@vultisig/cli 0.15.2 → 0.16.0

package/dist/index.js

@@ -1049,14 +1049,14 @@ var require_main = __commonJS({
           cb = opts;
           opts = {};
         }
-        var qrcode5 = new QRCode(-1, this.error);
-        qrcode5.addData(input);
-        qrcode5.make();
+        var qrcode4 = new QRCode(-1, this.error);
+        qrcode4.addData(input);
+        qrcode4.make();
         var output = "";
         if (opts && opts.small) {
           var BLACK = true, WHITE = false;
-          var moduleCount = qrcode5.getModuleCount();
-          var moduleData = qrcode5.modules.slice();
+          var moduleCount = qrcode4.getModuleCount();
+          var moduleData = qrcode4.modules.slice();
           var oddRow = moduleCount % 2 === 1;
           if (oddRow) {
             moduleData.push(fill(moduleCount, WHITE));
@@ -1089,9 +1089,9 @@ var require_main = __commonJS({
             output += borderBottom;
           }
         } else {
-          var border = repeat(white).times(qrcode5.getModuleCount() + 3);
+          var border = repeat(white).times(qrcode4.getModuleCount() + 3);
           output += border + "\n";
-          qrcode5.modules.forEach(function(row2) {
+          qrcode4.modules.forEach(function(row2) {
             output += white;
             output += row2.map(toCell).join("");
             output += white + "\n";
@@ -1452,9 +1452,10 @@ var init_formatUnits = __esm({
 // src/index.ts
 import "dotenv/config";
 import { promises as fs4 } from "node:fs";
+import { descriptions } from "@vultisig/client-shared";
 import { parseKeygenQR, Vultisig as Vultisig6 } from "@vultisig/sdk";
 import chalk15 from "chalk";
-import { program } from "commander";
+import { InvalidArgumentError, program } from "commander";
 import inquirer8 from "inquirer";
 
 // src/core/command-context.ts
@@ -1536,12 +1537,32 @@ import chalk from "chalk";
 import ora from "ora";
 var silentMode = false;
 var outputFormat = "table";
+var nonInteractive = false;
+var quietMode = false;
+var fieldFilter;
 function setSilentMode(silent) {
   silentMode = silent;
 }
 function isSilent() {
   return silentMode;
 }
+function setNonInteractive(value) {
+  nonInteractive = value;
+}
+function isNonInteractive() {
+  return nonInteractive;
+}
+function requireInteractive(hint) {
+  if (nonInteractive) {
+    throw new Error(`Interactive prompt required but --non-interactive is set. ${hint}`);
+  }
+}
+function setQuiet(value) {
+  quietMode = value;
+}
+function setFields(fields) {
+  fieldFilter = fields;
+}
 function initOutputMode(options) {
   outputFormat = options.output ?? "table";
   silentMode = options.silent ?? process.env.VULTISIG_SILENT === "1";
@@ -1552,14 +1573,72 @@ function initOutputMode(options) {
 function isJsonOutput() {
   return outputFormat === "json";
 }
+function stripEmpty(data) {
+  if (Array.isArray(data)) return data.map(stripEmpty);
+  if (data !== null && typeof data === "object") {
+    return Object.fromEntries(
+      Object.entries(data).filter(([, v]) => v != null && v !== "").map(([k, v]) => [k, stripEmpty(v)])
+    );
+  }
+  return data;
+}
+function filterFields(data, fields) {
+  if (!fields.length) return data;
+  if (Array.isArray(data)) return data.map((item) => filterFields(item, fields));
+  if (data !== null && typeof data === "object") {
+    const entries = Object.entries(data);
+    const matched = entries.filter(([k]) => fields.includes(k));
+    if (matched.length > 0) return Object.fromEntries(matched);
+    const recursed = entries.map(([k, v]) => [k, filterFields(v, fields)]);
+    return Object.fromEntries(recursed);
+  }
+  return data;
+}
+function collectKeys(data) {
+  const keys = /* @__PURE__ */ new Set();
+  if (Array.isArray(data)) {
+    for (const item of data) {
+      if (item !== null && typeof item === "object") {
+        for (const k of Object.keys(item)) keys.add(k);
+      }
+    }
+  } else if (data !== null && typeof data === "object") {
+    for (const [k, v] of Object.entries(data)) {
+      keys.add(k);
+      if (v !== null && typeof v === "object") {
+        for (const nested of collectKeys(v)) keys.add(nested);
+      }
+    }
+  }
+  return keys;
+}
+function warnInvalidFields(data, fields) {
+  const available = collectKeys(data);
+  if (available.size === 0) return;
+  const invalid = fields.filter((f) => !available.has(f));
+  if (invalid.length > 0) {
+    process.stderr.write(`Warning: unknown field(s): ${invalid.join(", ")}. Available: ${[...available].join(", ")}
+`);
+  }
+}
+function applyOutputTransforms(data) {
+  let out = quietMode ? stripEmpty(data) : data;
+  if (fieldFilter?.length) {
+    warnInvalidFields(out, fieldFilter);
+    out = filterFields(out, fieldFilter);
+  }
+  return out;
+}
 function bigIntReplacer(_key, value) {
   return typeof value === "bigint" ? value.toString() : value;
 }
 function outputJson(data) {
-  console.log(JSON.stringify({ success: true, data }, bigIntReplacer, 2));
+  const transformed = applyOutputTransforms(data);
+  console.log(JSON.stringify({ success: true, v: 1, data: transformed }, bigIntReplacer, 2));
 }
-function outputJsonError(message, code) {
-  console.log(JSON.stringify({ success: false, error: { message, code } }, bigIntReplacer, 2));
+function outputErrorJson(errJson) {
+  const transformed = applyOutputTransforms(errJson);
+  console.log(JSON.stringify(transformed, bigIntReplacer, 2));
 }
 function info(message) {
   if (!silentMode) {
@@ -1661,11 +1740,24 @@ function createSpinner(text) {
     activeSpinners.add(spinner2);
     return spinner2;
   }
-  const spinner = wrapOraSpinner(ora(text).start());
+  const spinner = wrapOraSpinner(ora({ text, stream: process.stderr }).start());
   activeSpinners.add(spinner);
   return spinner;
 }
 
+// src/core/credential-store.ts
+import {
+  _resetAll,
+  clearCredentials,
+  getDecryptionPassword,
+  getServerPassword,
+  getStoredServerPassword,
+  isUsingFileFallback,
+  setDecryptionPassword,
+  setFilePassphrase,
+  setServerPassword
+} from "@vultisig/client-shared";
+
 // src/core/password-manager.ts
 var passwordCache = /* @__PURE__ */ new Map();
 function cachePassword(vaultIdOrName, password) {
@@ -1700,12 +1792,15 @@ function getPasswordFromEnv(vaultId, vaultName) {
   if (vaultPasswords.has(vaultId)) {
     return vaultPasswords.get(vaultId);
   }
-  if (process.env.VAULT_PASSWORD) {
-    return process.env.VAULT_PASSWORD;
+  if (process.env.VAULT_PASSWORD || process.env.VULTISIG_PASSWORD) {
+    return process.env.VAULT_PASSWORD || process.env.VULTISIG_PASSWORD;
   }
   return null;
 }
 async function promptForPassword(vaultName, vaultId) {
+  requireInteractive(
+    'Use --password flag, VAULT_PASSWORD env var, or "vsig auth setup" to store credentials in keyring.'
+  );
   const displayName = vaultName || vaultId || "vault";
   const { password } = await inquirer.prompt([
     {
@@ -1722,14 +1817,25 @@ async function getPassword(vaultId, vaultName) {
   if (cachedPassword) {
     return cachedPassword;
   }
+  try {
+    const keyringPassword = await getServerPassword(vaultId);
+    if (keyringPassword) {
+      cachePassword(vaultId, keyringPassword);
+      if (vaultName) cachePassword(vaultName, keyringPassword);
+      return keyringPassword;
+    }
+  } catch {
+  }
   const envPassword = getPasswordFromEnv(vaultId, vaultName);
   if (envPassword) {
     cachePassword(vaultId, envPassword);
     if (vaultName) cachePassword(vaultName, envPassword);
     return envPassword;
   }
-  if (isSilent() || isJsonOutput()) {
-    throw new Error("Password required but not provided. Set VAULT_PASSWORD or VAULT_PASSWORDS environment variable.");
+  if (isSilent() || isJsonOutput() || isNonInteractive()) {
+    throw new Error(
+      "Password required but not provided. Set VAULT_PASSWORD or VAULT_PASSWORDS environment variable, or use --password flag."
+    );
   }
   const password = await promptForPassword(vaultName, vaultId);
   cachePassword(vaultId, password);
@@ -1745,12 +1851,8 @@ async function ensureVaultUnlocked(vault, password) {
   if (!vault.isEncrypted || vault.isUnlocked()) {
     return;
   }
-  if (password) {
-    await vault.unlock(password);
-    return;
-  }
-  const inputPassword = await promptForPassword(vault.name, vault.id);
-  await vault.unlock(inputPassword);
+  const resolvedPassword = password || await getPassword(vault.id, vault.name);
+  await vault.unlock(resolvedPassword);
 }
 
 // src/adapters/cli-context.ts
@@ -1768,6 +1870,229 @@ var CLIContext = class extends BaseCommandContext {
   }
 };
 
+// src/core/errors.ts
+import { VaultError, VaultErrorCode, VaultImportError, VaultImportErrorCode } from "@vultisig/sdk";
+var EXIT_CODE_DESCRIPTIONS = {
+  [0 /* SUCCESS */]: "Success",
+  [1 /* USAGE */]: "Usage error (bad arguments, unknown command)",
+  [2 /* AUTH_REQUIRED */]: "Authentication required",
+  [3 /* NETWORK */]: "Network error (retryable)",
+  [4 /* INVALID_INPUT */]: "Invalid input (bad chain, address, amount)",
+  [5 /* RESOURCE_NOT_FOUND */]: "Resource not found (token, route)",
+  [6 /* EXTERNAL_SERVICE */]: "External service error (retryable)",
+  [7 /* UNKNOWN */]: "Unknown/unexpected error"
+};
+var VsigError = class extends Error {
+  hint;
+  suggestions;
+  context;
+  retryable = false;
+  constructor(message, hint, suggestions, context) {
+    super(message);
+    this.name = this.constructor.name;
+    this.hint = hint;
+    this.suggestions = suggestions;
+    this.context = context;
+  }
+};
+var UsageError = class extends VsigError {
+  exitCode = 1 /* USAGE */;
+  code = "USAGE_ERROR";
+  constructor(message, hint, suggestions) {
+    super(message, hint, suggestions);
+  }
+};
+var AuthRequiredError = class extends VsigError {
+  exitCode = 2 /* AUTH_REQUIRED */;
+  code = "AUTH_REQUIRED";
+  constructor(message) {
+    super(message ?? "Authentication required. Set up vault credentials.", "Ensure your vault is unlocked", [
+      "vsig vaults",
+      "vsig create"
+    ]);
+  }
+};
+var NetworkError = class extends VsigError {
+  exitCode = 3 /* NETWORK */;
+  code = "NETWORK_ERROR";
+  retryable = true;
+  constructor(message, hint, suggestions) {
+    super(message, hint, suggestions);
+  }
+};
+var InvalidChainError = class extends VsigError {
+  exitCode = 4 /* INVALID_INPUT */;
+  code = "INVALID_CHAIN";
+  constructor(message, hint, suggestions, context) {
+    super(message, hint, suggestions, context);
+  }
+};
+var InvalidAddressError = class extends VsigError {
+  exitCode = 4 /* INVALID_INPUT */;
+  code = "INVALID_ADDRESS";
+  constructor(message, hint, suggestions, context) {
+    super(message, hint, suggestions, context);
+  }
+};
+var InvalidInputError = class extends VsigError {
+  exitCode = 4 /* INVALID_INPUT */;
+  code = "INVALID_INPUT";
+  constructor(message, hint, suggestions, context) {
+    super(message, hint, suggestions, context);
+  }
+};
+var InsufficientBalanceError = class extends VsigError {
+  exitCode = 4 /* INVALID_INPUT */;
+  code = "INSUFFICIENT_BALANCE";
+  constructor(message, hint, suggestions, context) {
+    super(message, hint, suggestions, context);
+  }
+};
+var NoRouteError = class extends VsigError {
+  exitCode = 5 /* RESOURCE_NOT_FOUND */;
+  code = "NO_ROUTE";
+  constructor(message, hint, suggestions, context) {
+    super(message, hint, suggestions, context);
+  }
+};
+var TokenNotFoundError = class extends VsigError {
+  exitCode = 5 /* RESOURCE_NOT_FOUND */;
+  code = "TOKEN_NOT_FOUND";
+  constructor(message, hint, suggestions, context) {
+    super(message, hint, suggestions, context);
+  }
+};
+var ExternalServiceError = class extends VsigError {
+  exitCode = 6 /* EXTERNAL_SERVICE */;
+  code = "EXTERNAL_SERVICE";
+  retryable = true;
+  constructor(message, hint, suggestions) {
+    super(message, hint, suggestions);
+  }
+};
+var PricingUnavailableError = class extends VsigError {
+  exitCode = 6 /* EXTERNAL_SERVICE */;
+  code = "PRICING_UNAVAILABLE";
+  retryable = true;
+  constructor(message, hint, suggestions) {
+    super(message, hint, suggestions);
+  }
+};
+var UnknownError = class extends VsigError {
+  exitCode = 7 /* UNKNOWN */;
+  code = "UNKNOWN_ERROR";
+  constructor(message) {
+    super(message);
+  }
+};
+function classifyError(err) {
+  if (err instanceof VsigError) return err;
+  if (err instanceof VaultError) {
+    if (err.code === VaultErrorCode.BalanceFetchFailed && err.originalError) {
+      const inner = classifyError(err.originalError);
+      if (!(inner instanceof UnknownError)) return inner;
+    }
+    switch (err.code) {
+      case VaultErrorCode.UnsupportedChain:
+      case VaultErrorCode.ChainNotSupported:
+        return new InvalidChainError(err.message);
+      case VaultErrorCode.NetworkError:
+      case VaultErrorCode.BalanceFetchFailed:
+      case VaultErrorCode.Timeout:
+        return new NetworkError(err.message);
+      case VaultErrorCode.InvalidAmount:
+        return new InvalidInputError(err.message);
+      case VaultErrorCode.InvalidConfig: {
+        const lowerMsg = err.message.toLowerCase();
+        if (lowerMsg.includes("unknown chain") || lowerMsg.includes("unsupported chain") || lowerMsg.includes("chain not supported")) {
+          const chainMatch = err.message.match(/chain[:\s]*"([^"]+)"/i);
+          return new InvalidChainError(
+            err.message,
+            void 0,
+            void 0,
+            chainMatch ? { chain: chainMatch[1] } : void 0
+          );
+        }
+        return new UsageError(err.message);
+      }
+      case VaultErrorCode.UnsupportedToken:
+        return new TokenNotFoundError(err.message);
+      case VaultErrorCode.BroadcastFailed:
+        return new ExternalServiceError(err.message, "Broadcast failed \u2014 the node may be temporarily unavailable", [
+          "Retry the transaction"
+        ]);
+      case VaultErrorCode.GasEstimationFailed:
+        return new InvalidInputError(err.message, "Gas estimation failed \u2014 check balance and transaction params");
+      case VaultErrorCode.SigningFailed:
+        return new UnknownError(err.message);
+      default:
+        return new UnknownError(err.message);
+    }
+  }
+  if (err instanceof VaultImportError) {
+    switch (err.code) {
+      case VaultImportErrorCode.PASSWORD_REQUIRED:
+      case VaultImportErrorCode.INVALID_PASSWORD:
+        return new AuthRequiredError(err.message);
+      default:
+        return new UsageError(err.message);
+    }
+  }
+  const msg = err.message.toLowerCase();
+  if (msg.includes("unsupported chain") || msg.includes("invalid chain") || msg.includes("unknown chain")) {
+    const chainMatch = err.message.match(/chain[:\s]*"([^"]+)"/i) || err.message.match(/chain[:\s]+(\S+)/i);
+    return new InvalidChainError(err.message, void 0, void 0, chainMatch ? { chain: chainMatch[1] } : void 0);
+  }
+  if (msg.includes("invalid address") || msg.includes("bad address") || msg.includes("malformed address")) {
+    const addrMatch = err.message.match(/(0x[a-fA-F0-9]+|bc1[a-z0-9]+|[13][a-km-zA-HJ-NP-Z1-9]+)/i);
+    return new InvalidAddressError(err.message, void 0, void 0, addrMatch ? { address: addrMatch[1] } : void 0);
+  }
+  if (msg.includes("insufficient") && msg.includes("balance")) {
+    return new InsufficientBalanceError(err.message);
+  }
+  if (msg.includes("no route") || msg.includes("no swap") || msg.includes("no provider")) {
+    return new NoRouteError(err.message);
+  }
+  if (msg.includes("token not found") || msg.includes("unknown token")) {
+    return new TokenNotFoundError(err.message);
+  }
+  if (msg.includes("pricing") || msg.includes("price unavailable") || msg.includes("price service")) {
+    return new PricingUnavailableError(err.message);
+  }
+  if (msg.includes("econnrefused") || msg.includes("etimedout") || msg.includes("enotfound") || msg.includes("econnreset") || msg.includes("fetch failed") || msg.includes("network") || msg.includes("socket hang up") || msg.includes("dns")) {
+    return new NetworkError(err.message);
+  }
+  return new UnknownError(err.message);
+}
+function toErrorJson(err) {
+  if (err instanceof VsigError) {
+    const json = {
+      success: false,
+      v: 1,
+      error: {
+        code: err.code,
+        exitCode: err.exitCode,
+        message: err.message,
+        hint: err.hint,
+        retryable: err.retryable
+      }
+    };
+    if (err.suggestions?.length) json.error.suggestions = err.suggestions;
+    if (err.context) json.error.context = err.context;
+    return json;
+  }
+  return {
+    success: false,
+    v: 1,
+    error: {
+      code: "UNKNOWN_ERROR",
+      exitCode: 7 /* UNKNOWN */,
+      message: err.message,
+      retryable: false
+    }
+  };
+}
+
 // src/adapters/cli-runner.ts
 function withExit(handler) {
   return async (...args) => {
@@ -1775,17 +2100,18 @@ function withExit(handler) {
       await handler(...args);
       process.exit(0);
     } catch (err) {
-      const exitCode = err.exitCode ?? 1;
+      const classified = err instanceof VsigError ? err : err instanceof Error ? classifyError(err) : classifyError(new Error(String(err)));
       if (isJsonOutput()) {
-        outputJsonError(err.message, err.code ?? "GENERAL_ERROR");
-        process.exit(exitCode);
-      }
-      if (err.exitCode !== void 0) {
-        process.exit(err.exitCode);
+        outputErrorJson(toErrorJson(classified));
+        process.exit(classified.exitCode);
       }
       printError(`
-x ${err.message}`);
-      process.exit(1);
+x ${classified.message}`);
+      if (classified.hint) printError(`  hint: ${classified.hint}`);
+      if (classified.suggestions?.length) {
+        for (const s of classified.suggestions) printError(`  - ${s}`);
+      }
+      process.exit(classified.exitCode);
     }
   };
 }
@@ -1914,6 +2240,7 @@ function displayVaultsList(vaults, activeVault) {
   printTable(table);
 }
 async function confirmTransaction() {
+  requireInteractive("Use --yes to skip confirmation, or --password to provide password non-interactively.");
   const { confirmed } = await inquirer2.prompt([
     {
       type: "confirm",
@@ -2033,6 +2360,7 @@ function displaySwapChains(chains) {
 Total: ${chains.length} chains`);
 }
 async function confirmSwap() {
+  requireInteractive("Use --yes to skip confirmation, or --password to provide password non-interactively.");
   const { confirmed } = await inquirer2.prompt([
     {
       type: "confirm",
@@ -2121,13 +2449,25 @@ async function executeChains(ctx2, options = {}) {
     return;
   }
   if (options.add) {
-    await vault.addChain(options.add);
-    success(`
-+ Added chain: ${options.add}`);
+    const alreadyActive = vault.chains.includes(options.add);
+    if (!alreadyActive) {
+      await vault.addChain(options.add);
+    }
     const address = await vault.address(options.add);
+    if (isJsonOutput()) {
+      outputJson({ chain: options.add, alreadyActive, address, chains: [...vault.chains] });
+      return;
+    }
+    success(alreadyActive ? `
+Chain already active: ${options.add}` : `
++ Added chain: ${options.add}`);
     info(`Address: ${address}`);
   } else if (options.remove) {
     await vault.removeChain(options.remove);
+    if (isJsonOutput()) {
+      outputJson({ chain: options.remove, removed: true, chains: [...vault.chains] });
+      return;
+    }
     success(`
 + Removed chain: ${options.remove}`);
   } else {
@@ -2162,6 +2502,10 @@ import chalk4 from "chalk";
 import inquirer3 from "inquirer";
 async function executeTokens(ctx2, options) {
   await ctx2.ensureActiveVault();
+  if (options.discover) {
+    await discoverTokens(ctx2, options.chain);
+    return;
+  }
   if (options.add) {
     let symbol = options.symbol;
     let name = options.name;
@@ -2193,6 +2537,7 @@ async function executeTokens(ctx2, options) {
       });
     }
     if (prompts.length > 0) {
+      requireInteractive("Provide --symbol, --name, and --decimals flags for non-interactive token addition.");
       const answers = await inquirer3.prompt(prompts);
       symbol = symbol || answers.symbol?.trim();
       name = name || answers.name?.trim();
@@ -2231,6 +2576,57 @@ async function removeToken(ctx2, chain, tokenId) {
   success(`
 + Removed token ${tokenId} from ${chain}`);
 }
+async function discoverTokens(ctx2, chain) {
+  const vault = await ctx2.ensureActiveVault();
+  const spinner = createSpinner(`Discovering tokens on ${chain}...`);
+  let discovered;
+  try {
+    discovered = await vault.discoverTokens(chain);
+  } catch (err) {
+    spinner.fail(`Token discovery failed for ${chain}`);
+    throw err;
+  }
+  if (discovered.length === 0) {
+    spinner.succeed(`No new tokens found on ${chain}`);
+    if (isJsonOutput()) {
+      outputJson({ chain, discovered: [], count: 0 });
+    }
+    return;
+  }
+  const existingTokens = vault.getTokens(chain);
+  const existingAddresses = new Set(existingTokens.map((t) => t.contractAddress ?? t.id));
+  const newTokens = discovered.filter((d) => d.contractAddress && !existingAddresses.has(d.contractAddress));
+  for (const d of newTokens) {
+    await vault.addToken(chain, {
+      id: d.contractAddress,
+      symbol: d.ticker,
+      name: d.ticker,
+      decimals: d.decimals,
+      contractAddress: d.contractAddress,
+      chainId: chain,
+      isNative: false
+    });
+  }
+  const allTokens = vault.getTokens(chain);
+  spinner.succeed(`Discovered ${newTokens.length} new token(s) on ${chain}`);
+  if (isJsonOutput()) {
+    outputJson({
+      chain,
+      discovered: newTokens.map((d) => ({
+        symbol: d.ticker,
+        contractAddress: d.contractAddress,
+        decimals: d.decimals
+      })),
+      count: newTokens.length
+    });
+    return;
+  }
+  for (const d of newTokens) {
+    printResult(`  ${d.ticker} (${d.contractAddress})`);
+  }
+  info(chalk4.gray(`
+${allTokens.length} total token(s) tracked on ${chain}`));
+}
 async function listTokens(ctx2, chain) {
   const vault = await ctx2.ensureActiveVault();
   const spinner = createSpinner(`Loading tokens for ${chain}...`);
@@ -2263,8 +2659,15 @@ Use --add <contractAddress> to add or --remove <tokenId> to remove`));
 }
 
