@opensea/cli 0.4.1 → 1.0.0

package/dist/cli.js

@@ -1,23 +1,52 @@
 #!/usr/bin/env node
 
 // src/cli.ts
-import { Command as Command10 } from "commander";
+import { Command as Command13 } from "commander";
 
 // src/client.ts
 var DEFAULT_BASE_URL = "https://api.opensea.io";
 var DEFAULT_TIMEOUT_MS = 3e4;
+var USER_AGENT = `opensea-cli/${"1.0.0"}`;
+var DEFAULT_MAX_RETRIES = 0;
+var DEFAULT_RETRY_BASE_DELAY_MS = 1e3;
+function isRetryableStatus(status, method) {
+  if (status === 429) return true;
+  return status >= 500 && method === "GET";
+}
+function parseRetryAfter(header) {
+  if (!header) return void 0;
+  const seconds = Number(header);
+  if (!Number.isNaN(seconds)) return seconds * 1e3;
+  const date = Date.parse(header);
+  if (!Number.isNaN(date)) return Math.max(0, date - Date.now());
+  return void 0;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
 var OpenSeaClient = class {
   apiKey;
   baseUrl;
   defaultChain;
   timeoutMs;
   verbose;
+  maxRetries;
+  retryBaseDelay;
   constructor(config) {
     this.apiKey = config.apiKey;
     this.baseUrl = config.baseUrl ?? DEFAULT_BASE_URL;
     this.defaultChain = config.chain ?? "ethereum";
     this.timeoutMs = config.timeout ?? DEFAULT_TIMEOUT_MS;
     this.verbose = config.verbose ?? false;
+    this.maxRetries = config.maxRetries ?? DEFAULT_MAX_RETRIES;
+    this.retryBaseDelay = config.retryBaseDelay ?? DEFAULT_RETRY_BASE_DELAY_MS;
+  }
+  get defaultHeaders() {
+    return {
+      Accept: "application/json",
+      "User-Agent": USER_AGENT,
+      "x-api-key": this.apiKey
+    };
   }
   async get(path, params) {
     const url = new URL(`${this.baseUrl}${path}`);
@@ -31,21 +60,14 @@ var OpenSeaClient = class {
     if (this.verbose) {
       console.error(`[verbose] GET ${url.toString()}`);
     }
-    const response = await fetch(url.toString(), {
-      method: "GET",
-      headers: {
-        Accept: "application/json",
-        "x-api-key": this.apiKey
+    const response = await this.fetchWithRetry(
+      url.toString(),
+      {
+        method: "GET",
+        headers: this.defaultHeaders
       },
-      signal: AbortSignal.timeout(this.timeoutMs)
-    });
-    if (this.verbose) {
-      console.error(`[verbose] ${response.status} ${response.statusText}`);
-    }
-    if (!response.ok) {
-      const body = await response.text();
-      throw new OpenSeaAPIError(response.status, body, path);
-    }
+      path
+    );
     return response.json();
   }
   async post(path, body, params) {
@@ -57,34 +79,67 @@ var OpenSeaClient = class {
         }
       }
     }
-    const headers = {
-      Accept: "application/json",
-      "x-api-key": this.apiKey
-    };
+    const headers = { ...this.defaultHeaders };
     if (body) {
       headers["Content-Type"] = "application/json";
     }
     if (this.verbose) {
       console.error(`[verbose] POST ${url.toString()}`);
     }
-    const response = await fetch(url.toString(), {
-      method: "POST",
-      headers,
-      body: body ? JSON.stringify(body) : void 0,
-      signal: AbortSignal.timeout(this.timeoutMs)
-    });
-    if (this.verbose) {
-      console.error(`[verbose] ${response.status} ${response.statusText}`);
-    }
-    if (!response.ok) {
-      const text = await response.text();
-      throw new OpenSeaAPIError(response.status, text, path);
-    }
+    const response = await this.fetchWithRetry(
+      url.toString(),
+      {
+        method: "POST",
+        headers,
+        body: body ? JSON.stringify(body) : void 0
+      },
+      path
+    );
     return response.json();
   }
   getDefaultChain() {
     return this.defaultChain;
   }
+  getApiKeyPrefix() {
+    if (this.apiKey.length < 8) return "***";
+    return `${this.apiKey.slice(0, 4)}...`;
+  }
+  async fetchWithRetry(url, init, path) {
+    for (let attempt = 0; ; attempt++) {
+      const response = await fetch(url, {
+        ...init,
+        signal: AbortSignal.timeout(this.timeoutMs)
+      });
+      if (this.verbose) {
+        console.error(`[verbose] ${response.status} ${response.statusText}`);
+      }
+      if (response.ok) {
+        return response;
+      }
+      const method = init.method ?? "GET";
+      if (attempt < this.maxRetries && isRetryableStatus(response.status, method)) {
+        const retryAfterMs = parseRetryAfter(
+          response.headers.get("Retry-After")
+        );
+        const backoffMs = this.retryBaseDelay * 2 ** attempt;
+        const jitterMs = Math.random() * this.retryBaseDelay;
+        const delayMs = Math.max(retryAfterMs ?? 0, backoffMs) + jitterMs;
+        if (this.verbose) {
+          console.error(
+            `[verbose] Retry ${attempt + 1}/${this.maxRetries} after ${Math.round(delayMs)}ms (status ${response.status})`
+          );
+        }
+        try {
+          await response.body?.cancel();
+        } catch {
+        }
+        await sleep(delayMs);
+        continue;
+      }
+      const text = await response.text();
+      throw new OpenSeaAPIError(response.status, text, path);
+    }
+  }
 };
 var OpenSeaAPIError = class extends Error {
   constructor(statusCode, responseBody, path) {
@@ -94,6 +149,9 @@ var OpenSeaAPIError = class extends Error {
     this.path = path;
     this.name = "OpenSeaAPIError";
   }
+  statusCode;
+  responseBody;
+  path;
 };
 
 // src/commands/accounts.ts
@@ -370,14 +428,24 @@ function formatToon(data) {
 }
 
 // src/output.ts
+var _outputOptions = {};
+function setOutputOptions(options) {
+  _outputOptions = options;
+}
 function formatOutput(data, format) {
+  const processed = _outputOptions.fields ? filterFields(data, _outputOptions.fields) : data;
+  let result;
   if (format === "table") {
-    return formatTable(data);
+    result = formatTable(processed);
+  } else if (format === "toon") {
+    result = formatToon(processed);
+  } else {
+    result = JSON.stringify(processed, null, 2);
   }
-  if (format === "toon") {
-    return formatToon(data);
+  if (_outputOptions.maxLines != null) {
+    result = truncateOutput(result, _outputOptions.maxLines);
   }
-  return JSON.stringify(data, null, 2);
+  return result;
 }
 function formatTable(data) {
   if (Array.isArray(data)) {
@@ -413,20 +481,31 @@ function formatTable(data) {
   }
   return String(data);
 }
-
-// src/commands/accounts.ts
-function accountsCommand(getClient2, getFormat2) {
-  const cmd = new Command("accounts").description("Query accounts");
-  cmd.command("get").description("Get an account by address").argument("<address>", "Wallet address").action(async (address) => {
-    const client = getClient2();
-    const result = await client.get(`/api/v2/accounts/${address}`);
-    console.log(formatOutput(result, getFormat2()));
-  });
-  return cmd;
+function pickFields(obj, fields) {
+  const result = {};
+  for (const field of fields) {
+    if (field in obj) {
+      result[field] = obj[field];
+    }
+  }
+  return result;
+}
+function filterFields(data, fields) {
+  if (Array.isArray(data)) {
+    return data.map((item) => filterFields(item, fields));
+  }
+  if (data && typeof data === "object") {
+    return pickFields(data, fields);
+  }
+  return data;
+}
+function truncateOutput(text, maxLines) {
+  const lines = text.split("\n");
+  if (lines.length <= maxLines) return text;
+  const omitted = lines.length - maxLines;
+  return lines.slice(0, maxLines).join("\n") + `
+... (${omitted} more line${omitted === 1 ? "" : "s"})`;
 }
-
-// src/commands/collections.ts
-import { Command as Command2 } from "commander";
 
