npm - @okx_ai/okx-trade-cli - Versions diffs - 1.3.2-beta.3 → 1.3.2-beta.4 - Mend

@okx_ai/okx-trade-cli 1.3.2-beta.3 → 1.3.2-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js +1014 -249
package/dist/index.js.map +1 -1
package/package.json +1 -1
package/scripts/postinstall.js +78 -1
package/scripts/postinstall-download.js +0 -152

package/dist/index.js CHANGED Viewed

@@ -21,23 +21,26 @@ import {
 import { homedir as homedir2 } from "os";
 import { join as join2, dirname } from "path";
 import { createHmac } from "crypto";
+import { spawn, execFile as execFile2 } from "child_process";
+import { homedir as homedir3 } from "os";
+import { join as join3 } from "path";
 import fs from "fs";
 import path from "path";
 import os from "os";
 import { writeFileSync as writeFileSync2, renameSync as renameSync2, unlinkSync as unlinkSync2, mkdirSync as mkdirSync2 } from "fs";
-import { join as join3, resolve, basename, sep } from "path";
+import { join as join4, resolve, basename, sep } from "path";
 import { randomUUID } from "crypto";
 import yauzl from "yauzl";
 import { createWriteStream, mkdirSync as mkdirSync3 } from "fs";
 import { resolve as resolve2, dirname as dirname2 } from "path";
 import { readFileSync as readFileSync2, existsSync } from "fs";
-import { join as join4 } from "path";
+import { join as join5 } from "path";
 import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync4, existsSync as existsSync2 } from "fs";
-import { join as join5, dirname as dirname3 } from "path";
-import { homedir as homedir3 } from "os";
-import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, mkdirSync as mkdirSync5, existsSync as existsSync3 } from "fs";
-import { join as join6, dirname as dirname4 } from "path";
+import { join as join6, dirname as dirname3 } from "path";
 import { homedir as homedir4 } from "os";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4, mkdirSync as mkdirSync5, existsSync as existsSync3 } from "fs";
+import { join as join7, dirname as dirname4 } from "path";
+import { homedir as homedir5 } from "os";
 // ../../node_modules/.pnpm/smol-toml@1.6.0/node_modules/smol-toml/dist/error.js
 function getLineColFromPtr(string, ptr) {
@@ -867,8 +870,8 @@ function stringify(obj, { maxDepth = 1e3, numbersAsFloat = false } = {}) {
 // ../core/dist/index.js
 import { readFileSync as readFileSync5, writeFileSync as writeFileSync5, mkdirSync as mkdirSync6, existsSync as existsSync4 } from "fs";
-import { join as join7 } from "path";
-import { homedir as homedir5 } from "os";
+import { join as join8 } from "path";
+import { homedir as homedir6 } from "os";
 import fs2 from "fs";
 import path2 from "path";
 import os2 from "os";
@@ -876,6 +879,18 @@ import * as fs3 from "fs";
 import * as path3 from "path";
 import * as os3 from "os";
 import { execFileSync } from "child_process";
+import {
+  createWriteStream as createWriteStream3,
+  mkdirSync as mkdirSync9,
+  chmodSync as chmodSync2,
+  existsSync as existsSync7,
+  unlinkSync as unlinkSync4,
+  renameSync as renameSync4
+} from "fs";
+import { homedir as homedir9, platform as platform2 } from "os";
+import { join as join11, dirname as dirname7 } from "path";
+import { get as httpsGet2 } from "https";
+import { get as httpGet2 } from "http";
 import {
   readFileSync as readFileSync7,
   createWriteStream as createWriteStream2,
@@ -886,10 +901,13 @@ import {
   renameSync as renameSync3
 } from "fs";
 import { createHash } from "crypto";
-import { homedir as homedir7, platform, arch } from "os";
-import { join as join9, dirname as dirname6 } from "path";
+import { homedir as homedir8, platform, arch } from "os";
+import { join as join10, dirname as dirname6 } from "path";
 import { get as httpsGet } from "https";
 import { get as httpGet } from "http";
+import { readFileSync as readFileSync8, writeFileSync as writeFileSync7, mkdirSync as mkdirSync10, unlinkSync as unlinkSync5, existsSync as existsSync8 } from "fs";
+import { join as join12 } from "path";
+import { homedir as homedir10 } from "os";
 var EXEC_TIMEOUT_MS = 3e4;
 var ALLOWED_DOMAIN_RE = /^[\w.-]+\.okx\.com$/;
 var PILOT_BIN_DIR = join(homedir(), ".okx", "bin");
@@ -1201,6 +1219,11 @@ var ConfigError = class extends OkxMcpError {
     super("ConfigError", message, { suggestion });
   }
 };
+var NotLoggedInError = class extends ConfigError {
+  constructor(suggestion = "Run `okx auth login` to authenticate.") {
+    super("Not logged in.", suggestion);
+  }
+};
 var ValidationError = class extends OkxMcpError {
   constructor(message, suggestion) {
     super("ValidationError", message, { suggestion });
@@ -1253,6 +1276,97 @@ function toToolErrorPayload(error, fallbackEndpoint) {
     timestamp: (/* @__PURE__ */ new Date()).toISOString()
   };
 }
+var EXIT_CODES = {
+  SUCCESS: 0,
+  UNAUTHORIZED_CALLER: 1,
+  NOT_LOGGED_IN: 2,
+  REFRESH_FAILED: 3
+};
+var EXEC_TIMEOUT_MS2 = 5e3;
+var AUTH_BIN_DIR = join3(homedir3(), ".okx", "bin");
+function getAuthBinaryPath() {
+  if (process.env.OKX_AUTH_BIN) {
+    return process.env.OKX_AUTH_BIN;
+  }
+  const ext = process.platform === "win32" ? ".exe" : "";
+  return join3(AUTH_BIN_DIR, `okx-auth${ext}`);
+}
+function execAuthToken() {
+  const binPath = getAuthBinaryPath();
+  return new Promise((resolve3, reject) => {
+    const child = spawn(binPath, ["token"], {
+      stdio: ["ignore", "ignore", "inherit", "pipe"]
+      //       stdin    stdout    stderr     fd3 (pipe)
+    });
+    const chunks = [];
+    const fd3 = child.stdio[3];
+    fd3.on("data", (chunk) => chunks.push(chunk));
+    child.on("error", (err) => {
+      reject(new ConfigError(
+        `Failed to spawn okx-auth: ${err.message}`,
+        "Ensure the okx-auth binary exists and is executable."
+      ));
+    });
+    child.on("close", (code) => {
+      if (code === EXIT_CODES.SUCCESS) {
+        const token = Buffer.concat(chunks).toString("utf-8").trim();
+        if (!token) {
+          reject(new AuthenticationError(
+            "okx-auth returned empty token.",
+            "Run `okx auth login` to re-authenticate."
+          ));
+          return;
+        }
+        resolve3(token);
+        return;
+      }
+      if (code === EXIT_CODES.NOT_LOGGED_IN) {
+        reject(new NotLoggedInError());
+        return;
+      }
+      if (code === EXIT_CODES.UNAUTHORIZED_CALLER) {
+        reject(new AuthenticationError(
+          "okx-auth rejected the caller (unauthorized).",
+          "Ensure you are running from a trusted OKX tool."
+        ));
+        return;
+      }
+      if (code === EXIT_CODES.REFRESH_FAILED) {
+        reject(new AuthenticationError(
+          "Token refresh failed.",
+          "Run `okx auth login` to re-authenticate."
+        ));
+        return;
+      }
+      reject(new AuthenticationError(
+        `okx-auth token exited with code ${code}.`,
+        "Run `okx auth login` to re-authenticate."
+      ));
+    });
+  });
+}
+function execAuthStatus() {
+  const binPath = getAuthBinaryPath();
+  return new Promise((resolve3) => {
+    execFile2(
+      binPath,
+      ["status", "--json"],
+      { timeout: EXEC_TIMEOUT_MS2, encoding: "utf-8" },
+      (error, stdout) => {
+        if (error) {
+          resolve3(null);
+          return;
+        }
+        try {
+          const result = JSON.parse(stdout);
+          resolve3(result);
+        } catch {
+          resolve3(null);
+        }
+      }
+    );
+  });
+}
 function sleep(ms) {
   return new Promise((resolve3) => {
     setTimeout(resolve3, ms);
@@ -1384,6 +1498,7 @@ function maskKey(key) {
   if (key.length <= 8) return "***";
   return `${key.slice(0, 3)}***${key.slice(-3)}`;
 }
+var TOKEN_CACHE_TTL_MS = 6e4;
 function vlog2(message) {
   process.stderr.write(`[verbose] ${message}
 `);
@@ -1392,6 +1507,8 @@ var OkxRestClient = class _OkxRestClient {
   config;
   rateLimiter;
   dispatcher;
+  cachedAccessToken;
+  cachedAccessTokenAt = 0;
   pilot;
   constructor(config) {
     this.config = config;
@@ -1406,6 +1523,51 @@ var OkxRestClient = class _OkxRestClient {
       hasCustomProxy: !!config.proxyUrl
     });
   }
+  /**
+   * Resolve OAuth access token via the okx-auth binary (fd3 pipe).
+   * Caches the token for 60 s to avoid spawning the binary on every
+   * request. The binary handles refresh internally (300s TTL lead),
+   * so periodic re-calls let it serve a fresh token when needed.
+   * Returns null when not logged in.
+   */
+  async resolveAccessToken() {
+    if (this.cachedAccessToken && Date.now() - this.cachedAccessTokenAt < TOKEN_CACHE_TTL_MS) {
+      return this.cachedAccessToken;
+    }
+    try {
+      const token = await execAuthToken();
+      this.cachedAccessToken = token;
+      this.cachedAccessTokenAt = Date.now();
+      return token;
+    } catch (e) {
+      if (e instanceof NotLoggedInError) {
+        return null;
+      }
+      throw e;
+    }
+  }
+  /**
+   * Dynamic auth — determines auth method per request.
+   *
+   * 1. API key in config → HMAC signing (no OAuth fallback)
+   * 2. OAuth token via okx-auth binary → Bearer token
+   * 3. Neither → throw ConfigError
+   */
+  async applyAuth(headers, method, requestPath, bodyJson, timestamp) {
+    if (this.config.apiKey && this.config.secretKey && this.config.passphrase) {
+      this.setAuthHeaders(headers, method, requestPath, bodyJson, timestamp);
+      return;
+    }
+    const accessToken = await this.resolveAccessToken();
+    if (accessToken) {
+      headers.set("Authorization", `Bearer ${accessToken}`);
+      return;
+    }
+    throw new ConfigError(
+      "No credentials found.",
+      "Run `okx auth login` to authenticate, or configure API key credentials."
