.`));
+  log(import_chalk9.default.dim(`[--wait-for-lock] delegation ${args.delegationId} ready (state=${row.state}); proceeding with ${args.action}.`));
   return row;
 }
 function parseLockWaitTimeout(cmdName, raw) {
@@ -3816,12 +3613,12 @@ function parseLockWaitInterval(cmdName, raw) {
   return n;
 }
 function printIngestResult(result) {
-  console.log(import_chalk8.default.green("\nDelivered."));
-  console.log(`${import_chalk8.default.bold("Event id")}: ${import_chalk8.default.cyan(result.eventId)}`);
-  console.log(`${import_chalk8.default.bold("Relationship id")}: ${import_chalk8.default.cyan(result.relationshipId)}`);
-  console.log(`${import_chalk8.default.bold("Chain index")}: ${import_chalk8.default.cyan(String(result.relationshipEventIndex))}`);
-  console.log(`${import_chalk8.default.bold("Server timestamp")}: ${import_chalk8.default.cyan(result.serverTimestamp)}`);
-  console.log(`${import_chalk8.default.bold("Server event hash")}: ${import_chalk8.default.cyan(result.serverEventHash)}`);
+  console.log(import_chalk9.default.green("\nDelivered."));
+  console.log(`${import_chalk9.default.bold("Event id")}: ${import_chalk9.default.cyan(result.eventId)}`);
+  console.log(`${import_chalk9.default.bold("Relationship id")}: ${import_chalk9.default.cyan(result.relationshipId)}`);
+  console.log(`${import_chalk9.default.bold("Chain index")}: ${import_chalk9.default.cyan(String(result.relationshipEventIndex))}`);
+  console.log(`${import_chalk9.default.bold("Server timestamp")}: ${import_chalk9.default.cyan(result.serverTimestamp)}`);
+  console.log(`${import_chalk9.default.bold("Server event hash")}: ${import_chalk9.default.cyan(result.serverEventHash)}`);
 }
 function parseOfferTerms(cmdName, opts) {
   const out = {};
@@ -3845,7 +3642,7 @@ function parseOfferTerms(cmdName, opts) {
   if (opts.amount) {
     out.amount = opts.amount;
     if (!opts.currency) {
-      throw new Error(`${cmdName}: --amount requires --currency. Shorthand: ${import_sdk10.WELL_KNOWN_ASSET_KEYS.join(", ")}, or raw CAIP-19 + --currency-decimals.`);
+      throw new Error(`${cmdName}: --amount requires --currency. Shorthand: ${import_sdk12.WELL_KNOWN_ASSET_KEYS.join(", ")}, or raw CAIP-19 + --currency-decimals.`);
     }
     out.currency = buildAssetIdentifier(cmdName, DELEGATION_CURRENCY_FLAGS, opts.currency, opts.currencyDecimals, opts.currencySymbol);
   } else if (opts.currency) {
@@ -3868,7 +3665,7 @@ function resolveOfferDelegationId(rawCliId, escrow) {
     cliId = rawCliId.toLowerCase();
   }
   if (escrow === void 0) {
-    return cliId ?? (0, import_sdk10.uuidV4)();
+    return cliId ?? (0, import_sdk12.uuidV4)();
   }
   if (escrow.delegationIdFromLock !== void 0) {
     const fileId = escrow.delegationIdFromLock;
@@ -3893,20 +3690,15 @@ function requireUuidNormalised(cmdName, raw, label) {
   requireUuid2(cmdName, raw, label);
   return raw.toLowerCase();
 }
-function requireDid(cmdName, did, label) {
-  if (typeof did !== "string" || !did.startsWith("did:arp:") || did.length <= "did:arp:".length) {
-    throw new Error(`${cmdName}: ${label} must look like 'did:arp:...' (got '${did}')`);
-  }
-}
 function collectRepeated(value, previous) {
   return [...previous, value];
 }
 function parseDeclineReason(cmdName, raw) {
   if (raw === void 0 || raw === "") {
-    throw new Error(`${cmdName}: --reason is required when declining (one of: ${import_sdk10.DECLINE_REASONS.join(", ")})`);
+    throw new Error(`${cmdName}: --reason is required when declining (one of: ${import_sdk12.DECLINE_REASONS.join(", ")})`);
   }
-  if (!(0, import_sdk10.isDeclineReason)(raw)) {
-    throw new Error(`${cmdName}: --reason must be one of ${import_sdk10.DECLINE_REASONS.join(", ")} (got '${raw}')`);
+  if (!(0, import_sdk12.isDeclineReason)(raw)) {
+    throw new Error(`${cmdName}: --reason must be one of ${import_sdk12.DECLINE_REASONS.join(", ")} (got '${raw}')`);
   }
   return raw;
 }
@@ -3921,10 +3713,10 @@ function parseReasonDetail(cmdName, raw) {
   return raw;
 }
 function buildAssetIdentifier(cmdName, labels, rawCurrency, rawDecimals, rawSymbol) {
-  const resolved = (0, import_sdk10.resolveAsset)(rawCurrency);
+  const resolved = (0, import_sdk12.resolveAsset)(rawCurrency);
   if (!resolved) {
     throw new Error(
-      `${cmdName}: ${labels.currencyFlag} '${rawCurrency}' is not a known shorthand or a valid CAIP-19 string. Shorthand: ${import_sdk10.WELL_KNOWN_ASSET_KEYS.join(", ")}. Or pass a raw CAIP-19 id (e.g. "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp/spl:EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v") with ${labels.decimalsFlag}.`
+      `${cmdName}: ${labels.currencyFlag} '${rawCurrency}' is not a known shorthand or a valid CAIP-19 string. Shorthand: ${import_sdk12.WELL_KNOWN_ASSET_KEYS.join(", ")}. Or pass a raw CAIP-19 id (e.g. "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp/spl:EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v") with ${labels.decimalsFlag}.`
     );
   }
   let decimals = resolved.decimals;
@@ -3933,20 +3725,20 @@ function buildAssetIdentifier(cmdName, labels, rawCurrency, rawDecimals, rawSymb
       throw new Error(`${cmdName}: ${labels.currencyFlag} is a raw CAIP-19 string; ${labels.decimalsFlag} (0-18) is required to convert amounts to base units.`);
     }
     const parsed = Number(rawDecimals);
-    if (!Number.isInteger(parsed) || parsed < import_sdk10.ASSET_DECIMALS_MIN || parsed > import_sdk10.ASSET_DECIMALS_MAX) {
+    if (!Number.isInteger(parsed) || parsed < import_sdk12.ASSET_DECIMALS_MIN || parsed > import_sdk12.ASSET_DECIMALS_MAX) {
       throw new Error(`${cmdName}: ${labels.decimalsFlag} must be an integer in [0, 18] (got '${rawDecimals}').`);
     }
     decimals = parsed;
   } else if (rawDecimals !== void 0) {
     const parsed = Number(rawDecimals);
-    if (!Number.isInteger(parsed) || parsed < import_sdk10.ASSET_DECIMALS_MIN || parsed > import_sdk10.ASSET_DECIMALS_MAX) {
+    if (!Number.isInteger(parsed) || parsed < import_sdk12.ASSET_DECIMALS_MIN || parsed > import_sdk12.ASSET_DECIMALS_MAX) {
       throw new Error(`${cmdName}: ${labels.decimalsFlag} must be an integer in [0, 18] (got '${rawDecimals}').`);
     }
     decimals = parsed;
   }
   let symbol = resolved.symbol;
   if (rawSymbol !== void 0) {
-    if (rawSymbol.length < import_sdk10.ASSET_SYMBOL_MIN_LEN || rawSymbol.length > import_sdk10.ASSET_SYMBOL_MAX_LEN) {
+    if (rawSymbol.length < import_sdk12.ASSET_SYMBOL_MIN_LEN || rawSymbol.length > import_sdk12.ASSET_SYMBOL_MAX_LEN) {
       throw new Error(`${cmdName}: ${labels.symbolFlag} must be 1-16 chars (got length ${rawSymbol.length}).`);
     }
     symbol = rawSymbol;
@@ -3960,12 +3752,12 @@ var DELEGATION_CURRENCY_FLAGS = {
 };
 // src/commands/delegations.ts
-var import_sdk11 = require("@heyanon-arp/sdk");
-var import_chalk9 = __toESM(require("chalk"));
+var import_sdk13 = require("@heyanon-arp/sdk");
+var import_chalk10 = __toESM(require("chalk"));
 init_api();
-var ALLOWED_STATES = /* @__PURE__ */ new Set([import_sdk11.DelegationStates.OFFERED, import_sdk11.DelegationStates.ACCEPTED, import_sdk11.DelegationStates.DECLINED, import_sdk11.DelegationStates.CANCELED]);
+var ALLOWED_STATES = /* @__PURE__ */ new Set([import_sdk13.DelegationStates.OFFERED, import_sdk13.DelegationStates.ACCEPTED, import_sdk13.DelegationStates.DECLINED, import_sdk13.DelegationStates.CANCELED]);
 function registerDelegationsCommand(root) {
-  root.command("delegations").description("List delegations for a relationship (one row per delegationId, oldest-first)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--state <s>", "Filter by exact state (offered|accepted|declined|canceled)").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option(
+  root.command("delegations").description("List delegations for a relationship (one row per delegationId, oldest-first)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--state <s>", "Filter by exact state (offered|accepted|declined|canceled)").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--verbose",
     'After the one-line summaries, print a framed "Full delegation payloads (N rows)" block \u2014 each row labelled with full delegationId (`delegation accept` / `delegation decline` / `work request` need it) and dumped as JSON. Mutually exclusive with --json.',
     false
@@ -3982,10 +3774,10 @@ async function runDelegations(relationshipId, opts) {
   const limit = parseLimit2(opts.limit);
   const state = parseState(opts.state);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("delegations", opts.server, opts.fromDid);
-  progress(opts.json, import_chalk9.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk9.default.dim(`Signer: ${sender.did}`));
-  progress(opts.json, import_chalk9.default.dim(`Relationship: ${relationshipId}`));
+  const sender = resolveSenderAgent("delegations", opts.server, opts.fromDid, opts.from);
+  progress(opts.json, import_chalk10.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk10.default.dim(`Signer: ${sender.did}`));
+  progress(opts.json, import_chalk10.default.dim(`Relationship: ${relationshipId}`));
   const query = { limit };
   if (state) query.state = state;
   if (opts.after) query.after = opts.after;
@@ -3996,7 +3788,7 @@ async function runDelegations(relationshipId, opts) {
     return;
   }
   if (rows.length === 0) {
-    console.log(import_chalk9.default.dim("\n(no delegations for this relationship)"));
+    console.log(import_chalk10.default.dim("\n(no delegations for this relationship)"));
     return;
   }
   console.log("");
@@ -4012,19 +3804,19 @@ async function runDelegations(relationshipId, opts) {
     }));
   }
   const lastId = rows[rows.length - 1].id;
-  console.log(import_chalk9.default.dim(`
+  console.log(import_chalk10.default.dim(`
 ${rows.length} delegation row(s). Paginate with --after ${lastId}.`));
 }
 function formatDelegationLine(d, selfDid, opts = {}) {
-  const idHead_ = import_chalk9.default.bold(opts.fullIds ? d.delegationId : idHead(d.delegationId));
+  const idHead_ = import_chalk10.default.bold(opts.fullIds ? d.delegationId : idHead(d.delegationId));
   const state = colorState(d.state).padEnd(stateColumnWidth());
-  const offerer = d.offererDid === selfDid ? import_chalk9.default.bold("me") : import_chalk9.default.dim(opts.fullIds ? d.offererDid : didHead(d.offererDid));
+  const offerer = d.offererDid === selfDid ? import_chalk10.default.bold("me") : import_chalk10.default.dim(opts.fullIds ? d.offererDid : didHead(d.offererDid));
   const amount = formatAmount(d);
-  const title = d.title ? import_chalk9.default.dim(`"${truncate2(d.title, 40)}"`) : import_chalk9.default.dim("(no title)");
+  const title = d.title ? import_chalk10.default.dim(`"${truncate2(d.title, 40)}"`) : import_chalk10.default.dim("(no title)");
   let declineSuffix = "";
-  if (d.state === import_sdk11.DelegationStates.DECLINED && d.declineReason) {
+  if (d.state === import_sdk13.DelegationStates.DECLINED && d.declineReason) {
     const detail = d.declineReasonDetail ? `: ${truncate2(d.declineReasonDetail, 40)}` : "";
-    declineSuffix = `  ${import_chalk9.default.dim(`(reason: ${d.declineReason}${detail})`)}`;
+    declineSuffix = `  ${import_chalk10.default.dim(`(reason: ${d.declineReason}${detail})`)}`;
   }
   return `${idHead_}  ${state}  ${offerer}  ${amount}  ${title}${declineSuffix}`;
 }
@@ -4037,35 +3829,35 @@ function colorState(s) {
     // returns `undefined` and `formatDelegationLine` crashes with
     // `TypeError: Cannot read properties of undefined (reading
     // 'padEnd')` on any listing containing such a row.
-    case import_sdk11.DelegationStates.OFFERED:
-      return import_chalk9.default.yellow("offered");
-    case import_sdk11.DelegationStates.PENDING_LOCK_FINALIZATION:
-      return import_chalk9.default.yellow("pending_lock");
-    case import_sdk11.DelegationStates.ACCEPTED:
-      return import_chalk9.default.green("accepted");
+    case import_sdk13.DelegationStates.OFFERED:
+      return import_chalk10.default.yellow("offered");
+    case import_sdk13.DelegationStates.PENDING_LOCK_FINALIZATION:
+      return import_chalk10.default.yellow("pending_lock");
+    case import_sdk13.DelegationStates.ACCEPTED:
+      return import_chalk10.default.green("accepted");
     // The on-chain escrow lock is confirmed. Distinct branch so a
     // LOCKED row renders without hitting the defensive fallback
     // (which would otherwise echo the raw state).
-    case import_sdk11.DelegationStates.LOCKED:
-      return import_chalk9.default.green("locked");
-    case import_sdk11.DelegationStates.DECLINED:
-      return import_chalk9.default.red("declined");
-    case import_sdk11.DelegationStates.CANCELED:
-      return import_chalk9.default.dim("canceled");
+    case import_sdk13.DelegationStates.LOCKED:
+      return import_chalk10.default.green("locked");
+    case import_sdk13.DelegationStates.DECLINED:
+      return import_chalk10.default.red("declined");
+    case import_sdk13.DelegationStates.CANCELED:
+      return import_chalk10.default.dim("canceled");
     // Terminal escrow outcomes: completed = payee paid;
     // failed = create_lock never landed; refunded = funds returned
     // to the buyer (work expired / dispute closed);
     // dispute_resolved = operator ruled.
-    case import_sdk11.DelegationStates.COMPLETED:
-      return import_chalk9.default.green("completed");
-    case import_sdk11.DelegationStates.FAILED:
-      return import_chalk9.default.red("failed");
-    case import_sdk11.DelegationStates.REFUNDED:
-      return import_chalk9.default.red("refunded");
-    case import_sdk11.DelegationStates.DISPUTING:
-      return import_chalk9.default.yellow("disputing");
-    case import_sdk11.DelegationStates.DISPUTE_RESOLVED:
-      return import_chalk9.default.red("dispute_resolved");
+    case import_sdk13.DelegationStates.COMPLETED:
+      return import_chalk10.default.green("completed");
+    case import_sdk13.DelegationStates.FAILED:
+      return import_chalk10.default.red("failed");
+    case import_sdk13.DelegationStates.REFUNDED:
+      return import_chalk10.default.red("refunded");
+    case import_sdk13.DelegationStates.DISPUTING:
+      return import_chalk10.default.yellow("disputing");
+    case import_sdk13.DelegationStates.DISPUTE_RESOLVED:
+      return import_chalk10.default.red("dispute_resolved");
     default: {
       const _exhaustive = s;
       void _exhaustive;
@@ -4077,9 +3869,9 @@ function stateColumnWidth() {
   return 12;
 }
 function formatAmount(d) {
-  if (!d.amount) return import_chalk9.default.dim("(no amount)");
+  if (!d.amount) return import_chalk10.default.dim("(no amount)");
   const currency = d.currency ? d.currency.symbol ?? d.currency.assetId : "?";
-  return import_chalk9.default.cyan(`${d.amount} ${currency}`);
+  return import_chalk10.default.cyan(`${d.amount} ${currency}`);
 }
 function idHead(id) {
   if (id.length <= 12) return id;
@@ -4110,7 +3902,7 @@ function parseLimit2(raw) {
 }
 // src/commands/did-doc.ts
-var import_sdk12 = require("@heyanon-arp/sdk");
+var import_sdk14 = require("@heyanon-arp/sdk");
 init_api();
 function registerDidDocCommand(root) {
   root.command("did-doc").description(
@@ -4119,7 +3911,7 @@ function registerDidDocCommand(root) {
     "--field <path>",
     "Extract a single value via a dotted path. Supports object property access (`id`), numeric array indexes (`verificationMethod.0`), and `#fragment` array selectors that match a verification-method or service entry by its `id` suffix (`verificationMethod.#settlement.publicKeyMultibase`). Two well-known shortcuts skip the path entirely AND strip the multibase prefix: `settlementPublicKey` / `identityPublicKey` emit the raw base58 pubkey ready for flags like `--recipient-pubkey`. Scalar values (string / number / boolean) emit raw to stdout for shell composition (`KEY=$(heyarp did-doc ... --field ...)`); objects / arrays emit as pretty-printed JSON. Mutually exclusive with `--json` since `--field` already controls the shape."
   ).action(async (did, opts) => {
-    if (!(0, import_sdk12.isValidDid)(did)) {
+    if (!(0, import_sdk14.isValidDid)(did)) {
       throw new Error(`'${did}' is not a syntactically valid did:arp identifier`);
     }
     if (opts.json && opts.field !== void 0) {
@@ -4231,8 +4023,8 @@ function describeShape(value) {
 }
 // src/commands/doctor.ts
-var import_sdk13 = require("@heyanon-arp/sdk");
-var import_chalk10 = __toESM(require("chalk"));
+var import_sdk15 = require("@heyanon-arp/sdk");
+var import_chalk11 = __toESM(require("chalk"));
 init_api();
 function registerDoctorCommand(root) {
   root.command("doctor").description("Liveness probe for a counterparty: resolve DID document + read protocol activity. No auth.").argument("<did>", "did:arp:<base58btc> of the agent to probe").option("--server <url>", "Override ARP server base URL").option("--json", "Machine-readable: single JSON object on stdout. Pipe-safe.", false).action(async (did, opts) => {
@@ -4241,7 +4033,7 @@ function registerDoctorCommand(root) {
 }
 var LISTENING_THRESHOLD_SECONDS = 15 * 60;
 async function runDoctor(did, opts) {
-  if (!(0, import_sdk13.isValidDid)(did)) {
+  if (!(0, import_sdk15.isValidDid)(did)) {
     throw new Error(`'${did}' is not a syntactically valid did:arp identifier`);
   }
   const api = new ArpApiClient(opts.server);
@@ -4325,52 +4117,52 @@ async function probe(api, did) {
 }
 function formatDoctorReport(r) {
   const lines = [];
-  lines.push(`${import_chalk10.default.dim("Server:")}     ${r.server}`);
-  lines.push(`${import_chalk10.default.dim("Target DID:")} ${r.did}`);
+  lines.push(`${import_chalk11.default.dim("Server:")}     ${r.server}`);
+  lines.push(`${import_chalk11.default.dim("Target DID:")} ${r.did}`);
   if (!r.didDocument.found) {
-    lines.push(`${import_chalk10.default.dim("DID doc:")}    ${import_chalk10.default.red("\u2717")} not found`);
+    lines.push(`${import_chalk11.default.dim("DID doc:")}    ${import_chalk11.default.red("\u2717")} not found`);
   } else {
     const registered = r.didDocument.registeredAt ? ` (registered ${r.didDocument.registeredAt})` : "";
-    lines.push(`${import_chalk10.default.dim("DID doc:")}    ${import_chalk10.default.green("\u2713")} resolved${registered}`);
+    lines.push(`${import_chalk11.default.dim("DID doc:")}    ${import_chalk11.default.green("\u2713")} resolved${registered}`);
   }
   if (r.activity) {
     if (r.activity.lastEventAt === null) {
-      lines.push(`${import_chalk10.default.dim("Activity:")}   ${import_chalk10.default.dim("(no events ever \u2014 fresh agent)")}`);
+      lines.push(`${import_chalk11.default.dim("Activity:")}   ${import_chalk11.default.dim("(no events ever \u2014 fresh agent)")}`);
     } else {
       const ageMin = r.activity.ageSeconds !== null ? Math.floor(r.activity.ageSeconds / 60) : null;
       const ageStr = ageMin !== null && ageMin > 0 ? `${ageMin}m ago` : `${r.activity.ageSeconds}s ago`;
-      lines.push(`${import_chalk10.default.dim("Activity:")}   last event ${ageStr} (${r.activity.lastEventAt})`);
+      lines.push(`${import_chalk11.default.dim("Activity:")}   last event ${ageStr} (${r.activity.lastEventAt})`);
     }
     if (r.activity.lastSeenAt !== null && r.activity.lastSeenAt !== void 0) {
       const seenMin = r.activity.seenAgeSeconds !== null && r.activity.seenAgeSeconds !== void 0 ? Math.floor(r.activity.seenAgeSeconds / 60) : null;
       const seenStr = seenMin !== null && seenMin > 0 ? `${seenMin}m ago` : `${r.activity.seenAgeSeconds}s ago`;
-      lines.push(`${import_chalk10.default.dim("Last seen:")}  signed request ${seenStr} (${r.activity.lastSeenAt})`);
+      lines.push(`${import_chalk11.default.dim("Last seen:")}  signed request ${seenStr} (${r.activity.lastSeenAt})`);
     }
     if (r.activity.inboxStreamActive === true) {
-      lines.push(`${import_chalk10.default.dim("Inbox SSE:")}  ${import_chalk10.default.green("\u2713")} active subscription on the central server`);
+      lines.push(`${import_chalk11.default.dim("Inbox SSE:")}  ${import_chalk11.default.green("\u2713")} active subscription on the central server`);
     }
   }
-  const verdictColor = r.verdict === "LISTENING" ? import_chalk10.default.green : r.verdict === "DORMANT" ? import_chalk10.default.red : import_chalk10.default.yellow;
+  const verdictColor = r.verdict === "LISTENING" ? import_chalk11.default.green : r.verdict === "DORMANT" ? import_chalk11.default.red : import_chalk11.default.yellow;
   lines.push("");
-  lines.push(`${import_chalk10.default.bold("Verdict:")}    ${verdictColor(r.verdict)} \u2014 ${r.reason}`);
+  lines.push(`${import_chalk11.default.bold("Verdict:")}    ${verdictColor(r.verdict)} \u2014 ${r.reason}`);
   return lines.join("\n");
 }
 // src/commands/envelope.ts
-var import_chalk11 = __toESM(require("chalk"));
+var import_chalk12 = __toESM(require("chalk"));
 init_api();
 function registerEnvelopeCommand(root) {
-  root.command("envelope").description("Fetch one canonical envelope by eventId \u2014 full body for inspection (signed read)").argument("<event-id>", "Event UUID \u2014 copy from `heyarp inbox`, `heyarp events`, or a counterparty citation").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--json", "Machine-readable: emit only the envelope JSON object on stdout (no prelude, no chalk). Pipe-safe.", false).action(async (eventId, opts) => {
+  root.command("envelope").description("Fetch one canonical envelope by eventId \u2014 full body for inspection (signed read)").argument("<event-id>", "Event UUID \u2014 copy from `heyarp inbox`, `heyarp events`, or a counterparty citation").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable: emit only the envelope JSON object on stdout (no prelude, no chalk). Pipe-safe.", false).action(async (eventId, opts) => {
     await runEnvelope(eventId, opts);
   });
 }
 async function runEnvelope(eventId, opts) {
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("envelope", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("envelope", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
-    console.log(import_chalk11.default.dim(`Server: ${api.serverUrl}`));
-    console.log(import_chalk11.default.dim(`Signer: ${sender.did}`));
-    console.log(import_chalk11.default.dim(`Event:  ${eventId}`));
+    console.log(import_chalk12.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk12.default.dim(`Signer: ${sender.did}`));
+    console.log(import_chalk12.default.dim(`Event:  ${eventId}`));
   }
   const signer = makeSigner(sender);
   const event = await api.getEvent(sender.did, eventId, signer);
@@ -4379,43 +4171,43 @@ async function runEnvelope(eventId, opts) {
     return;
   }
   console.log("");
-  console.log(import_chalk11.default.bold("Envelope:"));
+  console.log(import_chalk12.default.bold("Envelope:"));
   console.log(formatJson(event));
   console.log("");
   console.log(formatHints(event));
 }
 function formatHints(event) {
   const lines = [];
-  lines.push(`${import_chalk11.default.dim("relationshipId:")} ${import_chalk11.default.cyan(event.relationshipId)}`);
-  lines.push(`${import_chalk11.default.dim("serverEventHash:")} ${import_chalk11.default.cyan(event.serverEventHash)}`);
-  lines.push(`${import_chalk11.default.dim("eventId:")} ${import_chalk11.default.cyan(event.eventId)}`);
-  lines.push(`${import_chalk11.default.dim("relationshipEventIndex:")} ${import_chalk11.default.cyan(String(event.relationshipEventIndex))}`);
+  lines.push(`${import_chalk12.default.dim("relationshipId:")} ${import_chalk12.default.cyan(event.relationshipId)}`);
+  lines.push(`${import_chalk12.default.dim("serverEventHash:")} ${import_chalk12.default.cyan(event.serverEventHash)}`);
+  lines.push(`${import_chalk12.default.dim("eventId:")} ${import_chalk12.default.cyan(event.eventId)}`);
+  lines.push(`${import_chalk12.default.dim("relationshipEventIndex:")} ${import_chalk12.default.cyan(String(event.relationshipEventIndex))}`);
   return lines.join("\n");
 }
 // src/commands/escrow.ts
-var import_sdk15 = require("@heyanon-arp/sdk");
+var import_sdk17 = require("@heyanon-arp/sdk");
 var import_utils2 = require("@noble/hashes/utils");
-var import_chalk12 = __toESM(require("chalk"));
+var import_chalk13 = __toESM(require("chalk"));
 init_api();
 // src/commands/escrow-actions.ts
 var import_node_crypto = require("crypto");
-var import_sdk14 = require("@heyanon-arp/sdk");
-var import_web33 = require("@solana/web3.js");
+var import_sdk16 = require("@heyanon-arp/sdk");
+var import_web32 = require("@solana/web3.js");
 init_api();
 var FEE_BUFFER_LAMPORTS = 10000000n;
 async function setup(cmd, delegationIdArg, opts) {
-  const agent = resolveSenderAgent(cmd, opts.server, opts.fromDid);
+  const agent = resolveSenderAgent(cmd, opts.server, opts.fromDid, opts.from);
   const keypair = keypairFromAgent(agent);
   const api = new ArpApiClient(opts.server);
-  const programId = new import_web33.PublicKey(await resolveProgramIdStrict(api, opts, cmd));
+  const programId = new import_web32.PublicKey(await resolveProgramIdStrict(api, opts, cmd));
   const rpcUrl = resolveRpcUrlStrict(opts, cmd);
-  const conn = new import_web33.Connection(rpcUrl, "confirmed");
+  const conn = new import_web32.Connection(rpcUrl, "confirmed");
   const delegationId = normaliseDelegationId(delegationIdArg);
-  const fetched = await fetchLockAccount(conn, programId, delegationId);
+  const fetched = await (0, import_sdk9.fetchLockAccount)(conn, programId, delegationId);
   if (!fetched) {
-    const lockPda = deriveLockPda(programId, (0, import_sdk14.deriveLockId)(delegationId)).toBase58();
+    const lockPda = (0, import_sdk9.deriveLockPda)(programId, (0, import_sdk16.deriveLockId)(delegationId)).toBase58();
     throw new Error(
       `${cmd}: no on-chain Lock for delegation ${delegationId} (PDA ${lockPda} not found on ${rpcUrl}). Either the buyer hasn't funded yet (delegation fund \u2192 server relays create_lock), or you're pointing at the wrong cluster/program.`
     );
@@ -4440,10 +4232,10 @@ function nowSecs() {
 function deadlinePassed(ctx) {
   return ctx.lock.expiry > 0n && nowSecs() >= ctx.lock.expiry;
 }
-var SYSTEM_PROGRAM_B58 = import_sdk14.SYSTEM_PROGRAM_ID_BASE58;
+var SYSTEM_PROGRAM_B58 = import_sdk16.SYSTEM_PROGRAM_ID_BASE58;
 function effectiveFeeRecipient(lock) {
-  if (lock.feeRecipientAtLock !== SYSTEM_PROGRAM_B58) return new import_web33.PublicKey(lock.feeRecipientAtLock);
-  if (lock.treasuryAtLock && lock.treasuryAtLock !== SYSTEM_PROGRAM_B58) return new import_web33.PublicKey(lock.treasuryAtLock);
+  if (lock.feeRecipientAtLock !== SYSTEM_PROGRAM_B58) return new import_web32.PublicKey(lock.feeRecipientAtLock);
+  if (lock.treasuryAtLock && lock.treasuryAtLock !== SYSTEM_PROGRAM_B58) return new import_web32.PublicKey(lock.treasuryAtLock);
   throw new Error(
     "escrow: this lock snapshots the system program as BOTH fee_recipient and treasury \u2014 no writable fee account exists; the on-chain Config was initialized inconsistently."
