@vultisig/cli 0.2.0-alpha.7 → 0.2.0-beta.9

package/CHANGELOG.md

@@ -1,5 +1,54 @@
 # @vultisig/cli
 
+## 0.2.0-beta.9
+
+### Minor Changes
+
+- [#64](https://github.com/vultisig/vultisig-sdk/pull/64) [`a36a7f6`](https://github.com/vultisig/vultisig-sdk/commit/a36a7f614c03e32ebc7e843cbf1ab30b6be0d4af) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - feat(sdk): add broadcastRawTx() for broadcasting pre-signed transactions
+
+  Adds `broadcastRawTx()` method supporting all chain families:
+  - EVM: Ethereum, Polygon, BSC, Arbitrum, Base, etc. (hex-encoded)
+  - UTXO: Bitcoin, Litecoin, Dogecoin, etc. (hex-encoded)
+  - Solana: Base58 or Base64 encoded transaction bytes
+  - Cosmos: JSON `{tx_bytes}` or raw base64 protobuf (10 chains)
+  - TON: BOC as base64 string
+  - Polkadot: Hex-encoded extrinsic
+  - Ripple: Hex-encoded transaction blob
+  - Sui: JSON `{unsignedTx, signature}`
+  - Tron: JSON transaction object
+
+  CLI commands added:
+  - `vultisig sign --chain <chain> --bytes <base64>` - sign pre-hashed data
+  - `vultisig broadcast --chain <chain> --raw-tx <data>` - broadcast raw tx
+
+  Documentation updated with complete workflow examples for EVM, UTXO, Solana, and Sui.
+
+### Patch Changes
+
+- Updated dependencies [[`a36a7f6`](https://github.com/vultisig/vultisig-sdk/commit/a36a7f614c03e32ebc7e843cbf1ab30b6be0d4af), [`91990d3`](https://github.com/vultisig/vultisig-sdk/commit/91990d3fc7ef1a8d7068f5cbae8f8f3dda5b68f3)]:
+  - @vultisig/sdk@0.2.0-beta.9
+
+## 0.2.0-beta.8
+
+### Minor Changes
+
+- [#62](https://github.com/vultisig/vultisig-sdk/pull/62) [`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - feat: separate unlock and export passwords in CLI export command
+
+  The export command now has two distinct password options:
+  - `--password`: Unlocks the vault (decrypts stored keyshares for encrypted vaults)
+  - `--exportPassword`: Encrypts the exported file (defaults to `--password` if not specified)
+
+  This fixes the "Password required but callback returned empty value" error when exporting encrypted vaults.
+
+  Password resolution now uses an in-memory cache that persists across SDK callbacks, allowing the CLI to pre-cache the unlock password before vault loading.
+
+### Patch Changes
+
+- [#62](https://github.com/vultisig/vultisig-sdk/pull/62) [`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Simplify export command by removing `--encrypt` and `--no-encrypt` flags. Password is now optional - if provided, vault is encrypted; if omitted or empty, vault is exported without encryption. Path argument now supports directories (appends SDK-generated filename).
