@vultisig/cli 0.2.0-beta.9 → 0.3.0

package/CHANGELOG.md

@@ -1,5 +1,172 @@
 # @vultisig/cli
 
+## 0.3.0
+
+### Minor Changes
+
+- [#71](https://github.com/vultisig/vultisig-sdk/pull/71) [`cc4e5fd`](https://github.com/vultisig/vultisig-sdk/commit/cc4e5fd2ff83bcce1723435107af869a43ea069f) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Update CLI to support SDK vault creation API changes
+
+  **Breaking Changes:**
+  - Renamed `import-seedphrase` command to `create-from-seedphrase` to match SDK naming
+    - `vultisig import-seedphrase fast` → `vultisig create-from-seedphrase fast`
+    - `vultisig import-seedphrase secure` → `vultisig create-from-seedphrase secure`
+
+  **New Features:**
+  - Added `join secure` command to join existing SecureVault creation sessions
+    - Supports QR payload via `--qr`, `--qr-file`, or interactive prompt
+    - Auto-detects if mnemonic is required based on session type
+    - Example: `vultisig join secure --qr "vultisig://..."`
+
+  **Internal Changes:**
+  - Updated SDK API calls to use new method names:
+    - `importSeedphraseAsFastVault` → `createFastVaultFromSeedphrase`
+    - `importSeedphraseAsSecureVault` → `createSecureVaultFromSeedphrase`
+  - Renamed internal functions and types to match SDK naming conventions
+
+### Patch Changes
+
+- [#71](https://github.com/vultisig/vultisig-sdk/pull/71) [`fee3f37`](https://github.com/vultisig/vultisig-sdk/commit/fee3f375f85011d14be814f06ff3d7f6684ea2fe) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - fix: address CodeRabbit PR #71 review suggestions
+
+  **Critical fixes:**
+  - JoinSecureVaultService: require `devices` parameter instead of defaulting to 2
+  - CLI vault-management: validate `devices` parameter before calling SDK
+  - parseKeygenQR: throw error on unknown libType instead of silently defaulting
+
+  **Code quality:**
+  - Replace try-catch with attempt() pattern in JoinSecureVaultService and parseKeygenQR
+  - Add abort signal checks in SecureVaultJoiner callbacks
+
+  **Documentation:**
+  - Add onProgress callback to joinSecureVault README documentation
+  - Fix markdown heading format in SDK-USERS-GUIDE.md
+  - Add language specifier to code block in CLAUDE.md
+
+  **Tests:**
+  - Fix Korean test mnemonic (removed invalid comma)
+  - Add Korean language detection test
+  - Remove sensitive private key logging in test helpers
+
+- Updated dependencies [[`fee3f37`](https://github.com/vultisig/vultisig-sdk/commit/fee3f375f85011d14be814f06ff3d7f6684ea2fe), [`695e664`](https://github.com/vultisig/vultisig-sdk/commit/695e664668082ca55861cf4d8fcc8c323be94c06), [`4edf52d`](https://github.com/vultisig/vultisig-sdk/commit/4edf52d3a2985d2adf772239bf19b8301f360af8), [`d145809`](https://github.com/vultisig/vultisig-sdk/commit/d145809eb68653a3b22921fcb90ebc985de2b16a)]:
+  - @vultisig/sdk@0.3.0
+
+## 0.2.0
+
+### Minor Changes
+
+- [#64](https://github.com/vultisig/vultisig-sdk/pull/64) [`a36a7f6`](https://github.com/vultisig/vultisig-sdk/commit/a36a7f614c03e32ebc7e843cbf1ab30b6be0d4af) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - feat(sdk): add broadcastRawTx() for broadcasting pre-signed transactions
+
+  Adds `broadcastRawTx()` method supporting all chain families:
+  - EVM: Ethereum, Polygon, BSC, Arbitrum, Base, etc. (hex-encoded)
+  - UTXO: Bitcoin, Litecoin, Dogecoin, etc. (hex-encoded)
+  - Solana: Base58 or Base64 encoded transaction bytes
+  - Cosmos: JSON `{tx_bytes}` or raw base64 protobuf (10 chains)
+  - TON: BOC as base64 string
+  - Polkadot: Hex-encoded extrinsic
+  - Ripple: Hex-encoded transaction blob
+  - Sui: JSON `{unsignedTx, signature}`
+  - Tron: JSON transaction object
+
+  CLI commands added:
+  - `vultisig sign --chain <chain> --bytes <base64>` - sign pre-hashed data
+  - `vultisig broadcast --chain <chain> --raw-tx <data>` - broadcast raw tx
+
+  Documentation updated with complete workflow examples for EVM, UTXO, Solana, and Sui.
+