   );
@@ -4461,7 +4253,7 @@ async function preflightLamports(ctx, stake, what) {
   }
 }
 async function sendIx(ctx, ix) {
-  const tx = new import_web33.Transaction().add(ix);
+  const tx = new import_web32.Transaction().add(ix);
   tx.feePayer = ctx.keypair.publicKey;
   const { blockhash, lastValidBlockHeight } = await ctx.conn.getLatestBlockhash("confirmed");
   tx.recentBlockhash = blockhash;
@@ -4502,28 +4294,28 @@ function emit(ctx, action, signature, extra = {}) {
 }
 async function acceptHandler(delegationId, opts) {
   const ctx = await setup("escrow accept", delegationId, opts);
-  requireState(ctx, [import_sdk14.LockStates.CREATED], "Accept is only possible before any other transition; if it shows in_progress you already accepted.");
+  requireState(ctx, [import_sdk16.LockStates.CREATED], "Accept is only possible before any other transition; if it shows in_progress you already accepted.");
   requireSigner(ctx, "payee", ctx.lock.payee);
   const stake = ctx.lock.workerStakeAtLock;
   await preflightLamports(ctx, stake, `the worker stake (${stake} lamports, returned when the lock settles in your favour)`);
   progress(ctx.opts.json, `accepting lock ${ctx.lock.lockId.slice(0, 16)}\u2026 \u2014 staking ${stake} lamports from ${ctx.keypair.publicKey.toBase58()}`);
-  const sig = await sendIx(ctx, buildAcceptLockIx({ programId: ctx.programId, lockId: ctx.lockId, payee: ctx.keypair.publicKey }));
+  const sig = await sendIx(ctx, (0, import_sdk9.buildAcceptLockIx)({ programId: ctx.programId, lockId: ctx.lockId, payee: ctx.keypair.publicKey }));
   emit(ctx, "accept", sig, { worker_stake: stake.toString() });
 }
 async function submitWorkHandler(delegationId, opts) {
   const ctx = await setup("escrow submit-work", delegationId, opts);
-  requireState(ctx, [import_sdk14.LockStates.IN_PROGRESS], "Submit needs an accepted lock ('created' \u2192 run `heyarp escrow accept` first; terminal \u2192 the cycle already ended).");
+  requireState(ctx, [import_sdk16.LockStates.IN_PROGRESS], "Submit needs an accepted lock ('created' \u2192 run `heyarp escrow accept` first; terminal \u2192 the cycle already ended).");
   requireSigner(ctx, "payee", ctx.lock.payee);
   if (deadlinePassed(ctx)) {
     throw new Error(
       `escrow submit-work: the work window expired at ${expiryIso(ctx)} \u2014 the chain will reject submit_work and the buyer can claim the escrow back (claim_expired_work). Nothing to salvage on-chain.`
     );
   }
-  const sig = await sendIx(ctx, buildSubmitWorkIx({ programId: ctx.programId, lockId: ctx.lockId, payee: ctx.keypair.publicKey }));
+  const sig = await sendIx(ctx, (0, import_sdk9.buildSubmitWorkIx)({ programId: ctx.programId, lockId: ctx.lockId, payee: ctx.keypair.publicKey }));
   let reviewDeadline = null;
   try {
-    const fresh = await fetchLockAccount(ctx.conn, ctx.programId, ctx.delegationId);
-    if (fresh && fresh.lock.state === import_sdk14.LockStates.SUBMITTED && fresh.lock.expiry > 0n) {
+    const fresh = await (0, import_sdk9.fetchLockAccount)(ctx.conn, ctx.programId, ctx.delegationId);
+    if (fresh && fresh.lock.state === import_sdk16.LockStates.SUBMITTED && fresh.lock.expiry > 0n) {
       reviewDeadline = new Date(Number(fresh.lock.expiry) * 1e3).toISOString();
     }
   } catch {
@@ -4536,34 +4328,34 @@ async function submitWorkHandler(delegationId, opts) {
 }
 async function claimHandler(delegationId, opts) {
   const ctx = await setup("escrow claim", delegationId, opts);
-  requireState(ctx, [import_sdk14.LockStates.SUBMITTED], "Claim needs submitted work ('in_progress' \u2192 the worker must `escrow submit-work` first; 'paid' \u2192 already claimed).");
+  requireState(ctx, [import_sdk16.LockStates.SUBMITTED], "Claim needs submitted work ('in_progress' \u2192 the worker must `escrow submit-work` first; 'paid' \u2192 already claimed).");
   const me = ctx.keypair.publicKey.toBase58();
   let role;
   if (me === ctx.lock.payer) {
-    role = import_sdk14.EscrowReleaseMethods.BUYER_APPROVED;
+    role = import_sdk16.EscrowReleaseMethods.BUYER_APPROVED;
   } else if (me === ctx.lock.payee) {
     if (!deadlinePassed(ctx)) {
       throw new Error(
         `escrow claim: the review window is still open (until ${expiryIso(ctx)}). As the worker you can self-claim only AFTER it lapses; before that the buyer must approve (or dispute).`
       );
     }
-    role = import_sdk14.EscrowReleaseMethods.REVIEW_TIMEOUT;
+    role = import_sdk16.EscrowReleaseMethods.REVIEW_TIMEOUT;
   } else {
     throw new Error(`escrow claim: your settlement key ${me} is neither the payer (${ctx.lock.payer}) nor the payee (${ctx.lock.payee}) of this lock.`);
   }
   progress(
     ctx.opts.json,
-    role === import_sdk14.EscrowReleaseMethods.BUYER_APPROVED ? "approving payment as the buyer \u2014 this RELEASES the escrow and is irreversible" : "self-claiming after review timeout"
+    role === import_sdk16.EscrowReleaseMethods.BUYER_APPROVED ? "approving payment as the buyer \u2014 this RELEASES the escrow and is irreversible" : "self-claiming after review timeout"
   );
   const sig = await sendIx(
     ctx,
-    buildClaimWorkPaymentIx({
+    (0, import_sdk9.buildClaimWorkPaymentIx)({
       programId: ctx.programId,
       lockId: ctx.lockId,
       authority: ctx.keypair.publicKey,
-      payer: new import_web33.PublicKey(ctx.lock.payer),
-      payee: new import_web33.PublicKey(ctx.lock.payee),
-      mint: ctx.lock.isNative ? null : new import_web33.PublicKey(ctx.lock.mint),
+      payer: new import_web32.PublicKey(ctx.lock.payer),
+      payee: new import_web32.PublicKey(ctx.lock.payee),
+      mint: ctx.lock.isNative ? null : new import_web32.PublicKey(ctx.lock.mint),
       feeRecipient: effectiveFeeRecipient(ctx.lock)
     })
   );
@@ -4571,40 +4363,40 @@ async function claimHandler(delegationId, opts) {
 }
 async function cancelHandler(delegationId, opts) {
   const ctx = await setup("escrow cancel", delegationId, opts);
-  requireState(ctx, [import_sdk14.LockStates.CREATED], "Cancel is the pre-accept exit only \u2014 once the worker accepted ('in_progress') the windows model governs.");
+  requireState(ctx, [import_sdk16.LockStates.CREATED], "Cancel is the pre-accept exit only \u2014 once the worker accepted ('in_progress') the windows model governs.");
   requireSigner(ctx, "payer", ctx.lock.payer);
   const sig = await sendIx(
     ctx,
-    buildCancelLockIx({
+    (0, import_sdk9.buildCancelLockIx)({
       programId: ctx.programId,
       lockId: ctx.lockId,
       payer: ctx.keypair.publicKey,
-      mint: ctx.lock.isNative ? null : new import_web33.PublicKey(ctx.lock.mint)
+      mint: ctx.lock.isNative ? null : new import_web32.PublicKey(ctx.lock.mint)
     })
   );
   emit(ctx, "cancel", sig, { refunded_amount: ctx.lock.amount.toString() });
 }
 async function claimExpiredHandler(delegationId, opts) {
   const ctx = await setup("escrow claim-expired", delegationId, opts);
-  requireState(ctx, [import_sdk14.LockStates.IN_PROGRESS], "Claim-expired recovers an accepted-but-never-submitted lock; 'submitted' work goes through claim/dispute instead.");
+  requireState(ctx, [import_sdk16.LockStates.IN_PROGRESS], "Claim-expired recovers an accepted-but-never-submitted lock; 'submitted' work goes through claim/dispute instead.");
   requireSigner(ctx, "payer", ctx.lock.payer);
   if (!deadlinePassed(ctx)) {
     throw new Error(`escrow claim-expired: the work window is still open (until ${expiryIso(ctx)}). The worker can still submit; the chain will reject this claim until then.`);
   }
   const sig = await sendIx(
     ctx,
-    buildClaimExpiredWorkIx({
+    (0, import_sdk9.buildClaimExpiredWorkIx)({
       programId: ctx.programId,
       lockId: ctx.lockId,
       payer: ctx.keypair.publicKey,
-      mint: ctx.lock.isNative ? null : new import_web33.PublicKey(ctx.lock.mint)
+      mint: ctx.lock.isNative ? null : new import_web32.PublicKey(ctx.lock.mint)
     })
   );
   emit(ctx, "claim-expired", sig, { refunded_amount: ctx.lock.amount.toString(), worker_stake_forfeited: ctx.lock.workerStakeAtLock.toString() });
 }
 async function disputeOpenHandler(delegationId, opts) {
   const ctx = await setup("escrow dispute open", delegationId, opts);
-  requireState(ctx, [import_sdk14.LockStates.SUBMITTED], "Disputes open against SUBMITTED work, inside the review window.");
+  requireState(ctx, [import_sdk16.LockStates.SUBMITTED], "Disputes open against SUBMITTED work, inside the review window.");
   requireSigner(ctx, "payer", ctx.lock.payer);
   if (deadlinePassed(ctx)) {
     throw new Error(
@@ -4614,12 +4406,12 @@ async function disputeOpenHandler(delegationId, opts) {
   const stake = ctx.lock.workerStakeAtLock;
   await preflightLamports(ctx, stake, `the dispute stake (${stake} lamports \u2014 returned if the operator rules for you or the dispute times out)`);
   progress(ctx.opts.json, `opening dispute \u2014 staking ${stake} lamports; the operator has the dispute window to rule, after that either party can close`);
-  const sig = await sendIx(ctx, buildOpenDisputeIx({ programId: ctx.programId, lockId: ctx.lockId, payer: ctx.keypair.publicKey }));
+  const sig = await sendIx(ctx, (0, import_sdk9.buildOpenDisputeIx)({ programId: ctx.programId, lockId: ctx.lockId, payer: ctx.keypair.publicKey }));
   emit(ctx, "dispute-open", sig, { buyer_stake: stake.toString() });
 }
 async function disputeCloseHandler(delegationId, opts) {
   const ctx = await setup("escrow dispute close", delegationId, opts);
-  requireState(ctx, [import_sdk14.LockStates.DISPUTING], "Close only applies to an OPEN dispute that the operator never resolved.");
+  requireState(ctx, [import_sdk16.LockStates.DISPUTING], "Close only applies to an OPEN dispute that the operator never resolved.");
   const me = ctx.keypair.publicKey.toBase58();
   if (me !== ctx.lock.payer && me !== ctx.lock.payee) {
     throw new Error(`escrow dispute close: your settlement key ${me} is neither party of this lock.`);
@@ -4631,20 +4423,20 @@ async function disputeCloseHandler(delegationId, opts) {
   }
   const sig = await sendIx(
     ctx,
-    buildCloseDisputeIx({
+    (0, import_sdk9.buildCloseDisputeIx)({
       programId: ctx.programId,
       lockId: ctx.lockId,
       authority: ctx.keypair.publicKey,
-      payer: new import_web33.PublicKey(ctx.lock.payer),
-      payee: new import_web33.PublicKey(ctx.lock.payee),
-      mint: ctx.lock.isNative ? null : new import_web33.PublicKey(ctx.lock.mint)
+      payer: new import_web32.PublicKey(ctx.lock.payer),
+      payee: new import_web32.PublicKey(ctx.lock.payee),
+      mint: ctx.lock.isNative ? null : new import_web32.PublicKey(ctx.lock.mint)
     })
   );
   emit(ctx, "dispute-close", sig, {});
 }
 async function disputeResolveHandler(delegationId, opts) {
   const ctx = await setup("escrow dispute resolve", delegationId, opts);
-  requireState(ctx, [import_sdk14.LockStates.DISPUTING], "Resolve only applies to an OPEN dispute, inside the dispute window.");
+  requireState(ctx, [import_sdk16.LockStates.DISPUTING], "Resolve only applies to an OPEN dispute, inside the dispute window.");
   if (deadlinePassed(ctx)) {
     throw new Error(
       `escrow dispute resolve: the dispute window lapsed at ${expiryIso(ctx)} \u2014 the chain rejects late rulings (LockExpired); either party can now \`escrow dispute close\` instead.`
@@ -4663,15 +4455,15 @@ async function disputeResolveHandler(delegationId, opts) {
   const disputeId = Uint8Array.from(Buffer.from(disputeUuid.replace(/-/g, ""), "hex"));
   const sig = await sendIx(
     ctx,
-    buildResolveDisputeIx({
+    (0, import_sdk9.buildResolveDisputeIx)({
       programId: ctx.programId,
       lockId: ctx.lockId,
       operator: ctx.keypair.publicKey,
-      payer: new import_web33.PublicKey(ctx.lock.payer),
-      winner: new import_web33.PublicKey(winner),
+      payer: new import_web32.PublicKey(ctx.lock.payer),
+      winner: new import_web32.PublicKey(winner),
       feeRecipient: effectiveFeeRecipient(ctx.lock),
-      treasury: new import_web33.PublicKey(ctx.lock.treasuryAtLock),
-      mint: ctx.lock.isNative ? null : new import_web33.PublicKey(ctx.lock.mint),
+      treasury: new import_web32.PublicKey(ctx.lock.treasuryAtLock),
+      mint: ctx.lock.isNative ? null : new import_web32.PublicKey(ctx.lock.mint),
       args: { isPayerWinner, reasonHash, disputeId }
     })
   );
@@ -4679,16 +4471,16 @@ async function disputeResolveHandler(delegationId, opts) {
 }
 async function showHandler(delegationId, opts) {
   const api = new ArpApiClient(opts.server);
-  const programId = new import_web33.PublicKey(await resolveProgramIdStrict(api, opts, "escrow show"));
+  const programId = new import_web32.PublicKey(await resolveProgramIdStrict(api, opts, "escrow show"));
   const rpcUrl = resolveRpcUrlStrict(opts, "escrow show");
-  const conn = new import_web33.Connection(rpcUrl, "confirmed");
+  const conn = new import_web32.Connection(rpcUrl, "confirmed");
   const normalised = normaliseDelegationId(delegationId);
-  const fetched = await fetchLockAccount(conn, programId, normalised);
+  const fetched = await (0, import_sdk9.fetchLockAccount)(conn, programId, normalised);
   if (!fetched) {
     jsonOut({
       delegation_id: normalised.slice("del_".length),
       lock_exists: false,
-      lock_pda: deriveLockPda(programId, (0, import_sdk14.deriveLockId)(normalised)).toBase58(),
+      lock_pda: (0, import_sdk9.deriveLockPda)(programId, (0, import_sdk16.deriveLockId)(normalised)).toBase58(),
       rpc_url: redactRpcUrl(rpcUrl)
     });
     return;
@@ -4713,7 +4505,34 @@ async function showHandler(delegationId, opts) {
   });
 }
 function sharedFlags(cmd) {
-  return cmd.option("--server <url>", "Override ARP server base URL (program-id discovery)").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--rpc-url <url>", "Solana RPC URL (STRICT: flag > ARP_ESCROW_RPC_URL env > `heyarp config rpcUrl`; no public fallback for state-changing txs)").option("--program-id <pubkey>", "Escrow program id (STRICT: flag > env > server discovery; no hardcoded fallback)").option("--json", "Machine-readable JSON output", false);
+  return cmd.option("--server <url>", "Override ARP server base URL (program-id discovery)").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--rpc-url <url>", "Solana RPC URL (STRICT: flag > ARP_ESCROW_RPC_URL env > `heyarp config rpcUrl`; no public fallback for state-changing txs)").option("--program-id <pubkey>", "Escrow program id (STRICT: flag > env > server discovery; no hardcoded fallback)").option("--json", "Machine-readable JSON output", false);
+}
+async function disputeShowHandler(delegationId, opts) {
+  const delId = delegationId.replace(/^del_/, "");
+  const api = new ArpApiClient(opts.server);
+  const sender = resolveSenderAgent("escrow dispute show", opts.server, opts.fromDid, opts.from);
+  const row = await api.getDisputeResolution(delId, makeSigner(sender));
+  progress(opts.json, `Server: ${api.serverUrl}`);
+  progress(opts.json, `Signer: ${sender.did}`);
+  if (opts.json) {
+    jsonOut(row);
+    return;
+  }
+  const winner = row.winnerRole === "payer" ? "BUYER (payer)" : row.winnerRole === "payee" ? "WORKER (payee)" : "(undecided)";
+  console.log("");
+  console.log(`Dispute resolution \u2014 delegation ${row.delegationId}`);
+  console.log(`  status:          ${row.status}`);
+  console.log(`  winner:          ${winner}${row.winnerDid ? `  ${row.winnerDid}` : ""}`);
+  console.log(`  is_payer_winner: ${row.isPayerWinner}`);
+  console.log(`  source:          ${row.verdictSource ?? "(none)"}    policy: ${row.policyId ?? "(none)"}`);
+  console.log(`  snapshot_hash:   ${row.snapshotHash ?? "(none)"}`);
+  console.log(`  reason_hash:     ${row.reasonHashHex ?? "(none)"}`);
+  console.log(`  resolve tx:      ${row.solanaSignature ?? "(none)"}`);
+  console.log(`  attempts:        ${row.attempts}${row.lastError ? `   last_error: ${row.lastError}` : ""}`);
+  console.log("\n  reasoning:");
+  console.log(
+    (row.reasoning ?? "(none)").split("\n").map((l) => `    ${l}`).join("\n")
+  );
 }
 function registerEscrowActionCommands(escrow) {
   sharedFlags(
@@ -4749,6 +4568,9 @@ function registerEscrowActionCommands(escrow) {
       "OPERATOR: rule the dispute (winner takes the escrow; stakes split per config). Requires the on-chain-registered operator key. Disputing \u2192 DisputeResolved."
     ).option("--payer-wins", "Rule for the buyer").option("--payee-wins", "Rule for the worker").option("--reason <text>", "Resolution reasoning \u2014 sha256 recorded on-chain as reason_hash")
   ).action(disputeResolveHandler);
+  dispute.command("show <delegation-id>").description(
+    "Read the arbiter's verdict for a disputed delegation \u2014 winner + DID, source (llm | objective_fallback), reasoning, status, resolve tx. Signed server read; parties only."
+  ).option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable JSON output", false).action(disputeShowHandler);
   sharedFlags(escrow.command("show <delegation-id>").description("Decode + print the on-chain Lock account (state, parties, amounts, rolling deadline). Read-only.")).action(
     showHandler
   );
@@ -4765,13 +4587,13 @@ function registerEscrowCommands(root) {
     "Compute canonical condition_hash (32-byte hex) for `heyarp wallet create-lock --condition-hash <hex>` from the DELEGATION terms. Projects the flags to the canonical subset and hashes via SDK deriveDelegationConditionHash \u2014 no server fetch. The SAME terms MUST go into `delegation offer` or the server rejects the lock (ESC_LOCK_CONDITION_HASH_MISMATCH)."
   ).requiredOption("--delegation-id <id>", "Delegation UUID this lock binds (drives the on-chain lock_id + the condition_hash identity binding)").requiredOption("--scope <text>", "scope_summary \u2014 short prose describing the agreed work").option(
     "--currency <s>",
-    `Asset identifier bound into the hash: shorthand (${import_sdk15.WELL_KNOWN_ASSET_KEYS.join("|")}) OR raw CAIP-19 string. Optional but must match the offer's --currency.`
-  ).option("--currency-decimals <n>", "Decimal places (0-18). Required only when --currency is raw CAIP-19.").option("--currency-symbol <s>", 'Optional UI hint ("USDC", "SOL"). Max 16 chars.').option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--json", "Machine-readable JSON: {delegation_id, condition_hash_hex, projected_subset}", false).action(async (opts) => {
+    `Asset identifier bound into the hash: shorthand (${import_sdk17.WELL_KNOWN_ASSET_KEYS.join("|")}) OR raw CAIP-19 string. Optional but must match the offer's --currency.`
+  ).option("--currency-decimals <n>", "Decimal places (0-18). Required only when --currency is raw CAIP-19.").option("--currency-symbol <s>", 'Optional UI hint ("USDC", "SOL"). Max 16 chars.').option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable JSON: {delegation_id, condition_hash_hex, projected_subset}", false).action(async (opts) => {
     await runDeriveConditionHash(opts);
   });
   cmd.command("recover-sequence").description(
     "Repair a desynced local `lastSenderSequence` after a post-commit failure the CLI couldn't auto-classify (e.g. `INTERNAL_SERVER_ERROR` from the global Internal filter \u2014 pre-/post-commit origin is ambiguous, so auto-advance is unsafe). Queries the server's owner-only `/sender-sequence` endpoint and compares; with --apply, updates local agent state to match. Default is dry-run \u2014 prints the diff and exits 0 if in-sync, 1 if drift detected."