 // src/commands/transaction.ts
-var import_qrcode_terminal = __toESM(require_main(), 1);
 import { Chain, Vultisig as Vultisig2 } from "@vultisig/sdk";
+
+// src/core/config-store.ts
+import { getConfigPath, loadConfig, saveConfig } from "@vultisig/client-shared";
+
+// src/core/vault-discovery.ts
+import { discoverVaultFiles, SEARCH_DIRS } from "@vultisig/client-shared";
+
+// src/commands/transaction.ts
 async function executeSend(ctx2, params) {
   const vault = await ctx2.ensureActiveVault();
   if (!Object.values(Chain).includes(params.chain)) {
@@ -2278,59 +2681,59 @@ async function executeSend(ctx2, params) {
 }
 async function sendTransaction(vault, params) {
   const prepareSpinner = createSpinner("Preparing transaction...");
-  const address = await vault.address(params.chain);
-  const balance = await vault.balance(params.chain, params.tokenId);
-  const coin = {
+  const dryResult = await vault.send({
     chain: params.chain,
-    address,
-    decimals: balance.decimals,
-    ticker: balance.symbol,
-    id: params.tokenId
-  };
-  const isMax = params.amount === "max";
-  let amount;
-  let displayAmount;
-  if (isMax) {
-    const maxInfo = await vault.getMaxSendAmount({ coin, receiver: params.to, memo: params.memo });
-    amount = maxInfo.maxSendable;
-    if (amount === 0n) {
-      throw new Error("Insufficient balance to cover network fees");
-    }
-    displayAmount = formatBigintAmount(amount, balance.decimals);
-  } else {
-    const [whole, frac = ""] = params.amount.split(".");
-    if (frac.length > balance.decimals) {
-      throw new Error(`Amount has more than ${balance.decimals} decimal places`);
-    }
-    const paddedFrac = frac.padEnd(balance.decimals, "0");
-    amount = BigInt(whole || "0") * 10n ** BigInt(balance.decimals) + BigInt(paddedFrac || "0");
-    displayAmount = params.amount;
-  }
-  const payload = await vault.prepareSendTx({
-    coin,
-    receiver: params.to,
-    amount,
-    memo: params.memo
+    to: params.to,
+    amount: params.amount,
+    symbol: params.tokenId,
+    memo: params.memo,
+    dryRun: true
   });
   prepareSpinner.succeed("Transaction prepared");
+  if (!dryResult.dryRun) throw new Error("unreachable");
+  if (params.dryRun) {
+    const balance2 = await vault.balance(params.chain, params.tokenId);
+    const hasInsufficientBalance = parseFloat(dryResult.total) > parseFloat(balance2.formattedAmount);
+    const result = {
+      dryRun: true,
+      chain: params.chain,
+      to: params.to,
+      amount: params.amount,
+      symbol: balance2.symbol,
+      balance: balance2.formattedAmount
+    };
+    if (hasInsufficientBalance) {
+      result.warning = `Insufficient balance: you have ${balance2.formattedAmount} ${balance2.symbol}`;
+    }
+    if (isJsonOutput()) {
+      outputJson(result);
+    } else {
+      info(`
+Dry-run preview:`);
+      info(`  Chain:   ${result.chain}`);
+      info(`  To:      ${result.to}`);
+      info(`  Amount:  ${result.amount} ${result.symbol}`);
+      info(`  Fee:     ${dryResult.fee} ${result.symbol}`);
+      info(`  Balance: ${result.balance} ${result.symbol}`);
+      if (result.warning) warn(`  Warning: ${result.warning}`);
+    }
+    return result;
+  }
   let gas;
   try {
     gas = await vault.gas(params.chain);
   } catch {
     warn("\nGas estimation unavailable");
   }
+  const balance = await vault.balance(params.chain, params.tokenId);
   if (!isJsonOutput()) {
-    displayTransactionPreview(
-      payload.coin.address,
-      params.to,
-      displayAmount,
-      payload.coin.ticker,
-      params.chain,
-      params.memo,
-      gas
-    );
+    const address = await vault.address(params.chain);
+    displayTransactionPreview(address, params.to, dryResult.total, balance.symbol, params.chain, params.memo, gas);
   }
-  if (!params.yes && !isJsonOutput()) {
+  if (!params.yes) {
+    if (isNonInteractive()) {
+      throw new Error("Transaction requires confirmation. Use --yes to skip, or --dry-run to preview.");
+    }
     const confirmed = await confirmTransaction();
     if (!confirmed) {
       warn("Transaction cancelled");
@@ -2338,90 +2741,55 @@ async function sendTransaction(vault, params) {
     }
   }
   await ensureVaultUnlocked(vault, params.password);
-  const isSecureVault = vault.type === "secure";
-  const signSpinner = createSpinner(isSecureVault ? "Preparing secure signing session..." : "Signing transaction...");
+  const signSpinner = createSpinner(
+    vault.type === "secure" ? "Preparing secure signing session..." : "Signing transaction..."
+  );
   vault.on("signingProgress", ({ step }) => {
     signSpinner.text = `${step.message} (${step.progress}%)`;
   });
-  if (isSecureVault) {
-    vault.on("qrCodeReady", ({ qrPayload }) => {
-      if (isJsonOutput()) {
-        printResult(qrPayload);
-      } else if (isSilent()) {
-        printResult(`QR Payload: ${qrPayload}`);
-      } else {
-        signSpinner.stop();
-        info("\nScan this QR code with your Vultisig mobile app to sign:");
-        import_qrcode_terminal.default.generate(qrPayload, { small: true });
-        info(`
-Or use this URL: ${qrPayload}
-`);
-        signSpinner.start("Waiting for devices to join signing session...");
-      }
-    });
-    vault.on(
-      "deviceJoined",
-      ({ deviceId, totalJoined, required }) => {
-        if (!isSilent()) {
-          signSpinner.text = `Device joined: ${totalJoined}/${required} (${deviceId})`;
-        } else if (!isJsonOutput()) {
-          printResult(`Device joined: ${totalJoined}/${required}`);
-        }
-      }
-    );
-  }
   try {
-    const messageHashes = await vault.extractMessageHashes(payload);
-    const signature = await vault.sign(
-      {
-        transaction: payload,
-        chain: payload.coin.chain,
-        messageHashes
-      },
-      { signal: params.signal }
-    );
-    signSpinner.succeed("Transaction signed");
-    const broadcastSpinner = createSpinner("Broadcasting transaction...");
-    const txHash = await vault.broadcastTx({
+    const result = await vault.send({
       chain: params.chain,
-      keysignPayload: payload,
-      signature
+      to: params.to,
+      amount: params.amount,
+      symbol: params.tokenId,
+      memo: params.memo
     });
-    broadcastSpinner.succeed(`Transaction broadcast: ${txHash}`);
-    const result = {
-      txHash,
+    if (result.dryRun) throw new Error("unreachable");
+    const broadcast = result;
+    signSpinner.succeed(`Transaction broadcast: ${broadcast.txHash}`);
+    const txResult = {
+      txHash: broadcast.txHash,
       chain: params.chain,
-      explorerUrl: Vultisig2.getTxExplorerUrl(params.chain, txHash)
+      explorerUrl: Vultisig2.getTxExplorerUrl(params.chain, broadcast.txHash)
     };
     if (isJsonOutput()) {
-      outputJson(result);
+      outputJson(txResult);
     } else {
-      displayTransactionResult(params.chain, txHash);
+      displayTransactionResult(params.chain, broadcast.txHash);
     }
-    return result;
+    return txResult;
   } finally {
     vault.removeAllListeners("signingProgress");
-    if (isSecureVault) {
-      vault.removeAllListeners("qrCodeReady");
-      vault.removeAllListeners("deviceJoined");
-    }
   }
 }
 
 // src/commands/execute.ts
-var import_qrcode_terminal2 = __toESM(require_main(), 1);
+var import_qrcode_terminal = __toESM(require_main(), 1);
 import { Vultisig as Vultisig3 } from "@vultisig/sdk";
 var COSMOS_CHAIN_CONFIG = {
   THORChain: {
     chainId: "thorchain-1",
     prefix: "thor",
     denom: "rune",
+    decimals: 8,
     gasLimit: "500000"
   },
   MayaChain: {
     chainId: "mayachain-mainnet-v1",
     prefix: "maya",
     denom: "cacao",
+    decimals: 10,
     gasLimit: "500000"
   }
 };
@@ -2456,8 +2824,42 @@ async function executeContractTransaction(vault, params, chainConfig, msg, funds
   const prepareSpinner = createSpinner("Preparing contract execution...");
   const address = await vault.address(params.chain);
   prepareSpinner.succeed("Transaction prepared");
+  if (params.dryRun) {
+    if (isJsonOutput()) {
+      outputJson({
+        dryRun: true,
+        chain: params.chain,
+        contract: params.contract,
+        msg,
+        funds,
+        address,
+        memo: params.memo
+      });
+    } else {
+      info("\nContract Execution Preview (dry-run)");
+      info("\u2501".repeat(50));
+      info(`Chain:      ${params.chain}`);
+      info(`From:       ${address}`);
+      info(`Contract:   ${params.contract}`);
+      info(
+        `Message:    ${JSON.stringify(msg, null, 2).substring(0, 200)}${JSON.stringify(msg).length > 200 ? "..." : ""}`
+      );
+      if (funds.length > 0) {
+        info(`Funds:      ${funds.map((f) => `${f.amount} ${f.denom}`).join(", ")}`);
+      }
+      if (params.memo) {
+        info(`Memo:       ${params.memo}`);
+      }
+      info("\u2501".repeat(50));
+    }
+    return {
+      txHash: "",
+      chain: params.chain,
+      explorerUrl: ""
+    };
+  }
   if (!isJsonOutput()) {
-    info("\n\u{1F4DD} Contract Execution Preview");
+    info("\nContract Execution Preview");
     info("\u2501".repeat(50));
     info(`Chain:      ${params.chain}`);
     info(`From:       ${address}`);
@@ -2473,7 +2875,10 @@ async function executeContractTransaction(vault, params, chainConfig, msg, funds
     }
     info("\u2501".repeat(50));
   }
-  if (!params.yes && !isJsonOutput()) {
+  if (!params.yes) {
+    if (isNonInteractive()) {
+      throw new Error("Transaction requires confirmation. Use --yes to skip, or --dry-run to preview.");
+    }
     const confirmed = await confirmTransaction();
     if (!confirmed) {
       warn("Transaction cancelled");
@@ -2495,7 +2900,7 @@ async function executeContractTransaction(vault, params, chainConfig, msg, funds
       } else {
         signSpinner.stop();
         info("\nScan this QR code with your Vultisig mobile app to sign:");
-        import_qrcode_terminal2.default.generate(qrPayload, { small: true });
+        import_qrcode_terminal.default.generate(qrPayload, { small: true });
         info(`
 Or use this URL: ${qrPayload}
 `);
@@ -2518,8 +2923,7 @@ Or use this URL: ${qrPayload}
     const coin = {
       chain: cosmosChain,
       address,
-      decimals: 8,
-      // THORChain uses 8 decimals
+      decimals: chainConfig.decimals,
       ticker: chainConfig.denom.toUpperCase()
     };
     const executeContractMsg = {
@@ -2580,7 +2984,7 @@ Or use this URL: ${qrPayload}
 }
 
 // src/commands/sign.ts
-var import_qrcode_terminal3 = __toESM(require_main(), 1);
+var import_qrcode_terminal2 = __toESM(require_main(), 1);
 import { Chain as Chain3 } from "@vultisig/sdk";
 async function executeSignBytes(ctx2, params) {
   const vault = await ctx2.ensureActiveVault();
@@ -2606,7 +3010,7 @@ async function signBytes(vault, params) {
       } else {
         signSpinner.stop();
         info("\nScan this QR code with your Vultisig mobile app to sign:");
-        import_qrcode_terminal3.default.generate(qrPayload, { small: true });
+        import_qrcode_terminal2.default.generate(qrPayload, { small: true });
         info(`
 Or use this URL: ${qrPayload}
 `);
@@ -2756,7 +3160,7 @@ function sleep(ms) {
 }
 