+
+- Updated dependencies [[`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8)]:
+  - @vultisig/sdk@0.2.0-beta.8
+
 ## 0.2.0-alpha.7
 
 ### Minor Changes

package/README.md

@@ -186,6 +186,29 @@ vultisig -i
 - `--shares <n>` - Number of devices for secure vault (default: 2)
 - `--threshold <n>` - Signing threshold (default: ceil((shares+1)/2))
 
+**Export options:**
+- `[path]` - Output file or directory (defaults to SDK-generated filename in current directory)
+- `--password <password>` - Password to unlock encrypted vaults
+- `--exportPassword <password>` - Password to encrypt the export file (defaults to `--password` if provided)
+
+```bash
+# Export to current directory (prompts for export password)
+vultisig export
+
+# Export to specific directory
+vultisig export /path/to/backups/
+
+# Export with encryption (same password for unlock and export)
+vultisig export --password mypassword
+
+# Export with different passwords for unlock vs export
+vultisig export --password unlockPass --exportPassword exportPass
+
+# Export without encryption (leave password prompt empty)
+vultisig export
+# > Enter password for export encryption (leave empty for no encryption): [enter]
+```
+
 ### Wallet Operations
 
 | Command | Description |
@@ -221,6 +244,204 @@ vultisig swap ethereum bitcoin 0.1 --password mypassword
 vultisig swap ethereum bitcoin 0.1 -y --password mypassword
 ```
 
+### Advanced Operations
+
+| Command | Description |
+|---------|-------------|
+| `sign` | Sign pre-hashed bytes for custom transactions |
+| `broadcast` | Broadcast a pre-signed raw transaction |
+
+#### Signing Arbitrary Bytes
+
+Sign pre-hashed data for externally constructed transactions:
+
+```bash
+# Sign a pre-hashed message (base64 encoded)
+vultisig sign --chain ethereum --bytes "aGVsbG8gd29ybGQ="
+
+# With password
+vultisig sign --chain bitcoin --bytes "..." --password mypassword
+
+# JSON output
+vultisig sign --chain ethereum --bytes "..." -o json
+```
+
+**Output:**
+```
+Signature: <base64-encoded signature>
+Recovery: 0
+Format: ecdsa
+```
+
+**JSON output:**
+```json
+{
+  "signature": "<base64>",
+  "recovery": 0,
+  "format": "ecdsa"
+}
+```
+
+#### Broadcasting Raw Transactions
+
+Broadcast pre-signed transactions to the network:
+
+```bash
+# EVM transaction (hex)
+vultisig broadcast --chain ethereum --raw-tx "0x02f8..."
+
+# Bitcoin transaction (hex)
+vultisig broadcast --chain bitcoin --raw-tx "0200000001..."
+
+# Solana transaction (base64)
+vultisig broadcast --chain solana --raw-tx "AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAQABAwIAAA..."
+
+# Sui transaction (JSON)
+vultisig broadcast --chain sui --raw-tx '{"unsignedTx":"...","signature":"..."}'
+```
+
+**Output:**
+```
+TX Hash: 0x9f8e7d6c...
+Explorer: https://etherscan.io/tx/0x9f8e7d6c...
+```
+
+**Supported broadcast formats by chain:**
+
+| Chain | `--raw-tx` Format |
+|-------|-------------------|
+| EVM (Ethereum, Polygon, etc.) | Hex-encoded signed tx |
+| UTXO (Bitcoin, Litecoin, etc.) | Hex-encoded raw tx |
+| Solana | Base64-encoded tx bytes |
+| Sui | JSON: `{"unsignedTx":"...","signature":"..."}` |
+| Cosmos | JSON: `{"tx_bytes":"..."}` or base64 |
+| TON | Base64 BOC |
+| Polkadot | Hex-encoded extrinsic |
+| Ripple | Hex-encoded tx blob |
+| Tron | JSON tx object |
+
+#### Example: Custom EVM Transaction
+
+Build and sign a transaction with ethers.js, broadcast with CLI:
+
+```bash
+# 1. Build transaction externally (save as build-evm-tx.js)
+cat > build-evm-tx.js << 'EOF'
+const { keccak256, Transaction, parseEther } = require('ethers');
+const tx = Transaction.from({
+  to: '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0',
+  value: parseEther('0.01'),
+  gasLimit: 21000n,
+  maxFeePerGas: 50000000000n,
+  maxPriorityFeePerGas: 2000000000n,
+  nonce: 0,
+  chainId: 1,
+  type: 2
+});
+const hash = keccak256(tx.unsignedSerialized);
+console.log('HASH:', Buffer.from(hash.slice(2), 'hex').toString('base64'));
+console.log('UNSIGNED:', tx.unsignedSerialized);
+EOF
+node build-evm-tx.js
+
+# 2. Sign the hash with Vultisig
+vultisig sign --chain ethereum --bytes "<base64-hash-from-step-1>" -o json > sig.json
+
+# 3. Assemble signed transaction (use r,s,v from sig.json)
+# The signature field contains r||s (64 bytes hex), recovery is v
+
+# 4. Broadcast the assembled signed transaction
+vultisig broadcast --chain ethereum --raw-tx "0x02f8..."
