@vultisig/cli 0.2.0-beta.8 → 0.2.0

package/CHANGELOG.md

@@ -1,5 +1,151 @@
 # @vultisig/cli
 
+## 0.2.0
+
+### Minor Changes
+
+- [#64](https://github.com/vultisig/vultisig-sdk/pull/64) [`a36a7f6`](https://github.com/vultisig/vultisig-sdk/commit/a36a7f614c03e32ebc7e843cbf1ab30b6be0d4af) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - feat(sdk): add broadcastRawTx() for broadcasting pre-signed transactions
+
+  Adds `broadcastRawTx()` method supporting all chain families:
+  - EVM: Ethereum, Polygon, BSC, Arbitrum, Base, etc. (hex-encoded)
+  - UTXO: Bitcoin, Litecoin, Dogecoin, etc. (hex-encoded)
+  - Solana: Base58 or Base64 encoded transaction bytes
+  - Cosmos: JSON `{tx_bytes}` or raw base64 protobuf (10 chains)
+  - TON: BOC as base64 string
+  - Polkadot: Hex-encoded extrinsic
+  - Ripple: Hex-encoded transaction blob
+  - Sui: JSON `{unsignedTx, signature}`
+  - Tron: JSON transaction object
+
+  CLI commands added:
+  - `vultisig sign --chain <chain> --bytes <base64>` - sign pre-hashed data
+  - `vultisig broadcast --chain <chain> --raw-tx <data>` - broadcast raw tx
+
+  Documentation updated with complete workflow examples for EVM, UTXO, Solana, and Sui.
+
+- [#62](https://github.com/vultisig/vultisig-sdk/pull/62) [`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - feat: separate unlock and export passwords in CLI export command
+
+  The export command now has two distinct password options:
+  - `--password`: Unlocks the vault (decrypts stored keyshares for encrypted vaults)
+  - `--exportPassword`: Encrypts the exported file (defaults to `--password` if not specified)
+
+  This fixes the "Password required but callback returned empty value" error when exporting encrypted vaults.
+
+  Password resolution now uses an in-memory cache that persists across SDK callbacks, allowing the CLI to pre-cache the unlock password before vault loading.
+
+- [#60](https://github.com/vultisig/vultisig-sdk/pull/60) [`b4cf357`](https://github.com/vultisig/vultisig-sdk/commit/b4cf357c98ef493b48c807e5bb45cd40b9893295) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - feat: Add SecureVault support for multi-device MPC vaults
+  - Implement SecureVault.create() for multi-device keygen ceremony
+  - Add RelaySigningService for coordinated signing via relay server
+  - Implement SecureVault.sign() and signBytes() methods
+  - Add QR code generation for mobile app pairing (compatible with Vultisig iOS/Android)
+  - CLI: Add `vault create --type secure` with terminal QR display
+  - CLI: Support secure vault signing with device coordination
+  - Add comprehensive unit, integration, and E2E tests
+
+- [#68](https://github.com/vultisig/vultisig-sdk/pull/68) [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Add seedphrase (BIP39 mnemonic) import functionality
+
+  This release adds the ability to import existing wallets from BIP39 mnemonic phrases (12 or 24 words) into Vultisig vaults, mirroring the iOS implementation.
+
+  **New SDK Methods:**
+  - `sdk.validateSeedphrase()` - Validate a BIP39 mnemonic phrase
+  - `sdk.discoverChainsFromSeedphrase()` - Discover chains with balances before import
+  - `sdk.importSeedphraseAsFastVault()` - Import as FastVault (2-of-2 with VultiServer)
+  - `sdk.importSeedphraseAsSecureVault()` - Import as SecureVault (N-of-M multi-device)
+
+  **Features:**
+  - Chain discovery with progress callbacks to find existing balances
+  - Auto-enable chains with balances during import
+  - EdDSA key transformation using SHA-512 clamping for Schnorr TSS compatibility
+  - Full ECDSA (secp256k1) and EdDSA (ed25519) master key derivation
+
+  **New exported types:**
+  - `SeedphraseValidation`, `ChainDiscoveryProgress`, `ChainDiscoveryResult`
+  - `ChainDiscoveryPhase`, `DerivedMasterKeys`
+  - `ImportSeedphraseAsFastVaultOptions`, `ImportSeedphraseAsSecureVaultOptions`
+  - `SeedphraseImportResult`
+
+  **New services:**
+  - `SeedphraseValidator` - BIP39 validation using WalletCore
+  - `MasterKeyDeriver` - Key derivation from mnemonic
+  - `ChainDiscoveryService` - Balance scanning across chains
+  - `FastVaultSeedphraseImportService` - FastVault import orchestration
+  - `SecureVaultSeedphraseImportService` - SecureVault import orchestration
+
+  **New CLI Commands:**
+  - `vultisig import-seedphrase fast` - Import as FastVault (2-of-2 with VultiServer)
+  - `vultisig import-seedphrase secure` - Import as SecureVault (N-of-M multi-device)
+
+  **CLI Features:**
+  - Secure seedphrase input (masked with `*`)
+  - `--discover-chains` flag to scan for existing balances
+  - `--chains` flag to specify chains (comma-separated)
+  - Interactive shell support with tab completion
+  - Progress spinners during import
+
+### Patch Changes
+
+- [#57](https://github.com/vultisig/vultisig-sdk/pull/57) [`22bb16b`](https://github.com/vultisig/vultisig-sdk/commit/22bb16be8421a51aa32da6c1166539015380651e) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Optimize SDK bundling configuration
+  - Add terser minification (~60% bundle size reduction)
+  - Add clean script to remove stale dist files before builds
+  - Centralize duplicated onwarn handler in rollup config
+  - Add package.json exports for react-native and electron platforms
+
+- [`cc96f64`](https://github.com/vultisig/vultisig-sdk/commit/cc96f64622a651eb6156f279afbbfe0aa4219179) - fix: re-release as alpha (0.1.0 was accidentally published as stable)
+
+- [#55](https://github.com/vultisig/vultisig-sdk/pull/55) [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Replace development command references (`npm run wallet`) with production CLI name (`vultisig`) in all user-facing messages.
+
+- [#55](https://github.com/vultisig/vultisig-sdk/pull/55) [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Fix interactive shell prompts by replacing REPL with readline to prevent stdin conflicts with inquirer
+
+- [#58](https://github.com/vultisig/vultisig-sdk/pull/58) [`c9b7d88`](https://github.com/vultisig/vultisig-sdk/commit/c9b7d888e21e9db1b928ddc929294aa15157e476) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Fix password prompt being swallowed by spinner during signing
+  - Add `--password` option to `send` and `swap` commands for non-interactive use
+  - Pre-unlock vault before signing spinner starts to prevent prompt interference
+  - Password prompt now appears before spinner when not provided via CLI flag
+
+- [`9dcfb8b`](https://github.com/vultisig/vultisig-sdk/commit/9dcfb8b4b29de73b1301f791b50dc417a8f899f3) - fix: use yarn npm publish to properly resolve workspace protocols
+
+- [`0985a37`](https://github.com/vultisig/vultisig-sdk/commit/0985a375c6009e2550231d759e84b576454ce759) - fix: use workspace:^ for SDK dependency to resolve correctly when publishing
+
+- [#62](https://github.com/vultisig/vultisig-sdk/pull/62) [`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Simplify export command by removing `--encrypt` and `--no-encrypt` flags. Password is now optional - if provided, vault is encrypted; if omitted or empty, vault is exported without encryption. Path argument now supports directories (appends SDK-generated filename).