 // src/parse.ts
 function parseIntOption(value, name) {
@@ -444,9 +523,65 @@ function parseFloatOption(value, name) {
   return parsed;
 }
 
+// src/commands/accounts.ts
+function accountsCommand(getClient2, getFormat2) {
+  const cmd = new Command("accounts").description("Query accounts");
+  cmd.command("get").description("Get an account by address").argument("<address>", "Wallet address").action(async (address) => {
+    const client = getClient2();
+    const result = await client.get(`/api/v2/accounts/${address}`);
+    console.log(formatOutput(result, getFormat2()));
+  });
+  cmd.command("tokens").description("Get token balances for an account").argument("<address>", "Wallet address").option("--chains <chains>", "Comma-separated list of chains to filter by").option("--limit <limit>", "Number of results", "20").option(
+    "--sort-by <field>",
+    "Sort by field (USD_VALUE, MARKET_CAP, ONE_DAY_VOLUME, PRICE, ONE_DAY_PRICE_CHANGE, SEVEN_DAY_PRICE_CHANGE)"
+  ).option("--sort-direction <dir>", "Sort direction (asc, desc)").option("--next <cursor>", "Pagination cursor").option("--no-spam-filter", "Disable spam token filtering").action(
+    async (address, options) => {
+      const client = getClient2();
+      const result = await client.get(
+        `/api/v2/account/${address}/tokens`,
+        {
+          chains: options.chains,
+          limit: parseIntOption(options.limit, "--limit"),
+          sort_by: options.sortBy,
+          sort_direction: options.sortDirection,
+          cursor: options.next,
+          disable_spam_filtering: options.spamFilter ? void 0 : true
+        }
+      );
+      console.log(formatOutput(result, getFormat2()));
+    }
+  );
+  cmd.command("resolve").description(
+    "Resolve an ENS name, OpenSea username, or wallet address to canonical account info"
+  ).argument(
+    "<identifier>",
+    "ENS name (e.g. vitalik.eth), OpenSea username, or wallet address"
+  ).action(async (identifier) => {
+    const client = getClient2();
+    const result = await client.get(
+      `/api/v2/accounts/resolve/${identifier}`
+    );
+    console.log(formatOutput(result, getFormat2()));
+  });
+  return cmd;
+}
+
+// src/commands/chains.ts
+import { Command as Command2 } from "commander";
+function chainsCommand(getClient2, getFormat2) {
+  const cmd = new Command2("chains").description("Query supported blockchains");
+  cmd.command("list").description("List all supported blockchains and their capabilities").action(async () => {
+    const client = getClient2();
+    const result = await client.get("/api/v2/chains");
+    console.log(formatOutput(result, getFormat2()));
+  });
+  return cmd;
+}
+
 // src/commands/collections.ts
+import { Command as Command3 } from "commander";
 function collectionsCommand(getClient2, getFormat2) {
-  const cmd = new Command2("collections").description(
+  const cmd = new Command3("collections").description(
     "Manage and query NFT collections"
   );
   cmd.command("get").description("Get a single collection by slug").argument("<slug>", "Collection slug").action(async (slug) => {
@@ -485,13 +620,105 @@ function collectionsCommand(getClient2, getFormat2) {
     );
     console.log(formatOutput(result, getFormat2()));
   });
+  cmd.command("trending").description("Get trending collections by sales activity").option(
+    "--timeframe <timeframe>",
+    "Time window (one_minute, five_minutes, fifteen_minutes, one_hour, one_day, seven_days, thirty_days, one_year, all_time)",
+    "one_day"
+  ).option("--chains <chains>", "Comma-separated list of chains to filter by").option(
+    "--category <category>",
+    "Category (art, gaming, memberships, music, pfps, photography, domain-names, virtual-worlds, sports-collectibles)"
+  ).option("--limit <limit>", "Number of results (max 100)", "20").option("--next <cursor>", "Pagination cursor").action(
+    async (options) => {
+      const client = getClient2();
+      const result = await client.get(
+        "/api/v2/collections/trending",
+        {
+          timeframe: options.timeframe,
+          chains: options.chains,
+          category: options.category,
+          limit: parseIntOption(options.limit, "--limit"),
+          cursor: options.next
+        }
+      );
+      console.log(formatOutput(result, getFormat2()));
+    }
+  );
+  cmd.command("top").description("Get top collections ranked by volume, sales, or floor price").option(
+    "--sort-by <field>",
+    "Sort by (one_day_volume, seven_days_volume, thirty_days_volume, floor_price, one_day_sales, seven_days_sales, thirty_days_sales, total_volume, total_sales)",
+    "one_day_volume"
+  ).option("--chains <chains>", "Comma-separated list of chains to filter by").option(
+    "--category <category>",
+    "Category (art, gaming, memberships, music, pfps, photography, domain-names, virtual-worlds, sports-collectibles)"
+  ).option("--limit <limit>", "Number of results (max 100)", "50").option("--next <cursor>", "Pagination cursor").action(
+    async (options) => {
+      const client = getClient2();
+      const result = await client.get(
+        "/api/v2/collections/top",
+        {
+          sort_by: options.sortBy,
+          chains: options.chains,
+          category: options.category,
+          limit: parseIntOption(options.limit, "--limit"),
+          cursor: options.next
+        }
+      );
+      console.log(formatOutput(result, getFormat2()));
+    }
+  );
+  return cmd;
+}
+
+// src/commands/drops.ts
+import { Command as Command4 } from "commander";
+function dropsCommand(getClient2, getFormat2) {
+  const cmd = new Command4("drops").description("Query and mint NFT drops");
+  cmd.command("list").description("List drops (featured, upcoming, or recently minted)").option(
+    "--type <type>",
+    "Drop type: featured, upcoming, or recently_minted",
+    "featured"
+  ).option("--chains <chains>", "Comma-separated list of chains to filter by").option("--limit <limit>", "Number of results (max 100)", "20").option("--next <cursor>", "Pagination cursor").action(
+    async (options) => {
+      const client = getClient2();
+      const result = await client.get(
+        "/api/v2/drops",
+        {
+          type: options.type,
+          chains: options.chains,
+          limit: parseIntOption(options.limit, "--limit"),
+          cursor: options.next
+        }
+      );
+      console.log(formatOutput(result, getFormat2()));
+    }
+  );
+  cmd.command("get").description("Get detailed drop info by collection slug").argument("<slug>", "Collection slug").action(async (slug) => {
+    const client = getClient2();
+    const result = await client.get(
+      `/api/v2/drops/${slug}`
+    );
+    console.log(formatOutput(result, getFormat2()));
+  });
+  cmd.command("mint").description("Build a mint transaction for a drop").argument("<slug>", "Collection slug").requiredOption("--minter <address>", "Wallet address to receive tokens").option("--quantity <n>", "Number of tokens to mint", "1").action(
+    async (slug, options) => {
+      const client = getClient2();
+      const result = await client.post(
+        `/api/v2/drops/${slug}/mint`,
+        {
+          minter: options.minter,
+          quantity: parseIntOption(options.quantity, "--quantity")
+        }
+      );
+      console.log(formatOutput(result, getFormat2()));
+    }
+  );
   return cmd;
 }
 
 // src/commands/events.ts
-import { Command as Command3 } from "commander";
+import { Command as Command5 } from "commander";
 function eventsCommand(getClient2, getFormat2) {
-  const cmd = new Command3("events").description("Query marketplace events");
+  const cmd = new Command5("events").description("Query marketplace events");
   cmd.command("list").description("List events").option(
     "--event-type <type>",
     "Event type (sale, transfer, mint, listing, offer, trait_offer, collection_offer)"
@@ -549,10 +776,88 @@ function eventsCommand(getClient2, getFormat2) {
   return cmd;
 }
 