+- [#62](https://github.com/vultisig/vultisig-sdk/pull/62) [`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - feat: separate unlock and export passwords in CLI export command
+
+  The export command now has two distinct password options:
+  - `--password`: Unlocks the vault (decrypts stored keyshares for encrypted vaults)
+  - `--exportPassword`: Encrypts the exported file (defaults to `--password` if not specified)
+
+  This fixes the "Password required but callback returned empty value" error when exporting encrypted vaults.
+
+  Password resolution now uses an in-memory cache that persists across SDK callbacks, allowing the CLI to pre-cache the unlock password before vault loading.
+
+- [#60](https://github.com/vultisig/vultisig-sdk/pull/60) [`b4cf357`](https://github.com/vultisig/vultisig-sdk/commit/b4cf357c98ef493b48c807e5bb45cd40b9893295) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - feat: Add SecureVault support for multi-device MPC vaults
+  - Implement SecureVault.create() for multi-device keygen ceremony
+  - Add RelaySigningService for coordinated signing via relay server
+  - Implement SecureVault.sign() and signBytes() methods
+  - Add QR code generation for mobile app pairing (compatible with Vultisig iOS/Android)
+  - CLI: Add `vault create --type secure` with terminal QR display
+  - CLI: Support secure vault signing with device coordination
+  - Add comprehensive unit, integration, and E2E tests
+
+- [#68](https://github.com/vultisig/vultisig-sdk/pull/68) [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Add seedphrase (BIP39 mnemonic) import functionality
+
+  This release adds the ability to import existing wallets from BIP39 mnemonic phrases (12 or 24 words) into Vultisig vaults, mirroring the iOS implementation.
+
+  **New SDK Methods:**
+  - `sdk.validateSeedphrase()` - Validate a BIP39 mnemonic phrase
+  - `sdk.discoverChainsFromSeedphrase()` - Discover chains with balances before import
+  - `sdk.importSeedphraseAsFastVault()` - Import as FastVault (2-of-2 with VultiServer)
+  - `sdk.importSeedphraseAsSecureVault()` - Import as SecureVault (N-of-M multi-device)
+
+  **Features:**
+  - Chain discovery with progress callbacks to find existing balances
+  - Auto-enable chains with balances during import
+  - EdDSA key transformation using SHA-512 clamping for Schnorr TSS compatibility
+  - Full ECDSA (secp256k1) and EdDSA (ed25519) master key derivation
+
+  **New exported types:**
+  - `SeedphraseValidation`, `ChainDiscoveryProgress`, `ChainDiscoveryResult`
+  - `ChainDiscoveryPhase`, `DerivedMasterKeys`
+  - `ImportSeedphraseAsFastVaultOptions`, `ImportSeedphraseAsSecureVaultOptions`
+  - `SeedphraseImportResult`
+
+  **New services:**
+  - `SeedphraseValidator` - BIP39 validation using WalletCore
+  - `MasterKeyDeriver` - Key derivation from mnemonic
+  - `ChainDiscoveryService` - Balance scanning across chains
+  - `FastVaultSeedphraseImportService` - FastVault import orchestration
+  - `SecureVaultSeedphraseImportService` - SecureVault import orchestration
+
+  **New CLI Commands:**
+  - `vultisig import-seedphrase fast` - Import as FastVault (2-of-2 with VultiServer)
+  - `vultisig import-seedphrase secure` - Import as SecureVault (N-of-M multi-device)
+
+  **CLI Features:**
+  - Secure seedphrase input (masked with `*`)
+  - `--discover-chains` flag to scan for existing balances
+  - `--chains` flag to specify chains (comma-separated)
+  - Interactive shell support with tab completion
+  - Progress spinners during import
+
+### Patch Changes
+
+- [#57](https://github.com/vultisig/vultisig-sdk/pull/57) [`22bb16b`](https://github.com/vultisig/vultisig-sdk/commit/22bb16be8421a51aa32da6c1166539015380651e) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Optimize SDK bundling configuration
+  - Add terser minification (~60% bundle size reduction)
+  - Add clean script to remove stale dist files before builds
+  - Centralize duplicated onwarn handler in rollup config
+  - Add package.json exports for react-native and electron platforms