 // src/commands/vault-management.ts
-var import_qrcode_terminal4 = __toESM(require_main(), 1);
+var import_qrcode_terminal3 = __toESM(require_main(), 1);
 import { FastVault } from "@vultisig/sdk";
 import chalk5 from "chalk";
 import { promises as fs } from "fs";
@@ -2904,7 +3308,7 @@ async function executeCreateSecure(ctx2, options) {
           } else {
             spinner.stop();
             info("\nScan this QR code with your Vultisig mobile app:");
-            import_qrcode_terminal4.default.generate(qrPayload, { small: true });
+            import_qrcode_terminal3.default.generate(qrPayload, { small: true });
             info(`
 Or use this URL: ${qrPayload}
 `);
@@ -3427,7 +3831,7 @@ async function executeCreateFromSeedphraseSecure(ctx2, options) {
           } else {
             importSpinner.stop();
             info("\nScan this QR code with your Vultisig mobile app:");
-            import_qrcode_terminal4.default.generate(qrPayload, { small: true });
+            import_qrcode_terminal3.default.generate(qrPayload, { small: true });
             info(`
 Or use this URL: ${qrPayload}
 `);
@@ -3616,35 +4020,24 @@ async function executeSwapQuote(ctx2, options) {
   if (!isMax && (isNaN(options.amount) || options.amount <= 0)) {
     throw new Error("Invalid amount");
   }
-  const isSupported = await vault.isSwapSupported(options.fromChain, options.toChain);
-  if (!isSupported) {
-    throw new Error(`Swaps from ${options.fromChain} to ${options.toChain} are not supported`);
-  }
-  let resolvedAmount;
-  if (isMax) {
-    const bal = await vault.balance(options.fromChain, options.fromToken);
-    resolvedAmount = parseFloat(bal.formattedAmount);
-    if (resolvedAmount <= 0) {
-      throw new Error("Zero balance \u2014 nothing to swap");
-    }
-  } else {
-    resolvedAmount = options.amount;
-  }
   const spinner = createSpinner("Getting swap quote...");
-  const quote = await vault.getSwapQuote({
-    fromCoin: { chain: options.fromChain, token: options.fromToken },
-    toCoin: { chain: options.toChain, token: options.toToken },
-    amount: resolvedAmount,
-    fiatCurrency: "usd"
-    // Request fiat conversion
+  const result = await vault.swap({
+    fromChain: options.fromChain,
+    fromSymbol: options.fromToken || "",
+    toChain: options.toChain,
+    toSymbol: options.toToken || "",
+    amount: isMax ? "max" : String(options.amount),
+    dryRun: true
   });
+  if (!result.dryRun) throw new Error("unreachable");
   spinner.succeed("Quote received");
-  const fromAmountDisplay = isMax ? `${formatBigintAmount(quote.maxSwapable, quote.fromCoin.decimals)} (max)` : String(resolvedAmount);
+  const quote = result.quote;
+  const fromAmountDisplay = isMax ? `${formatBigintAmount(quote.maxSwapable, quote.fromCoin.decimals)} (max)` : String(options.amount);
   if (isJsonOutput()) {
     outputJson({
       fromChain: options.fromChain,
       toChain: options.toChain,
-      amount: resolvedAmount,
+      amount: isMax ? "max" : options.amount,
       isMax,
       quote
     });
@@ -3668,30 +4061,57 @@ async function executeSwap(ctx2, options) {
   if (!isMax && (isNaN(options.amount) || options.amount <= 0)) {
     throw new Error("Invalid amount");
   }
-  const isSupported = await vault.isSwapSupported(options.fromChain, options.toChain);
-  if (!isSupported) {
-    throw new Error(`Swaps from ${options.fromChain} to ${options.toChain} are not supported`);
-  }
-  let resolvedAmount;
-  if (isMax) {
-    const bal = await vault.balance(options.fromChain, options.fromToken);
-    resolvedAmount = parseFloat(bal.formattedAmount);
-    if (resolvedAmount <= 0) {
-      throw new Error("Zero balance \u2014 nothing to swap");
-    }
-  } else {
-    resolvedAmount = options.amount;
-  }
+  const amountStr = isMax ? "max" : String(options.amount);
   const quoteSpinner = createSpinner("Getting swap quote...");
-  const quote = await vault.getSwapQuote({
-    fromCoin: { chain: options.fromChain, token: options.fromToken },
-    toCoin: { chain: options.toChain, token: options.toToken },
-    amount: resolvedAmount,
-    fiatCurrency: "usd"
-    // Request fiat conversion
+  const dryResult = await vault.swap({
+    fromChain: options.fromChain,
+    fromSymbol: options.fromToken || "",
+    toChain: options.toChain,
+    toSymbol: options.toToken || "",
+    amount: amountStr,
+    dryRun: true
   });
+  if (!dryResult.dryRun) throw new Error("unreachable");
   quoteSpinner.succeed("Quote received");
-  const fromAmountDisplay = isMax ? `${formatBigintAmount(quote.maxSwapable, quote.fromCoin.decimals)} (max)` : String(resolvedAmount);
+  const quote = dryResult.quote;
+  const fromAmountRaw = isMax ? formatBigintAmount(quote.maxSwapable, quote.fromCoin.decimals) : String(options.amount);
+  const fromAmountDisplay = isMax ? `${fromAmountRaw} (max)` : fromAmountRaw;
+  if (options.dryRun) {
+    const estimatedOutput = formatBigintAmount(quote.estimatedOutput, quote.toCoin.decimals);
+    const result = {
+      dryRun: true,
+      fromChain: String(options.fromChain),
+      fromToken: quote.fromCoin.ticker,
+      toChain: String(options.toChain),
+      toToken: quote.toCoin.ticker,
+      inputAmount: fromAmountRaw,
+      ...isMax && { isMax: true },
+      estimatedOutput,
+      provider: quote.provider
+    };
+    if (quote.estimatedOutputFiat != null) {
+      result.estimatedOutputFiat = parseFloat(quote.estimatedOutputFiat.toFixed(2));
+    }
+    if (quote.requiresApproval) {
+      result.requiresApproval = true;
+    }
+    if (quote.warnings && quote.warnings.length > 0) {
+      result.warnings = [...quote.warnings];
+    }
+    if (isJsonOutput()) {
+      outputJson(result);
+    } else {
+      info(`
+Dry-run preview:`);
+      info(`  From:             ${result.inputAmount} ${result.fromToken} (${result.fromChain})`);
+      info(`  To:               ${result.estimatedOutput} ${result.toToken} (${result.toChain})`);
+      info(`  Provider:         ${result.provider}`);
+      if (result.estimatedOutputFiat != null) info(`  Est. value (USD): $${result.estimatedOutputFiat}`);
+      if (result.requiresApproval) info(`  Requires approval: yes`);
+      if (result.warnings?.length) result.warnings.forEach((w) => warn(`  Warning: ${w}`));
+    }
+    return result;
+  }
   const feeBalance = await vault.balance(options.fromChain);
   const discountTier = await vault.getDiscountTier();
   if (!isJsonOutput()) {
@@ -3703,86 +4123,43 @@ async function executeSwap(ctx2, options) {
       discountTier
     });
   }
-  if (!options.yes && !isJsonOutput()) {
+  if (!options.yes) {
+    if (isNonInteractive()) {
+      throw new Error("Swap requires confirmation. Use --yes to skip, or --dry-run to preview.");
+    }
     const confirmed = await confirmSwap();
     if (!confirmed) {
       warn("Swap cancelled");
       throw new Error("Swap cancelled by user");
     }
   }
-  const prepSpinner = createSpinner("Preparing swap transaction...");
-  const { keysignPayload, approvalPayload } = await vault.prepareSwapTx({
-    fromCoin: { chain: options.fromChain, token: options.fromToken },
-    toCoin: { chain: options.toChain, token: options.toToken },
-    amount: resolvedAmount,
-    swapQuote: quote,
-    autoApprove: false
-  });
-  prepSpinner.succeed("Swap prepared");
   await ensureVaultUnlocked(vault, options.password);
-  if (approvalPayload) {
-    info("\nToken approval required before swap...");
-    const approvalSpinner = createSpinner("Signing approval transaction...");
-    vault.on("signingProgress", ({ step }) => {
-      approvalSpinner.text = `Approval: ${step.message} (${step.progress}%)`;
-    });
-    try {
-      const approvalHashes = await vault.extractMessageHashes(approvalPayload);
-      const approvalSig = await vault.sign(
-        {
-          transaction: approvalPayload,
-          chain: options.fromChain,
-          messageHashes: approvalHashes
-        },
-        { signal: options.signal }
-      );
-      approvalSpinner.succeed("Approval signed");
-      const broadcastApprovalSpinner = createSpinner("Broadcasting approval...");
-      const approvalTxHash = await vault.broadcastTx({
-        chain: options.fromChain,
-        keysignPayload: approvalPayload,
-        signature: approvalSig
-      });
-      broadcastApprovalSpinner.succeed(`Approval broadcast: ${approvalTxHash}`);
-      info("Waiting for approval to confirm...");
-      await new Promise((resolve) => setTimeout(resolve, 5e3));
-    } finally {
-      vault.removeAllListeners("signingProgress");
-    }
-  }
   const signSpinner = createSpinner("Signing swap transaction...");
   vault.on("signingProgress", ({ step }) => {
     signSpinner.text = `${step.message} (${step.progress}%)`;
   });
   try {
-    const messageHashes = await vault.extractMessageHashes(keysignPayload);
-    const signature = await vault.sign(
-      {
-        transaction: keysignPayload,
-        chain: options.fromChain,
-        messageHashes
-      },
-      { signal: options.signal }
-    );
-    signSpinner.succeed("Swap transaction signed");
-    const broadcastSpinner = createSpinner("Broadcasting swap transaction...");
-    const txHash = await vault.broadcastTx({
-      chain: options.fromChain,
-      keysignPayload,
-      signature
+    const result = await vault.swap({
+      fromChain: options.fromChain,
+      fromSymbol: options.fromToken || "",
+      toChain: options.toChain,
+      toSymbol: options.toToken || "",
+      amount: amountStr
     });
-    broadcastSpinner.succeed(`Swap broadcast: ${txHash}`);
+    if (result.dryRun) throw new Error("unreachable");
+    const broadcast = result;
+    signSpinner.succeed(`Swap broadcast: ${broadcast.txHash}`);
     if (isJsonOutput()) {
       outputJson({
-        txHash,
+        txHash: broadcast.txHash,
         fromChain: options.fromChain,
         toChain: options.toChain,
         quote
       });
     } else {
-      displaySwapResult(options.fromChain, options.toChain, txHash, quote, quote.toCoin.decimals);
+      displaySwapResult(options.fromChain, options.toChain, broadcast.txHash, quote, quote.toCoin.decimals);
     }
-    return { txHash, quote };
+    return { txHash: broadcast.txHash, quote };
   } finally {
     vault.removeAllListeners("signingProgress");
   }
@@ -4067,20 +4444,31 @@ async function executeRujiraSwap(ctx2, options) {
     slippageBps: options.slippageBps
   });
   quoteSpinner.succeed("Quote received");
-  if (isJsonOutput()) {
-    const result2 = await client.swap.execute(quote, { slippageBps: options.slippageBps });
-    outputJson({ quote, result: result2 });
+  if (options.dryRun) {
+    if (isJsonOutput()) {
+      outputJson({ dryRun: true, quote });
+    } else {
+      printResult("FIN Swap Preview (dry-run)");
+      printResult(`  From:        ${options.fromAsset}`);
+      printResult(`  To:          ${options.toAsset}`);
+      printResult(`  Amount (in): ${options.amount}`);
+      printResult(`  Expected out:${quote.expectedOutput}`);
+      printResult(`  Min out:     ${quote.minimumOutput}`);
+      printResult(`  Contract:    ${quote.contractAddress}`);
+    }
     return;
   }
-  printResult("FIN Swap Preview");
-  printResult(`  From:        ${options.fromAsset}`);
-  printResult(`  To:          ${options.toAsset}`);
-  printResult(`  Amount (in): ${options.amount}`);
-  printResult(`  Expected out:${quote.expectedOutput}`);
-  printResult(`  Min out:     ${quote.minimumOutput}`);
-  printResult(`  Contract:    ${quote.contractAddress}`);
-  if (quote.warning) {
-    warn(quote.warning);
+  if (!isJsonOutput()) {
+    printResult("FIN Swap Preview");
+    printResult(`  From:        ${options.fromAsset}`);
+    printResult(`  To:          ${options.toAsset}`);
+    printResult(`  Amount (in): ${options.amount}`);
+    printResult(`  Expected out:${quote.expectedOutput}`);
+    printResult(`  Min out:     ${quote.minimumOutput}`);
+    printResult(`  Contract:    ${quote.contractAddress}`);
+    if (quote.warning) {
+      warn(quote.warning);
+    }
   }
   if (!options.yes) {
     warn("This command will execute a swap. Re-run with -y/--yes to skip this warning.");
@@ -4089,7 +4477,11 @@ async function executeRujiraSwap(ctx2, options) {
   const execSpinner = createSpinner("Executing FIN swap...");
   const result = await client.swap.execute(quote, { slippageBps: options.slippageBps });
   execSpinner.succeed("Swap submitted");
-  printResult(`Tx Hash: ${result.txHash}`);
+  if (isJsonOutput()) {
+    outputJson({ quote, result });
+  } else {
+    printResult(`Tx Hash: ${result.txHash}`);
+  }
 }
 async function executeRujiraWithdraw(ctx2, options) {
   const vault = await ctx2.ensureActiveVault();
@@ -4103,17 +4495,27 @@ async function executeRujiraWithdraw(ctx2, options) {
     maxFeeBps: options.maxFeeBps
   });
   prepSpinner.succeed("Withdrawal prepared");
-  if (isJsonOutput()) {
-    const result2 = await client.withdraw.execute(prepared);
-    outputJson({ prepared, result: result2 });
+  if (options.dryRun) {
+    if (isJsonOutput()) {
+      outputJson({ dryRun: true, prepared });
+    } else {
+      printResult("Withdraw Preview (dry-run)");
+      printResult(`  Asset:       ${prepared.asset}`);
+      printResult(`  Amount:      ${prepared.amount}`);
+      printResult(`  Destination: ${prepared.destination}`);
+      printResult(`  Memo:        ${prepared.memo}`);
+      printResult(`  Est. fee:    ${prepared.estimatedFee}`);
+    }
     return;
   }
-  printResult("Withdraw Preview");
-  printResult(`  Asset:       ${prepared.asset}`);
-  printResult(`  Amount:      ${prepared.amount}`);
-  printResult(`  Destination: ${prepared.destination}`);
-  printResult(`  Memo:        ${prepared.memo}`);
-  printResult(`  Est. fee:    ${prepared.estimatedFee}`);
+  if (!isJsonOutput()) {
+    printResult("Withdraw Preview");
+    printResult(`  Asset:       ${prepared.asset}`);
+    printResult(`  Amount:      ${prepared.amount}`);
+    printResult(`  Destination: ${prepared.destination}`);
+    printResult(`  Memo:        ${prepared.memo}`);
+    printResult(`  Est. fee:    ${prepared.estimatedFee}`);
+  }
   if (!options.yes) {
     warn("This command will broadcast a THORChain MsgDeposit withdrawal. Re-run with -y/--yes to proceed.");
     throw new Error("Confirmation required (use --yes)");
@@ -4121,7 +4523,11 @@ async function executeRujiraWithdraw(ctx2, options) {
   const execSpinner = createSpinner("Broadcasting withdrawal...");
   const result = await client.withdraw.execute(prepared);
   execSpinner.succeed("Withdrawal submitted");
-  printResult(`Tx Hash: ${result.txHash}`);
+  if (isJsonOutput()) {
+    outputJson({ prepared, result });
+  } else {
+    printResult(`Tx Hash: ${result.txHash}`);
+  }
 }
 
 // src/commands/discount.ts
@@ -4222,10 +4628,129 @@ function displayDiscountTier(tierInfo) {
   printResult("");
 }
 
+// src/commands/auth.ts
+import { executeAuthLogout, executeAuthSetup, executeAuthStatus } from "@vultisig/client-shared";
+
 // src/commands/agent.ts
 import chalk9 from "chalk";
 import Table from "cli-table3";
 
