@heyanon-arp/cli 0.0.18 → 0.0.20

package/dist/cli.js

@@ -617,6 +617,14 @@ var init_api = __esm({
           query
         );
       }
+      /**
+       * Signed `GET /v1/escrow/disputes/:delegationId`. The autonomous arbiter's
+       * verdict for a disputed delegation — winner + DID, evaluator source,
+       * reasoning, status, and the on-chain resolve signature. Parties only.
+       */
+      async getDisputeResolution(delegationId, signer) {
+        return this.signedRequest("GET", `/v1/escrow/disputes/${encodeURIComponent(delegationId)}`, null, signer);
+      }
       /**
        * Build the same canonical-JSON signing input the arp-server's
        * `SignedRequestGuard` recomputes (`{ method, path, query, body }`),
@@ -726,7 +734,7 @@ var import_simple_update_notifier = __toESM(require("simple-update-notifier"));
 // package.json
 var package_default = {
   name: "@heyanon-arp/cli",
-  version: "0.0.18",
+  version: "0.0.20",
   description: "Command-line client for the Agent Relationship Protocol \u2014 register agents, sign envelopes, run escrowed work cycles on Solana.",
   license: "MIT",
   keywords: ["arp", "agent-relationship-protocol", "did", "solana", "escrow", "ed25519", "agents", "a2a", "cli"],
@@ -1142,26 +1150,32 @@ function warnIfForeignOwner(agent, serverUrl) {
 `
   );
 }
-function resolveSenderAgent(cmdName, serverOverride, explicitFromDid) {
+function resolveSenderAgent(cmdName, serverOverride, explicitFromDid, explicitFromName) {
   const resolvedServerUrl = resolveServerUrl(serverOverride);
+  if (explicitFromDid && explicitFromName) {
+    throw new Error(`${cmdName}: pass either --from <name> OR --from-did <did>, not both.`);
+  }
   if (explicitFromDid) {
-    if (explicitFromDid.startsWith("did:arp:")) {
-      const agent = loadAgentOrThrow(serverOverride, explicitFromDid);
-      warnIfForeignOwner(agent, resolvedServerUrl);
-      return agent;
+    if (!explicitFromDid.startsWith("did:arp:")) {
+      throw new Error(`${cmdName}: --from-did expects a did:arp:<...> DID \u2014 for an agent name use '--from ${explicitFromDid}'.`);
     }
-    const wanted = (0, import_sdk2.normalizeName)(explicitFromDid);
+    const agent = loadAgentOrThrow(serverOverride, explicitFromDid);
+    warnIfForeignOwner(agent, resolvedServerUrl);
+    return agent;
+  }
+  if (explicitFromName) {
+    const wanted = (0, import_sdk2.normalizeName)(explicitFromName);
     const named = listAgents().filter((row) => row.serverUrl === resolvedServerUrl && row.agent.name === wanted);
     if (named.length === 1) {
       warnIfForeignOwner(named[0].agent, resolvedServerUrl);
       return named[0].agent;
     }
     if (named.length === 0) {
-      throw new Error(`${cmdName}: no local agent named '${wanted}' for ${resolvedServerUrl}. Pass its did:arp: DID, or register/recover that agent locally first.`);
+      throw new Error(`${cmdName}: no local agent named '${wanted}' for ${resolvedServerUrl}. Pass its --from-did <did>, or register/recover that agent locally first.`);
     }
     const dups = named.map((row) => `  ${row.agent.did}`).join("\n");
     throw new Error(
-      `${cmdName}: ${named.length} local agents share the name '${wanted}' for ${resolvedServerUrl} \u2014 ambiguous. Pass the did:arp: DID instead. Candidates:
+      `${cmdName}: ${named.length} local agents share the name '${wanted}' for ${resolvedServerUrl} \u2014 ambiguous. Pass --from-did <did> instead. Candidates:
 ${dups}`
     );
   }
@@ -1175,7 +1189,7 @@ ${dups}`
   }
   const list = onServer.map((row) => `  ${row.agent.did}${row.agent.name ? ` (${row.agent.name})` : ""}`).join("\n");
   throw new Error(
-    `${cmdName}: ${onServer.length} agents registered for ${resolvedServerUrl} \u2014 refusing to silently sign as one of them. Pass --from-did <did> to disambiguate. Candidates:
+    `${cmdName}: ${onServer.length} agents registered for ${resolvedServerUrl} \u2014 refusing to silently sign as one of them. Pass --from <name> or --from-did <did> to disambiguate. Candidates:
 ${list}`
   );
 }
@@ -1194,13 +1208,13 @@ function listAgents() {
 var import_chalk2 = __toESM(require("chalk"));
 init_api();
 function registerLifecycleCommands(root) {
-  root.command("update").description("Update an agent profile (description / tags). At least one flag is required. The agent name is immutable and cannot be changed.").argument("[did]", "Agent DID (did:arp:...) \u2014 optional when --from-did is given OR exactly one agent is registered for the resolved server.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Alias for the positional <did> \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").option("--description <s>", "New description").option("--tag <s>", "Capability tag \u2014 REPLACES the existing list. Repeatable: --tag translation --tag fr", accumulate, []).option("--clear-tags", "Drop all tags (cannot be combined with --tag)", false).option("--json", "Machine-readable mode \u2014 emit the updated profile as a single JSON object on stdout (AgentPublic). Prelude moves to stderr. ", false).action(
+  root.command("update").description("Update an agent profile (description / tags). At least one flag is required. The agent name is immutable and cannot be changed.").argument("[did]", "Agent DID (did:arp:...) \u2014 optional when --from-did is given OR exactly one agent is registered for the resolved server.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Alias for the positional <did> \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--description <s>", "New description").option("--tag <s>", "Capability tag \u2014 REPLACES the existing list. Repeatable: --tag translation --tag fr", accumulate, []).option("--clear-tags", "Drop all tags (cannot be combined with --tag)", false).option("--json", "Machine-readable mode \u2014 emit the updated profile as a single JSON object on stdout (AgentPublic). Prelude moves to stderr. ", false).action(
     async (did, opts) => {
       if (did !== void 0 && opts.fromDid !== void 0 && did !== opts.fromDid) {
         throw new Error(`update: positional <did> (${did}) and --from-did (${opts.fromDid}) disagree \u2014 pass only one`);
       }
       const explicitDid = did ?? opts.fromDid;
-      const targetDid = (explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("update", opts.server, void 0)).did;
+      const targetDid = (explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("update", opts.server, void 0, opts.from)).did;
       const body = buildUpdateBody(opts);
       if (Object.keys(body).length === 0) {
         throw new Error("update: pass at least one of --description / --tag / --clear-tags");
@@ -1414,9 +1428,9 @@ function registerAcceptPrefsCommands(agents) {
   });
   prefs.command("show").description(
     "Read an agent's published accept-prefs (any DID \u2014 the read is signed with YOUR local agent key; any registered agent may read). Buyers: run this BEFORE `delegation offer` so the offer matches"
-  ).argument("<did>", "Agent DID to inspect (any agent, not just your own)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--json", "Emit only the AcceptPrefs JSON (or null) on stdout \u2014 jq-pipeable", false).action(async (did, _opts, cmd) => {
+  ).argument("<did>", "Agent DID to inspect (any agent, not just your own)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Emit only the AcceptPrefs JSON (or null) on stdout \u2014 jq-pipeable", false).action(async (did, _opts, cmd) => {
     const opts = cmd.optsWithGlobals();
-    const sender = resolveSenderAgent("agents accept-prefs show", opts.server, opts.fromDid);
+    const sender = resolveSenderAgent("agents accept-prefs show", opts.server, opts.fromDid, opts.from);
     const api = new ArpApiClient(opts.server);
     progress(opts.json, import_chalk3.default.dim(`Server: ${api.serverUrl}`));
     progress(opts.json, import_chalk3.default.dim(`Signer: ${sender.did}`));
@@ -1539,7 +1553,7 @@ var import_sdk5 = require("@heyanon-arp/sdk");
 var import_chalk5 = __toESM(require("chalk"));
 init_api();
 function resolveSigningAgent(opts) {
-  return opts.fromDid !== void 0 ? loadAgentOrThrow(opts.server, opts.fromDid) : resolveSenderAgent("block", opts.server, void 0);
+  return opts.fromDid !== void 0 ? loadAgentOrThrow(opts.server, opts.fromDid) : resolveSenderAgent("block", opts.server, void 0, opts.from);
 }
 function formatBlockRow(b) {
   const scope = b.scope === import_sdk5.InboxBlockScopes.ACCOUNT ? import_chalk5.default.yellow("account") : import_chalk5.default.cyan("did");
@@ -1548,13 +1562,13 @@ function formatBlockRow(b) {
 }
 function registerBlockCommand(root) {
   const block = root.command("block").description("Manage your inbox blocklist \u2014 refuse inbound messages from an agent (and, by default, its whole owner account).");
-  block.command("add <did>").description("Block an agent. Default blocks the target\u2019s ENTIRE owner account (every sibling agent); --did-only blocks just this DID. You cannot block your own account.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent). The block applies account-wide regardless of which signs.").option("--did-only", "Block only this exact DID, not the whole owner account", false).option("--reason <text>", "Private note (max 512 chars), visible only to you").option("--json", "Machine-readable output", false).action(async (did, opts) => {
+  block.command("add <did>").description("Block an agent. Default blocks the target\u2019s ENTIRE owner account (every sibling agent); --did-only blocks just this DID. You cannot block your own account.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent). The block applies account-wide regardless of which signs.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--did-only", "Block only this exact DID, not the whole owner account", false).option("--reason <text>", "Private note (max 512 chars), visible only to you").option("--json", "Machine-readable output", false).action(async (did, opts) => {
     await runAdd(did, opts);
   });
-  block.command("remove <did>").alias("rm").description("Remove a block. Pass the same DID (+ --did-only flag) you blocked with.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent).").option("--did-only", "The original block was DID-level (didOnly)", false).option("--json", "Machine-readable output", false).action(async (did, opts) => {
+  block.command("remove <did>").alias("rm").description("Remove a block. Pass the same DID (+ --did-only flag) you blocked with.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent).").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--did-only", "The original block was DID-level (didOnly)", false).option("--json", "Machine-readable output", false).action(async (did, opts) => {
     await runRemove(did, opts);
   });
-  block.command("list").description("List your account\u2019s blocks. Each row shows the DID you named + scope \u2014 never the resolved owner account or its other agents.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent).").option("--json", "Machine-readable output \u2014 a JSON array.", false).action(async (opts) => {
+  block.command("list").description("List your account\u2019s blocks. Each row shows the DID you named + scope \u2014 never the resolved owner account or its other agents.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Which of your agents signs (defaults to your sole local agent).").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable output \u2014 a JSON array.", false).action(async (opts) => {
     await runList(opts);
   });
 }
@@ -1766,14 +1780,17 @@ var UNTIL_PHASES = [
 ];
 var WAIT_DEFAULT_INTERVAL_SEC = 3;
 var WAIT_DEFAULT_TIMEOUT_SEC = 300;
+var WAIT_ABS_MAX_SEC = 86400;
+var WAIT_CONTRACT_LAG_MARGIN_SEC = 300;
+var WAIT_CONTRACT_CAP_FALLBACK_SEC = 3600;