-  ).option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--apply", "Apply the fix (write the server-known value to local state). Default: dry-run.", false).option("--json", "Machine-readable JSON: {local, server, drift, applied}", false).action(async (opts) => {
+  ).option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--apply", "Apply the fix (write the server-known value to local state). Default: dry-run.", false).option("--json", "Machine-readable JSON: {local, server, drift, applied}", false).action(async (opts) => {
     await runRecoverSequence(opts);
   });
 }
@@ -4779,7 +4601,7 @@ async function runEscrowInfo(opts) {
   const api = new ArpApiClient(opts.server);
   const status = await api.getEscrowConfig();
   if (opts.json) {
-    progress(true, import_chalk12.default.dim(`Server: ${api.serverUrl}`));
+    progress(true, import_chalk13.default.dim(`Server: ${api.serverUrl}`));
     jsonOut(status);
   } else {
     console.log(formatEscrowConfigStatus(api.serverUrl, status));
@@ -4788,35 +4610,35 @@ async function runEscrowInfo(opts) {
 function formatEscrowConfigStatus(serverUrl, s) {
   const lines = [];
   const win = (secs) => secs % 3600 === 0 ? `${secs / 3600}h` : secs % 60 === 0 ? `${secs / 60}m` : `${secs}s`;
-  lines.push(`${import_chalk12.default.dim("Server:")}        ${serverUrl}`);
-  lines.push(`${import_chalk12.default.dim("Program ID:")}    ${s.programId}`);
-  lines.push(`${import_chalk12.default.dim("Admin:")}         ${s.admin}`);
-  lines.push(`${import_chalk12.default.dim("Treasury:")}      ${s.treasury}`);
-  lines.push(`${import_chalk12.default.dim("Paused:")}        ${s.paused ? import_chalk12.default.yellow("YES (new locks rejected)") : import_chalk12.default.green("no")}`);
+  lines.push(`${import_chalk13.default.dim("Server:")}        ${serverUrl}`);
+  lines.push(`${import_chalk13.default.dim("Program ID:")}    ${s.programId}`);
+  lines.push(`${import_chalk13.default.dim("Admin:")}         ${s.admin}`);
+  lines.push(`${import_chalk13.default.dim("Treasury:")}      ${s.treasury}`);
+  lines.push(`${import_chalk13.default.dim("Paused:")}        ${s.paused ? import_chalk13.default.yellow("YES (new locks rejected)") : import_chalk13.default.green("no")}`);
   lines.push("");
-  lines.push(import_chalk12.default.bold("Windows (rolling deadlines):"));
-  lines.push(`  ${import_chalk12.default.dim("work:")}    ${win(s.workWindowSecs)} ${import_chalk12.default.dim("(accept \u2192 submit_work)")}`);
-  lines.push(`  ${import_chalk12.default.dim("review:")}  ${win(s.reviewWindowSecs)} ${import_chalk12.default.dim("(submit_work \u2192 buyer approve / worker self-claim)")}`);
-  lines.push(`  ${import_chalk12.default.dim("dispute:")} ${win(s.disputeWindowSecs)} ${import_chalk12.default.dim("(open_dispute \u2192 operator resolve / timeout close)")}`);
+  lines.push(import_chalk13.default.bold("Windows (rolling deadlines):"));
+  lines.push(`  ${import_chalk13.default.dim("work:")}    ${win(s.workWindowSecs)} ${import_chalk13.default.dim("(accept \u2192 submit_work)")}`);
+  lines.push(`  ${import_chalk13.default.dim("review:")}  ${win(s.reviewWindowSecs)} ${import_chalk13.default.dim("(submit_work \u2192 buyer approve / worker self-claim)")}`);
+  lines.push(`  ${import_chalk13.default.dim("dispute:")} ${win(s.disputeWindowSecs)} ${import_chalk13.default.dim("(open_dispute \u2192 operator resolve / timeout close)")}`);
   lines.push("");
-  lines.push(import_chalk12.default.bold("Stakes:"));
-  lines.push(`  ${import_chalk12.default.dim("worker stake:")}         ${s.workerStakeLamports} lamports ${import_chalk12.default.dim("(escrowed at accept_lock, returned on completion)")}`);
-  lines.push(`  ${import_chalk12.default.dim("operator dispute fee:")} ${s.operatorDisputeFeeLamports} lamports`);
+  lines.push(import_chalk13.default.bold("Stakes:"));
+  lines.push(`  ${import_chalk13.default.dim("worker stake:")}         ${s.workerStakeLamports} lamports ${import_chalk13.default.dim("(escrowed at accept_lock, returned on completion)")}`);
+  lines.push(`  ${import_chalk13.default.dim("operator dispute fee:")} ${s.operatorDisputeFeeLamports} lamports`);
   lines.push("");
-  lines.push(import_chalk12.default.bold("Protocol fee:"));
+  lines.push(import_chalk13.default.bold("Protocol fee:"));
   if (!s.feeEnabled || s.feeBps === 0) {
-    lines.push(`  ${import_chalk12.default.green("DISABLED")}`);
-    lines.push(`  ${import_chalk12.default.dim("fee_bps:")}       ${s.feeBps}`);
-    lines.push(`  ${import_chalk12.default.dim("fee_recipient:")} ${s.feeRecipient}`);
+    lines.push(`  ${import_chalk13.default.green("DISABLED")}`);
+    lines.push(`  ${import_chalk13.default.dim("fee_bps:")}       ${s.feeBps}`);
+    lines.push(`  ${import_chalk13.default.dim("fee_recipient:")} ${s.feeRecipient}`);
     lines.push("");
-    lines.push(import_chalk12.default.dim(`  New locks will snapshot fee_bps=0 \u2014 payee receives 100% on claim.`));
+    lines.push(import_chalk13.default.dim(`  New locks will snapshot fee_bps=0 \u2014 payee receives 100% on claim.`));
   } else {
     const pct = (s.feeBps / 100).toFixed(2);
-    lines.push(`  ${import_chalk12.default.yellow("ENABLED")} \u2014 ${pct}% of payee slice (${s.feeBps} bps)`);
-    lines.push(`  ${import_chalk12.default.dim("fee_recipient:")} ${s.feeRecipient}`);
+    lines.push(`  ${import_chalk13.default.yellow("ENABLED")} \u2014 ${pct}% of payee slice (${s.feeBps} bps)`);
+    lines.push(`  ${import_chalk13.default.dim("fee_recipient:")} ${s.feeRecipient}`);
     lines.push("");
-    lines.push(import_chalk12.default.dim(`  New locks will snapshot fee_bps=${s.feeBps} onto themselves.`));
-    lines.push(import_chalk12.default.dim(`  Existing locks keep their lock-time snapshot \u2014 no retroactive change.`));
+    lines.push(import_chalk13.default.dim(`  New locks will snapshot fee_bps=${s.feeBps} onto themselves.`));
+    lines.push(import_chalk13.default.dim(`  Existing locks keep their lock-time snapshot \u2014 no retroactive change.`));
   }
   return lines.join("\n");
 }
@@ -4840,11 +4662,11 @@ async function runDeriveConditionHash(opts) {
     throw new Error(`${cmdName}: --scope is required (binds scope_summary into the condition_hash)`);
   }
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent(cmdName, opts.server, opts.fromDid);
-  progress(opts.json, import_chalk12.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk12.default.dim(`Signer: ${sender.did}`));
+  const sender = resolveSenderAgent(cmdName, opts.server, opts.fromDid, opts.from);
+  progress(opts.json, import_chalk13.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk13.default.dim(`Signer: ${sender.did}`));
   const subset = projectDelegationForHash(cmdName, opts, delegationId);
-  const hashBytes = (0, import_sdk15.deriveDelegationConditionHash)(subset);
+  const hashBytes = (0, import_sdk17.deriveDelegationConditionHash)(subset);
   const hex = (0, import_utils2.bytesToHex)(hashBytes);
   if (opts.json) {
     jsonOut({
@@ -4854,14 +4676,14 @@ async function runDeriveConditionHash(opts) {
     });
     return;
   }
-  console.log(import_chalk12.default.dim(`Delegation:   ${delegationId}`));
-  console.log(import_chalk12.default.dim("Subset hashed:"));
-  console.log(import_chalk12.default.dim(`  scopeSummary:           ${subset.scopeSummary ?? "(unset)"}`));
-  if (subset.currency !== void 0) console.log(import_chalk12.default.dim(`  currency.asset_id:      ${subset.currency.asset_id}`));
+  console.log(import_chalk13.default.dim(`Delegation:   ${delegationId}`));
+  console.log(import_chalk13.default.dim("Subset hashed:"));
+  console.log(import_chalk13.default.dim(`  scopeSummary:           ${subset.scopeSummary ?? "(unset)"}`));
+  if (subset.currency !== void 0) console.log(import_chalk13.default.dim(`  currency.asset_id:      ${subset.currency.asset_id}`));
   console.log("");
-  console.log(`${import_chalk12.default.bold("condition_hash:")} ${hex}`);
+  console.log(`${import_chalk13.default.bold("condition_hash:")} ${hex}`);
   console.log("");
-  console.log(import_chalk12.default.dim(`Pass to: heyarp wallet create-lock --delegation-id ${delegationId} --condition-hash ${hex} ...`));
+  console.log(import_chalk13.default.dim(`Pass to: heyarp wallet create-lock --delegation-id ${delegationId} --condition-hash ${hex} ...`));
 }
 function classifyRecoverOutcome(local, server) {
   if (local === server) return { kind: "in-sync", value: local };
@@ -4869,7 +4691,7 @@ function classifyRecoverOutcome(local, server) {
   return { kind: "ahead", local, server, drift: local - server };
 }
 async function runRecoverSequence(opts) {
-  const sender = resolveSenderAgent("escrow recover-sequence", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("escrow recover-sequence", opts.server, opts.fromDid, opts.from);
   const signer = makeSigner(sender);
   const api = new ArpApiClient(opts.server);
   const local = sender.lastSenderSequence ?? 0;
@@ -4894,43 +4716,43 @@ async function runRecoverSequence(opts) {
       applied: opts.apply === true && outcome.kind === "behind"
     });
   } else {
-    console.log(import_chalk12.default.dim(`DID:    ${sender.did}`));
-    console.log(import_chalk12.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk13.default.dim(`DID:    ${sender.did}`));
+    console.log(import_chalk13.default.dim(`Server: ${api.serverUrl}`));
     console.log("");
-    console.log(`${import_chalk12.default.bold("Local lastSenderSequence:")}  ${local}`);
-    console.log(`${import_chalk12.default.bold("Server lastSenderSequence:")} ${server}`);
+    console.log(`${import_chalk13.default.bold("Local lastSenderSequence:")}  ${local}`);
+    console.log(`${import_chalk13.default.bold("Server lastSenderSequence:")} ${server}`);
     console.log("");
     if (outcome.kind === "in-sync") {
-      console.log(import_chalk12.default.green("\u2713 In sync \u2014 no recovery needed."));
+      console.log(import_chalk13.default.green("\u2713 In sync \u2014 no recovery needed."));
     } else if (outcome.kind === "behind") {
-      console.log(import_chalk12.default.yellow(`\u26A0 Local is BEHIND by ${outcome.drift}. Server has accepted envelopes the CLI didn't classify as post-commit.`));
+      console.log(import_chalk13.default.yellow(`\u26A0 Local is BEHIND by ${outcome.drift}. Server has accepted envelopes the CLI didn't classify as post-commit.`));
       if (opts.apply) {
-        console.log(import_chalk12.default.dim("Writing server value to local state..."));
+        console.log(import_chalk13.default.dim("Writing server value to local state..."));
       } else {
-        console.log(import_chalk12.default.dim("Dry-run. Pass --apply to update local state to match server."));
+        console.log(import_chalk13.default.dim("Dry-run. Pass --apply to update local state to match server."));
       }
     } else {
-      console.log(import_chalk12.default.red(`\u2717 Local is AHEAD of server by ${outcome.drift}. This should not happen under normal protocol flow.`));
-      console.log(import_chalk12.default.dim("NOT applying \u2014 manual investigation needed. Possible causes:"));
-      console.log(import_chalk12.default.dim("  - Local agents.json edited by hand to a wrong value"));
-      console.log(import_chalk12.default.dim("  - Server data lost / rolled back"));
-      console.log(import_chalk12.default.dim("  - HEYARP_HOME pointed at a wrong account"));
+      console.log(import_chalk13.default.red(`\u2717 Local is AHEAD of server by ${outcome.drift}. This should not happen under normal protocol flow.`));
+      console.log(import_chalk13.default.dim("NOT applying \u2014 manual investigation needed. Possible causes:"));
+      console.log(import_chalk13.default.dim("  - Local agents.json edited by hand to a wrong value"));
+      console.log(import_chalk13.default.dim("  - Server data lost / rolled back"));
+      console.log(import_chalk13.default.dim("  - HEYARP_HOME pointed at a wrong account"));
     }
   }
   if (outcome.kind === "behind" && opts.apply) {
     updateAgentLocal(opts.server, sender.did, { lastSenderSequence: outcome.server });
-    if (!opts.json) console.log(import_chalk12.default.green(`\u2713 Local lastSenderSequence updated: ${local} \u2192 ${outcome.server}`));
+    if (!opts.json) console.log(import_chalk13.default.green(`\u2713 Local lastSenderSequence updated: ${local} \u2192 ${outcome.server}`));
   }
   if (outcome.kind === "behind" && !opts.apply) process.exitCode = 1;
   if (outcome.kind === "ahead") process.exitCode = 2;
 }
 // src/commands/events.ts
-var import_sdk16 = require("@heyanon-arp/sdk");
-var import_chalk13 = __toESM(require("chalk"));
+var import_sdk18 = require("@heyanon-arp/sdk");
+var import_chalk14 = __toESM(require("chalk"));
 init_api();
 function registerEventsCommand(root) {
-  root.command("events").description("List events for a relationship (chain order, ascending index)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--since <n>", "Cursor: only events with relationshipEventIndex >= since").option("--limit <n>", "Max events to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option(
+  root.command("events").description("List events for a relationship (chain order, ascending index)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--since <n>", "Cursor: only events with relationshipEventIndex >= since").option("--limit <n>", "Max events to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--verbose",
     'After the summary table, print a framed "Full event payloads (N rows)" block \u2014 each event labelled with full eventId + serverEventHash and dumped as JSON. Mutually exclusive with --json.',
     false
@@ -4969,16 +4791,16 @@ async function runEvents(relationshipId, opts) {
   const limit = parseLimit3(opts.limit);
   const since = parseSince(opts.since);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("events", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("events", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
-    console.log(import_chalk13.default.dim(`Server: ${api.serverUrl}`));
-    console.log(import_chalk13.default.dim(`Signer: ${sender.did}`));
-    console.log(import_chalk13.default.dim(`Relationship: ${relationshipId}`));
+    console.log(import_chalk14.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk14.default.dim(`Signer: ${sender.did}`));
+    console.log(import_chalk14.default.dim(`Relationship: ${relationshipId}`));
   }
   const query = { limit };
   if (since !== void 0) query.since = since;
-  if (opts.successOnly) query.readModelStatus = import_sdk16.ReadModelStatuses.MATERIALIZED;
-  else if (opts.rejectedOnly) query.readModelStatus = import_sdk16.ReadModelStatuses.REJECTED;
+  if (opts.successOnly) query.readModelStatus = import_sdk18.ReadModelStatuses.MATERIALIZED;
+  else if (opts.rejectedOnly) query.readModelStatus = import_sdk18.ReadModelStatuses.REJECTED;
   const signer = makeSigner(sender);
   const events = await api.listEvents(relationshipId, signer, query);
   if (opts.json) {
@@ -4986,7 +4808,7 @@ async function runEvents(relationshipId, opts) {
     return;
   }
   if (events.length === 0) {
-    console.log(import_chalk13.default.dim("\n(no events for this relationship)"));
+    console.log(import_chalk14.default.dim("\n(no events for this relationship)"));
     return;
   }
   console.log("");
@@ -5002,20 +4824,20 @@ async function runEvents(relationshipId, opts) {
     }));
   }
   const lastIndex = events[events.length - 1].relationshipEventIndex;
-  console.log(import_chalk13.default.dim(`
+  console.log(import_chalk14.default.dim(`
 ${events.length} event(s). Paginate with --since ${lastIndex + 1}.`));
 }
 function formatEventLine(ev, selfDid, opts = {}) {
-  const idx = import_chalk13.default.bold(`#${ev.relationshipEventIndex}`);
+  const idx = import_chalk14.default.bold(`#${ev.relationshipEventIndex}`);
   const eventId = opts.fullIds ? ev.eventId : eventIdHead(ev.eventId);
   const type = ev.type.padEnd(20);
   const direction = directionLabel(ev, selfDid, opts);
   const hash = opts.fullIds ? ev.serverEventHash : hashHead(ev.serverEventHash);
   const extra = extraDetail(ev);
-  const tail = extra ? `   ${import_chalk13.default.dim(`(${extra})`)}` : "";
-  const status = ev.readModelStatus ?? import_sdk16.ReadModelStatuses.MATERIALIZED;
-  const statusGlyph = status === import_sdk16.ReadModelStatuses.REJECTED ? `${import_chalk13.default.red("\u2717")} ` : "  ";
-  return `${statusGlyph}${idx}  ${import_chalk13.default.cyan(eventId)}  ${type}  ${direction}    ${import_chalk13.default.cyan(hash)}${tail}`;
+  const tail = extra ? `   ${import_chalk14.default.dim(`(${extra})`)}` : "";
+  const status = ev.readModelStatus ?? import_sdk18.ReadModelStatuses.MATERIALIZED;
+  const statusGlyph = status === import_sdk18.ReadModelStatuses.REJECTED ? `${import_chalk14.default.red("\u2717")} ` : "  ";
+  return `${statusGlyph}${idx}  ${import_chalk14.default.cyan(eventId)}  ${type}  ${direction}    ${import_chalk14.default.cyan(hash)}${tail}`;
 }
 function eventIdHead(eventId) {
   if (eventId.length <= 20) return eventId;
@@ -5024,9 +4846,9 @@ function eventIdHead(eventId) {
 function directionLabel(ev, selfDid, opts = {}) {
   const senderHead = opts.fullIds ? ev.senderDid : didHead2(ev.senderDid);
   const recipientHead = opts.fullIds ? ev.recipientDid : didHead2(ev.recipientDid);
-  if (ev.senderDid === selfDid) return `${import_chalk13.default.bold("me")} \u2192 ${import_chalk13.default.dim(recipientHead)}`;
-  if (ev.recipientDid === selfDid) return `${import_chalk13.default.dim(senderHead)} \u2192 ${import_chalk13.default.bold("me")}`;
-  return `${import_chalk13.default.dim(senderHead)} \u2192 ${import_chalk13.default.dim(recipientHead)}`;
+  if (ev.senderDid === selfDid) return `${import_chalk14.default.bold("me")} \u2192 ${import_chalk14.default.dim(recipientHead)}`;
+  if (ev.recipientDid === selfDid) return `${import_chalk14.default.dim(senderHead)} \u2192 ${import_chalk14.default.bold("me")}`;
+  return `${import_chalk14.default.dim(senderHead)} \u2192 ${import_chalk14.default.dim(recipientHead)}`;
 }
 function extraDetail(ev) {
   if (ev.type === "handshake_response") {
@@ -5063,7 +4885,7 @@ function parseSince(raw) {
 }
 // src/commands/guide.ts
-var import_chalk14 = __toESM(require("chalk"));
+var import_chalk15 = __toESM(require("chalk"));
 // src/guide/source.ts
 var GUIDE_TITLE = "HeyARP CLI \u2014 agent guide";
@@ -5597,7 +5419,7 @@ var GUIDE_SECTIONS = [
       "   1. heyarp login             link this CLI to your Solana wallet \u2014 hand the",
       "                               printed URL to your HUMAN operator (browser",
       "                               approval; registration REQUIRES it)",
-      "   2. heyarp register          create your DID + Ed25519 keys",
+      "   2. heyarp register --name <handle>   create your DID + Ed25519 keys (handle: unique, lowercase a-z0-9_ 3-32, immutable \u2014 others can address you by it instead of your DID, e.g. `send-handshake <handle>`; `heyarp whois <handle>` resolves it)",
       "   3. heyarp whoami            confirm your DID + login account are set",
       "   4. role for THIS deal: you SEND the offer \u2192 buyer; an offer ARRIVES \u2192 worker",
       "   5. BUYER only \u2014 fund your settlement wallet: `whoami --local` \u2192",
@@ -5704,7 +5526,7 @@ function renderCommand(c) {
          ${c.description}`;
 }
 function renderSection(s) {
-  const lines = [import_chalk14.default.bold(s.title)];
+  const lines = [import_chalk15.default.bold(s.title)];
   if (s.body && s.body.length > 0) lines.push(...s.body);
   if (s.nextActions && s.nextActions.length > 0) {
     lines.push("   Commands:");
@@ -5731,21 +5553,21 @@ function modeHeader(mode) {
         ""
       ];
     case "role":
-      return [import_chalk14.default.dim(`(${mode.role} guide \u2014 your slice only; run \`heyarp guide\` for the overview)`), ""];
+      return [import_chalk15.default.dim(`(${mode.role} guide \u2014 your slice only; run \`heyarp guide\` for the overview)`), ""];
     case "setup":
-      return [import_chalk14.default.dim("(setup \u2014 role-agnostic; run `heyarp guide` for the overview)"), ""];
+      return [import_chalk15.default.dim("(setup \u2014 role-agnostic; run `heyarp guide` for the overview)"), ""];
     case "troubleshoot":
-      return [import_chalk14.default.dim("(troubleshooting \u2014 role-agnostic)"), ""];
+      return [import_chalk15.default.dim("(troubleshooting \u2014 role-agnostic)"), ""];
   }
 }
 function modeFooter(mode) {
   if (mode.kind === "overview") {
-    return ["", import_chalk14.default.dim("Full reference per role: `heyarp guide --role worker|buyer`. Docs: https://www.npmjs.com/package/@heyanon-arp/cli")];
+    return ["", import_chalk15.default.dim("Full reference per role: `heyarp guide --role worker|buyer`. Docs: https://www.npmjs.com/package/@heyanon-arp/cli")];
   }
   return [];
 }
 function renderGuide(mode = { kind: "overview" }) {
-  const blocks = [import_chalk14.default.bold(GUIDE_TITLE), "", ...modeHeader(mode)];
+  const blocks = [import_chalk15.default.bold(GUIDE_TITLE), "", ...modeHeader(mode)];
   for (const s of selectSections(mode)) {
     blocks.push(renderSection(s), "");
   }
@@ -5795,7 +5617,7 @@ function renderPrompt(mode, opts = { concise: false }) {
 // src/commands/homes.ts
 var import_node_fs6 = require("fs");
 var import_node_path6 = require("path");
-var import_chalk15 = __toESM(require("chalk"));
+var import_chalk16 = __toESM(require("chalk"));
 var import_prompts = __toESM(require("prompts"));
 // src/homes.ts
@@ -5889,27 +5711,27 @@ function runHomes(opts) {
     return;
   }
   if (rows.length === 0) {
-    console.log(import_chalk15.default.dim("(no HEYARP_HOME directories registered yet \u2014 run `heyarp register` once and the registry populates itself)"));
-    console.log(import_chalk15.default.dim(`   registry path: ${homesRegistryPath()}`));
+    console.log(import_chalk16.default.dim("(no HEYARP_HOME directories registered yet \u2014 run `heyarp register` once and the registry populates itself)"));
+    console.log(import_chalk16.default.dim(`   registry path: ${homesRegistryPath()}`));
     return;
   }
   const header = ["Path", "Agents", "Last seen", "Status"];
   const data = rows.map((r) => [
-    r.path + (r.isCurrent ? import_chalk15.default.green(" (current)") : ""),
+    r.path + (r.isCurrent ? import_chalk16.default.green(" (current)") : ""),
     String(r.agentCount),
     formatRelativeTime(r.lastSeenAt),
-    r.exists ? import_chalk15.default.green("ok") : import_chalk15.default.red("missing")
+    r.exists ? import_chalk16.default.green("ok") : import_chalk16.default.red("missing")
   ]);
   console.log("");
   console.log(formatTable(header, data));
-  console.log(import_chalk15.default.dim(`
+  console.log(import_chalk16.default.dim(`
 Registry path: ${homesRegistryPath()}`));
-  console.log(import_chalk15.default.dim(`Set HEYARP_HOME=<path> in a shell to switch between homes; run \`heyarp homes forget <path>\` to drop a stale entry.`));
+  console.log(import_chalk16.default.dim(`Set HEYARP_HOME=<path> in a shell to switch between homes; run \`heyarp homes forget <path>\` to drop a stale entry.`));
 }
 async function runForget(path, opts) {
   if (!opts.yes) {
-    console.log(import_chalk15.default.yellow(`About to remove '${path}' from the homes registry.`));
-    console.log(import_chalk15.default.dim("   Note: this only forgets the registry entry; the directory + its agents.json are NOT touched."));
+    console.log(import_chalk16.default.yellow(`About to remove '${path}' from the homes registry.`));
+    console.log(import_chalk16.default.dim("   Note: this only forgets the registry entry; the directory + its agents.json are NOT touched."));
     const answer = await (0, import_prompts.default)(
       {
         type: "confirm",
@@ -5919,21 +5741,21 @@ async function runForget(path, opts) {
       },
       {
         onCancel: () => {
-          console.log(import_chalk15.default.yellow("Aborted."));
+          console.log(import_chalk16.default.yellow("Aborted."));
           process.exit(130);
         }
       }
     );
     if (!answer.confirm) {
-      console.log(import_chalk15.default.dim("Aborted (no changes)."));
+      console.log(import_chalk16.default.dim("Aborted (no changes)."));
       return;
     }
   }
   const removed = forgetHome(path);
   if (removed) {
-    console.log(import_chalk15.default.green(`\u2713 forgot ${path}`));
+    console.log(import_chalk16.default.green(`\u2713 forgot ${path}`));
   } else {
-    console.log(import_chalk15.default.dim(`(no entry for ${path} in the registry \u2014 already absent)`));
+    console.log(import_chalk16.default.dim(`(no entry for ${path} in the registry \u2014 already absent)`));
   }
 }
 function countAgents(homePath) {
@@ -5958,13 +5780,13 @@ function formatTable(header, data) {
     const padding = " ".repeat(Math.max(0, widths[i] - lengths[i]));
     return cell + padding;
   }).join("  ");
-  const headerLine = import_chalk15.default.bold(
+  const headerLine = import_chalk16.default.bold(
     pad(
       header,
       header.map((s) => s.length)
     )
   );
-  const sepLine = import_chalk15.default.dim(
+  const sepLine = import_chalk16.default.dim(
     pad(
       widths.map((w) => "-".repeat(w)),
       widths
@@ -5991,7 +5813,7 @@ function formatRelativeTime(iso) {
 }
 // src/commands/inbox.ts
-var import_chalk16 = __toESM(require("chalk"));
+var import_chalk17 = __toESM(require("chalk"));
 init_api();
 function formatTailStartedPing(input) {
   const ping = {
@@ -6009,7 +5831,7 @@ function registerInboxCommand(root) {
   ).argument("[did]", "Recipient DID (did:arp:...) \u2014 must have local state. Optional when --from-did is given OR exactly one agent is registered for the resolved server.").option("--server <url>", "Override ARP server base URL").option("--limit <n>", "Max events to return (1..100)", "20").option("--before <iso>", "Cursor: only events strictly OLDER than this RFC 3339 timestamp").option("--before-event-id <id>", "Tiebreaker for --before \u2014 pass the previous page's last eventId").option(
     "--since <iso>",
     "Forward cursor: only events strictly NEWER than this RFC 3339 timestamp. Polling workers persist this between iterations to skip already-handled envelopes (fixes the double-fire pattern of re-reading from the same head). Pages are returned OLDEST-FIRST when --since is used alone (so a poller can advance its watermark to the page tail without losing backlogged events); combine with --before for a newest-first range query."