+
+- [#55](https://github.com/vultisig/vultisig-sdk/pull/55) [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Update browser example and CLI for new fast vault creation API
+  - Updated to use new `createFastVault()` that returns just the vaultId
+  - Updated to use new `verifyVault()` that returns the FastVault
+  - Removed `code` from CLI `CreateVaultOptions` (verification code always prompted interactively)
+  - Removed `--code` option from CLI create command
+
+- [#55](https://github.com/vultisig/vultisig-sdk/pull/55) [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Add inline verification code retry during vault creation. When entering an incorrect code, users can now retry, resend the verification email, or abort gracefully instead of being kicked back to the main menu.
+
+- Updated dependencies [[`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`7f60cd5`](https://github.com/vultisig/vultisig-sdk/commit/7f60cd5835510bd9110d6382cf7d03bf1d5e04ff), [`a36a7f6`](https://github.com/vultisig/vultisig-sdk/commit/a36a7f614c03e32ebc7e843cbf1ab30b6be0d4af), [`22bb16b`](https://github.com/vultisig/vultisig-sdk/commit/22bb16be8421a51aa32da6c1166539015380651e), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c), [`cc96f64`](https://github.com/vultisig/vultisig-sdk/commit/cc96f64622a651eb6156f279afbbfe0aa4219179), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`22bb16b`](https://github.com/vultisig/vultisig-sdk/commit/22bb16be8421a51aa32da6c1166539015380651e), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`b4cf357`](https://github.com/vultisig/vultisig-sdk/commit/b4cf357c98ef493b48c807e5bb45cd40b9893295), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`91990d3`](https://github.com/vultisig/vultisig-sdk/commit/91990d3fc7ef1a8d7068f5cbae8f8f3dda5b68f3), [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b)]:
+  - @vultisig/sdk@0.2.0
+
+## 0.2.0-beta.9
+
+### Minor Changes
+
+- [#64](https://github.com/vultisig/vultisig-sdk/pull/64) [`a36a7f6`](https://github.com/vultisig/vultisig-sdk/commit/a36a7f614c03e32ebc7e843cbf1ab30b6be0d4af) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - feat(sdk): add broadcastRawTx() for broadcasting pre-signed transactions
+
+  Adds `broadcastRawTx()` method supporting all chain families:
+  - EVM: Ethereum, Polygon, BSC, Arbitrum, Base, etc. (hex-encoded)
+  - UTXO: Bitcoin, Litecoin, Dogecoin, etc. (hex-encoded)
+  - Solana: Base58 or Base64 encoded transaction bytes
+  - Cosmos: JSON `{tx_bytes}` or raw base64 protobuf (10 chains)
+  - TON: BOC as base64 string
+  - Polkadot: Hex-encoded extrinsic
+  - Ripple: Hex-encoded transaction blob
+  - Sui: JSON `{unsignedTx, signature}`
+  - Tron: JSON transaction object
+
+  CLI commands added:
+  - `vultisig sign --chain <chain> --bytes <base64>` - sign pre-hashed data
+  - `vultisig broadcast --chain <chain> --raw-tx <data>` - broadcast raw tx
+
+  Documentation updated with complete workflow examples for EVM, UTXO, Solana, and Sui.
+
+### Patch Changes
+
+- Updated dependencies [[`a36a7f6`](https://github.com/vultisig/vultisig-sdk/commit/a36a7f614c03e32ebc7e843cbf1ab30b6be0d4af), [`91990d3`](https://github.com/vultisig/vultisig-sdk/commit/91990d3fc7ef1a8d7068f5cbae8f8f3dda5b68f3)]:
+  - @vultisig/sdk@0.2.0-beta.9
+
 ## 0.2.0-beta.8
 
 ### Minor Changes

package/README.md

@@ -105,6 +105,52 @@ All devices joined. Running keygen...
   Vault ID: vault_abc123def456
 ```
 
+### Import from Seedphrase
+
+Import an existing wallet from a BIP39 recovery phrase (12 or 24 words):
+
+```bash
+# FastVault import (server-assisted 2-of-2)
+vultisig import-seedphrase fast --name "Imported Wallet" --email user@example.com
+
+# SecureVault import (multi-device MPC)
+vultisig import-seedphrase secure --name "Team Wallet" --shares 3
+```
+
+**Import options:**
+- `--mnemonic <words>` - Recovery phrase (space-separated words)
+- `--discover-chains` - Scan chains for existing balances before import
+- `--chains <chains>` - Specific chains to enable (comma-separated)
+
+When `--mnemonic` is not provided, you'll be prompted to enter it securely (masked input).
+
+**Example session:**
+```bash
+$ vultisig import-seedphrase fast --name "My Wallet" --email user@example.com --discover-chains
+
+Enter your 12 or 24-word recovery phrase.
+Words will be hidden as you type.
+
+Seedphrase: ************************
+Password: ********
+✓ Valid 12-word seedphrase
+
+Discovering chains with balances...
+  Bitcoin:     bc1q...xyz     0.05 BTC
+  Ethereum:    0x1234...      1.2 ETH
+✓ Found 2 chains with balances
+
+Importing seedphrase... (35%)
+✓ Keys generated, awaiting email verification
+
+Enter verification code: 123456
+✓ Vault verified successfully!