+```
+
+#### Example: Custom Bitcoin Transaction
+
+Build a PSBT with bitcoinjs-lib, sign with CLI:
+
+```bash
+# 1. Build PSBT and get sighash (save as build-btc-tx.js)
+cat > build-btc-tx.js << 'EOF'
+const bitcoin = require('bitcoinjs-lib');
+const psbt = new bitcoin.Psbt({ network: bitcoin.networks.bitcoin });
+// Add your inputs and outputs
+psbt.addInput({
+  hash: '<previous-txid>',
+  index: 0,
+  witnessUtxo: { script: Buffer.from('...'), value: 100000 }
+});
+psbt.addOutput({ address: 'bc1q...', value: 90000 });
+// Get sighash for signing
+const sighash = psbt.getTxForSigning().hashForWitnessV0(0, scriptCode, 100000, 0x01);
+console.log('SIGHASH:', sighash.toString('base64'));
+EOF
+node build-btc-tx.js
+
+# 2. Sign with Vultisig
+vultisig sign --chain bitcoin --bytes "<base64-sighash>" -o json > sig.json
+
+# 3. Apply signature to PSBT and finalize (use signature from sig.json)
+
+# 4. Broadcast
+vultisig broadcast --chain bitcoin --raw-tx "0200000001..."
+```
+
+#### Example: Custom Solana Transaction
+
+Build with @solana/web3.js, sign with CLI:
+
+```bash
+# 1. Build transaction (save as build-sol-tx.js)
+cat > build-sol-tx.js << 'EOF'
+const { Transaction, SystemProgram, PublicKey, Connection } = require('@solana/web3.js');
+const connection = new Connection('https://api.mainnet-beta.solana.com');
+const fromPubkey = new PublicKey('<your-pubkey>');
+const toPubkey = new PublicKey('<recipient-pubkey>');
+
+const tx = new Transaction().add(
+  SystemProgram.transfer({ fromPubkey, toPubkey, lamports: 1000000 })
+);
+tx.recentBlockhash = (await connection.getLatestBlockhash()).blockhash;
+tx.feePayer = fromPubkey;
+
+const message = tx.serializeMessage();
+console.log('MESSAGE:', message.toString('base64'));
+EOF
+node build-sol-tx.js
+
+# 2. Sign the message with Vultisig (EdDSA)
+vultisig sign --chain solana --bytes "<base64-message>" -o json > sig.json
+
+# 3. Assemble signed transaction (attach signature to message)
+
+# 4. Broadcast (base64 encoded signed transaction)
+vultisig broadcast --chain solana --raw-tx "<base64-signed-tx>"
+```
+
+#### Example: Custom Sui Transaction
+
+Build with @mysten/sui, sign with CLI:
+
+```bash
+# 1. Build transaction (save as build-sui-tx.js)
+cat > build-sui-tx.js << 'EOF'
+const { SuiClient, getFullnodeUrl } = require('@mysten/sui/client');
+const { Transaction } = require('@mysten/sui/transactions');
+
+const client = new SuiClient({ url: getFullnodeUrl('mainnet') });
+const tx = new Transaction();
+tx.transferObjects([tx.gas], '<recipient-address>');
+const bytes = await tx.build({ client });
+console.log('TX_BYTES:', Buffer.from(bytes).toString('base64'));
+EOF
+node build-sui-tx.js
+
+# 2. Sign the transaction bytes with Vultisig (EdDSA)
+vultisig sign --chain sui --bytes "<base64-tx-bytes>" -o json > sig.json
+
+# 3. Broadcast (requires JSON with both unsigned tx and signature)
+vultisig broadcast --chain sui --raw-tx '{"unsignedTx":"<base64-tx-bytes>","signature":"<base64-signature-from-sig.json>"}'
+```
+
 ### Settings
 
 | Command | Description |

package/dist/index.js

@@ -1042,14 +1042,14 @@ var require_main = __commonJS({
           cb = opts;
           opts = {};
         }
-        var qrcode3 = new QRCode(-1, this.error);
-        qrcode3.addData(input);
-        qrcode3.make();
+        var qrcode4 = new QRCode(-1, this.error);
+        qrcode4.addData(input);
+        qrcode4.make();
         var output = "";
         if (opts && opts.small) {
           var BLACK = true, WHITE = false;