+// src/agent/agentErrors.ts
+import { VaultError as VaultError2, VaultErrorCode as VaultErrorCode2, VaultImportError as VaultImportError2, VaultImportErrorCode as VaultImportErrorCode2 } from "@vultisig/sdk";
+var AgentErrorCode = /* @__PURE__ */ ((AgentErrorCode3) => {
+  AgentErrorCode3["BACKEND_UNREACHABLE"] = "BACKEND_UNREACHABLE";
+  AgentErrorCode3["AUTH_FAILED"] = "AUTH_FAILED";
+  AgentErrorCode3["VAULT_LOCKED"] = "VAULT_LOCKED";
+  AgentErrorCode3["PASSWORD_REQUIRED"] = "PASSWORD_REQUIRED";
+  AgentErrorCode3["CONFIRMATION_REQUIRED"] = "CONFIRMATION_REQUIRED";
+  AgentErrorCode3["ACTION_NOT_IMPLEMENTED"] = "ACTION_NOT_IMPLEMENTED";
+  AgentErrorCode3["INVALID_INPUT"] = "INVALID_INPUT";
+  AgentErrorCode3["NETWORK_ERROR"] = "NETWORK_ERROR";
+  AgentErrorCode3["TIMEOUT"] = "TIMEOUT";
+  AgentErrorCode3["TRANSACTION_FAILED"] = "TRANSACTION_FAILED";
+  AgentErrorCode3["SIGNING_FAILED"] = "SIGNING_FAILED";
+  AgentErrorCode3["SESSION_NOT_INITIALIZED"] = "SESSION_NOT_INITIALIZED";
+  AgentErrorCode3["UNKNOWN_ERROR"] = "UNKNOWN_ERROR";
+  return AgentErrorCode3;
+})(AgentErrorCode || {});
+var AGENT_ERROR_CODE_VALUES = new Set(Object.values(AgentErrorCode));
+function isAgentErrorCode(value) {
+  return AGENT_ERROR_CODE_VALUES.has(value);
+}
+function mapVaultError(err) {
+  if (err.code === VaultErrorCode2.InvalidConfig && /failed to unlock vault/i.test(err.message)) {
+    return "AUTH_FAILED" /* AUTH_FAILED */;
+  }
+  switch (err.code) {
+    case VaultErrorCode2.Timeout:
+      return "TIMEOUT" /* TIMEOUT */;
+    case VaultErrorCode2.NetworkError:
+    case VaultErrorCode2.BalanceFetchFailed:
+      return "NETWORK_ERROR" /* NETWORK_ERROR */;
+    case VaultErrorCode2.SigningFailed:
+      return "SIGNING_FAILED" /* SIGNING_FAILED */;
+    case VaultErrorCode2.BroadcastFailed:
+    case VaultErrorCode2.GasEstimationFailed:
+      return "TRANSACTION_FAILED" /* TRANSACTION_FAILED */;
+    case VaultErrorCode2.NotImplemented:
+      return "ACTION_NOT_IMPLEMENTED" /* ACTION_NOT_IMPLEMENTED */;
+    case VaultErrorCode2.InvalidAmount:
+    case VaultErrorCode2.UnsupportedChain:
+    case VaultErrorCode2.UnsupportedToken:
+    case VaultErrorCode2.ChainNotSupported:
+    case VaultErrorCode2.InvalidVault:
+    case VaultErrorCode2.InvalidPublicKey:
+    case VaultErrorCode2.InvalidChainCode:
+    case VaultErrorCode2.AddressDerivationFailed:
+      return "INVALID_INPUT" /* INVALID_INPUT */;
+    case VaultErrorCode2.InvalidConfig:
+      return "INVALID_INPUT" /* INVALID_INPUT */;
+    default:
+      return "UNKNOWN_ERROR" /* UNKNOWN_ERROR */;
+  }
+}
+function mapVaultImportError(err) {
+  switch (err.code) {
+    case VaultImportErrorCode2.PASSWORD_REQUIRED:
+      return "PASSWORD_REQUIRED" /* PASSWORD_REQUIRED */;
+    case VaultImportErrorCode2.INVALID_PASSWORD:
+      return "AUTH_FAILED" /* AUTH_FAILED */;
+    default:
+      return "INVALID_INPUT" /* INVALID_INPUT */;
+  }
+}
+function networkishMessage(msg) {
+  return /ECONNREFUSED|ENOTFOUND|ETIMEDOUT|network|fetch failed|socket/i.test(msg) || /getaddrinfo|certificate|TLS|SSL/i.test(msg);
+}
+function inferAgentErrorCodeFromMessage(message) {
+  const m = message.trim();
+  if (!m) return "UNKNOWN_ERROR" /* UNKNOWN_ERROR */;
+  if (/agent backend unreachable/i.test(m)) return "BACKEND_UNREACHABLE" /* BACKEND_UNREACHABLE */;
+  if (/authentication failed|^auth failed/i.test(m)) return "AUTH_FAILED" /* AUTH_FAILED */;
+  if (m === "PASSWORD_REQUIRED") return "PASSWORD_REQUIRED" /* PASSWORD_REQUIRED */;
+  if (/^CONFIRMATION_REQUIRED:/i.test(m)) return "CONFIRMATION_REQUIRED" /* CONFIRMATION_REQUIRED */;
+  if (/password required|password not provided|use --password/i.test(m)) return "PASSWORD_REQUIRED" /* PASSWORD_REQUIRED */;
+  if (/session not initialized/i.test(m)) return "SESSION_NOT_INITIALIZED" /* SESSION_NOT_INITIALIZED */;
+  if (/not implemented locally|is not yet implemented|is not implemented locally|action type .*not implemented/i.test(m)) {
+    return "ACTION_NOT_IMPLEMENTED" /* ACTION_NOT_IMPLEMENTED */;
+  }
+  if (/\(401\)|\(403\)|\b401\b|\b403\b|unauthorized|forbidden/i.test(m)) return "AUTH_FAILED" /* AUTH_FAILED */;
+  if (/failed to unlock vault/i.test(m)) return "AUTH_FAILED" /* AUTH_FAILED */;
+  if (/vault.*locked|must unlock|unlock.*vault/i.test(m)) return "VAULT_LOCKED" /* VAULT_LOCKED */;
+  if (/timed out|timeout/i.test(m)) return "TIMEOUT" /* TIMEOUT */;
+  if (networkishMessage(m)) return "NETWORK_ERROR" /* NETWORK_ERROR */;
+  if (/unknown chain|unknown from_chain|unknown to_chain/i.test(m) || /\bis required\b|\bmissing\b|\brequires\b/i.test(m) || /no pending transaction|invalid or empty tx|could not stage calldata|server transaction missing/i.test(m) || /build_custom_tx requires|incomplete for a contract call|invalid der:/i.test(m)) {
+    return "INVALID_INPUT" /* INVALID_INPUT */;
+  }
+  return "UNKNOWN_ERROR" /* UNKNOWN_ERROR */;
+}
+function nodeErrCode(err) {
+  if (err && typeof err === "object" && "code" in err && typeof err.code === "string") {
+    return err.code;
+  }
+  return void 0;
+}
+function normalizeAgentError(err) {
+  if (err instanceof VaultError2) {
+    return { code: mapVaultError(err), message: err.message };
+  }
+  if (err instanceof VaultImportError2) {
+    return { code: mapVaultImportError(err), message: err.message };
+  }
+  const name = err instanceof Error ? err.name : "";
+  if (name === "AbortError") {
+    const message2 = err instanceof Error ? err.message : "Aborted";
+    const code = /timed out|timeout/i.test(message2) ? "TIMEOUT" /* TIMEOUT */ : "UNKNOWN_ERROR" /* UNKNOWN_ERROR */;
+    return { code, message: message2 };
+  }
+  const message = err instanceof Error ? err.message : String(err);
+  const nc = nodeErrCode(err);
+  if (nc === "ECONNREFUSED" || nc === "ENOTFOUND" || nc === "ETIMEDOUT") {
+    return { code: "NETWORK_ERROR" /* NETWORK_ERROR */, message };
+  }
+  return { code: inferAgentErrorCodeFromMessage(message), message };
+}
+
 // src/agent/ask.ts
 var AskInterface = class {
   session;
@@ -4252,10 +4777,10 @@ var AskInterface = class {
 `);
         }
       },
-      onToolResult: (_id, action, success2, data, error2) => {
-        this.toolCalls.push({ action, success: success2, data, error: error2 });
+      onToolResult: (_id, action, success2, data, error2, code) => {
+        this.toolCalls.push({ action, success: success2, data, error: error2, code });
         if (this.verbose) {
-          const status = success2 ? "ok" : `error: ${error2}`;
+          const status = success2 ? "ok" : `error: ${error2}${code ? ` [${code}]` : ""}`;
           process.stderr.write(`[tool] ${action}: ${status}
 `);
         }
@@ -4274,8 +4799,8 @@ var AskInterface = class {
 `);
         }
       },
-      onError: (message) => {
-        process.stderr.write(`[error] ${message}
+      onError: (message, code) => {
+        process.stderr.write(`[error] ${message} [${code}]
 `);
       },
       onDone: () => {
@@ -4406,6 +4931,17 @@ function padTo32Bytes(buf) {
 }
 