+
+Vault imported: My Wallet
+  Bitcoin:  bc1q...xyz
+  Ethereum: 0x1234...abc
+```
+
 ### Check Balances
 
 ```bash
@@ -173,6 +219,8 @@ vultisig -i
 | `create` | Create a new fast vault (server-assisted) |
 | `create --secure` | Create a secure vault (multi-device MPC) |
 | `import <file>` | Import vault from .vult file |
+| `import-seedphrase fast` | Import seedphrase as FastVault (2-of-2) |
+| `import-seedphrase secure` | Import seedphrase as SecureVault (N-of-M) |
 | `export [path]` | Export vault to file |
 | `verify <vaultId>` | Verify vault with email code |
 | `vaults` | List all stored vaults |
@@ -186,6 +234,23 @@ vultisig -i
 - `--shares <n>` - Number of devices for secure vault (default: 2)
 - `--threshold <n>` - Signing threshold (default: ceil((shares+1)/2))
 
+**Import seedphrase options (fast):**
+- `--name <name>` - Vault name (required)
+- `--email <email>` - Email for verification (required)
+- `--password <password>` - Vault password (required, prompted if not provided)
+- `--mnemonic <words>` - Recovery phrase (prompted securely if not provided)
+- `--discover-chains` - Auto-enable chains with existing balances
+- `--chains <chains>` - Specific chains to enable (comma-separated)
+
+**Import seedphrase options (secure):**
+- `--name <name>` - Vault name (required)
+- `--shares <n>` - Number of devices (default: 2)
+- `--threshold <n>` - Signing threshold (default: ceil((shares+1)/2))
+- `--password <password>` - Vault password (optional)
+- `--mnemonic <words>` - Recovery phrase (prompted securely if not provided)
+- `--discover-chains` - Auto-enable chains with existing balances
+- `--chains <chains>` - Specific chains to enable (comma-separated)
+
 **Export options:**
 - `[path]` - Output file or directory (defaults to SDK-generated filename in current directory)
 - `--password <password>` - Password to unlock encrypted vaults
@@ -244,6 +309,204 @@ vultisig swap ethereum bitcoin 0.1 --password mypassword
 vultisig swap ethereum bitcoin 0.1 -y --password mypassword
 ```
 
+### Advanced Operations
+
+| Command | Description |
+|---------|-------------|
+| `sign` | Sign pre-hashed bytes for custom transactions |
+| `broadcast` | Broadcast a pre-signed raw transaction |
+
+#### Signing Arbitrary Bytes
+
+Sign pre-hashed data for externally constructed transactions:
+
+```bash
+# Sign a pre-hashed message (base64 encoded)
+vultisig sign --chain ethereum --bytes "aGVsbG8gd29ybGQ="
+
+# With password
+vultisig sign --chain bitcoin --bytes "..." --password mypassword
+
+# JSON output
+vultisig sign --chain ethereum --bytes "..." -o json
+```
+
+**Output:**
+```
+Signature: <base64-encoded signature>
+Recovery: 0
+Format: ecdsa
+```
+
+**JSON output:**
+```json
+{
+  "signature": "<base64>",
+  "recovery": 0,
+  "format": "ecdsa"
+}
+```
+
+#### Broadcasting Raw Transactions
+
+Broadcast pre-signed transactions to the network:
+
+```bash
+# EVM transaction (hex)
+vultisig broadcast --chain ethereum --raw-tx "0x02f8..."
+
+# Bitcoin transaction (hex)
+vultisig broadcast --chain bitcoin --raw-tx "0200000001..."
+
+# Solana transaction (base64)
+vultisig broadcast --chain solana --raw-tx "AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAQABAwIAAA..."
+
+# Sui transaction (JSON)
+vultisig broadcast --chain sui --raw-tx '{"unsignedTx":"...","signature":"..."}'
+```
+
+**Output:**
+```
+TX Hash: 0x9f8e7d6c...
+Explorer: https://etherscan.io/tx/0x9f8e7d6c...
+```
+
+**Supported broadcast formats by chain:**
+
+| Chain | `--raw-tx` Format |
+|-------|-------------------|
+| EVM (Ethereum, Polygon, etc.) | Hex-encoded signed tx |
+| UTXO (Bitcoin, Litecoin, etc.) | Hex-encoded raw tx |
+| Solana | Base64-encoded tx bytes |
+| Sui | JSON: `{"unsignedTx":"...","signature":"..."}` |
+| Cosmos | JSON: `{"tx_bytes":"..."}` or base64 |
+| TON | Base64 BOC |
+| Polkadot | Hex-encoded extrinsic |
+| Ripple | Hex-encoded tx blob |
+| Tron | JSON tx object |
+
+#### Example: Custom EVM Transaction
+
+Build and sign a transaction with ethers.js, broadcast with CLI:
+
+```bash
+# 1. Build transaction externally (save as build-evm-tx.js)
+cat > build-evm-tx.js << 'EOF'
+const { keccak256, Transaction, parseEther } = require('ethers');
+const tx = Transaction.from({
+  to: '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0',
+  value: parseEther('0.01'),
+  gasLimit: 21000n,
+  maxFeePerGas: 50000000000n,
+  maxPriorityFeePerGas: 2000000000n,
+  nonce: 0,
+  chainId: 1,
+  type: 2
+});
+const hash = keccak256(tx.unsignedSerialized);
+console.log('HASH:', Buffer.from(hash.slice(2), 'hex').toString('base64'));
+console.log('UNSIGNED:', tx.unsignedSerialized);
+EOF
+node build-evm-tx.js
+
+# 2. Sign the hash with Vultisig
+vultisig sign --chain ethereum --bytes "<base64-hash-from-step-1>" -o json > sig.json
+
+# 3. Assemble signed transaction (use r,s,v from sig.json)
+# The signature field contains r||s (64 bytes hex), recovery is v
+
+# 4. Broadcast the assembled signed transaction
+vultisig broadcast --chain ethereum --raw-tx "0x02f8..."
+```
+
+#### Example: Custom Bitcoin Transaction
+
+Build a PSBT with bitcoinjs-lib, sign with CLI:
+
+```bash
+# 1. Build PSBT and get sighash (save as build-btc-tx.js)
+cat > build-btc-tx.js << 'EOF'
+const bitcoin = require('bitcoinjs-lib');
+const psbt = new bitcoin.Psbt({ network: bitcoin.networks.bitcoin });
+// Add your inputs and outputs
+psbt.addInput({
+  hash: '<previous-txid>',
+  index: 0,
+  witnessUtxo: { script: Buffer.from('...'), value: 100000 }
+});
+psbt.addOutput({ address: 'bc1q...', value: 90000 });
+// Get sighash for signing
+const sighash = psbt.getTxForSigning().hashForWitnessV0(0, scriptCode, 100000, 0x01);
+console.log('SIGHASH:', sighash.toString('base64'));
+EOF
+node build-btc-tx.js
+
+# 2. Sign with Vultisig
+vultisig sign --chain bitcoin --bytes "<base64-sighash>" -o json > sig.json
+
+# 3. Apply signature to PSBT and finalize (use signature from sig.json)
+
+# 4. Broadcast
+vultisig broadcast --chain bitcoin --raw-tx "0200000001..."