-          var moduleCount = qrcode3.getModuleCount();
-          var moduleData = qrcode3.modules.slice();
+          var moduleCount = qrcode4.getModuleCount();
+          var moduleData = qrcode4.modules.slice();
           var oddRow = moduleCount % 2 === 1;
           if (oddRow) {
             moduleData.push(fill(moduleCount, WHITE));
@@ -1082,9 +1082,9 @@ var require_main = __commonJS({
             output += borderBottom;
           }
         } else {
-          var border = repeat(white).times(qrcode3.getModuleCount() + 3);
+          var border = repeat(white).times(qrcode4.getModuleCount() + 3);
           output += border + "\n";
-          qrcode3.modules.forEach(function(row2) {
+          qrcode4.modules.forEach(function(row2) {
             output += white;
             output += row2.map(toCell).join("");
             output += white + "\n";
@@ -1103,7 +1103,7 @@ var require_main = __commonJS({
 
 // src/index.ts
 import "dotenv/config";
-import { Vultisig as Vultisig3 } from "@vultisig/sdk";
+import { Vultisig as Vultisig4 } from "@vultisig/sdk";
 import chalk12 from "chalk";
 import { program } from "commander";
 
@@ -1314,6 +1314,15 @@ function createSpinner(text) {
 }
 
 // src/core/password-manager.ts
+var passwordCache = /* @__PURE__ */ new Map();
+function cachePassword(vaultIdOrName, password) {
+  passwordCache.set(vaultIdOrName, password);
+}
+function getCachedPassword(vaultId, vaultName) {
+  if (vaultName && passwordCache.has(vaultName)) return passwordCache.get(vaultName);
+  if (passwordCache.has(vaultId)) return passwordCache.get(vaultId);
+  return null;
+}
 function parseVaultPasswords() {
   const passwordMap = /* @__PURE__ */ new Map();
   const passwordsEnv = process.env.VAULT_PASSWORDS;
@@ -1356,14 +1365,23 @@ async function promptForPassword(vaultName, vaultId) {
   return password;
 }
 async function getPassword(vaultId, vaultName) {
+  const cachedPassword = getCachedPassword(vaultId, vaultName);
+  if (cachedPassword) {
+    return cachedPassword;
+  }
   const envPassword = getPasswordFromEnv(vaultId, vaultName);
   if (envPassword) {
+    cachePassword(vaultId, envPassword);
+    if (vaultName) cachePassword(vaultName, envPassword);
     return envPassword;
   }
   if (isSilent() || isJsonOutput()) {
     throw new Error("Password required but not provided. Set VAULT_PASSWORD or VAULT_PASSWORDS environment variable.");
   }
-  return promptForPassword(vaultName, vaultId);
+  const password = await promptForPassword(vaultName, vaultId);
+  cachePassword(vaultId, password);
+  if (vaultName) cachePassword(vaultName, password);
+  return password;
 }
 function createPasswordCallback() {
   return async (vaultId, vaultName) => {
@@ -1992,11 +2010,124 @@ Or use this URL: ${qrPayload}
   }
 }
 
-// src/commands/vault-management.ts
+// src/commands/sign.ts
 var import_qrcode_terminal2 = __toESM(require_main(), 1);
+import { Chain as Chain2 } from "@vultisig/sdk";
+async function executeSignBytes(ctx2, params) {
+  const vault = await ctx2.ensureActiveVault();
+  if (!Object.values(Chain2).includes(params.chain)) {
+    throw new Error(`Invalid chain: ${params.chain}`);
+  }
+  return signBytes(vault, params);
+}
+async function signBytes(vault, params) {
+  const hashBytes = Buffer.from(params.bytes, "base64");
+  await ensureVaultUnlocked(vault, params.password);
+  const isSecureVault = vault.type === "secure";
+  const signSpinner = createSpinner(isSecureVault ? "Preparing secure signing session..." : "Signing bytes...");