 function registerStatusCommand(root) {
-  root.command("status").description("Where am I in the work cycle? FSM state + next-action hint for ONE relationship (signed reads)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--json", "Machine-readable: single JSON object with the composed summary. Pipe-safe.", false).option(
+  root.command("status").description("Where am I in the work cycle? FSM state + next-action hint for ONE relationship (signed reads)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable: single JSON object with the composed summary. Pipe-safe.", false).option(
     "--wait",
     `Block and poll until you can act (\`nextActionOwner === 'me'\` OR \`nextActionOwner === 'either' AND relationshipState === 'active'\`) OR the cycle terminates (COMPLETE / closed / not_found). Exits immediately if either condition is already true at first read. Default cadence ${WAIT_DEFAULT_INTERVAL_SEC}s, --wait-timeout ${WAIT_DEFAULT_TIMEOUT_SEC}s. Pairs with --json so a wrapping script can branch on the new state. Exit code 124 on timeout (unix \`timeout\` convention). Combine with --wait-verbose to see per-tick state snapshots during long waits \u2014 useful for "is it alive or stuck?" diagnosis without spawning a separate \`inbox --tail\` shell.`,
     false
   ).option(
     "--wait-timeout <seconds>",
-    `Max wall-clock seconds to wait when --wait is set (default ${WAIT_DEFAULT_TIMEOUT_SEC}). Process exits code 124 on timeout, matching the unix \`timeout\` convention.`,
+    `Max wall-clock seconds to wait when --wait is set (default ${WAIT_DEFAULT_TIMEOUT_SEC}; with --until it defaults to the live on-chain budget = work+review+dispute windows + margin, read from the contract). Capped at that same on-chain budget. Process exits code 124 on timeout (unix \`timeout\` convention).`,
     String(WAIT_DEFAULT_TIMEOUT_SEC)
   ).option(
     "--wait-interval <seconds>",
@@ -1792,7 +1809,7 @@ function registerStatusCommand(root) {
 }
 async function runStatus(relationshipId, opts) {
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("status", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("status", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
     console.log(import_chalk8.default.dim(`Server: ${api.serverUrl}`));
     console.log(import_chalk8.default.dim(`Signer: ${sender.did}`));
@@ -1809,9 +1826,9 @@ async function runStatus(relationshipId, opts) {
     console.log(formatStatusReport(summary));
     return;
   }
-  const waitTimeout = parseWaitTimeout(opts.waitTimeout);
-  const waitInterval = parseWaitInterval(opts.waitInterval);
   const until = parseUntilPhase(opts.until);
+  const waitInterval = parseWaitInterval(opts.waitInterval);
+  const waitTimeout = await resolveWaitTimeoutSec(api, opts.waitTimeout, { hasUntil: !!until });
   const outcome = await runWaitLoop({
     fetchSummary: () => composeStatus(api, sender.did, relationshipId, signer),
     waitIntervalSec: waitInterval,
@@ -1972,8 +1989,31 @@ function parseWaitTimeout(raw) {
   if (!Number.isFinite(n) || !Number.isInteger(n) || n <= 0) {
     throw new Error(`status: --wait-timeout must be a positive integer number of seconds (got '${raw}')`);
   }
-  if (n > 3600) {
-    throw new Error(`status: --wait-timeout must be <= 3600 seconds (1h). Got ${n}; if you really need to wait longer, script a loop around \`heyarp status\`.`);
+  if (n > WAIT_ABS_MAX_SEC) {
+    throw new Error(`status: --wait-timeout must be <= ${WAIT_ABS_MAX_SEC} seconds (24h, the max envelope TTL). Got ${n}.`);
+  }
+  return n;
+}
+function contractWaitCapSec(cfg) {
+  const w = Number(cfg?.workWindowSecs);
+  const r = Number(cfg?.reviewWindowSecs);
+  const d = Number(cfg?.disputeWindowSecs);
+  if (![w, r, d].every((n) => Number.isFinite(n) && n > 0)) return WAIT_CONTRACT_CAP_FALLBACK_SEC;
+  return Math.min(WAIT_ABS_MAX_SEC, w + r + d + WAIT_CONTRACT_LAG_MARGIN_SEC);
+}
+async function resolveWaitTimeoutSec(api, raw, opts) {
+  let cap;
+  try {
+    cap = contractWaitCapSec(await api.getEscrowConfig());
+  } catch {
+    cap = WAIT_CONTRACT_CAP_FALLBACK_SEC;
+  }
+  if (raw === void 0) return opts.hasUntil ? cap : WAIT_DEFAULT_TIMEOUT_SEC;
+  const n = parseWaitTimeout(raw);
+  if (n > cap) {
+    throw new Error(
+      `status: --wait-timeout ${n}s exceeds the live on-chain budget of ${cap}s (work+review+dispute windows + ${WAIT_CONTRACT_LAG_MARGIN_SEC}s lag, read from the contract). Nothing stays pending longer; lower it or script a loop around \`heyarp status\`.`
+    );
   }
   return n;
 }
@@ -2380,277 +2420,12 @@ function stateColor(state) {
 // src/commands/wallet.ts
 var import_sdk11 = require("@heyanon-arp/sdk");
 var import_utils = require("@noble/hashes/utils");
-var import_web32 = require("@solana/web3.js");
+var import_web3 = require("@solana/web3.js");
 init_api();
 init_config();
 
 // src/solana/escrow-ix.ts
 var import_sdk9 = require("@heyanon-arp/sdk");
-var import_web3 = require("@solana/web3.js");
-var SPL_TOKEN_PROGRAM_ID = new import_web3.PublicKey(import_sdk9.SPL_TOKEN_PROGRAM_ID_BASE58);
-var ASSOCIATED_TOKEN_PROGRAM_ID = new import_web3.PublicKey(import_sdk9.ASSOCIATED_TOKEN_PROGRAM_ID_BASE58);
-var NATIVE_SOL_MINT = new import_web3.PublicKey(import_sdk9.NATIVE_SOL_MINT_BASE58);
-function deriveLockPda(programId, lockId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk9.ESCROW_PDA_SEEDS.LOCK), Buffer.from(lockId)], programId)[0];
-}
-function deriveEscrowPda(programId, lockId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk9.ESCROW_PDA_SEEDS.ESCROW), Buffer.from(lockId)], programId)[0];
-}
-function deriveConfigPda(programId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk9.ESCROW_PDA_SEEDS.CONFIG)], programId)[0];
-}
-function deriveStakeVaultPda(programId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk9.ESCROW_PDA_SEEDS.STAKE_VAULT)], programId)[0];
-}
-function deriveCollateralConfigPda(programId, mint) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk9.ESCROW_PDA_SEEDS.COLLATERAL), mint.toBuffer()], programId)[0];
-}
-function deriveDisputeResolutionPda(programId, lockId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk9.ESCROW_PDA_SEEDS.DISPUTE_RESOLUTION), Buffer.from(lockId)], programId)[0];
-}
-function deriveOperatorAuthPda(programId, operator) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk9.ESCROW_PDA_SEEDS.OPERATOR_AUTH), operator.toBuffer()], programId)[0];
-}
-function deriveEventAuthorityPda(programId) {
-  return import_web3.PublicKey.findProgramAddressSync([Buffer.from(import_sdk9.ESCROW_PDA_SEEDS.EVENT_AUTHORITY)], programId)[0];
-}
-function deriveAta(owner, mint) {
-  return import_web3.PublicKey.findProgramAddressSync([owner.toBuffer(), SPL_TOKEN_PROGRAM_ID.toBuffer(), mint.toBuffer()], ASSOCIATED_TOKEN_PROGRAM_ID)[0];
-}
-function eventCpiTail(programId) {
-  return [
-    { pubkey: deriveEventAuthorityPda(programId), isSigner: false, isWritable: false },
-    { pubkey: programId, isSigner: false, isWritable: false }
-  ];
-}
-function meta(pubkey, opts = {}) {
-  return { pubkey, isSigner: opts.signer === true, isWritable: opts.writable === true };
-}
-function noArgIx(programId, name, keys) {
-  return new import_web3.TransactionInstruction({ programId, keys, data: Buffer.from((0, import_sdk9.buildLifecycleIxData)(name)) });
-}
-function buildCreateLockIx(input) {
-  const { programId, lockId } = input;
-  const native = input.mint === null;
-  const data = Buffer.from((0, import_sdk9.buildCreateLockIxData)({ lockId, amount: input.amount, conditionHash: input.conditionHash }, { native }));
-  const head = [
-    meta(input.payer, { signer: true, writable: true }),
-    meta(input.payee),
-    meta(deriveConfigPda(programId)),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(deriveCollateralConfigPda(programId, input.mint ?? NATIVE_SOL_MINT))
-  ];
-  const keys = native ? [...head, meta(deriveEscrowPda(programId, lockId), { writable: true }), meta(import_web3.SystemProgram.programId), ...eventCpiTail(programId)] : [
-    ...head,
-    meta(input.mint),
-    meta(deriveAta(input.payer, input.mint), { writable: true }),
-    meta(deriveEscrowPda(programId, lockId), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    meta(SPL_TOKEN_PROGRAM_ID),
-    ...eventCpiTail(programId)
-  ];
-  return new import_web3.TransactionInstruction({ programId, keys, data });
-}
-function buildAcceptLockIx(input) {
-  const { programId, lockId } = input;
-  return noArgIx(programId, "accept_lock", [
-    meta(input.payee, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveStakeVaultPda(programId), { writable: true }),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildSubmitWorkIx(input) {
-  const { programId, lockId } = input;
-  return noArgIx(programId, "submit_work", [
-    meta(input.payee, { signer: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildClaimWorkPaymentIx(input) {
-  const { programId, lockId } = input;
-  if (input.mint === null) {
-    return noArgIx(programId, "claim_work_payment_native", [
-      meta(input.authority, { signer: true, writable: true }),
-      meta(deriveStakeVaultPda(programId), { writable: true }),
-      meta(deriveLockPda(programId, lockId), { writable: true }),
-      meta(deriveEscrowPda(programId, lockId), { writable: true }),
-      meta(input.payer, { writable: true }),
-      meta(input.payee, { writable: true }),
-      meta(input.feeRecipient, { writable: true }),
-      meta(import_web3.SystemProgram.programId),
-      ...eventCpiTail(programId)
-    ]);
-  }
-  return noArgIx(programId, "claim_work_payment", [
-    meta(input.authority, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveStakeVaultPda(programId), { writable: true }),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(input.mint),
-    meta(deriveEscrowPda(programId, lockId), { writable: true }),
-    meta(input.payer, { writable: true }),
-    meta(input.payee, { writable: true }),
-    meta(deriveAta(input.payee, input.mint), { writable: true }),
-    meta(input.feeRecipient),
-    meta(deriveAta(input.feeRecipient, input.mint), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    meta(SPL_TOKEN_PROGRAM_ID),
-    meta(ASSOCIATED_TOKEN_PROGRAM_ID),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildCancelLockIx(input) {
-  const { programId, lockId } = input;
-  if (input.mint === null) {
-    return noArgIx(programId, "cancel_lock_native", [
-      meta(input.payer, { signer: true, writable: true }),
-      meta(deriveLockPda(programId, lockId), { writable: true }),
-      meta(deriveEscrowPda(programId, lockId), { writable: true }),
-      meta(import_web3.SystemProgram.programId),
-      ...eventCpiTail(programId)
-    ]);
-  }
-  return noArgIx(programId, "cancel_lock", [
-    meta(input.payer, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(input.mint),
-    meta(deriveEscrowPda(programId, lockId), { writable: true }),
-    meta(deriveAta(input.payer, input.mint), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    meta(SPL_TOKEN_PROGRAM_ID),
-    meta(ASSOCIATED_TOKEN_PROGRAM_ID),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildClaimExpiredWorkIx(input) {
-  const { programId, lockId } = input;
-  if (input.mint === null) {
-    return noArgIx(programId, "claim_expired_work_native", [
-      meta(input.payer, { signer: true, writable: true }),
-      meta(deriveStakeVaultPda(programId), { writable: true }),
-      meta(deriveLockPda(programId, lockId), { writable: true }),
-      meta(deriveEscrowPda(programId, lockId), { writable: true }),
-      meta(import_web3.SystemProgram.programId),
-      ...eventCpiTail(programId)
-    ]);
-  }
-  return noArgIx(programId, "claim_expired_work", [