+```
+
+#### Example: Custom Solana Transaction
+
+Build with @solana/web3.js, sign with CLI:
+
+```bash
+# 1. Build transaction (save as build-sol-tx.js)
+cat > build-sol-tx.js << 'EOF'
+const { Transaction, SystemProgram, PublicKey, Connection } = require('@solana/web3.js');
+const connection = new Connection('https://api.mainnet-beta.solana.com');
+const fromPubkey = new PublicKey('<your-pubkey>');
+const toPubkey = new PublicKey('<recipient-pubkey>');
+
+const tx = new Transaction().add(
+  SystemProgram.transfer({ fromPubkey, toPubkey, lamports: 1000000 })
+);
+tx.recentBlockhash = (await connection.getLatestBlockhash()).blockhash;
+tx.feePayer = fromPubkey;
+
+const message = tx.serializeMessage();
+console.log('MESSAGE:', message.toString('base64'));
+EOF
+node build-sol-tx.js
+
+# 2. Sign the message with Vultisig (EdDSA)
+vultisig sign --chain solana --bytes "<base64-message>" -o json > sig.json
+
+# 3. Assemble signed transaction (attach signature to message)
+
+# 4. Broadcast (base64 encoded signed transaction)
+vultisig broadcast --chain solana --raw-tx "<base64-signed-tx>"
+```
+
+#### Example: Custom Sui Transaction
+
+Build with @mysten/sui, sign with CLI:
+
+```bash
+# 1. Build transaction (save as build-sui-tx.js)
+cat > build-sui-tx.js << 'EOF'
+const { SuiClient, getFullnodeUrl } = require('@mysten/sui/client');
+const { Transaction } = require('@mysten/sui/transactions');
+
+const client = new SuiClient({ url: getFullnodeUrl('mainnet') });
+const tx = new Transaction();
+tx.transferObjects([tx.gas], '<recipient-address>');
+const bytes = await tx.build({ client });
+console.log('TX_BYTES:', Buffer.from(bytes).toString('base64'));
+EOF
+node build-sui-tx.js
+
+# 2. Sign the transaction bytes with Vultisig (EdDSA)
+vultisig sign --chain sui --bytes "<base64-tx-bytes>" -o json > sig.json
+
+# 3. Broadcast (requires JSON with both unsigned tx and signature)
+vultisig broadcast --chain sui --raw-tx '{"unsignedTx":"<base64-tx-bytes>","signature":"<base64-signature-from-sig.json>"}'
+```
+
 ### Settings
 
 | Command | Description |
@@ -265,6 +528,8 @@ vultisig swap ethereum bitcoin 0.1 -y --password mypassword
 | Command | Description |
 |---------|-------------|
 | `vault <name>` | Switch to a different vault |
+| `create <fast\|secure>` | Create a new vault |
+| `import-seedphrase <fast\|secure>` | Import wallet from recovery phrase |
 | `lock` | Lock vault (clear cached password) |
 | `unlock` | Unlock vault (cache password) |
 | `status` | Show vault status |

package/dist/index.js

@@ -1042,14 +1042,14 @@ var require_main = __commonJS({
           cb = opts;
           opts = {};
         }
-        var qrcode3 = new QRCode(-1, this.error);
-        qrcode3.addData(input);
-        qrcode3.make();
+        var qrcode4 = new QRCode(-1, this.error);
+        qrcode4.addData(input);
+        qrcode4.make();
         var output = "";
         if (opts && opts.small) {
           var BLACK = true, WHITE = false;
-          var moduleCount = qrcode3.getModuleCount();
-          var moduleData = qrcode3.modules.slice();
+          var moduleCount = qrcode4.getModuleCount();
+          var moduleData = qrcode4.modules.slice();
           var oddRow = moduleCount % 2 === 1;
           if (oddRow) {
             moduleData.push(fill(moduleCount, WHITE));
@@ -1082,9 +1082,9 @@ var require_main = __commonJS({
             output += borderBottom;
           }
         } else {
-          var border = repeat(white).times(qrcode3.getModuleCount() + 3);
+          var border = repeat(white).times(qrcode4.getModuleCount() + 3);
           output += border + "\n";
-          qrcode3.modules.forEach(function(row2) {
+          qrcode4.modules.forEach(function(row2) {
             output += white;
             output += row2.map(toCell).join("");
             output += white + "\n";
@@ -1103,9 +1103,10 @@ var require_main = __commonJS({
 
 // src/index.ts
 import "dotenv/config";
-import { Vultisig as Vultisig3 } from "@vultisig/sdk";
+import { Vultisig as Vultisig4 } from "@vultisig/sdk";
 import chalk12 from "chalk";
 import { program } from "commander";
+import inquirer8 from "inquirer";
 
 // src/core/command-context.ts
 var DEFAULT_PASSWORD_CACHE_TTL = 5 * 60 * 1e3;
@@ -2010,8 +2011,120 @@ Or use this URL: ${qrPayload}
   }
 }
 
-// src/commands/vault-management.ts
+// src/commands/sign.ts
 var import_qrcode_terminal2 = __toESM(require_main(), 1);
+import { Chain as Chain2 } from "@vultisig/sdk";
+async function executeSignBytes(ctx2, params) {
+  const vault = await ctx2.ensureActiveVault();
+  if (!Object.values(Chain2).includes(params.chain)) {
+    throw new Error(`Invalid chain: ${params.chain}`);
+  }
+  return signBytes(vault, params);
+}
+async function signBytes(vault, params) {
+  const hashBytes = Buffer.from(params.bytes, "base64");
+  await ensureVaultUnlocked(vault, params.password);
+  const isSecureVault = vault.type === "secure";
+  const signSpinner = createSpinner(isSecureVault ? "Preparing secure signing session..." : "Signing bytes...");
+  vault.on("signingProgress", ({ step }) => {
+    signSpinner.text = `${step.message} (${step.progress}%)`;
+  });
+  if (isSecureVault) {
+    vault.on("qrCodeReady", ({ qrPayload }) => {
+      if (isJsonOutput()) {
+        printResult(JSON.stringify({ qrPayload }));
+      } else if (isSilent()) {
+        printResult(`QR Payload: ${qrPayload}`);
+      } else {
+        signSpinner.stop();
+        info("\nScan this QR code with your Vultisig mobile app to sign:");
+        import_qrcode_terminal2.default.generate(qrPayload, { small: true });
+        info(`
+Or use this URL: ${qrPayload}
+`);
+        signSpinner.start("Waiting for devices to join signing session...");
+      }
+    });
+    vault.on(
+      "deviceJoined",
+      ({ deviceId, totalJoined, required }) => {
+        if (!isSilent()) {
+          signSpinner.text = `Device joined: ${totalJoined}/${required} (${deviceId})`;
+        } else if (!isJsonOutput()) {
+          printResult(`Device joined: ${totalJoined}/${required}`);
+        }
+      }
+    );
+  }
+  try {
+    const signature = await vault.signBytes(
+      {
+        data: hashBytes,
+        chain: params.chain
+      },
+      { signal: params.signal }
+    );
+    signSpinner.succeed("Bytes signed");
+    const sigHex = signature.signature.startsWith("0x") ? signature.signature.slice(2) : signature.signature;
+    const sigBase64 = Buffer.from(sigHex, "hex").toString("base64");
+    const result = {
+      signature: sigBase64,
+      recovery: signature.recovery,
+      format: signature.format
+    };
+    if (isJsonOutput()) {
+      outputJson(result);
+    } else {
+      printResult(`Signature: ${result.signature}`);
+      if (result.recovery !== void 0) {
+        printResult(`Recovery: ${result.recovery}`);
+      }
+      printResult(`Format: ${result.format}`);
+    }