+  vault.on("signingProgress", ({ step }) => {
+    signSpinner.text = `${step.message} (${step.progress}%)`;
+  });
+  if (isSecureVault) {
+    vault.on("qrCodeReady", ({ qrPayload }) => {
+      if (isJsonOutput()) {
+        printResult(JSON.stringify({ qrPayload }));
+      } else if (isSilent()) {
+        printResult(`QR Payload: ${qrPayload}`);
+      } else {
+        signSpinner.stop();
+        info("\nScan this QR code with your Vultisig mobile app to sign:");
+        import_qrcode_terminal2.default.generate(qrPayload, { small: true });
+        info(`
+Or use this URL: ${qrPayload}
+`);
+        signSpinner.start("Waiting for devices to join signing session...");
+      }
+    });
+    vault.on(
+      "deviceJoined",
+      ({ deviceId, totalJoined, required }) => {
+        if (!isSilent()) {
+          signSpinner.text = `Device joined: ${totalJoined}/${required} (${deviceId})`;
+        } else if (!isJsonOutput()) {
+          printResult(`Device joined: ${totalJoined}/${required}`);
+        }
+      }
+    );
+  }
+  try {
+    const signature = await vault.signBytes(
+      {
+        data: hashBytes,
+        chain: params.chain
+      },
+      { signal: params.signal }
+    );
+    signSpinner.succeed("Bytes signed");
+    const sigHex = signature.signature.startsWith("0x") ? signature.signature.slice(2) : signature.signature;
+    const sigBase64 = Buffer.from(sigHex, "hex").toString("base64");
+    const result = {
+      signature: sigBase64,
+      recovery: signature.recovery,
+      format: signature.format
+    };
+    if (isJsonOutput()) {
+      outputJson(result);
+    } else {
+      printResult(`Signature: ${result.signature}`);
+      if (result.recovery !== void 0) {
+        printResult(`Recovery: ${result.recovery}`);
+      }
+      printResult(`Format: ${result.format}`);
+    }
+    return result;
+  } finally {
+    vault.removeAllListeners("signingProgress");
+    if (isSecureVault) {
+      vault.removeAllListeners("qrCodeReady");
+      vault.removeAllListeners("deviceJoined");
+    }
+  }
+}
+
+// src/commands/broadcast.ts
+import { Chain as Chain3, Vultisig as Vultisig3 } from "@vultisig/sdk";
+async function executeBroadcast(ctx2, params) {
+  const vault = await ctx2.ensureActiveVault();
+  if (!Object.values(Chain3).includes(params.chain)) {
+    throw new Error(`Invalid chain: ${params.chain}`);
+  }
+  const broadcastSpinner = createSpinner("Broadcasting transaction...");
+  try {
+    const txHash = await vault.broadcastRawTx({
+      chain: params.chain,
+      rawTx: params.rawTx
+    });
+    broadcastSpinner.succeed(`Transaction broadcast: ${txHash}`);
+    const result = {
+      txHash,
+      chain: params.chain,
+      explorerUrl: Vultisig3.getTxExplorerUrl(params.chain, txHash)
+    };
+    if (isJsonOutput()) {
+      outputJson(result);
+    } else {
+      printResult(`TX Hash: ${result.txHash}`);
+      printResult(`Explorer: ${result.explorerUrl}`);
+    }
+    return result;
+  } catch (error2) {
+    broadcastSpinner.fail("Broadcast failed");
+    throw error2;
+  }
+}
+
+// src/commands/vault-management.ts
+var import_qrcode_terminal3 = __toESM(require_main(), 1);
 import chalk5 from "chalk";
 import { promises as fs } from "fs";
 import inquirer4 from "inquirer";
+import path from "path";
 function withAbortSignal(promise, signal) {
   if (!signal) return promise;
   return Promise.race([
@@ -2113,7 +2244,7 @@ async function executeCreateSecure(ctx2, options) {
           } else {
             spinner.stop();