+    );
+  }
   /** The canonical base URL for this client (e.g. https://www.okx.com). */
   get baseUrl() {
     return this.config.baseUrl;
@@ -1464,18 +1626,6 @@ var OkxRestClient = class _OkxRestClient {
     });
   }
   setAuthHeaders(headers, method, requestPath, bodyJson, timestamp) {
-    if (!this.config.hasAuth) {
-      throw new ConfigError(
-        "Private endpoint requires API credentials.",
-        "Configure OKX_API_KEY, OKX_SECRET_KEY and OKX_PASSPHRASE."
-      );
-    }
-    if (!this.config.apiKey || !this.config.secretKey || !this.config.passphrase) {
-      throw new ConfigError(
-        "Invalid private API credentials state.",
-        "Ensure all OKX credentials are set."
-      );
-    }
     const payload = `${timestamp}${method.toUpperCase()}${requestPath}${bodyJson}`;
     const signature = signOkxPayload(payload, this.config.secretKey);
     headers.set("OK-ACCESS-KEY", this.config.apiKey);
@@ -1590,7 +1740,7 @@ var OkxRestClient = class _OkxRestClient {
     const conn = this.pilot.getConnectionParams();
     this.logRequest("POST", `${conn.baseUrl}${path42}`, "private");
     const reqConfig = { method: "POST", path: path42, auth: "private" };
-    const headers = this.buildHeaders(reqConfig, path42, bodyJson, getNow());
+    const headers = await this.buildHeaders(reqConfig, path42, bodyJson, getNow());
     if (conn.userAgent) {
       headers.set("User-Agent", conn.userAgent);
     }
@@ -1711,7 +1861,7 @@ var OkxRestClient = class _OkxRestClient {
   // Header building
   // ---------------------------------------------------------------------------
   /** Build HTTP headers. reqConfig.extraHeaders must NOT contain auth keys (OK-ACCESS-*). */
-  buildHeaders(reqConfig, requestPath, bodyJson, timestamp) {
+  async buildHeaders(reqConfig, requestPath, bodyJson, timestamp) {
     const headers = new Headers({
       "Content-Type": "application/json",
       Accept: "application/json"
@@ -1720,7 +1870,7 @@ var OkxRestClient = class _OkxRestClient {
       headers.set("User-Agent", this.config.userAgent);
     }
     if (reqConfig.auth === "private") {
-      this.setAuthHeaders(headers, reqConfig.method, requestPath, bodyJson, timestamp);
+      await this.applyAuth(headers, reqConfig.method, requestPath, bodyJson, timestamp);
     }
     const useSimulated = reqConfig.simulatedTrading !== void 0 ? reqConfig.simulatedTrading : this.config.demo;
     if (useSimulated) {
@@ -1774,7 +1924,7 @@ var OkxRestClient = class _OkxRestClient {
     if (reqConfig.rateLimit) {
       await this.rateLimiter.consume(reqConfig.rateLimit);
     }
-    const headers = this.buildHeaders(reqConfig, requestPath, bodyJson, timestamp);
+    const headers = await this.buildHeaders(reqConfig, requestPath, bodyJson, timestamp);
     if (conn.userAgent) {
       headers.set("User-Agent", conn.userAgent);
     }
@@ -1926,6 +2076,23 @@ function privateRateLimit(key, rps = 10) {
     refillPerSecond: rps
   };
 }
+var CURSOR_PROPS = {
+  after: { type: "string", description: "Cursor: return older records" },
+  before: { type: "string", description: "Cursor: return newer records" }
+};
+var TIME_RANGE_PROPS = {
+  begin: { type: "string", description: "Start time (ms)" },
+  end: { type: "string", description: "End time (ms)" }
+};
+function readPaginationParams(args, readStr, readNum) {
+  return {
+    after: readStr(args, "after"),
+    before: readStr(args, "before"),
+    begin: readStr(args, "begin"),
+    end: readStr(args, "end"),
+    limit: readNum(args, "limit")
+  };
+}
 function assertNotDemo(config, endpoint) {
   if (config.demo) {
     throw new ConfigError(
@@ -2197,7 +2364,7 @@ var OKX_SITES = {
   },
   us: {
     label: "US",
-    apiBaseUrl: "https://app.okx.com",
+    apiBaseUrl: "https://us.okx.com",
     webUrl: "https://app.okx.com"
   }
 };
@@ -3744,7 +3911,7 @@ function safeWriteFile(targetDir, fileName, data) {
     throw new Error(`Invalid file name: "${fileName}"`);
   }
   const resolvedDir = resolve(targetDir);
-  const filePath = join3(resolvedDir, safeName);
+  const filePath = join4(resolvedDir, safeName);
   const resolvedPath = resolve(filePath);
   if (!resolvedPath.startsWith(resolvedDir + sep)) {
     throw new Error(`Path traversal detected: "${fileName}" resolves outside target directory`);
@@ -3872,7 +4039,7 @@ async function extractSkillZip(zipPath, targetDir, limits) {
   });
 }
 function readMetaJson(contentDir) {
-  const metaPath = join4(contentDir, "_meta.json");
+  const metaPath = join5(contentDir, "_meta.json");
   if (!existsSync(metaPath)) {
     throw new Error(`_meta.json not found in ${contentDir}. Invalid skill package.`);
   }
@@ -3898,12 +4065,12 @@ function readMetaJson(contentDir) {
   };
 }
 function validateSkillMdExists(contentDir) {
-  const skillMdPath = join4(contentDir, "SKILL.md");
+  const skillMdPath = join5(contentDir, "SKILL.md");
   if (!existsSync(skillMdPath)) {
     throw new Error(`SKILL.md not found in ${contentDir}. Invalid skill package.`);
   }
 }
-var DEFAULT_REGISTRY_PATH = join5(homedir3(), ".okx", "skills", "registry.json");
+var DEFAULT_REGISTRY_PATH = join6(homedir4(), ".okx", "skills", "registry.json");
 function readRegistry(registryPath = DEFAULT_REGISTRY_PATH) {
   if (!existsSync2(registryPath)) {
     return { version: 1, skills: {} };
@@ -6341,37 +6508,45 @@ function registerEventContractTools() {
     {
       name: "event_get_orders",
       module: "event",
-      description: "Query event contract orders. state=live for open orders; omit for history. outcome pre-translated (YES/NO/UP/DOWN).",
+      description: "Query event contract orders (open, 7d history, or 3-month archive). outcome pre-translated (YES/NO/UP/DOWN). Do NOT use for trade executions \u2014 use event_get_fills for fill records and settlement outcomes.",
       isWrite: false,
       inputSchema: {
         type: "object",
         properties: {
-          instId: {
+          status: {
             type: "string",
-            description: "Event contract instrument ID"
+            enum: ["open", "history", "archive"],
+            description: "open=active, history=7d (default), archive=3mo"
           },
-          state: {
+          instId: {
             type: "string",
-            description: "live=pending orders; omit for history"
+            description: "Event contract instrument ID"
           },
-          limit: {
-            type: "number",
-            description: "Max results (default 20)"
-          }
+          ordType: { type: "string", description: "Order type filter" },
+          state: { type: "string", description: "canceled|filled (only for history/archive)" },
+          ...CURSOR_PROPS,
+          ...TIME_RANGE_PROPS,
+          limit: { type: "number", description: "Max results (default 100)" }
         }
       },
       handler: async (rawArgs, context) => {
         const args = asRecord(rawArgs);
-        const state = readString(args, "state");
-        const isPending = state === "live";
-        const endpoint = isPending ? "/api/v5/trade/orders-pending" : "/api/v5/trade/orders-history";
+        const status = readString(args, "status") ?? "history";
+        const endpointMap = {
+          open: "/api/v5/trade/orders-pending",
+          archive: "/api/v5/trade/orders-history-archive"
+        };
+        const endpoint = endpointMap[status] ?? "/api/v5/trade/orders-history";
+        const params = compactObject({
+          instType: "EVENTS",
+          instId: readString(args, "instId"),
+          ordType: readString(args, "ordType"),
+          state: readString(args, "state"),
+          ...readPaginationParams(args, readString, readNumber)
+        });
         const response = await context.client.privateGet(
           endpoint,
-          compactObject({
-            instType: "EVENTS",
-            instId: readString(args, "instId"),
-            limit: readNumber(args, "limit")
-          }),
+          params,
           privateRateLimit("event_get_orders", 20)
         );
         const base = normalizeResponse(response);
@@ -6385,41 +6560,51 @@ function registerEventContractTools() {
             stateLabel: mapOrderState(String(item["state"] ?? ""))
           };
         }) : base["data"];
-        return { ...base, data };
+        return { ...base, data, requestParams: params };
       }
     },
     {
       name: "event_get_fills",
       module: "event",
-      description: "Get event contract fill history. outcome pre-translated (YES/NO/UP/DOWN). Each record includes a 'type' field: 'fill' (subType 410, opening trade) or 'settlement' (subType 414 win / subType 415 loss, contract expiry payout). Settlement records include 'settlementResult' (win/loss) and 'pnl' fields \u2014 no separate market lookup needed to determine outcome.",
+      description: "Get event contract fill history (trade executions and settlement payouts). archive=true for up to 3mo, false (default) for last 3d. outcome pre-translated (YES/NO/UP/DOWN). Each record includes a 'type' field: 'fill' (opening trade) or 'settlement' (expiry payout with settlementResult win/loss and pnl). Do NOT use for order status \u2014 use event_get_orders instead.",
       isWrite: false,
       inputSchema: {
         type: "object",
         properties: {
+          archive: {
+            type: "boolean",
+            description: "true=up to 3mo, false=3d (default)"
+          },
           instId: {
             type: "string",
             description: "Event contract instrument ID"
           },
-          limit: {
-            type: "number",
-            description: "Max results (default 20)"
-          }
+          ordId: { type: "string", description: "Order ID filter" },
+          ...CURSOR_PROPS,
+          ...TIME_RANGE_PROPS,
+          limit: { type: "number", description: "Max results (default 100 or 20 for archive)" }
         }
       },
       handler: async (rawArgs, context) => {
         const args = asRecord(rawArgs);
+        const archive = readBoolean(args, "archive") ?? false;
+        const path42 = archive ? "/api/v5/trade/fills-history" : "/api/v5/trade/fills";
+        const paging = readPaginationParams(args, readString, readNumber);
+        const params = compactObject({
+          instType: "EVENTS",
+          instId: readString(args, "instId"),
+          ordId: readString(args, "ordId"),
+          ...paging,
+          limit: paging.limit ?? (archive ? 20 : void 0)
+        });
         const response = await context.client.privateGet(
-          "/api/v5/trade/fills",
-          compactObject({
-            instType: "EVENTS",
-            instId: readString(args, "instId"),
-            limit: readNumber(args, "limit")
-          }),
+          path42,
+          params,
           privateRateLimit("event_get_fills", 20)
         );
         const base = normalizeResponse(response);
         const data = Array.isArray(base["data"]) ? base["data"].map(enrichFill) : base["data"];
-        return { ...base, data };
+        return { ...base, data, requestParams: params };
       }
     },
     // -----------------------------------------------------------------------
@@ -6503,7 +6688,7 @@ function registerEventContractTools() {
     {
       name: "event_amend_order",
       module: "event",
-      description: "Amend a pending event contract order (change price or size). [CAUTION] Modifies a real order. Before amending, call event_get_orders(state=live) to obtain the ordId and confirm the order is still pending. Only limit/post_only orders can be amended.",
+      description: "Amend a pending event contract order (change price or size). [CAUTION] Modifies a real order. Before amending, call event_get_orders(status=open) to obtain the ordId and confirm the order is still pending. Only limit/post_only orders can be amended.",
       isWrite: true,
       inputSchema: {
         type: "object",
@@ -6534,7 +6719,7 @@ function registerEventContractTools() {
     {
       name: "event_cancel_order",
       module: "event",
-      description: "Cancel a pending event contract order. [CAUTION] Cancels a real order. Before cancelling, call event_get_orders(state=live) to obtain the ordId and confirm the order is still pending. instId must be the full event contract instrument ID (e.g. BTC-ABOVE-DAILY-260224-1600-69700), NOT a spot trading pair.",
+      description: "Cancel a pending event contract order. [CAUTION] Cancels a real order. Before cancelling, call event_get_orders(status=open) to obtain the ordId and confirm the order is still pending. instId must be the full event contract instrument ID (e.g. BTC-ABOVE-DAILY-260224-1600-69700), NOT a spot trading pair.",
       isWrite: true,
       inputSchema: {
         type: "object",
@@ -6582,27 +6767,27 @@ var PATH_SIGNAL_HISTORY = "/api/v5/journal/smartmoney/signal-history";
 var SIGNAL_POOL_FILTER_PROPS = {
   sortType: {
     type: "string",
-    description: "pnl or pnlRatio"
+    description: "Pool ranking: pnl|pnlRatio (default pnl)"
   },
   period: {
     type: "string",
-    description: "3|7|30|90 days"
+    description: "Win-rate window days: 3|7|30|90 (default 90). Not snapshot range."