+// src/commands/health.ts
+import { Command as Command6 } from "commander";
+
+// src/health.ts
+async function checkHealth(client) {
+  const keyPrefix = client.getApiKeyPrefix();
+  try {
+    await client.get("/api/v2/collections", { limit: 1 });
+  } catch (error) {
+    let message;
+    if (error instanceof OpenSeaAPIError) {
+      message = error.statusCode === 429 ? "Rate limited: too many requests" : `API error (${error.statusCode}): ${error.responseBody}`;
+    } else {
+      message = `Network error: ${error.message}`;
+    }
+    return {
+      status: "error",
+      key_prefix: keyPrefix,
+      authenticated: false,
+      rate_limited: error instanceof OpenSeaAPIError && error.statusCode === 429,
+      message
+    };
+  }
+  try {
+    await client.get("/api/v2/listings/collection/boredapeyachtclub/all", {
+      limit: 1
+    });
+    return {
+      status: "ok",
+      key_prefix: keyPrefix,
+      authenticated: true,
+      rate_limited: false,
+      message: "Connectivity and authentication are working"
+    };
+  } catch (error) {
+    if (error instanceof OpenSeaAPIError) {
+      if (error.statusCode === 429) {
+        return {
+          status: "error",
+          key_prefix: keyPrefix,
+          authenticated: false,
+          rate_limited: true,
+          message: "Rate limited: too many requests"
+        };
+      }
+      if (error.statusCode === 401 || error.statusCode === 403) {
+        return {
+          status: "error",
+          key_prefix: keyPrefix,
+          authenticated: false,
+          rate_limited: false,
+          message: `Authentication failed (${error.statusCode}): invalid API key`
+        };
+      }
+    }
+    return {
+      status: "ok",
+      key_prefix: keyPrefix,
+      authenticated: false,
+      rate_limited: false,
+      message: "Connectivity is working but authentication could not be verified"
+    };
+  }
+}
+
+// src/commands/health.ts
+function healthCommand(getClient2, getFormat2) {
+  const cmd = new Command6("health").description("Check API connectivity and authentication").action(async () => {
+    const client = getClient2();
+    const result = await checkHealth(client);
+    console.log(formatOutput(result, getFormat2()));
+    if (result.status === "error") {
+      process.exit(result.rate_limited ? 3 : 1);
+    }
+  });
+  return cmd;
+}
+
 // src/commands/listings.ts
-import { Command as Command4 } from "commander";
+import { Command as Command7 } from "commander";
 function listingsCommand(getClient2, getFormat2) {
-  const cmd = new Command4("listings").description("Query NFT listings");
+  const cmd = new Command7("listings").description("Query NFT listings");
   cmd.command("all").description("Get all listings for a collection").argument("<collection>", "Collection slug").option("--limit <limit>", "Number of results", "20").option("--next <cursor>", "Pagination cursor").action(
     async (collection, options) => {
       const client = getClient2();
@@ -584,9 +889,9 @@ function listingsCommand(getClient2, getFormat2) {
 }
 
 // src/commands/nfts.ts
-import { Command as Command5 } from "commander";
+import { Command as Command8 } from "commander";
 function nftsCommand(getClient2, getFormat2) {
-  const cmd = new Command5("nfts").description("Query NFTs");
+  const cmd = new Command8("nfts").description("Query NFTs");
   cmd.command("get").description("Get a single NFT").argument("<chain>", "Chain (e.g. ethereum, base)").argument("<contract>", "Contract address").argument("<token-id>", "Token ID").action(async (chain, contract, tokenId) => {
     const client = getClient2();
     const result = await client.get(
@@ -650,13 +955,31 @@ function nftsCommand(getClient2, getFormat2) {
     );
     console.log(formatOutput(result, getFormat2()));
   });
+  cmd.command("validate-metadata").description("Validate NFT metadata by fetching and parsing it").argument("<chain>", "Chain").argument("<contract>", "Contract address").argument("<token-id>", "Token ID").option(
+    "--ignore-cache",
+    "Ignore cached item URLs and re-fetch from source"
+  ).action(
+    async (chain, contract, tokenId, options) => {
+      const client = getClient2();
+      const params = {};
+      if (options.ignoreCache) {
+        params.ignoreCachedItemUrls = true;
+      }
+      const result = await client.post(
+        `/api/v2/chain/${chain}/contract/${contract}/nfts/${tokenId}/validate-metadata`,
+        void 0,
+        params
+      );
+      console.log(formatOutput(result, getFormat2()));
+    }
+  );
   return cmd;
 }
 
 // src/commands/offers.ts
-import { Command as Command6 } from "commander";
+import { Command as Command9 } from "commander";
 function offersCommand(getClient2, getFormat2) {
-  const cmd = new Command6("offers").description("Query NFT offers");
+  const cmd = new Command9("offers").description("Query NFT offers");
   cmd.command("all").description("Get all offers for a collection").argument("<collection>", "Collection slug").option("--limit <limit>", "Number of results", "20").option("--next <cursor>", "Pagination cursor").action(
     async (collection, options) => {
       const client = getClient2();
@@ -700,9 +1023,9 @@ function offersCommand(getClient2, getFormat2) {
 }
 
 // src/commands/search.ts
-import { Command as Command7 } from "commander";
+import { Command as Command10 } from "commander";
 function searchCommand(getClient2, getFormat2) {
-  const cmd = new Command7("search").description("Search across collections, tokens, NFTs, and accounts").argument("<query>", "Search query").option(
+  const cmd = new Command10("search").description("Search across collections, tokens, NFTs, and accounts").argument("<query>", "Search query").option(
     "--types <types>",
     "Filter by type (comma-separated: collection,nft,token,account)"
   ).option("--chains <chains>", "Filter by chains (comma-separated)").option("--limit <limit>", "Number of results", "20").action(
@@ -729,10 +1052,1012 @@ function searchCommand(getClient2, getFormat2) {
 }
 