             info("\nScan this QR code with your Vultisig mobile app:");
-            import_qrcode_terminal2.default.generate(qrPayload, { small: true });
+            import_qrcode_terminal3.default.generate(qrPayload, { small: true });
             info(`
 Or use this URL: ${qrPayload}
 `);
@@ -2218,38 +2349,47 @@ async function executeVerify(ctx2, vaultId, options = {}) {
 }
 async function executeExport(ctx2, options = {}) {
   const vault = await ctx2.ensureActiveVault();
-  let encrypt = options.encrypt;
-  let password = options.password;
-  if (encrypt === void 0) {
-    const encryptAnswer = await inquirer4.prompt([
-      {
-        type: "confirm",
-        name: "encrypt",
-        message: "Encrypt export with password?",
-        default: true
-      }
-    ]);
-    encrypt = encryptAnswer.encrypt;
+  let exportPassword = options.exportPassword;
+  if (exportPassword === void 0) {
+    if (options.password !== void 0) {
+      exportPassword = options.password;
+    } else {
+      const answer = await inquirer4.prompt([
+        {
+          type: "password",
+          name: "exportPassword",
+          message: "Enter password for export encryption (leave empty for no encryption):",
+          mask: "*"
+        }
+      ]);
+      exportPassword = answer.exportPassword || void 0;
+    }
   }
-  if (encrypt && !password) {
-    const passwordAnswer = await inquirer4.prompt([
-      {
-        type: "password",
-        name: "password",
-        message: "Enter password:",
-        mask: "*"
+  const spinner = createSpinner("Exporting vault...");
+  const { data: vultContent, filename: sdkFilename } = await vault.export(exportPassword);
+  let outputPath;
+  if (options.outputPath) {
+    const resolvedPath = path.resolve(options.outputPath);
+    try {
+      const stat = await fs.stat(resolvedPath);
+      if (stat.isDirectory()) {
+        outputPath = path.join(resolvedPath, sdkFilename);
+      } else {
+        outputPath = resolvedPath;
       }
-    ]);
-    password = passwordAnswer.password;
+    } catch {
+      outputPath = resolvedPath;
+    }
+  } else {
+    outputPath = path.resolve(sdkFilename);
   }
-  const spinner = createSpinner("Exporting vault...");
-  const { data: vultContent } = await vault.export(encrypt ? password : void 0);
-  const fileName = options.outputPath || `${vault.name}-${vault.localPartyId}-vault.vult`;
-  await fs.writeFile(fileName, vultContent, "utf-8");
-  spinner.succeed(`Vault exported: ${fileName}`);
+  const parentDir = path.dirname(outputPath);
+  await fs.mkdir(parentDir, { recursive: true });
+  await fs.writeFile(outputPath, vultContent, "utf-8");
+  spinner.succeed(`Vault exported: ${outputPath}`);
   success("\n+ Vault exported successfully!");
-  info(`File: ${fileName}`);
-  return fileName;
+  info(`File: ${outputPath}`);
+  return outputPath;
 }
 async function executeVaults(ctx2) {
   const spinner = createSpinner("Loading vaults...");
@@ -2497,7 +2637,7 @@ async function executeSwap(ctx2, options) {
 }
 
 // src/commands/settings.ts
-import { Chain as Chain2, fiatCurrencies as fiatCurrencies2, fiatCurrencyNameRecord as fiatCurrencyNameRecord3 } from "@vultisig/sdk";
+import { Chain as Chain4, fiatCurrencies as fiatCurrencies2, fiatCurrencyNameRecord as fiatCurrencyNameRecord3 } from "@vultisig/sdk";
 import chalk6 from "chalk";
 import inquirer5 from "inquirer";
 async function executeCurrency(ctx2, newCurrency) {
@@ -2565,7 +2705,7 @@ async function executeAddressBook(ctx2, options = {}) {