+    return result;
+  } finally {
+    vault.removeAllListeners("signingProgress");
+    if (isSecureVault) {
+      vault.removeAllListeners("qrCodeReady");
+      vault.removeAllListeners("deviceJoined");
+    }
+  }
+}
+
+// src/commands/broadcast.ts
+import { Chain as Chain3, Vultisig as Vultisig3 } from "@vultisig/sdk";
+async function executeBroadcast(ctx2, params) {
+  const vault = await ctx2.ensureActiveVault();
+  if (!Object.values(Chain3).includes(params.chain)) {
+    throw new Error(`Invalid chain: ${params.chain}`);
+  }
+  const broadcastSpinner = createSpinner("Broadcasting transaction...");
+  try {
+    const txHash = await vault.broadcastRawTx({
+      chain: params.chain,
+      rawTx: params.rawTx
+    });
+    broadcastSpinner.succeed(`Transaction broadcast: ${txHash}`);
+    const result = {
+      txHash,
+      chain: params.chain,
+      explorerUrl: Vultisig3.getTxExplorerUrl(params.chain, txHash)
+    };
+    if (isJsonOutput()) {
+      outputJson(result);
+    } else {
+      printResult(`TX Hash: ${result.txHash}`);
+      printResult(`Explorer: ${result.explorerUrl}`);
+    }
+    return result;
+  } catch (error2) {
+    broadcastSpinner.fail("Broadcast failed");
+    throw error2;
+  }
+}
+
+// src/commands/vault-management.ts
+var import_qrcode_terminal3 = __toESM(require_main(), 1);
 import chalk5 from "chalk";
 import { promises as fs } from "fs";
 import inquirer4 from "inquirer";
@@ -2099,7 +2212,7 @@ async function executeCreateFast(ctx2, options) {
       if (action === "resend") {
         const resendSpinner = createSpinner("Resending verification email...");
         try {
-          await ctx2.sdk.resendVaultVerification(vaultId);
+          await ctx2.sdk.resendVaultVerification({ vaultId, email, password });
           resendSpinner.succeed("Verification email sent!");
           info("Check your inbox for the new code. Note: There may be a ~3 minute cooldown between resends.");
         } catch (resendErr) {
@@ -2132,7 +2245,7 @@ async function executeCreateSecure(ctx2, options) {
           } else {
             spinner.stop();
             info("\nScan this QR code with your Vultisig mobile app:");
-            import_qrcode_terminal2.default.generate(qrPayload, { small: true });
+            import_qrcode_terminal3.default.generate(qrPayload, { small: true });
             info(`
 Or use this URL: ${qrPayload}
 `);
@@ -2200,10 +2313,42 @@ async function executeImport(ctx2, file) {
 }
 async function executeVerify(ctx2, vaultId, options = {}) {
   if (options.resend) {
+    let email = options.email;
+    let password = options.password;
+    if (!email || !password) {
+      info("Email and password are required to resend verification.");
+      const answers = await inquirer4.prompt([
+        ...!email ? [
+          {
+            type: "input",
+            name: "email",
+            message: "Email address:",
+            validate: (input) => input.includes("@") || "Please enter a valid email"
+          }
+        ] : [],
+        ...!password ? [
+          {
+            type: "password",
+            name: "password",
+            message: "Vault password:",
+            mask: "*",
+            validate: (input) => input.length >= 8 || "Password must be at least 8 characters"
+          }
+        ] : []
+      ]);
+      email = email || answers.email;
+      password = password || answers.password;
+    }
     const spinner2 = createSpinner("Resending verification email...");
-    await ctx2.sdk.resendVaultVerification(vaultId);
-    spinner2.succeed("Verification email sent!");
-    info("Check your inbox for the new verification code.");
+    try {
+      await ctx2.sdk.resendVaultVerification({ vaultId, email, password });
+      spinner2.succeed("Verification email sent!");
+      info("Check your inbox for the new verification code.");
+    } catch (resendErr) {
+      spinner2.fail("Failed to resend verification email");
+      error(resendErr.message || "Could not resend email. You may need to wait a few minutes.");
+      return false;
+    }
   }
   let code = options.code;
   if (!code) {
@@ -2361,6 +2506,223 @@ async function executeInfo(ctx2) {
   }
   displayVaultInfo(vault);
 }
+async function executeImportSeedphraseFast(ctx2, options) {
+  const { mnemonic, name, password, email, discoverChains, chains, signal } = options;
+  const validateSpinner = createSpinner("Validating seedphrase...");
+  const validation = await ctx2.sdk.validateSeedphrase(mnemonic);
+  if (!validation.valid) {
+    validateSpinner.fail("Invalid seedphrase");
+    if (validation.invalidWords?.length) {
+      warn(`Invalid words: ${validation.invalidWords.join(", ")}`);
+    }
+    throw new Error(validation.error || "Invalid mnemonic phrase");
+  }
+  validateSpinner.succeed(`Valid ${validation.wordCount}-word seedphrase`);
+  if (discoverChains) {
+    const discoverSpinner = createSpinner("Discovering chains with balances...");
+    try {
+      const discovered = await ctx2.sdk.discoverChainsFromSeedphrase(mnemonic, chains, (p) => {
+        discoverSpinner.text = `Discovering: ${p.chain || "scanning"} (${p.chainsProcessed}/${p.chainsTotal})`;
+      });
+      const chainsWithBalance = discovered.filter((c) => c.hasBalance);
+      discoverSpinner.succeed(`Found ${chainsWithBalance.length} chains with balances`);
+      if (chainsWithBalance.length > 0 && !isSilent()) {
+        info("\nChains with balances:");
+        for (const result of chainsWithBalance) {
+          info(`  ${result.chain}: ${result.balance} ${result.symbol}`);
+        }
+        info("");
+      }
+    } catch {
+      discoverSpinner.warn("Chain discovery failed, continuing with import...");
+    }
+  }
+  const importSpinner = createSpinner("Importing seedphrase...");
+  const vaultId = await withAbortSignal(
+    ctx2.sdk.importSeedphraseAsFastVault({
+      mnemonic,
+      name,
+      password,
+      email,
+      // Don't pass discoverChains - CLI handles discovery above
+      chains,
+      onProgress: (step) => {
+        importSpinner.text = `${step.message} (${step.progress}%)`;
+      }
+    }),
+    signal
+  );
+  importSpinner.succeed("Keys generated, email verification required");
+  warn("\nA verification code has been sent to your email.");
+  info("Please check your inbox and enter the code.");
+  const MAX_VERIFY_ATTEMPTS = 5;
+  let attempts = 0;
+  while (attempts < MAX_VERIFY_ATTEMPTS) {
+    attempts++;
+    const codeAnswer = await inquirer4.prompt([
+      {
+        type: "input",
+        name: "code",
+        message: `Verification code sent to ${email}. Enter code:`,
+        validate: (input) => /^\d{4,6}$/.test(input) || "Code must be 4-6 digits"
+      }
+    ]);
+    const verifySpinner = createSpinner("Verifying email code...");
+    try {
+      const vault = await ctx2.sdk.verifyVault(vaultId, codeAnswer.code);