 // src/agent/client.ts
+function sseErrorToMessage(value) {
+  if (value == null) return "";
+  if (typeof value === "string") return value;
+  if (typeof value === "number" || typeof value === "boolean" || typeof value === "bigint") return String(value);
+  if (value instanceof Error) return value.message;
+  try {
+    return JSON.stringify(value);
+  } catch {
+    return String(value);
+  }
+}
 var AgentClient = class {
   baseUrl;
   authToken = null;
@@ -4460,7 +4996,9 @@ var AgentClient = class {
     return this.post(`/agent/conversations/${conversationId}`, req);
   }
   async deleteConversation(conversationId, publicKey) {
-    await this.delete(`/agent/conversations/${conversationId}`, { public_key: publicKey });
+    await this.delete(`/agent/conversations/${conversationId}`, {
+      public_key: publicKey
+    });
   }
   // ============================================================================
   // Messages - JSON mode
@@ -4542,8 +5080,30 @@ var AgentClient = class {
   }
   handleSSEEvent(event, data, result, callbacks) {
     try {
-      const parsed = JSON.parse(data);
-      switch (event) {
+      const rawParsed = JSON.parse(data);
+      let resolvedEvent = event;
+      let parsed = rawParsed;
+      if (event === "message" && typeof rawParsed?.type === "string") {
+        const v1Type = rawParsed.type;
+        if (v1Type === "text-delta") {
+          resolvedEvent = "text_delta";
+        } else if (v1Type === "finish") {
+          resolvedEvent = "done";
+        } else if (v1Type === "error") {
+          resolvedEvent = "error";
+          parsed = { error: rawParsed.errorText ?? rawParsed.error };
+        } else if (v1Type.startsWith("data-")) {
+          resolvedEvent = v1Type.slice(5);
+          if (rawParsed.data && typeof rawParsed.data === "object" && !Array.isArray(rawParsed.data)) {
+            parsed = rawParsed.data;
+          }
+        } else {
+          resolvedEvent = v1Type;
+          if (this.verbose) process.stderr.write(`[SSE:unmapped v1 type: ${v1Type}]
+`);
+        }
+      }
+      switch (resolvedEvent) {
         case "text_delta":
           if (typeof parsed.delta === "string") {
             result.fullText += parsed.delta;
@@ -4581,9 +5141,12 @@ var AgentClient = class {
           result.message = parsed.message || parsed;
           callbacks.onMessage?.(result.message);
           break;
-        case "error":
-          callbacks.onError?.(parsed.error);
+        case "error": {
+          const msg = sseErrorToMessage(parsed.error);
+          const codeFromBackend = typeof parsed.code === "string" && isAgentErrorCode(parsed.code) ? parsed.code : inferAgentErrorCodeFromMessage(msg);
+          callbacks.onError?.(msg, codeFromBackend);
           break;
+        }
         case "done":
           break;
       }
@@ -5015,6 +5578,7 @@ var AgentExecutor = class {
   stateStore = null;
   /** Held chain lock release functions, keyed by chain name */
   chainLockReleases = /* @__PURE__ */ new Map();
+  evmLastBroadcast = /* @__PURE__ */ new Map();
   /** Backend client for resolving calldata_id references. */
   backendClient = null;
   constructor(vault, verbose = false, vaultId, vultisig) {
@@ -5092,11 +5656,13 @@ var AgentExecutor = class {
         data
       };
     } catch (err) {
+      const { code, message } = normalizeAgentError(err);
       return {
         action: action.type,
         action_id: action.id,
         success: false,
-        error: err.message || String(err)
+        error: message,
+        code
       };
     }
   }
@@ -5559,6 +6125,7 @@ var AgentExecutor = class {
         keysignPayload: payload,
         signature
       });
+      this.evmLastBroadcast.set(chain.toString(), Date.now());
       try {
         this.recordEvmNonceFromPayload(chain, payload, messageHashes.length);
       } catch (nonceErr) {
@@ -5656,6 +6223,7 @@ var AgentExecutor = class {
         keysignPayload,
         signature
       });
+      this.evmLastBroadcast.set(chain.toString(), Date.now());
       try {
         this.recordEvmNonceFromPayload(chain, keysignPayload, messageHashes.length);
       } catch (nonceErr) {
@@ -5814,6 +6382,16 @@ var AgentExecutor = class {
     const rpcNonce = bs.value.nonce;
     const nextNonce = this.stateStore.getNextEvmNonce(chain, rpcNonce);
     if (nextNonce !== rpcNonce) {
+      const lastBroadcast = this.evmLastBroadcast.get(chain.toString()) ?? 0;
+      if (Date.now() - lastBroadcast < 15e3) {
+        if (this.verbose)
+          process.stderr.write(
+            `[nonce] Keeping local nonce ${nextNonce} for ${chain} (broadcast ${Date.now() - lastBroadcast}ms ago)
+`
+          );
+        bs.value.nonce = nextNonce;
+        return;
+      }
       const pendingNonce = await this.fetchEvmPendingNonce(chain);
       if (pendingNonce !== null && pendingNonce === rpcNonce) {
         if (this.verbose)
@@ -6449,7 +7027,12 @@ var PipeInterface = class {
             const cmd = JSON.parse(nextLine);
             await this.handleCommand(cmd);
           } catch (err) {
-            this.emit({ type: "error", message: `Invalid input: ${err.message}` });
+            const { message, code } = normalizeAgentError(err);
+            this.emit({
+              type: "error",
+              message: `Invalid input: ${message}`,
+              code: code === "UNKNOWN_ERROR" /* UNKNOWN_ERROR */ ? "INVALID_INPUT" /* INVALID_INPUT */ : code
+            });
           }
         }
         processing = false;
@@ -6490,8 +7073,16 @@ var PipeInterface = class {
       onToolCall: (id, action, params) => {
         this.emit({ type: "tool_call", id, action, params, status: "running" });
       },
-      onToolResult: (id, action, success2, data, error2) => {
-        this.emit({ type: "tool_result", id, action, success: success2, data, error: error2 });
+      onToolResult: (id, action, success2, data, error2, code) => {
+        this.emit({
+          type: "tool_result",
+          id,
+          action,
+          success: success2,
+          data,
+          error: error2,
+          ...!success2 && code ? { code } : {}
+        });
       },
       onAssistantMessage: (content) => {
         this.emit({ type: "assistant", content });
@@ -6508,8 +7099,8 @@ var PipeInterface = class {
           explorer_url: explorerUrl
         });
       },
-      onError: (message) => {
-        this.emit({ type: "error", message });
+      onError: (message, code) => {
+        this.emit({ type: "error", message, code });
       },
       onDone: () => {
         this.emit({ type: "done" });
@@ -6517,13 +7108,17 @@ var PipeInterface = class {
       requestPassword: async () => {
         return new Promise((resolve) => {
           this.pendingPasswordResolve = resolve;
-          this.emit({ type: "error", message: "PASSWORD_REQUIRED" });
+          this.emit({ type: "error", message: "PASSWORD_REQUIRED", code: "PASSWORD_REQUIRED" /* PASSWORD_REQUIRED */ });
         });
       },
       requestConfirmation: async (message) => {
         return new Promise((resolve) => {
           this.pendingConfirmResolve = resolve;
-          this.emit({ type: "error", message: `CONFIRMATION_REQUIRED: ${message}` });
+          this.emit({
+            type: "error",
+            message: `CONFIRMATION_REQUIRED: ${message}`,
+            code: "CONFIRMATION_REQUIRED" /* CONFIRMATION_REQUIRED */
+          });
         });
       }
     };
@@ -6535,7 +7130,8 @@ var PipeInterface = class {
         try {
           await this.session.sendMessage(cmd.content, callbacks);
         } catch (err) {
-          this.emit({ type: "error", message: err.message });
+          const { message, code } = normalizeAgentError(err);
+          this.emit({ type: "error", message, code });
           this.emit({ type: "done" });
         }
         break;
@@ -6555,7 +7151,11 @@ var PipeInterface = class {
         break;
       }
       default:
-        this.emit({ type: "error", message: `Unknown command type: ${cmd.type}` });
+        this.emit({
+          type: "error",
+          message: `Unknown command type: ${cmd.type}`,
+          code: "INVALID_INPUT" /* INVALID_INPUT */
+        });
     }
   }
   emit(event) {
@@ -6738,7 +7338,8 @@ var AgentSession = class {
         action_id: result.action_id,
         success: result.success,
         data: result.data || {},
-        error: result.error || ""
+        error: result.error || "",
+        ...!result.success && result.code ? { code: result.code } : {}
       };
     }
     let serverTxStoredFromStream = 0;
@@ -6771,22 +7372,16 @@ var AgentSession = class {
         },
         onMessage: (_msg) => {
         },
-        onError: (error2) => {
-          ui.onError(error2);
+        onError: (error2, code) => {
+          ui.onError(error2, code);
         }
       },
       this.abortController?.signal
     );
     const responseText = streamResult.message?.content || streamResult.fullText || "";
-    const inlineActions = parseInlineToolCalls(responseText);
-    if (inlineActions.length > 0) {
-      const cleanText = responseText.replace(/<invoke\s+name="[^"]*">[\s\S]*?<\/invoke>/g, "").replace(/<\/?minimax:tool_call>/g, "").trim();
-      if (cleanText) {
-        ui.onAssistantMessage(cleanText);
-      }
-      streamResult.actions.push(...inlineActions);
-    } else if (responseText) {
-      ui.onAssistantMessage(responseText);
+    const displayText = stripLeakedToolCallTags(responseText);
+    if (displayText) {
+      ui.onAssistantMessage(displayText);
     }
     const actions = streamResult.actions.filter((a) => a.type !== "sign_tx");
     if (actions.length > 0) {
@@ -6860,7 +7455,8 @@ var AgentSession = class {
               action: action.type,
               action_id: action.id,
               success: false,
-              error: "Password not provided"
+              error: "Password not provided",
+              code: "PASSWORD_REQUIRED" /* PASSWORD_REQUIRED */
             });
             continue;
           }
@@ -6869,7 +7465,7 @@ var AgentSession = class {
       ui.onToolCall(action.id, action.type, action.params);
       const result = await this.executor.executeAction(action);
       results.push(result);
-      ui.onToolResult(action.id, action.type, result.success, result.data, result.error);
+      ui.onToolResult(action.id, action.type, result.success, result.data, result.error, result.code);
       if (action.type === "sign_tx" && result.success && result.data) {
         const txHash = result.data.tx_hash;
         const chain = result.data.chain;
@@ -6899,34 +7495,12 @@ var AgentSession = class {
     this.historyMessages = [];
   }
 };
-function parseInlineToolCalls(text) {
-  const actions = [];
-  const invokeRegex = /<invoke\s+name="([^"]+)">([\s\S]*?)<\/invoke>/g;
-  let match;
-  while ((match = invokeRegex.exec(text)) !== null) {
-    const actionType = match[1];
-    const body = match[2];
-    const params = {};
-    const paramRegex = /<parameter\s+name="([^"]+)">([\s\S]*?)<\/parameter>/g;
-    let paramMatch;
-    while ((paramMatch = paramRegex.exec(body)) !== null) {
-      const key = paramMatch[1];
-      const value = paramMatch[2];
-      try {
-        params[key] = JSON.parse(value);
-      } catch {
-        params[key] = value;
-      }
-    }
-    actions.push({
-      id: `inline_${actionType}_${Date.now()}`,
-      type: actionType,
-      title: actionType,
-      params,
-      auto_execute: true
-    });
+function stripLeakedToolCallTags(text) {
+  if (!text) return "";
+  if (!/<invoke\s+name="[^"]*">/.test(text) && !text.includes("minimax:tool_call")) {
+    return text;
   }
-  return actions;
+  return text.replace(/<invoke\s+name="[^"]*">[\s\S]*?<\/invoke>/g, "").replace(/<\/?minimax:tool_call>/g, "").replace(/\n{3,}/g, "\n\n").trim();
 }
 function getTokenCachePath() {
   const dir = process.env.VULTISIG_CONFIG_DIR ?? join2(homedir2(), ".vultisig");
@@ -7102,7 +7676,7 @@ var ChatTUI = class {
           console.log(`  ${chalk8.yellow("\u26A1")} ${chalk8.yellow(action)} ${chalk8.gray("...")}`);
         }
       },
-      onToolResult: (_id, action, success2, data, error2) => {
+      onToolResult: (_id, action, success2, data, error2, code) => {
         if (success2) {
           if (this.verbose) {
             const summary = data ? summarizeData(data) : "";
@@ -7111,7 +7685,8 @@ var ChatTUI = class {
             console.log(`  ${chalk8.green("\u2713")} ${chalk8.green(action)}`);
           }
         } else {
-          console.log(`  ${chalk8.red("\u2717")} ${chalk8.red(action)}: ${chalk8.red(error2 || "failed")}`);
+          const suffix = code && this.verbose ? chalk8.gray(` (${code})`) : "";
+          console.log(`  ${chalk8.red("\u2717")} ${chalk8.red(action)}: ${chalk8.red(error2 || "failed")}${suffix}`);
         }
       },
       onAssistantMessage: (content) => {
@@ -7139,12 +7714,13 @@ var ChatTUI = class {
           console.log(`     ${chalk8.blue.underline(explorerUrl)}`);
         }
       },
-      onError: (message) => {
+      onError: (message, code) => {
         if (this.isStreaming) {
           process.stdout.write("\n");
           this.isStreaming = false;
         }
-        console.log(`  ${chalk8.red("Error")}: ${message}`);
+        const suffix = this.verbose ? chalk8.gray(` (${code})`) : "";
+        console.log(`  ${chalk8.red("Error")}: ${message}${suffix}`);
       },
       onDone: () => {
         if (this.isStreaming) {
@@ -7353,7 +7929,8 @@ async function executeAgent(ctx2, options) {
       const addresses = session.getVaultAddresses();
       await pipe.start(vault.name, addresses);
     } catch (err) {
-      process.stdout.write(JSON.stringify({ type: "error", message: err.message }) + "\n");
+      const { code, message } = normalizeAgentError(err);
+      process.stdout.write(JSON.stringify({ type: "error", message, code }) + "\n");
       process.exit(1);
     }
   } else {
@@ -7363,7 +7940,8 @@ async function executeAgent(ctx2, options) {
       await session.initialize(callbacks);
       await tui.start();
     } catch (err) {
-      console.error(`Agent error: ${err.message}`);
+      const { message } = normalizeAgentError(err);
+      console.error(`Agent error: ${message}`);
       process.exit(1);
     }
   }
@@ -7390,15 +7968,13 @@ async function executeAgentAsk(ctx2, message, options) {
     const callbacks = ask.getCallbacks();
     await session.initialize(callbacks);
     const result = await ask.ask(message);
-    if (options.json) {
-      process.stdout.write(
-        JSON.stringify({
-          session_id: result.sessionId,
-          response: result.response,
-          tool_calls: result.toolCalls,
-          transactions: result.transactions
-        }) + "\n"
-      );
+    if (options.json || isJsonOutput()) {
+      outputJson({
+        session_id: result.sessionId,
+        response: result.response,
+        tool_calls: result.toolCalls,
+        transactions: result.transactions
+      });
     } else {
       process.stdout.write(`session:${result.sessionId}
 `);
@@ -7418,10 +7994,11 @@ tx:${tx.chain}:${tx.hash}
       }
     }
   } catch (err) {
+    const { code, message: message2 } = normalizeAgentError(err);
     if (options.json) {
-      process.stdout.write(JSON.stringify({ error: err.message }) + "\n");
+      process.stdout.write(JSON.stringify({ error: message2, code }) + "\n");
     } else {
-      process.stderr.write(`Error: ${err.message}
+      process.stderr.write(`Error: ${message2} [${code}]
 `);
     }
     process.exit(1);
@@ -7463,46 +8040,294 @@ async function executeAgentSessionsList(ctx2, options) {
     printResult("No sessions found.");
     return;
   }
-  const table = new Table({
-    head: [chalk9.cyan("ID"), chalk9.cyan("Title"), chalk9.cyan("Created"), chalk9.cyan("Updated")]
-  });
-  for (const conv of allConversations) {
-    table.push([
-      conv.id,
-      conv.title || chalk9.gray("(untitled)"),
-      formatDate(conv.created_at),
-      formatDate(conv.updated_at)
-    ]);
+  const table = new Table({
+    head: [chalk9.cyan("ID"), chalk9.cyan("Title"), chalk9.cyan("Created"), chalk9.cyan("Updated")]
+  });
+  for (const conv of allConversations) {
+    table.push([
+      conv.id,
+      conv.title || chalk9.gray("(untitled)"),
+      formatDate(conv.created_at),
+      formatDate(conv.updated_at)
+    ]);
+  }
+  printResult(table.toString());
+  printResult(chalk9.gray(`
+  ${totalCount} session(s) total`));
+}
+async function executeAgentSessionsDelete(ctx2, sessionId, options) {
+  const vault = await ctx2.ensureActiveVault();
+  const backendUrl = options.backendUrl || process.env.VULTISIG_AGENT_URL || "https://abe.vultisig.com";
+  const client = await createAuthenticatedClient(backendUrl, vault, options.password);
+  const publicKey = vault.publicKeys.ecdsa;
+  await client.deleteConversation(sessionId, publicKey);
+  if (isJsonOutput()) {
+    outputJson({ deleted: sessionId });
+    return;
+  }
+  printResult(chalk9.green(`Session ${sessionId} deleted.`));
+}
+async function createAuthenticatedClient(backendUrl, vault, password) {
+  const client = new AgentClient(backendUrl);
+  const auth = await authenticateVault(client, vault, password);
+  client.setAuthToken(auth.token);
+  return client;
+}
+function formatDate(iso) {
+  try {
+    const d = new Date(iso);
+    return d.toLocaleDateString() + " " + d.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" });
+  } catch {
+    return iso;
+  }
+}
+
+// src/lib/version.ts
+import chalk10 from "chalk";
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3, existsSync as existsSync2 } from "fs";
+import { homedir as homedir3 } from "os";
+import { join as join3 } from "path";
+var cachedVersion = null;
+function getVersion() {
+  if (cachedVersion) return cachedVersion;
+  if (true) {
+    cachedVersion = "0.16.0";
+    return cachedVersion;
+  }
+  try {
+    const packagePath = new URL("../../package.json", import.meta.url);
+    const pkg = JSON.parse(readFileSync3(packagePath, "utf-8"));
+    cachedVersion = pkg.version;
+    return cachedVersion;
+  } catch {
+    cachedVersion = "0.0.0-unknown";
+    return cachedVersion;
+  }
+}
+var CACHE_DIR = join3(homedir3(), ".vultisig", "cache");
+var VERSION_CACHE_FILE = join3(CACHE_DIR, "version-check.json");
+var CACHE_TTL_MS = 24 * 60 * 60 * 1e3;
+function readVersionCache() {
+  try {
+    if (!existsSync2(VERSION_CACHE_FILE)) return null;
+    const data = readFileSync3(VERSION_CACHE_FILE, "utf-8");
+    return JSON.parse(data);
+  } catch {
+    return null;
+  }
+}
+function writeVersionCache(cache) {
+  try {
+    if (!existsSync2(CACHE_DIR)) {
+      mkdirSync3(CACHE_DIR, { recursive: true });
+    }
+    writeFileSync3(VERSION_CACHE_FILE, JSON.stringify(cache, null, 2));
+  } catch {
+  }
+}
+async function fetchLatestVersion() {
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 5e3);
+    const response = await fetch("https://registry.npmjs.org/@vultisig/cli/latest", {
+      signal: controller.signal,
+      headers: {
+        Accept: "application/json"
+      }
+    });
+    clearTimeout(timeout);
+    if (!response.ok) return null;
+    const data = await response.json();
+    return data.version ?? null;
+  } catch {
+    return null;
+  }
+}
+function isNewerVersion(v1, v2) {
+  const parse = (v) => {
+    const clean2 = v.replace(/^v/, "").replace(/-.*$/, "");
+    return clean2.split(".").map((n) => parseInt(n, 10) || 0);
+  };
+  const p1 = parse(v1);
+  const p2 = parse(v2);
+  for (let i = 0; i < 3; i++) {
+    const n1 = p1[i] ?? 0;
+    const n2 = p2[i] ?? 0;
+    if (n2 > n1) return true;
+    if (n2 < n1) return false;
+  }
+  if (v1.includes("-") && !v2.includes("-")) return true;
+  return false;
+}
+async function checkForUpdates() {
+  if (process.env.VULTISIG_NO_UPDATE_CHECK === "1") {
+    return null;
+  }
+  const currentVersion = getVersion();
+  const cache = readVersionCache();
+  if (cache && Date.now() - cache.lastCheck < CACHE_TTL_MS) {
+    return {
+      currentVersion,
+      latestVersion: cache.latestVersion,
+      updateAvailable: cache.latestVersion ? isNewerVersion(currentVersion, cache.latestVersion) : false
+    };
+  }
+  const latestVersion = await fetchLatestVersion();
+  writeVersionCache({
+    lastCheck: Date.now(),
+    latestVersion
+  });
+  return {
+    currentVersion,
+    latestVersion,
+    updateAvailable: latestVersion ? isNewerVersion(currentVersion, latestVersion) : false
+  };
+}
+function formatVersionShort() {
+  return `vultisig/${getVersion()}`;
+}
+function formatVersionDetailed() {
+  const lines = [];
+  lines.push(chalk10.bold(`Vultisig CLI v${getVersion()}`));
+  lines.push("");
+  lines.push(`  Node.js:   ${process.version}`);
+  lines.push(`  Platform:  ${process.platform}-${process.arch}`);
+  lines.push(`  Config:    ~/.vultisig/`);
+  return lines.join("\n");
+}
+function detectInstallMethod() {
+  const execPath = process.execPath;
+  if (execPath.includes("homebrew") || execPath.includes("Cellar")) {
+    return "homebrew";
+  }
+  if (process.env.npm_execpath?.includes("yarn")) {
+    return "yarn";
+  }
+  if (process.env.npm_config_user_agent?.includes("npm")) {
+    return "npm";
+  }
+  if (execPath.includes("node_modules")) {
+    return "npm";
+  }
+  return "unknown";
+}
+function getUpdateCommand() {
+  const method = detectInstallMethod();
+  switch (method) {
+    case "npm":
+      return "npm update -g @vultisig/cli";
+    case "yarn":
+      return "yarn global upgrade @vultisig/cli";
+    case "homebrew":
+      return "brew upgrade vultisig";
+    default:
+      return "npm update -g @vultisig/cli";
   }
-  printResult(table.toString());
-  printResult(chalk9.gray(`
-  ${totalCount} session(s) total`));
 }
-async function executeAgentSessionsDelete(ctx2, sessionId, options) {
-  const vault = await ctx2.ensureActiveVault();
-  const backendUrl = options.backendUrl || process.env.VULTISIG_AGENT_URL || "https://abe.vultisig.com";
-  const client = await createAuthenticatedClient(backendUrl, vault, options.password);
-  const publicKey = vault.publicKeys.ecdsa;
-  await client.deleteConversation(sessionId, publicKey);
-  if (isJsonOutput()) {
-    outputJson({ deleted: sessionId });
-    return;
+
+// src/commands/schema.ts
+var COMMAND_EXAMPLES = {
+  balance: {
+    examples: [
+      "vultisig balance",
+      "vultisig balance Ethereum --tokens",
+      "vultisig balance --output json --fields amount,symbol"
+    ]
+  },
+  addresses: {
+    examples: ["vultisig addresses", "vultisig addresses --output json"]
+  },
+  send: {
+    examples: [
+      "vultisig send Ethereum 0x... 0.1",
+      "vultisig send Bitcoin bc1q... --max --yes",
+      "vultisig send Ethereum 0x... 0.5 --dry-run --output json"
+    ]
+  },
+  execute: {
+    examples: [`vultisig execute THORChain <contract> '{"swap":{}}'`]
+  },
+  "swap-quote": {
+    examples: ["vultisig swap-quote Ethereum Bitcoin 0.1 --output json"]
+  },
+  vaults: {
+    examples: ["vultisig vaults", "vultisig vaults --output json"]
+  },
+  chains: {
+    examples: ["vultisig chains", "vultisig chains --add Solana"]
+  },
+  import: {
+    examples: ["vultisig import ~/vault.vult", "vultisig import ~/vault.vult --password secret"]
+  },
+  export: {
+    examples: ["vultisig export ~/backup.vult"]
+  },
+  "create.fast": {
+    examples: ["vultisig create fast --name mywallet --password secret --email me@example.com"]
+  },
+  "agent.ask": {
+    examples: [
+      'vultisig agent ask "What is my ETH balance?" --output json',
+      'vultisig agent ask "Send 0.1 ETH to 0x..." --session abc123'
+    ]
   }
-  printResult(chalk9.green(`Session ${sessionId} deleted.`));
+};
+var GLOBAL_ENUM_VALUES = {
+  "--output": ["json", "table"]
+};
+function mapOption(o, enumValues) {
+  return {
+    flags: o.flags,
+    description: o.description,
+    required: !!o.mandatory,
+    defaultValue: o.defaultValue,
+    ...enumValues?.[o.long] ? { enumValues: enumValues[o.long] } : {}
+  };
 }
-async function createAuthenticatedClient(backendUrl, vault, password) {
-  const client = new AgentClient(backendUrl);
-  const auth = await authenticateVault(client, vault, password);
-  client.setAuthToken(auth.token);
-  return client;
+function mapArguments(cmd) {
+  const args = cmd.registeredArguments;
+  if (!args?.length) return void 0;
+  return args.map((a) => ({
+    name: a._name ?? a.name?.(),
+    required: a.required,
+    description: a.description
+  }));
 }
-function formatDate(iso) {
-  try {
-    const d = new Date(iso);
-    return d.toLocaleDateString() + " " + d.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" });
-  } catch {
-    return iso;
-  }
+function executeSchema(prog) {
+  const schema = {
+    name: prog.name(),
+    version: getVersion(),
+    exitCodes: Object.fromEntries(Object.entries(EXIT_CODE_DESCRIPTIONS).map(([k, v]) => [String(k), v])),
+    globalOptions: prog.options.filter((o) => !o.hidden).map((o) => mapOption(o, GLOBAL_ENUM_VALUES)),
+    commands: prog.commands.filter((c) => !c._hidden).map((c) => {
+      const meta = COMMAND_EXAMPLES[c.name()];
+      const args = mapArguments(c);
+      return {
+        name: c.name(),
+        description: c.description(),
+        ...args ? { arguments: args } : {},
+        options: c.options.filter((o) => !o.hidden && o.long !== "--help").map((o) => mapOption(o, meta?.enumValues)),
+        ...meta?.examples ? { examples: meta.examples } : {},
+        subcommands: c.commands.length ? c.commands.map((sub) => {
+          const subMeta = COMMAND_EXAMPLES[`${c.name()}.${sub.name()}`];
+          const subArgs = mapArguments(sub);
+          return {
+            name: sub.name(),
+            description: sub.description(),
+            ...subArgs ? { arguments: subArgs } : {},
+            options: sub.options.filter((o) => !o.hidden && o.long !== "--help").map((o) => ({
+              flags: o.flags,
+              description: o.description,
+              required: !!o.mandatory
+            })),
+            ...subMeta?.examples ? { examples: subMeta.examples } : {}
+          };
+        }) : void 0
+      };
+    })
+  };
+  process.stdout.write(`${JSON.stringify(schema, null, 2)}
+`);
 }
 
 // src/core/server-endpoints.ts
@@ -7708,7 +8533,7 @@ function findChainByName(name) {
 }
 
 // src/interactive/event-buffer.ts
-import chalk10 from "chalk";
+import chalk11 from "chalk";
 var EventBuffer = class {
   eventBuffer = [];
   isCommandRunning = false;
@@ -7748,17 +8573,17 @@ var EventBuffer = class {
   displayEvent(message, type) {
     switch (type) {
       case "success":
-        console.log(chalk10.green(message));
+        console.log(chalk11.green(message));
         break;
       case "warning":
-        console.log(chalk10.yellow(message));
+        console.log(chalk11.yellow(message));
         break;
       case "error":
-        console.error(chalk10.red(message));
+        console.error(chalk11.red(message));
         break;
       case "info":
       default:
-        console.log(chalk10.blue(message));
+        console.log(chalk11.blue(message));
         break;
     }
   }
@@ -7769,13 +8594,13 @@ var EventBuffer = class {
     if (this.eventBuffer.length === 0) {
       return;
     }
-    console.log(chalk10.gray("\n--- Background Events ---"));
+    console.log(chalk11.gray("\n--- Background Events ---"));
     this.eventBuffer.forEach((event) => {
       const timeStr = event.timestamp.toLocaleTimeString();
       const message = `[${timeStr}] ${event.message}`;
       this.displayEvent(message, event.type);
     });
-    console.log(chalk10.gray("--- End Events ---\n"));
+    console.log(chalk11.gray("--- End Events ---\n"));
   }
   /**
    * Setup all vault event listeners
@@ -7885,12 +8710,12 @@ var EventBuffer = class {
 
 // src/interactive/session.ts
 import { fiatCurrencies as fiatCurrencies4 } from "@vultisig/sdk";
-import chalk12 from "chalk";
+import chalk13 from "chalk";
 import ora3 from "ora";
 import * as readline3 from "readline";
 