-  ).option("--since-event-id <id>", "Tiebreaker for --since \u2014 pass the previous tick's last handled eventId. Combine with --since for same-millisecond stability.").option("--verbose", "After the table, print the full JSON envelope for each event with a per-row label that includes the full serverEventHash + eventId", false).option("--json", "Machine-readable mode \u2014 emit a single JSON array of events, no human-format summary, no chalk colors. Pipe-safe.", false).option("--full-ids", "Print sender DID and full serverEventHash in the table (no truncation). Use when you need to copy-paste either value into another command.", false).option("--from-did <did>", "Alias for the positional <did> argument \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").option(
+  ).option("--since-event-id <id>", "Tiebreaker for --since \u2014 pass the previous tick's last handled eventId. Combine with --since for same-millisecond stability.").option("--verbose", "After the table, print the full JSON envelope for each event with a per-row label that includes the full serverEventHash + eventId", false).option("--json", "Machine-readable mode \u2014 emit a single JSON array of events, no human-format summary, no chalk colors. Pipe-safe.", false).option("--full-ids", "Print sender DID and full serverEventHash in the table (no truncation). Use when you need to copy-paste either value into another command.", false).option("--from-did <did>", "Alias for the positional <did> argument \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--tail",
     // The polling output (`heyarp inbox --json`) emits raw
     // `EventPublic[]` rows with `.body` at the top level, but
@@ -6030,7 +5852,7 @@ async function runInbox(positionalDid, opts) {
     throw new Error(`inbox: positional <did> (${positionalDid}) and --from-did (${opts.fromDid}) disagree \u2014 pass only one`);
   }
   const explicitDid = positionalDid ?? opts.fromDid;
-  const local = explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("inbox", opts.server, void 0);
+  const local = explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("inbox", opts.server, void 0, opts.from);
   const did = local.did;
   if (opts.tail) {
     await runInboxTail(did, local, opts);
@@ -6038,8 +5860,8 @@ async function runInbox(positionalDid, opts) {
   }
   const api = new ArpApiClient(opts.server);
   if (!opts.json) {
-    console.log(import_chalk16.default.dim(`Server: ${api.serverUrl}`));
-    console.log(import_chalk16.default.dim(`Signer: ${local.did}`));
+    console.log(import_chalk17.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk17.default.dim(`Signer: ${local.did}`));
   }
   const query = { limit };
   if (opts.before) query.before = opts.before;
@@ -6053,7 +5875,7 @@ async function runInbox(positionalDid, opts) {
     return;
   }
   if (events.length === 0) {
-    console.log(import_chalk16.default.dim("\n(no events addressed to me \u2014 `heyarp events <relationship-id>` shows the chain-wide listing)"));
+    console.log(import_chalk17.default.dim("\n(no events addressed to me \u2014 `heyarp events <relationship-id>` shows the chain-wide listing)"));
     return;
   }
   console.log("");
@@ -6068,16 +5890,16 @@ async function runInbox(positionalDid, opts) {
       secondary: `eventId=${ev.eventId} serverEventHash=${ev.serverEventHash}`
     }));
   }
-  const addressedToMeHint = import_chalk16.default.dim(" (envelopes addressed to me \u2014 for the full chain see `heyarp events <relationship-id>`)");
+  const addressedToMeHint = import_chalk17.default.dim(" (envelopes addressed to me \u2014 for the full chain see `heyarp events <relationship-id>`)");
   if (opts.since && !opts.before) {
     console.log(
-      import_chalk16.default.dim(
+      import_chalk17.default.dim(
         `
 ${events.length} event(s) (oldest-first).${addressedToMeHint} Advance the forward cursor with --since <serverTimestamp> --since-event-id <eventId> using the LAST row above.`
       )
     );
   } else {
-    console.log(import_chalk16.default.dim(`
+    console.log(import_chalk17.default.dim(`
 ${events.length} event(s).${addressedToMeHint} Paginate with --before <serverTimestamp> --before-event-id <eventId> using the LAST row above.`));
   }
 }
@@ -6092,7 +5914,7 @@ async function runInboxTail(did, local, opts) {
     } else {
       warn(
         opts.json,
-        import_chalk16.default.yellow(
+        import_chalk17.default.yellow(
           "\u26A0 inbox --tail: stdout is piped but `process.stdout._handle.setBlocking` is unavailable in this Node runtime. Buffered writes may delay event delivery. Fall back to polling (`heyarp inbox --json`) if events stop arriving."
         )
       );
@@ -6102,9 +5924,9 @@ async function runInboxTail(did, local, opts) {
   if (opts.json) {
     console.log(formatTailStartedPing({ server: api.serverUrl, signer: local.did, stdoutBlockingApplied }));
   } else {
-    console.log(import_chalk16.default.dim(`Server: ${api.serverUrl}`));
-    console.log(import_chalk16.default.dim(`Signer: ${local.did}`));
-    console.log(import_chalk16.default.dim("Mode: --tail (live SSE, Ctrl-C to stop)"));
+    console.log(import_chalk17.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk17.default.dim(`Signer: ${local.did}`));
+    console.log(import_chalk17.default.dim("Mode: --tail (live SSE, Ctrl-C to stop)"));
   }
   const controller = new AbortController();
   let userAborted = false;
@@ -6123,7 +5945,7 @@ async function runInboxTail(did, local, opts) {
       }
       if (event.type === "heartbeat") continue;
       if (event.type === "connected") {
-        console.log(import_chalk16.default.green("\u25CF stream open \u2014 listening for envelopes..."));
+        console.log(import_chalk17.default.green("\u25CF stream open \u2014 listening for envelopes..."));
         continue;
       }
       if (event.type === "envelope") {
@@ -6137,7 +5959,7 @@ async function runInboxTail(did, local, opts) {
         }
         continue;
       }
-      console.log(import_chalk16.default.dim(`(unknown event: ${event.type})`));
+      console.log(import_chalk17.default.dim(`(unknown event: ${event.type})`));
     }
     if (!userAborted) {
       throw new Error("inbox --tail: stream ended unexpectedly (server may have restarted, or change stream errored). Re-run to reconnect.");
@@ -6145,7 +5967,7 @@ async function runInboxTail(did, local, opts) {
   } catch (err) {
     const name = err.name;
     if (name === "AbortError" || userAborted) {
-      if (!opts.json) console.log(import_chalk16.default.dim("\nstream closed."));
+      if (!opts.json) console.log(import_chalk17.default.dim("\nstream closed."));
       return;
     }
     throw err;
@@ -6165,15 +5987,15 @@ function formatInboxTable(events, opts = {}) {
   ]);
   const widths = header.map((h, i) => Math.max(h.length, ...data.map((row) => row[i].length)));
   const pad = (cells) => cells.map((c, i) => c.padEnd(widths[i])).join("  ");
-  const lines = [import_chalk16.default.bold(pad(header)), import_chalk16.default.dim(pad(widths.map((w) => "-".repeat(w)))), ...data.map((row) => pad(row))];
-  const detail = events.map((ev) => `  ${import_chalk16.default.dim("eventId:")} ${import_chalk16.default.cyan(ev.eventId)}  ${import_chalk16.default.dim("serverTimestamp:")} ${import_chalk16.default.cyan(ev.serverTimestamp)}`).join("\n");
+  const lines = [import_chalk17.default.bold(pad(header)), import_chalk17.default.dim(pad(widths.map((w) => "-".repeat(w)))), ...data.map((row) => pad(row))];
+  const detail = events.map((ev) => `  ${import_chalk17.default.dim("eventId:")} ${import_chalk17.default.cyan(ev.eventId)}  ${import_chalk17.default.dim("serverTimestamp:")} ${import_chalk17.default.cyan(ev.serverTimestamp)}`).join("\n");
   return `${lines.join("\n")}
-${import_chalk16.default.bold("Pagination cursors")} (last \u2192 first):
+${import_chalk17.default.bold("Pagination cursors")} (last \u2192 first):
 ${detail}`;
 }
 function hashHead2(hash) {
-  if (!hash) return import_chalk16.default.dim("(none)");
+  if (!hash) return import_chalk17.default.dim("(none)");
   if (hash.length <= 14) return hash;
   return `${hash.slice(0, 14)}...`;
 }
@@ -6189,8 +6011,8 @@ function parseLimit4(raw) {
 // src/commands/keys.ts
 var import_node_crypto2 = require("crypto");
 var import_node_fs7 = require("fs");
-var import_sdk17 = require("@heyanon-arp/sdk");
-var import_chalk17 = __toESM(require("chalk"));
+var import_sdk19 = require("@heyanon-arp/sdk");
+var import_chalk18 = __toESM(require("chalk"));
 function writeSecretFile(path, body) {
   const tmp = `${path}.tmp.${(0, import_node_crypto2.randomBytes)(8).toString("hex")}`;
   const fd = (0, import_node_fs7.openSync)(tmp, "wx", 384);
@@ -6217,19 +6039,19 @@ function writeSecretFile(path, body) {
 function registerKeysCommand(root) {
   const keys = root.command("keys").description("Local key utilities");
   keys.command("gen").description("Generate a fresh identity + settlement keypair (no save by default)").action(() => {
-    const identity = (0, import_sdk17.generateKeyPair)();
-    const settlement = (0, import_sdk17.generateKeyPair)();
+    const identity = (0, import_sdk19.generateKeyPair)();
+    const settlement = (0, import_sdk19.generateKeyPair)();
     const out = [
-      import_chalk17.default.bold("Identity key (Ed25519)"),
-      `  public  (base58btc): ${import_chalk17.default.cyan((0, import_sdk17.base58btcEncode)(identity.publicKey))}`,
-      `  secret  (base64)   : ${import_chalk17.default.yellow(Buffer.from(identity.secretKey).toString("base64"))}`,
+      import_chalk18.default.bold("Identity key (Ed25519)"),
+      `  public  (base58btc): ${import_chalk18.default.cyan((0, import_sdk19.base58btcEncode)(identity.publicKey))}`,
+      `  secret  (base64)   : ${import_chalk18.default.yellow(Buffer.from(identity.secretKey).toString("base64"))}`,
       "",
-      import_chalk17.default.bold("Settlement key (Ed25519)"),
-      `  public  (base58btc): ${import_chalk17.default.cyan((0, import_sdk17.base58btcEncode)(settlement.publicKey))}`,
-      `  secret  (base64)   : ${import_chalk17.default.yellow(Buffer.from(settlement.secretKey).toString("base64"))}`,
+      import_chalk18.default.bold("Settlement key (Ed25519)"),
+      `  public  (base58btc): ${import_chalk18.default.cyan((0, import_sdk19.base58btcEncode)(settlement.publicKey))}`,
+      `  secret  (base64)   : ${import_chalk18.default.yellow(Buffer.from(settlement.secretKey).toString("base64"))}`,
       "",
-      import_chalk17.default.bold("Resulting DID"),
-      `  ${import_chalk17.default.cyan((0, import_sdk17.formatDid)(identity.publicKey))}`
+      import_chalk18.default.bold("Resulting DID"),
+      `  ${import_chalk18.default.cyan((0, import_sdk19.formatDid)(identity.publicKey))}`
     ];
     console.log(out.join("\n"));
   });
@@ -6238,20 +6060,20 @@ function registerKeysCommand(root) {
     const json = JSON.stringify(toKeyBundle(agent, (/* @__PURE__ */ new Date()).toISOString()), null, 2);
     if (opts.out) {
       writeSecretFile(opts.out, json);
-      process.stderr.write(import_chalk17.default.yellow(`\u26A0 wrote SECRET key bundle to ${opts.out} (mode 0600) \u2014 keep it offline; anyone with this file can operate ${did}.
+      process.stderr.write(import_chalk18.default.yellow(`\u26A0 wrote SECRET key bundle to ${opts.out} (mode 0600) \u2014 keep it offline; anyone with this file can operate ${did}.
 `));
       console.log(opts.out);
     } else {
-      process.stderr.write(import_chalk17.default.yellow("\u26A0 this is a SECRET key bundle \u2014 redirect to a file and keep it offline.\n"));
+      process.stderr.write(import_chalk18.default.yellow("\u26A0 this is a SECRET key bundle \u2014 redirect to a file and keep it offline.\n"));
       console.log(json);
     }
   });
   keys.command("whoami").description("Print the DID derived from a base64-encoded identity secret key").argument("<secret-key-b64>", "32-byte Ed25519 seed, base64").action((secretKeyB64) => {
     const seed = decodeSeed(secretKeyB64);
-    const pub = (0, import_sdk17.getPublicKey)(seed);
-    const did = (0, import_sdk17.formatDid)(pub);
-    console.log(`${import_chalk17.default.bold("DID")}: ${import_chalk17.default.cyan(did)}`);
-    console.log(`${import_chalk17.default.bold("Identity public key (base58btc)")}: ${import_chalk17.default.cyan((0, import_sdk17.base58btcEncode)(pub))}`);
+    const pub = (0, import_sdk19.getPublicKey)(seed);
+    const did = (0, import_sdk19.formatDid)(pub);
+    console.log(`${import_chalk18.default.bold("DID")}: ${import_chalk18.default.cyan(did)}`);
+    console.log(`${import_chalk18.default.bold("Identity public key (base58btc)")}: ${import_chalk18.default.cyan((0, import_sdk19.base58btcEncode)(pub))}`);
   });
 }
 function decodeSeed(b64) {
@@ -6268,7 +6090,7 @@ function decodeSeed(b64) {
 }
 // src/commands/list.ts
-var import_chalk18 = __toESM(require("chalk"));
+var import_chalk19 = __toESM(require("chalk"));
 function registerListCommand(root) {
   root.command("list").description("List agents registered locally (~/.heyarp/agents.json)").option("--json", "Machine-readable mode \u2014 emit the local agents as a single JSON array on stdout ({serverUrl, did, name, tags, registeredAt}[]).", false).action((opts) => {
     const rows = listAgents();
@@ -6277,7 +6099,7 @@ function registerListCommand(root) {
       return;
     }
     if (rows.length === 0) {
-      console.log(import_chalk18.default.dim(`No local agents. State file: ${stateFilePath()}`));
+      console.log(import_chalk19.default.dim(`No local agents. State file: ${stateFilePath()}`));
       return;
     }
     const grouped = /* @__PURE__ */ new Map();
@@ -6289,7 +6111,7 @@ function registerListCommand(root) {
     for (const [serverUrl, group] of grouped) {
       if (!first) console.log("");
       first = false;
-      console.log(import_chalk18.default.bold(`Server: ${serverUrl}`));
+      console.log(import_chalk19.default.bold(`Server: ${serverUrl}`));
       console.log(formatAgentsTable(group.map(({ agent }) => ({ did: agent.did, name: agent.name, tags: agent.tags, registeredAt: agent.registeredAt }))));
     }
   });
@@ -6297,7 +6119,7 @@ function registerListCommand(root) {
 // src/commands/login.ts
 var import_node_crypto3 = require("crypto");
-var import_chalk19 = __toESM(require("chalk"));
+var import_chalk20 = __toESM(require("chalk"));
 init_api();
 var POLL_INTERVAL_MS = 2e3;
 var POLL_TIMEOUT_MS = 11 * 6e4;
@@ -6367,9 +6189,9 @@ function registerLoginCommand(root) {
         jsonOut({ serverUrl: result.serverUrl, wallet: result.wallet, credentialsPath: credentialsFilePath() });
       } else {
         console.log("");
-        console.log(`${import_chalk19.default.green("Logged in as")} ${import_chalk19.default.cyan(result.wallet)}`);
-        console.log(import_chalk19.default.dim(`If that is not the wallet you approved with, run heyarp logout immediately.`));
-        console.log(import_chalk19.default.dim(`Credential saved to ${credentialsFilePath()} (mode 0600).`));
+        console.log(`${import_chalk20.default.green("Logged in as")} ${import_chalk20.default.cyan(result.wallet)}`);
+        console.log(import_chalk20.default.dim(`If that is not the wallet you approved with, run heyarp logout immediately.`));
+        console.log(import_chalk20.default.dim(`Credential saved to ${credentialsFilePath()} (mode 0600).`));
       }
     } catch (err) {
       emitActionError(err, cmd);
@@ -6379,7 +6201,7 @@ function registerLoginCommand(root) {
 }
 // src/commands/logout.ts
-var import_chalk20 = __toESM(require("chalk"));
+var import_chalk21 = __toESM(require("chalk"));
 init_api();
 function registerLogoutCommand(root) {
   root.command("logout").description("Log out of the ARP server: revoke the stored CLI auth token (best-effort) and delete the local credential for this server.").option("--server <url>", "Override ARP server base URL").option("--json", "machine-readable output ({ serverUrl, loggedOut, wallet? })", false).action(async (opts, cmd) => {
@@ -6404,7 +6226,7 @@ function registerLogoutCommand(root) {
       if (opts.json) {
         jsonOut({ serverUrl: api.serverUrl, loggedOut: true, wallet: credential.wallet });
       } else {
-        console.log(`${import_chalk20.default.green("Logged out of")} ${api.serverUrl} ${import_chalk20.default.dim(`(was ${credential.wallet})`)}`);
+        console.log(`${import_chalk21.default.green("Logged out of")} ${api.serverUrl} ${import_chalk21.default.dim(`(was ${credential.wallet})`)}`);
       }
     } catch (err) {
       emitActionError(err, cmd);
@@ -6413,13 +6235,65 @@ function registerLogoutCommand(root) {
   });
 }
+// src/commands/name.ts
+var import_sdk20 = require("@heyanon-arp/sdk");
+var import_chalk22 = __toESM(require("chalk"));
+init_api();
+function registerNameCommand(root) {
+  const name = root.command("name").description("Agent name (handle) utilities.");
+  name.command("check").description("Check whether an agent name (handle) can be registered \u2014 reports invalid / reserved / taken / available without registering.").argument("<name>", "Candidate handle (lowercase a-z0-9_, 3-32 chars)").option("--server <url>", "Override ARP server base URL").option("--json", "Emit {name, available, reason, did?} as a single JSON object on stdout.", false).action(async (input, opts) => {
+    const result = await runNameCheck(input, opts);
+    if (opts.json) {
+      jsonOut(result);
+    } else {
+      printNameCheck(input, result);
+    }
+    if (!result.available) process.exitCode = 1;
+  });
+}
+async function runNameCheck(input, opts) {
+  const name = (0, import_sdk20.normalizeName)(input);
+  if (!(0, import_sdk20.isValidAgentName)(name)) {
+    return { name, available: false, reason: "invalid" };
+  }
+  if ((0, import_sdk20.isReservedName)(name)) {
+    return { name, available: false, reason: "reserved" };
+  }
+  const api = new ArpApiClient(opts.server);
+  progress(opts.json, import_chalk22.default.dim(`Server: ${api.serverUrl}`));
+  try {
+    const profile = await api.discoverByName(name);
+    return { name, available: false, reason: "taken", did: profile.did };
+  } catch (err) {
+    if (err instanceof ApiError && err.payload.code === "AGENT_NOT_FOUND") {
+      return { name, available: true, reason: null };
+    }
+    throw err;
+  }
+}
+function printNameCheck(input, r) {
+  switch (r.reason) {
+    case "invalid":
+      console.log(`${import_chalk22.default.red("\u2717")} '${input}' is not a valid handle \u2014 must be lowercase a-z0-9_, 3-32 chars.`);
+      break;
+    case "reserved":
+      console.log(`${import_chalk22.default.red("\u2717")} '${r.name}' is reserved and cannot be registered.`);
+      break;
+    case "taken":
+      console.log(`${import_chalk22.default.yellow("\u2717")} '${r.name}' is taken \u2192 ${import_chalk22.default.cyan(r.did ?? "(unknown DID)")}`);
+      break;
+    default:
+      console.log(`${import_chalk22.default.green("\u2713")} '${r.name}' is available.`);
+  }
+}
 // src/commands/profile.ts
-var import_sdk18 = require("@heyanon-arp/sdk");
-var import_chalk21 = __toESM(require("chalk"));
+var import_sdk21 = require("@heyanon-arp/sdk");
+var import_chalk23 = __toESM(require("chalk"));
 init_api();
 function registerProfileCommand(root) {
   root.command("profile").description("Composed agent profile: public fields + reputation + liveness, in one read.").argument("<did>", "did:arp:<base58btc> identifier").option("--server <url>", "Override ARP server base URL").option("--json", "Emit the profile as JSON on stdout.", false).action(async (did, opts) => {
-    if (!(0, import_sdk18.isValidDid)(did)) {
+    if (!(0, import_sdk21.isValidDid)(did)) {
       throw new Error(`'${did}' is not a syntactically valid did:arp identifier`);
     }
     const api = new ArpApiClient(opts.server);
@@ -6430,33 +6304,33 @@ function registerProfileCommand(root) {
     }
     const j = false;
     const s = p.reputation.scores;
-    const live = p.liveness.online ? import_chalk21.default.green("\u25CF online") : import_chalk21.default.dim("\u25CB offline");
+    const live = p.liveness.online ? import_chalk23.default.green("\u25CF online") : import_chalk23.default.dim("\u25CB offline");
     const tags = p.tags.map(sanitizeForTerminal).filter((t) => t.length > 0);
-    progress(j, import_chalk21.default.bold(`${p.name ? sanitizeForTerminal(p.name) : "(unnamed)"}  ${import_chalk21.default.dim(p.did)}`));
-    if (p.description) progress(j, import_chalk21.default.dim(`  ${sanitizeForTerminal(p.description)}`));
-    progress(j, `  ${live}${p.liveness.inboxStreamActive ? import_chalk21.default.green(" \xB7 stream attached") : ""} \xB7 last seen ${p.liveness.lastSeenAt ?? "\u2014"}`);
-    progress(j, `  tags: ${tags.length ? tags.join(", ") : import_chalk21.default.dim("none")}`);
+    progress(j, import_chalk23.default.bold(`${p.name ? sanitizeForTerminal(p.name) : "(unnamed)"}  ${import_chalk23.default.dim(p.did)}`));
+    if (p.description) progress(j, import_chalk23.default.dim(`  ${sanitizeForTerminal(p.description)}`));
+    progress(j, `  ${live}${p.liveness.inboxStreamActive ? import_chalk23.default.green(" \xB7 stream attached") : ""} \xB7 last seen ${p.liveness.lastSeenAt ?? "\u2014"}`);
+    progress(j, `  tags: ${tags.length ? tags.join(", ") : import_chalk23.default.dim("none")}`);
     progress(j, "");
-    progress(j, import_chalk21.default.bold("  Reputation") + import_chalk21.default.dim(" (informational)"));
+    progress(j, import_chalk23.default.bold("  Reputation") + import_chalk23.default.dim(" (informational)"));
     progress(
       j,
       `    composite ${s.composite.toFixed(2)} \xB7 reliability ${s.reliability.toFixed(2)} \xB7 settlement ${s.settlement.toFixed(2)} \xB7 dispute-health ${s.disputeHealth.toFixed(2)}`
     );
-    progress(j, import_chalk21.default.dim(`    ${p.reputation.computed ? `computed ${p.reputation.lastComputedAt}` : "never computed (neutral cold-start)"}`));
+    progress(j, import_chalk23.default.dim(`    ${p.reputation.computed ? `computed ${p.reputation.lastComputedAt}` : "never computed (neutral cold-start)"}`));
   });
 }
 // src/commands/receipt.ts
-var import_sdk19 = require("@heyanon-arp/sdk");
+var import_sdk22 = require("@heyanon-arp/sdk");
 var import_shield2 = require("@heyanon-arp/shield");
-var import_chalk22 = __toESM(require("chalk"));
+var import_chalk24 = __toESM(require("chalk"));
 init_api();
 function registerReceiptCommands(root) {
   const cmd = root.command("receipt").description("Receipt envelopes \u2014 the payee proposes a delivery record (payment consent is on-chain via claim_work_payment)");
   registerPropose(cmd);
 }
 function registerPropose(parent) {
-  parent.command("propose").description("Send a receipt envelope as the PAYEE. Row lands PROPOSED; the buyer approves payment on-chain via claim_work_payment.").argument("<recipient-did>", "Recipient agent DID (= caller / offerer of the parent delegation)").argument("<delegation-id>", "Parent delegation id (UUID, must be ACCEPTED)").argument("[request-hash]", "sha256:<64 hex> \u2014 SHA-256 of the work_request payload being settled. Omit when --auto-hashes is set.").argument("[response-hash]", "sha256:<64 hex> \u2014 SHA-256 of the work_response payload being settled. Omit when --auto-hashes is set.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--verdict <s>", "verdict_proposed (accepted | accepted_with_notes | rejected)", "accepted").option("--notes-hash <sha256>", "Optional sha256:<64 hex> notes hash").option("--deliverable-hash <sha256>", "Optional sha256:<64 hex> deliverable hash").option("--input-tokens <n>", "Optional usage.input_tokens").option("--output-tokens <n>", "Optional usage.output_tokens").option("--latency-ms <n>", "Optional usage.latency_ms").option("--model <name>", "Optional usage.model").option("--computed-amount <s>", "Optional usage.computed_amount").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option(
+  parent.command("propose").description("Send a receipt envelope as the PAYEE. Row lands PROPOSED; the buyer approves payment on-chain via claim_work_payment.").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (= caller / offerer of the parent delegation)").argument("<delegation-id>", "Parent delegation id (UUID, must be ACCEPTED)").argument("[request-hash]", "sha256:<64 hex> \u2014 SHA-256 of the work_request payload being settled. Omit when --auto-hashes is set.").argument("[response-hash]", "sha256:<64 hex> \u2014 SHA-256 of the work_response payload being settled. Omit when --auto-hashes is set.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--verdict <s>", "verdict_proposed (accepted | accepted_with_notes | rejected)", "accepted").option("--notes-hash <sha256>", "Optional sha256:<64 hex> notes hash").option("--deliverable-hash <sha256>", "Optional sha256:<64 hex> deliverable hash").option("--input-tokens <n>", "Optional usage.input_tokens").option("--output-tokens <n>", "Optional usage.output_tokens").option("--latency-ms <n>", "Optional usage.latency_ms").option("--model <name>", "Optional usage.model").option("--computed-amount <s>", "Optional usage.computed_amount").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option(
     "--auto-hashes",
     "Compute request_hash + response_hash automatically from the work-log row at (--rel-id, <delegation-id>, --request-id). Positional <request-hash>/<response-hash> become optional; if supplied they must match the computed values (consistency check). --rel-id and --request-id auto-resolve from local state when unambiguous \u2014 pass them explicitly only if the lookup finds multiple candidates.",
     false
@@ -6476,7 +6350,7 @@ function registerPropose(parent) {
     } catch (err) {
       emitActionError(err, cmd);
       if (!opts.json && err instanceof ApiError && err.payload.code === "RECEIPT_ALREADY_EXISTS") {
-        console.error(import_chalk22.default.dim("  This receipt already exists (a prior propose committed it). Do NOT re-propose \u2014 payment consent is on-chain (claim_work_payment)."));
+        console.error(import_chalk24.default.dim("  This receipt already exists (a prior propose committed it). Do NOT re-propose \u2014 payment consent is on-chain (claim_work_payment)."));
       }
       process.exitCode = 1;
     }
@@ -6488,7 +6362,7 @@ async function runPropose(recipientDid, delegationId, requestHashArg, responseHa
       "receipt propose: --verbose and --json are mutually exclusive. --json already emits the full server response as a structured payload; --verbose adds an envelope + response dump on top that would break `--json | jq`."