         type: "list",
         name: "chain",
         message: "Select chain:",
-        choices: Object.values(Chain2)
+        choices: Object.values(Chain4)
       });
     }
     if (!address) {
@@ -2642,9 +2782,9 @@ Address Book${options.chain ? ` (${options.chain})` : ""}:
 }
 
 // src/interactive/completer.ts
-import { Chain as Chain3 } from "@vultisig/sdk";
+import { Chain as Chain5 } from "@vultisig/sdk";
 import fs2 from "fs";
-import path from "path";
+import path2 from "path";
 var COMMANDS = [
   // Vault management
   "vaults",
@@ -2718,28 +2858,28 @@ function createCompleter(ctx2) {
 }
 function completeFilePath(partial, filterVult) {
   try {
-    const endsWithSeparator = partial.endsWith("/") || partial.endsWith(path.sep);
+    const endsWithSeparator = partial.endsWith("/") || partial.endsWith(path2.sep);
     let dir;
     let basename;
     if (endsWithSeparator) {
       dir = partial;
       basename = "";
     } else {
-      dir = path.dirname(partial);
-      basename = path.basename(partial);
+      dir = path2.dirname(partial);
+      basename = path2.basename(partial);
       if (fs2.existsSync(partial) && fs2.statSync(partial).isDirectory()) {
         dir = partial;
         basename = "";
       }
     }
-    const resolvedDir = path.resolve(dir);
+    const resolvedDir = path2.resolve(dir);
     if (!fs2.existsSync(resolvedDir) || !fs2.statSync(resolvedDir).isDirectory()) {
       return [[], partial];
     }
     const files = fs2.readdirSync(resolvedDir);
     const matches = files.filter((file) => file.startsWith(basename)).map((file) => {
-      const fullPath = path.join(dir, file);
-      const stats = fs2.statSync(path.join(resolvedDir, file));
+      const fullPath = path2.join(dir, file);
+      const stats = fs2.statSync(path2.join(resolvedDir, file));
       if (stats.isDirectory()) {
         return fullPath + "/";
       }
@@ -2765,7 +2905,7 @@ function completeVaultName(ctx2, partial) {
   return [show, partial];
 }
 function completeChainName(partial) {
-  const allChains = Object.values(Chain3);
+  const allChains = Object.values(Chain5);
   const partialLower = partial.toLowerCase();
   const matches = allChains.filter((chain) => chain.toLowerCase().startsWith(partialLower));
   matches.sort();
@@ -2773,7 +2913,7 @@ function completeChainName(partial) {
   return [show, partial];
 }
 function findChainByName(name) {
-  const allChains = Object.values(Chain3);
+  const allChains = Object.values(Chain5);
   const nameLower = name.toLowerCase();
   const found = allChains.find((chain) => chain.toLowerCase() === nameLower);
   return found ? found : null;
@@ -3900,7 +4040,7 @@ var cachedVersion = null;
 function getVersion() {
   if (cachedVersion) return cachedVersion;
   if (true) {
-    cachedVersion = "0.2.0-alpha.7";
+    cachedVersion = "0.2.0-beta.9";
     return cachedVersion;
   }
   try {
@@ -4368,14 +4508,17 @@ async function findVaultByNameOrId(sdk, nameOrId) {
   if (byPartialId) return byPartialId;
   return null;
 }
-async function init(vaultOverride) {
+async function init(vaultOverride, unlockPassword) {
   if (!ctx) {
-    const sdk = new Vultisig3({
+    const vaultSelector = vaultOverride || process.env.VULTISIG_VAULT;
+    if (unlockPassword && vaultSelector) {
+      cachePassword(vaultSelector, unlockPassword);
+    }
+    const sdk = new Vultisig4({
       onPasswordRequired: createPasswordCallback()
     });
     await sdk.initialize();
     ctx = new CLIContext(sdk);