-    meta(input.payer, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveStakeVaultPda(programId), { writable: true }),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(input.mint),
-    meta(deriveEscrowPda(programId, lockId), { writable: true }),
-    meta(deriveAta(input.payer, input.mint), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    meta(SPL_TOKEN_PROGRAM_ID),
-    meta(ASSOCIATED_TOKEN_PROGRAM_ID),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildOpenDisputeIx(input) {
-  const { programId, lockId } = input;
-  return noArgIx(programId, "open_dispute", [
-    meta(input.payer, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveStakeVaultPda(programId), { writable: true }),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    ...eventCpiTail(programId)
-  ]);
-}
-function buildResolveDisputeIx(input) {
-  const { programId, lockId } = input;
-  const native = input.mint === null;
-  const data = Buffer.from((0, import_sdk9.buildResolveDisputeIxData)(input.args, { native }));
-  if (native) {
-    return new import_web3.TransactionInstruction({
-      programId,
-      data,
-      keys: [
-        meta(input.operator, { signer: true, writable: true }),
-        meta(deriveOperatorAuthPda(programId, input.operator)),
-        meta(deriveStakeVaultPda(programId), { writable: true }),
-        meta(deriveLockPda(programId, lockId), { writable: true }),
-        meta(deriveDisputeResolutionPda(programId, lockId), { writable: true }),
-        meta(deriveEscrowPda(programId, lockId), { writable: true }),
-        meta(input.payer, { writable: true }),
-        meta(input.winner, { writable: true }),
-        meta(input.feeRecipient, { writable: true }),
-        meta(input.treasury, { writable: true }),
-        meta(import_web3.SystemProgram.programId),
-        ...eventCpiTail(programId)
-      ]
-    });
-  }
-  return new import_web3.TransactionInstruction({
-    programId,
-    data,
-    keys: [
-      meta(input.operator, { signer: true, writable: true }),
-      meta(deriveOperatorAuthPda(programId, input.operator)),
-      meta(deriveConfigPda(programId)),
-      meta(deriveStakeVaultPda(programId), { writable: true }),
-      meta(deriveLockPda(programId, lockId), { writable: true }),
-      meta(deriveDisputeResolutionPda(programId, lockId), { writable: true }),
-      meta(input.mint),
-      meta(deriveEscrowPda(programId, lockId), { writable: true }),
-      meta(input.payer, { writable: true }),
-      meta(input.winner, { writable: true }),
-      meta(deriveAta(input.winner, input.mint), { writable: true }),
-      meta(input.feeRecipient),
-      meta(deriveAta(input.feeRecipient, input.mint), { writable: true }),
-      meta(input.treasury, { writable: true }),
-      meta(import_web3.SystemProgram.programId),
-      meta(SPL_TOKEN_PROGRAM_ID),
-      meta(ASSOCIATED_TOKEN_PROGRAM_ID),
-      ...eventCpiTail(programId)
-    ]
-  });
-}
-function buildCloseDisputeIx(input) {
-  const { programId, lockId } = input;
-  if (input.mint === null) {
-    return noArgIx(programId, "close_dispute_native", [
-      meta(input.authority, { signer: true, writable: true }),
-      meta(deriveStakeVaultPda(programId), { writable: true }),
-      meta(deriveLockPda(programId, lockId), { writable: true }),
-      meta(deriveEscrowPda(programId, lockId), { writable: true }),
-      meta(input.payer, { writable: true }),
-      meta(input.payee, { writable: true }),
-      meta(import_web3.SystemProgram.programId),
-      ...eventCpiTail(programId)
-    ]);
-  }
-  return noArgIx(programId, "close_dispute", [
-    meta(input.authority, { signer: true, writable: true }),
-    meta(deriveConfigPda(programId)),
-    meta(deriveStakeVaultPda(programId), { writable: true }),
-    meta(deriveLockPda(programId, lockId), { writable: true }),
-    meta(input.mint),
-    meta(deriveEscrowPda(programId, lockId), { writable: true }),
-    meta(input.payer, { writable: true }),
-    meta(deriveAta(input.payer, input.mint), { writable: true }),
-    meta(input.payee, { writable: true }),
-    meta(import_web3.SystemProgram.programId),
-    meta(SPL_TOKEN_PROGRAM_ID),
-    meta(ASSOCIATED_TOKEN_PROGRAM_ID),
-    ...eventCpiTail(programId)
-  ]);
-}
-async function fetchLockAccount(conn, programId, delegationId) {
-  const lockId = (0, import_sdk9.deriveLockId)(delegationId);
-  const lockPda = deriveLockPda(programId, lockId);
-  const info = await conn.getAccountInfo(lockPda);
-  if (!info) return null;
-  return { lockId, lockPda, lock: (0, import_sdk9.decodeLockAccount)(Uint8Array.from(info.data)) };
-}
 
 // src/commands/token-amount.ts
 var import_sdk10 = require("@heyanon-arp/sdk");
@@ -2684,8 +2459,8 @@ function normaliseDelegationId(raw) {
   }
   throw new Error(`wallet: --delegation-id must be either 'del_<uuid>' or a bare canonical-lowercase UUID (got '${raw}')`);
 }
-var SPL_TOKEN_PROGRAM_ID2 = new import_web32.PublicKey(import_sdk11.SPL_TOKEN_PROGRAM_ID_BASE58);
-var ASSOCIATED_TOKEN_PROGRAM_ID2 = new import_web32.PublicKey(import_sdk11.ASSOCIATED_TOKEN_PROGRAM_ID_BASE58);
+var SPL_TOKEN_PROGRAM_ID2 = new import_web3.PublicKey(import_sdk11.SPL_TOKEN_PROGRAM_ID_BASE58);
+var ASSOCIATED_TOKEN_PROGRAM_ID2 = new import_web3.PublicKey(import_sdk11.ASSOCIATED_TOKEN_PROGRAM_ID_BASE58);
 var FALLBACK_RPC_URL = "https://api.mainnet-beta.solana.com";
 function resolveRpcUrl(opts) {
   if (opts.rpcUrl !== void 0 && opts.rpcUrl !== "") return opts.rpcUrl;
@@ -2788,14 +2563,14 @@ function registerDerivePdas(cmd) {
 async function derivePdasHandler(opts) {
   const normalisedDelegationId = normaliseDelegationId(opts.delegationId);
   const api = new ArpApiClient(opts.server);
-  const programId = new import_web32.PublicKey(await resolveProgramIdStrict(api, opts, "wallet derive-pdas"));
+  const programId = new import_web3.PublicKey(await resolveProgramIdStrict(api, opts, "wallet derive-pdas"));
   const lockIdBytes = (0, import_sdk11.deriveLockId)(normalisedDelegationId);
   const lockIdSeed = Buffer.from(lockIdBytes);
   const lockIdHex = Buffer.from(lockIdBytes).toString("hex");
-  const [lockPda] = import_web32.PublicKey.findProgramAddressSync([Buffer.from("lock"), lockIdSeed], programId);
-  const [escrowPda] = import_web32.PublicKey.findProgramAddressSync([Buffer.from("escrow"), lockIdSeed], programId);
-  const [configPda] = import_web32.PublicKey.findProgramAddressSync([Buffer.from("config")], programId);
-  const [eventAuthorityPda] = import_web32.PublicKey.findProgramAddressSync([Buffer.from("__event_authority")], programId);
+  const [lockPda] = import_web3.PublicKey.findProgramAddressSync([Buffer.from("lock"), lockIdSeed], programId);
+  const [escrowPda] = import_web3.PublicKey.findProgramAddressSync([Buffer.from("escrow"), lockIdSeed], programId);
+  const [configPda] = import_web3.PublicKey.findProgramAddressSync([Buffer.from("config")], programId);
+  const [eventAuthorityPda] = import_web3.PublicKey.findProgramAddressSync([Buffer.from("__event_authority")], programId);
   return {
     delegation_id: normalisedDelegationId,
     lock_id_hex: lockIdHex,
@@ -2823,7 +2598,7 @@ function registerVerifyRelease(cmd) {
   ).option(
     "--program-id <pubkey>",
     "Deployed ARP escrow program id. STRICT: flag > ARP_ESCROW_PROGRAM_ID env > GET /v1/escrow/config > FAIL \u2014 a wrong-program read would silently report lock_never_created."
-  ).option("--from-did <did>", "Accepted for scripting symmetry with the signing commands; verify-release reads on-chain state only and needs no signer, so this is ignored.").option("--json", "Emit JSON instead of human text. jq-pipeable.", false).action(async (opts) => {
+  ).option("--from-did <did>", "Accepted for scripting symmetry with the signing commands; verify-release reads on-chain state only and needs no signer, so this is ignored.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Emit JSON instead of human text. jq-pipeable.", false).action(async (opts) => {
     try {
       const out = await verifyReleaseHandler(opts);
       if (opts.json) {
@@ -2854,13 +2629,13 @@ function registerVerifyRelease(cmd) {
 async function verifyReleaseHandler(opts) {
   const normalisedDelegationId = normaliseDelegationId(opts.delegationId);
   const api = new ArpApiClient(opts.server);
-  const programId = new import_web32.PublicKey(await resolveProgramIdStrict(api, opts));
+  const programId = new import_web3.PublicKey(await resolveProgramIdStrict(api, opts));
   const rpcUrl = resolveRpcUrlStrict(opts);
-  const conn = new import_web32.Connection(rpcUrl, "confirmed");
-  const fetched = await fetchLockAccount(conn, programId, normalisedDelegationId);
+  const conn = new import_web3.Connection(rpcUrl, "confirmed");
+  const fetched = await (0, import_sdk9.fetchLockAccount)(conn, programId, normalisedDelegationId);
   const lockId = (0, import_sdk11.deriveLockId)(normalisedDelegationId);
-  const lockPda = deriveLockPda(programId, lockId);
-  const escrowPda = deriveEscrowPda(programId, lockId);
+  const lockPda = (0, import_sdk9.deriveLockPda)(programId, lockId);
+  const escrowPda = (0, import_sdk9.deriveEscrowPda)(programId, lockId);
   if (!fetched) {
     return {
       delegation_id: normalisedDelegationId,
@@ -2914,7 +2689,7 @@ function renderStatusLine(status) {
 function registerCreateLock(cmd) {
   cmd.command("create-lock").description(
     "Build + sign a create_lock Solana tx (native SOL or an SPL token); output JSON ready for attachments.escrow_lock. This command does NOT submit the tx to chain \u2014 it only signs the blob locally. Run this AFTER the worker accepts your offer; the actual on-chain submission happens inside `heyarp delegation fund <delegation-id> --escrow-lock-from-file <path>` (the server's escrow worker picks up the signed blob from the fund envelope's attachments and posts it). Watch for the `lock_id` appearing on-chain only AFTER `delegation fund` runs, not after this command."
-  ).option("--server <url>", "Override server URL for sender-key resolution").option("--from-did <did>", "Sender DID (= payer of the lock). Required when more than one agent on the host.").requiredOption("--delegation-id <id>", "Delegation UUID (drives the lock_id derivation)").requiredOption("--recipient-pubkey <base58>", "Payee Solana pubkey (recipient agent's settlement_pubkey)").option("--amount-lamports <int>", "NATIVE SOL: lock amount in lamports (1 SOL = 1_000_000_000). Required when --mint-pubkey is omitted; not allowed with it.").option("--mint-pubkey <base58>", "SPL token mint to lock. Omit for native SOL. Must be a legacy SPL Token mint (Token-2022 is not supported).").option("--amount-base-units <int>", "SPL: lock amount in the mint's base units (e.g. 1000000 = 1 USDC at 6 decimals). Canonical SPL amount input.").option(
+  ).option("--server <url>", "Override server URL for sender-key resolution").option("--from-did <did>", "Sender DID (= payer of the lock). Required when more than one agent on the host.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").requiredOption("--delegation-id <id>", "Delegation UUID (drives the lock_id derivation)").requiredOption("--recipient-pubkey <base58>", "Payee Solana pubkey (recipient agent's settlement_pubkey)").option("--amount-lamports <int>", "NATIVE SOL: lock amount in lamports (1 SOL = 1_000_000_000). Required when --mint-pubkey is omitted; not allowed with it.").option("--mint-pubkey <base58>", "SPL token mint to lock. Omit for native SOL. Must be a legacy SPL Token mint (Token-2022 is not supported).").option("--amount-base-units <int>", "SPL: lock amount in the mint's base units (e.g. 1000000 = 1 USDC at 6 decimals). Canonical SPL amount input.").option(
     "--amount <decimal>",
     "SPL: lock amount as a human decimal (e.g. 1.5); converted using the mint's on-chain decimals. Convenience alternative to --amount-base-units."