 // src/interactive/shell-commands.ts
-import chalk11 from "chalk";
+import chalk12 from "chalk";
 import Table2 from "cli-table3";
 import inquirer6 from "inquirer";
 import ora2 from "ora";
@@ -7907,25 +8732,25 @@ function formatTimeRemaining(ms) {
 async function executeLock(ctx2) {
   const vault = ctx2.getActiveVault();
   if (!vault) {
-    console.log(chalk11.red("No active vault."));
-    console.log(chalk11.yellow('Use "vault <name>" to switch to a vault first.'));
+    console.log(chalk12.red("No active vault."));
+    console.log(chalk12.yellow('Use "vault <name>" to switch to a vault first.'));
     return;
   }
   ctx2.lockVault(vault.id);
-  console.log(chalk11.green("\n+ Vault locked"));
-  console.log(chalk11.gray("Password cache cleared. You will need to enter the password again."));
+  console.log(chalk12.green("\n+ Vault locked"));
+  console.log(chalk12.gray("Password cache cleared. You will need to enter the password again."));
 }
 async function executeUnlock(ctx2) {
   const vault = ctx2.getActiveVault();
   if (!vault) {
-    console.log(chalk11.red("No active vault."));
-    console.log(chalk11.yellow('Use "vault <name>" to switch to a vault first.'));
+    console.log(chalk12.red("No active vault."));
+    console.log(chalk12.yellow('Use "vault <name>" to switch to a vault first.'));
     return;
   }
   if (ctx2.isVaultUnlocked(vault.id)) {
     const timeRemaining = ctx2.getUnlockTimeRemaining(vault.id);
-    console.log(chalk11.yellow("\nVault is already unlocked."));
-    console.log(chalk11.gray(`Time remaining: ${formatTimeRemaining(timeRemaining)}`));
+    console.log(chalk12.yellow("\nVault is already unlocked."));
+    console.log(chalk12.gray(`Time remaining: ${formatTimeRemaining(timeRemaining)}`));
     return;
   }
   const { password } = await inquirer6.prompt([
@@ -7942,19 +8767,19 @@ async function executeUnlock(ctx2) {
     ctx2.cachePassword(vault.id, password);
     const timeRemaining = ctx2.getUnlockTimeRemaining(vault.id);
     spinner.succeed("Vault unlocked");
-    console.log(chalk11.green(`
+    console.log(chalk12.green(`
 + Vault unlocked for ${formatTimeRemaining(timeRemaining)}`));
   } catch (err) {
     spinner.fail("Failed to unlock vault");
-    console.error(chalk11.red(`
+    console.error(chalk12.red(`
 x ${err.message}`));
   }
 }
 async function executeStatus(ctx2) {
   const vault = ctx2.getActiveVault();
   if (!vault) {
-    console.log(chalk11.red("No active vault."));
-    console.log(chalk11.yellow('Use "vault <name>" to switch to a vault first.'));
+    console.log(chalk12.red("No active vault."));
+    console.log(chalk12.yellow('Use "vault <name>" to switch to a vault first.'));
     return;
   }
   const isUnlocked = ctx2.isVaultUnlocked(vault.id);
@@ -7985,30 +8810,30 @@ async function executeStatus(ctx2) {
   displayStatus(status);
 }
 function displayStatus(status) {
-  console.log(chalk11.cyan("\n+----------------------------------------+"));
-  console.log(chalk11.cyan("|            Vault Status                |"));
-  console.log(chalk11.cyan("+----------------------------------------+\n"));
-  console.log(chalk11.bold("Vault:"));
-  console.log(`  Name:     ${chalk11.green(status.name)}`);
+  console.log(chalk12.cyan("\n+----------------------------------------+"));
+  console.log(chalk12.cyan("|            Vault Status                |"));
+  console.log(chalk12.cyan("+----------------------------------------+\n"));
+  console.log(chalk12.bold("Vault:"));
+  console.log(`  Name:     ${chalk12.green(status.name)}`);
   console.log(`  ID:       ${status.id}`);
-  console.log(`  Type:     ${chalk11.yellow(status.type)}`);
-  console.log(chalk11.bold("\nSecurity:"));
+  console.log(`  Type:     ${chalk12.yellow(status.type)}`);
+  console.log(chalk12.bold("\nSecurity:"));
   if (status.isUnlocked) {
-    console.log(`  Status:   ${chalk11.green("Unlocked")} ${chalk11.green("\u{1F513}")}`);
+    console.log(`  Status:   ${chalk12.green("Unlocked")} ${chalk12.green("\u{1F513}")}`);
     console.log(`  Expires:  ${status.timeRemainingFormatted}`);
   } else {
-    console.log(`  Status:   ${chalk11.yellow("Locked")} ${chalk11.yellow("\u{1F512}")}`);
+    console.log(`  Status:   ${chalk12.yellow("Locked")} ${chalk12.yellow("\u{1F512}")}`);
   }
-  console.log(`  Encrypted: ${status.isEncrypted ? chalk11.green("Yes") : chalk11.gray("No")}`);
-  console.log(`  Backed Up: ${status.isBackedUp ? chalk11.green("Yes") : chalk11.yellow("No")}`);
-  console.log(chalk11.bold("\nMPC Configuration:"));
+  console.log(`  Encrypted: ${status.isEncrypted ? chalk12.green("Yes") : chalk12.gray("No")}`);
+  console.log(`  Backed Up: ${status.isBackedUp ? chalk12.green("Yes") : chalk12.yellow("No")}`);
+  console.log(chalk12.bold("\nMPC Configuration:"));
   console.log(`  Library:   ${status.libType}`);
-  console.log(`  Threshold: ${chalk11.cyan(status.threshold)} of ${chalk11.cyan(status.totalSigners)}`);
-  console.log(chalk11.bold("\nSigning Modes:"));
+  console.log(`  Threshold: ${chalk12.cyan(status.threshold)} of ${chalk12.cyan(status.totalSigners)}`);
+  console.log(chalk12.bold("\nSigning Modes:"));
   status.availableSigningModes.forEach((mode) => {
     console.log(`  - ${mode}`);
   });
-  console.log(chalk11.bold("\nDetails:"));
+  console.log(chalk12.bold("\nDetails:"));
   console.log(`  Chains:   ${status.chains}`);
   console.log(`  Currency: ${status.currency.toUpperCase()}`);
   console.log(`  Created:  ${new Date(status.createdAt).toLocaleString()}`);
@@ -8017,7 +8842,7 @@ function displayStatus(status) {
 }
 function showHelp() {
   const table = new Table2({
-    head: [chalk11.bold("Available Commands")],
+    head: [chalk12.bold("Available Commands")],
     colWidths: [50],
     chars: {
       mid: "",
@@ -8031,7 +8856,7 @@ function showHelp() {
     }
   });
   table.push(
-    [chalk11.bold("Vault Management:")],
+    [chalk12.bold("Vault Management:")],
     ["  vaults              - List all vaults"],
     ["  vault <name>        - Switch to vault"],
     ["  import <file>       - Import vault from file"],
@@ -8040,7 +8865,7 @@ function showHelp() {
     ["  info                - Show vault details"],
     ["  export [path]       - Export vault to file"],
     [""],
-    [chalk11.bold("Wallet Operations:")],
+    [chalk12.bold("Wallet Operations:")],
     ["  balance [chain]     - Show balances"],
     ["  send <chain> <to> <amount> - Send transaction"],
     ["  tx-status <chain> <txHash> - Check transaction status"],
@@ -8049,22 +8874,22 @@ function showHelp() {
     ["  chains [--add/--remove/--add-all] - Manage chains"],
     ["  tokens <chain>      - Manage tokens"],
     [""],
-    [chalk11.bold("Swap Operations:")],
+    [chalk12.bold("Swap Operations:")],
     ["  swap-chains         - List swap-enabled chains"],
     ["  swap-quote <from> <to> <amount> - Get quote"],
     ["  swap <from> <to> <amount> - Execute swap"],
     [""],
-    [chalk11.bold("Session Commands (shell only):")],
+    [chalk12.bold("Session Commands (shell only):")],
     ["  lock                - Lock vault"],
     ["  unlock              - Unlock vault"],
     ["  status              - Show vault status"],
     [""],
-    [chalk11.bold("Settings:")],
+    [chalk12.bold("Settings:")],
     ["  currency [code]     - View/set currency"],
     ["  server              - Check server status"],
     ["  address-book        - Manage saved addresses"],
     [""],
-    [chalk11.bold("Help & Navigation:")],
+    [chalk12.bold("Help & Navigation:")],
     ["  help, ?             - Show this help"],
     ["  .clear              - Clear screen"],
     ["  .exit               - Exit shell"]
@@ -8202,12 +9027,12 @@ var ShellSession = class {
    */
   async start() {
     console.clear();
-    console.log(chalk12.cyan.bold("\n=============================================="));
-    console.log(chalk12.cyan.bold("         Vultisig Interactive Shell"));
-    console.log(chalk12.cyan.bold("==============================================\n"));
+    console.log(chalk13.cyan.bold("\n=============================================="));
+    console.log(chalk13.cyan.bold("         Vultisig Interactive Shell"));
+    console.log(chalk13.cyan.bold("==============================================\n"));
     await this.loadAllVaults();
     this.displayVaultList();
-    console.log(chalk12.gray('Type "help" for available commands, "exit" to quit\n'));
+    console.log(chalk13.gray('Type "help" for available commands, "exit" to quit\n'));
     this.promptLoop().catch(() => {
     });
   }
@@ -8241,12 +9066,12 @@ var ShellSession = class {
         const now = Date.now();
         if (now - this.lastSigintTime < this.DOUBLE_CTRL_C_TIMEOUT) {
           rl.close();
-          console.log(chalk12.yellow("\nGoodbye!"));
+          console.log(chalk13.yellow("\nGoodbye!"));
           this.ctx.dispose();
           process.exit(0);
         }
         this.lastSigintTime = now;
-        console.log(chalk12.yellow("\n(Press Ctrl+C again to exit)"));
+        console.log(chalk13.yellow("\n(Press Ctrl+C again to exit)"));
         rl.close();
         resolve("");
       });
@@ -8341,7 +9166,7 @@ var ShellSession = class {
       stopAllSpinners();
       process.stdout.write("\x1B[?25h");
       process.stdout.write("\r\x1B[K");
-      console.log(chalk12.yellow("\nCancelling operation..."));
+      console.log(chalk13.yellow("\nCancelling operation..."));
     };
     const cleanup = () => {
       process.removeListener("SIGINT", onSigint);
@@ -8378,10 +9203,10 @@ var ShellSession = class {
         stopAllSpinners();
         process.stdout.write("\x1B[?25h");
         process.stdout.write("\r\x1B[K");
-        console.log(chalk12.yellow("Operation cancelled"));
+        console.log(chalk13.yellow("Operation cancelled"));
         return;
       }
-      console.error(chalk12.red(`
+      console.error(chalk13.red(`
 Error: ${error2.message}`));
     }
   }
@@ -8414,7 +9239,7 @@ Error: ${error2.message}`));
         break;
       case "rename":
         if (args.length === 0) {
-          console.log(chalk12.yellow("Usage: rename <newName>"));
+          console.log(chalk13.yellow("Usage: rename <newName>"));
           return;
         }
         await executeRename(this.ctx, args.join(" "));
@@ -8490,41 +9315,41 @@ Error: ${error2.message}`));
       // Exit
       case "exit":
       case "quit":
-        console.log(chalk12.yellow("\nGoodbye!"));
+        console.log(chalk13.yellow("\nGoodbye!"));
         this.ctx.dispose();
         process.exit(0);
         break;
       // eslint requires break even after process.exit
       default:
-        console.log(chalk12.yellow(`Unknown command: ${command}`));
-        console.log(chalk12.gray('Type "help" for available commands'));
+        console.log(chalk13.yellow(`Unknown command: ${command}`));
+        console.log(chalk13.gray('Type "help" for available commands'));
         break;
     }
   }
   // ===== Command Helpers =====
   async switchVault(args) {
     if (args.length === 0) {
-      console.log(chalk12.yellow("Usage: vault <name>"));
-      console.log(chalk12.gray('Run "vaults" to see available vaults'));
+      console.log(chalk13.yellow("Usage: vault <name>"));
+      console.log(chalk13.gray('Run "vaults" to see available vaults'));
       return;
     }
     const vaultName = args.join(" ");
     const vault = this.ctx.findVaultByName(vaultName);
     if (!vault) {
-      console.log(chalk12.red(`Vault not found: ${vaultName}`));
-      console.log(chalk12.gray('Run "vaults" to see available vaults'));
+      console.log(chalk13.red(`Vault not found: ${vaultName}`));
+      console.log(chalk13.gray('Run "vaults" to see available vaults'));
       return;
     }
     await this.ctx.setActiveVault(vault);
-    console.log(chalk12.green(`
+    console.log(chalk13.green(`
 + Switched to: ${vault.name}`));
     const isUnlocked = this.ctx.isVaultUnlocked(vault.id);
-    const status = isUnlocked ? chalk12.green("Unlocked") : chalk12.yellow("Locked");
+    const status = isUnlocked ? chalk13.green("Unlocked") : chalk13.yellow("Locked");
     console.log(`Status: ${status}`);
   }
   async importVault(args) {
     if (args.length === 0) {
-      console.log(chalk12.yellow("Usage: import <file>"));
+      console.log(chalk13.yellow("Usage: import <file>"));
       return;
     }
     const filePath = args.join(" ");
@@ -8539,45 +9364,45 @@ Error: ${error2.message}`));
   async createVault(args) {
     const type = args[0]?.toLowerCase();
     if (!type || type !== "fast" && type !== "secure") {
-      console.log(chalk12.yellow("Usage: create <fast|secure>"));
-      console.log(chalk12.gray("  create fast   - Create a fast vault (server-assisted 2-of-2)"));
-      console.log(chalk12.gray("  create secure - Create a secure vault (multi-device MPC)"));
+      console.log(chalk13.yellow("Usage: create <fast|secure>"));
+      console.log(chalk13.gray("  create fast   - Create a fast vault (server-assisted 2-of-2)"));
+      console.log(chalk13.gray("  create secure - Create a secure vault (multi-device MPC)"));
       return;
     }
     let vault;
     if (type === "fast") {
       const name = await this.prompt("Vault name");
       if (!name) {
-        console.log(chalk12.red("Name is required"));
+        console.log(chalk13.red("Name is required"));
         return;
       }
       const password = await this.promptPassword("Vault password");
       if (!password) {
-        console.log(chalk12.red("Password is required"));
+        console.log(chalk13.red("Password is required"));
         return;
       }
       const email = await this.prompt("Email for verification");
       if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
-        console.log(chalk12.red("Valid email is required"));
+        console.log(chalk13.red("Valid email is required"));
         return;
       }
       vault = await this.withCancellation((signal) => executeCreateFast(this.ctx, { name, password, email, signal }));
     } else {
       const name = await this.prompt("Vault name");
       if (!name) {
-        console.log(chalk12.red("Name is required"));
+        console.log(chalk13.red("Name is required"));
         return;
       }
       const sharesStr = await this.prompt("Total shares (devices)", "3");
       const shares = parseInt(sharesStr, 10);
       if (isNaN(shares) || shares < 2) {
-        console.log(chalk12.red("Must have at least 2 shares"));
+        console.log(chalk13.red("Must have at least 2 shares"));
         return;
       }
       const thresholdStr = await this.prompt("Signing threshold", "2");
       const threshold = parseInt(thresholdStr, 10);
       if (isNaN(threshold) || threshold < 1 || threshold > shares) {
-        console.log(chalk12.red(`Threshold must be between 1 and ${shares}`));
+        console.log(chalk13.red(`Threshold must be between 1 and ${shares}`));
         return;
       }
       const password = await this.promptPassword("Vault password (optional, press Enter to skip)");
@@ -8599,37 +9424,37 @@ Error: ${error2.message}`));
   async importSeedphrase(args) {
     const type = args[0]?.toLowerCase();
     if (!type || type !== "fast" && type !== "secure") {
-      console.log(chalk12.cyan("Usage: create-from-seedphrase <fast|secure>"));
-      console.log(chalk12.gray("  fast   - Import with VultiServer (2-of-2)"));
-      console.log(chalk12.gray("  secure - Import with device coordination (N-of-M)"));
+      console.log(chalk13.cyan("Usage: create-from-seedphrase <fast|secure>"));
+      console.log(chalk13.gray("  fast   - Import with VultiServer (2-of-2)"));
+      console.log(chalk13.gray("  secure - Import with device coordination (N-of-M)"));
       return;
     }
-    console.log(chalk12.cyan("\nEnter your recovery phrase (words separated by spaces):"));
+    console.log(chalk13.cyan("\nEnter your recovery phrase (words separated by spaces):"));
     const mnemonic = await this.promptPassword("Seedphrase");
     const validation = await this.ctx.sdk.validateSeedphrase(mnemonic);
     if (!validation.valid) {
-      console.log(chalk12.red(`Invalid seedphrase: ${validation.error}`));
+      console.log(chalk13.red(`Invalid seedphrase: ${validation.error}`));
       if (validation.invalidWords?.length) {
-        console.log(chalk12.yellow(`Invalid words: ${validation.invalidWords.join(", ")}`));
+        console.log(chalk13.yellow(`Invalid words: ${validation.invalidWords.join(", ")}`));
       }
       return;
     }
-    console.log(chalk12.green(`\u2713 Valid ${validation.wordCount}-word seedphrase`));
+    console.log(chalk13.green(`\u2713 Valid ${validation.wordCount}-word seedphrase`));
     let vault;
     if (type === "fast") {
       const name = await this.prompt("Vault name");
       if (!name) {
-        console.log(chalk12.red("Name is required"));
+        console.log(chalk13.red("Name is required"));
         return;
       }
       const password = await this.promptPassword("Vault password");
       if (!password) {
-        console.log(chalk12.red("Password is required"));
+        console.log(chalk13.red("Password is required"));
         return;
       }
       const email = await this.prompt("Email for verification");
       if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
-        console.log(chalk12.red("Valid email is required"));
+        console.log(chalk13.red("Valid email is required"));
         return;
       }
       const discoverStr = await this.prompt("Discover chains with balances? (y/n)", "y");
@@ -8647,19 +9472,19 @@ Error: ${error2.message}`));
     } else {
       const name = await this.prompt("Vault name");
       if (!name) {
-        console.log(chalk12.red("Name is required"));
+        console.log(chalk13.red("Name is required"));
         return;
       }
       const sharesStr = await this.prompt("Total shares (devices)", "3");
       const shares = parseInt(sharesStr, 10);
       if (isNaN(shares) || shares < 2) {
-        console.log(chalk12.red("Must have at least 2 shares"));
+        console.log(chalk13.red("Must have at least 2 shares"));
         return;
       }
       const thresholdStr = await this.prompt("Signing threshold", "2");
       const threshold = parseInt(thresholdStr, 10);
       if (isNaN(threshold) || threshold < 1 || threshold > shares) {
-        console.log(chalk12.red(`Threshold must be between 1 and ${shares}`));
+        console.log(chalk13.red(`Threshold must be between 1 and ${shares}`));
         return;
       }
       const password = await this.promptPassword("Vault password (optional, Enter to skip)");
@@ -8703,8 +9528,8 @@ Error: ${error2.message}`));
       }
     }
     if (!fiatCurrencies4.includes(currency)) {
-      console.log(chalk12.red(`Invalid currency: ${currency}`));
-      console.log(chalk12.yellow(`Supported currencies: ${fiatCurrencies4.join(", ")}`));
+      console.log(chalk13.red(`Invalid currency: ${currency}`));
+      console.log(chalk13.yellow(`Supported currencies: ${fiatCurrencies4.join(", ")}`));
       return;
     }
     const raw = args.includes("--raw");
@@ -8712,7 +9537,7 @@ Error: ${error2.message}`));
   }
   async runSend(args) {
     if (args.length < 3) {
-      console.log(chalk12.yellow("Usage: send <chain> <to> <amount> [--token <tokenId>] [--memo <memo>]"));
+      console.log(chalk13.yellow("Usage: send <chain> <to> <amount> [--token <tokenId>] [--memo <memo>]"));
       return;
     }
     const [chainStr, to, amount, ...rest] = args;
@@ -8732,7 +9557,7 @@ Error: ${error2.message}`));
       await this.withAbortHandler((signal) => executeSend(this.ctx, { chain, to, amount, tokenId, memo, signal }));
     } catch (err) {
       if (err.message === "Transaction cancelled by user" || err.message === "Operation cancelled" || err.message === "Operation aborted") {
-        console.log(chalk12.yellow("\nTransaction cancelled"));
+        console.log(chalk13.yellow("\nTransaction cancelled"));
         return;
       }
       throw err;
@@ -8740,7 +9565,7 @@ Error: ${error2.message}`));
   }
   async runTxStatus(args) {
     if (args.length < 2) {
-      console.log(chalk12.yellow("Usage: tx-status <chain> <txHash> [--no-wait]"));
+      console.log(chalk13.yellow("Usage: tx-status <chain> <txHash> [--no-wait]"));
       return;
     }
     const [chainStr, txHash, ...rest] = args;
@@ -8758,8 +9583,8 @@ Error: ${error2.message}`));
       } else if (args[i] === "--add" && i + 1 < args.length) {
         const chain = findChainByName(args[i + 1]);
         if (!chain) {
-          console.log(chalk12.red(`Unknown chain: ${args[i + 1]}`));
-          console.log(chalk12.gray("Use tab completion to see available chains"));
+          console.log(chalk13.red(`Unknown chain: ${args[i + 1]}`));
+          console.log(chalk13.gray("Use tab completion to see available chains"));
           return;
         }
         addChain = chain;
@@ -8767,8 +9592,8 @@ Error: ${error2.message}`));
       } else if (args[i] === "--remove" && i + 1 < args.length) {
         const chain = findChainByName(args[i + 1]);
         if (!chain) {
-          console.log(chalk12.red(`Unknown chain: ${args[i + 1]}`));
-          console.log(chalk12.gray("Use tab completion to see available chains"));
+          console.log(chalk13.red(`Unknown chain: ${args[i + 1]}`));
+          console.log(chalk13.gray("Use tab completion to see available chains"));
           return;
         }
         removeChain = chain;
@@ -8779,7 +9604,7 @@ Error: ${error2.message}`));
   }
   async runTokens(args) {
     if (args.length === 0) {
-      console.log(chalk12.yellow("Usage: tokens <chain> [--add <address>] [--remove <tokenId>]"));
+      console.log(chalk13.yellow("Usage: tokens <chain> [--add <address>] [--remove <tokenId>]"));
       return;
     }
     const chainStr = args[0];
@@ -8800,7 +9625,7 @@ Error: ${error2.message}`));
   async runSwapQuote(args) {
     if (args.length < 3) {
       console.log(
-        chalk12.yellow("Usage: swap-quote <fromChain> <toChain> <amount> [--from-token <addr>] [--to-token <addr>]")
+        chalk13.yellow("Usage: swap-quote <fromChain> <toChain> <amount> [--from-token <addr>] [--to-token <addr>]")
       );
       return;
     }
@@ -8824,7 +9649,7 @@ Error: ${error2.message}`));
   async runSwap(args) {
     if (args.length < 3) {
       console.log(
-        chalk12.yellow(
+        chalk13.yellow(
           "Usage: swap <fromChain> <toChain> <amount> [--from-token <addr>] [--to-token <addr>] [--slippage <pct>]"
         )
       );
@@ -8855,7 +9680,7 @@ Error: ${error2.message}`));
       );
     } catch (err) {
       if (err.message === "Swap cancelled by user" || err.message === "Operation cancelled" || err.message === "Operation aborted") {
-        console.log(chalk12.yellow("\nSwap cancelled"));
+        console.log(chalk13.yellow("\nSwap cancelled"));
         return;
       }
       throw err;
@@ -8917,24 +9742,24 @@ Error: ${error2.message}`));
   }
   getPrompt() {
     const vault = this.ctx.getActiveVault();
-    if (!vault) return chalk12.cyan("wallet> ");
+    if (!vault) return chalk13.cyan("wallet> ");
     const isUnlocked = this.ctx.isVaultUnlocked(vault.id);
-    const status = isUnlocked ? chalk12.green("\u{1F513}") : chalk12.yellow("\u{1F512}");
-    return chalk12.cyan(`wallet[${vault.name}]${status}> `);
+    const status = isUnlocked ? chalk13.green("\u{1F513}") : chalk13.yellow("\u{1F512}");
+    return chalk13.cyan(`wallet[${vault.name}]${status}> `);
   }
   displayVaultList() {
     const vaults = Array.from(this.ctx.getVaults().values());
     const activeVault = this.ctx.getActiveVault();
     if (vaults.length === 0) {
-      console.log(chalk12.yellow('No vaults found. Use "create" or "import <file>" to add a vault.\n'));
+      console.log(chalk13.yellow('No vaults found. Use "create" or "import <file>" to add a vault.\n'));
       return;
     }
-    console.log(chalk12.cyan("Loaded Vaults:\n"));
+    console.log(chalk13.cyan("Loaded Vaults:\n"));
     vaults.forEach((vault) => {
       const isActive = vault.id === activeVault?.id;
       const isUnlocked = this.ctx.isVaultUnlocked(vault.id);
-      const activeMarker = isActive ? chalk12.green(" (active)") : "";
-      const lockIcon = isUnlocked ? chalk12.green("\u{1F513}") : chalk12.yellow("\u{1F512}");
+      const activeMarker = isActive ? chalk13.green(" (active)") : "";
+      const lockIcon = isUnlocked ? chalk13.green("\u{1F513}") : chalk13.yellow("\u{1F512}");
       console.log(`  ${lockIcon} ${vault.name}${activeMarker} - ${vault.type}`);
     });
     console.log();
@@ -8942,150 +9767,7 @@ Error: ${error2.message}`));
 };
 