   },
   pnl: {
     type: "string",
-    description: "PNL_ANY|PNL_TOP50|PNL_TOP20|PNL_TOP5"
+    description: "Top N% by PnL: PNL_ANY|PNL_TOP50|PNL_TOP20|PNL_TOP5 (default PNL_ANY)"
   },
   winRatio: {
     type: "string",
-    description: "WR_ANY|WR_GE_50|WR_GE_80"
+    description: "Min win-rate: WR_ANY|WR_GE_50|WR_GE_80 (default WR_ANY)"
   },
   maxRetreat: {
     type: "string",
-    description: "MR_ANY|MR_LE_20|MR_LE_50"
+    description: "Max drawdown: MR_ANY|MR_LE_20|MR_LE_50 (default MR_ANY)"
   },
   asset: {
     type: "string",
-    description: "AUM_ANY|AUM_TOP50|AUM_TOP20|AUM_TOP5"
+    description: "Top N% by AUM: AUM_ANY|AUM_TOP50|AUM_TOP20|AUM_TOP5 (default AUM_ANY)"
   }
 };
 var LEADERBOARD_POOL_FILTER_PROPS = {
@@ -6654,39 +6839,39 @@ function registerSmartmoneyTools() {
     {
       name: "smartmoney_get_overview",
       module: "smartmoney",
-      description: "Multi-currency smart money overview ranked by most-watched currencies. Pass ts=Date.now() for latest data, or dataVersion (yyyyMMddHHmm) from a prior call. For single-currency signal with entry prices and trend, use smartmoney_get_signal.",
+      description: "Multi-currency smart money overview, ranked by tradersWithPosition DESC (most-watched first). Requires either ts (recommended, Date.now()) or dataVersion (yyyyMMddHHmm UTC) \u2014 at least one must be set; ts wins when both are sent. For single-currency signal with entry prices and trend, use smartmoney_get_signal.",
       isWrite: false,
       inputSchema: {
         type: "object",
         properties: {
-          dataVersion: {
+          ts: {
             type: "string",
-            description: "yyyyMMddHHmm UTC (or use ts)"
+            description: "Recommended. Timestamp ms \u2014 use Date.now() for latest."
           },
-          ts: {
+          dataVersion: {
             type: "string",
-            description: "Timestamp ms (or use dataVersion)"
+            description: "Alternative. yyyyMMddHHmm UTC for prior snapshot. If both sent, ts wins."
           },
           instType: {
             type: "string",
-            description: "SPOT|MARGIN|FUTURES|SWAP|OPTION"
+            description: "SPOT|MARGIN|FUTURES|SWAP|OPTION (default SWAP)"
           },
           ...SIGNAL_POOL_FILTER_PROPS,
           lmtNum: {
             type: "string",
-            description: "Trader pool size 1-500"
+            description: "Trader pool size 1-500 (default 100)"
           },
           instCcyList: {
             type: "string",
-            description: "Comma-separated e.g. BTC,ETH,SOL"
+            description: "Comma-separated currency codes e.g. BTC,ETH,SOL (prefix-matched against instId)"
           },
           instCcy: {
             type: "string",
-            description: "Single currency e.g. BTC"
+            description: "Single currency e.g. BTC; alias for instCcyList (instCcyList wins if both set)"
           },
           topInstruments: {
             type: "string",
-            description: "Top N instruments 1-100"
+            description: "Top N instruments 1-100 (default 20)"
           }
         }
       },
@@ -6718,35 +6903,35 @@ function registerSmartmoneyTools() {
     {
       name: "smartmoney_get_signal",
       module: "smartmoney",
-      description: "Single-currency consensus signal: long/short ratio, entry prices, trend, capital flow. Requires instId or instCcy. Pass ts=Date.now() for latest data, or dataVersion from a prior call. For multi-currency overview, use smartmoney_get_overview. For timeline, use smartmoney_get_signal_history.",
+      description: "Single-currency consensus signal: long/short ratio, entry prices, trend, capital flow. Requires either instId (e.g. BTC-USDT-SWAP, recommended) or instCcy (SPOT/SWAP only) \u2014 instId wins when both are sent. Requires either ts (recommended, Date.now()) or dataVersion (yyyyMMddHHmm UTC) \u2014 at least one must be set; ts wins when both are sent. For multi-currency overview, use smartmoney_get_overview. For timeline, use smartmoney_get_signal_history.",
       isWrite: false,
       inputSchema: {
         type: "object",
         properties: {
           instId: {
             type: "string",
-            description: "e.g. BTC-USDT-SWAP (or use instCcy)"
+            description: "Recommended. e.g. BTC-USDT-SWAP"
           },
           instCcy: {
             type: "string",
-            description: "e.g. BTC, SPOT/SWAP only (or use instId)"
+            description: "e.g. BTC (SPOT/SWAP only); instId takes precedence if both set"
           },
-          dataVersion: {
+          ts: {
             type: "string",
-            description: "yyyyMMddHHmm UTC (or use ts)"
+            description: "Recommended. Timestamp ms \u2014 use Date.now() for latest."
           },
-          ts: {
+          dataVersion: {
             type: "string",
-            description: "Timestamp ms (or use dataVersion)"
+            description: "Alternative. yyyyMMddHHmm UTC for prior snapshot. If both sent, ts wins."
           },
           ...SIGNAL_POOL_FILTER_PROPS,
           lmtNum: {
             type: "string",
-            description: "Trader pool size 1-500"
+            description: "Trader pool size 1-500 (default 100)"
           },
           authorIds: {
             type: "string",
-            description: "Comma-separated user IDs e.g. 1001,1002"
+            description: "Comma-separated user IDs e.g. 1001,1002 \u2014 restricts the trader pool to these IDs only (precise filter)"
           }
         }
       },
@@ -6782,7 +6967,7 @@ function registerSmartmoneyTools() {
     {
       name: "smartmoney_get_signal_history",
       module: "smartmoney",
-      description: "Signal history timeline sorted by ts DESC for trend analysis. Requires instId. Pass ts=Date.now() for latest data, or dataVersion from a prior call. For current snapshot, use smartmoney_get_signal.",
+      description: "Signal history timeline sorted by ts DESC for trend analysis. Requires instId. Requires either ts (recommended, Date.now()) or dataVersion (yyyyMMddHHmm UTC) \u2014 at least one must be set; ts wins when both are sent. For current snapshot, use smartmoney_get_signal.",
       isWrite: false,
       inputSchema: {
         type: "object",
@@ -6791,13 +6976,13 @@ function registerSmartmoneyTools() {
             type: "string",
             description: "e.g. BTC-USDT-SWAP"
           },
-          dataVersion: {
+          ts: {
             type: "string",
-            description: "yyyyMMddHHmm UTC (or use ts)"
+            description: "Recommended. Timestamp ms \u2014 use Date.now() for latest."
           },
-          ts: {
+          dataVersion: {
             type: "string",
-            description: "Timestamp ms (or use dataVersion)"
+            description: "Alternative. yyyyMMddHHmm UTC for prior snapshot. If both sent, ts wins."