     );
   }
-  requireDid2("receipt propose", recipientDid, "<recipient-did>");
+  recipientDid = await resolveRecipient(opts.server, "receipt propose", recipientDid, { json: opts.json });
   delegationId = requireUuidNormalised2("receipt propose", delegationId, "<delegation-id>");
   if (opts.relId) opts.relId = requireUuidNormalised2("receipt propose", opts.relId, "--rel-id");
   const verdict = parseVerdict("receipt propose", opts.verdict);
@@ -6497,12 +6371,12 @@ async function runPropose(recipientDid, delegationId, requestHashArg, responseHa
   if (opts.deliverableHash) requireSha256("receipt propose", opts.deliverableHash, "--deliverable-hash");
   const usage = parseUsage("receipt propose", opts);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("receipt propose", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("receipt propose", opts.server, opts.fromDid, opts.from);
   if (!opts.relId && opts.autoHashes) {
     opts.relId = await resolveAutoRelId(api, sender, delegationId);
     progress(
       opts.json,
-      import_chalk22.default.dim(`[auto-rel-id] resolved --rel-id=${opts.relId} (delegation found in exactly one of your relationships; pass --rel-id explicitly to override)`)
+      import_chalk24.default.dim(`[auto-rel-id] resolved --rel-id=${opts.relId} (delegation found in exactly one of your relationships; pass --rel-id explicitly to override)`)
     );
   }
   if (opts.relId) {
@@ -6518,7 +6392,7 @@ async function runPropose(recipientDid, delegationId, requestHashArg, responseHa
       opts.requestId = await resolveAutoRequestId(api, sender, opts.relId, delegationId);
       progress(
         opts.json,
-        import_chalk22.default.dim(
+        import_chalk24.default.dim(
           `[auto-request-id] resolved --request-id=${opts.requestId} (unique 'responded' work_log under this delegation; pass --request-id explicitly to override)`
         )
       );
@@ -6537,8 +6411,8 @@ async function runPropose(recipientDid, delegationId, requestHashArg, responseHa
     }
     requestHash = computed.requestHash;
     responseHash = computed.responseHash;
-    progress(opts.json, import_chalk22.default.dim(`[auto-hashes] request_hash:  ${requestHash} (from work-log ${opts.relId}/${delegationId}/${opts.requestId})`));
-    progress(opts.json, import_chalk22.default.dim(`[auto-hashes] response_hash: ${responseHash}`));
+    progress(opts.json, import_chalk24.default.dim(`[auto-hashes] request_hash:  ${requestHash} (from work-log ${opts.relId}/${delegationId}/${opts.requestId})`));
+    progress(opts.json, import_chalk24.default.dim(`[auto-hashes] response_hash: ${responseHash}`));
   } else {
     if (requestHashArg === void 0 || responseHashArg === void 0) {
       throw new Error("receipt propose: <request-hash> and <response-hash> are required (or pass --auto-hashes + --rel-id + --request-id to derive them from the work-log)");
@@ -6558,11 +6432,11 @@ async function runPropose(recipientDid, delegationId, requestHashArg, responseHa
   if (opts.deliverableHash) content.deliverable_hash = opts.deliverableHash;
   if (usage) content.usage = usage;
   const body = { type: "receipt", content };
-  progress(opts.json, import_chalk22.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk22.default.dim(`Sender (payee): ${sender.did}`));
-  progress(opts.json, import_chalk22.default.dim(`Recipient (caller): ${recipientDid}`));
-  progress(opts.json, import_chalk22.default.dim(`Delegation: ${delegationId}`));
-  progress(opts.json, import_chalk22.default.dim(`Verdict (proposed): ${verdict}`));
+  progress(opts.json, import_chalk24.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk24.default.dim(`Sender (payee): ${sender.did}`));
+  progress(opts.json, import_chalk24.default.dim(`Recipient (caller): ${recipientDid}`));
+  progress(opts.json, import_chalk24.default.dim(`Delegation: ${delegationId}`));
+  progress(opts.json, import_chalk24.default.dim(`Verdict (proposed): ${verdict}`));
   const result = await sendReceiptEnvelope({ api, sender, recipientDid, body, attachments: void 0, ttlSeconds, verbose: opts.verbose, server: opts.server });
   if (opts.json) {
     const json = {
@@ -6583,10 +6457,10 @@ async function runPropose(recipientDid, delegationId, requestHashArg, responseHa
     return;
   }
   printIngestResult2(result);
-  console.log(import_chalk22.default.dim(`
-Receipt event hash: ${import_chalk22.default.cyan(result.serverEventHash)}`));
-  console.log(import_chalk22.default.dim("Receipt recorded. Payment consent is ON-CHAIN now: the buyer approves by"));
-  console.log(import_chalk22.default.dim("sending claim_work_payment (or you self-claim after the review window)."));
+  console.log(import_chalk24.default.dim(`
+Receipt event hash: ${import_chalk24.default.cyan(result.serverEventHash)}`));
+  console.log(import_chalk24.default.dim("Receipt recorded. Payment consent is ON-CHAIN now: the buyer approves by"));
+  console.log(import_chalk24.default.dim("sending claim_work_payment (or you self-claim after the review window)."));
 }
 async function assertSenderIsReceiptPayee(api, sender, relationshipId, delegationId) {
   const signer = makeSigner(sender);
@@ -6654,7 +6528,7 @@ async function computeWorkLogHashes(api, sender, relationshipId, delegationId, r
       `receipt propose --auto-hashes: no work-log row found for (relationshipId=${relationshipId}, delegationId=${delegationId}, requestId=${requestId}). Did the work_request envelope land yet?`
     );
   }
-  if (workLog.state !== import_sdk19.WorkLogStates.RESPONDED) {
+  if (workLog.state !== import_sdk22.WorkLogStates.RESPONDED) {
     throw new Error(
       `receipt propose --auto-hashes: work-log row ${requestId} is in state '${workLog.state}', not 'responded'. The payee must \`work respond\` before a receipt can be proposed.`
     );
@@ -6670,34 +6544,34 @@ async function computeWorkLogHashes(api, sender, relationshipId, delegationId, r
   };
   const responseBody = workLog.responseOutput !== void 0 ? { type: "work_response", content: { delegation_id: workLog.delegationId, request_id: workLog.requestId, output: workLog.responseOutput } } : { type: "work_response", content: { delegation_id: workLog.delegationId, request_id: workLog.requestId, error: workLog.responseError } };
   return {
-    requestHash: (0, import_sdk19.canonicalSha256Hex)(requestBody),
-    responseHash: (0, import_sdk19.canonicalSha256Hex)(responseBody)
+    requestHash: (0, import_sdk22.canonicalSha256Hex)(requestBody),
+    responseHash: (0, import_sdk22.canonicalSha256Hex)(responseBody)
   };
 }
 async function sendReceiptEnvelope(args) {
   const nextSequence = (args.sender.lastSenderSequence ?? 0) + 1;
   const protectedBlock = {
-    protocol_version: import_sdk19.CURRENT_PROTOCOL_VERSION,
-    purpose: import_sdk19.Purpose.ENVELOPE,
-    message_id: (0, import_sdk19.uuidV4)(),
+    protocol_version: import_sdk22.CURRENT_PROTOCOL_VERSION,
+    purpose: import_sdk22.Purpose.ENVELOPE,
+    message_id: (0, import_sdk22.uuidV4)(),
     sender_did: args.sender.did,
     recipient_did: args.recipientDid,
     relationship_id: null,
     sender_sequence: nextSequence,
-    sender_nonce: (0, import_sdk19.senderNonce)(),
-    timestamp: (0, import_sdk19.rfc3339)(),
-    expires_at: (0, import_sdk19.expiresAt)(args.ttlSeconds),
+    sender_nonce: (0, import_sdk22.senderNonce)(),
+    timestamp: (0, import_sdk22.rfc3339)(),
+    expires_at: (0, import_sdk22.expiresAt)(args.ttlSeconds),
     delivery_id: null
   };
   const signer = makeSigner(args.sender);
-  const envelope = (0, import_sdk19.signEnvelope)({
+  const envelope = (0, import_sdk22.signEnvelope)({
     protected: protectedBlock,
     body: args.body,
     identitySecretKey: signer.identitySecretKey,
     attachments: args.attachments
   });
   if (args.verbose) {
-    console.log(import_chalk22.default.bold("\nEnvelope (pre-send):"));
+    console.log(import_chalk24.default.bold("\nEnvelope (pre-send):"));
     console.log(formatJson(envelope));
   }
   try {
@@ -6705,24 +6579,24 @@ async function sendReceiptEnvelope(args) {
     updateAgentLocal(args.server, args.sender.did, { lastSenderSequence: nextSequence });
     return result;
   } catch (err) {
-    if (err instanceof ApiError && (0, import_sdk19.isPostCommitErrorCode)(err.payload.code)) {
+    if (err instanceof ApiError && (0, import_sdk22.isPostCommitErrorCode)(err.payload.code)) {
       updateAgentLocal(args.server, args.sender.did, { lastSenderSequence: nextSequence });
     }
     throw err;
   }
 }
 function printIngestResult2(result) {
-  console.log(import_chalk22.default.green("\nDelivered."));
-  console.log(`${import_chalk22.default.bold("Event id")}: ${import_chalk22.default.cyan(result.eventId)}`);
-  console.log(`${import_chalk22.default.bold("Relationship id")}: ${import_chalk22.default.cyan(result.relationshipId)}`);
-  console.log(`${import_chalk22.default.bold("Chain index")}: ${import_chalk22.default.cyan(String(result.relationshipEventIndex))}`);
-  console.log(`${import_chalk22.default.bold("Server timestamp")}: ${import_chalk22.default.cyan(result.serverTimestamp)}`);
-  console.log(`${import_chalk22.default.bold("Server event hash")}: ${import_chalk22.default.cyan(result.serverEventHash)}`);
+  console.log(import_chalk24.default.green("\nDelivered."));
+  console.log(`${import_chalk24.default.bold("Event id")}: ${import_chalk24.default.cyan(result.eventId)}`);
+  console.log(`${import_chalk24.default.bold("Relationship id")}: ${import_chalk24.default.cyan(result.relationshipId)}`);
+  console.log(`${import_chalk24.default.bold("Chain index")}: ${import_chalk24.default.cyan(String(result.relationshipEventIndex))}`);
+  console.log(`${import_chalk24.default.bold("Server timestamp")}: ${import_chalk24.default.cyan(result.serverTimestamp)}`);
+  console.log(`${import_chalk24.default.bold("Server event hash")}: ${import_chalk24.default.cyan(result.serverEventHash)}`);
 }
 function parseVerdict(cmdName, raw) {
-  if (raw === void 0 || raw === "") return import_sdk19.ReceiptVerdicts.ACCEPTED;
-  if (!import_sdk19.RECEIPT_VERDICTS.includes(raw)) {
-    throw new Error(`${cmdName}: --verdict must be one of ${import_sdk19.RECEIPT_VERDICTS.join(" | ")} (got '${raw}')`);
+  if (raw === void 0 || raw === "") return import_sdk22.ReceiptVerdicts.ACCEPTED;
+  if (!import_sdk22.RECEIPT_VERDICTS.includes(raw)) {
+    throw new Error(`${cmdName}: --verdict must be one of ${import_sdk22.RECEIPT_VERDICTS.join(" | ")} (got '${raw}')`);
   }
   return raw;
 }
@@ -6759,24 +6633,19 @@ function requireUuid3(cmdName, raw, label) {
   requireUuid(cmdName, raw, label);
 }
 function requireSha256(cmdName, raw, label) {
-  if (!(0, import_sdk19.isSha256Hex)(raw)) {
+  if (!(0, import_sdk22.isSha256Hex)(raw)) {
     throw new Error(`${cmdName}: ${label} must match 'sha256:<64 lowercase hex>' (got '${raw}')`);
   }
 }
-function requireDid2(cmdName, did, label) {
-  if (typeof did !== "string" || !did.startsWith("did:arp:") || did.length <= "did:arp:".length) {
-    throw new Error(`${cmdName}: ${label} must look like 'did:arp:...' (got '${did}')`);
-  }
-}
 // src/commands/receipts.ts
-var import_sdk20 = require("@heyanon-arp/sdk");
-var import_chalk23 = __toESM(require("chalk"));
+var import_sdk23 = require("@heyanon-arp/sdk");
+var import_chalk25 = __toESM(require("chalk"));
 init_api();
 function registerReceiptsCommand(root) {
   root.command("receipts").description(
     "List receipts for a relationship (one row per (delegationId, requestHash, responseHash), oldest-first). Receipt rows expose the chain hash as `receiptEventHash` (NOT `serverEventHash` \u2014 that field is the wider envelope identifier on `heyarp events` rows). Scripts using `--json | jq .receiptEventHash` get the value; `jq .serverEventHash` silently returns null because the row doesn't carry that key."
-  ).argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--delegation-id <uuid>", "Narrow to receipts under a specific delegation id").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option(
+  ).argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--delegation-id <uuid>", "Narrow to receipts under a specific delegation id").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--verbose",
     'After the one-line summaries, print a framed "Full receipt payloads (N rows)" block \u2014 each row labelled with full delegationId + requestHash + responseHash and dumped as JSON. Mutually exclusive with --json.',
     false
@@ -6792,11 +6661,11 @@ async function runReceipts(relationshipId, opts) {
   }
   const limit = parseLimit5(opts.limit);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("receipts", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("receipts", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
-    console.log(import_chalk23.default.dim(`Server: ${api.serverUrl}`));
-    console.log(import_chalk23.default.dim(`Signer: ${sender.did}`));
-    console.log(import_chalk23.default.dim(`Relationship: ${relationshipId}`));
+    console.log(import_chalk25.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk25.default.dim(`Signer: ${sender.did}`));
+    console.log(import_chalk25.default.dim(`Relationship: ${relationshipId}`));
   }
   const query = { limit };
   if (opts.delegationId) query.delegationId = opts.delegationId;
@@ -6808,7 +6677,7 @@ async function runReceipts(relationshipId, opts) {
     return;
   }
   if (rows.length === 0) {
-    console.log(import_chalk23.default.dim("\n(no receipts for this relationship)"));
+    console.log(import_chalk25.default.dim("\n(no receipts for this relationship)"));
     return;
   }
   console.log("");
@@ -6825,29 +6694,29 @@ async function runReceipts(relationshipId, opts) {
     }));
   }
   const lastId = rows[rows.length - 1].id;
-  console.log(import_chalk23.default.dim(`
+  console.log(import_chalk25.default.dim(`
 ${rows.length} receipt row(s). Paginate with --after ${lastId}.`));
 }
 function formatReceiptLine(r, selfDid, opts = {}) {
   const delegationPart = opts.fullIds ? r.delegationId : idHead2(r.delegationId);
   const requestHashPart = opts.fullIds ? r.requestHash : hashHead3(r.requestHash);
-  const id = import_chalk23.default.bold(`${delegationPart}/${requestHashPart}`);
+  const id = import_chalk25.default.bold(`${delegationPart}/${requestHashPart}`);
   const callerHead = opts.fullIds ? r.callerDid : didHead3(r.callerDid);
   const payeeHead = opts.fullIds ? r.payeeDid : didHead3(r.payeeDid);
-  const direction = r.payeeDid === selfDid ? `${import_chalk23.default.bold("me")}(payee) \u2192 ${import_chalk23.default.dim(callerHead)}` : `${import_chalk23.default.dim(payeeHead)}(payee) \u2192 ${import_chalk23.default.bold("me")}`;
+  const direction = r.payeeDid === selfDid ? `${import_chalk25.default.bold("me")}(payee) \u2192 ${import_chalk25.default.dim(callerHead)}` : `${import_chalk25.default.dim(payeeHead)}(payee) \u2192 ${import_chalk25.default.bold("me")}`;
   const verdict = formatVerdict(r);
   const responseTail = opts.fullIds ? `
-  ${import_chalk23.default.dim("responseHash:")} ${import_chalk23.default.cyan(r.responseHash)}` : "";
+  ${import_chalk25.default.dim("responseHash:")} ${import_chalk25.default.cyan(r.responseHash)}` : "";
   return `${id}  ${direction}  ${verdict}${responseTail}`;
 }
 function formatVerdict(r) {
   switch (r.verdictProposed) {
-    case import_sdk20.ReceiptVerdicts.ACCEPTED:
-      return import_chalk23.default.green("accepted");
-    case import_sdk20.ReceiptVerdicts.ACCEPTED_WITH_NOTES:
-      return import_chalk23.default.yellow("accepted_with_notes");
-    case import_sdk20.ReceiptVerdicts.REJECTED:
-      return import_chalk23.default.red("rejected");
+    case import_sdk23.ReceiptVerdicts.ACCEPTED:
+      return import_chalk25.default.green("accepted");
+    case import_sdk23.ReceiptVerdicts.ACCEPTED_WITH_NOTES:
+      return import_chalk25.default.yellow("accepted_with_notes");
+    case import_sdk23.ReceiptVerdicts.REJECTED:
+      return import_chalk25.default.red("rejected");
   }
 }
 function idHead2(id) {
@@ -6873,8 +6742,8 @@ function parseLimit5(raw) {
 // src/commands/recover.ts
 var import_node_fs8 = require("fs");
-var import_sdk21 = require("@heyanon-arp/sdk");
-var import_chalk24 = __toESM(require("chalk"));
+var import_sdk24 = require("@heyanon-arp/sdk");
+var import_chalk26 = __toESM(require("chalk"));
 init_api();
 function registerRecoverCommand(root) {
   root.command("recover").description(
@@ -6894,23 +6763,23 @@ async function runRecover(opts) {
   }
   const bundle = validateKeyBundle(raw);
   const identitySecret = new Uint8Array(Buffer.from(bundle.identitySecretKeyB64, "base64"));
-  const identityPub = (0, import_sdk21.base58btcDecode)(bundle.identityPublicKeyB58);
-  const derivedDid = (0, import_sdk21.formatDid)(identityPub);
+  const identityPub = (0, import_sdk24.base58btcDecode)(bundle.identityPublicKeyB58);
+  const derivedDid = (0, import_sdk24.formatDid)(identityPub);
   if (derivedDid !== bundle.did) {
     throw new Error(`recover: key file is inconsistent \u2014 its DID (${bundle.did}) does not match its identity public key (${derivedDid})`);
   }
   const probe2 = new TextEncoder().encode("heyarp-recover-keycheck");
-  if (!(0, import_sdk21.verify)((0, import_sdk21.sign)(probe2, identitySecret), probe2, identityPub)) {
+  if (!(0, import_sdk24.verify)((0, import_sdk24.sign)(probe2, identitySecret), probe2, identityPub)) {
     throw new Error("recover: the identity secret key does not match the public key in this bundle");
   }
   const settlementSecret = new Uint8Array(Buffer.from(bundle.settlementSecretKeyB64, "base64"));
-  const settlementPub = (0, import_sdk21.base58btcDecode)(bundle.settlementPublicKeyB58);
-  if (!(0, import_sdk21.verify)((0, import_sdk21.sign)(probe2, settlementSecret), probe2, settlementPub)) {
+  const settlementPub = (0, import_sdk24.base58btcDecode)(bundle.settlementPublicKeyB58);
+  if (!(0, import_sdk24.verify)((0, import_sdk24.sign)(probe2, settlementSecret), probe2, settlementPub)) {
     throw new Error("recover: the settlement secret key does not match the settlement public key in this bundle");
   }
   if (bundle.ownerWallet && bundle.ownerWallet !== credential.wallet) {
     process.stderr.write(
-      import_chalk24.default.yellow(
+      import_chalk26.default.yellow(
         `\u26A0 this bundle was exported under wallet ${bundle.ownerWallet}, but you are logged in as ${credential.wallet}. The server will reject the recover unless the agent is yours.