 // src/commands/swaps.ts
-import { Command as Command8 } from "commander";
+import { Command as Command11 } from "commander";
+
+// src/wallet/fireblocks.generated.ts
+var CHAIN_TO_FIREBLOCKS_ASSET = {
+  1: "ETH",
+  10: "ETH-OPT",
+  130: "UNICHAIN_ETH",
+  137: "MATIC_POLYGON",
+  360: "SHAPE_ETH",
+  1329: "SEI_EVM",
+  1868: "SONEIUM_ETH",
+  2741: "ABSTRACT_ETH",
+  8453: "BASECHAIN_ETH",
+  33139: "APE_CHAIN",
+  42161: "ETH-AETH",
+  43114: "AVAX",
+  80094: "BERA_CHAIN",
+  81457: "BLAST_ETH",
+  7777777: "ZORA_ETH"
+};
+
+// src/wallet/fireblocks.ts
+var FIREBLOCKS_API_BASE = "https://api.fireblocks.io";
+var FireblocksAdapter = class _FireblocksAdapter {
+  name = "fireblocks";
+  onRequest;
+  onResponse;
+  config;
+  cachedAddress;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Create a FireblocksAdapter from environment variables.
+   * Throws if any required variable is missing.
+   */
+  static fromEnv() {
+    const apiKey = process.env.FIREBLOCKS_API_KEY;
+    const apiSecret = process.env.FIREBLOCKS_API_SECRET;
+    const vaultId = process.env.FIREBLOCKS_VAULT_ID;
+    if (!apiKey) {
+      throw new Error("FIREBLOCKS_API_KEY environment variable is required");
+    }
+    if (!apiSecret) {
+      throw new Error("FIREBLOCKS_API_SECRET environment variable is required");
+    }
+    if (!vaultId) {
+      throw new Error("FIREBLOCKS_VAULT_ID environment variable is required");
+    }
+    return new _FireblocksAdapter({
+      apiKey,
+      apiSecret,
+      vaultId,
+      assetId: process.env.FIREBLOCKS_ASSET_ID,
+      baseUrl: process.env.FIREBLOCKS_API_BASE_URL
+    });
+  }
+  get baseUrl() {
+    return this.config.baseUrl ?? FIREBLOCKS_API_BASE;
+  }
+  /**
+   * Create a JWT for Fireblocks API authentication.
+   *
+   * Fireblocks uses JWT tokens signed with the API secret (RSA private key).
+   * The JWT contains the API key as `sub`, a URI claim for the endpoint path,
+   * and a body hash for POST requests.
+   *
+   * @see https://developers.fireblocks.com/reference/signing-a-request-jwt-structure
+   */
+  async createJwt(path, bodyHash) {
+    const now = Math.floor(Date.now() / 1e3);
+    const header = { alg: "RS256", typ: "JWT" };
+    const payload = {
+      uri: path,
+      nonce: crypto.randomUUID(),
+      iat: now,
+      exp: now + 30,
+      sub: this.config.apiKey,
+      bodyHash
+    };
+    const b64url = (obj) => Buffer.from(JSON.stringify(obj)).toString("base64url");
+    const unsigned = `${b64url(header)}.${b64url(payload)}`;
+    const key = await crypto.subtle.importKey(
+      "pkcs8",
+      this.pemToBuffer(this.config.apiSecret),
+      { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+      false,
+      ["sign"]
+    );
+    const sig = await crypto.subtle.sign(
+      "RSASSA-PKCS1-v1_5",
+      key,
+      new TextEncoder().encode(unsigned)
+    );
+    return `${unsigned}.${Buffer.from(sig).toString("base64url")}`;
+  }
+  pemToBuffer(pem) {
+    const lines = pem.replace(/-----BEGIN .*-----/, "").replace(/-----END .*-----/, "").replace(/\s/g, "");
+    const buf = Buffer.from(lines, "base64");
+    return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
+  }
+  async hashBody(body) {
+    const hash = await crypto.subtle.digest(
+      "SHA-256",
+      new TextEncoder().encode(body)
+    );
+    return Buffer.from(hash).toString("hex");
+  }
+  resolveAssetId(chainId) {
+    if (this.config.assetId) return this.config.assetId;
+    const asset = CHAIN_TO_FIREBLOCKS_ASSET[chainId];
+    if (!asset) {
+      throw new Error(
+        `No Fireblocks asset ID mapping for chain ${chainId}. Set FIREBLOCKS_ASSET_ID explicitly or use a supported chain: ${Object.keys(CHAIN_TO_FIREBLOCKS_ASSET).join(", ")}`
+      );
+    }
+    return asset;
+  }
+  async getAddress() {
+    if (this.cachedAddress) return this.cachedAddress;
+    const assetId = this.config.assetId ?? "ETH";
+    const path = `/v1/vault/accounts/${this.config.vaultId}/${assetId}/addresses`;
+    const bodyHash = await this.hashBody("");
+    const jwt = await this.createJwt(path, bodyHash);
+    const response = await fetch(`${this.baseUrl}${path}`, {
+      headers: {
+        "X-API-Key": this.config.apiKey,
+        Authorization: `Bearer ${jwt}`
+      }
+    });
+    if (!response.ok) {
+      const body = await response.text();
+      throw new Error(
+        `Fireblocks getAddress failed (${response.status}): ${body}`
+      );
+    }
+    const data = await response.json();
+    if (!data[0]?.address) {
+      throw new Error("Fireblocks returned no addresses for vault");
+    }
+    this.cachedAddress = data[0].address;
+    return data[0].address;
+  }
+  async sendTransaction(tx) {
+    this.onRequest?.("sendTransaction", tx);
+    const startTime = Date.now();
+    const assetId = this.resolveAssetId(tx.chainId);
+    const path = "/v1/transactions";
+    const requestBody = {
+      assetId,
+      operation: "CONTRACT_CALL",
+      source: {
+        type: "VAULT_ACCOUNT",
+        id: this.config.vaultId
+      },
+      destination: {
+        type: "ONE_TIME_ADDRESS",
+        oneTimeAddress: { address: tx.to }
+      },
+      amount: tx.value === "0" ? "0" : tx.value,
+      extraParameters: {
+        contractCallData: tx.data
+      }
+    };
+    const bodyStr = JSON.stringify(requestBody);
+    const bodyHash = await this.hashBody(bodyStr);
+    const jwt = await this.createJwt(path, bodyHash);
+    const response = await fetch(`${this.baseUrl}${path}`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-API-Key": this.config.apiKey,
+        Authorization: `Bearer ${jwt}`
+      },
+      body: bodyStr
+    });
+    if (!response.ok) {
+      const body = await response.text();
+      throw new Error(
+        `Fireblocks sendTransaction failed (${response.status}): ${body}`
+      );
+    }
+    const data = await response.json();
+    if (data.txHash) {
+      const result2 = { hash: data.txHash };
+      this.onResponse?.("sendTransaction", result2, Date.now() - startTime);
+      return result2;
+    }
+    const result = await this.waitForTransaction(data.id);
+    this.onResponse?.("sendTransaction", result, Date.now() - startTime);
+    return result;
+  }
+  /**
+   * Poll a Fireblocks transaction until it reaches a terminal status.
+   * Fireblocks MPC signing + broadcast is asynchronous, so the initial
+   * POST returns a transaction ID that must be polled for the final hash.
+   */
+  async waitForTransaction(txId) {
+    const maxAttempts = process.env.FIREBLOCKS_MAX_POLL_ATTEMPTS ? Number.parseInt(process.env.FIREBLOCKS_MAX_POLL_ATTEMPTS, 10) : 60;
+    const pollIntervalMs = 2e3;
+    for (let i = 0; i < maxAttempts; i++) {
+      const path = `/v1/transactions/${txId}`;
+      const bodyHash = await this.hashBody("");
+      const jwt = await this.createJwt(path, bodyHash);
+      const response = await fetch(`${this.baseUrl}${path}`, {
+        headers: {
+          "X-API-Key": this.config.apiKey,
+          Authorization: `Bearer ${jwt}`
+        }
+      });
+      if (!response.ok) {
+        const body = await response.text();
+        throw new Error(`Fireblocks poll failed (${response.status}): ${body}`);
+      }
+      const data = await response.json();
+      if (data.status === "COMPLETED" && data.txHash) {
+        return { hash: data.txHash };
+      }
+      if (data.status === "FAILED" || data.status === "REJECTED" || data.status === "CANCELLED" || data.status === "BLOCKED") {
+        throw new Error(
+          `Fireblocks transaction ${txId} ended with status: ${data.status}`
+        );
+      }
+      await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
+    }
+    throw new Error(
+      `Fireblocks transaction ${txId} did not complete within ${maxAttempts * pollIntervalMs / 1e3}s`
+    );
+  }
+};
+
+// src/wallet/private-key.ts
+var HOSTED_RPC_PROVIDERS = [
+  "infura.io",
+  "alchemy.com",
+  "quicknode.com",
+  "ankr.com",
+  "cloudflare-eth.com",
+  "pokt.network",
+  "blastapi.io",
+  "chainnodes.org",
+  "drpc.org"
+];
+var PrivateKeyAdapter = class _PrivateKeyAdapter {
+  name = "private-key";
+  onRequest;
+  onResponse;
+  config;
+  hasWarned = false;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Create a PrivateKeyAdapter from environment variables.
+   * Validates the private key format and warns if the RPC URL looks
+   * like a hosted provider (which won't support eth_sendTransaction).
+   */
+  static fromEnv() {