           },
           granularity: {
             type: "string",
@@ -10300,7 +10485,7 @@ function createToolRunner(client, config) {
   };
 }
 function configFilePath() {
-  return join6(homedir4(), ".okx", "config.toml");
+  return join7(homedir5(), ".okx", "config.toml");
 }
 function readFullConfig() {
   const path42 = configFilePath();
@@ -10319,11 +10504,6 @@ Or re-run: okx config init`
     );
   }
 }
-function readTomlProfile(profileName) {
-  const config = readFullConfig();
-  const name = profileName ?? config.default_profile ?? "default";
-  return config.profiles?.[name] ?? {};
-}
 var CONFIG_HEADER = `# OKX Trade Kit Configuration
 # If editing manually, wrap values containing special chars in quotes:
 #   passphrase = 'value'       (if value contains # \\ ")
@@ -10372,18 +10552,24 @@ function parseModuleList(rawModules) {
   }
   return Array.from(deduped);
 }
-function loadCredentials(toml) {
+async function loadCredentials(toml) {
   const apiKey = process.env.OKX_API_KEY?.trim() ?? toml.api_key;
   const secretKey = process.env.OKX_SECRET_KEY?.trim() ?? toml.secret_key;
   const passphrase = process.env.OKX_PASSPHRASE?.trim() ?? toml.passphrase;
-  const hasAuth = Boolean(apiKey && secretKey && passphrase);
+  const hasApiKey = Boolean(apiKey && secretKey && passphrase);
   const partialAuth = Boolean(apiKey) || Boolean(secretKey) || Boolean(passphrase);
-  if (partialAuth && !hasAuth) {
+  if (partialAuth && !hasApiKey) {
     throw new ConfigError(
       "Partial API credentials detected.",
       "Set OKX_API_KEY, OKX_SECRET_KEY and OKX_PASSPHRASE together (env vars or config.toml profile)."
     );
   }
+  let hasOAuth = false;
+  if (!hasApiKey) {
+    const status = await execAuthStatus();
+    hasOAuth = status?.status === "logged_in";
+  }
+  const hasAuth = hasOAuth || hasApiKey;
   return { apiKey, secretKey, passphrase, hasAuth };
 }
 function resolveSite(cliSite, tomlSite) {
@@ -10417,9 +10603,11 @@ function resolveDemo(cli, toml) {
   if (cli.demo === true) return true;
   return process.env.OKX_DEMO === "1" || process.env.OKX_DEMO === "true" || (toml.demo ?? false);
 }
-function loadConfig(cli) {
-  const toml = readTomlProfile(cli.profile);
-  const creds = loadCredentials(toml);
+async function loadConfig(cli) {
+  const config = readFullConfig();
+  const profileName = cli.profile ?? config.default_profile ?? "default";
+  const toml = config.profiles?.[profileName] ?? {};
+  const creds = await loadCredentials(toml);
   const demo = resolveDemo(cli, toml);
   const site = resolveSite(cli.site, toml.site);
   const baseUrl = resolveBaseUrl(site, toml.base_url);
@@ -10439,6 +10627,7 @@ function loadConfig(cli) {
   }
   return {
     ...creds,
+    profile: profileName,
     baseUrl,
     timeoutMs: Math.floor(rawTimeout),
     modules: parseModuleList(cli.modules),
@@ -10451,7 +10640,7 @@ function loadConfig(cli) {
     verbose: cli.verbose ?? false
   };
 }
-var CACHE_FILE = join7(homedir5(), ".okx", "update-check.json");
+var CACHE_FILE = join8(homedir6(), ".okx", "update-check.json");
 var CHECK_INTERVAL_MS = 24 * 60 * 60 * 1e3;
 function readCache2() {
   try {
@@ -10464,7 +10653,7 @@ function readCache2() {
 }
 function writeCache2(cache) {
   try {
-    mkdirSync6(join7(homedir5(), ".okx"), { recursive: true });
+    mkdirSync6(join8(homedir6(), ".okx"), { recursive: true });
     writeFileSync5(CACHE_FILE, JSON.stringify(cache, null, 2), "utf-8");
   } catch {
   }
@@ -10634,13 +10823,13 @@ function findMsStoreClaudePath() {
 }
 function getConfigPath(client) {
   const home = os3.homedir();
-  const platform2 = process.platform;
+  const platform3 = process.platform;
   switch (client) {
     case "claude-desktop":
-      if (platform2 === "win32") {
+      if (platform3 === "win32") {
         return findMsStoreClaudePath() ?? path3.join(appData(), "Claude", CLAUDE_CONFIG_FILE);
       }
-      if (platform2 === "darwin") {
+      if (platform3 === "darwin") {
         return path3.join(home, "Library", "Application Support", "Claude", CLAUDE_CONFIG_FILE);
       }
       return path3.join(process.env.XDG_CONFIG_HOME ?? path3.join(home, ".config"), "Claude", CLAUDE_CONFIG_FILE);
@@ -10752,7 +10941,7 @@ var DOWNLOAD_TIMEOUT_MS = 3e4;
 var PLATFORM_MAP = {
   "darwin-arm64": "darwin-arm64",
   "darwin-x64": "darwin-x64",
-  "linux-arm64": "linux-arm64",
+  "linux-arm64": "linux-x64",
   "linux-x64": "linux-x64",
   "win32-arm64": "win32-arm64",
   "win32-x64": "win32-x64"
@@ -10884,7 +11073,7 @@ async function installPilotBinary(destPath, sources = CDN_SOURCES, onProgress) {
   if (earlyResult) return earlyResult;
   const platformDir = getPlatformDir();
   const binaryName = getBinaryName();
-  const resolvedDest = destPath ?? join9(homedir7(), ".okx", "bin", binaryName);
+  const resolvedDest = destPath ?? join10(homedir8(), ".okx", "bin", binaryName);
   const tmpPath = resolvedDest + ".tmp";
   mkdirSync8(dirname6(resolvedDest), { recursive: true });
   const localHash = existsSync6(resolvedDest) ? hashFile(resolvedDest) : null;
@@ -11007,107 +11196,646 @@ function downloadText(url, timeoutMs) {
     })
   );
 }
-// src/commands/diagnose.ts
-import dns from "dns/promises";
-import net from "net";
-import os5 from "os";
-import tls from "tls";
-// src/commands/diagnose-utils.ts
-import fs4 from "fs";
-import { createRequire } from "module";
-// src/formatter.ts
-import { EOL } from "os";
-var stdioOutput = {
-  out: (message) => process.stdout.write(message),
-  err: (message) => process.stderr.write(message)
-};
-var activeOutput = stdioOutput;
-function setOutput(impl) {
-  activeOutput = impl;
-}
-var envContext = null;
-function setEnvContext(ctx) {
-  envContext = ctx;
-}
-function output(message) {
-  activeOutput.out(message);
-}
-function errorOutput(message) {
-  activeOutput.err(message);
-}
-function outputLine(message) {
-  activeOutput.out(message + EOL);
-}
-function errorLine(message) {
-  activeOutput.err(message + EOL);
-}
-var jsonEnvEnabled = false;
-function setJsonEnvEnabled(enabled) {
-  jsonEnvEnabled = enabled;
-}
-function printJson(data) {
-  const payload = jsonEnvEnabled && envContext ? {
-    env: envContext.demo ? "demo" : "live",
-    profile: envContext.profile,
-    data
-  } : data;
-  activeOutput.out(JSON.stringify(payload, null, 2) + EOL);
+var AUTH_CDN_PATH_PREFIX = "/upgradeapp/tools/oauth";
+function getAuthBinaryName() {
+  return platform2() === "win32" ? "okx-auth.exe" : "okx-auth";
 }
-function printTable(rows) {
-  if (envContext) {
-    const envLabel = envContext.demo ? "demo (simulated trading)" : "live";
-    activeOutput.out(`Environment: ${envLabel}` + EOL + EOL);
-  }
-  if (rows.length === 0) {
-    activeOutput.out("(no data)" + EOL);
-    return;
+function getAuthStatus(binaryPath, opts) {
+  const resolvedPath = binaryPath ?? getAuthBinaryPath();
+  const platformDir = getPlatformDir();
+  if (!existsSync7(resolvedPath)) {
+    return { binaryPath: resolvedPath, exists: false, platform: platformDir };
   }
-  const keys = Object.keys(rows[0]);
-  const widths = keys.map(
-    (k) => Math.max(k.length, ...rows.map((r) => String(r[k] ?? "").length))
-  );
-  const header = keys.map((k, i) => k.padEnd(widths[i])).join("  ");
-  const divider = widths.map((w) => "-".repeat(w)).join("  ");
-  activeOutput.out(header + EOL + divider + EOL);
-  for (const row of rows) {
-    activeOutput.out(keys.map((k, i) => String(row[k] ?? "").padEnd(widths[i])).join("  ") + EOL);
+  if (opts?.skipHash) {
+    return { binaryPath: resolvedPath, exists: true, platform: platformDir };
   }
+  const { size, sha256 } = hashFile(resolvedPath);
+  return { binaryPath: resolvedPath, exists: true, platform: platformDir, fileSize: size, sha256 };
 }
-function printKv(obj, indent = 0) {
-  const pad = " ".repeat(indent);
-  for (const [k, v] of Object.entries(obj)) {
-    if (v !== null && typeof v === "object" && !Array.isArray(v)) {
-      activeOutput.out(`${pad}${k}:${EOL}`);
-      printKv(v, indent + 2);
-    } else {
-      activeOutput.out(`${pad}${k.padEnd(20 - indent)}  ${v}${EOL}`);
+async function fetchAuthCdnChecksum(sources = CDN_SOURCES, timeoutMs = DOWNLOAD_TIMEOUT_MS) {
+  const platformDir = getPlatformDir();
+  if (!platformDir) return null;
+  const checksumPath = `${AUTH_CDN_PATH_PREFIX}/${platformDir}/checksum.json`;
+  for (const { host, protocol } of sources) {
+    try {
+      const url = `${protocol}://${host}${checksumPath}`;
+      const raw = await downloadText2(url, timeoutMs);
+      const data = JSON.parse(raw);
+      if (typeof data.sha256 !== "string" || typeof data.size !== "number" || typeof data.target !== "string") {
+        continue;
+      }
+      return { sha256: data.sha256, size: data.size, target: data.target, source: host };
+    } catch {
     }
   }
+  return null;
 }
-function extractData(result) {
-  if (result && typeof result === "object") {
-    const data = result["data"];
-    if (Array.isArray(data)) return data;
+async function fetchAndValidateChecksum2(host, protocol, checksumPath, platformDir, timeoutMs, onProgress) {
+  const checksumUrl = `${protocol}://${host}${checksumPath}`;
+  onProgress?.(`Fetching checksum from ${host}...`);
+  const raw = await downloadText2(checksumUrl, timeoutMs);
+  const checksum = JSON.parse(raw);
+  if (typeof checksum.sha256 !== "string" || typeof checksum.size !== "number" || typeof checksum.target !== "string") {