 `
       )
@@ -6927,7 +6796,7 @@ async function runRecover(opts) {
     lastSenderSequence = seq.lastSenderSequence;
   } catch (err) {
     process.stderr.write(
-      import_chalk24.default.yellow(
+      import_chalk26.default.yellow(
         `\u26A0 could not read the sender sequence from the server (${err.message}). If sends are rejected as backwards, run \`heyarp escrow recover-sequence --apply\`.
 `
       )
@@ -6955,14 +6824,14 @@ async function runRecover(opts) {
     jsonOut({ recovered: true, did: derivedDid, name: row.name });
     return;
   }
-  console.log(import_chalk24.default.green(`\u2713 Recovered ${row.name ? `${row.name} ` : ""}${derivedDid} into local state \u2014 you can operate it now.`));
+  console.log(import_chalk26.default.green(`\u2713 Recovered ${row.name ? `${row.name} ` : ""}${derivedDid} into local state \u2014 you can operate it now.`));
 }
 // src/commands/register.ts
 var import_node_crypto4 = require("crypto");
 var import_node_fs9 = require("fs");
-var import_sdk22 = require("@heyanon-arp/sdk");
-var import_chalk25 = __toESM(require("chalk"));
+var import_sdk25 = require("@heyanon-arp/sdk");
+var import_chalk27 = __toESM(require("chalk"));
 var import_prompts2 = __toESM(require("prompts"));
 init_api();
 init_paths();
@@ -6974,7 +6843,7 @@ function registerRegisterCommand(root) {
       "`--password` is REQUIRED \u2014 must be at least 8 characters. In interactive mode (--yes omitted) the CLI prompts for it; with --yes it must be passed explicitly.",
       "`--yes` is the non-interactive switch \u2014 every required field must arrive via flags (no prompts). Use this for scripted setups."
     ].join("\n")
-  ).option("--server <url>", "Override ARP server base URL").option("--from-keys <file>", "Load identity + settlement keys from a JSON file instead of generating").option("--name <s>", "Display name (skips the name prompt)").option("--description <s>", "Description (skips the description prompt)").option("--tag <s>", "Capability tag \u2014 repeatable, e.g. --tag translation --tag fr", accumulate3, []).option(
+  ).option("--server <url>", "Override ARP server base URL").option("--from-keys <file>", "Load identity + settlement keys from a JSON file instead of generating").option("--name <s>", "Unique handle \u2014 lowercase a-z0-9_, 3-32 chars, immutable (skips the name prompt)").option("--description <s>", "Description (skips the description prompt)").option("--tag <s>", "Capability tag \u2014 repeatable, e.g. --tag translation --tag fr", accumulate3, []).option(
     "--password <s>",
     // `--password` puts the secret in `argv` — visible via
     // `ps aux` / kernel process table on shared hosts,
@@ -7016,44 +6885,44 @@ var defaultRegisterDeps = {
 async function runRegister(opts, deps = defaultRegisterDeps) {
   assertJsonRequiresYes(opts);
   const api = deps.makeApi(opts.server);
-  if (!opts.json) console.log(import_chalk25.default.dim(`Server: ${api.serverUrl}`));
+  if (!opts.json) console.log(import_chalk27.default.dim(`Server: ${api.serverUrl}`));
   const credential = requireCredential("register", api.serverUrl);
   if (!opts.json) {
     warnIfAgentsAlreadyRegistered(opts.server);
     warnIfOrphanHomesPresent();
   }
   const keys = opts.fromKeys ? loadKeysFromFile(opts.fromKeys) : freshKeys();
-  const did = (0, import_sdk22.formatDid)(keys.identityPublicKey);
-  if (!opts.json) console.log(import_chalk25.default.dim(`DID will be: ${did}`));
+  const did = (0, import_sdk25.formatDid)(keys.identityPublicKey);
+  if (!opts.json) console.log(import_chalk27.default.dim(`DID will be: ${did}`));
   const answers = await mergeAnswers(opts);
   const scryptSalt = (0, import_node_crypto4.randomBytes)(16);
-  if (!opts.json) console.log(import_chalk25.default.dim("Deriving scrypt key, this may take a moment..."));
-  const scryptKey = (0, import_sdk22.deriveScryptKey)(answers.password, new Uint8Array(scryptSalt));
+  if (!opts.json) console.log(import_chalk27.default.dim("Deriving scrypt key, this may take a moment..."));
+  const scryptKey = (0, import_sdk25.deriveScryptKey)(answers.password, new Uint8Array(scryptSalt));
   const challenge = await api.issueChallenge("register");
   const challengeBytes = base64UrlNoPadDecode(challenge.challengeB64);
   if (challengeBytes.length !== 32) {
     throw new Error(`Server returned a ${challengeBytes.length}-byte challenge; expected 32`);
   }
-  const challengeSig = (0, import_sdk22.signChallenge)(challengeBytes, keys.identitySecretKey);
-  const identityPublicKeyB58 = (0, import_sdk22.base58btcEncode)(keys.identityPublicKey);
+  const challengeSig = (0, import_sdk25.signChallenge)(challengeBytes, keys.identitySecretKey);
+  const identityPublicKeyB58 = (0, import_sdk25.base58btcEncode)(keys.identityPublicKey);
   await api.submitChallengeResponse({
     challengeId: challenge.challengeId,
     identityPublicKey: identityPublicKeyB58,
     signature: Buffer.from(challengeSig).toString("base64")
   });
-  const settlementPublicKeyB58 = (0, import_sdk22.base58btcEncode)(keys.settlementPublicKey);
-  const scryptSaltId = (0, import_sdk22.uuidV4)();
+  const settlementPublicKeyB58 = (0, import_sdk25.base58btcEncode)(keys.settlementPublicKey);
+  const scryptSaltId = (0, import_sdk25.uuidV4)();
   const payload = {
-    purpose: import_sdk22.Purpose.KEY_LINK,
+    purpose: import_sdk25.Purpose.KEY_LINK,
     agent_did: did,
     identity_public_key: identityPublicKeyB58,
     settlement_public_key: settlementPublicKeyB58,
-    owner_signing_method: import_sdk22.OWNER_SIGNING_METHODS[0],
+    owner_signing_method: import_sdk25.OWNER_SIGNING_METHODS[0],
     link_method: "manual",
-    created_at: (0, import_sdk22.rfc3339)(),
-    nonce: (0, import_sdk22.senderNonce)()
+    created_at: (0, import_sdk25.rfc3339)(),
+    nonce: (0, import_sdk25.senderNonce)()
   };
-  const attestation = (0, import_sdk22.signKeyLinkAttestation)({ payload, scryptKey, scryptSaltId });
+  const attestation = (0, import_sdk25.signKeyLinkAttestation)({ payload, scryptKey, scryptSaltId });
   const body = {
     challengeId: challenge.challengeId,
     identityPublicKey: identityPublicKeyB58,
@@ -7096,7 +6965,7 @@ async function runRegister(opts, deps = defaultRegisterDeps) {
   try {
     result = await api.register(body, credential.token);
   } catch (err) {
-    if (err instanceof ApiError && (err.payload.code === import_sdk22.CliAuthTokenErrorCodes.INVALID || err.payload.code === import_sdk22.CliAuthTokenErrorCodes.REQUIRED)) {
+    if (err instanceof ApiError && (err.payload.code === import_sdk25.CliAuthTokenErrorCodes.INVALID || err.payload.code === import_sdk25.CliAuthTokenErrorCodes.REQUIRED)) {
       throw new Error(
         `register: the stored login token for ${api.serverUrl} was rejected (${err.payload.message}) \u2014 run 'heyarp login' again. Your keys are saved locally; re-running register with --from-keys is safe.`
       );
@@ -7115,19 +6984,19 @@ async function runRegister(opts, deps = defaultRegisterDeps) {
   try {
     recordHome(arpHomeDir());
   } catch (registryErr) {
-    if (!opts.json) console.log(import_chalk25.default.dim(`(homes registry write failed: ${registryErr.message})`));
+    if (!opts.json) console.log(import_chalk27.default.dim(`(homes registry write failed: ${registryErr.message})`));
   }
   if (!opts.json) {
-    console.log(import_chalk25.default.green("\nRegistered."));
-    console.log(`${import_chalk25.default.bold("DID")}: ${import_chalk25.default.cyan(result.did)}`);
-    console.log(`${import_chalk25.default.bold("Settlement pubkey")} ${import_chalk25.default.dim("(fund with SOL)")}: ${import_chalk25.default.cyan(settlementPublicKeyB58)}`);
-    console.log(`${import_chalk25.default.bold("Owner account")}: ${import_chalk25.default.cyan(credential.wallet)}`);
-    console.log(import_chalk25.default.bold("DID document:"));
+    console.log(import_chalk27.default.green("\nRegistered."));
+    console.log(`${import_chalk27.default.bold("DID")}: ${import_chalk27.default.cyan(result.did)}`);
+    console.log(`${import_chalk27.default.bold("Settlement pubkey")} ${import_chalk27.default.dim("(fund with SOL)")}: ${import_chalk27.default.cyan(settlementPublicKeyB58)}`);
+    console.log(`${import_chalk27.default.bold("Owner account")}: ${import_chalk27.default.cyan(credential.wallet)}`);
+    console.log(import_chalk27.default.bold("DID document:"));
     console.log(formatJson(result.didDocument));
   }
-  if (!opts.json) console.log(import_chalk25.default.green(`
+  if (!opts.json) console.log(import_chalk27.default.green(`
 \u2713 Discoverable now via \`heyarp agents\`.`));
-  if (!opts.json) console.log(import_chalk25.default.dim(`
+  if (!opts.json) console.log(import_chalk27.default.dim(`
 Local state saved to ${arpHomeDir()}/agents.json (mode 0600).`));
   if (opts.json) {
     console.log(
@@ -7178,8 +7047,13 @@ async function mergeAnswers(opts) {
     promptDefs.push({
       type: "text",
       name: "name",
-      message: "Agent name (display only)",
-      validate: (v) => v.length > 0 ? true : "required"
+      message: "Agent name \u2014 unique handle (lowercase a-z0-9_, 3-32 chars, immutable; addressable instead of the DID)",
+      validate: (v) => {
+        const n = (0, import_sdk25.normalizeName)(v);
+        if (!(0, import_sdk25.isValidAgentName)(n)) return "must be lowercase a-z0-9_, 3-32 chars";
+        if ((0, import_sdk25.isReservedName)(n)) return `'${n}' is reserved`;
+        return true;
+      }
     });
   }
   if (need.description) {
@@ -7195,18 +7069,29 @@ async function mergeAnswers(opts) {
   }
   const prompted = promptDefs.length > 0 ? await (0, import_prompts2.default)(promptDefs, {
     onCancel: () => {
-      console.log(import_chalk25.default.yellow("\nAborted."));
+      console.log(import_chalk27.default.yellow("\nAborted."));
       process.exit(130);
     }
   }) : {};
   const tags = (opts.tag && opts.tag.length > 0 ? opts.tag : parseTagsCsv(typeof prompted.tagsCsv === "string" ? prompted.tagsCsv : "")).map((t) => t.trim().toLowerCase()).filter((t) => t.length > 0);
+  const name = normalizeAndValidateName(opts.name ?? prompted.name);
   return {
     password: opts.password ?? prompted.password,
-    name: opts.name ?? prompted.name,
+    name,
     description: opts.description ?? prompted.description ?? "",
     tags
   };
 }
+function normalizeAndValidateName(raw) {
+  const name = (0, import_sdk25.normalizeName)(raw);
+  if (!(0, import_sdk25.isValidAgentName)(name)) {
+    throw new Error(`register: name '${raw}' must be a lowercase handle \u2014 a-z0-9_, 3-32 chars`);
+  }
+  if ((0, import_sdk25.isReservedName)(name)) {
+    throw new Error(`register: name '${name}' is reserved and cannot be registered`);
+  }
+  return name;
+}
 function warnIfOrphanHomesPresent() {
   if (process.env.HEYARP_HOME && process.env.HEYARP_HOME.length > 0) {
     return;
@@ -7216,16 +7101,16 @@ function warnIfOrphanHomesPresent() {
   try {
     others = listHomes().filter((h) => h.path !== current);
   } catch (registryErr) {
-    console.log(import_chalk25.default.dim(`(homes registry unreadable, skipping orphan-home check: ${registryErr.message})`));
+    console.log(import_chalk27.default.dim(`(homes registry unreadable, skipping orphan-home check: ${registryErr.message})`));
     return;
   }
   if (others.length === 0) return;
-  const list = others.map((h) => `   \u2022 ${import_chalk25.default.cyan(h.path)} ${import_chalk25.default.dim(`(last seen ${h.lastSeenAt})`)}`).join("\n");
-  console.log(import_chalk25.default.yellow(`
+  const list = others.map((h) => `   \u2022 ${import_chalk27.default.cyan(h.path)} ${import_chalk27.default.dim(`(last seen ${h.lastSeenAt})`)}`).join("\n");
+  console.log(import_chalk27.default.yellow(`
 \u26A0  HEYARP_HOME is unset, but other agent homes are registered on this machine:`));
   console.log(list);
   console.log(
-    import_chalk25.default.dim(
+    import_chalk27.default.dim(
       `   Registering will create a NEW agent under ${current}.
    If you meant to add to an existing home, abort (Ctrl-C) and re-run with:
      HEYARP_HOME=<path> heyarp register \u2026
@@ -7238,11 +7123,11 @@ function warnIfAgentsAlreadyRegistered(serverOverride) {
   const targetServer = resolveServerUrl(serverOverride);
   const existing = listAgents().filter((row) => row.serverUrl === targetServer);
   if (existing.length === 0) return;
-  const list = existing.map((row) => `   \u2022 ${import_chalk25.default.cyan(row.agent.did)}${row.agent.name ? import_chalk25.default.dim(` (${row.agent.name})`) : ""}`).join("\n");
-  console.log(import_chalk25.default.yellow("\n\u26A0  ~/.heyarp/agents.json already has agent(s) for this server:"));
+  const list = existing.map((row) => `   \u2022 ${import_chalk27.default.cyan(row.agent.did)}${row.agent.name ? import_chalk27.default.dim(` (${row.agent.name})`) : ""}`).join("\n");
+  console.log(import_chalk27.default.yellow("\n\u26A0  ~/.heyarp/agents.json already has agent(s) for this server:"));
   console.log(list);
   console.log(
-    import_chalk25.default.dim(
+    import_chalk27.default.dim(
       "   After this register completes, you will have multiple local DIDs sharing one state file.\n   To keep their state isolated, run with HEYARP_HOME pointing at a per-agent dir, e.g.\n     HEYARP_HOME=/tmp/agent-alice heyarp register \u2026\n   Otherwise, pass --from-did <did> explicitly on every signed command.\n"
     )
   );
@@ -7252,8 +7137,8 @@ function parseTagsCsv(raw) {
   return raw.split(",").map((t) => t.trim()).filter((t) => t.length > 0);
 }
 function freshKeys() {
-  const identity = (0, import_sdk22.generateKeyPair)();
-  const settlement = (0, import_sdk22.generateKeyPair)();
+  const identity = (0, import_sdk25.generateKeyPair)();
+  const settlement = (0, import_sdk25.generateKeyPair)();
   return {
     identityPublicKey: identity.publicKey,
     identitySecretKey: identity.secretKey,
@@ -7279,9 +7164,9 @@ function loadKeysFromFile(path) {
   if (identitySecret.length !== 32) throw new Error("--from-keys: identitySecretKeyB64 is not a 32-byte Ed25519 seed");
   if (settlementSecret.length !== 32) throw new Error("--from-keys: settlementSecretKeyB64 is not a 32-byte Ed25519 seed");
   return {
-    identityPublicKey: (0, import_sdk22.getPublicKey)(identitySecret),
+    identityPublicKey: (0, import_sdk25.getPublicKey)(identitySecret),
     identitySecretKey: identitySecret,
-    settlementPublicKey: (0, import_sdk22.getPublicKey)(settlementSecret),
+    settlementPublicKey: (0, import_sdk25.getPublicKey)(settlementSecret),
     settlementSecretKey: settlementSecret
   };
 }
@@ -7297,10 +7182,10 @@ function assertJsonRequiresYes(opts) {
 }
 // src/commands/relationships.ts
-var import_sdk23 = require("@heyanon-arp/sdk");
-var import_chalk26 = __toESM(require("chalk"));
+var import_sdk26 = require("@heyanon-arp/sdk");
+var import_chalk28 = __toESM(require("chalk"));
 init_api();
-var ALLOWED_STATES2 = new Set(import_sdk23.RELATIONSHIP_STATE_NAMES);
+var ALLOWED_STATES2 = new Set(import_sdk26.RELATIONSHIP_STATE_NAMES);
 function registerRelationshipsCommand(root) {
   root.command("relationships").description(
     "List relationships <did> belongs to (live + closed pairs, ordered by lastEventAt desc). DID can be passed positionally OR via --from-did; if both are omitted the resolver picks the sole local agent for the server (see `heyarp config set server` + multi-DID disambiguation rules)."
@@ -7308,7 +7193,7 @@ function registerRelationshipsCommand(root) {
     "--json",
     "Machine-readable mode \u2014 emit the relationships as a single JSON array on stdout (RelationshipPublic[]). Prelude + table move to stderr. Mutually exclusive with --verbose.",
     false
-  ).option("--from-did <did>", "Alias for the positional <did> argument \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").action(async (did, opts) => {
+  ).option("--from-did <did>", "Alias for the positional <did> argument \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").action(async (did, opts) => {
     await runRelationships(did, opts);
   });
 }
@@ -7324,11 +7209,11 @@ async function runRelationships(positionalDid, opts) {
     throw new Error(`relationships: positional <did> (${positionalDid}) and --from-did (${opts.fromDid}) disagree \u2014 pass only one`);
   }
   const explicitDid = positionalDid ?? opts.fromDid;
-  const local = explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("relationships", opts.server, void 0);
+  const local = explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("relationships", opts.server, void 0, opts.from);
   const did = local.did;
   const api = new ArpApiClient(opts.server);
-  progress(opts.json, import_chalk26.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk26.default.dim(`Signer: ${local.did}`));
+  progress(opts.json, import_chalk28.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk28.default.dim(`Signer: ${local.did}`));
   const query = { limit };
   if (state) query.state = state;
   const signer = makeSigner(local);
@@ -7338,18 +7223,18 @@ async function runRelationships(positionalDid, opts) {
     return;
   }
   if (rows.length === 0) {
-    console.log(import_chalk26.default.dim("\n(no relationships)"));
+    console.log(import_chalk28.default.dim("\n(no relationships)"));
     return;
   }
   console.log("");
   console.log(formatRelationshipsTable(rows, did));
   if (opts.verbose) {
-    console.log(import_chalk26.default.bold("\nFull relationships:"));
+    console.log(import_chalk28.default.bold("\nFull relationships:"));
     for (const r of rows) {
       console.log(formatJson(r));
     }
   }
-  console.log(import_chalk26.default.dim(`
+  console.log(import_chalk28.default.dim(`
 ${rows.length} relationship(s).`));
 }
 function formatRelationshipsTable(rows, selfDid) {
@@ -7357,7 +7242,7 @@ function formatRelationshipsTable(rows, selfDid) {
   const data = rows.map((r) => [r.relationshipId, otherPair(r, selfDid), r.state, r.lastEventAt ?? "(none)", String(r.lastEventIndex)]);
   const widths = header.map((h, i) => Math.max(h.length, ...data.map((row) => row[i].length)));
   const pad = (cells) => cells.map((c, i) => c.padEnd(widths[i])).join("  ");
-  return [import_chalk26.default.bold(pad(header)), import_chalk26.default.dim(pad(widths.map((w) => "-".repeat(w)))), ...data.map((row) => pad(row))].join("\n");
+  return [import_chalk28.default.bold(pad(header)), import_chalk28.default.dim(pad(widths.map((w) => "-".repeat(w)))), ...data.map((row) => pad(row))].join("\n");
 }
 function otherPair(r, selfDid) {
   if (r.pairDidA === selfDid) return r.pairDidB;
@@ -7381,12 +7266,12 @@ function parseLimit6(raw) {
 }
 // src/commands/reputation.ts
-var import_sdk24 = require("@heyanon-arp/sdk");
-var import_chalk27 = __toESM(require("chalk"));
+var import_sdk27 = require("@heyanon-arp/sdk");
+var import_chalk29 = __toESM(require("chalk"));
 init_api();
 function registerReputationCommand(root) {
   root.command("reputation").description("Show an agent's informational reputation (composite + component scores + raw counters). Public, no auth. NOT a money/eligibility gate.").argument("<did>", "did:arp:<base58btc> identifier").option("--server <url>", "Override ARP server base URL").option("--json", "Emit the reputation as JSON on stdout.", false).action(async (did, opts) => {
-    if (!(0, import_sdk24.isValidDid)(did)) {
+    if (!(0, import_sdk27.isValidDid)(did)) {
       throw new Error(`'${did}' is not a syntactically valid did:arp identifier`);
     }
     const api = new ArpApiClient(opts.server);
@@ -7398,10 +7283,10 @@ function registerReputationCommand(root) {
     const s = rep.scores;
     const c = rep.counters;
     const j = false;
-    progress(j, import_chalk27.default.bold(`Reputation \u2014 ${did}`));
+    progress(j, import_chalk29.default.bold(`Reputation \u2014 ${did}`));
     progress(
       j,
-      import_chalk27.default.dim(`  ${rep.informational ? "INFORMATIONAL" : "GATING"} \xB7 ${rep.computed ? `computed ${rep.lastComputedAt}` : "never computed (neutral cold-start)"}`)
+      import_chalk29.default.dim(`  ${rep.informational ? "INFORMATIONAL" : "GATING"} \xB7 ${rep.computed ? `computed ${rep.lastComputedAt}` : "never computed (neutral cold-start)"}`)
     );
     progress(j, "");
     progress(j, `  composite       ${bar(s.composite)} ${s.composite.toFixed(2)}`);
@@ -7409,17 +7294,17 @@ function registerReputationCommand(root) {
     progress(j, `  settlement      ${bar(s.settlement)} ${s.settlement.toFixed(2)}`);
     progress(j, `  dispute health  ${bar(s.disputeHealth)} ${s.disputeHealth.toFixed(2)}`);
     progress(j, "");
-    progress(j, import_chalk27.default.dim("  evidence:"));
+    progress(j, import_chalk29.default.dim("  evidence:"));
     progress(
       j,
-      import_chalk27.default.dim(
+      import_chalk29.default.dim(
         `    on-chain cycles ${c.onchainCycles} \xB7 completed ${c.completedDelegations} (payer ${c.completedAsPayer} / payee ${c.completedAsPayee}) \xB7 failed ${c.failedDelegations}`
       )
     );
-    progress(j, import_chalk27.default.dim(`    escrows settled ${c.settledEscrows} / refunded ${c.refundedEscrows} \xB7 disputed ${c.disputedEscrows} (adverse ${c.disputesAdverse})`));
-    progress(j, import_chalk27.default.dim(`    distinct counterparts ${c.distinctCounterparts} \xB7 active relationships ${c.activeRelationships}`));
+    progress(j, import_chalk29.default.dim(`    escrows settled ${c.settledEscrows} / refunded ${c.refundedEscrows} \xB7 disputed ${c.disputedEscrows} (adverse ${c.disputesAdverse})`));
+    progress(j, import_chalk29.default.dim(`    distinct counterparts ${c.distinctCounterparts} \xB7 active relationships ${c.activeRelationships}`));
     progress(j, "");
-    progress(j, import_chalk27.default.dim("  Informational only \u2014 a discovery-sort signal, not a money or eligibility gate."));
+    progress(j, import_chalk29.default.dim("  Informational only \u2014 a discovery-sort signal, not a money or eligibility gate."));
   });
 }
 function bar(score) {
@@ -7428,11 +7313,11 @@ function bar(score) {
 }
 // src/commands/send-handshake.ts
-var import_sdk25 = require("@heyanon-arp/sdk");
-var import_chalk28 = __toESM(require("chalk"));
+var import_sdk28 = require("@heyanon-arp/sdk");
+var import_chalk30 = __toESM(require("chalk"));
 init_api();
 function registerSendHandshakeCommand(root) {
-  root.command("send-handshake").description("Send a handshake envelope to <recipient-did>. Server creates the relationship row on first contact.").argument("<recipient-did>", "Recipient agent DID (did:arp:...)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--greeting <s>", "Optional greeting text included in body.content").option("--intent <s>", "Optional intent text included in body.content").option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk25.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  root.command("send-handshake").description("Send a handshake envelope to a recipient (agent name or DID). Server creates the relationship row on first contact.").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (did:arp:...)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--greeting <s>", "Optional greeting text included in body.content").option("--intent <s>", "Optional intent text included in body.content").option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk28.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     "Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, eventId, relationshipId, relationshipEventIndex, serverTimestamp, signedMessageHash, serverEventHash, prevServerEventHash, senderSequence}). The Server/Sender/Recipient prelude moves to stderr so `--json | jq` stays byte-pure. Mutually exclusive with --verbose.",
     false
@@ -7441,46 +7326,44 @@ function registerSendHandshakeCommand(root) {
   });
 }
 async function runSendHandshake(recipientDid, opts) {
-  if (!(0, import_sdk25.isValidDid)(recipientDid)) {
-    throw new Error(`send-handshake: <recipient-did> must be a valid did:arp identifier (base58btc-encoded 32-byte Ed25519 pubkey) (got '${recipientDid}')`);
-  }
   if (opts.verbose && opts.json) {
     throw new Error(
       "send-handshake: --verbose and --json are mutually exclusive. --json emits the structured server response; --verbose adds envelope + response dumps that would break `--json | jq`."