   ).requiredOption("--condition-hash <hex>", "32-byte hex condition_hash from `heyarp escrow derive-condition-hash` (binds the delegation terms)").option(
@@ -3048,7 +2823,7 @@ async function resolveCreateLockAsset(conn, opts, payer, clusterCaip2) {
   if (amount === 0n) {
     throw new Error("wallet create-lock: lock amount must be greater than zero.");
   }
-  const [payerAta] = import_web32.PublicKey.findProgramAddressSync([payer.toBuffer(), SPL_TOKEN_PROGRAM_ID2.toBuffer(), mint.toBuffer()], ASSOCIATED_TOKEN_PROGRAM_ID2);
+  const [payerAta] = import_web3.PublicKey.findProgramAddressSync([payer.toBuffer(), SPL_TOKEN_PROGRAM_ID2.toBuffer(), mint.toBuffer()], ASSOCIATED_TOKEN_PROGRAM_ID2);
   const ataInfo = await conn.getAccountInfo(payerAta);
   if (!ataInfo) {
     throw new Error(
@@ -3058,8 +2833,8 @@ async function resolveCreateLockAsset(conn, opts, payer, clusterCaip2) {
   if (ataInfo.data.length < 72) {
     throw new Error(`wallet create-lock: payer token account ${payerAta.toBase58()} is malformed (data length ${ataInfo.data.length} < 72).`);
   }
-  const ataMint = new import_web32.PublicKey(ataInfo.data.subarray(0, 32));
-  const ataOwner = new import_web32.PublicKey(ataInfo.data.subarray(32, 64));
+  const ataMint = new import_web3.PublicKey(ataInfo.data.subarray(0, 32));
+  const ataOwner = new import_web3.PublicKey(ataInfo.data.subarray(32, 64));
   if (!ataMint.equals(mint)) {
     throw new Error(`wallet create-lock: payer token account ${payerAta.toBase58()} is for mint ${ataMint.toBase58()}, not ${mint.toBase58()}.`);
   }
@@ -3080,7 +2855,7 @@ async function resolveCreateLockAsset(conn, opts, payer, clusterCaip2) {
   };
 }
 async function createLockHandler(opts) {
-  const agent = resolveSenderAgent("wallet create-lock", opts.server, opts.fromDid);
+  const agent = resolveSenderAgent("wallet create-lock", opts.server, opts.fromDid, opts.from);
   const payerKp = keypairFromAgent(agent);
   const normalisedDelegationId = normaliseDelegationId(opts.delegationId);
   const payee = parsePubkey(opts.recipientPubkey, "--recipient-pubkey");
@@ -3096,13 +2871,13 @@ async function createLockHandler(opts) {
   if (!offlineMode) {
     await preflightLockCurrency(api, agent, normalisedDelegationId, expectedLockAsset);
   }
-  const programId = new import_web32.PublicKey(await resolveProgramId(api, opts));
+  const programId = new import_web3.PublicKey(await resolveProgramId(api, opts));
   const rpcUrl = resolveRpcUrl(opts);
-  const conn = new import_web32.Connection(rpcUrl, "confirmed");
+  const conn = new import_web3.Connection(rpcUrl, "confirmed");
   const asset = await resolveCreateLockAsset(conn, opts, payerKp.publicKey, clusterCaip2);
   const amount = asset.amount;
   const lockIdBytes = (0, import_sdk11.deriveLockId)(normalisedDelegationId);
-  const ix = buildCreateLockIx({
+  const ix = (0, import_sdk9.buildCreateLockIx)({
     programId,
     lockId: lockIdBytes,
     payer: payerKp.publicKey,
@@ -3111,11 +2886,14 @@ async function createLockHandler(opts) {
     conditionHash,
     mint: asset.kind === "spl" ? asset.mint : null
   });
-  const tx = new import_web32.Transaction().add(ix);
+  const tx = new import_web3.Transaction().add(ix);
   tx.feePayer = payerKp.publicKey;
-  const { blockhash } = await conn.getLatestBlockhash("confirmed");
+  const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash("confirmed");
   tx.recentBlockhash = blockhash;
   tx.sign(payerKp);
+  process.stderr.write(
+    "\u26A0 create-lock: this signed blob is valid for only ~60-90s \u2014 run `heyarp delegation fund` NOW. If you wait, the create_lock tx is silently dropped on-chain and the delegation fails; re-run create-lock to retry.\n"
+  );
   const blob = tx.serialize({ requireAllSignatures: true, verifySignatures: true });
   return {
     signed_tx_blob: blob.toString("base64"),
@@ -3138,22 +2916,26 @@ async function createLockHandler(opts) {
     // Record the program id the create_lock ix was built against.
     // `delegation offer` cross-checks this pre-flight so a stale
     // ESCRoW... fallback lock doesn't ship silently.
-    program_id: programId.toBase58()
+    program_id: programId.toBase58(),
+    // Blockhash + its expiry slot — the ~60-90s submission window for
+    // this blob (see CreateLockOutput docs).
+    blockhash,
+    last_valid_block_height: lastValidBlockHeight
   };
 }
 function keypairFromAgent(agent) {
   const stored = base64ToBytes(agent.settlementSecretKeyB64);
   if (stored.length === 32) {
-    return import_web32.Keypair.fromSeed(stored);
+    return import_web3.Keypair.fromSeed(stored);
   }
   if (stored.length === 64) {
-    return import_web32.Keypair.fromSecretKey(stored);
+    return import_web3.Keypair.fromSecretKey(stored);
   }
   throw new Error(`agent ${agent.did}: settlementSecretKeyB64 must decode to 32 bytes (Ed25519 seed) or 64 bytes (Solana expanded form); got ${stored.length}`);
 }
 function parsePubkey(value, flag) {
   try {
-    return new import_web32.PublicKey(value);
+    return new import_web3.PublicKey(value);
   } catch (err) {
     throw new Error(`${flag}: invalid base58 pubkey '${value}': ${err.message}`);
   }
@@ -3186,14 +2968,17 @@ function registerDelegationCommands(root) {
   registerCancel(cmd);
 }
 function registerOffer(parent) {
-  parent.command("offer").description("Open a new delegation addressed to <recipient-did> with the agreed terms INLINE (no escrow lock \u2014 fund AFTER acceptance via `delegation fund`).").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (did:arp:...)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--delegation-id <uuid>", "Override the auto-generated delegation id (UUID). Reuse the SAME id at `heyarp delegation fund` time. Useful for replay / scripting.").option("--title <s>", "Required: human-readable title for the offer").option("--brief <json>", "Optional structured brief (JSON object)").option("--criterion <s>", "acceptance_criteria \u2014 repeatable; pass --criterion once per bullet", collectRepeated, []).option("--deadline <rfc3339>", 'Optional RFC 3339 deadline (e.g. "2026-12-31T23:59:59Z")').option("--scope <text>", "scope_summary \u2014 short prose describing the agreed work. Required.").option("--amount <s>", 'Optional decimal-as-string amount (e.g. "10.00"). REQUIRES --currency if set.').option("--currency <s>", `Asset identifier: shorthand (${import_sdk12.WELL_KNOWN_ASSET_KEYS.join("|")}) OR raw CAIP-19 string.`).option("--currency-decimals <n>", "Decimal places for base-unit conversion (0-18). Required only when --currency is raw CAIP-19.").option("--currency-symbol <s>", 'Optional UI hint ("USDC", "SOL"). Max 16 chars.').option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk12.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  parent.command("offer").description("Open a new delegation addressed to <recipient-did> with the agreed terms INLINE (no escrow lock \u2014 fund AFTER acceptance via `delegation fund`).").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (did:arp:...)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--delegation-id <uuid>", "Override the auto-generated delegation id (UUID). Reuse the SAME id at `heyarp delegation fund` time. Useful for replay / scripting.").option("--title <s>", "Required: human-readable title for the offer").option("--brief <json>", "Optional structured brief (JSON object)").option("--criterion <s>", "acceptance_criteria \u2014 repeatable; pass --criterion once per bullet", collectRepeated, []).option("--deadline <rfc3339>", 'Optional RFC 3339 deadline (e.g. "2026-12-31T23:59:59Z")').option("--scope <text>", "scope_summary \u2014 short prose describing the agreed work. Required.").option("--amount <s>", 'Optional decimal-as-string amount (e.g. "10.00"). REQUIRES --currency if set.').option("--currency <s>", `Asset identifier: shorthand (${import_sdk12.WELL_KNOWN_ASSET_KEYS.join("|")}) OR raw CAIP-19 string.`).option("--currency-decimals <n>", "Decimal places for base-unit conversion (0-18). Required only when --currency is raw CAIP-19.").option("--currency-symbol <s>", 'Optional UI hint ("USDC", "SOL"). Max 16 chars.').option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk12.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"offer", delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude + the "reference this delegation" hints move to stderr; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
     false
   ).option(
     "--wait-until <phase>",
     'Block after delivery until the named FSM phase is reached (e.g. delegation.accepted). One of the UNTIL_PHASES from `heyarp status --help`. Exit code 124 on --wait-timeout. Recovers the "sub-agent exits before counterparty accepts" antipattern.'
-  ).option("--wait-timeout <seconds>", "When --wait-until is set: max wall-clock wait (default 300). Exit code 124 on timeout.").option("--wait-interval <seconds>", "When --wait-until is set: poll cadence (default 3, bound [1, 60]).").option(
+  ).option(
+    "--wait-timeout <seconds>",
+    "When --wait-until is set: max wall-clock wait. Omitted \u2192 auto-sized to the live on-chain budget (work+review+dispute windows + margin, read from the contract); explicit values are capped at that budget. Exit code 124 on timeout."
+  ).option("--wait-interval <seconds>", "When --wait-until is set: poll cadence (default 3, bound [1, 60]).").option(
     "--wait-verbose",
     'When --wait-until is set: emit one dim line per poll tick showing the current FSM state. Useful for "is it alive or stuck?" diagnosis on long blocks.',
     false
@@ -3327,7 +3112,7 @@ async function runOffer(recipientDid, opts) {
     );
   }
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("delegation offer", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("delegation offer", opts.server, opts.fromDid, opts.from);
   const content = {
     action: import_sdk12.DelegationActions.OFFER,
     delegation_id: delegationId,
@@ -3418,7 +3203,8 @@ After the worker accepts, fund the escrow lock:`));
       relationshipId: result.relationshipId,
       untilPhase,
       waitIntervalSec: parseWaitInterval(opts.waitInterval),
-      waitTimeoutSec: parseWaitTimeout(opts.waitTimeout),
+      // Cap/default the wait against the live on-chain windows (work+review+dispute).
+      waitTimeoutSec: await resolveWaitTimeoutSec(api, opts.waitTimeout, { hasUntil: true }),
       waitVerbose: !!opts.waitVerbose,
       json: false
       // delegation offer is a human-text command (printIngestResult is human-text); JSON mode would be a follow-up.
@@ -3426,7 +3212,7 @@ After the worker accepts, fund the escrow lock:`));
   }
 }
 function registerFund(parent) {
-  parent.command("fund").description("Fund an ACCEPTED delegation with the escrow lock (buyer-only). Run AFTER the worker accepts the offer.").argument("<delegation-id>", "Delegation UUID (the one you offered + the worker accepted)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk12.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  parent.command("fund").description("Fund an ACCEPTED delegation with the escrow lock (buyer-only). Run AFTER the worker accepts the offer.").argument("<delegation-id>", "Delegation UUID (the one you offered + the worker accepted)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk12.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"fund", delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude moves off stdout; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
     false
@@ -3442,7 +3228,10 @@ function registerFund(parent) {
   ).option(
     "--wait-until <phase>",
     "Block after delivery until the named FSM phase is reached (typically delegation.locked \u2014 resolves once the escrow lock confirms on chain). One of the UNTIL_PHASES from `heyarp status --help`. Exit code 124 on --wait-timeout."
-  ).option("--wait-timeout <seconds>", "When --wait-until is set: max wall-clock wait (default 300). Exit code 124 on timeout.").option("--wait-interval <seconds>", "When --wait-until is set: poll cadence (default 3, bound [1, 60]).").option("--wait-verbose", "When --wait-until is set: emit one dim line per poll tick showing the current FSM state.", false).action(async (delegationId, opts) => {
+  ).option(
+    "--wait-timeout <seconds>",
+    "When --wait-until is set: max wall-clock wait. Omitted \u2192 auto-sized to the live on-chain budget (work+review+dispute windows + margin, read from the contract); explicit values are capped at that budget. Exit code 124 on timeout."