+    throw new Error("Invalid checksum.json: missing sha256, size, or target");
   }
-  return [];
+  if (checksum.target !== platformDir) {
+    throw new Error(`Target mismatch: expected ${platformDir}, got ${checksum.target}`);
+  }
+  return { sha256: checksum.sha256, size: checksum.size, target: checksum.target };
 }
-function markFailedIfSCodeError(data) {
-  if (!Array.isArray(data)) return;
-  for (const item of data) {
-    if (item !== null && typeof item === "object") {
-      const sCode = item["sCode"];
-      if (sCode !== void 0 && sCode !== "0" && sCode !== 0) {
-        process.exitCode = 1;
-        return;
-      }
+async function downloadAndVerify2(host, protocol, binaryPath, tmpPath, checksum, timeoutMs, onProgress) {
+  const binaryUrl = `${protocol}://${host}${binaryPath}`;
+  onProgress?.(`Downloading binary from ${host}...`);
+  await download2(binaryUrl, tmpPath, timeoutMs);
+  const actual = hashFile(tmpPath);
+  if (actual.size !== checksum.size) {
+    throw new Error(`Size mismatch: expected ${checksum.size}, got ${actual.size}`);
+  }
+  if (actual.sha256 !== checksum.sha256) {
+    throw new Error(`SHA-256 mismatch: expected ${checksum.sha256}, got ${actual.sha256}`);
+  }
+}
+function atomicReplace2(tmpPath, resolvedDest) {
+  if (platform2() === "win32") {
+    try {
+      unlinkSync4(resolvedDest);
+    } catch {
     }
   }
+  renameSync4(tmpPath, resolvedDest);
+  if (platform2() !== "win32") {
+    chmodSync2(resolvedDest, 493);
+  }
+}
+function installPreChecks2(destPath, sources) {
+  if (!destPath && process.env.OKX_AUTH_BIN) {
+    return { status: "up-to-date", source: "(env override)" };
+  }
+  if (!getPlatformDir()) {
+    return { status: "failed", error: "Unsupported platform" };
+  }
+  if (sources.length === 0) {
+    return { status: "failed", error: "No CDN sources available" };
+  }
+  return null;
+}
+function isLocalUpToDate2(localHash, checksum) {
+  return localHash !== null && localHash.size === checksum.size && localHash.sha256 === checksum.sha256;
+}
+async function installAuthBinary(destPath, sources = CDN_SOURCES, onProgress) {
+  const earlyResult = installPreChecks2(destPath, sources);
+  if (earlyResult) return earlyResult;
+  const platformDir = getPlatformDir();
+  const binaryName = getAuthBinaryName();
+  const resolvedDest = destPath ?? join11(homedir9(), ".okx", "bin", binaryName);
+  const tmpPath = resolvedDest + ".tmp";
+  mkdirSync9(dirname7(resolvedDest), { recursive: true });
+  const localHash = existsSync7(resolvedDest) ? hashFile(resolvedDest) : null;
+  const checksumPath = `${AUTH_CDN_PATH_PREFIX}/${platformDir}/checksum.json`;
+  const binaryPath = `${AUTH_CDN_PATH_PREFIX}/${platformDir}/${binaryName}`;
+  const errors = [];
+  for (const { host, protocol } of sources) {
+    try {
+      const checksum = await fetchAndValidateChecksum2(
+        host,
+        protocol,
+        checksumPath,
+        platformDir,
+        DOWNLOAD_TIMEOUT_MS,
+        onProgress
+      );
+      if (isLocalUpToDate2(localHash, checksum)) {
+        onProgress?.("Already up to date (checksum match)");
+        return { status: "up-to-date", source: host };
+      }
+      await downloadAndVerify2(host, protocol, binaryPath, tmpPath, checksum, DOWNLOAD_TIMEOUT_MS, onProgress);
+      atomicReplace2(tmpPath, resolvedDest);
+      onProgress?.(`Downloaded and verified from ${host}`);
+      return { status: "installed", source: host };
+    } catch (err) {
+      try {
+        unlinkSync4(tmpPath);
+      } catch {
+      }
+      const msg = err instanceof Error ? err.message : String(err);
+      errors.push(`${host}: ${msg}`);
+      onProgress?.(`${host} failed: ${msg}`);
+    }
+  }
+  return { status: "failed", error: `All CDN sources failed:
+${errors.join("\n")}` };
+}
+function removeAuthBinary(binaryPath) {
+  const resolvedPath = binaryPath ?? getAuthBinaryPath();
+  try {
+    unlinkSync4(resolvedPath);
+    return { status: "removed" };
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      return { status: "not-found" };
+    }
+    const msg = err instanceof Error ? err.message : String(err);
+    throw new Error(`Failed to remove ${resolvedPath}: ${msg}`);
+  }
+}
+function isRedirect2(statusCode) {
+  return statusCode !== void 0 && statusCode >= 300 && statusCode < 400;
+}
+function validateRedirect2(res, requestUrl, redirectCount, maxRedirects) {
+  if (redirectCount > maxRedirects) {
+    throw new Error(`Too many redirects (${maxRedirects})`);
+  }
+  const location = res.headers.location;
+  if (requestUrl.startsWith("https") && !location.startsWith("https")) {
+    throw new Error("Refused HTTPS \u2192 HTTP redirect downgrade");
+  }
+  return location;
+}
+function fetchResponse2(url, timeoutMs) {
+  return new Promise((resolve3, reject) => {
+    let redirects = 0;
+    const maxRedirects = 5;
+    function doRequest(requestUrl) {
+      const reqFn = requestUrl.startsWith("https") ? httpsGet2 : httpGet2;
+      const req = reqFn(requestUrl, { timeout: timeoutMs }, (res) => {
+        if (isRedirect2(res.statusCode) && res.headers.location) {
+          redirects++;
+          try {
+            const location = validateRedirect2(res, requestUrl, redirects, maxRedirects);
+            res.resume();
+            doRequest(location);
+          } catch (err) {
+            reject(err);
+          }
+          return;
+        }
+        if (res.statusCode !== 200) {
+          reject(new Error(`HTTP ${res.statusCode ?? "unknown"}`));
+          return;
+        }
+        resolve3(res);
+      });
+      req.on("error", reject);
+      req.on("timeout", () => {
+        req.destroy();
+        reject(new Error("Download timed out"));
+      });
+    }
+    doRequest(url);
+  });
+}
+function download2(url, destPath, timeoutMs) {
+  return fetchResponse2(url, timeoutMs).then(
+    (res) => new Promise((resolve3, reject) => {
+      const file = createWriteStream3(destPath);
+      res.pipe(file);
+      file.on("finish", () => file.close(() => resolve3()));
+      file.on("error", (err) => {
+        try {
+          unlinkSync4(destPath);
+        } catch {
+        }
+        reject(err);
+      });
+    })
+  );
+}
+function downloadText2(url, timeoutMs) {
+  return fetchResponse2(url, timeoutMs).then(
+    (res) => new Promise((resolve3, reject) => {
+      const chunks = [];
+      res.on("data", (chunk) => chunks.push(chunk));
+      res.on("end", () => resolve3(Buffer.concat(chunks).toString("utf8")));
+      res.on("error", reject);
+    })
+  );
+}
+var CACHE_PATH = join12(homedir10(), ".okx", "auth-binary-check.json");
+var CHECK_INTERVAL_MS2 = 2 * 60 * 60 * 1e3;
+function readCache3() {
+  try {
+    if (!existsSync8(CACHE_PATH)) return null;
+    const data = JSON.parse(readFileSync8(CACHE_PATH, "utf-8"));
+    if (typeof data.cdnSha256 !== "string" || typeof data.checkedAt !== "number") return null;
+    return { cdnSha256: data.cdnSha256, checkedAt: data.checkedAt };
+  } catch {
+    return null;
+  }
+}
+function writeCache3(cdnSha256) {
+  try {
+    mkdirSync10(join12(homedir10(), ".okx"), { recursive: true });
+    writeFileSync7(CACHE_PATH, JSON.stringify({ cdnSha256, checkedAt: Date.now() }, null, 2), "utf-8");
+  } catch {
+  }
+}
+async function ensureAuthBinaryLatest(onProgress) {
+  if (process.env.OKX_AUTH_BIN) return;
+  const cache = readCache3();
+  if (cache && Date.now() - cache.checkedAt < CHECK_INTERVAL_MS2) return;
+  try {
+    const cdn = await fetchAuthCdnChecksum(void 0, 5e3);
+    if (!cdn) return;
+    const local = getAuthStatus();
+    if (local.exists && local.sha256 === cdn.sha256) {
+      writeCache3(cdn.sha256);
+      return;
+    }
+    onProgress?.("Updating okx-auth binary...");
+    const result = await installAuthBinary(void 0, void 0, onProgress);
+    if (result.status === "installed" || result.status === "up-to-date") {
+      const updated = getAuthStatus();
+      if (updated.sha256) writeCache3(updated.sha256);
+      if (result.status === "installed") {
+        onProgress?.("\u2713 okx-auth updated successfully");
+      }
+    }
+  } catch {
+  }
+}
+function updateAuthBinaryCache(sha256) {
+  writeCache3(sha256);
+}
+function clearAuthBinaryCache() {
+  try {
+    unlinkSync5(CACHE_PATH);
+  } catch {
+  }
 }
+// src/commands/auth.ts
+import { spawn as spawn2 } from "child_process";
+import readline from "readline";
+// src/formatter.ts
+import { EOL } from "os";
+var stdioOutput = {
+  out: (message) => process.stdout.write(message),
+  err: (message) => process.stderr.write(message)
+};
+var activeOutput = stdioOutput;
+function setOutput(impl) {
+  activeOutput = impl;
+}
+var envContext = null;
+function setEnvContext(ctx) {
+  envContext = ctx;
+}
+function output(message) {
+  activeOutput.out(message);
+}
+function errorOutput(message) {
+  activeOutput.err(message);
+}
+function outputLine(message) {
+  activeOutput.out(message + EOL);
+}
+function errorLine(message) {
+  activeOutput.err(message + EOL);
+}
+var jsonEnvEnabled = false;
+function setJsonEnvEnabled(enabled) {
+  jsonEnvEnabled = enabled;
+}
+function printJson(data) {
+  const payload = jsonEnvEnabled && envContext ? {
+    env: envContext.demo ? "demo" : "live",
+    profile: envContext.profile,
+    data
+  } : data;
+  activeOutput.out(JSON.stringify(payload, null, 2) + EOL);
+}