 // src/lib/errors.ts
-import chalk13 from "chalk";
-
-// src/lib/version.ts
 import chalk14 from "chalk";
-import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3, existsSync as existsSync2 } from "fs";
-import { homedir as homedir3 } from "os";
-import { join as join3 } from "path";
-var cachedVersion = null;
-function getVersion() {
-  if (cachedVersion) return cachedVersion;
-  if (true) {
-    cachedVersion = "0.15.2";
-    return cachedVersion;
-  }
-  try {
-    const packagePath = new URL("../../package.json", import.meta.url);
-    const pkg = JSON.parse(readFileSync3(packagePath, "utf-8"));
-    cachedVersion = pkg.version;
-    return cachedVersion;
-  } catch {
-    cachedVersion = "0.0.0-unknown";
-    return cachedVersion;
-  }
-}
-var CACHE_DIR = join3(homedir3(), ".vultisig", "cache");
-var VERSION_CACHE_FILE = join3(CACHE_DIR, "version-check.json");
-var CACHE_TTL_MS = 24 * 60 * 60 * 1e3;
-function readVersionCache() {
-  try {
-    if (!existsSync2(VERSION_CACHE_FILE)) return null;
-    const data = readFileSync3(VERSION_CACHE_FILE, "utf-8");
-    return JSON.parse(data);
-  } catch {
-    return null;
-  }
-}
-function writeVersionCache(cache) {
-  try {
-    if (!existsSync2(CACHE_DIR)) {
-      mkdirSync3(CACHE_DIR, { recursive: true });
-    }
-    writeFileSync3(VERSION_CACHE_FILE, JSON.stringify(cache, null, 2));
-  } catch {
-  }
-}
-async function fetchLatestVersion() {
-  try {
-    const controller = new AbortController();
-    const timeout = setTimeout(() => controller.abort(), 5e3);
-    const response = await fetch("https://registry.npmjs.org/@vultisig/cli/latest", {
-      signal: controller.signal,
-      headers: {
-        Accept: "application/json"
-      }
-    });
-    clearTimeout(timeout);
-    if (!response.ok) return null;
-    const data = await response.json();
-    return data.version ?? null;
-  } catch {
-    return null;
-  }
-}
-function isNewerVersion(v1, v2) {
-  const parse = (v) => {
-    const clean2 = v.replace(/^v/, "").replace(/-.*$/, "");
-    return clean2.split(".").map((n) => parseInt(n, 10) || 0);
-  };
-  const p1 = parse(v1);
-  const p2 = parse(v2);
-  for (let i = 0; i < 3; i++) {
-    const n1 = p1[i] ?? 0;
-    const n2 = p2[i] ?? 0;
-    if (n2 > n1) return true;
-    if (n2 < n1) return false;
-  }
-  if (v1.includes("-") && !v2.includes("-")) return true;
-  return false;
-}
-async function checkForUpdates() {
-  if (process.env.VULTISIG_NO_UPDATE_CHECK === "1") {
-    return null;
-  }
-  const currentVersion = getVersion();
-  const cache = readVersionCache();
-  if (cache && Date.now() - cache.lastCheck < CACHE_TTL_MS) {
-    return {
-      currentVersion,
-      latestVersion: cache.latestVersion,
-      updateAvailable: cache.latestVersion ? isNewerVersion(currentVersion, cache.latestVersion) : false
-    };
-  }
-  const latestVersion = await fetchLatestVersion();
-  writeVersionCache({
-    lastCheck: Date.now(),
-    latestVersion
-  });
-  return {
-    currentVersion,
-    latestVersion,
-    updateAvailable: latestVersion ? isNewerVersion(currentVersion, latestVersion) : false
-  };
-}
-function formatVersionShort() {
-  return `vultisig/${getVersion()}`;
-}
-function formatVersionDetailed() {
-  const lines = [];
-  lines.push(chalk14.bold(`Vultisig CLI v${getVersion()}`));
-  lines.push("");
-  lines.push(`  Node.js:   ${process.version}`);
-  lines.push(`  Platform:  ${process.platform}-${process.arch}`);
-  lines.push(`  Config:    ~/.vultisig/`);
-  return lines.join("\n");
-}
-function detectInstallMethod() {
-  const execPath = process.execPath;
-  if (execPath.includes("homebrew") || execPath.includes("Cellar")) {
-    return "homebrew";
-  }
-  if (process.env.npm_execpath?.includes("yarn")) {
-    return "yarn";
-  }
-  if (process.env.npm_config_user_agent?.includes("npm")) {
-    return "npm";
-  }
-  if (execPath.includes("node_modules")) {
-    return "npm";
-  }
-  return "unknown";
-}
-function getUpdateCommand() {
-  const method = detectInstallMethod();
-  switch (method) {
-    case "npm":
-      return "npm update -g @vultisig/cli";
-    case "yarn":
-      return "yarn global upgrade @vultisig/cli";
-    case "homebrew":
-      return "brew upgrade vultisig";
-    default:
-      return "npm update -g @vultisig/cli";
-  }
-}
 