+  ).option("--wait-interval <seconds>", "When --wait-until is set: poll cadence (default 3, bound [1, 60]).").option("--wait-verbose", "When --wait-until is set: emit one dim line per poll tick showing the current FSM state.", false).action(async (delegationId, opts) => {
     await runFund(delegationId, opts);
   });
 }
@@ -3467,7 +3256,7 @@ async function runFund(delegationId, opts) {
     );
   }
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("delegation fund", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("delegation fund", opts.server, opts.fromDid, opts.from);
   const signer = makeSigner(sender);
   const resolved = await resolveFundRefs("delegation fund", api, signer, { delegationId, selfDid: sender.did });
   if (escrowResult.lockProgramId !== void 0) {
@@ -3540,11 +3329,11 @@ async function runFund(delegationId, opts) {
       relationshipId: result.relationshipId,
       untilPhase,
       waitIntervalSec: parseWaitInterval(opts.waitInterval),
-      // Lock finalization on devnet routinely takes 5–12 min
-      // (submit → confirm → indexer projection), so fund gets a
-      // larger default than the generic 300s — a timeout here is
-      // almost never a failure, just a slow chain.
-      waitTimeoutSec: parseWaitTimeout(opts.waitTimeout ?? "1200"),
+      // Lock finalization (submit → confirm → indexer projection) is
+      // slow, so an omitted timeout auto-sizes to the live on-chain
+      // budget (work+review+dispute + margin) — generous by design;
+      // a timeout here is almost never a failure, just a slow chain.
+      waitTimeoutSec: await resolveWaitTimeoutSec(api, opts.waitTimeout, { hasUntil: true }),
       waitVerbose: !!opts.waitVerbose,
       json: false
     });
@@ -3575,7 +3364,7 @@ async function resolveFundRefs(cmdName, api, signer, args) {
   );
 }
 function registerAccept(parent) {
-  parent.command("accept").description("Accept a PROPOSED delegation \u2014 promotes to ACCEPTED. Counterparty-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  parent.command("accept").description("Accept a PROPOSED delegation \u2014 promotes to ACCEPTED. Counterparty-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"accept", delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude + pending-lock poll chatter move off stdout; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
     false
@@ -3587,7 +3376,7 @@ function registerAccept(parent) {
   });
 }
 function registerDecline(parent) {
-  parent.command("decline").description("Decline a PROPOSED delegation \u2014 moves to DECLINED. Counterparty-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").requiredOption(
+  parent.command("decline").description("Decline a PROPOSED delegation \u2014 moves to DECLINED. Counterparty-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").requiredOption(
     "--reason <code>",
     // surface the closed enum at help time so operators
     // don't have to read source to find acceptable values.
@@ -3604,7 +3393,7 @@ function registerDecline(parent) {
   });
 }
 function registerCancel(parent) {
-  parent.command("cancel").description("Cancel an OFFERED delegation \u2014 moves to CANCELED. Offerer-only (the OTHER side uses decline).").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  parent.command("cancel").description("Cancel an OFFERED delegation \u2014 moves to CANCELED. Offerer-only (the OTHER side uses decline).").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Delegation UUID").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     'Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, action:"cancel", delegationId, eventId, relationshipId, relationshipEventIndex, serverTimestamp, serverEventHash}). Prelude + pending-lock poll chatter move off stdout; on failure stderr carries `{code, message}`. Mutually exclusive with --verbose.',
     false
@@ -3634,7 +3423,7 @@ async function runFollowupAction(relationshipId, delegationId, action, opts) {
     declinePayload = validatedDetail ? { reason, reasonDetail: validatedDetail } : { reason };
   }
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent(cmdName, opts.server, opts.fromDid);
+  const sender = resolveSenderAgent(cmdName, opts.server, opts.fromDid, opts.from);
   const signer = makeSigner(sender);
   const resolved = await resolveDelegationRefs(cmdName, api, signer, { relationshipId, delegationId, action, selfDid: sender.did });
   if (resolved.state === import_sdk12.DelegationStates.PENDING_LOCK_FINALIZATION && opts.waitForLock !== false) {
@@ -4001,7 +3790,7 @@ var import_chalk10 = __toESM(require("chalk"));
 init_api();
 var ALLOWED_STATES = /* @__PURE__ */ new Set([import_sdk13.DelegationStates.OFFERED, import_sdk13.DelegationStates.ACCEPTED, import_sdk13.DelegationStates.DECLINED, import_sdk13.DelegationStates.CANCELED]);
 function registerDelegationsCommand(root) {
-  root.command("delegations").description("List delegations for a relationship (one row per delegationId, oldest-first)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--state <s>", "Filter by exact state (offered|accepted|declined|canceled)").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option(
+  root.command("delegations").description("List delegations for a relationship (one row per delegationId, oldest-first)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--state <s>", "Filter by exact state (offered|accepted|declined|canceled)").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--verbose",
     'After the one-line summaries, print a framed "Full delegation payloads (N rows)" block \u2014 each row labelled with full delegationId (`delegation accept` / `delegation decline` / `work request` need it) and dumped as JSON. Mutually exclusive with --json.',
     false
@@ -4018,7 +3807,7 @@ async function runDelegations(relationshipId, opts) {
   const limit = parseLimit2(opts.limit);
   const state = parseState(opts.state);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("delegations", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("delegations", opts.server, opts.fromDid, opts.from);
   progress(opts.json, import_chalk10.default.dim(`Server: ${api.serverUrl}`));
   progress(opts.json, import_chalk10.default.dim(`Signer: ${sender.did}`));
   progress(opts.json, import_chalk10.default.dim(`Relationship: ${relationshipId}`));
@@ -4396,13 +4185,13 @@ function formatDoctorReport(r) {
 var import_chalk12 = __toESM(require("chalk"));
 init_api();
 function registerEnvelopeCommand(root) {
-  root.command("envelope").description("Fetch one canonical envelope by eventId \u2014 full body for inspection (signed read)").argument("<event-id>", "Event UUID \u2014 copy from `heyarp inbox`, `heyarp events`, or a counterparty citation").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--json", "Machine-readable: emit only the envelope JSON object on stdout (no prelude, no chalk). Pipe-safe.", false).action(async (eventId, opts) => {
+  root.command("envelope").description("Fetch one canonical envelope by eventId \u2014 full body for inspection (signed read)").argument("<event-id>", "Event UUID \u2014 copy from `heyarp inbox`, `heyarp events`, or a counterparty citation").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable: emit only the envelope JSON object on stdout (no prelude, no chalk). Pipe-safe.", false).action(async (eventId, opts) => {
     await runEnvelope(eventId, opts);
   });
 }
 async function runEnvelope(eventId, opts) {
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("envelope", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("envelope", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
     console.log(import_chalk12.default.dim(`Server: ${api.serverUrl}`));
     console.log(import_chalk12.default.dim(`Signer: ${sender.did}`));
@@ -4438,20 +4227,20 @@ init_api();
 // src/commands/escrow-actions.ts
 var import_node_crypto = require("crypto");
 var import_sdk16 = require("@heyanon-arp/sdk");
-var import_web33 = require("@solana/web3.js");
+var import_web32 = require("@solana/web3.js");
 init_api();
 var FEE_BUFFER_LAMPORTS = 10000000n;
 async function setup(cmd, delegationIdArg, opts) {
-  const agent = resolveSenderAgent(cmd, opts.server, opts.fromDid);
+  const agent = resolveSenderAgent(cmd, opts.server, opts.fromDid, opts.from);
   const keypair = keypairFromAgent(agent);
   const api = new ArpApiClient(opts.server);
-  const programId = new import_web33.PublicKey(await resolveProgramIdStrict(api, opts, cmd));
+  const programId = new import_web32.PublicKey(await resolveProgramIdStrict(api, opts, cmd));
   const rpcUrl = resolveRpcUrlStrict(opts, cmd);
-  const conn = new import_web33.Connection(rpcUrl, "confirmed");
+  const conn = new import_web32.Connection(rpcUrl, "confirmed");
   const delegationId = normaliseDelegationId(delegationIdArg);
-  const fetched = await fetchLockAccount(conn, programId, delegationId);
+  const fetched = await (0, import_sdk9.fetchLockAccount)(conn, programId, delegationId);
   if (!fetched) {
-    const lockPda = deriveLockPda(programId, (0, import_sdk16.deriveLockId)(delegationId)).toBase58();
+    const lockPda = (0, import_sdk9.deriveLockPda)(programId, (0, import_sdk16.deriveLockId)(delegationId)).toBase58();
     throw new Error(
       `${cmd}: no on-chain Lock for delegation ${delegationId} (PDA ${lockPda} not found on ${rpcUrl}). Either the buyer hasn't funded yet (delegation fund \u2192 server relays create_lock), or you're pointing at the wrong cluster/program.`
     );
@@ -4478,8 +4267,8 @@ function deadlinePassed(ctx) {
 }
 var SYSTEM_PROGRAM_B58 = import_sdk16.SYSTEM_PROGRAM_ID_BASE58;
 function effectiveFeeRecipient(lock) {
-  if (lock.feeRecipientAtLock !== SYSTEM_PROGRAM_B58) return new import_web33.PublicKey(lock.feeRecipientAtLock);
-  if (lock.treasuryAtLock && lock.treasuryAtLock !== SYSTEM_PROGRAM_B58) return new import_web33.PublicKey(lock.treasuryAtLock);
+  if (lock.feeRecipientAtLock !== SYSTEM_PROGRAM_B58) return new import_web32.PublicKey(lock.feeRecipientAtLock);
+  if (lock.treasuryAtLock && lock.treasuryAtLock !== SYSTEM_PROGRAM_B58) return new import_web32.PublicKey(lock.treasuryAtLock);
   throw new Error(
     "escrow: this lock snapshots the system program as BOTH fee_recipient and treasury \u2014 no writable fee account exists; the on-chain Config was initialized inconsistently."