+    const privateKey = process.env.PRIVATE_KEY;
+    const rpcUrl = process.env.RPC_URL;
+    const walletAddress = process.env.WALLET_ADDRESS;
+    if (!privateKey) {
+      throw new Error("PRIVATE_KEY environment variable is required");
+    }
+    if (!rpcUrl) {
+      throw new Error(
+        "RPC_URL environment variable is required when using PRIVATE_KEY"
+      );
+    }
+    if (!walletAddress) {
+      throw new Error(
+        "WALLET_ADDRESS environment variable is required when using PRIVATE_KEY"
+      );
+    }
+    const cleanKey = privateKey.startsWith("0x") ? privateKey.slice(2) : privateKey;
+    if (!/^[0-9a-fA-F]{64}$/.test(cleanKey)) {
+      throw new Error(
+        "PRIVATE_KEY must be a 32-byte hex string (64 hex characters, with optional 0x prefix)"
+      );
+    }
+    try {
+      const host = new URL(rpcUrl).hostname;
+      const isHosted = HOSTED_RPC_PROVIDERS.some(
+        (provider) => host.includes(provider)
+      );
+      if (isHosted) {
+        console.warn(
+          `WARNING: RPC_URL (${host}) looks like a hosted provider. The private-key adapter uses eth_sendTransaction which only works with local dev nodes (Hardhat, Anvil, Ganache). Hosted providers will reject this call.`
+        );
+      }
+    } catch {
+    }
+    return new _PrivateKeyAdapter({ privateKey, rpcUrl, walletAddress });
+  }
+  async getAddress() {
+    return this.config.walletAddress;
+  }
+  async sendTransaction(tx) {
+    if (!this.hasWarned) {
+      this.hasWarned = true;
+      console.warn(
+        "WARNING: Using raw PRIVATE_KEY adapter. This is not recommended for production. Use --wallet-provider privy|turnkey|fireblocks for managed wallet security."
+      );
+    }
+    this.onRequest?.("sendTransaction", tx);
+    const startTime = Date.now();
+    const response = await fetch(this.config.rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "eth_sendTransaction",
+        params: [
+          {
+            from: this.config.walletAddress,
+            to: tx.to,
+            data: tx.data,
+            value: tx.value === "0" ? "0x0" : `0x${BigInt(tx.value).toString(16)}`,
+            chainId: `0x${tx.chainId.toString(16)}`
+          }
+        ]
+      })
+    });
+    if (!response.ok) {
+      const body = await response.text();
+      throw new Error(
+        `Private key sendTransaction failed (${response.status}): ${body}`
+      );
+    }
+    const data = await response.json();
+    if (data.error) {
+      throw new Error(
+        `Private key sendTransaction RPC error: ${data.error.message}`
+      );
+    }
+    if (!data.result) {
+      throw new Error("Private key sendTransaction returned no tx hash");
+    }
+    const result = { hash: data.result };
+    this.onResponse?.("sendTransaction", result, Date.now() - startTime);
+    return result;
+  }
+};
+
+// src/wallet/privy.ts
+var PRIVY_API_BASE = "https://api.privy.io";
+var PrivyAdapter = class _PrivyAdapter {
+  name = "privy";
+  onRequest;
+  onResponse;
+  config;
+  cachedAddress;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Create a PrivyAdapter from environment variables.
+   * Throws if any required variable is missing.
+   */
+  static fromEnv() {
+    const appId = process.env.PRIVY_APP_ID;
+    const appSecret = process.env.PRIVY_APP_SECRET;
+    const walletId = process.env.PRIVY_WALLET_ID;
+    if (!appId) {
+      throw new Error("PRIVY_APP_ID environment variable is required");
+    }
+    if (!appSecret) {
+      throw new Error("PRIVY_APP_SECRET environment variable is required");
+    }
+    if (!walletId) {
+      throw new Error("PRIVY_WALLET_ID environment variable is required");
+    }
+    return new _PrivyAdapter({
+      appId,
+      appSecret,
+      walletId,
+      baseUrl: process.env.PRIVY_API_BASE_URL
+    });
+  }
+  get baseUrl() {
+    return this.config.baseUrl ?? PRIVY_API_BASE;
+  }
+  get authHeaders() {
+    const credentials = Buffer.from(
+      `${this.config.appId}:${this.config.appSecret}`
+    ).toString("base64");
+    return {
+      Authorization: `Basic ${credentials}`,
+      "privy-app-id": this.config.appId,
+      "Content-Type": "application/json"
+    };
+  }
+  async getAddress() {
+    if (this.cachedAddress) return this.cachedAddress;
+    const response = await fetch(
+      `${this.baseUrl}/v1/wallets/${this.config.walletId}`,
+      { headers: this.authHeaders }
+    );
+    if (!response.ok) {
+      const body = await response.text();
+      throw new Error(`Privy getAddress failed (${response.status}): ${body}`);
+    }
+    const data = await response.json();
+    this.cachedAddress = data.address;
+    return data.address;
+  }
+  async sendTransaction(tx) {
+    this.onRequest?.("sendTransaction", tx);
+    const startTime = Date.now();
+    const caip2 = `eip155:${tx.chainId}`;
+    const response = await fetch(
+      `${this.baseUrl}/v1/wallets/${this.config.walletId}/rpc`,
+      {
+        method: "POST",
+        headers: this.authHeaders,
+        body: JSON.stringify({
+          method: "eth_sendTransaction",
+          caip2,
+          params: {
+            transaction: {
+              to: tx.to,
+              data: tx.data,
+              value: tx.value
+            }
+          }
+        })
+      }
+    );
+    if (!response.ok) {
+      const body = await response.text();
+      throw new Error(
+        `Privy sendTransaction failed (${response.status}): ${body}`
+      );
+    }
+    const data = await response.json();
+    const result = { hash: data.data.hash };
+    this.onResponse?.("sendTransaction", result, Date.now() - startTime);
+    return result;
+  }
+};
+
+// src/wallet/turnkey.ts
+var TURNKEY_API_BASE = "https://api.turnkey.com";
+var TurnkeyAdapter = class _TurnkeyAdapter {
+  name = "turnkey";
+  onRequest;
+  onResponse;
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Create a TurnkeyAdapter from environment variables.
+   * Throws if any required variable is missing.
+   */
+  static fromEnv() {
+    const apiPublicKey = process.env.TURNKEY_API_PUBLIC_KEY;
+    const apiPrivateKey = process.env.TURNKEY_API_PRIVATE_KEY;
+    const organizationId = process.env.TURNKEY_ORGANIZATION_ID;
+    const walletAddress = process.env.TURNKEY_WALLET_ADDRESS;
+    if (!apiPublicKey) {
+      throw new Error("TURNKEY_API_PUBLIC_KEY environment variable is required");
+    }
+    if (!apiPrivateKey) {
+      throw new Error(
+        "TURNKEY_API_PRIVATE_KEY environment variable is required"
+      );
+    }
+    if (!organizationId) {
+      throw new Error(
+        "TURNKEY_ORGANIZATION_ID environment variable is required"
+      );
+    }
+    if (!walletAddress) {
+      throw new Error("TURNKEY_WALLET_ADDRESS environment variable is required");
+    }
+    const rpcUrl = process.env.TURNKEY_RPC_URL;
+    if (!rpcUrl) {
+      throw new Error(
+        "TURNKEY_RPC_URL environment variable is required. It is used for gas estimation and transaction broadcasting."
+      );
+    }
+    return new _TurnkeyAdapter({
+      apiPublicKey,
+      apiPrivateKey,
+      organizationId,
+      walletAddress,
+      rpcUrl,
+      privateKeyId: process.env.TURNKEY_PRIVATE_KEY_ID,
+      baseUrl: process.env.TURNKEY_API_BASE_URL
+    });
+  }
+  get baseUrl() {
+    return this.config.baseUrl ?? TURNKEY_API_BASE;
+  }
+  /**
+   * Sign a Turnkey API request using the API key pair (P-256 ECDSA).
+   *
+   * Turnkey uses a stamp-based authentication scheme: the request body
+   * is hashed with SHA-256 and signed with the P-256 private key. The
+   * stamp JSON (publicKey + scheme + signature) is then base64url-encoded
+   * and sent in the X-Stamp header.
+   *
+   * @see https://docs.turnkey.com/developer-tools/api-overview/stamps
+   */
+  async stamp(body) {
+    const encoder = new TextEncoder();
+    const bodyHash = await crypto.subtle.digest("SHA-256", encoder.encode(body));
+    const keyData = hexToBytes(this.config.apiPrivateKey);
+    const cryptoKey = await crypto.subtle.importKey(
+      "pkcs8",
+      derEncodeP256PrivateKey(keyData),
+      { name: "ECDSA", namedCurve: "P-256" },
+      false,
+      ["sign"]
+    );
+    const p1363Sig = await crypto.subtle.sign(
+      { name: "ECDSA", hash: "SHA-256" },
+      cryptoKey,
+      bodyHash
+    );
+    const derSig = p1363ToDer(new Uint8Array(p1363Sig));
+    const signatureHex = bytesToHex(derSig);
+    const stampJson = JSON.stringify({
+      publicKey: this.config.apiPublicKey,