+function printTable(rows) {
+  if (envContext) {
+    const envLabel = envContext.demo ? "demo (simulated trading)" : "live";
+    activeOutput.out(`Environment: ${envLabel}` + EOL + EOL);
+  }
+  if (rows.length === 0) {
+    activeOutput.out("(no data)" + EOL);
+    return;
+  }
+  const keys = Object.keys(rows[0]);
+  const widths = keys.map(
+    (k) => Math.max(k.length, ...rows.map((r) => String(r[k] ?? "").length))
+  );
+  const header = keys.map((k, i) => k.padEnd(widths[i])).join("  ");
+  const divider = widths.map((w) => "-".repeat(w)).join("  ");
+  activeOutput.out(header + EOL + divider + EOL);
+  for (const row of rows) {
+    activeOutput.out(keys.map((k, i) => String(row[k] ?? "").padEnd(widths[i])).join("  ") + EOL);
+  }
+}
+function printKv(obj, indent = 0) {
+  const pad = " ".repeat(indent);
+  for (const [k, v] of Object.entries(obj)) {
+    if (v !== null && typeof v === "object" && !Array.isArray(v)) {
+      activeOutput.out(`${pad}${k}:${EOL}`);
+      printKv(v, indent + 2);
+    } else {
+      activeOutput.out(`${pad}${k.padEnd(20 - indent)}  ${v}${EOL}`);
+    }
+  }
+}
+function extractData(result) {
+  if (result && typeof result === "object") {
+    const data = result["data"];
+    if (Array.isArray(data)) return data;
+  }
+  return [];
+}
+function markFailedIfSCodeError(data) {
+  if (!Array.isArray(data)) return;
+  for (const item of data) {
+    if (item !== null && typeof item === "object") {
+      const sCode = item["sCode"];
+      if (sCode !== void 0 && sCode !== "0" && sCode !== 0) {
+        process.exitCode = 1;
+        return;
+      }
+    }
+  }
+}
+// src/commands/auth.ts
+function runOkxAuth(args) {
+  const binPath = getAuthBinaryPath();
+  return new Promise((resolve3, reject) => {
+    const child = spawn2(binPath, args, {
+      stdio: "inherit"
+    });
+    child.on("error", (err) => {
+      reject(new Error(`Failed to spawn okx-auth: ${err.message}`));
+    });
+    child.on("close", (code) => {
+      resolve3(code ?? 1);
+    });
+  });
+}
+function runOkxAuthCapture(args) {
+  const binPath = getAuthBinaryPath();
+  return new Promise((resolve3, reject) => {
+    const child = spawn2(binPath, args, {
+      stdio: ["inherit", "pipe", "inherit"]
+    });
+    const chunks = [];
+    child.stdout.on("data", (chunk) => chunks.push(chunk));
+    child.on("error", (err) => {
+      reject(new Error(`Failed to spawn okx-auth: ${err.message}`));
+    });
+    child.on("close", (code) => {
+      resolve3({
+        code: code ?? 1,
+        stdout: Buffer.concat(chunks).toString("utf-8")
+      });
+    });
+  });
+}
+function findApiKeyProfile() {
+  let config;
+  try {
+    config = readFullConfig();
+  } catch {
+    return null;
+  }
+  for (const [name, profile] of Object.entries(config.profiles ?? {})) {
+    if (profile?.api_key) return name;
+  }
+  return null;
+}
+async function cmdAuthLogin(args) {
+  const apiKeyProfile = findApiKeyProfile();
+  if (apiKeyProfile) {
+    if (args.manual) {
+      outputLine(JSON.stringify({
+        status: "skipped",
+        reason: "api_key_configured",
+        profile: apiKeyProfile,
+        message: `API key already configured (profile: ${apiKeyProfile}). OAuth login skipped \u2014 API key will be used automatically.`
+      }));
+    } else {
+      outputLine(`API key already configured (profile: ${apiKeyProfile}). OAuth login skipped \u2014 API key will be used automatically.`);
+    }
+    return;
+  }
+  const cliArgs = ["login"];
+  if (args.site) cliArgs.push("--site", args.site);
+  if (args.manual) cliArgs.push("--manual");
+  const code = await runOkxAuth(cliArgs);
+  if (code !== 0) {
+    process.exitCode = code;
+  }
+}
+async function cmdAuthLogout() {
+  const code = await runOkxAuth(["logout"]);
+  if (code !== 0) {
+    process.exitCode = code;
+  }
+}
+async function cmdAuthStatus(args) {
+  const cliArgs = ["status"];
+  if (args.json) cliArgs.push("--json");
+  const result = await runOkxAuthCapture(cliArgs);
+  if (result.stdout) {
+    process.stdout.write(result.stdout);
+  }
+  if (result.code !== 0) {
+    process.exitCode = result.code;
+  }
+}
+function resolveChecksumMatch(local, cdnChecksum, cdnError) {
+  if (!local.exists) return "not-installed";
+  if (cdnError || !cdnChecksum) return "unavailable";
+  if (cdnChecksum.sha256 === local.sha256) return "match";
+  return "mismatch";
+}
+function checksumMatchLabel(match) {
+  if (match === "match") return "\u2713 match";
+  if (match === "mismatch") return "\u2717 mismatch (update available)";
+  return "CDN unreachable";
+}
+function formatBytes(bytes) {
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(2)} MB`;
+}
+async function cmdAuthInstallStatus(json) {
+  const local = getAuthStatus();
+  let cdnChecksum = null;
+  let cdnError = null;
+  if (local.exists) {
+    try {
+      cdnChecksum = await fetchAuthCdnChecksum(void 0, 5e3);
+    } catch (err) {
+      cdnError = err instanceof Error ? err.message : String(err);
+    }
+  }
+  const checksumMatch = resolveChecksumMatch(local, cdnChecksum, cdnError);
+  if (json) {
+    outputLine(
+      JSON.stringify({
+        binaryPath: local.binaryPath,
+        exists: local.exists,
+        platform: local.platform,
+        fileSize: local.fileSize ?? null,
+        sha256: local.sha256 ?? null,
+        cdnMatch: checksumMatch,
+        cdnSha256: cdnChecksum?.sha256 ?? null,
+        cdnSource: cdnChecksum?.source ?? null
+      })
+    );
+    return;
+  }
+  outputLine("");
+  outputLine("  okx-auth Binary Status");
+  outputLine("  " + "\u2500".repeat(40));
+  outputLine(`  Binary path : ${local.binaryPath}`);
+  outputLine(`  Installed   : ${local.exists ? "yes" : "no"}`);
+  outputLine(`  Platform    : ${local.platform ?? "(unsupported)"}`);
+  if (local.exists) {
+    outputLine(`  File size   : ${formatBytes(local.fileSize)}`);
+    outputLine(`  SHA-256     : ${local.sha256 ?? "(unknown)"}`);
+    outputLine(`  CDN check   : ${checksumMatchLabel(checksumMatch)}`);
+    if (cdnChecksum) {
+      outputLine(`  CDN source  : ${cdnChecksum.source}`);
+    }
+  }
+  outputLine("");
+}
+async function cmdAuthInstall(json) {
+  const messages2 = [];
+  const onProgress = (msg) => {
+    if (!json) {
+      outputLine(`  ${msg}`);
+    }
+    messages2.push(msg);
+  };
+  if (!json) {
+    outputLine("");
+    outputLine("  Installing okx-auth...");
+  }
+  const result = await installAuthBinary(void 0, void 0, onProgress);
+  if (json) {
+    outputLine(JSON.stringify({ status: result.status, source: result.source ?? null, error: result.error ?? null, messages: messages2 }));
+    if (result.status === "failed") {
+      process.exitCode = 1;
+    }
+    return;
+  }
+  if (result.status === "installed" || result.status === "up-to-date") {
+    const local = getAuthStatus();
+    if (local.sha256) updateAuthBinaryCache(local.sha256);
+  }
+  if (result.status === "installed") {
+    outputLine(`  \u2713 okx-auth installed successfully (${result.source ?? ""})`);
+  } else if (result.status === "up-to-date") {
+    outputLine("  \u2713 okx-auth is already up to date");
+  } else {
+    errorLine(`  \u2717 Installation failed: ${result.error ?? "unknown error"}`);
+    errorLine("  Hint: check network connectivity or try again later");
+    process.exitCode = 1;
+  }
+  outputLine("");
+}
+async function cmdAuthRemove(force, json) {
+  const local = getAuthStatus(void 0, { skipHash: true });
+  if (!local.exists) {
+    if (json) {
+      outputLine(JSON.stringify({ status: "not-installed" }));
+    } else {
+      outputLine("  okx-auth is not installed.");
+    }
+    return;
+  }
+  if (!await confirmRemoval(force, local.binaryPath)) return;
+  let result;
+  try {
+    result = removeAuthBinary();
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (json) {
+      outputLine(JSON.stringify({ status: "failed", error: msg }));
+    } else {
+      errorLine(`  \u2717 Failed to remove: ${msg}`);
+    }
+    process.exitCode = 1;
+    return;
+  }
+  if (json) {
+    outputLine(JSON.stringify({ status: result.status, path: local.binaryPath }));
+    return;
+  }
+  if (result.status === "removed") {
+    clearAuthBinaryCache();
+    outputLine(`  \u2713 Removed: ${local.binaryPath}`);
+  } else {
+    outputLine("  okx-auth is not installed.");
+  }
+}
+async function confirmRemoval(force, binaryPath) {
+  if (force) return true;
+  if (!process.stdin.isTTY) {
+    errorLine("  Error: stdin is not a TTY. Use --force to skip confirmation.");
+    process.exitCode = 1;
+    return false;
+  }
+  const confirmed = await askConfirmation(
+    `  Remove okx-auth at ${binaryPath}? [y/N] `
+  );
+  if (!confirmed) {
+    outputLine("  Cancelled.");
+    return false;
+  }
+  return true;
+}
+function askConfirmation(prompt2) {
+  return new Promise((resolve3) => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout
+    });
+    rl.question(prompt2, (answer) => {
+      rl.close();
+      resolve3(answer.trim().toLowerCase() === "y");
+    });
+  });
+}
+async function handleAuthCommand(action, _rest, v) {
+  const site = v.site;
+  const json = v.json;
+  const manual = v.manual;
+  const force = v.force;
+  if (["login", "logout", "status"].includes(action)) {
+    await ensureAuthBinaryLatest((msg) => errorLine(`  ${msg}`));
+  }
+  switch (action) {
+    case "login":
+      return cmdAuthLogin({ site, manual });