+
+- [`cc96f64`](https://github.com/vultisig/vultisig-sdk/commit/cc96f64622a651eb6156f279afbbfe0aa4219179) - fix: re-release as alpha (0.1.0 was accidentally published as stable)
+
+- [#55](https://github.com/vultisig/vultisig-sdk/pull/55) [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Replace development command references (`npm run wallet`) with production CLI name (`vultisig`) in all user-facing messages.
+
+- [#55](https://github.com/vultisig/vultisig-sdk/pull/55) [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Fix interactive shell prompts by replacing REPL with readline to prevent stdin conflicts with inquirer
+
+- [#58](https://github.com/vultisig/vultisig-sdk/pull/58) [`c9b7d88`](https://github.com/vultisig/vultisig-sdk/commit/c9b7d888e21e9db1b928ddc929294aa15157e476) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Fix password prompt being swallowed by spinner during signing
+  - Add `--password` option to `send` and `swap` commands for non-interactive use
+  - Pre-unlock vault before signing spinner starts to prevent prompt interference
+  - Password prompt now appears before spinner when not provided via CLI flag
+
+- [`9dcfb8b`](https://github.com/vultisig/vultisig-sdk/commit/9dcfb8b4b29de73b1301f791b50dc417a8f899f3) - fix: use yarn npm publish to properly resolve workspace protocols
+
+- [`0985a37`](https://github.com/vultisig/vultisig-sdk/commit/0985a375c6009e2550231d759e84b576454ce759) - fix: use workspace:^ for SDK dependency to resolve correctly when publishing
+
+- [#62](https://github.com/vultisig/vultisig-sdk/pull/62) [`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Simplify export command by removing `--encrypt` and `--no-encrypt` flags. Password is now optional - if provided, vault is encrypted; if omitted or empty, vault is exported without encryption. Path argument now supports directories (appends SDK-generated filename).
+
+- [#55](https://github.com/vultisig/vultisig-sdk/pull/55) [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Update browser example and CLI for new fast vault creation API
+  - Updated to use new `createFastVault()` that returns just the vaultId
+  - Updated to use new `verifyVault()` that returns the FastVault
+  - Removed `code` from CLI `CreateVaultOptions` (verification code always prompted interactively)
+  - Removed `--code` option from CLI create command
+
+- [#55](https://github.com/vultisig/vultisig-sdk/pull/55) [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Add inline verification code retry during vault creation. When entering an incorrect code, users can now retry, resend the verification email, or abort gracefully instead of being kicked back to the main menu.
+
+- Updated dependencies [[`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`7f60cd5`](https://github.com/vultisig/vultisig-sdk/commit/7f60cd5835510bd9110d6382cf7d03bf1d5e04ff), [`a36a7f6`](https://github.com/vultisig/vultisig-sdk/commit/a36a7f614c03e32ebc7e843cbf1ab30b6be0d4af), [`22bb16b`](https://github.com/vultisig/vultisig-sdk/commit/22bb16be8421a51aa32da6c1166539015380651e), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c), [`cc96f64`](https://github.com/vultisig/vultisig-sdk/commit/cc96f64622a651eb6156f279afbbfe0aa4219179), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`22bb16b`](https://github.com/vultisig/vultisig-sdk/commit/22bb16be8421a51aa32da6c1166539015380651e), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`b4cf357`](https://github.com/vultisig/vultisig-sdk/commit/b4cf357c98ef493b48c807e5bb45cd40b9893295), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b), [`91990d3`](https://github.com/vultisig/vultisig-sdk/commit/91990d3fc7ef1a8d7068f5cbae8f8f3dda5b68f3), [`95ba10b`](https://github.com/vultisig/vultisig-sdk/commit/95ba10baf2dc2dc4ba8e48825f10f34ec275a73c), [`7979f3c`](https://github.com/vultisig/vultisig-sdk/commit/7979f3c502ea04db3c3de551bee297b8a9f9808b)]:
+  - @vultisig/sdk@0.2.0
+
 ## 0.2.0-beta.9
 