     );
   }
+  recipientDid = await resolveRecipient(opts.server, "send-handshake", recipientDid, { json: opts.json });
   const ttlSeconds = parseTtl3(opts.ttl);
   const api = new ArpApiClient(opts.server);
-  progress(opts.json, import_chalk28.default.dim(`Server: ${api.serverUrl}`));
-  const sender = resolveSenderAgent("send-handshake", opts.server, opts.fromDid);
-  progress(opts.json, import_chalk28.default.dim(`Sender: ${sender.did}`));
-  progress(opts.json, import_chalk28.default.dim(`Recipient: ${recipientDid}`));
+  progress(opts.json, import_chalk30.default.dim(`Server: ${api.serverUrl}`));
+  const sender = resolveSenderAgent("send-handshake", opts.server, opts.fromDid, opts.from);
+  progress(opts.json, import_chalk30.default.dim(`Sender: ${sender.did}`));
+  progress(opts.json, import_chalk30.default.dim(`Recipient: ${recipientDid}`));
   const content = {};
   if (opts.greeting) content.greeting = opts.greeting;
   if (opts.intent) content.intent = opts.intent;
   const body = { type: "handshake", content };
   const nextSequence = (sender.lastSenderSequence ?? 0) + 1;
   const protectedBlock = {
-    protocol_version: import_sdk25.CURRENT_PROTOCOL_VERSION,
-    purpose: import_sdk25.Purpose.ENVELOPE,
-    message_id: (0, import_sdk25.uuidV4)(),
+    protocol_version: import_sdk28.CURRENT_PROTOCOL_VERSION,
+    purpose: import_sdk28.Purpose.ENVELOPE,
+    message_id: (0, import_sdk28.uuidV4)(),
     sender_did: sender.did,
     recipient_did: recipientDid,
     relationship_id: null,
     sender_sequence: nextSequence,
-    sender_nonce: (0, import_sdk25.senderNonce)(),
-    timestamp: (0, import_sdk25.rfc3339)(),
-    expires_at: (0, import_sdk25.expiresAt)(ttlSeconds),
+    sender_nonce: (0, import_sdk28.senderNonce)(),
+    timestamp: (0, import_sdk28.rfc3339)(),
+    expires_at: (0, import_sdk28.expiresAt)(ttlSeconds),
     delivery_id: null
   };
   const signer = makeSigner(sender);
-  const envelope = (0, import_sdk25.signEnvelope)({
+  const envelope = (0, import_sdk28.signEnvelope)({
     protected: protectedBlock,
     body,
     identitySecretKey: signer.identitySecretKey
   });
   if (opts.verbose) {
-    console.log(import_chalk28.default.bold("\nEnvelope (pre-send):"));
+    console.log(import_chalk30.default.bold("\nEnvelope (pre-send):"));
     console.log(formatJson(envelope));
   }
   const result = await api.ingest(envelope);
@@ -7500,23 +7383,23 @@ async function runSendHandshake(recipientDid, opts) {
     });
     return;
   }
-  console.log(import_chalk28.default.green("\nDelivered."));
-  console.log(`${import_chalk28.default.bold("Event id")}: ${import_chalk28.default.cyan(result.eventId)}`);
-  console.log(`${import_chalk28.default.bold("Relationship id")}: ${import_chalk28.default.cyan(result.relationshipId)}`);
-  console.log(`${import_chalk28.default.bold("Chain index")}: ${import_chalk28.default.cyan(String(result.relationshipEventIndex))}`);
-  console.log(`${import_chalk28.default.bold("Server timestamp")}: ${import_chalk28.default.cyan(result.serverTimestamp)}`);
-  console.log(`${import_chalk28.default.bold("Signed message hash")}: ${import_chalk28.default.cyan(result.signedMessageHash)}`);
-  console.log(`${import_chalk28.default.bold("Server event hash")}: ${import_chalk28.default.cyan(result.serverEventHash)}`);
+  console.log(import_chalk30.default.green("\nDelivered."));
+  console.log(`${import_chalk30.default.bold("Event id")}: ${import_chalk30.default.cyan(result.eventId)}`);
+  console.log(`${import_chalk30.default.bold("Relationship id")}: ${import_chalk30.default.cyan(result.relationshipId)}`);
+  console.log(`${import_chalk30.default.bold("Chain index")}: ${import_chalk30.default.cyan(String(result.relationshipEventIndex))}`);
+  console.log(`${import_chalk30.default.bold("Server timestamp")}: ${import_chalk30.default.cyan(result.serverTimestamp)}`);
+  console.log(`${import_chalk30.default.bold("Signed message hash")}: ${import_chalk30.default.cyan(result.signedMessageHash)}`);
+  console.log(`${import_chalk30.default.bold("Server event hash")}: ${import_chalk30.default.cyan(result.serverEventHash)}`);
   if (result.prevServerEventHash) {
-    console.log(`${import_chalk28.default.bold("Prev server event hash")}: ${import_chalk28.default.cyan(result.prevServerEventHash)}`);
+    console.log(`${import_chalk30.default.bold("Prev server event hash")}: ${import_chalk30.default.cyan(result.prevServerEventHash)}`);
   } else {
-    console.log(`${import_chalk28.default.bold("Prev server event hash")}: ${import_chalk28.default.dim("(null \u2014 first event of this relationship)")}`);
+    console.log(`${import_chalk30.default.bold("Prev server event hash")}: ${import_chalk30.default.dim("(null \u2014 first event of this relationship)")}`);
   }
   if (opts.verbose) {
-    console.log(import_chalk28.default.bold("\nFull server response:"));
+    console.log(import_chalk30.default.bold("\nFull server response:"));
     console.log(formatJson(result));
   }
-  console.log(import_chalk28.default.dim(`
+  console.log(import_chalk30.default.dim(`
 Local sender_sequence advanced to ${nextSequence}.`));
 }
 function parseTtl3(raw) {
@@ -7529,19 +7412,19 @@ function parseTtl3(raw) {
 }
 // src/commands/send-handshake-response.ts
-var import_sdk26 = require("@heyanon-arp/sdk");
-var import_chalk29 = __toESM(require("chalk"));
+var import_sdk29 = require("@heyanon-arp/sdk");
+var import_chalk31 = __toESM(require("chalk"));
 init_api();
-var ALLOWED_DECISIONS = new Set(import_sdk26.HANDSHAKE_DECISIONS);
+var ALLOWED_DECISIONS = new Set(import_sdk29.HANDSHAKE_DECISIONS);
 function registerSendHandshakeResponseCommand(root) {
-  root.command("send-handshake-response").description("Accept or decline an inbound handshake from <recipient-did>. Server reuses the existing relationship row.").argument("<recipient-did>", "Recipient agent DID (did:arp:...) \u2014 the original handshake sender").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--decision <s>", "REQUIRED: accept or decline").option("--notes <s>", "Optional notes included in body.content").option(
+  root.command("send-handshake-response").description("Accept or decline an inbound handshake from <recipient-did>. Server reuses the existing relationship row.").argument("<recipient-did>", "Recipient agent DID (did:arp:...) \u2014 the original handshake sender").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--decision <s>", "REQUIRED: accept or decline").option("--notes <s>", "Optional notes included in body.content").option(
     "--reason <code>",
     // REQUIRED when --decision=decline. Optional otherwise.
     // We don't use commander's requiredOption because it
     // would fire for the accept path too; validate manually
     // after decision is parsed.
-    `When --decision=decline: required reason code (one of: ${import_sdk26.DECLINE_REASONS.join(", ")}). Carried in body.content.reason.`
-  ).option("--reason-detail <s>", "Optional free-text elaboration alongside --reason (max 512 chars).").option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk26.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+    `When --decision=decline: required reason code (one of: ${import_sdk29.DECLINE_REASONS.join(", ")}). Carried in body.content.reason.`
+  ).option("--reason-detail <s>", "Optional free-text elaboration alongside --reason (max 512 chars).").option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk29.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     "Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, decision, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash, prevServerEventHash}; idempotent short-circuit adds {idempotent:true}). Prelude + banners move off stdout; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.",
     false
@@ -7559,23 +7442,23 @@ async function runSendHandshakeResponse(recipientDid, opts) {
       "send-handshake-response: --verbose and --json are mutually exclusive. --json emits the structured server response; --verbose adds envelope + response dumps that would break `--json | jq`."
     );
   }
-  if (!(0, import_sdk26.isValidDid)(recipientDid)) {
+  if (!(0, import_sdk29.isValidDid)(recipientDid)) {
     throw new Error(`send-handshake-response: <recipient-did> must be a valid did:arp identifier (base58btc-encoded 32-byte Ed25519 pubkey) (got '${recipientDid}')`);
   }
   const decision = parseDecision(opts.decision);
   const ttlSeconds = parseTtl4(opts.ttl);
   let declinePayload = null;
-  if (decision === import_sdk26.HandshakeDecisions.DECLINE) {
+  if (decision === import_sdk29.HandshakeDecisions.DECLINE) {
     const reason = parseDeclineReason("send-handshake-response", opts.reason);
     const detail = parseReasonDetail("send-handshake-response", opts.reasonDetail);
     declinePayload = detail ? { reason, reasonDetail: detail } : { reason };
   }
   const api = new ArpApiClient(opts.server);
-  progress(opts.json, import_chalk29.default.dim(`Server: ${api.serverUrl}`));
-  const sender = resolveSenderAgent("send-handshake-response", opts.server, opts.fromDid);
-  progress(opts.json, import_chalk29.default.dim(`Sender: ${sender.did}`));
-  progress(opts.json, import_chalk29.default.dim(`Recipient: ${recipientDid}`));
-  progress(opts.json, import_chalk29.default.dim(`Decision: ${decision}`));
+  progress(opts.json, import_chalk31.default.dim(`Server: ${api.serverUrl}`));
+  const sender = resolveSenderAgent("send-handshake-response", opts.server, opts.fromDid, opts.from);
+  progress(opts.json, import_chalk31.default.dim(`Sender: ${sender.did}`));
+  progress(opts.json, import_chalk31.default.dim(`Recipient: ${recipientDid}`));
+  progress(opts.json, import_chalk31.default.dim(`Decision: ${decision}`));
   const signer = makeSigner(sender);
   if (!opts.force) {
     try {
@@ -7605,13 +7488,13 @@ async function runSendHandshakeResponse(recipientDid, opts) {
             });
             return;
           }
-          progress(opts.json, import_chalk29.default.yellow(`
+          progress(opts.json, import_chalk31.default.yellow(`
 [--idempotency] Relationship ${existing.relationshipId} with ${recipientDid} is already 'active'.`));
           progress(
             opts.json,
-            import_chalk29.default.dim(`A previous accept from this signer (event ${previousResponseFromMe.eventId}) landed successfully. Skipping re-send (use --force to override).`)
+            import_chalk31.default.dim(`A previous accept from this signer (event ${previousResponseFromMe.eventId}) landed successfully. Skipping re-send (use --force to override).`)
           );
-          progress(opts.json, import_chalk29.default.dim(`Last event index: ${existing.lastEventIndex}, last server event hash: ${existing.lastServerEventHash ?? "(none)"}`));
+          progress(opts.json, import_chalk31.default.dim(`Last event index: ${existing.lastEventIndex}, last server event hash: ${existing.lastServerEventHash ?? "(none)"}`));
           return;
         }
         throw new Error(
@@ -7622,7 +7505,7 @@ async function runSendHandshakeResponse(recipientDid, opts) {
       if (probeErr instanceof Error && /CLOSED|terminated|already 'active' from a previous ACCEPT|original initiator/i.test(probeErr.message)) {
         throw probeErr;
       }
-      progress(opts.json, import_chalk29.default.dim(`(idempotency probe failed; proceeding anyway: ${probeErr.message})`));
+      progress(opts.json, import_chalk31.default.dim(`(idempotency probe failed; proceeding anyway: ${probeErr.message})`));
     }
   }
   const content = { decision };
@@ -7634,25 +7517,25 @@ async function runSendHandshakeResponse(recipientDid, opts) {
   const body = { type: "handshake_response", content };
   const nextSequence = (sender.lastSenderSequence ?? 0) + 1;
   const protectedBlock = {
-    protocol_version: import_sdk26.CURRENT_PROTOCOL_VERSION,
-    purpose: import_sdk26.Purpose.ENVELOPE,
-    message_id: (0, import_sdk26.uuidV4)(),
+    protocol_version: import_sdk29.CURRENT_PROTOCOL_VERSION,
+    purpose: import_sdk29.Purpose.ENVELOPE,
+    message_id: (0, import_sdk29.uuidV4)(),
     sender_did: sender.did,
     recipient_did: recipientDid,
     relationship_id: null,
     sender_sequence: nextSequence,
-    sender_nonce: (0, import_sdk26.senderNonce)(),
-    timestamp: (0, import_sdk26.rfc3339)(),
-    expires_at: (0, import_sdk26.expiresAt)(ttlSeconds),
+    sender_nonce: (0, import_sdk29.senderNonce)(),
+    timestamp: (0, import_sdk29.rfc3339)(),
+    expires_at: (0, import_sdk29.expiresAt)(ttlSeconds),
     delivery_id: null
   };
-  const envelope = (0, import_sdk26.signEnvelope)({
+  const envelope = (0, import_sdk29.signEnvelope)({
     protected: protectedBlock,
     body,
     identitySecretKey: signer.identitySecretKey
   });
   if (opts.verbose) {
-    console.log(import_chalk29.default.bold("\nEnvelope (pre-send):"));
+    console.log(import_chalk31.default.bold("\nEnvelope (pre-send):"));
     console.log(formatJson(envelope));
   }
   const result = await api.ingest(envelope);
@@ -7673,23 +7556,23 @@ async function runSendHandshakeResponse(recipientDid, opts) {
     });
     return;
   }
-  console.log(import_chalk29.default.green("\nDelivered."));
-  console.log(`${import_chalk29.default.bold("Event id")}: ${import_chalk29.default.cyan(result.eventId)}`);
-  console.log(`${import_chalk29.default.bold("Relationship id")}: ${import_chalk29.default.cyan(result.relationshipId)}`);
-  console.log(`${import_chalk29.default.bold("Chain index")}: ${import_chalk29.default.cyan(String(result.relationshipEventIndex))}`);
-  console.log(`${import_chalk29.default.bold("Server timestamp")}: ${import_chalk29.default.cyan(result.serverTimestamp)}`);
-  console.log(`${import_chalk29.default.bold("Signed message hash")}: ${import_chalk29.default.cyan(result.signedMessageHash)}`);
-  console.log(`${import_chalk29.default.bold("Server event hash")}: ${import_chalk29.default.cyan(result.serverEventHash)}`);
+  console.log(import_chalk31.default.green("\nDelivered."));
+  console.log(`${import_chalk31.default.bold("Event id")}: ${import_chalk31.default.cyan(result.eventId)}`);
+  console.log(`${import_chalk31.default.bold("Relationship id")}: ${import_chalk31.default.cyan(result.relationshipId)}`);
+  console.log(`${import_chalk31.default.bold("Chain index")}: ${import_chalk31.default.cyan(String(result.relationshipEventIndex))}`);
+  console.log(`${import_chalk31.default.bold("Server timestamp")}: ${import_chalk31.default.cyan(result.serverTimestamp)}`);
+  console.log(`${import_chalk31.default.bold("Signed message hash")}: ${import_chalk31.default.cyan(result.signedMessageHash)}`);
+  console.log(`${import_chalk31.default.bold("Server event hash")}: ${import_chalk31.default.cyan(result.serverEventHash)}`);
   if (result.prevServerEventHash) {
-    console.log(`${import_chalk29.default.bold("Prev server event hash")}: ${import_chalk29.default.cyan(result.prevServerEventHash)}`);
+    console.log(`${import_chalk31.default.bold("Prev server event hash")}: ${import_chalk31.default.cyan(result.prevServerEventHash)}`);
   } else {
-    console.log(`${import_chalk29.default.bold("Prev server event hash")}: ${import_chalk29.default.dim("(null \u2014 first event of this relationship)")}`);
+    console.log(`${import_chalk31.default.bold("Prev server event hash")}: ${import_chalk31.default.dim("(null \u2014 first event of this relationship)")}`);
   }
   if (opts.verbose) {
-    console.log(import_chalk29.default.bold("\nFull server response:"));
+    console.log(import_chalk31.default.bold("\nFull server response:"));
     console.log(formatJson(result));
   }
-  console.log(import_chalk29.default.dim(`
+  console.log(import_chalk31.default.dim(`
 Local sender_sequence advanced to ${nextSequence}.`));
 }
 function parseDecision(raw) {
@@ -7711,8 +7594,8 @@ function parseTtl4(raw) {
 }
 function classifyIdempotencyOutcome(decision, existing) {
   if (!existing) return { kind: "proceed" };
-  if (existing.state === import_sdk26.RelationshipStates.ACTIVE) {
-    if (decision === import_sdk26.HandshakeDecisions.DECLINE) {
+  if (existing.state === import_sdk29.RelationshipStates.ACTIVE) {
+    if (decision === import_sdk29.HandshakeDecisions.DECLINE) {
       return {
         kind: "error",
         message: `send-handshake-response: relationship ${existing.relationshipId} is already 'active' from a previous ACCEPT. A decline cannot reverse that \u2014 the active relationship is now under FSM control. If you want to terminate, close the relationship explicitly; pass --force to ignore this check and send the decline (which the server will reject with DOM_INVALID_TRANSITION).`
@@ -7720,7 +7603,7 @@ function classifyIdempotencyOutcome(decision, existing) {
     }
     return { kind: "short-circuit" };
   }
-  if (existing.state === import_sdk26.RelationshipStates.CLOSED) {
+  if (existing.state === import_sdk29.RelationshipStates.CLOSED) {
     return {
       kind: "error",
       message: `send-handshake-response: relationship ${existing.relationshipId} is CLOSED. Cannot respond to handshake on a terminated relationship \u2014 start a fresh handshake instead.`
@@ -7740,20 +7623,20 @@ async function findExistingRelationship(api, signer, senderDid, recipientDid) {
 }
 // src/commands/watch.ts
-var import_chalk30 = __toESM(require("chalk"));
+var import_chalk32 = __toESM(require("chalk"));
 init_api();
 function registerWatchCommand(root) {
-  root.command("watch").description("Live tail filtered to a single relationship (SSE). Server-side $match; only envelopes belonging to <rel-id> are streamed.").argument("<relationship-id>", "Relationship UUID to watch").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--verbose", "After each envelope, print the full JSON with a per-row label including eventId + serverEventHash", false).option("--json", "Machine-readable: one NDJSON object per line. Pipe-safe into `jq -c`.", false).option("--full-ids", "Print DIDs + serverEventHash in full (no truncation).", false).action(async (relationshipId, opts) => {
+  root.command("watch").description("Live tail filtered to a single relationship (SSE). Server-side $match; only envelopes belonging to <rel-id> are streamed.").argument("<relationship-id>", "Relationship UUID to watch").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--verbose", "After each envelope, print the full JSON with a per-row label including eventId + serverEventHash", false).option("--json", "Machine-readable: one NDJSON object per line. Pipe-safe into `jq -c`.", false).option("--full-ids", "Print DIDs + serverEventHash in full (no truncation).", false).action(async (relationshipId, opts) => {
     await runWatch(relationshipId, opts);
   });
 }
 async function runWatch(relationshipId, opts) {
-  const local = resolveSenderAgent("watch", opts.server, opts.fromDid);
+  const local = resolveSenderAgent("watch", opts.server, opts.fromDid, opts.from);
   const api = new ArpApiClient(opts.server);
   if (!opts.json) {
-    console.log(import_chalk30.default.dim(`Server: ${api.serverUrl}`));
-    console.log(import_chalk30.default.dim(`Signer: ${local.did}`));
-    console.log(import_chalk30.default.dim(`Watching: ${relationshipId}`));
+    console.log(import_chalk32.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk32.default.dim(`Signer: ${local.did}`));
+    console.log(import_chalk32.default.dim(`Watching: ${relationshipId}`));
   }
   const controller = new AbortController();
   let userAborted = false;
@@ -7772,7 +7655,7 @@ async function runWatch(relationshipId, opts) {
       }
       if (event.type === "heartbeat") continue;
       if (event.type === "connected") {
-        console.log(import_chalk30.default.green(`\u25CF stream open \u2014 watching ${relationshipId}`));
+        console.log(import_chalk32.default.green(`\u25CF stream open \u2014 watching ${relationshipId}`));
         continue;
       }
       if (event.type === "envelope") {
@@ -7786,7 +7669,7 @@ async function runWatch(relationshipId, opts) {
         }
         continue;
       }
-      console.log(import_chalk30.default.dim(`(unknown event: ${event.type})`));
+      console.log(import_chalk32.default.dim(`(unknown event: ${event.type})`));
     }
     if (!userAborted) {
       throw new Error(`watch ${relationshipId}: stream ended unexpectedly (server may have restarted, or the change stream errored). Re-run to reconnect.`);
@@ -7794,7 +7677,7 @@ async function runWatch(relationshipId, opts) {
   } catch (err) {
     const name = err.name;
     if (name === "AbortError" || userAborted) {
-      if (!opts.json) console.log(import_chalk30.default.dim("\nstream closed."));
+      if (!opts.json) console.log(import_chalk32.default.dim("\nstream closed."));
       return;
     }
     throw err;
@@ -7808,21 +7691,21 @@ function formatWatchLine(ev, selfDid, opts = {}) {
   const type = ev.type.padEnd(20);
   const direction = directionLabel2(ev, selfDid, opts);
   const hash = opts.fullIds ? ev.serverEventHash : hashHead4(ev.serverEventHash);
-  return `${import_chalk30.default.dim(`[${ts}]`)}  ${type}  ${direction}    ${import_chalk30.default.cyan(hash)}`;
+  return `${import_chalk32.default.dim(`[${ts}]`)}  ${type}  ${direction}    ${import_chalk32.default.cyan(hash)}`;
 }
 function directionLabel2(ev, selfDid, opts = {}) {
   const senderHead = opts.fullIds ? ev.senderDid : didHead4(ev.senderDid);
   const recipientHead = opts.fullIds ? ev.recipientDid : didHead4(ev.recipientDid);
-  if (ev.senderDid === selfDid) return `${import_chalk30.default.bold("me")} \u2192 ${import_chalk30.default.dim(recipientHead)}`;
-  if (ev.recipientDid === selfDid) return `${import_chalk30.default.dim(senderHead)} \u2192 ${import_chalk30.default.bold("me")}`;
-  return `${import_chalk30.default.dim(senderHead)} \u2192 ${import_chalk30.default.dim(recipientHead)}`;
+  if (ev.senderDid === selfDid) return `${import_chalk32.default.bold("me")} \u2192 ${import_chalk32.default.dim(recipientHead)}`;
+  if (ev.recipientDid === selfDid) return `${import_chalk32.default.dim(senderHead)} \u2192 ${import_chalk32.default.bold("me")}`;
+  return `${import_chalk32.default.dim(senderHead)} \u2192 ${import_chalk32.default.dim(recipientHead)}`;
 }
 function didHead4(did) {
   if (did.length <= 20) return did;
   return `${did.slice(0, 20)}...`;
 }
 function hashHead4(hash) {
-  if (!hash) return import_chalk30.default.dim("(none)");
+  if (!hash) return import_chalk32.default.dim("(none)");
   if (hash.length <= 14) return hash;
   return `${hash.slice(0, 14)}...`;
 }
@@ -7834,12 +7717,12 @@ function formatClock(iso) {
 }
 // src/commands/whoami.ts
-var import_chalk31 = __toESM(require("chalk"));
+var import_chalk33 = __toESM(require("chalk"));
 init_api();
 function registerWhoamiCommand(root) {
   root.command("whoami").description(
     "Identify the local agent: print DID + settlement pubkey + identity pubkey (with --local), and/or fetch the server profile via signed GET /agents/:did. When <did> is omitted, uses the same sole-agent resolution as other signed commands."