+    case "logout":
+      return cmdAuthLogout();
+    case "status":
+      return cmdAuthStatus({ json });
+    case "install":
+      return cmdAuthInstall(json ?? false);
+    case "install-status":
+      return cmdAuthInstallStatus(json ?? false);
+    case "remove":
+      return cmdAuthRemove(force ?? false, json ?? false);
+    default:
+      errorLine(`Unknown auth command: ${action}`);
+      errorLine("Available: login, logout, status, install, install-status, remove");
+      process.exitCode = 1;
+  }
+}
+// src/commands/diagnose.ts
+import dns from "dns/promises";
+import net from "net";
+import os5 from "os";
+import tls from "tls";
 // src/commands/diagnose-utils.ts
+import fs4 from "fs";
+import { createRequire } from "module";
 var _require = createRequire(import.meta.url);
 function readCliVersion() {
   for (const rel of ["../package.json", "../../package.json"]) {
@@ -11193,7 +11921,7 @@ function sanitize2(value) {
 import fs5 from "fs";
 import path4 from "path";
 import os4 from "os";
-import { spawnSync, spawn } from "child_process";
+import { spawnSync, spawn as spawn3 } from "child_process";
 import { createRequire as createRequire2 } from "module";
 import { fileURLToPath } from "url";
 var _require2 = createRequire2(import.meta.url);
@@ -11527,7 +12255,7 @@ async function checkStdioHandshake(entryPath, report) {
       clearTimeout(timer);
       resolve3(passed);
     };
-    const child = spawn(process.execPath, [entryPath], {
+    const child = spawn3(process.execPath, [entryPath], {
       stdio: ["pipe", "pipe", "pipe"],
       env: { ...process.env }
     });
@@ -11646,7 +12374,7 @@ async function cmdDiagnoseMcp(options = {}) {
 // src/commands/diagnose.ts
 var CLI_VERSION = readCliVersion();
-var GIT_HASH = true ? "330e727a" : "dev";
+var GIT_HASH = true ? "a4277b3" : "dev";
 function maskKey2(key) {
   if (!key) return "(not set)";
   if (key.length <= 8) return "****";
@@ -12007,24 +12735,24 @@ function suggestSubcommand(action, knownActions) {
 // src/commands/upgrade.ts
 import { spawnSync as spawnSync2 } from "child_process";
-import { readFileSync as readFileSync8, writeFileSync as writeFileSync7, mkdirSync as mkdirSync9 } from "fs";
-import { dirname as dirname7, join as join10 } from "path";
-import { homedir as homedir8 } from "os";
+import { readFileSync as readFileSync9, writeFileSync as writeFileSync8, mkdirSync as mkdirSync11 } from "fs";
+import { dirname as dirname8, join as join13 } from "path";
+import { homedir as homedir11 } from "os";
 var PACKAGES = ["@okx_ai/okx-trade-mcp", "@okx_ai/okx-trade-cli"];
-var CACHE_FILE2 = join10(homedir8(), ".okx", "last_check");
+var CACHE_FILE2 = join13(homedir11(), ".okx", "last_check");
 var THROTTLE_MS = 12 * 60 * 60 * 1e3;
-var NPM_BIN = join10(dirname7(process.execPath), process.platform === "win32" ? "npm.cmd" : "npm");
+var NPM_BIN = join13(dirname8(process.execPath), process.platform === "win32" ? "npm.cmd" : "npm");
 function readLastCheck() {
   try {
-    return parseInt(readFileSync8(CACHE_FILE2, "utf-8").trim(), 10) || 0;
+    return parseInt(readFileSync9(CACHE_FILE2, "utf-8").trim(), 10) || 0;
   } catch {
     return 0;
   }
 }
 function writeLastCheck() {
   try {
-    mkdirSync9(join10(homedir8(), ".okx"), { recursive: true });
-    writeFileSync7(CACHE_FILE2, String(Math.floor(Date.now() / 1e3)), "utf-8");
+    mkdirSync11(join13(homedir11(), ".okx"), { recursive: true });
+    writeFileSync8(CACHE_FILE2, String(Math.floor(Date.now() / 1e3)), "utf-8");
   } catch {
   }
 }
@@ -12938,12 +13666,12 @@ var CLI_REGISTRY = {
       },
       orders: {
         toolName: "event_get_orders",
-        usage: "okx event orders [--instId <id>] [--state live] [--limit <n>] [--json]",
+        usage: "okx event orders [--status <open|history|archive>] [--instId <id>] [--ordType <type>] [--state <canceled|filled>] [--after <id>] [--before <id>] [--begin <ms>] [--end <ms>] [--limit <n>] [--json]",
         description: "Query event contract orders"
       },
       fills: {
         toolName: "event_get_fills",
-        usage: "okx event fills [--instId <id>] [--limit <n>] [--json]",
+        usage: "okx event fills [--archive] [--instId <id>] [--ordId <id>] [--after <id>] [--before <id>] [--begin <ms>] [--end <ms>] [--limit <n>] [--json]",
         description: "Get event contract fill history"
       }
     }
@@ -12954,18 +13682,18 @@ var CLI_REGISTRY = {
     commands: {
       overview: {
         toolName: "smartmoney_get_overview",
-        usage: "okx smartmoney overview [--dataVersion <ver>] [--ts <ms>] [--instType <SWAP|SPOT>] [--sortType <pnl|pnlRatio>] [--period <3|7|30|90>] [--pnl <tier>] [--winRatio <tier>] [--maxRetreat <tier>] [--asset <tier>] [--lmtNum <n>] [--instCcyList <ccys>] [--instCcy <ccy>] [--topInstruments <n>] [--json]",
-        description: "Multi-currency smart money overview with aggregated signals"
+        usage: "okx smartmoney overview [--ts <ms> | --dataVersion <ver>] [--instType <SWAP|SPOT>] [--sortType <pnl|pnlRatio>] [--period <3|7|30|90>] [--pnl <tier>] [--winRatio <tier>] [--maxRetreat <tier>] [--asset <tier>] [--lmtNum <n>] [--instCcyList <ccys>] [--instCcy <ccy>] [--topInstruments <n>] [--json]",
+        description: "Multi-currency smart money overview ranked by tradersWithPosition DESC (requires --ts or --dataVersion; --ts takes precedence)"
       },
       signal: {
         toolName: "smartmoney_get_signal",
-        usage: "okx smartmoney signal [--instId <id>] [--instCcy <ccy>] [--dataVersion <ver>] [--ts <ms>] [--sortType <pnl|pnlRatio>] [--period <3|7|30|90>] [--pnl <tier>] [--winRatio <tier>] [--maxRetreat <tier>] [--asset <tier>] [--lmtNum <n>] [--authorIds <ids>] [--json]",
-        description: "Single-currency aggregated consensus signal"
+        usage: "okx smartmoney signal [--instId <id>] [--instCcy <ccy>] [--ts <ms> | --dataVersion <ver>] [--sortType <pnl|pnlRatio>] [--period <3|7|30|90>] [--pnl <tier>] [--winRatio <tier>] [--maxRetreat <tier>] [--asset <tier>] [--lmtNum <n>] [--authorIds <ids>] [--json]",
+        description: "Single-currency aggregated consensus signal (requires --instId or --instCcy, and --ts or --dataVersion; --instId / --ts take precedence)"
       },
       "signal-history": {
         toolName: "smartmoney_get_signal_history",
-        usage: "okx smartmoney signal-history --instId <id> [--dataVersion <ver>] [--ts <ms>] [--granularity <1h|1d>] [--limit <n>] [--sortType <pnl|pnlRatio>] [--period <3|7|30|90>] [--pnl <tier>] [--winRatio <tier>] [--maxRetreat <tier>] [--asset <tier>] [--json]",
-        description: "Signal history timeline for trend analysis"
+        usage: "okx smartmoney signal-history --instId <id> [--ts <ms> | --dataVersion <ver>] [--granularity <1h|1d>] [--limit <n>] [--sortType <pnl|pnlRatio>] [--period <3|7|30|90>] [--pnl <tier>] [--winRatio <tier>] [--maxRetreat <tier>] [--asset <tier>] [--json]",
+        description: "Signal history timeline sorted by ts DESC (requires --instId and --ts/--dataVersion)"
       },
       traders: {
         toolName: "smartmoney_get_traders",
@@ -13489,7 +14217,7 @@ async function cmdNewsSentimentRank(run, opts) {
 }
 // src/config/loader.ts
-function loadProfileConfig(opts) {
+async function loadProfileConfig(opts) {
   return loadConfig({
     profile: opts.profile,
     modules: opts.modules,
@@ -13826,6 +14554,9 @@ var CLI_OPTIONS = {
   dir: { type: "string" },
   page: { type: "string" },
   format: { type: "string" },
+  // auth
+  site: { type: "string" },
+  manual: { type: "boolean", default: false },
   // event contract
   underlying: { type: "string" },
   seriesId: { type: "string" },
@@ -17049,14 +17780,14 @@ async function cmdDcdQuoteAndBuy(run, opts) {
 }
 // src/commands/skill.ts
-import { tmpdir, homedir as homedir10 } from "os";
-import { join as join12, dirname as dirname8 } from "path";
-import { mkdirSync as mkdirSync10, rmSync, existsSync as existsSync8, copyFileSync as copyFileSync2 } from "fs";
+import { tmpdir, homedir as homedir13 } from "os";
+import { join as join15, dirname as dirname9 } from "path";
+import { mkdirSync as mkdirSync12, rmSync, existsSync as existsSync10, copyFileSync as copyFileSync2 } from "fs";
 import { execFileSync as execFileSync2 } from "child_process";
 import { randomUUID as randomUUID2 } from "crypto";
 function resolveNpx() {
-  const sibling = join12(dirname8(process.execPath), "npx");
-  if (existsSync8(sibling)) return sibling;
+  const sibling = join15(dirname9(process.execPath), "npx");
+  if (existsSync10(sibling)) return sibling;
   return "npx";
 }
 var THIRD_PARTY_INSTALL_NOTICE = "Note: This skill was created by a third-party developer, not by OKX. Review SKILL.md before use.";
@@ -17109,13 +17840,13 @@ async function cmdSkillCategories(run, json) {
   outputLine("");
 }
 async function cmdSkillAdd(name, config, json) {
-  const tmpBase = join12(tmpdir(), `okx-skill-${randomUUID2()}`);
-  mkdirSync10(tmpBase, { recursive: true });
+  const tmpBase = join15(tmpdir(), `okx-skill-${randomUUID2()}`);
+  mkdirSync12(tmpBase, { recursive: true });
   try {
     outputLine(`Downloading ${name}...`);
     const client = new OkxRestClient(config);
     const zipPath = await downloadSkillZip(client, name, tmpBase);
-    const contentDir = await extractSkillZip(zipPath, join12(tmpBase, "content"));
+    const contentDir = await extractSkillZip(zipPath, join15(tmpBase, "content"));