+      verifySpinner.succeed("Email verified successfully!");
+      setupVaultEvents(vault);
+      await ctx2.setActiveVault(vault);
+      success("\n+ Vault imported from seedphrase!");
+      info("\nYour vault is ready. Run the following commands:");
+      printResult(chalk5.cyan("  vultisig balance     ") + "- View balances");
+      printResult(chalk5.cyan("  vultisig addresses   ") + "- View addresses");
+      printResult(chalk5.cyan("  vultisig portfolio   ") + "- View portfolio value");
+      return vault;
+    } catch (err) {
+      verifySpinner.fail("Verification failed");
+      error(`
+\u2717 ${err.message || "Invalid verification code"}`);
+      if (attempts >= MAX_VERIFY_ATTEMPTS) {
+        warn("\nMaximum attempts reached.");
+        warn("\nTo retry verification later, use:");
+        info(`  vultisig verify ${vaultId}`);
+        err.exitCode = 1;
+        throw err;
+      }
+      const { action } = await inquirer4.prompt([
+        {
+          type: "list",
+          name: "action",
+          message: `What would you like to do? (${MAX_VERIFY_ATTEMPTS - attempts} attempts remaining)`,
+          choices: [
+            { name: "Enter a different code", value: "retry" },
+            { name: "Resend verification email (rate limited)", value: "resend" },
+            { name: "Abort and verify later", value: "abort" }
+          ]
+        }
+      ]);
+      if (action === "abort") {
+        warn("\nSeedphrase import paused. To complete verification, use:");
+        info(`  vultisig verify ${vaultId}`);
+        warn("\nNote: The pending vault is stored in memory only and will be lost if you exit.");
+        return void 0;
+      }
+      if (action === "resend") {
+        const resendSpinner = createSpinner("Resending verification email...");
+        try {
+          await ctx2.sdk.resendVaultVerification({ vaultId, email, password });
+          resendSpinner.succeed("Verification email sent!");
+          info("Check your inbox for the new code.");
+        } catch (resendErr) {
+          resendSpinner.fail("Failed to resend");
+          warn(resendErr.message || "Could not resend email.");
+        }
+      }
+    }
+  }
+  throw new Error("Verification loop exited unexpectedly");
+}
+async function executeImportSeedphraseSecure(ctx2, options) {
+  const { mnemonic, name, password, threshold, shares: totalShares, discoverChains, chains, signal } = options;
+  const validateSpinner = createSpinner("Validating seedphrase...");
+  const validation = await ctx2.sdk.validateSeedphrase(mnemonic);
+  if (!validation.valid) {
+    validateSpinner.fail("Invalid seedphrase");
+    if (validation.invalidWords?.length) {
+      warn(`Invalid words: ${validation.invalidWords.join(", ")}`);
+    }
+    throw new Error(validation.error || "Invalid mnemonic phrase");
+  }
+  validateSpinner.succeed(`Valid ${validation.wordCount}-word seedphrase`);
+  if (discoverChains) {
+    const discoverSpinner = createSpinner("Discovering chains with balances...");
+    try {
+      const discovered = await ctx2.sdk.discoverChainsFromSeedphrase(mnemonic, chains, (p) => {
+        discoverSpinner.text = `Discovering: ${p.chain || "scanning"} (${p.chainsProcessed}/${p.chainsTotal})`;
+      });
+      const chainsWithBalance = discovered.filter((c) => c.hasBalance);
+      discoverSpinner.succeed(`Found ${chainsWithBalance.length} chains with balances`);
+      if (chainsWithBalance.length > 0 && !isSilent()) {
+        info("\nChains with balances:");
+        for (const result of chainsWithBalance) {
+          info(`  ${result.chain}: ${result.balance} ${result.symbol}`);
+        }
+        info("");
+      }
+    } catch {
+      discoverSpinner.warn("Chain discovery failed, continuing with import...");
+    }
+  }
+  const importSpinner = createSpinner("Importing seedphrase as secure vault...");
+  try {
+    const result = await withAbortSignal(
+      ctx2.sdk.importSeedphraseAsSecureVault({
+        mnemonic,
+        name,
+        password,
+        devices: totalShares,
+        threshold,
+        // Don't pass discoverChains - CLI handles discovery above
+        chains,
+        onProgress: (step) => {
+          importSpinner.text = `${step.message} (${step.progress}%)`;
+        },
+        onQRCodeReady: (qrPayload) => {
+          if (isJsonOutput()) {
+            printResult(qrPayload);
+          } else if (isSilent()) {
+            printResult(`QR Payload: ${qrPayload}`);
+          } else {
+            importSpinner.stop();
+            info("\nScan this QR code with your Vultisig mobile app:");
+            import_qrcode_terminal3.default.generate(qrPayload, { small: true });
+            info(`
+Or use this URL: ${qrPayload}
+`);
+            info(chalk5.gray("(Press Ctrl+C to cancel)\n"));
+            importSpinner.start(`Waiting for ${totalShares} devices to join...`);
+          }
+        },
+        onDeviceJoined: (deviceId, totalJoined, required) => {
+          if (!isSilent()) {
+            importSpinner.text = `Device joined: ${totalJoined}/${required} (${deviceId})`;
+          } else if (!isJsonOutput()) {
+            printResult(`Device joined: ${totalJoined}/${required}`);
+          }
+        }
+      }),
+      signal
+    );
+    setupVaultEvents(result.vault);
+    await ctx2.setActiveVault(result.vault);
+    importSpinner.succeed(`Secure vault imported: ${name} (${threshold}-of-${totalShares})`);
+    if (isJsonOutput()) {
+      outputJson({
+        vault: {
+          id: result.vaultId,
+          name,
+          type: "secure",
+          threshold,
+          totalSigners: totalShares
+        },
+        sessionId: result.sessionId
+      });
+      return result.vault;
+    }
+    warn(`
+Important: Save your vault backup file (.vult) in a secure location.`);
+    warn(`This is a ${threshold}-of-${totalShares} vault. You'll need ${threshold} devices to sign transactions.`);
+    success("\n+ Vault imported from seedphrase!");
+    return result.vault;
+  } catch (err) {
+    importSpinner.fail("Secure vault import failed");
+    if (err.message?.includes("not implemented")) {
+      warn("\nSecure vault seedphrase import is not yet implemented in the SDK");
+    }
+    throw err;
+  }
+}
 
 // src/commands/swap.ts
 async function executeSwapChains(ctx2) {
@@ -2525,7 +2887,7 @@ async function executeSwap(ctx2, options) {
 }
 
 // src/commands/settings.ts
-import { Chain as Chain2, fiatCurrencies as fiatCurrencies2, fiatCurrencyNameRecord as fiatCurrencyNameRecord3 } from "@vultisig/sdk";
+import { Chain as Chain4, fiatCurrencies as fiatCurrencies2, fiatCurrencyNameRecord as fiatCurrencyNameRecord3 } from "@vultisig/sdk";
 import chalk6 from "chalk";
 import inquirer5 from "inquirer";
 async function executeCurrency(ctx2, newCurrency) {
@@ -2593,7 +2955,7 @@ async function executeAddressBook(ctx2, options = {}) {