+      scheme: "SIGNATURE_SCHEME_TK_API_P256",
+      signature: signatureHex
+    });
+    return Buffer.from(stampJson).toString("base64url");
+  }
+  async signedRequest(path, body) {
+    const bodyStr = JSON.stringify(body);
+    const stampValue = await this.stamp(bodyStr);
+    return fetch(`${this.baseUrl}${path}`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Stamp": stampValue
+      },
+      body: bodyStr
+    });
+  }
+  async getAddress() {
+    return this.config.walletAddress;
+  }
+  async sendTransaction(tx) {
+    this.onRequest?.("sendTransaction", tx);
+    const startTime = Date.now();
+    const { rpcUrl } = this.config;
+    const gasParams = await this.estimateGasParams(rpcUrl, tx);
+    const rlpHex = rlpEncodeEip1559Tx({
+      chainId: tx.chainId,
+      nonce: gasParams.nonce,
+      maxPriorityFeePerGas: gasParams.maxPriorityFeePerGas,
+      maxFeePerGas: gasParams.maxFeePerGas,
+      gasLimit: gasParams.gasLimit,
+      to: tx.to,
+      data: tx.data,
+      value: tx.value
+    });
+    const signWith = this.config.privateKeyId ?? this.config.walletAddress;
+    const response = await this.signedRequest(
+      "/public/v1/submit/sign_transaction",
+      {
+        type: "ACTIVITY_TYPE_SIGN_TRANSACTION_V2",
+        organizationId: this.config.organizationId,
+        timestampMs: Date.now().toString(),
+        parameters: {
+          signWith,
+          type: "TRANSACTION_TYPE_ETHEREUM",
+          unsignedTransaction: rlpHex
+        }
+      }
+    );
+    if (!response.ok) {
+      const body = await response.text();
+      throw new Error(
+        `Turnkey sendTransaction failed (${response.status}): ${body}`
+      );
+    }
+    const data = await response.json();
+    const signedTx = data.activity.result?.signTransactionResult?.signedTransaction;
+    if (!signedTx) {
+      throw new Error(
+        `Turnkey sign transaction did not return a signed payload (activity status: ${data.activity.status})`
+      );
+    }
+    const rpcResponse = await fetch(rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "eth_sendRawTransaction",
+        params: [signedTx]
+      })
+    });
+    if (!rpcResponse.ok) {
+      const rpcBody = await rpcResponse.text();
+      throw new Error(
+        `Turnkey broadcast failed (${rpcResponse.status}): ${rpcBody}`
+      );
+    }
+    const rpcData = await rpcResponse.json();
+    if (rpcData.error) {
+      throw new Error(`Turnkey broadcast RPC error: ${rpcData.error.message}`);
+    }
+    if (!rpcData.result) {
+      throw new Error("Turnkey broadcast returned no tx hash");
+    }
+    const result = { hash: rpcData.result };
+    this.onResponse?.("sendTransaction", result, Date.now() - startTime);
+    return result;
+  }
+  /**
+   * Populate gas parameters via JSON-RPC calls to the target chain.
+   * Mirrors what ethers.js provider.populateTransaction() does internally.
+   *
+   * Makes three parallel RPC calls:
+   *   - eth_getTransactionCount (nonce)
+   *   - eth_estimateGas (gasLimit)
+   *   - eth_maxPriorityFeePerGas + eth_getBlockByNumber (fee data)
+   */
+  async estimateGasParams(rpcUrl, tx) {
+    const from = this.config.walletAddress;
+    const txValue = tx.value === "0" ? "0x0" : `0x${BigInt(tx.value).toString(16)}`;
+    const [nonceResult, gasEstimateResult, feeDataResult] = await Promise.all([
+      this.rpcCall(rpcUrl, "eth_getTransactionCount", [from, "pending"]),
+      this.rpcCall(rpcUrl, "eth_estimateGas", [
+        {
+          from,
+          to: tx.to,
+          data: tx.data || "0x",
+          value: txValue
+        }
+      ]),
+      this.rpcCall(rpcUrl, "eth_feeHistory", [1, "latest", [50]])
+    ]);
+    const nonce = BigInt(nonceResult);
+    const rawGasLimit = BigInt(gasEstimateResult);
+    const gasLimit = rawGasLimit * 120n / 100n;
+    const feeHistory = feeDataResult;
+    const latestBaseFee = BigInt(
+      feeHistory.baseFeePerGas[1] ?? feeHistory.baseFeePerGas[0]
+    );
+    const maxPriorityFeePerGas = feeHistory.reward?.[0]?.[0] ? BigInt(feeHistory.reward[0][0]) : 1500000000n;
+    const maxFeePerGas = latestBaseFee * 2n + maxPriorityFeePerGas;
+    return { nonce, gasLimit, maxFeePerGas, maxPriorityFeePerGas };
+  }
+  /** Make a single JSON-RPC call */
+  async rpcCall(rpcUrl, method, params) {
+    const response = await fetch(rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method,
+        params
+      })
+    });
+    if (!response.ok) {
+      const body = await response.text();
+      throw new Error(
+        `Turnkey RPC ${method} failed (${response.status}): ${body}`
+      );
+    }
+    const data = await response.json();
+    if (data.error) {
+      throw new Error(`Turnkey RPC ${method} error: ${data.error.message}`);
+    }
+    return data.result;
+  }
+};
+function rlpEncodeEip1559Tx(tx) {
+  const chainIdBytes = bigIntToBytes(BigInt(tx.chainId));
+  const nonce = bigIntToBytes(tx.nonce);
+  const maxPriorityFeePerGas = bigIntToBytes(tx.maxPriorityFeePerGas);
+  const maxFeePerGas = bigIntToBytes(tx.maxFeePerGas);
+  const gasLimit = bigIntToBytes(tx.gasLimit);
+  const toBytes = hexToBytes(tx.to);
+  const valueBytes = tx.value === "0" ? new Uint8Array(0) : bigIntToBytes(BigInt(tx.value));
+  const dataBytes = tx.data ? hexToBytes(tx.data) : new Uint8Array(0);
+  const fields = [
+    rlpEncodeBytes(chainIdBytes),
+    rlpEncodeBytes(nonce),
+    rlpEncodeBytes(maxPriorityFeePerGas),
+    rlpEncodeBytes(maxFeePerGas),
+    rlpEncodeBytes(gasLimit),
+    rlpEncodeBytes(toBytes),
+    rlpEncodeBytes(valueBytes),
+    rlpEncodeBytes(dataBytes),
+    rlpEncodeList([])
+    // empty access list
+  ];
+  const rlpList = rlpEncodeList(fields);
+  const result = new Uint8Array(1 + rlpList.length);
+  result[0] = 2;
+  result.set(rlpList, 1);
+  return bytesToHex(result);
+}
+function rlpEncodeBytes(bytes) {
+  if (bytes.length === 1 && bytes[0] < 128) {
+    return bytes;
+  }
+  if (bytes.length === 0) {
+    return new Uint8Array([128]);
+  }
+  if (bytes.length <= 55) {
+    const result2 = new Uint8Array(1 + bytes.length);
+    result2[0] = 128 + bytes.length;
+    result2.set(bytes, 1);
+    return result2;
+  }
+  const lenBytes = bigIntToBytes(BigInt(bytes.length));
+  const result = new Uint8Array(1 + lenBytes.length + bytes.length);
+  result[0] = 183 + lenBytes.length;
+  result.set(lenBytes, 1);
+  result.set(bytes, 1 + lenBytes.length);
+  return result;
+}
+function rlpEncodeList(items) {
+  let totalLen = 0;
+  for (const item of items) totalLen += item.length;
+  if (totalLen <= 55) {
+    const result2 = new Uint8Array(1 + totalLen);
+    result2[0] = 192 + totalLen;
+    let offset2 = 1;
+    for (const item of items) {
+      result2.set(item, offset2);
+      offset2 += item.length;
+    }
+    return result2;
+  }
+  const lenBytes = bigIntToBytes(BigInt(totalLen));
+  const result = new Uint8Array(1 + lenBytes.length + totalLen);
+  result[0] = 247 + lenBytes.length;
+  result.set(lenBytes, 1);
+  let offset = 1 + lenBytes.length;
+  for (const item of items) {
+    result.set(item, offset);
+    offset += item.length;
+  }
+  return result;
+}
+function bigIntToBytes(value) {
+  if (value === 0n) return new Uint8Array(0);
+  const hex = value.toString(16);
+  const padded = hex.length % 2 === 0 ? hex : `0${hex}`;
+  return hexToBytes(padded);
+}
+function hexToBytes(hex) {
+  const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
+  const bytes = new Uint8Array(clean.length / 2);
+  for (let i = 0; i < clean.length; i += 2) {
+    bytes[i / 2] = Number.parseInt(clean.slice(i, i + 2), 16);
+  }
+  return bytes;
+}
+function bytesToHex(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function p1363ToDer(p1363) {
+  const r = p1363.subarray(0, 32);
+  const s = p1363.subarray(32, 64);
+  const rDer = integerToDer(r);
+  const sDer = integerToDer(s);
+  const seqLen = rDer.length + sDer.length;
+  const result = new Uint8Array(2 + seqLen);
+  result[0] = 48;
+  result[1] = seqLen;
+  result.set(rDer, 2);
+  result.set(sDer, 2 + rDer.length);
+  return result;
+}
+function integerToDer(bytes) {
+  let start = 0;
+  while (start < bytes.length - 1 && bytes[start] === 0) start++;
+  const stripped = bytes.subarray(start);
+  const needsPad = stripped[0] >= 128;
+  const len = stripped.length + (needsPad ? 1 : 0);
+  const result = new Uint8Array(2 + len);
+  result[0] = 2;
+  result[1] = len;
+  if (needsPad) {
+    result[2] = 0;
+    result.set(stripped, 3);
+  } else {