 ### Minor Changes

package/README.md

@@ -105,6 +105,52 @@ All devices joined. Running keygen...
   Vault ID: vault_abc123def456
 ```
 
+### Import from Seedphrase
+
+Import an existing wallet from a BIP39 recovery phrase (12 or 24 words):
+
+```bash
+# FastVault import (server-assisted 2-of-2)
+vultisig import-seedphrase fast --name "Imported Wallet" --email user@example.com
+
+# SecureVault import (multi-device MPC)
+vultisig import-seedphrase secure --name "Team Wallet" --shares 3
+```
+
+**Import options:**
+- `--mnemonic <words>` - Recovery phrase (space-separated words)
+- `--discover-chains` - Scan chains for existing balances before import
+- `--chains <chains>` - Specific chains to enable (comma-separated)
+
+When `--mnemonic` is not provided, you'll be prompted to enter it securely (masked input).
+
+**Example session:**
+```bash
+$ vultisig import-seedphrase fast --name "My Wallet" --email user@example.com --discover-chains
+
+Enter your 12 or 24-word recovery phrase.
+Words will be hidden as you type.
+
+Seedphrase: ************************
+Password: ********
+✓ Valid 12-word seedphrase
+
+Discovering chains with balances...
+  Bitcoin:     bc1q...xyz     0.05 BTC
+  Ethereum:    0x1234...      1.2 ETH
+✓ Found 2 chains with balances
+
+Importing seedphrase... (35%)
+✓ Keys generated, awaiting email verification
+
+Enter verification code: 123456
+✓ Vault verified successfully!
+
+Vault imported: My Wallet
+  Bitcoin:  bc1q...xyz
+  Ethereum: 0x1234...abc
+```
+
 ### Check Balances
 
 ```bash
@@ -173,6 +219,8 @@ vultisig -i
 | `create` | Create a new fast vault (server-assisted) |
 | `create --secure` | Create a secure vault (multi-device MPC) |
 | `import <file>` | Import vault from .vult file |
+| `import-seedphrase fast` | Import seedphrase as FastVault (2-of-2) |
+| `import-seedphrase secure` | Import seedphrase as SecureVault (N-of-M) |
 | `export [path]` | Export vault to file |
 | `verify <vaultId>` | Verify vault with email code |
 | `vaults` | List all stored vaults |
@@ -186,6 +234,23 @@ vultisig -i
 - `--shares <n>` - Number of devices for secure vault (default: 2)
 - `--threshold <n>` - Signing threshold (default: ceil((shares+1)/2))
 
+**Import seedphrase options (fast):**
+- `--name <name>` - Vault name (required)
+- `--email <email>` - Email for verification (required)
+- `--password <password>` - Vault password (required, prompted if not provided)
+- `--mnemonic <words>` - Recovery phrase (prompted securely if not provided)
+- `--discover-chains` - Auto-enable chains with existing balances
+- `--chains <chains>` - Specific chains to enable (comma-separated)
+
+**Import seedphrase options (secure):**
+- `--name <name>` - Vault name (required)
+- `--shares <n>` - Number of devices (default: 2)
+- `--threshold <n>` - Signing threshold (default: ceil((shares+1)/2))
+- `--password <password>` - Vault password (optional)
+- `--mnemonic <words>` - Recovery phrase (prompted securely if not provided)
+- `--discover-chains` - Auto-enable chains with existing balances
+- `--chains <chains>` - Specific chains to enable (comma-separated)
+
 **Export options:**
 - `[path]` - Output file or directory (defaults to SDK-generated filename in current directory)
 - `--password <password>` - Password to unlock encrypted vaults
@@ -463,6 +528,8 @@ vultisig broadcast --chain sui --raw-tx '{"unsignedTx":"<base64-tx-bytes>","sign
 | Command | Description |
 |---------|-------------|
 | `vault <name>` | Switch to a different vault |
+| `create <fast\|secure>` | Create a new vault |
+| `import-seedphrase <fast\|secure>` | Import wallet from recovery phrase |
 | `lock` | Lock vault (clear cached password) |
 | `unlock` | Unlock vault (cache password) |
 | `status` | Show vault status |

package/dist/index.js

@@ -1103,9 +1103,11 @@ var require_main = __commonJS({
 
 // src/index.ts
 import "dotenv/config";
-import { Vultisig as Vultisig4 } from "@vultisig/sdk";
+import { parseKeygenQR, Vultisig as Vultisig4 } from "@vultisig/sdk";
 import chalk12 from "chalk";
 import { program } from "commander";
+import { promises as fs3 } from "fs";
+import inquirer8 from "inquirer";
 