-    const vaultSelector = vaultOverride || process.env.VULTISIG_VAULT;
     let vault = null;
     if (vaultSelector) {
       vault = await findVaultByNameOrId(sdk, vaultSelector);
@@ -4460,6 +4603,25 @@ program.command("send <chain> <to> <amount>").description("Send tokens to an add
     }
   )
 );
+program.command("sign").description("Sign pre-hashed bytes (for externally constructed transactions)").requiredOption("--chain <chain>", "Target blockchain").requiredOption("--bytes <base64>", "Base64-encoded pre-hashed data to sign").option("--password <password>", "Vault password for signing").action(
+  withExit(async (options) => {
+    const context = await init(program.opts().vault, options.password);
+    await executeSignBytes(context, {
+      chain: findChainByName(options.chain) || options.chain,
+      bytes: options.bytes,
+      password: options.password
+    });
+  })
+);
+program.command("broadcast").description("Broadcast a pre-signed raw transaction").requiredOption("--chain <chain>", "Target blockchain").requiredOption("--raw-tx <hex>", "Hex-encoded signed transaction").action(
+  withExit(async (options) => {
+    const context = await init(program.opts().vault);
+    await executeBroadcast(context, {
+      chain: findChainByName(options.chain) || options.chain,
+      rawTx: options.rawTx
+    });
+  })
+);
 program.command("portfolio").description("Show total portfolio value").option("-c, --currency <currency>", "Fiat currency (usd, eur, gbp, etc.)", "usd").action(
   withExit(async (options) => {
     const context = await init(program.opts().vault);
@@ -4478,13 +4640,13 @@ program.command("server").description("Check server connectivity and status").ac
     await executeServer(context);
   })
 );
-program.command("export [path]").description("Export vault to file").option("--encrypt", "Encrypt the export with a password").option("--no-encrypt", "Export without encryption").option("--password <password>", "Password for encryption").action(
-  withExit(async (path2, options) => {
-    const context = await init(program.opts().vault);
+program.command("export [path]").description("Export vault to file").option("--password <password>", "Password to unlock the vault (for encrypted vaults)").option("--exportPassword <password>", "Password to encrypt the exported file (defaults to --password)").action(
+  withExit(async (path3, options) => {
+    const context = await init(program.opts().vault, options.password);
     await executeExport(context, {
-      outputPath: path2,
-      encrypt: options.encrypt,
-      password: options.password
+      outputPath: path3,
+      password: options.password,
+      exportPassword: options.exportPassword
     });
   })
 );
@@ -4636,7 +4798,7 @@ program.command("update").description("Check for updates and show update command
 );
 setupCompletionCommand(program);
 async function startInteractiveMode() {
-  const sdk = new Vultisig3({
+  const sdk = new Vultisig4({
     onPasswordRequired: createPasswordCallback()
   });
   await sdk.initialize();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vultisig/cli",
-  "version": "0.2.0-alpha.7",
+  "version": "0.2.0-beta.9",
   "description": "Command-line wallet for Vultisig - multi-chain MPC wallet management",
   "type": "module",
   "bin": {
@@ -48,7 +48,7 @@
   },
   "homepage": "https://vultisig.com",
   "dependencies": {
-    "@vultisig/sdk": "^0.2.0-alpha.7",
+    "@vultisig/sdk": "^0.2.0-beta.9",
     "chalk": "^5.3.0",
     "cli-table3": "^0.6.5",
     "commander": "^12.0.0",