+    result.set(stripped, 2);
+  }
+  return result;
+}
+function derEncodeP256PrivateKey(rawKey) {
+  const header = new Uint8Array([
+    48,
+    65,
+    // SEQUENCE (65 bytes)
+    2,
+    1,
+    0,
+    // INTEGER 0 (version)
+    48,
+    19,
+    // SEQUENCE (19 bytes) - AlgorithmIdentifier
+    6,
+    7,
+    // OID (7 bytes) - id-ecPublicKey
+    42,
+    134,
+    72,
+    206,
+    61,
+    2,
+    1,
+    6,
+    8,
+    // OID (8 bytes) - secp256r1
+    42,
+    134,
+    72,
+    206,
+    61,
+    3,
+    1,
+    7,
+    4,
+    39,
+    // OCTET STRING (39 bytes)
+    48,
+    37,
+    // SEQUENCE (37 bytes)
+    2,
+    1,
+    1,
+    // INTEGER 1 (version)
+    4,
+    32
+    // OCTET STRING (32 bytes) - private key
+  ]);
+  const result = new Uint8Array(header.length + rawKey.length);
+  result.set(header);
+  result.set(rawKey, header.length);
+  return result.buffer;
+}
+
+// src/wallet/chains.generated.ts
+var CHAIN_IDS = {
+  ethereum: 1,
+  mainnet: 1,
+  optimism: 10,
+  unichain: 130,
+  polygon: 137,
+  matic: 137,
+  monad: 143,
+  shape: 360,
+  flow: 747,
+  hyperevm: 999,
+  sei: 1329,
+  soneium: 1868,
+  ronin: 2020,
+  abstract: 2741,
+  megaeth: 4326,
+  somnia: 5031,
+  b3: 8333,
+  base: 8453,
+  ape_chain: 33139,
+  apechain: 33139,
+  arbitrum: 42161,
+  avalanche: 43114,
+  gunzilla: 43419,
+  ink: 57073,
+  animechain: 69e3,
+  bera_chain: 80094,
+  berachain: 80094,
+  blast: 81457,
+  zora: 7777777
+};
+function resolveChainId(chain) {
+  if (typeof chain === "number") return chain;
+  const asNum = Number(chain);
+  if (!Number.isNaN(asNum) && Number.isInteger(asNum)) return asNum;
+  const id = CHAIN_IDS[chain];
+  if (id === void 0) {
+    throw new Error(
+      `Unknown chain "${chain}". Pass a numeric chain ID or use a known name: ${Object.keys(CHAIN_IDS).join(", ")}`
+    );
+  }
+  return id;
+}
+
+// src/wallet/index.ts
+var WALLET_PROVIDERS = [
+  "privy",
+  "turnkey",
+  "fireblocks",
+  "private-key"
+];
+function createWalletFromEnv(provider) {
+  if (provider) {
+    return createAdapter(provider);
+  }
+  const hasTurnkey = !!process.env.TURNKEY_API_PUBLIC_KEY && !!process.env.TURNKEY_ORGANIZATION_ID;
+  const hasFireblocks = !!process.env.FIREBLOCKS_API_KEY && !!process.env.FIREBLOCKS_VAULT_ID;
+  const hasPrivateKey = !!process.env.PRIVATE_KEY && !!process.env.RPC_URL;
+  const hasPrivy = !!process.env.PRIVY_APP_ID && !!process.env.PRIVY_APP_SECRET;
+  const detected = [
+    hasTurnkey && "turnkey",
+    hasFireblocks && "fireblocks",
+    hasPrivateKey && "private-key",
+    hasPrivy && "privy"
+  ].filter(Boolean);
+  if (detected.length > 1) {
+    console.warn(
+      `WARNING: Multiple wallet providers detected: ${detected.join(", ")}. Using ${detected[0]}. Set --wallet-provider explicitly to avoid ambiguity.`
+    );
+  }
+  if (hasTurnkey) return TurnkeyAdapter.fromEnv();
+  if (hasFireblocks) return FireblocksAdapter.fromEnv();
+  if (hasPrivateKey) return PrivateKeyAdapter.fromEnv();
+  return PrivyAdapter.fromEnv();
+}
+function createAdapter(provider) {
+  switch (provider) {
+    case "privy":
+      return PrivyAdapter.fromEnv();
+    case "turnkey":
+      return TurnkeyAdapter.fromEnv();
+    case "fireblocks":
+      return FireblocksAdapter.fromEnv();
+    case "private-key":
+      return PrivateKeyAdapter.fromEnv();
+    default:
+      throw new Error(
+        `Unknown wallet provider "${provider}". Valid providers: ${WALLET_PROVIDERS.join(", ")}`
+      );
+  }
+}
+
+// src/sdk.ts
+var SwapsAPI = class {
+  constructor(client) {
+    this.client = client;
+  }
+  client;
+  async quote(options) {
+    return this.client.get("/api/v2/swap/quote", {
+      from_chain: options.fromChain,
+      from_address: options.fromAddress,
+      to_chain: options.toChain,
+      to_address: options.toAddress,
+      quantity: options.quantity,
+      address: options.address,
+      slippage: options.slippage,
+      recipient: options.recipient
+    });
+  }
+  /**
+   * Get a swap quote and execute all transactions using the provided wallet adapter.
+   * Returns an array of transaction results (one per transaction in the quote).
+   *
+   * @param options - Swap parameters (chains, addresses, quantity, etc.)
+   * @param wallet - Wallet adapter to sign and send transactions
+   * @param callbacks - Optional callbacks for progress reporting and skipped txs
+   */
+  async execute(options, wallet, callbacks) {
+    const address = options.address ?? await wallet.getAddress();
+    const quote = await this.quote({ ...options, address });
+    callbacks?.onQuote?.(quote);
+    if (!quote.transactions || quote.transactions.length === 0) {
+      throw new Error(
+        "Swap quote returned zero transactions \u2014 the swap may not be available for these tokens/chains."
+      );
+    }
+    const results = [];
+    for (const tx of quote.transactions) {
+      if (!tx.to) {
+        callbacks?.onSkipped?.({
+          chain: tx.chain,
+          reason: "missing 'to' address"
+        });
+        continue;
+      }
+      const chainId = resolveChainId(tx.chain);
+      callbacks?.onSending?.({ to: tx.to, chain: tx.chain, chainId });
+      const result = await wallet.sendTransaction({
+        to: tx.to,
+        data: tx.data,
+        value: tx.value ?? "0",
+        chainId
+      });
+      results.push(result);
+    }
+    if (results.length === 0) {
+      throw new Error(
+        "All swap transactions were skipped (no valid 'to' addresses). The quote may be malformed."
+      );
+    }
+    return results;
+  }
+};
+
+// src/commands/swaps.ts
 function swapsCommand(getClient2, getFormat2) {
-  const cmd = new Command8("swaps").description(
-    "Get swap quotes for token trading"
+  const cmd = new Command11("swaps").description(
+    "Get swap quotes and execute token swaps"
   );
   cmd.command("quote").description(
     "Get a quote for swapping tokens, including price details and executable transaction data"
@@ -767,13 +2092,73 @@ function swapsCommand(getClient2, getFormat2) {
       console.log(formatOutput(result, getFormat2()));
     }
   );
+  cmd.command("execute").description(
+    "Get a swap quote and execute it onchain using a managed wallet. Supports Privy (default), Turnkey, and Fireblocks providers."
+  ).requiredOption("--from-chain <chain>", "Chain of the token to swap from").requiredOption(
+    "--from-address <address>",
+    "Contract address of the token to swap from"
+  ).requiredOption("--to-chain <chain>", "Chain of the token to swap to").requiredOption(
+    "--to-address <address>",
+    "Contract address of the token to swap to"
+  ).requiredOption("--quantity <quantity>", "Amount to swap (in token units)").option(
+    "--slippage <slippage>",
+    "Slippage tolerance (0.0 to 0.5, default: 0.01)"
+  ).option(
+    "--recipient <recipient>",
+    "Recipient address (defaults to wallet address)"
+  ).option(
+    "--wallet-provider <provider>",
+    `Wallet provider to use (${WALLET_PROVIDERS.join(", ")})`
+  ).option("--dry-run", "Print quote and transaction details without signing").action(
+    async (options) => {
+      const wallet = createWalletFromEnv(
+        options.walletProvider
+      );
+      const address = await wallet.getAddress();
+      console.error(`Using ${wallet.name} wallet: ${address}`);
+      const swaps = new SwapsAPI(getClient2());
+      const format = getFormat2();
+      const slippage = options.slippage ? parseFloatOption(options.slippage, "--slippage") : void 0;
+      if (options.dryRun) {
+        const quote = await swaps.quote({
+          ...options,
+          address,
+          slippage
+        });
+        console.log(formatOutput(quote, format));
+        return;
+      }
+      const results = await swaps.execute(
+        {
+          ...options,
+          address,
+          slippage
+        },
+        wallet,
+        {
+          onQuote: () => console.error(
+            `Quote: ${options.quantity} on ${options.fromChain} \u2192 ${options.toChain}`
+          ),
+          onSending: (tx) => console.error(
+            `Sending transaction to ${tx.to} on chain ${tx.chain} (${tx.chainId})...`
+          ),
+          onSkipped: (tx) => console.error(
+            `Skipping transaction on ${tx.chain}: ${tx.reason}`
+          )
+        }
+      );
+      for (const result of results) {
+        console.log(formatOutput({ hash: result.hash }, format));
+      }
+    }
+  );
   return cmd;
 }
 