 // src/core/command-context.ts
 var DEFAULT_PASSWORD_CACHE_TTL = 5 * 60 * 1e3;
@@ -2211,7 +2213,7 @@ async function executeCreateFast(ctx2, options) {
       if (action === "resend") {
         const resendSpinner = createSpinner("Resending verification email...");
         try {
-          await ctx2.sdk.resendVaultVerification(vaultId);
+          await ctx2.sdk.resendVaultVerification({ vaultId, email, password });
           resendSpinner.succeed("Verification email sent!");
           info("Check your inbox for the new code. Note: There may be a ~3 minute cooldown between resends.");
         } catch (resendErr) {
@@ -2312,10 +2314,42 @@ async function executeImport(ctx2, file) {
 }
 async function executeVerify(ctx2, vaultId, options = {}) {
   if (options.resend) {
+    let email = options.email;
+    let password = options.password;
+    if (!email || !password) {
+      info("Email and password are required to resend verification.");
+      const answers = await inquirer4.prompt([
+        ...!email ? [
+          {
+            type: "input",
+            name: "email",
+            message: "Email address:",
+            validate: (input) => input.includes("@") || "Please enter a valid email"
+          }
+        ] : [],
+        ...!password ? [
+          {
+            type: "password",
+            name: "password",
+            message: "Vault password:",
+            mask: "*",
+            validate: (input) => input.length >= 8 || "Password must be at least 8 characters"
+          }
+        ] : []
+      ]);
+      email = email || answers.email;
+      password = password || answers.password;
+    }
     const spinner2 = createSpinner("Resending verification email...");
-    await ctx2.sdk.resendVaultVerification(vaultId);
-    spinner2.succeed("Verification email sent!");
-    info("Check your inbox for the new verification code.");
+    try {
+      await ctx2.sdk.resendVaultVerification({ vaultId, email, password });
+      spinner2.succeed("Verification email sent!");
+      info("Check your inbox for the new verification code.");
+    } catch (resendErr) {
+      spinner2.fail("Failed to resend verification email");
+      error(resendErr.message || "Could not resend email. You may need to wait a few minutes.");
+      return false;
+    }
   }
   let code = options.code;
   if (!code) {
@@ -2473,6 +2507,269 @@ async function executeInfo(ctx2) {
   }
   displayVaultInfo(vault);
 }
+async function executeCreateFromSeedphraseFast(ctx2, options) {
+  const { mnemonic, name, password, email, discoverChains, chains, signal } = options;
+  const validateSpinner = createSpinner("Validating seedphrase...");
+  const validation = await ctx2.sdk.validateSeedphrase(mnemonic);
+  if (!validation.valid) {
+    validateSpinner.fail("Invalid seedphrase");
+    if (validation.invalidWords?.length) {
+      warn(`Invalid words: ${validation.invalidWords.join(", ")}`);
+    }
+    throw new Error(validation.error || "Invalid mnemonic phrase");
+  }
+  validateSpinner.succeed(`Valid ${validation.wordCount}-word seedphrase`);
+  if (discoverChains) {
+    const discoverSpinner = createSpinner("Discovering chains with balances...");
+    try {
+      const discovered = await ctx2.sdk.discoverChainsFromSeedphrase(mnemonic, chains, (p) => {
+        discoverSpinner.text = `Discovering: ${p.chain || "scanning"} (${p.chainsProcessed}/${p.chainsTotal})`;
+      });
+      const chainsWithBalance = discovered.filter((c) => c.hasBalance);
+      discoverSpinner.succeed(`Found ${chainsWithBalance.length} chains with balances`);
+      if (chainsWithBalance.length > 0 && !isSilent()) {
+        info("\nChains with balances:");
+        for (const result of chainsWithBalance) {
+          info(`  ${result.chain}: ${result.balance} ${result.symbol}`);
+        }
+        info("");
+      }
+    } catch {