     const meta = readMetaJson(contentDir);
     validateSkillMdExists(contentDir);
     outputLine("Installing to detected agents...");
@@ -17125,7 +17856,7 @@ async function cmdSkillAdd(name, config, json) {
         timeout: 6e4
       });
     } catch (e) {
-      const savedZip = join12(process.cwd(), `${name}.zip`);
+      const savedZip = join15(process.cwd(), `${name}.zip`);
       try {
         copyFileSync2(zipPath, savedZip);
       } catch {
@@ -17164,7 +17895,7 @@ function cmdSkillRemove(name, json) {
       timeout: 6e4
     });
   } catch {
-    const agentsPath = join12(homedir10(), ".agents", "skills", name);
+    const agentsPath = join15(homedir13(), ".agents", "skills", name);
     try {
       rmSync(agentsPath, { recursive: true, force: true });
     } catch {
@@ -17238,14 +17969,14 @@ function printSkillInstallResult(meta, json) {
 }
 // src/commands/pilot.ts
-import readline from "readline";
-function resolveChecksumMatch(local, cdnChecksum, cdnError) {
+import readline2 from "readline";
+function resolveChecksumMatch2(local, cdnChecksum, cdnError) {
   if (!local.exists) return "not-installed";
   if (cdnError || !cdnChecksum) return "unavailable";
   if (cdnChecksum.sha256 === local.sha256) return "match";
   return "mismatch";
 }
-function checksumMatchLabel(match) {
+function checksumMatchLabel2(match) {
   if (match === "match") return "\u2713 match";
   if (match === "mismatch") return "\u2717 mismatch (update available)";
   return "CDN unreachable";
@@ -17258,9 +17989,9 @@ function formatStatusText(local, checksumMatch, cdnChecksum, runtimeMode) {
   outputLine(`  Installed   : ${local.exists ? "yes" : "no"}`);
   outputLine(`  Platform    : ${local.platform ?? "(unsupported)"}`);
   if (local.exists) {
-    outputLine(`  File size   : ${formatBytes(local.fileSize)}`);
+    outputLine(`  File size   : ${formatBytes2(local.fileSize)}`);
     outputLine(`  SHA-256     : ${local.sha256 ?? "(unknown)"}`);
-    outputLine(`  CDN check   : ${checksumMatchLabel(checksumMatch)}`);
+    outputLine(`  CDN check   : ${checksumMatchLabel2(checksumMatch)}`);
     if (cdnChecksum) {
       outputLine(`  CDN source  : ${cdnChecksum.source}`);
     }
@@ -17287,7 +18018,7 @@ async function cmdPilotStatus(json, binaryPath) {
       cdnError = err instanceof Error ? err.message : String(err);
     }
   }
-  const checksumMatch = resolveChecksumMatch(local, cdnChecksum, cdnError);
+  const checksumMatch = resolveChecksumMatch2(local, cdnChecksum, cdnError);
   if (json) {
     outputLine(
       JSON.stringify({
@@ -17353,7 +18084,7 @@ async function cmdPilotRemove(force, json, binaryPath) {
       process.exitCode = 1;
       return;
     }
-    const confirmed = await askConfirmation(
+    const confirmed = await askConfirmation2(
       `  Remove Pilot at ${local.binaryPath}? [y/N] `
     );
     if (!confirmed) {
@@ -17372,14 +18103,14 @@ async function cmdPilotRemove(force, json, binaryPath) {
     outputLine("  Pilot is not installed.");
   }
 }
-function formatBytes(bytes) {
+function formatBytes2(bytes) {
   if (bytes < 1024) return `${bytes} B`;
   if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
   return `${(bytes / (1024 * 1024)).toFixed(2)} MB`;
 }
-function askConfirmation(prompt2) {
+function askConfirmation2(prompt2) {
   return new Promise((resolve3) => {
-    const rl = readline.createInterface({
+    const rl = readline2.createInterface({
       input: process.stdin,
       output: process.stdout
     });
@@ -17627,8 +18358,14 @@ async function cmdEventMarkets(run, opts) {
 }
 async function cmdEventOrders(run, opts) {
   const result = await run("event_get_orders", {
+    status: opts.status,
     instId: opts.instId,
+    ordType: opts.ordType,
     state: opts.state,
+    after: opts.after,
+    before: opts.before,
+    begin: opts.begin,
+    end: opts.end,
     limit: opts.limit
   });
   const data = getData9(result);
@@ -17647,7 +18384,13 @@ async function cmdEventOrders(run, opts) {
 }
 async function cmdEventFills(run, opts) {
   const result = await run("event_get_fills", {
+    archive: opts.archive,
     instId: opts.instId,
+    ordId: opts.ordId,
+    after: opts.after,
+    before: opts.before,
+    begin: opts.begin,
+    end: opts.end,
     limit: opts.limit
   });
   const data = getData9(result);
@@ -17836,7 +18579,7 @@ async function cmdEventCancel(run, opts) {
 // src/index.ts
 var _require3 = createRequire3(import.meta.url);
 var CLI_VERSION2 = _require3("../package.json").version;
-var GIT_HASH2 = true ? "330e727a" : "dev";
+var GIT_HASH2 = true ? "a4277b3" : "dev";
 function handlePilotCommand(action, json, force, binaryPath) {
   if (action === "status") return cmdPilotStatus(json, binaryPath);
   if (action === "install") return cmdPilotInstall(json, binaryPath);
@@ -18879,13 +19622,13 @@ function handleNewsCommand(run, action, rest, v, json) {
   const period = v.period;
   const points = v.points !== void 0 ? Number(v.points) : 24;
   const sortBy = v["sort-by"];
-  const platform2 = v.platform;
-  const searchOpts = { coins: v.coins, importance: v.importance, platform: platform2, sentiment: v.sentiment, sortBy, begin, end, language, detailLvl, limit, after, json };
-  const listOpts = { coins: v.coins, importance: v.importance, platform: platform2, begin, end, language, detailLvl, limit, after, json };
+  const platform3 = v.platform;
+  const searchOpts = { coins: v.coins, importance: v.importance, platform: platform3, sentiment: v.sentiment, sortBy, begin, end, language, detailLvl, limit, after, json };
+  const listOpts = { coins: v.coins, importance: v.importance, platform: platform3, begin, end, language, detailLvl, limit, after, json };
   const dispatch = {
     latest: () => cmdNewsLatest(run, listOpts),
-    important: () => cmdNewsImportant(run, { coins: v.coins, platform: platform2, begin, end, language, detailLvl, limit, json }),
-    "by-coin": () => cmdNewsByCoin(run, v.coins ?? rest[0], { importance: v.importance, platform: platform2, begin, end, language, detailLvl, limit, json }),
+    important: () => cmdNewsImportant(run, { coins: v.coins, platform: platform3, begin, end, language, detailLvl, limit, json }),
+    "by-coin": () => cmdNewsByCoin(run, v.coins ?? rest[0], { importance: v.importance, platform: platform3, begin, end, language, detailLvl, limit, json }),
     search: () => cmdNewsSearch(run, v.keyword ?? rest[0], searchOpts),
     detail: () => cmdNewsDetail(run, rest[0], { language, json }),
     platforms: () => cmdNewsPlatforms(run, { json }),
@@ -18959,8 +19702,29 @@ function handleEventCommand(run, action, rest, v, json) {
     }),
     amend: () => cmdEventAmend(run, { instId: v.instId ?? rest[0], ordId: v.ordId ?? rest[1], px: v.px, sz: v.sz, json }),
     cancel: () => cmdEventCancel(run, { instId: v.instId ?? rest[0], ordId: v.ordId ?? rest[1], json }),
-    orders: () => cmdEventOrders(run, { instId: v.instId, state: v.state, limit, json }),
-    fills: () => cmdEventFills(run, { instId: v.instId, limit, json })
+    orders: () => cmdEventOrders(run, {
+      status: v.status,
+      instId: v.instId,
+      ordType: v.ordType,
+      state: v.state,
+      after: v.after,
+      before: v.before,
+      begin: v.begin,
+      end: v.end,
+      limit,
+      json
+    }),
+    fills: () => cmdEventFills(run, {
+      archive: v.archive ?? false,
+      instId: v.instId,
+      ordId: v.ordId,
+      after: v.after,
+      before: v.before,
+      begin: v.begin,
+      end: v.end,
+      limit,
+      json
+    })
   };
   const handler = handlers[action];
   if (handler) return handler();
@@ -19005,7 +19769,7 @@ function wrapRunnerWithLogger(baseRunner, logger, verbose = false) {
 async function runDiagnose(v) {
   let config;
   try {
-    config = loadProfileConfig({ profile: v.profile, demo: v.demo, live: v.live, verbose: v.verbose, userAgent: `okx-trade-cli/${CLI_VERSION2}`, sourceTag: "CLI" });
+    config = await loadProfileConfig({ profile: v.profile, demo: v.demo, live: v.live, verbose: v.verbose, userAgent: `okx-trade-cli/${CLI_VERSION2}`, sourceTag: "CLI" });
   } catch {
   }
   return cmdDiagnose(config, v.profile ?? "default", { mcp: v.mcp, cli: v.cli, all: v.all, output: v.output });
@@ -19028,6 +19792,7 @@ function routeManagementCommand(module, action, rest, json, v) {
     handleSetupCommand(v);
     return true;
   }
+  if (module === "auth") return handleAuthCommand(action, rest, v);
   if (module === "upgrade") return cmdUpgrade(CLI_VERSION2, { beta: v.beta, check: v.check, force: v.force }, json);
   if (module === "pilot") {
     const r = handlePilotCommand(action, json, v.force ?? false);
@@ -19060,7 +19825,7 @@ async function main() {
   const json = v.json ?? false;
   const mgmt = routeManagementCommand(module, action, rest, json, v);
   if (mgmt !== void 0) return mgmt === true ? void 0 : mgmt;
-  const config = loadProfileConfig({ profile: v.profile, demo: v.demo, live: v.live, verbose: v.verbose, userAgent: `okx-trade-cli/${CLI_VERSION2}`, sourceTag: "CLI" });
+  const config = await loadProfileConfig({ profile: v.profile, demo: v.demo, live: v.live, verbose: v.verbose, userAgent: `okx-trade-cli/${CLI_VERSION2}`, sourceTag: "CLI" });
   setEnvContext({ demo: config.demo, profile: v.profile ?? "default" });
   setJsonEnvEnabled(v.env ?? false);
   const client = new OkxRestClient(config);