 // src/lib/completion.ts
 import { homedir as homedir4 } from "os";
@@ -9426,9 +10108,32 @@ setupUserAgent();
   if (handled) process.exit(0);
 })();
 var ctx;
-program.name("vultisig").description("Vultisig CLI - Secure multi-party crypto wallet").version(formatVersionShort(), "-v, --version", "Show version").option("--debug", "Enable debug output").option("--silent", "Suppress informational output, show only results").option("-o, --output <format>", "Output format: table, json (default: table)", "table").option("-i, --interactive", "Start interactive shell mode").option("--vault <nameOrId>", "Specify vault by name or ID").option("--server-url <url>", "Base Vultisig API URL for FastVault and relay endpoints").hook("preAction", (thisCommand) => {
+program.name("vultisig").description("Vultisig CLI - Secure multi-party crypto wallet").version(formatVersionShort(), "-v, --version", "Show version").option("--debug", "Enable debug output").option("--silent", "Suppress informational output, show only results").option(
+  "-o, --output <format>",
+  "Output format: json, table (defaults to json when piped)",
+  (val) => {
+    if (!["json", "table"].includes(val)) throw new InvalidArgumentError('Must be "json" or "table"');
+    return val;
+  },
+  process.stdout.isTTY ? "table" : "json"
+).option("-q, --quiet", "Strip empty/zero fields from output").option("--fields <fields>", "Comma-separated list of fields to include in output").option("--non-interactive", "Disable interactive prompts (fail instead of asking)").option("--ci", "CI/automation mode (equivalent to --output json --non-interactive --quiet)").option("-i, --interactive", "Start interactive shell mode").option("--vault <nameOrId>", "Specify vault by name or ID").option("--server-url <url>", "Base Vultisig API URL for FastVault and relay endpoints").addHelpText(
+  "after",
+  "\nExit codes:\n" + Object.entries(EXIT_CODE_DESCRIPTIONS).map(([k, v]) => `  ${k}  ${v}`).join("\n") + "\n\nEnvironment variables:\n  VAULT_PASSWORD          Vault password for signing (bypasses prompt)\n  VULTISIG_PASSWORD       Alias for VAULT_PASSWORD\n  VAULT_PASSWORDS         Space-separated VaultName:password pairs\n  VULTISIG_VAULT          Default vault name or ID\n  VULTISIG_CONFIG_DIR     Override config directory (~/.vultisig)\n  VULTISIG_SILENT         Set to 1 for silent mode\n  NO_COLOR                Disable colored output"
+).hook("preAction", (thisCommand) => {
   const opts = thisCommand.opts();
+  if (opts.ci) {
+    const outputExplicit = process.argv.some((a) => a === "--output" || a === "-o" || a.startsWith("--output="));
+    opts.output = opts.output === "table" && !outputExplicit ? "json" : opts.output;
+    opts.quiet = true;
+    opts.nonInteractive = true;
+  }
   initOutputMode({ silent: opts.silent, output: opts.output });
+  setQuiet(!!opts.quiet);
+  setNonInteractive(!!opts.nonInteractive);
+  const fields = opts.fields;
+  setFields(
+    fields ? fields.split(",").map((f) => f.trim()).filter(Boolean) : void 0
+  );
 });
 async function findVaultByNameOrId(sdk, nameOrId) {
   const vaults = await sdk.listVaults();
@@ -9472,7 +10177,15 @@ async function init(vaultOverride, unlockPassword, passwordTTL) {
   return ctx;
 }
 var createCmd = program.command("create").description("Create a vault");
-createCmd.command("fast").description("Create a fast vault (server-assisted 2-of-2)").requiredOption("--name <name>", "Vault name").requiredOption("--password <password>", "Vault password").requiredOption("--email <email>", "Email for verification").option("--two-step", 'Create vault without verifying OTP (verify later with "vultisig verify")').action(
+createCmd.command("fast").description("Create a fast vault (server-assisted 2-of-2)").requiredOption("--name <name>", "Vault name").requiredOption("--password <password>", "Vault password").requiredOption("--email <email>", "Email for verification").option("--two-step", 'Create vault without verifying OTP (verify later with "vultisig verify")').addHelpText(
+  "after",
+  `
+Examples:
+  vultisig create fast --name mywallet --password secret --email me@example.com
+  vultisig create fast --name mywallet --password secret --email me@example.com --two-step
+
+See also: verify, auth setup`
+).action(
   withExit(async (options) => {
     const context = await init(program.opts().vault);
     await executeCreateFast(context, { ...options, twoStep: options.twoStep });
@@ -9498,7 +10211,13 @@ program.command("add-mldsa").description("Add ML-DSA (post-quantum) keys to the
     });
   })
 );
-program.command("import <file>").description("Import vault from .vult file").option("--password <password>", "Password to decrypt the vault file").action(
+program.command("import <file>").description("Import vault from .vult file").option("--password <password>", "Password to decrypt the vault file").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig import ~/vault-backup.vult
+  vultisig import ~/vault-backup.vult --password mypassword`
+).action(
   withExit(async (file, options) => {
     const context = await init(program.opts().vault);
     await executeImport(context, file, options.password);
@@ -9506,6 +10225,7 @@ program.command("import <file>").description("Import vault from .vult file").opt
 );
 var createFromSeedphraseCmd = program.command("create-from-seedphrase").description("Create vault from BIP39 seedphrase");
 async function promptSeedphrase() {
+  requireInteractive("Use --mnemonic flag to provide seedphrase non-interactively.");
   info("\nEnter your 12 or 24-word recovery phrase.");
   info("Words will be hidden as you type.\n");
   const answer = await inquirer8.prompt([
@@ -9526,6 +10246,7 @@ async function promptSeedphrase() {
   return answer.mnemonic.trim().toLowerCase();
 }
 async function promptQrPayload() {
+  requireInteractive("Use --qr or --qr-file flag to provide QR payload non-interactively.");
   info("\nEnter the QR code payload from the initiator device.");
   info('The payload starts with "vultisig://".\n');
   const answer = await inquirer8.prompt([
@@ -9651,7 +10372,15 @@ program.command("verify <vaultId>").description("Verify vault with email verific
     }
   )
 );
-program.command("balance [chain]").description("Show balance for a chain or all chains").option("-t, --tokens", "Include token balances").option("--raw", "Show raw values (wei/satoshis) for programmatic use").action(
+program.command("balance [chain]").description(descriptions.balance.description).option("-t, --tokens", descriptions.balance.params.includeTokens).option("--raw", "Show raw values (wei/satoshis) for programmatic use").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig balance
+  vultisig balance Ethereum --tokens
+  vultisig balance --output json --fields chain,amount
+  vultisig balance --output json -q`
+).action(
   withExit(async (chainStr, options) => {
     const context = await init(program.opts().vault);
     await executeBalance(context, {
@@ -9661,7 +10390,20 @@ program.command("balance [chain]").description("Show balance for a chain or all
     });
   })
 );
-program.command("send <chain> <to> [amount]").description("Send tokens to an address").option("--max", "Send maximum amount (balance minus fees)").option("--token <tokenId>", "Token to send (default: native)").option("--memo <memo>", "Transaction memo").option("-y, --yes", "Skip confirmation prompt").option("--password <password>", "Vault password for signing").action(
+program.command("send <chain> <to> [amount]").description(descriptions.send.description).option("--max", "Send maximum amount (balance minus fees)").option("--token <tokenId>", "Token to send (default: native)").option("--memo <memo>", "Transaction memo").option("--dry-run", "Preview transaction without signing or broadcasting").option("--confirm", "Confirm and broadcast (without this flag, runs as a preview)").option("-y, --yes", "Alias for --confirm").option("--password <password>", "Vault password for signing").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig send Ethereum 0x1234...abcd 0.1
+  vultisig send Bitcoin bc1q... --max --confirm
+  vultisig send Ethereum 0x... 0.5 --dry-run --output json
+
+Environment variables:
+  VAULT_PASSWORD    Vault password (bypasses prompt)
+  VAULT_PASSWORDS   Space-separated VaultName:password pairs
+
+See also: balance, tx-status`
+).action(
   withExit(
     async (chainStr, to, amount, options) => {
       if (!amount && !options.max) throw new Error("Provide an amount or use --max");
@@ -9674,7 +10416,8 @@ program.command("send <chain> <to> [amount]").description("Send tokens to an add
           amount: amount ?? "max",
           tokenId: options.token,
           memo: options.memo,
-          yes: options.yes,
+          dryRun: options.dryRun,
+          yes: options.yes || options.confirm,
           password: options.password
         });
       } catch (err) {
@@ -9687,7 +10430,13 @@ program.command("send <chain> <to> [amount]").description("Send tokens to an add
     }
   )
 );
-program.command("execute <chain> <contract> <msg>").description("Execute a CosmWasm smart contract (THORChain, MayaChain)").option("--funds <funds>", 'Funds to send with execution (format: "denom:amount" or "denom:amount,denom2:amount2")').option("--memo <memo>", "Transaction memo").option("-y, --yes", "Skip confirmation prompt").option("--password <password>", "Vault password for signing").action(
+program.command("execute <chain> <contract> <msg>").description("Execute a CosmWasm smart contract (THORChain, MayaChain)").option("--funds <funds>", 'Funds to send with execution (format: "denom:amount" or "denom:amount,denom2:amount2")').option("--memo <memo>", "Transaction memo").option("--dry-run", "Preview execution without signing or broadcasting").option("-y, --yes", "Skip confirmation prompt").option("--password <password>", "Vault password for signing").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig execute THORChain <contract> '{"swap":{}}' --yes
+  vultisig execute THORChain <contract> '{"deposit":{}}' --funds rune:1000000 --output json`
+).action(
   withExit(
     async (chainStr, contract, msg, options) => {
       const context = await init(program.opts().vault, options.password);
@@ -9698,6 +10447,7 @@ program.command("execute <chain> <contract> <msg>").description("Execute a CosmW
           msg,
           funds: options.funds,
           memo: options.memo,
+          dryRun: options.dryRun,
           yes: options.yes,
           password: options.password
         });
@@ -9730,7 +10480,13 @@ program.command("broadcast").description("Broadcast a pre-signed raw transaction
     });
   })
 );
-program.command("tx-status").description("Check the status of a transaction (polls until confirmed)").requiredOption("--chain <chain>", "Target blockchain").requiredOption("--tx-hash <hash>", "Transaction hash to check").option("--no-wait", "Return immediately without waiting for confirmation").action(
+program.command("tx-status").description("Check the status of a transaction (polls until confirmed)").requiredOption("--chain <chain>", "Target blockchain").requiredOption("--tx-hash <hash>", "Transaction hash to check").option("--no-wait", "Return immediately without waiting for confirmation").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig tx-status --chain Ethereum --tx-hash 0xabc...
+  vultisig tx-status --chain Bitcoin --tx-hash abc... --no-wait --output json`
+).action(
   withExit(async (options) => {
     const context = await init(program.opts().vault);
     await executeTxStatus(context, {
@@ -9740,7 +10496,13 @@ program.command("tx-status").description("Check the status of a transaction (pol
     });
   })
 );
-program.command("portfolio").description("Show total portfolio value").option("-c, --currency <currency>", "Fiat currency (usd, eur, gbp, etc.)", "usd").option("--raw", "Show raw values (wei/satoshis) for programmatic use").action(
+program.command("portfolio").description(descriptions.portfolio.description).option("-c, --currency <currency>", "Fiat currency (usd, eur, gbp, etc.)", "usd").option("--raw", "Show raw values (wei/satoshis) for programmatic use").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig portfolio
+  vultisig portfolio --currency eur --output json`
+).action(
   withExit(async (options) => {
     const context = await init(program.opts().vault);
     await executePortfolio(context, {
@@ -9767,7 +10529,13 @@ program.command("discount").description("Show your VULT discount tier for swap f
     await executeDiscount(context, { refresh: options.refresh });
   })
 );
-program.command("export [path]").description("Export vault to file").option("--password <password>", "Password to unlock the vault (for encrypted vaults)").option("--exportPassword <password>", "Password to encrypt the exported file (defaults to --password)").action(
+program.command("export [path]").description("Export vault to file").option("--password <password>", "Password to unlock the vault (for encrypted vaults)").option("--exportPassword <password>", "Password to encrypt the exported file (defaults to --password)").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig export ~/backup.vult
+  vultisig export ~/backup.vult --password mypass --output json`
+).action(
   withExit(async (path4, options) => {
     const context = await init(program.opts().vault, options.password);
     await executeExport(context, {
@@ -9777,7 +10545,13 @@ program.command("export [path]").description("Export vault to file").option("--p
     });
   })
 );
-program.command("addresses").description("Show all vault addresses").action(
+program.command("addresses").description(descriptions.address.description).addHelpText(
+  "after",
+  `
+Examples:
+  vultisig addresses
+  vultisig addresses --output json --fields chain,address`
+).action(
   withExit(async () => {
     const context = await init(program.opts().vault);
     await executeAddresses(context);
@@ -9795,7 +10569,14 @@ program.command("address-book").description("Manage address book entries").optio
     });
   })
 );
-program.command("chains").description("List and manage chains").option("--add <chain>", "Add a chain").option("--add-all", "Add all supported chains").option("--remove <chain>", "Remove a chain").action(
+program.command("chains").description("List and manage chains").option("--add <chain>", "Add a chain").option("--add-all", "Add all supported chains").option("--remove <chain>", "Remove a chain").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig chains
+  vultisig chains --add Solana
+  vultisig chains --add-all --output json`
+).action(
   withExit(async (options) => {
     const context = await init(program.opts().vault);
     await executeChains(context, {
@@ -9805,7 +10586,13 @@ program.command("chains").description("List and manage chains").option("--add <c
     });
   })
 );
-program.command("vaults").description("List all stored vaults").action(
+program.command("vaults").description("List all stored vaults").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig vaults
+  vultisig vaults --output json`
+).action(
   withExit(async () => {
     const context = await init(program.opts().vault);
     await executeVaults(context);
@@ -9823,7 +10610,7 @@ program.command("rename <newName>").description("Rename the active vault").actio
     await executeRename(context, newName);
   })
 );
-program.command("info").description("Show detailed vault information").action(
+program.command("info").description(descriptions.vaultInfo.description).action(
   withExit(async () => {
     const context = await init(program.opts().vault);
     await executeInfo(context);
@@ -9838,7 +10625,14 @@ program.command("delete [vault]").description("Delete a vault from local storage
     });
   })
 );
-program.command("tokens <chain>").description("List and manage tokens for a chain").option("--add <contractAddress>", "Add a token by contract address").option("--remove <tokenId>", "Remove a token by ID").option("--symbol <symbol>", "Token symbol (for --add)").option("--name <name>", "Token name (for --add)").option("--decimals <decimals>", "Token decimals (for --add)", "18").action(
+program.command("tokens <chain>").description("List and manage tokens for a chain").option("--add <contractAddress>", "Add a token by contract address").option("--remove <tokenId>", "Remove a token by ID").option("--discover", "Auto-discover tokens with balances on the chain").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig tokens Ethereum
+  vultisig tokens Ethereum --discover --output json
+  vultisig tokens Ethereum --add 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 --symbol USDC --decimals 6`
+).option("--symbol <symbol>", "Token symbol (for --add)").option("--name <name>", "Token name (for --add)").option("--decimals <decimals>", "Token decimals (for --add)", "18").action(
   withExit(
     async (chainStr, options) => {
       const context = await init(program.opts().vault);
@@ -9846,6 +10640,7 @@ program.command("tokens <chain>").description("List and manage tokens for a chai
         chain: findChainByName(chainStr) || chainStr,
         add: options.add,
         remove: options.remove,
+        discover: options.discover,
         symbol: options.symbol,
         name: options.name,
         decimals: options.decimals ? parseInt(options.decimals, 10) : void 0
@@ -9853,13 +10648,19 @@ program.command("tokens <chain>").description("List and manage tokens for a chai
     }
   )
 );
-program.command("swap-chains").description("List chains that support swaps").action(
+program.command("swap-chains").description(descriptions.supportedChains.description).action(
   withExit(async () => {
     const context = await init(program.opts().vault);
     await executeSwapChains(context);
   })
 );
-program.command("swap-quote <fromChain> <toChain> [amount]").description("Get a swap quote without executing").option("--max", "Swap maximum amount (full balance minus fees for native)").option("--from-token <address>", "Token address to swap from (default: native)").option("--to-token <address>", "Token address to swap to (default: native)").action(
+program.command("swap-quote <fromChain> <toChain> [amount]").description(descriptions.swapQuote.description).option("--max", "Swap maximum amount (full balance minus fees for native)").option("--from-token <address>", "Token address to swap from (default: native)").option("--to-token <address>", "Token address to swap to (default: native)").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig swap-quote Ethereum Bitcoin 0.1
+  vultisig swap-quote Ethereum Bitcoin --max --output json`
+).action(
   withExit(
     async (fromChainStr, toChainStr, amountStr, options) => {
       if (!amountStr && !options.max) throw new Error("Provide an amount or use --max");
@@ -9875,7 +10676,16 @@ program.command("swap-quote <fromChain> <toChain> [amount]").description("Get a
     }
   )
 );
-program.command("swap <fromChain> <toChain> [amount]").description("Swap tokens between chains").option("--max", "Swap maximum amount (full balance minus fees for native)").option("--from-token <address>", "Token address to swap from (default: native)").option("--to-token <address>", "Token address to swap to (default: native)").option("--slippage <percent>", "Slippage tolerance in percent", "1").option("-y, --yes", "Skip confirmation prompt").option("--password <password>", "Vault password for signing").action(
+program.command("swap <fromChain> <toChain> [amount]").description(descriptions.swap.description).option("--max", "Swap maximum amount (full balance minus fees for native)").option("--from-token <address>", "Token address to swap from (default: native)").option("--to-token <address>", "Token address to swap to (default: native)").option("--slippage <percent>", "Slippage tolerance in percent", "1").option("--dry-run", "Preview swap without signing or broadcasting").option("--confirm", "Confirm and broadcast (without this flag, runs as a preview)").option("-y, --yes", "Alias for --confirm").option("--password <password>", "Vault password for signing").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig swap Ethereum Bitcoin 0.1
+  vultisig swap Ethereum Bitcoin --max --confirm
+  vultisig swap Ethereum Bitcoin 0.5 --dry-run --output json
+
+See also: swap-quote, swap-chains, balance`
+).action(
   withExit(
     async (fromChainStr, toChainStr, amountStr, options) => {
       if (!amountStr && !options.max) throw new Error("Provide an amount or use --max");
@@ -9889,7 +10699,8 @@ program.command("swap <fromChain> <toChain> [amount]").description("Swap tokens
           fromToken: options.fromToken,
           toToken: options.toToken,
           slippage: options.slippage ? parseFloat(options.slippage) : void 0,
-          yes: options.yes,
+          dryRun: options.dryRun,
+          yes: options.yes || options.confirm,
           password: options.password
         });
       } catch (err) {
@@ -9933,7 +10744,7 @@ rujiraCmd.command("deposit").description("Show deposit instructions (inbound add
     }
   )
 );
-rujiraCmd.command("swap <fromAsset> <toAsset> <amount>").description("Execute a FIN swap (amount in base units)").option("--slippage-bps <bps>", "Slippage tolerance in basis points (default: 100 = 1%)", "100").option("--destination <thorAddress>", "Destination THOR address (default: vault THORChain address)").option("-y, --yes", "Skip confirmation prompt").option("--password <password>", "Vault password for signing").option("--rpc <url>", "Override THORChain RPC endpoint").option("--rest <url>", "Override THORNode REST endpoint").action(
+rujiraCmd.command("swap <fromAsset> <toAsset> <amount>").description("Execute a FIN swap (amount in base units)").option("--slippage-bps <bps>", "Slippage tolerance in basis points (default: 100 = 1%)", "100").option("--destination <thorAddress>", "Destination THOR address (default: vault THORChain address)").option("--dry-run", "Preview swap quote without executing").option("-y, --yes", "Skip confirmation prompt").option("--password <password>", "Vault password for signing").option("--rpc <url>", "Override THORChain RPC endpoint").option("--rest <url>", "Override THORNode REST endpoint").action(
   withExit(
     async (fromAsset, toAsset, amount, options) => {
       const context = await init(program.opts().vault, options.password);
@@ -9943,6 +10754,7 @@ rujiraCmd.command("swap <fromAsset> <toAsset> <amount>").description("Execute a
         amount,
         slippageBps: options.slippageBps ? parseInt(options.slippageBps, 10) : void 0,
         destination: options.destination,
+        dryRun: options.dryRun,
         yes: options.yes,
         password: options.password,
         rpcEndpoint: options.rpc,
@@ -9951,7 +10763,7 @@ rujiraCmd.command("swap <fromAsset> <toAsset> <amount>").description("Execute a
     }
   )
 );
-rujiraCmd.command("withdraw <asset> <amount> <l1Address>").description("Withdraw secured assets to L1 (amount in base units)").option("--max-fee-bps <bps>", "Max outbound fee as bps of amount (optional)").option("-y, --yes", "Skip confirmation prompt").option("--password <password>", "Vault password for signing").option("--rpc <url>", "Override THORChain RPC endpoint").option("--rest <url>", "Override THORNode REST endpoint").action(
+rujiraCmd.command("withdraw <asset> <amount> <l1Address>").description("Withdraw secured assets to L1 (amount in base units)").option("--max-fee-bps <bps>", "Max outbound fee as bps of amount (optional)").option("--dry-run", "Preview withdrawal without executing").option("-y, --yes", "Skip confirmation prompt").option("--password <password>", "Vault password for signing").option("--rpc <url>", "Override THORChain RPC endpoint").option("--rest <url>", "Override THORNode REST endpoint").action(
   withExit(
     async (asset, amount, l1Address, options) => {
       const context = await init(program.opts().vault, options.password);
@@ -9960,6 +10772,7 @@ rujiraCmd.command("withdraw <asset> <amount> <l1Address>").description("Withdraw
         amount,
         l1Address,
         maxFeeBps: options.maxFeeBps ? parseInt(options.maxFeeBps, 10) : void 0,
+        dryRun: options.dryRun,
         yes: options.yes,
         password: options.password,
         rpcEndpoint: options.rpc,
@@ -9994,7 +10807,13 @@ var agentCmd = program.command("agent").description("AI-powered chat interface f
     });
   }
 );
-agentCmd.command("ask <message>").description("Send a single message and get the response (for AI agent integration)").option("--session <id>", "Continue an existing conversation").option("--backend-url <url>", "Agent backend URL (default: https://abe.vultisig.com)").option("--password <password>", "Vault password for signing operations").option("--verbose", "Show tool calls and debug info on stderr").option("--json", "Output structured JSON instead of text").action(
+agentCmd.command("ask <message>").description("Send a single message and get the response (for AI agent integration)").option("--session <id>", "Continue an existing conversation").option("--backend-url <url>", "Agent backend URL (default: https://abe.vultisig.com)").option("--password <password>", "Vault password for signing operations").option("--verbose", "Show tool calls and debug info on stderr").option("--json", "Output structured JSON (deprecated: use --output json)").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig agent ask "What is my ETH balance?" --output json
+  vultisig agent ask "Send 0.1 ETH to 0x..." --session abc123 --yes`
+).action(
   async (message, options) => {
     const parentOpts = agentCmd.opts();
     const context = await init(program.opts().vault, options.password || parentOpts.password);
@@ -10062,7 +10881,66 @@ program.command("update").description("Check for updates and show update command
     }
   })
 );
+var authCmd = program.command("auth").description("Manage keyring-stored vault credentials");
+authCmd.command("setup").description("Discover .vult files, prompt for passwords, and store credentials in the OS keyring").option("--vault-file <path>", "Path to a specific .vult file").option("--non-interactive", "Fail instead of prompting (use env vars)").addHelpText(
+  "after",
+  `
+Examples:
+  vultisig auth setup
+  vultisig auth setup --vault-file ~/vault.vult
+  VAULT_PASSWORD=secret VAULT_DECRYPT_PASSWORD=pass vultisig auth setup --non-interactive`
+).action(
+  withExit(async (options) => {
+    const result = await executeAuthSetup({
+      vaultFile: options.vaultFile,
+      nonInteractive: options.nonInteractive || isNonInteractive()
+    });
+    if (isJsonOutput()) {
+      outputJson({
+        stored: true,
+        vaultId: result.vaultId,
+        vaultName: result.vaultName,
+        storageBackend: result.storageBackend
+      });
+    } else {
+      printResult(
+        chalk15.green(`Vault "${result.vaultName}" (${result.vaultId}) credentials stored in ${result.storageBackend}.`)
+      );
+    }
+  })
+);
+authCmd.command("status").description("List configured vaults and their keyring credential status").action(
+  withExit(async () => {
+    const vaults = await executeAuthStatus();
+    if (isJsonOutput()) {
+      outputJson({
+        vaults: vaults.map((v) => ({ id: v.id, name: v.name, filePath: v.filePath, hasCredentials: v.hasCredentials }))
+      });
+      return;
+    }
+    if (vaults.length === 0) {
+      printResult("No vaults configured. Run: vsig auth setup");
+      return;
+    }
+    for (const v of vaults) {
+      const status = v.hasCredentials ? chalk15.green("authenticated") : chalk15.red("no credentials");
+      printResult(`  ${v.name} (${v.id}) - ${status}`);
+      printResult(`    File: ${v.filePath}`);
+    }
+  })
+);
+authCmd.command("logout").description("Clear keyring credentials for a vault").option("--vault-id <id>", "Specific vault ID to clear").option("--all", "Clear credentials for all configured vaults").action(
+  withExit(async (options) => {
+    await executeAuthLogout({ vaultId: options.vaultId, all: options.all });
+    if (isJsonOutput()) {
+      outputJson({ cleared: true, vaultId: options.vaultId ?? null, all: !!options.all });
+    } else {
+      printResult(chalk15.green("Credentials cleared."));
+    }
+  })
+);
 setupCompletionCommand(program);
+program.command("schema", { hidden: true }).description("Output machine-readable command schema (JSON introspection for agents)").helpOption(false).action(withExit(async () => executeSchema(program)));
 async function startInteractiveMode() {
   const serverEndpoints = resolveServerEndpoints(parseServerEndpointOverridesFromArgv(process.argv.slice(2)));
   const sdk = new Vultisig6({