-  ).argument("[did]", "Agent DID (did:arp:...) \u2014 omit when there is exactly ONE local agent (sole-agent fallback)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Explicit sender DID \u2014 same precedence as the positional arg, surfaced for symmetry with other commands").option(
+  ).argument("[did]", "Agent DID (did:arp:...) \u2014 omit when there is exactly ONE local agent (sole-agent fallback)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Explicit sender DID \u2014 same precedence as the positional arg, surfaced for symmetry with other commands").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--local",
     // Persona scripts want the local settlement pubkey for
     // `--payer-settlement-pubkey` / on-chain ops without a
@@ -7851,7 +7734,8 @@ function registerWhoamiCommand(root) {
   ).option("--json", "JSON output (jq-pipeable). Combines local + server data when --local is unset, or just local when --local is set.", false).action(async (didArg, opts, cmd) => {
     try {
       const explicitDid = didArg ?? opts.fromDid;
-      const local = resolveSenderAgent("whoami", opts.server, explicitDid);
+      const explicitFrom = opts.from;
+      const local = resolveSenderAgent("whoami", opts.server, explicitDid, explicitFrom);
       const api = new ArpApiClient(opts.server);
       const credential = readCredential(api.serverUrl);
       const localJson = {
@@ -7864,12 +7748,12 @@ function registerWhoamiCommand(root) {
         if (opts.json) {
           console.log(formatJson({ ...localJson, account: credential ? { wallet: credential.wallet } : null }));
         } else {
-          console.log(import_chalk31.default.bold("Local agent:"));
-          console.log(`  DID:                ${import_chalk31.default.cyan(local.did)}`);
-          console.log(`  Settlement pubkey:  ${import_chalk31.default.cyan(local.settlementPublicKeyB58)}`);
-          console.log(`  Identity pubkey:    ${import_chalk31.default.cyan(local.identityPublicKeyB58)}`);
+          console.log(import_chalk33.default.bold("Local agent:"));
+          console.log(`  DID:                ${import_chalk33.default.cyan(local.did)}`);
+          console.log(`  Settlement pubkey:  ${import_chalk33.default.cyan(local.settlementPublicKeyB58)}`);
+          console.log(`  Identity pubkey:    ${import_chalk33.default.cyan(local.identityPublicKeyB58)}`);
           if (local.name) console.log(`  Name:               ${local.name}`);
-          console.log(`  Account:            ${credential ? import_chalk31.default.cyan(credential.wallet) : import_chalk31.default.dim("not logged in (heyarp login)")}`);
+          console.log(`  Account:            ${credential ? import_chalk33.default.cyan(credential.wallet) : import_chalk33.default.dim("not logged in (heyarp login)")}`);
         }
         return;
       }
@@ -7887,19 +7771,19 @@ function registerWhoamiCommand(root) {
       if (opts.json) {
         console.log(formatJson({ local: localJson, account, server: agent }));
       } else {
-        console.log(import_chalk31.default.dim(`Server: ${api.serverUrl}`));
-        console.log(import_chalk31.default.bold("\nLocal agent:"));
-        console.log(`  DID:                ${import_chalk31.default.cyan(local.did)}`);
-        console.log(`  Settlement pubkey:  ${import_chalk31.default.cyan(local.settlementPublicKeyB58)}`);
-        console.log(`  Identity pubkey:    ${import_chalk31.default.cyan(local.identityPublicKeyB58)}`);
-        console.log(import_chalk31.default.bold("\nAccount:"));
+        console.log(import_chalk33.default.dim(`Server: ${api.serverUrl}`));
+        console.log(import_chalk33.default.bold("\nLocal agent:"));
+        console.log(`  DID:                ${import_chalk33.default.cyan(local.did)}`);
+        console.log(`  Settlement pubkey:  ${import_chalk33.default.cyan(local.settlementPublicKeyB58)}`);
+        console.log(`  Identity pubkey:    ${import_chalk33.default.cyan(local.identityPublicKeyB58)}`);
+        console.log(import_chalk33.default.bold("\nAccount:"));
         if (account) {
-          console.log(`  Wallet:             ${import_chalk31.default.cyan(account.wallet)}`);
+          console.log(`  Wallet:             ${import_chalk33.default.cyan(account.wallet)}`);
           console.log(`  Agents registered:  ${account.agentCount}`);
         } else {
-          console.log(`  ${import_chalk31.default.dim("not logged in (heyarp login)")}`);
+          console.log(`  ${import_chalk33.default.dim("not logged in (heyarp login)")}`);
         }
-        console.log(import_chalk31.default.bold("\nServer profile:"));
+        console.log(import_chalk33.default.bold("\nServer profile:"));
         console.log(formatJson(agent));
       }
     } catch (err) {
@@ -7909,9 +7793,49 @@ function registerWhoamiCommand(root) {
   });
 }
+// src/commands/whois.ts
+var import_sdk30 = require("@heyanon-arp/sdk");
+var import_chalk34 = __toESM(require("chalk"));
+init_api();
+function registerWhoisCommand(root) {
+  root.command("whois").description("Resolve an agent name (handle) or DID to its public profile \u2014 DID, description, reputation, liveness.").argument("<name-or-did>", "Agent name (handle) or DID (did:arp:...)").option("--server <url>", "Override ARP server base URL").option("--json", "Emit the full composed profile (DiscoveryProfile) as a single JSON object on stdout.", false).action(async (input, opts) => {
+    const api = new ArpApiClient(opts.server);
+    progress(opts.json, import_chalk34.default.dim(`Server: ${api.serverUrl}`));
+    const profile = await resolveProfile(api, input);
+    if (opts.json) {
+      jsonOut(profile);
+      return;
+    }
+    printProfile(profile);
+  });
+}
+async function resolveProfile(api, input) {
+  if (input.startsWith("did:arp:")) {
+    if (!(0, import_sdk30.isValidDid)(input)) {
+      throw new Error(`whois: '${input}' starts with did:arp: but is not a valid DID (base58btc-encoded 32-byte Ed25519 pubkey).`);
+    }
+    return api.discoverProfile(input);
+  }
+  const name = (0, import_sdk30.normalizeName)(input);
+  if (!(0, import_sdk30.isValidAgentName)(name)) {
+    throw new Error(`whois: '${input}' is neither a DID (did:arp:...) nor a valid agent name (lowercase a-z0-9_, 3-32 chars).`);
+  }
+  return api.discoverByName(name);
+}
+function printProfile(p) {
+  console.log(`${import_chalk34.default.bold("Name")}:        ${import_chalk34.default.cyan(p.name ?? "(unnamed)")}`);
+  console.log(`${import_chalk34.default.bold("DID")}:         ${import_chalk34.default.cyan(p.did)}`);
+  if (p.description) console.log(`${import_chalk34.default.bold("Description")}: ${p.description}`);
+  if (p.tags.length > 0) console.log(`${import_chalk34.default.bold("Tags")}:        ${p.tags.join(", ")}`);
+  console.log(`${import_chalk34.default.bold("Registered")}:  ${p.registeredAt}`);
+  const rep = p.reputation;
+  console.log(`${import_chalk34.default.bold("Reputation")}:  composite ${rep.scores.composite}/100${rep.computed ? "" : import_chalk34.default.dim(" (cold-start \u2014 no settled cycles yet)")}`);
+  console.log(`${import_chalk34.default.bold("Online")}:      ${p.liveness.online ? import_chalk34.default.green("yes") : import_chalk34.default.dim("no")}`);
+}
 // src/commands/work.ts
-var import_sdk27 = require("@heyanon-arp/sdk");
-var import_chalk32 = __toESM(require("chalk"));
+var import_sdk31 = require("@heyanon-arp/sdk");
+var import_chalk35 = __toESM(require("chalk"));
 init_api();
 function registerWorkCommands(root) {
   const cmd = root.command("work").description("Work envelopes inside an ACCEPTED delegation: request / respond");
@@ -7919,13 +7843,13 @@ function registerWorkCommands(root) {
   registerRespond(cmd);
 }
 function registerRequest(parent) {
-  parent.command("request").description("Send a work_request to <recipient-did> under <delegation-id> (must be ACCEPTED).").argument("<recipient-did>", "Recipient agent DID (the payee \u2014 the OTHER side of the delegation pair)").argument("<delegation-id>", "Parent delegation id (UUID, must be ACCEPTED)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--request-id <id>", "Override the auto-generated request id (must be unique within the delegation)").option(
+  parent.command("request").description("Send a work_request to <recipient-did> under <delegation-id> (must be ACCEPTED).").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (the payee \u2014 the OTHER side of the delegation pair)").argument("<delegation-id>", "Parent delegation id (UUID, must be ACCEPTED)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--request-id <id>", "Override the auto-generated request id (must be unique within the delegation)").option(
     "--params <json>",
     "JSON object payload as a literal string. Defaults to {}. Mutually exclusive with --params-file. Brittle against shell quoting \u2014 prefer --params-file for non-trivial bodies."
   ).option(
     "--params-file <path>",
     "Read the JSON payload from a file. Mutually exclusive with --params. Use this for any payload large or quote-heavy enough that `--params '{...}'` would fight your shell."
-  ).option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk27.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  ).option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk31.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"work_request", requestId, delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude + reply hints move to stderr; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
     false
@@ -7939,24 +7863,24 @@ async function runRequest(recipientDid, delegationId, opts) {
       "work request: --verbose and --json are mutually exclusive. --json emits the structured server response; --verbose adds dumps that would break `--json | jq`."
     );
   }
-  requireDid3("work request", recipientDid, "<recipient-did>");
+  recipientDid = await resolveRecipient(opts.server, "work request", recipientDid, { json: opts.json });
   delegationId = requireUuidNormalised3("work request", delegationId, "<delegation-id>");
   const ttlSeconds = parseTtl5("work request", opts.ttl);
   const params = parseParamsInput("work request", opts);
   const requestId = parseRequestId("work request", opts.requestId);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("work request", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("work request", opts.server, opts.fromDid, opts.from);
   const content = {
     delegation_id: delegationId,
     request_id: requestId,
     params
   };
   const body = { type: "work_request", content };
-  progress(opts.json, import_chalk32.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk32.default.dim(`Sender: ${sender.did}`));
-  progress(opts.json, import_chalk32.default.dim(`Recipient: ${recipientDid}`));
-  progress(opts.json, import_chalk32.default.dim(`Delegation: ${delegationId}`));
-  progress(opts.json, import_chalk32.default.dim(`Request id: ${requestId}`));
+  progress(opts.json, import_chalk35.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk35.default.dim(`Sender: ${sender.did}`));
+  progress(opts.json, import_chalk35.default.dim(`Recipient: ${recipientDid}`));
+  progress(opts.json, import_chalk35.default.dim(`Delegation: ${delegationId}`));
+  progress(opts.json, import_chalk35.default.dim(`Request id: ${requestId}`));
   const result = await sendWorkEnvelope({ api, sender, recipientDid, body, ttlSeconds, verbose: opts.verbose, server: opts.server });
   if (opts.json) {
     jsonOut({
@@ -7973,14 +7897,14 @@ async function runRequest(recipientDid, delegationId, opts) {
     });
   } else {
     printIngestResult3(result);
-    console.log(import_chalk32.default.dim(`
+    console.log(import_chalk35.default.dim(`
 The payee can reply with:`));
-    console.log(import_chalk32.default.dim(`  heyarp work respond ${result.relationshipId} ${delegationId} ${requestId} --output '<json>'`));
-    console.log(import_chalk32.default.dim(`  heyarp work respond ${result.relationshipId} ${delegationId} ${requestId} --error CODE:message`));
+    console.log(import_chalk35.default.dim(`  heyarp work respond ${result.relationshipId} ${delegationId} ${requestId} --output '<json>'`));
+    console.log(import_chalk35.default.dim(`  heyarp work respond ${result.relationshipId} ${delegationId} ${requestId} --error CODE:message`));
   }
 }
 function registerRespond(parent) {
-  parent.command("respond").description("Send a work_response under <relationship-id> for <delegation-id> / <request-id>. Payee-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Parent delegation id (UUID)").argument("<request-id>", "Request id supplied on the work_request").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--output <json>", "Success payload as a JSON object literal. Mutually exclusive with --error and --output-file.").option(
+  parent.command("respond").description("Send a work_response under <relationship-id> for <delegation-id> / <request-id>. Payee-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Parent delegation id (UUID)").argument("<request-id>", "Request id supplied on the work_request").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--output <json>", "Success payload as a JSON object literal. Mutually exclusive with --error and --output-file.").option(
     "--output-file <path>",
     "Read the success payload from a file. Mutually exclusive with --output and --error. Use this for any payload large or quote-heavy enough to fight your shell."
   ).option("--error <code:message>", "Failure payload as `CODE:message`. Mutually exclusive with --output / --output-file.").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
@@ -8002,7 +7926,7 @@ async function runRespond(relationshipId, delegationId, requestId, opts) {
   const ttlSeconds = parseTtl5("work respond", opts.ttl);
   const responsePayload = parseResponsePayload("work respond", opts);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("work respond", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("work respond", opts.server, opts.fromDid, opts.from);
   const signer = makeSigner(sender);
   const recipientDid = await resolveResponseRecipient("work respond", api, signer, { relationshipId, delegationId, requestId, selfDid: sender.did });
   const content = {
@@ -8011,13 +7935,13 @@ async function runRespond(relationshipId, delegationId, requestId, opts) {
     ...responsePayload
   };
   const body = { type: "work_response", content };
-  progress(opts.json, import_chalk32.default.dim(`Server: ${api.serverUrl}`));
-  progress(opts.json, import_chalk32.default.dim(`Sender: ${sender.did}`));
-  progress(opts.json, import_chalk32.default.dim(`Recipient: ${recipientDid}`));
-  progress(opts.json, import_chalk32.default.dim(`Relationship: ${relationshipId}`));
-  progress(opts.json, import_chalk32.default.dim(`Delegation: ${delegationId}`));
-  progress(opts.json, import_chalk32.default.dim(`Request id: ${requestId}`));
-  progress(opts.json, import_chalk32.default.dim(`Outcome: ${responsePayload.output ? "success" : "error"}`));
+  progress(opts.json, import_chalk35.default.dim(`Server: ${api.serverUrl}`));
+  progress(opts.json, import_chalk35.default.dim(`Sender: ${sender.did}`));
+  progress(opts.json, import_chalk35.default.dim(`Recipient: ${recipientDid}`));
+  progress(opts.json, import_chalk35.default.dim(`Relationship: ${relationshipId}`));
+  progress(opts.json, import_chalk35.default.dim(`Delegation: ${delegationId}`));
+  progress(opts.json, import_chalk35.default.dim(`Request id: ${requestId}`));
+  progress(opts.json, import_chalk35.default.dim(`Outcome: ${responsePayload.output ? "success" : "error"}`));
   const result = await sendWorkEnvelope({ api, sender, recipientDid, body, ttlSeconds, verbose: opts.verbose, server: opts.server });
   if (opts.json) {
     jsonOut({
@@ -8039,26 +7963,26 @@ async function runRespond(relationshipId, delegationId, requestId, opts) {
 async function sendWorkEnvelope(args) {
   const nextSequence = (args.sender.lastSenderSequence ?? 0) + 1;
   const protectedBlock = {
-    protocol_version: import_sdk27.CURRENT_PROTOCOL_VERSION,
-    purpose: import_sdk27.Purpose.ENVELOPE,
-    message_id: (0, import_sdk27.uuidV4)(),
+    protocol_version: import_sdk31.CURRENT_PROTOCOL_VERSION,
+    purpose: import_sdk31.Purpose.ENVELOPE,
+    message_id: (0, import_sdk31.uuidV4)(),
     sender_did: args.sender.did,
     recipient_did: args.recipientDid,
     relationship_id: null,
     sender_sequence: nextSequence,
-    sender_nonce: (0, import_sdk27.senderNonce)(),
-    timestamp: (0, import_sdk27.rfc3339)(),
-    expires_at: (0, import_sdk27.expiresAt)(args.ttlSeconds),
+    sender_nonce: (0, import_sdk31.senderNonce)(),
+    timestamp: (0, import_sdk31.rfc3339)(),
+    expires_at: (0, import_sdk31.expiresAt)(args.ttlSeconds),
     delivery_id: null
   };
   const signer = makeSigner(args.sender);
-  const envelope = (0, import_sdk27.signEnvelope)({
+  const envelope = (0, import_sdk31.signEnvelope)({
     protected: protectedBlock,
     body: args.body,
     identitySecretKey: signer.identitySecretKey
   });
   if (args.verbose) {
-    console.log(import_chalk32.default.bold("\nEnvelope (pre-send):"));
+    console.log(import_chalk35.default.bold("\nEnvelope (pre-send):"));
     console.log(formatJson(envelope));
   }
   try {
@@ -8066,7 +7990,7 @@ async function sendWorkEnvelope(args) {
     updateAgentLocal(args.server, args.sender.did, { lastSenderSequence: nextSequence });
     return result;
   } catch (err) {
-    if (err instanceof ApiError && (0, import_sdk27.isPostCommitErrorCode)(err.payload.code)) {
+    if (err instanceof ApiError && (0, import_sdk31.isPostCommitErrorCode)(err.payload.code)) {
       updateAgentLocal(args.server, args.sender.did, { lastSenderSequence: nextSequence });
     }
     throw err;
@@ -8078,7 +8002,7 @@ async function resolveResponseRecipient(cmdName, api, signer, args) {
     const page = await api.listWorkLogs(args.relationshipId, signer, { delegationId: args.delegationId, limit: 100, after });
     const row = page.find((w) => w.requestId === args.requestId);
     if (row) {
-      if (row.state !== import_sdk27.WorkLogStates.REQUESTED) {
+      if (row.state !== import_sdk31.WorkLogStates.REQUESTED) {
         throw new Error(
           `${cmdName}: work_request ${args.requestId} for delegation ${args.delegationId} is already in state '${row.state}' \u2014 only requests in state 'requested' can be responded to.`
         );
@@ -8098,12 +8022,12 @@ async function resolveResponseRecipient(cmdName, api, signer, args) {
   );
 }
 function printIngestResult3(result) {
-  console.log(import_chalk32.default.green("\nDelivered."));
-  console.log(`${import_chalk32.default.bold("Event id")}: ${import_chalk32.default.cyan(result.eventId)}`);
-  console.log(`${import_chalk32.default.bold("Relationship id")}: ${import_chalk32.default.cyan(result.relationshipId)}`);
-  console.log(`${import_chalk32.default.bold("Chain index")}: ${import_chalk32.default.cyan(String(result.relationshipEventIndex))}`);
-  console.log(`${import_chalk32.default.bold("Server timestamp")}: ${import_chalk32.default.cyan(result.serverTimestamp)}`);
-  console.log(`${import_chalk32.default.bold("Server event hash")}: ${import_chalk32.default.cyan(result.serverEventHash)}`);
+  console.log(import_chalk35.default.green("\nDelivered."));
+  console.log(`${import_chalk35.default.bold("Event id")}: ${import_chalk35.default.cyan(result.eventId)}`);
+  console.log(`${import_chalk35.default.bold("Relationship id")}: ${import_chalk35.default.cyan(result.relationshipId)}`);
+  console.log(`${import_chalk35.default.bold("Chain index")}: ${import_chalk35.default.cyan(String(result.relationshipEventIndex))}`);
+  console.log(`${import_chalk35.default.bold("Server timestamp")}: ${import_chalk35.default.cyan(result.serverTimestamp)}`);
+  console.log(`${import_chalk35.default.bold("Server event hash")}: ${import_chalk35.default.cyan(result.serverEventHash)}`);
 }
 function parseJsonObject(cmdName, flagName, raw) {
   let parsed;
@@ -8195,7 +8119,7 @@ function parseTtl5(cmdName, raw) {
 }
 function parseRequestId(cmdName, raw) {
   if (raw === void 0 || raw === "") {
-    return (0, import_sdk27.uuidV4)();
+    return (0, import_sdk31.uuidV4)();
   }
   if (raw.length === 0) {
     throw new Error(`${cmdName}: --request-id must be a non-empty string`);
@@ -8209,19 +8133,14 @@ function requireUuidNormalised3(cmdName, raw, label) {
 function requireUuid4(cmdName, raw, label) {
   requireUuid(cmdName, raw, label);
 }
-function requireDid3(cmdName, did, label) {
-  if (typeof did !== "string" || !did.startsWith("did:arp:") || did.length <= "did:arp:".length) {
-    throw new Error(`${cmdName}: ${label} must look like 'did:arp:...' (got '${did}')`);
-  }
-}
 // src/commands/work-list.ts
-var import_sdk28 = require("@heyanon-arp/sdk");
-var import_chalk33 = __toESM(require("chalk"));
+var import_sdk32 = require("@heyanon-arp/sdk");
+var import_chalk36 = __toESM(require("chalk"));
 init_api();
-var ALLOWED_STATES3 = new Set(import_sdk28.WORK_LOG_STATES);
+var ALLOWED_STATES3 = new Set(import_sdk32.WORK_LOG_STATES);
 function registerWorkListCommand(root) {
-  root.command("work-list").description("List work-log rows for a relationship (one row per (delegationId, requestId), oldest-first)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--state <s>", "Filter by exact state (requested|responded)").option("--delegation-id <uuid>", "Narrow to work-logs operating under a specific delegation id").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option(
+  root.command("work-list").description("List work-log rows for a relationship (one row per (delegationId, requestId), oldest-first)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--state <s>", "Filter by exact state (requested|responded)").option("--delegation-id <uuid>", "Narrow to work-logs operating under a specific delegation id").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--verbose",
     'After the summary, print a framed "Full work-log payloads (N rows)" block \u2014 each row labelled with full delegationId + requestId and dumped as JSON, including `requestParams` (the work_request payload the worker was asked) and `responseOutput` / `responseError`. Mutually exclusive with --json.',
     false
@@ -8242,11 +8161,11 @@ async function runWorkList(relationshipId, opts) {
   const limit = parseLimit7(opts.limit);
   const state = parseState3(opts.state);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("work-list", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("work-list", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
-    console.log(import_chalk33.default.dim(`Server: ${api.serverUrl}`));
-    console.log(import_chalk33.default.dim(`Signer: ${sender.did}`));
-    console.log(import_chalk33.default.dim(`Relationship: ${relationshipId}`));
+    console.log(import_chalk36.default.dim(`Server: ${api.serverUrl}`));
+    console.log(import_chalk36.default.dim(`Signer: ${sender.did}`));
+    console.log(import_chalk36.default.dim(`Relationship: ${relationshipId}`));
   }
   const query = { limit };
   if (state) query.state = state;
@@ -8259,7 +8178,7 @@ async function runWorkList(relationshipId, opts) {
     return;
   }
   if (rows.length === 0) {
-    console.log(import_chalk33.default.dim("\n(no work-logs for this relationship)"));
+    console.log(import_chalk36.default.dim("\n(no work-logs for this relationship)"));
     return;
   }
   console.log("");
@@ -8276,36 +8195,36 @@ async function runWorkList(relationshipId, opts) {
     }));
   }
   const lastId = rows[rows.length - 1].id;
-  console.log(import_chalk33.default.dim(`
+  console.log(import_chalk36.default.dim(`
 ${rows.length} work-log row(s). Paginate with --after ${lastId}.`));
 }
 function formatWorkLogLine(w, selfDid, opts = {}) {
   const delegationPart = opts.fullIds ? w.delegationId : idHead3(w.delegationId);
   const requestPart = opts.fullIds ? w.requestId : truncate3(w.requestId, 16);
-  const id = import_chalk33.default.bold(`${delegationPart}/${requestPart}`);
+  const id = import_chalk36.default.bold(`${delegationPart}/${requestPart}`);
   const state = colorState2(w.state).padEnd(stateColumnWidth2());
   const peerCallerHead = opts.fullIds ? w.callerDid : didHead5(w.callerDid);
   const peerPayeeHead = opts.fullIds ? w.payeeDid : didHead5(w.payeeDid);
-  const direction = w.callerDid === selfDid ? `${import_chalk33.default.bold("me")} \u2192 ${import_chalk33.default.dim(peerPayeeHead)}` : `${import_chalk33.default.dim(peerCallerHead)} \u2192 ${import_chalk33.default.bold("me")}`;
+  const direction = w.callerDid === selfDid ? `${import_chalk36.default.bold("me")} \u2192 ${import_chalk36.default.dim(peerPayeeHead)}` : `${import_chalk36.default.dim(peerCallerHead)} \u2192 ${import_chalk36.default.bold("me")}`;
   const outcome = formatOutcome(w);
   return `${id}  ${state}  ${direction}  ${outcome}`;
 }
 function colorState2(s) {
   switch (s) {
-    case import_sdk28.WorkLogStates.REQUESTED:
-      return import_chalk33.default.yellow("requested");
-    case import_sdk28.WorkLogStates.RESPONDED:
-      return import_chalk33.default.green("responded");
+    case import_sdk32.WorkLogStates.REQUESTED:
+      return import_chalk36.default.yellow("requested");
+    case import_sdk32.WorkLogStates.RESPONDED:
+      return import_chalk36.default.green("responded");
   }
 }
 function stateColumnWidth2() {
   return 9;
 }
 function formatOutcome(w) {
-  if (w.state === import_sdk28.WorkLogStates.REQUESTED) return import_chalk33.default.dim("(in flight)");
-  if (w.responseError) return import_chalk33.default.red(`error ${w.responseError.code}: ${truncate3(w.responseError.message, 32)}`);
-  if (w.responseOutput) return import_chalk33.default.cyan("ok");
-  return import_chalk33.default.dim("(empty response)");
+  if (w.state === import_sdk32.WorkLogStates.REQUESTED) return import_chalk36.default.dim("(in flight)");
+  if (w.responseError) return import_chalk36.default.red(`error ${w.responseError.code}: ${truncate3(w.responseError.message, 32)}`);
+  if (w.responseOutput) return import_chalk36.default.cyan("ok");
+  return import_chalk36.default.dim("(empty response)");
 }
 function idHead3(id) {
   if (id.length <= 12) return id;
@@ -8412,6 +8331,8 @@ async function main() {
   registerAssetsCommand(program);
   registerEscrowCommands(program);
   registerWhoamiCommand(program);
+  registerWhoisCommand(program);
+  registerNameCommand(program);
   registerLifecycleCommands(program);
   registerSendHandshakeCommand(program);
   registerSendHandshakeResponseCommand(program);