         type: "list",
         name: "chain",
         message: "Select chain:",
-        choices: Object.values(Chain2)
+        choices: Object.values(Chain4)
       });
     }
     if (!address) {
@@ -2670,7 +3032,7 @@ Address Book${options.chain ? ` (${options.chain})` : ""}:
 }
 
 // src/interactive/completer.ts
-import { Chain as Chain3 } from "@vultisig/sdk";
+import { Chain as Chain5 } from "@vultisig/sdk";
 import fs2 from "fs";
 import path2 from "path";
 var COMMANDS = [
@@ -2678,6 +3040,7 @@ var COMMANDS = [
   "vaults",
   "vault",
   "import",
+  "import-seedphrase",
   "create",
   "info",
   "export",
@@ -2736,6 +3099,13 @@ function createCompleter(ctx2) {
         const partial = parts[1] || "";
         return completeChainName(partial);
       }
+      if ((command === "create" || command === "import-seedphrase") && parts.length === 2) {
+        const types = ["fast", "secure"];
+        const partial = parts[1] || "";
+        const partialLower = partial.toLowerCase();
+        const matches = types.filter((t) => t.startsWith(partialLower));
+        return [matches.length ? matches : types, partial];
+      }
       const hits = COMMANDS.filter((c) => c.startsWith(line));
       const show = hits.length ? hits : COMMANDS;
       return [show, line];
@@ -2793,7 +3163,7 @@ function completeVaultName(ctx2, partial) {
   return [show, partial];
 }
 function completeChainName(partial) {
-  const allChains = Object.values(Chain3);
+  const allChains = Object.values(Chain5);
   const partialLower = partial.toLowerCase();
   const matches = allChains.filter((chain) => chain.toLowerCase().startsWith(partialLower));
   matches.sort();
@@ -2801,7 +3171,7 @@ function completeChainName(partial) {
   return [show, partial];
 }
 function findChainByName(name) {
-  const allChains = Object.values(Chain3);
+  const allChains = Object.values(Chain5);
   const nameLower = name.toLowerCase();
   const found = allChains.find((chain) => chain.toLowerCase() === nameLower);
   return found ? found : null;
@@ -3493,6 +3863,9 @@ Error: ${error2.message}`));
       case "create":
         await this.createVault(args);
         break;
+      case "import-seedphrase":
+        await this.importSeedphrase(args);
+        break;
       case "info":
         await executeInfo(this.ctx);
         break;
@@ -3673,6 +4046,92 @@ Error: ${error2.message}`));
       this.eventBuffer.setupVaultListeners(vault);
     }
   }
+  async importSeedphrase(args) {
+    const type = args[0]?.toLowerCase();
+    if (!type || type !== "fast" && type !== "secure") {
+      console.log(chalk9.cyan("Usage: import-seedphrase <fast|secure>"));
+      console.log(chalk9.gray("  fast   - Import with VultiServer (2-of-2)"));
+      console.log(chalk9.gray("  secure - Import with device coordination (N-of-M)"));
+      return;
+    }
+    console.log(chalk9.cyan("\nEnter your recovery phrase (words separated by spaces):"));
+    const mnemonic = await this.promptPassword("Seedphrase");
+    const validation = await this.ctx.sdk.validateSeedphrase(mnemonic);
+    if (!validation.valid) {
+      console.log(chalk9.red(`Invalid seedphrase: ${validation.error}`));
+      if (validation.invalidWords?.length) {
+        console.log(chalk9.yellow(`Invalid words: ${validation.invalidWords.join(", ")}`));
+      }
+      return;
+    }
+    console.log(chalk9.green(`\u2713 Valid ${validation.wordCount}-word seedphrase`));
+    let vault;
+    if (type === "fast") {
+      const name = await this.prompt("Vault name");
+      if (!name) {
+        console.log(chalk9.red("Name is required"));
+        return;
+      }
+      const password = await this.promptPassword("Vault password");
+      if (!password) {
+        console.log(chalk9.red("Password is required"));
+        return;
+      }
+      const email = await this.prompt("Email for verification");
+      if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+        console.log(chalk9.red("Valid email is required"));
+        return;
+      }
+      const discoverStr = await this.prompt("Discover chains with balances? (y/n)", "y");
+      const discoverChains = discoverStr.toLowerCase() === "y";
+      vault = await this.withCancellation(
+        (signal) => executeImportSeedphraseFast(this.ctx, {
+          mnemonic,
+          name,
+          password,
+          email,
+          discoverChains,
+          signal
+        })
+      );
+    } else {
+      const name = await this.prompt("Vault name");
+      if (!name) {
+        console.log(chalk9.red("Name is required"));
+        return;
+      }
+      const sharesStr = await this.prompt("Total shares (devices)", "3");
+      const shares = parseInt(sharesStr, 10);
+      if (isNaN(shares) || shares < 2) {
+        console.log(chalk9.red("Must have at least 2 shares"));
+        return;
+      }
+      const thresholdStr = await this.prompt("Signing threshold", "2");
+      const threshold = parseInt(thresholdStr, 10);
+      if (isNaN(threshold) || threshold < 1 || threshold > shares) {
+        console.log(chalk9.red(`Threshold must be between 1 and ${shares}`));
+        return;
+      }
+      const password = await this.promptPassword("Vault password (optional, Enter to skip)");
+      const discoverStr = await this.prompt("Discover chains with balances? (y/n)", "y");
+      const discoverChains = discoverStr.toLowerCase() === "y";
+      vault = await this.withCancellation(
+        (signal) => executeImportSeedphraseSecure(this.ctx, {
+          mnemonic,
+          name,
+          password: password || void 0,
+          threshold,
+          shares,
+          discoverChains,
+          signal
+        })
+      );
+    }
+    if (vault) {
+      this.ctx.addVault(vault);
+      this.eventBuffer.setupVaultListeners(vault);
+    }
+  }
   async runBalance(args) {
     const chainStr = args[0];
     const includeTokens = args.includes("-t") || args.includes("--tokens");
@@ -3928,7 +4387,7 @@ var cachedVersion = null;
 function getVersion() {
   if (cachedVersion) return cachedVersion;
   if (true) {
-    cachedVersion = "0.2.0-beta.8";
+    cachedVersion = "0.2.0";
     return cachedVersion;
   }
   try {
@@ -4402,7 +4861,7 @@ async function init(vaultOverride, unlockPassword) {
     if (unlockPassword && vaultSelector) {
       cachePassword(vaultSelector, unlockPassword);
     }
-    const sdk = new Vultisig3({
+    const sdk = new Vultisig4({
       onPasswordRequired: createPasswordCallback()
     });
     await sdk.initialize();
@@ -4447,16 +4906,104 @@ program.command("import <file>").description("Import vault from .vult file").act
     await executeImport(context, file);
   })
 );
-program.command("verify <vaultId>").description("Verify vault with email verification code").option("-r, --resend", "Resend verification email").option("--code <code>", "Verification code").action(
-  withExit(async (vaultId, options) => {