 // src/commands/tokens.ts
-import { Command as Command9 } from "commander";
+import { Command as Command12 } from "commander";
 function tokensCommand(getClient2, getFormat2) {
-  const cmd = new Command9("tokens").description(
+  const cmd = new Command12("tokens").description(
     "Query trending tokens, top tokens, and token details"
   );
   cmd.command("trending").description("Get trending tokens based on OpenSea's trending score").option("--chains <chains>", "Comma-separated list of chains to filter by").option("--limit <limit>", "Number of results (max 100)", "20").option("--next <cursor>", "Pagination cursor").action(
@@ -817,6 +2202,9 @@ function tokensCommand(getClient2, getFormat2) {
 }
 
 // src/cli.ts
+var EXIT_API_ERROR = 1;
+var EXIT_AUTH_ERROR = 2;
+var EXIT_RATE_LIMITED = 3;
 var BANNER = `
    ____                   _____
   / __ \\                 / ____|
@@ -827,8 +2215,11 @@ var BANNER = `
         | |
         |_|
 `;
-var program = new Command10();
-program.name("opensea").description("OpenSea CLI - Query the OpenSea API from the command line").version(process.env.npm_package_version ?? "0.0.0").addHelpText("before", BANNER).option("--api-key <key>", "OpenSea API key (or set OPENSEA_API_KEY env var)").option("--chain <chain>", "Default chain", "ethereum").option("--format <format>", "Output format (json, table, or toon)", "json").option("--base-url <url>", "API base URL").option("--timeout <ms>", "Request timeout in milliseconds", "30000").option("--verbose", "Log request and response info to stderr");
+var program = new Command13();
+program.name("opensea").description("OpenSea CLI - Query the OpenSea API from the command line").version(process.env.npm_package_version ?? "0.0.0").addHelpText("before", BANNER).option("--api-key <key>", "OpenSea API key (or set OPENSEA_API_KEY env var)").option("--chain <chain>", "Default chain", "ethereum").option("--format <format>", "Output format (json, table, or toon)", "json").option("--base-url <url>", "API base URL").option("--timeout <ms>", "Request timeout in milliseconds", "30000").option("--verbose", "Log request and response info to stderr").option(
+  "--fields <fields>",
+  "Comma-separated list of fields to include in output"
+).option("--max-lines <lines>", "Truncate output after N lines").option("--max-retries <n>", "Max retries on 429/5xx (0 to disable)", "3").option("--no-retry", "Disable request retries");
 function getClient() {
   const opts = program.opts();
   const apiKey = opts.apiKey ?? process.env.OPENSEA_API_KEY;
@@ -836,14 +2227,16 @@ function getClient() {
     console.error(
       "Error: API key required. Use --api-key or set OPENSEA_API_KEY environment variable."
     );
-    process.exit(2);
+    process.exit(EXIT_AUTH_ERROR);
   }
+  const maxRetries = opts.retry ? parseIntOption(opts.maxRetries, "--max-retries") : 0;
   return new OpenSeaClient({
     apiKey,
     chain: opts.chain,
     baseUrl: opts.baseUrl,
     timeout: parseIntOption(opts.timeout, "--timeout"),
-    verbose: opts.verbose
+    verbose: opts.verbose,
+    maxRetries
   });
 }
 function getFormat() {
@@ -852,7 +2245,24 @@ function getFormat() {
   if (opts.format === "toon") return "toon";
   return "json";
 }
+program.hook("preAction", () => {
+  const opts = program.opts();
+  let maxLines;
+  if (opts.maxLines) {
+    maxLines = parseIntOption(opts.maxLines, "--max-lines");
+    if (maxLines < 1) {
+      console.error("Error: --max-lines must be >= 1");
+      process.exit(2);
+    }
+  }
+  setOutputOptions({
+    fields: opts.fields?.split(",").map((f) => f.trim()),
+    maxLines
+  });
+});
+program.addCommand(chainsCommand(getClient, getFormat));
 program.addCommand(collectionsCommand(getClient, getFormat));
+program.addCommand(dropsCommand(getClient, getFormat));
 program.addCommand(nftsCommand(getClient, getFormat));
 program.addCommand(listingsCommand(getClient, getFormat));
 program.addCommand(offersCommand(getClient, getFormat));
@@ -861,15 +2271,17 @@ program.addCommand(accountsCommand(getClient, getFormat));
 program.addCommand(tokensCommand(getClient, getFormat));
 program.addCommand(searchCommand(getClient, getFormat));
 program.addCommand(swapsCommand(getClient, getFormat));
+program.addCommand(healthCommand(getClient, getFormat));
 async function main() {
   try {
     await program.parseAsync(process.argv);
   } catch (error) {
     if (error instanceof OpenSeaAPIError) {
+      const isRateLimited = error.statusCode === 429;
       console.error(
         JSON.stringify(
           {
-            error: "API Error",
+            error: isRateLimited ? "Rate Limited" : "API Error",
             status: error.statusCode,
             path: error.path,
             message: error.responseBody
@@ -878,7 +2290,7 @@ async function main() {
           2
         )
       );
-      process.exit(1);
+      process.exit(isRateLimited ? EXIT_RATE_LIMITED : EXIT_API_ERROR);
     }
     const label = error instanceof TypeError ? "Network Error" : error.name;
     console.error(
@@ -891,7 +2303,7 @@ async function main() {
         2
       )
     );
-    process.exit(1);
+    process.exit(EXIT_API_ERROR);
   }
 }
 main();