   );
@@ -4497,7 +4286,7 @@ async function preflightLamports(ctx, stake, what) {
   }
 }
 async function sendIx(ctx, ix) {
-  const tx = new import_web33.Transaction().add(ix);
+  const tx = new import_web32.Transaction().add(ix);
   tx.feePayer = ctx.keypair.publicKey;
   const { blockhash, lastValidBlockHeight } = await ctx.conn.getLatestBlockhash("confirmed");
   tx.recentBlockhash = blockhash;
@@ -4543,7 +4332,7 @@ async function acceptHandler(delegationId, opts) {
   const stake = ctx.lock.workerStakeAtLock;
   await preflightLamports(ctx, stake, `the worker stake (${stake} lamports, returned when the lock settles in your favour)`);
   progress(ctx.opts.json, `accepting lock ${ctx.lock.lockId.slice(0, 16)}\u2026 \u2014 staking ${stake} lamports from ${ctx.keypair.publicKey.toBase58()}`);
-  const sig = await sendIx(ctx, buildAcceptLockIx({ programId: ctx.programId, lockId: ctx.lockId, payee: ctx.keypair.publicKey }));
+  const sig = await sendIx(ctx, (0, import_sdk9.buildAcceptLockIx)({ programId: ctx.programId, lockId: ctx.lockId, payee: ctx.keypair.publicKey }));
   emit(ctx, "accept", sig, { worker_stake: stake.toString() });
 }
 async function submitWorkHandler(delegationId, opts) {
@@ -4555,10 +4344,10 @@ async function submitWorkHandler(delegationId, opts) {
       `escrow submit-work: the work window expired at ${expiryIso(ctx)} \u2014 the chain will reject submit_work and the buyer can claim the escrow back (claim_expired_work). Nothing to salvage on-chain.`
     );
   }
-  const sig = await sendIx(ctx, buildSubmitWorkIx({ programId: ctx.programId, lockId: ctx.lockId, payee: ctx.keypair.publicKey }));
+  const sig = await sendIx(ctx, (0, import_sdk9.buildSubmitWorkIx)({ programId: ctx.programId, lockId: ctx.lockId, payee: ctx.keypair.publicKey }));
   let reviewDeadline = null;
   try {
-    const fresh = await fetchLockAccount(ctx.conn, ctx.programId, ctx.delegationId);
+    const fresh = await (0, import_sdk9.fetchLockAccount)(ctx.conn, ctx.programId, ctx.delegationId);
     if (fresh && fresh.lock.state === import_sdk16.LockStates.SUBMITTED && fresh.lock.expiry > 0n) {
       reviewDeadline = new Date(Number(fresh.lock.expiry) * 1e3).toISOString();
     }
@@ -4593,13 +4382,13 @@ async function claimHandler(delegationId, opts) {
   );
   const sig = await sendIx(
     ctx,
-    buildClaimWorkPaymentIx({
+    (0, import_sdk9.buildClaimWorkPaymentIx)({
       programId: ctx.programId,
       lockId: ctx.lockId,
       authority: ctx.keypair.publicKey,
-      payer: new import_web33.PublicKey(ctx.lock.payer),
-      payee: new import_web33.PublicKey(ctx.lock.payee),
-      mint: ctx.lock.isNative ? null : new import_web33.PublicKey(ctx.lock.mint),
+      payer: new import_web32.PublicKey(ctx.lock.payer),
+      payee: new import_web32.PublicKey(ctx.lock.payee),
+      mint: ctx.lock.isNative ? null : new import_web32.PublicKey(ctx.lock.mint),
       feeRecipient: effectiveFeeRecipient(ctx.lock)
     })
   );
@@ -4611,11 +4400,11 @@ async function cancelHandler(delegationId, opts) {
   requireSigner(ctx, "payer", ctx.lock.payer);
   const sig = await sendIx(
     ctx,
-    buildCancelLockIx({
+    (0, import_sdk9.buildCancelLockIx)({
       programId: ctx.programId,
       lockId: ctx.lockId,
       payer: ctx.keypair.publicKey,
-      mint: ctx.lock.isNative ? null : new import_web33.PublicKey(ctx.lock.mint)
+      mint: ctx.lock.isNative ? null : new import_web32.PublicKey(ctx.lock.mint)
     })
   );
   emit(ctx, "cancel", sig, { refunded_amount: ctx.lock.amount.toString() });
@@ -4629,11 +4418,11 @@ async function claimExpiredHandler(delegationId, opts) {
   }
   const sig = await sendIx(
     ctx,
-    buildClaimExpiredWorkIx({
+    (0, import_sdk9.buildClaimExpiredWorkIx)({
       programId: ctx.programId,
       lockId: ctx.lockId,
       payer: ctx.keypair.publicKey,
-      mint: ctx.lock.isNative ? null : new import_web33.PublicKey(ctx.lock.mint)
+      mint: ctx.lock.isNative ? null : new import_web32.PublicKey(ctx.lock.mint)
     })
   );
   emit(ctx, "claim-expired", sig, { refunded_amount: ctx.lock.amount.toString(), worker_stake_forfeited: ctx.lock.workerStakeAtLock.toString() });
@@ -4650,7 +4439,7 @@ async function disputeOpenHandler(delegationId, opts) {
   const stake = ctx.lock.workerStakeAtLock;
   await preflightLamports(ctx, stake, `the dispute stake (${stake} lamports \u2014 returned if the operator rules for you or the dispute times out)`);
   progress(ctx.opts.json, `opening dispute \u2014 staking ${stake} lamports; the operator has the dispute window to rule, after that either party can close`);
-  const sig = await sendIx(ctx, buildOpenDisputeIx({ programId: ctx.programId, lockId: ctx.lockId, payer: ctx.keypair.publicKey }));
+  const sig = await sendIx(ctx, (0, import_sdk9.buildOpenDisputeIx)({ programId: ctx.programId, lockId: ctx.lockId, payer: ctx.keypair.publicKey }));
   emit(ctx, "dispute-open", sig, { buyer_stake: stake.toString() });
 }
 async function disputeCloseHandler(delegationId, opts) {
@@ -4667,13 +4456,13 @@ async function disputeCloseHandler(delegationId, opts) {
   }
   const sig = await sendIx(
     ctx,
-    buildCloseDisputeIx({
+    (0, import_sdk9.buildCloseDisputeIx)({
       programId: ctx.programId,
       lockId: ctx.lockId,
       authority: ctx.keypair.publicKey,
-      payer: new import_web33.PublicKey(ctx.lock.payer),
-      payee: new import_web33.PublicKey(ctx.lock.payee),
-      mint: ctx.lock.isNative ? null : new import_web33.PublicKey(ctx.lock.mint)
+      payer: new import_web32.PublicKey(ctx.lock.payer),
+      payee: new import_web32.PublicKey(ctx.lock.payee),
+      mint: ctx.lock.isNative ? null : new import_web32.PublicKey(ctx.lock.mint)
     })
   );
   emit(ctx, "dispute-close", sig, {});
@@ -4699,15 +4488,15 @@ async function disputeResolveHandler(delegationId, opts) {
   const disputeId = Uint8Array.from(Buffer.from(disputeUuid.replace(/-/g, ""), "hex"));
   const sig = await sendIx(
     ctx,
-    buildResolveDisputeIx({
+    (0, import_sdk9.buildResolveDisputeIx)({
       programId: ctx.programId,
       lockId: ctx.lockId,
       operator: ctx.keypair.publicKey,
-      payer: new import_web33.PublicKey(ctx.lock.payer),
-      winner: new import_web33.PublicKey(winner),
+      payer: new import_web32.PublicKey(ctx.lock.payer),
+      winner: new import_web32.PublicKey(winner),
       feeRecipient: effectiveFeeRecipient(ctx.lock),
-      treasury: new import_web33.PublicKey(ctx.lock.treasuryAtLock),
-      mint: ctx.lock.isNative ? null : new import_web33.PublicKey(ctx.lock.mint),
+      treasury: new import_web32.PublicKey(ctx.lock.treasuryAtLock),
+      mint: ctx.lock.isNative ? null : new import_web32.PublicKey(ctx.lock.mint),
       args: { isPayerWinner, reasonHash, disputeId }
     })
   );
@@ -4715,16 +4504,16 @@ async function disputeResolveHandler(delegationId, opts) {
 }
 async function showHandler(delegationId, opts) {
   const api = new ArpApiClient(opts.server);
-  const programId = new import_web33.PublicKey(await resolveProgramIdStrict(api, opts, "escrow show"));
+  const programId = new import_web32.PublicKey(await resolveProgramIdStrict(api, opts, "escrow show"));
   const rpcUrl = resolveRpcUrlStrict(opts, "escrow show");
-  const conn = new import_web33.Connection(rpcUrl, "confirmed");
+  const conn = new import_web32.Connection(rpcUrl, "confirmed");
   const normalised = normaliseDelegationId(delegationId);
-  const fetched = await fetchLockAccount(conn, programId, normalised);
+  const fetched = await (0, import_sdk9.fetchLockAccount)(conn, programId, normalised);
   if (!fetched) {
     jsonOut({
       delegation_id: normalised.slice("del_".length),
       lock_exists: false,
-      lock_pda: deriveLockPda(programId, (0, import_sdk16.deriveLockId)(normalised)).toBase58(),
+      lock_pda: (0, import_sdk9.deriveLockPda)(programId, (0, import_sdk16.deriveLockId)(normalised)).toBase58(),
       rpc_url: redactRpcUrl(rpcUrl)
     });
     return;
@@ -4749,7 +4538,34 @@ async function showHandler(delegationId, opts) {
   });
 }
 function sharedFlags(cmd) {
-  return cmd.option("--server <url>", "Override ARP server base URL (program-id discovery)").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--rpc-url <url>", "Solana RPC URL (STRICT: flag > ARP_ESCROW_RPC_URL env > `heyarp config rpcUrl`; no public fallback for state-changing txs)").option("--program-id <pubkey>", "Escrow program id (STRICT: flag > env > server discovery; no hardcoded fallback)").option("--json", "Machine-readable JSON output", false);
+  return cmd.option("--server <url>", "Override ARP server base URL (program-id discovery)").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--rpc-url <url>", "Solana RPC URL (STRICT: flag > ARP_ESCROW_RPC_URL env > `heyarp config rpcUrl`; no public fallback for state-changing txs)").option("--program-id <pubkey>", "Escrow program id (STRICT: flag > env > server discovery; no hardcoded fallback)").option("--json", "Machine-readable JSON output", false);
+}
+async function disputeShowHandler(delegationId, opts) {
+  const delId = delegationId.replace(/^del_/, "");
+  const api = new ArpApiClient(opts.server);
+  const sender = resolveSenderAgent("escrow dispute show", opts.server, opts.fromDid, opts.from);
+  const row = await api.getDisputeResolution(delId, makeSigner(sender));
+  progress(opts.json, `Server: ${api.serverUrl}`);
+  progress(opts.json, `Signer: ${sender.did}`);
+  if (opts.json) {
+    jsonOut(row);
+    return;
+  }
+  const winner = row.winnerRole === "payer" ? "BUYER (payer)" : row.winnerRole === "payee" ? "WORKER (payee)" : "(undecided)";
+  console.log("");
+  console.log(`Dispute resolution \u2014 delegation ${row.delegationId}`);
+  console.log(`  status:          ${row.status}`);
+  console.log(`  winner:          ${winner}${row.winnerDid ? `  ${row.winnerDid}` : ""}`);
+  console.log(`  is_payer_winner: ${row.isPayerWinner}`);
+  console.log(`  source:          ${row.verdictSource ?? "(none)"}    policy: ${row.policyId ?? "(none)"}`);
+  console.log(`  snapshot_hash:   ${row.snapshotHash ?? "(none)"}`);
+  console.log(`  reason_hash:     ${row.reasonHashHex ?? "(none)"}`);
+  console.log(`  resolve tx:      ${row.solanaSignature ?? "(none)"}`);
+  console.log(`  attempts:        ${row.attempts}${row.lastError ? `   last_error: ${row.lastError}` : ""}`);
+  console.log("\n  reasoning:");
+  console.log(
+    (row.reasoning ?? "(none)").split("\n").map((l) => `    ${l}`).join("\n")
+  );
 }
 function registerEscrowActionCommands(escrow) {
   sharedFlags(
@@ -4785,6 +4601,9 @@ function registerEscrowActionCommands(escrow) {
       "OPERATOR: rule the dispute (winner takes the escrow; stakes split per config). Requires the on-chain-registered operator key. Disputing \u2192 DisputeResolved."
     ).option("--payer-wins", "Rule for the buyer").option("--payee-wins", "Rule for the worker").option("--reason <text>", "Resolution reasoning \u2014 sha256 recorded on-chain as reason_hash")
   ).action(disputeResolveHandler);
+  dispute.command("show <delegation-id>").description(
+    "Read the arbiter's verdict for a disputed delegation \u2014 winner + DID, source (llm | objective_fallback), reasoning, status, resolve tx. Signed server read; parties only."
+  ).option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable JSON output", false).action(disputeShowHandler);
   sharedFlags(escrow.command("show <delegation-id>").description("Decode + print the on-chain Lock account (state, parties, amounts, rolling deadline). Read-only.")).action(
     showHandler
   );
@@ -4802,12 +4621,12 @@ function registerEscrowCommands(root) {
   ).requiredOption("--delegation-id <id>", "Delegation UUID this lock binds (drives the on-chain lock_id + the condition_hash identity binding)").requiredOption("--scope <text>", "scope_summary \u2014 short prose describing the agreed work").option(
     "--currency <s>",
     `Asset identifier bound into the hash: shorthand (${import_sdk17.WELL_KNOWN_ASSET_KEYS.join("|")}) OR raw CAIP-19 string. Optional but must match the offer's --currency.`
-  ).option("--currency-decimals <n>", "Decimal places (0-18). Required only when --currency is raw CAIP-19.").option("--currency-symbol <s>", 'Optional UI hint ("USDC", "SOL"). Max 16 chars.').option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--json", "Machine-readable JSON: {delegation_id, condition_hash_hex, projected_subset}", false).action(async (opts) => {
+  ).option("--currency-decimals <n>", "Decimal places (0-18). Required only when --currency is raw CAIP-19.").option("--currency-symbol <s>", 'Optional UI hint ("USDC", "SOL"). Max 16 chars.').option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--json", "Machine-readable JSON: {delegation_id, condition_hash_hex, projected_subset}", false).action(async (opts) => {
     await runDeriveConditionHash(opts);
   });
   cmd.command("recover-sequence").description(
     "Repair a desynced local `lastSenderSequence` after a post-commit failure the CLI couldn't auto-classify (e.g. `INTERNAL_SERVER_ERROR` from the global Internal filter \u2014 pre-/post-commit origin is ambiguous, so auto-advance is unsafe). Queries the server's owner-only `/sender-sequence` endpoint and compares; with --apply, updates local agent state to match. Default is dry-run \u2014 prints the diff and exits 0 if in-sync, 1 if drift detected."