-    const context = await init(program.opts().vault);
-    const verified = await executeVerify(context, vaultId, options);
-    if (!verified) {
-      const err = new Error("Verification failed");
-      err.exitCode = 1;
-      throw err;
+var importSeedphraseCmd = program.command("import-seedphrase").description("Import wallet from BIP39 seedphrase");
+async function promptSeedphrase() {
+  info("\nEnter your 12 or 24-word recovery phrase.");
+  info("Words will be hidden as you type.\n");
+  const answer = await inquirer8.prompt([
+    {
+      type: "password",
+      name: "mnemonic",
+      message: "Seedphrase:",
+      mask: "*",
+      validate: (input) => {
+        const words = input.trim().split(/\s+/);
+        if (words.length !== 12 && words.length !== 24) {
+          return `Expected 12 or 24 words, got ${words.length}`;
+        }
+        return true;
+      }
     }
-  })
+  ]);
+  return answer.mnemonic.trim().toLowerCase();
+}
+importSeedphraseCmd.command("fast").description("Import as FastVault (server-assisted 2-of-2)").requiredOption("--name <name>", "Vault name").requiredOption("--password <password>", "Vault password").requiredOption("--email <email>", "Email for verification").option("--mnemonic <words>", "Seedphrase (12 or 24 words, space-separated)").option("--discover-chains", "Scan chains for existing balances").option("--chains <chains>", "Specific chains to enable (comma-separated)").action(
+  withExit(
+    async (options) => {
+      const context = await init(program.opts().vault);
+      let mnemonic = options.mnemonic;
+      if (!mnemonic) {
+        mnemonic = await promptSeedphrase();
+      }
+      let chains;
+      if (options.chains) {
+        const chainNames = options.chains.split(",").map((c) => c.trim());
+        chains = [];
+        for (const name of chainNames) {
+          const chain = findChainByName(name);
+          if (chain) {
+            chains.push(chain);
+          } else {
+            console.warn(`Warning: Unknown chain "${name}" - skipping`);
+          }
+        }
+      }
+      await executeImportSeedphraseFast(context, {
+        mnemonic,
+        name: options.name,
+        password: options.password,
+        email: options.email,
+        discoverChains: options.discoverChains,
+        chains
+      });
+    }
+  )
+);
+importSeedphraseCmd.command("secure").description("Import as SecureVault (multi-device MPC)").requiredOption("--name <name>", "Vault name").option("--password <password>", "Vault password (optional)").option("--threshold <m>", "Signing threshold", "2").option("--shares <n>", "Total shares", "3").option("--mnemonic <words>", "Seedphrase (12 or 24 words)").option("--discover-chains", "Scan chains for existing balances").option("--chains <chains>", "Specific chains to enable (comma-separated)").action(
+  withExit(
+    async (options) => {
+      const context = await init(program.opts().vault);
+      let mnemonic = options.mnemonic;
+      if (!mnemonic) {
+        mnemonic = await promptSeedphrase();
+      }
+      let chains;
+      if (options.chains) {
+        const chainNames = options.chains.split(",").map((c) => c.trim());
+        chains = [];
+        for (const name of chainNames) {
+          const chain = findChainByName(name);
+          if (chain) {
+            chains.push(chain);
+          } else {
+            console.warn(`Warning: Unknown chain "${name}" - skipping`);
+          }
+        }
+      }
+      await executeImportSeedphraseSecure(context, {
+        mnemonic,
+        name: options.name,
+        password: options.password,
+        threshold: parseInt(options.threshold, 10),
+        shares: parseInt(options.shares, 10),
+        discoverChains: options.discoverChains,
+        chains
+      });
+    }
+  )
+);
+program.command("verify <vaultId>").description("Verify vault with email verification code").option("-r, --resend", "Resend verification email").option("--code <code>", "Verification code").option("--email <email>", "Email address (required for --resend)").option("--password <password>", "Vault password (required for --resend)").action(
+  withExit(
+    async (vaultId, options) => {
+      const context = await init(program.opts().vault);
+      const verified = await executeVerify(context, vaultId, options);
+      if (!verified) {
+        const err = new Error("Verification failed");
+        err.exitCode = 1;
+        throw err;
+      }
+    }
+  )
 );
 program.command("balance [chain]").description("Show balance for a chain or all chains").option("-t, --tokens", "Include token balances").action(
   withExit(async (chainStr, options) => {
@@ -4491,6 +5038,25 @@ program.command("send <chain> <to> <amount>").description("Send tokens to an add
     }
   )
 );
+program.command("sign").description("Sign pre-hashed bytes (for externally constructed transactions)").requiredOption("--chain <chain>", "Target blockchain").requiredOption("--bytes <base64>", "Base64-encoded pre-hashed data to sign").option("--password <password>", "Vault password for signing").action(
+  withExit(async (options) => {
+    const context = await init(program.opts().vault, options.password);
+    await executeSignBytes(context, {
+      chain: findChainByName(options.chain) || options.chain,
+      bytes: options.bytes,
+      password: options.password
+    });
+  })
+);
+program.command("broadcast").description("Broadcast a pre-signed raw transaction").requiredOption("--chain <chain>", "Target blockchain").requiredOption("--raw-tx <hex>", "Hex-encoded signed transaction").action(
+  withExit(async (options) => {
+    const context = await init(program.opts().vault);
+    await executeBroadcast(context, {
+      chain: findChainByName(options.chain) || options.chain,
+      rawTx: options.rawTx
+    });
+  })
+);
 program.command("portfolio").description("Show total portfolio value").option("-c, --currency <currency>", "Fiat currency (usd, eur, gbp, etc.)", "usd").action(
   withExit(async (options) => {
     const context = await init(program.opts().vault);
@@ -4667,7 +5233,7 @@ program.command("update").description("Check for updates and show update command
 );
 setupCompletionCommand(program);
 async function startInteractiveMode() {
-  const sdk = new Vultisig3({
+  const sdk = new Vultisig4({
     onPasswordRequired: createPasswordCallback()
   });
   await sdk.initialize();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vultisig/cli",
-  "version": "0.2.0-beta.8",
+  "version": "0.2.0",
   "description": "Command-line wallet for Vultisig - multi-chain MPC wallet management",
   "type": "module",
   "bin": {
@@ -48,7 +48,7 @@
   },
   "homepage": "https://vultisig.com",
   "dependencies": {
-    "@vultisig/sdk": "^0.2.0-beta.8",
+    "@vultisig/sdk": "^0.2.0",
     "chalk": "^5.3.0",
     "cli-table3": "^0.6.5",
     "commander": "^12.0.0",