-  ).option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--apply", "Apply the fix (write the server-known value to local state). Default: dry-run.", false).option("--json", "Machine-readable JSON: {local, server, drift, applied}", false).action(async (opts) => {
+  ).option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--apply", "Apply the fix (write the server-known value to local state). Default: dry-run.", false).option("--json", "Machine-readable JSON: {local, server, drift, applied}", false).action(async (opts) => {
     await runRecoverSequence(opts);
   });
 }
@@ -4876,7 +4695,7 @@ async function runDeriveConditionHash(opts) {
     throw new Error(`${cmdName}: --scope is required (binds scope_summary into the condition_hash)`);
   }
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent(cmdName, opts.server, opts.fromDid);
+  const sender = resolveSenderAgent(cmdName, opts.server, opts.fromDid, opts.from);
   progress(opts.json, import_chalk13.default.dim(`Server: ${api.serverUrl}`));
   progress(opts.json, import_chalk13.default.dim(`Signer: ${sender.did}`));
   const subset = projectDelegationForHash(cmdName, opts, delegationId);
@@ -4905,7 +4724,7 @@ function classifyRecoverOutcome(local, server) {
   return { kind: "ahead", local, server, drift: local - server };
 }
 async function runRecoverSequence(opts) {
-  const sender = resolveSenderAgent("escrow recover-sequence", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("escrow recover-sequence", opts.server, opts.fromDid, opts.from);
   const signer = makeSigner(sender);
   const api = new ArpApiClient(opts.server);
   const local = sender.lastSenderSequence ?? 0;
@@ -4966,7 +4785,7 @@ var import_sdk18 = require("@heyanon-arp/sdk");
 var import_chalk14 = __toESM(require("chalk"));
 init_api();
 function registerEventsCommand(root) {
-  root.command("events").description("List events for a relationship (chain order, ascending index)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--since <n>", "Cursor: only events with relationshipEventIndex >= since").option("--limit <n>", "Max events to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option(
+  root.command("events").description("List events for a relationship (chain order, ascending index)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--since <n>", "Cursor: only events with relationshipEventIndex >= since").option("--limit <n>", "Max events to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--verbose",
     'After the summary table, print a framed "Full event payloads (N rows)" block \u2014 each event labelled with full eventId + serverEventHash and dumped as JSON. Mutually exclusive with --json.',
     false
@@ -5005,7 +4824,7 @@ async function runEvents(relationshipId, opts) {
   const limit = parseLimit3(opts.limit);
   const since = parseSince(opts.since);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("events", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("events", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
     console.log(import_chalk14.default.dim(`Server: ${api.serverUrl}`));
     console.log(import_chalk14.default.dim(`Signer: ${sender.did}`));
@@ -6045,7 +5864,7 @@ function registerInboxCommand(root) {
   ).argument("[did]", "Recipient DID (did:arp:...) \u2014 must have local state. Optional when --from-did is given OR exactly one agent is registered for the resolved server.").option("--server <url>", "Override ARP server base URL").option("--limit <n>", "Max events to return (1..100)", "20").option("--before <iso>", "Cursor: only events strictly OLDER than this RFC 3339 timestamp").option("--before-event-id <id>", "Tiebreaker for --before \u2014 pass the previous page's last eventId").option(
     "--since <iso>",
     "Forward cursor: only events strictly NEWER than this RFC 3339 timestamp. Polling workers persist this between iterations to skip already-handled envelopes (fixes the double-fire pattern of re-reading from the same head). Pages are returned OLDEST-FIRST when --since is used alone (so a poller can advance its watermark to the page tail without losing backlogged events); combine with --before for a newest-first range query."
-  ).option("--since-event-id <id>", "Tiebreaker for --since \u2014 pass the previous tick's last handled eventId. Combine with --since for same-millisecond stability.").option("--verbose", "After the table, print the full JSON envelope for each event with a per-row label that includes the full serverEventHash + eventId", false).option("--json", "Machine-readable mode \u2014 emit a single JSON array of events, no human-format summary, no chalk colors. Pipe-safe.", false).option("--full-ids", "Print sender DID and full serverEventHash in the table (no truncation). Use when you need to copy-paste either value into another command.", false).option("--from-did <did>", "Alias for the positional <did> argument \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").option(
+  ).option("--since-event-id <id>", "Tiebreaker for --since \u2014 pass the previous tick's last handled eventId. Combine with --since for same-millisecond stability.").option("--verbose", "After the table, print the full JSON envelope for each event with a per-row label that includes the full serverEventHash + eventId", false).option("--json", "Machine-readable mode \u2014 emit a single JSON array of events, no human-format summary, no chalk colors. Pipe-safe.", false).option("--full-ids", "Print sender DID and full serverEventHash in the table (no truncation). Use when you need to copy-paste either value into another command.", false).option("--from-did <did>", "Alias for the positional <did> argument \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--tail",
     // The polling output (`heyarp inbox --json`) emits raw
     // `EventPublic[]` rows with `.body` at the top level, but
@@ -6066,7 +5885,7 @@ async function runInbox(positionalDid, opts) {
     throw new Error(`inbox: positional <did> (${positionalDid}) and --from-did (${opts.fromDid}) disagree \u2014 pass only one`);
   }
   const explicitDid = positionalDid ?? opts.fromDid;
-  const local = explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("inbox", opts.server, void 0);
+  const local = explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("inbox", opts.server, void 0, opts.from);
   const did = local.did;
   if (opts.tail) {
     await runInboxTail(did, local, opts);
@@ -6544,7 +6363,7 @@ function registerReceiptCommands(root) {
   registerPropose(cmd);
 }
 function registerPropose(parent) {
-  parent.command("propose").description("Send a receipt envelope as the PAYEE. Row lands PROPOSED; the buyer approves payment on-chain via claim_work_payment.").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (= caller / offerer of the parent delegation)").argument("<delegation-id>", "Parent delegation id (UUID, must be ACCEPTED)").argument("[request-hash]", "sha256:<64 hex> \u2014 SHA-256 of the work_request payload being settled. Omit when --auto-hashes is set.").argument("[response-hash]", "sha256:<64 hex> \u2014 SHA-256 of the work_response payload being settled. Omit when --auto-hashes is set.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--verdict <s>", "verdict_proposed (accepted | accepted_with_notes | rejected)", "accepted").option("--notes-hash <sha256>", "Optional sha256:<64 hex> notes hash").option("--deliverable-hash <sha256>", "Optional sha256:<64 hex> deliverable hash").option("--input-tokens <n>", "Optional usage.input_tokens").option("--output-tokens <n>", "Optional usage.output_tokens").option("--latency-ms <n>", "Optional usage.latency_ms").option("--model <name>", "Optional usage.model").option("--computed-amount <s>", "Optional usage.computed_amount").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option(
+  parent.command("propose").description("Send a receipt envelope as the PAYEE. Row lands PROPOSED; the buyer approves payment on-chain via claim_work_payment.").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (= caller / offerer of the parent delegation)").argument("<delegation-id>", "Parent delegation id (UUID, must be ACCEPTED)").argument("[request-hash]", "sha256:<64 hex> \u2014 SHA-256 of the work_request payload being settled. Omit when --auto-hashes is set.").argument("[response-hash]", "sha256:<64 hex> \u2014 SHA-256 of the work_response payload being settled. Omit when --auto-hashes is set.").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--verdict <s>", "verdict_proposed (accepted | accepted_with_notes | rejected)", "accepted").option("--notes-hash <sha256>", "Optional sha256:<64 hex> notes hash").option("--deliverable-hash <sha256>", "Optional sha256:<64 hex> deliverable hash").option("--input-tokens <n>", "Optional usage.input_tokens").option("--output-tokens <n>", "Optional usage.output_tokens").option("--latency-ms <n>", "Optional usage.latency_ms").option("--model <name>", "Optional usage.model").option("--computed-amount <s>", "Optional usage.computed_amount").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option(
     "--auto-hashes",
     "Compute request_hash + response_hash automatically from the work-log row at (--rel-id, <delegation-id>, --request-id). Positional <request-hash>/<response-hash> become optional; if supplied they must match the computed values (consistency check). --rel-id and --request-id auto-resolve from local state when unambiguous \u2014 pass them explicitly only if the lookup finds multiple candidates.",
     false
@@ -6585,7 +6404,7 @@ async function runPropose(recipientDid, delegationId, requestHashArg, responseHa
   if (opts.deliverableHash) requireSha256("receipt propose", opts.deliverableHash, "--deliverable-hash");
   const usage = parseUsage("receipt propose", opts);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("receipt propose", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("receipt propose", opts.server, opts.fromDid, opts.from);
   if (!opts.relId && opts.autoHashes) {
     opts.relId = await resolveAutoRelId(api, sender, delegationId);
     progress(
@@ -6859,7 +6678,7 @@ init_api();
 function registerReceiptsCommand(root) {
   root.command("receipts").description(
     "List receipts for a relationship (one row per (delegationId, requestHash, responseHash), oldest-first). Receipt rows expose the chain hash as `receiptEventHash` (NOT `serverEventHash` \u2014 that field is the wider envelope identifier on `heyarp events` rows). Scripts using `--json | jq .receiptEventHash` get the value; `jq .serverEventHash` silently returns null because the row doesn't carry that key."
-  ).argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--delegation-id <uuid>", "Narrow to receipts under a specific delegation id").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option(
+  ).argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--delegation-id <uuid>", "Narrow to receipts under a specific delegation id").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--verbose",
     'After the one-line summaries, print a framed "Full receipt payloads (N rows)" block \u2014 each row labelled with full delegationId + requestHash + responseHash and dumped as JSON. Mutually exclusive with --json.',
     false
@@ -6875,7 +6694,7 @@ async function runReceipts(relationshipId, opts) {
   }
   const limit = parseLimit5(opts.limit);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("receipts", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("receipts", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
     console.log(import_chalk25.default.dim(`Server: ${api.serverUrl}`));
     console.log(import_chalk25.default.dim(`Signer: ${sender.did}`));
@@ -7407,7 +7226,7 @@ function registerRelationshipsCommand(root) {
     "--json",
     "Machine-readable mode \u2014 emit the relationships as a single JSON array on stdout (RelationshipPublic[]). Prelude + table move to stderr. Mutually exclusive with --verbose.",
     false
-  ).option("--from-did <did>", "Alias for the positional <did> argument \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").action(async (did, opts) => {
+  ).option("--from-did <did>", "Alias for the positional <did> argument \u2014 accepted for consistency with other signed commands. Must match the positional if both are given.").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").action(async (did, opts) => {
     await runRelationships(did, opts);
   });
 }
@@ -7423,7 +7242,7 @@ async function runRelationships(positionalDid, opts) {
     throw new Error(`relationships: positional <did> (${positionalDid}) and --from-did (${opts.fromDid}) disagree \u2014 pass only one`);
   }
   const explicitDid = positionalDid ?? opts.fromDid;
-  const local = explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("relationships", opts.server, void 0);
+  const local = explicitDid !== void 0 ? loadAgentOrThrow(opts.server, explicitDid) : resolveSenderAgent("relationships", opts.server, void 0, opts.from);
   const did = local.did;
   const api = new ArpApiClient(opts.server);
   progress(opts.json, import_chalk28.default.dim(`Server: ${api.serverUrl}`));
@@ -7531,7 +7350,7 @@ var import_sdk28 = require("@heyanon-arp/sdk");
 var import_chalk30 = __toESM(require("chalk"));
 init_api();
 function registerSendHandshakeCommand(root) {
-  root.command("send-handshake").description("Send a handshake envelope to a recipient (agent name or DID). Server creates the relationship row on first contact.").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (did:arp:...)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--greeting <s>", "Optional greeting text included in body.content").option("--intent <s>", "Optional intent text included in body.content").option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk28.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
+  root.command("send-handshake").description("Send a handshake envelope to a recipient (agent name or DID). Server creates the relationship row on first contact.").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (did:arp:...)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--greeting <s>", "Optional greeting text included in body.content").option("--intent <s>", "Optional intent text included in body.content").option("--ttl <seconds>", `Envelope TTL in seconds (max ${import_sdk28.MAX_ENVELOPE_TTL_SECONDS} = 24h)`, "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
     "--json",
     "Machine-readable mode \u2014 emit a single JSON object on stdout ({ok, eventId, relationshipId, relationshipEventIndex, serverTimestamp, signedMessageHash, serverEventHash, prevServerEventHash, senderSequence}). The Server/Sender/Recipient prelude moves to stderr so `--json | jq` stays byte-pure. Mutually exclusive with --verbose.",
     false
@@ -7549,7 +7368,7 @@ async function runSendHandshake(recipientDid, opts) {
   const ttlSeconds = parseTtl3(opts.ttl);
   const api = new ArpApiClient(opts.server);
   progress(opts.json, import_chalk30.default.dim(`Server: ${api.serverUrl}`));
-  const sender = resolveSenderAgent("send-handshake", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("send-handshake", opts.server, opts.fromDid, opts.from);
   progress(opts.json, import_chalk30.default.dim(`Sender: ${sender.did}`));
   progress(opts.json, import_chalk30.default.dim(`Recipient: ${recipientDid}`));
   const content = {};
@@ -7631,7 +7450,7 @@ var import_chalk31 = __toESM(require("chalk"));
 init_api();
 var ALLOWED_DECISIONS = new Set(import_sdk29.HANDSHAKE_DECISIONS);
 function registerSendHandshakeResponseCommand(root) {
-  root.command("send-handshake-response").description("Accept or decline an inbound handshake from <recipient-did>. Server reuses the existing relationship row.").argument("<recipient-did>", "Recipient agent DID (did:arp:...) \u2014 the original handshake sender").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--decision <s>", "REQUIRED: accept or decline").option("--notes <s>", "Optional notes included in body.content").option(
+  root.command("send-handshake-response").description("Accept or decline an inbound handshake from <recipient-did>. Server reuses the existing relationship row.").argument("<recipient-did>", "Recipient agent DID (did:arp:...) \u2014 the original handshake sender").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--decision <s>", "REQUIRED: accept or decline").option("--notes <s>", "Optional notes included in body.content").option(
     "--reason <code>",
     // REQUIRED when --decision=decline. Optional otherwise.
     // We don't use commander's requiredOption because it
@@ -7669,7 +7488,7 @@ async function runSendHandshakeResponse(recipientDid, opts) {
   }
   const api = new ArpApiClient(opts.server);
   progress(opts.json, import_chalk31.default.dim(`Server: ${api.serverUrl}`));
-  const sender = resolveSenderAgent("send-handshake-response", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("send-handshake-response", opts.server, opts.fromDid, opts.from);
   progress(opts.json, import_chalk31.default.dim(`Sender: ${sender.did}`));
   progress(opts.json, import_chalk31.default.dim(`Recipient: ${recipientDid}`));
   progress(opts.json, import_chalk31.default.dim(`Decision: ${decision}`));
@@ -7840,12 +7659,12 @@ async function findExistingRelationship(api, signer, senderDid, recipientDid) {
 var import_chalk32 = __toESM(require("chalk"));
 init_api();
 function registerWatchCommand(root) {
-  root.command("watch").description("Live tail filtered to a single relationship (SSE). Server-side $match; only envelopes belonging to <rel-id> are streamed.").argument("<relationship-id>", "Relationship UUID to watch").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--verbose", "After each envelope, print the full JSON with a per-row label including eventId + serverEventHash", false).option("--json", "Machine-readable: one NDJSON object per line. Pipe-safe into `jq -c`.", false).option("--full-ids", "Print DIDs + serverEventHash in full (no truncation).", false).action(async (relationshipId, opts) => {
+  root.command("watch").description("Live tail filtered to a single relationship (SSE). Server-side $match; only envelopes belonging to <rel-id> are streamed.").argument("<relationship-id>", "Relationship UUID to watch").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--verbose", "After each envelope, print the full JSON with a per-row label including eventId + serverEventHash", false).option("--json", "Machine-readable: one NDJSON object per line. Pipe-safe into `jq -c`.", false).option("--full-ids", "Print DIDs + serverEventHash in full (no truncation).", false).action(async (relationshipId, opts) => {
     await runWatch(relationshipId, opts);
   });
 }
 async function runWatch(relationshipId, opts) {
-  const local = resolveSenderAgent("watch", opts.server, opts.fromDid);
+  const local = resolveSenderAgent("watch", opts.server, opts.fromDid, opts.from);
   const api = new ArpApiClient(opts.server);
   if (!opts.json) {
     console.log(import_chalk32.default.dim(`Server: ${api.serverUrl}`));
@@ -7936,7 +7755,7 @@ init_api();
 function registerWhoamiCommand(root) {
   root.command("whoami").description(
     "Identify the local agent: print DID + settlement pubkey + identity pubkey (with --local), and/or fetch the server profile via signed GET /agents/:did. When <did> is omitted, uses the same sole-agent resolution as other signed commands."
-  ).argument("[did]", "Agent DID (did:arp:...) \u2014 omit when there is exactly ONE local agent (sole-agent fallback)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Explicit sender DID \u2014 same precedence as the positional arg, surfaced for symmetry with other commands").option(
+  ).argument("[did]", "Agent DID (did:arp:...) \u2014 omit when there is exactly ONE local agent (sole-agent fallback)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Explicit sender DID \u2014 same precedence as the positional arg, surfaced for symmetry with other commands").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--local",
     // Persona scripts want the local settlement pubkey for
     // `--payer-settlement-pubkey` / on-chain ops without a
@@ -7948,7 +7767,8 @@ function registerWhoamiCommand(root) {
   ).option("--json", "JSON output (jq-pipeable). Combines local + server data when --local is unset, or just local when --local is set.", false).action(async (didArg, opts, cmd) => {
     try {
       const explicitDid = didArg ?? opts.fromDid;
-      const local = resolveSenderAgent("whoami", opts.server, explicitDid);
+      const explicitFrom = opts.from;
+      const local = resolveSenderAgent("whoami", opts.server, explicitDid, explicitFrom);
       const api = new ArpApiClient(opts.server);
       const credential = readCredential(api.serverUrl);
       const localJson = {
@@ -8056,7 +7876,7 @@ function registerWorkCommands(root) {
   registerRespond(cmd);
 }
 function registerRequest(parent) {
-  parent.command("request").description("Send a work_request to <recipient-did> under <delegation-id> (must be ACCEPTED).").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (the payee \u2014 the OTHER side of the delegation pair)").argument("<delegation-id>", "Parent delegation id (UUID, must be ACCEPTED)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--request-id <id>", "Override the auto-generated request id (must be unique within the delegation)").option(
+  parent.command("request").description("Send a work_request to <recipient-did> under <delegation-id> (must be ACCEPTED).").argument("<recipient>", "Recipient \u2014 agent name (handle) or DID (the payee \u2014 the OTHER side of the delegation pair)").argument("<delegation-id>", "Parent delegation id (UUID, must be ACCEPTED)").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--request-id <id>", "Override the auto-generated request id (must be unique within the delegation)").option(
     "--params <json>",
     "JSON object payload as a literal string. Defaults to {}. Mutually exclusive with --params-file. Brittle against shell quoting \u2014 prefer --params-file for non-trivial bodies."
   ).option(
@@ -8082,7 +7902,7 @@ async function runRequest(recipientDid, delegationId, opts) {
   const params = parseParamsInput("work request", opts);
   const requestId = parseRequestId("work request", opts.requestId);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("work request", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("work request", opts.server, opts.fromDid, opts.from);
   const content = {
     delegation_id: delegationId,
     request_id: requestId,
@@ -8117,7 +7937,7 @@ The payee can reply with:`));
   }
 }
 function registerRespond(parent) {
-  parent.command("respond").description("Send a work_response under <relationship-id> for <delegation-id> / <request-id>. Payee-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Parent delegation id (UUID)").argument("<request-id>", "Request id supplied on the work_request").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--output <json>", "Success payload as a JSON object literal. Mutually exclusive with --error and --output-file.").option(
+  parent.command("respond").description("Send a work_response under <relationship-id> for <delegation-id> / <request-id>. Payee-only.").argument("<relationship-id>", "Relationship UUID").argument("<delegation-id>", "Parent delegation id (UUID)").argument("<request-id>", "Request id supplied on the work_request").option("--server <url>", "Override ARP server base URL").option("--from-did <did>", "Sender DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option("--output <json>", "Success payload as a JSON object literal. Mutually exclusive with --error and --output-file.").option(
     "--output-file <path>",
     "Read the success payload from a file. Mutually exclusive with --output and --error. Use this for any payload large or quote-heavy enough to fight your shell."
   ).option("--error <code:message>", "Failure payload as `CODE:message`. Mutually exclusive with --output / --output-file.").option("--ttl <seconds>", "Envelope TTL in seconds", "3600").option("--verbose", "Print the full envelope before sending and the full server response. Mutually exclusive with --json.", false).option(
@@ -8139,7 +7959,7 @@ async function runRespond(relationshipId, delegationId, requestId, opts) {
   const ttlSeconds = parseTtl5("work respond", opts.ttl);
   const responsePayload = parseResponsePayload("work respond", opts);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("work respond", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("work respond", opts.server, opts.fromDid, opts.from);
   const signer = makeSigner(sender);
   const recipientDid = await resolveResponseRecipient("work respond", api, signer, { relationshipId, delegationId, requestId, selfDid: sender.did });
   const content = {
@@ -8353,7 +8173,7 @@ var import_chalk36 = __toESM(require("chalk"));
 init_api();
 var ALLOWED_STATES3 = new Set(import_sdk32.WORK_LOG_STATES);
 function registerWorkListCommand(root) {
-  root.command("work-list").description("List work-log rows for a relationship (one row per (delegationId, requestId), oldest-first)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--state <s>", "Filter by exact state (requested|responded)").option("--delegation-id <uuid>", "Narrow to work-logs operating under a specific delegation id").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option(
+  root.command("work-list").description("List work-log rows for a relationship (one row per (delegationId, requestId), oldest-first)").argument("<relationship-id>", "Relationship UUID").option("--server <url>", "Override ARP server base URL").option("--state <s>", "Filter by exact state (requested|responded)").option("--delegation-id <uuid>", "Narrow to work-logs operating under a specific delegation id").option("--after <id>", "Cursor: pass the previous page's last `id` to fetch the next page").option("--limit <n>", "Max rows to return (1..100)", "20").option("--from-did <did>", "Signer DID \u2014 required only if multiple agents are registered against this server").option("--from <name>", "Signer agent NAME (handle) \u2014 alternative to --from-did, resolved against your local agents").option(
     "--verbose",
     'After the summary, print a framed "Full work-log payloads (N rows)" block \u2014 each row labelled with full delegationId + requestId and dumped as JSON, including `requestParams` (the work_request payload the worker was asked) and `responseOutput` / `responseError`. Mutually exclusive with --json.',
     false
@@ -8374,7 +8194,7 @@ async function runWorkList(relationshipId, opts) {
   const limit = parseLimit7(opts.limit);
   const state = parseState3(opts.state);
   const api = new ArpApiClient(opts.server);
-  const sender = resolveSenderAgent("work-list", opts.server, opts.fromDid);
+  const sender = resolveSenderAgent("work-list", opts.server, opts.fromDid, opts.from);
   if (!opts.json) {
     console.log(import_chalk36.default.dim(`Server: ${api.serverUrl}`));
     console.log(import_chalk36.default.dim(`Signer: ${sender.did}`));