+      discoverSpinner.warn("Chain discovery failed, continuing with import...");
+    }
+  }
+  const importSpinner = createSpinner("Importing seedphrase...");
+  const vaultId = await withAbortSignal(
+    ctx2.sdk.createFastVaultFromSeedphrase({
+      mnemonic,
+      name,
+      password,
+      email,
+      // Don't pass discoverChains - CLI handles discovery above
+      chains,
+      onProgress: (step) => {
+        importSpinner.text = `${step.message} (${step.progress}%)`;
+      }
+    }),
+    signal
+  );
+  importSpinner.succeed("Keys generated, email verification required");
+  warn("\nA verification code has been sent to your email.");
+  info("Please check your inbox and enter the code.");
+  const MAX_VERIFY_ATTEMPTS = 5;
+  let attempts = 0;
+  while (attempts < MAX_VERIFY_ATTEMPTS) {
+    attempts++;
+    const codeAnswer = await inquirer4.prompt([
+      {
+        type: "input",
+        name: "code",
+        message: `Verification code sent to ${email}. Enter code:`,
+        validate: (input) => /^\d{4,6}$/.test(input) || "Code must be 4-6 digits"
+      }
+    ]);
+    const verifySpinner = createSpinner("Verifying email code...");
+    try {
+      const vault = await ctx2.sdk.verifyVault(vaultId, codeAnswer.code);
+      verifySpinner.succeed("Email verified successfully!");
+      setupVaultEvents(vault);
+      await ctx2.setActiveVault(vault);
+      success("\n+ Vault created from seedphrase!");
+      info("\nYour vault is ready. Run the following commands:");
+      printResult(chalk5.cyan("  vultisig balance     ") + "- View balances");
+      printResult(chalk5.cyan("  vultisig addresses   ") + "- View addresses");
+      printResult(chalk5.cyan("  vultisig portfolio   ") + "- View portfolio value");
+      return vault;
+    } catch (err) {
+      verifySpinner.fail("Verification failed");
+      error(`
+\u2717 ${err.message || "Invalid verification code"}`);
+      if (attempts >= MAX_VERIFY_ATTEMPTS) {
+        warn("\nMaximum attempts reached.");
+        warn("\nTo retry verification later, use:");
+        info(`  vultisig verify ${vaultId}`);
+        err.exitCode = 1;
+        throw err;
+      }
+      const { action } = await inquirer4.prompt([
+        {
+          type: "list",
+          name: "action",
+          message: `What would you like to do? (${MAX_VERIFY_ATTEMPTS - attempts} attempts remaining)`,
+          choices: [
+            { name: "Enter a different code", value: "retry" },
+            { name: "Resend verification email (rate limited)", value: "resend" },
+            { name: "Abort and verify later", value: "abort" }
+          ]
+        }
+      ]);
+      if (action === "abort") {
+        warn("\nSeedphrase import paused. To complete verification, use:");
+        info(`  vultisig verify ${vaultId}`);
+        warn("\nNote: The pending vault is stored in memory only and will be lost if you exit.");
+        return void 0;
+      }
+      if (action === "resend") {
+        const resendSpinner = createSpinner("Resending verification email...");
+        try {
+          await ctx2.sdk.resendVaultVerification({ vaultId, email, password });
+          resendSpinner.succeed("Verification email sent!");
+          info("Check your inbox for the new code.");
+        } catch (resendErr) {
+          resendSpinner.fail("Failed to resend");
+          warn(resendErr.message || "Could not resend email.");
+        }
+      }
+    }
+  }
+  throw new Error("Verification loop exited unexpectedly");
+}
+async function executeCreateFromSeedphraseSecure(ctx2, options) {
+  const { mnemonic, name, password, threshold, shares: totalShares, discoverChains, chains, signal } = options;
+  const validateSpinner = createSpinner("Validating seedphrase...");
+  const validation = await ctx2.sdk.validateSeedphrase(mnemonic);
+  if (!validation.valid) {
+    validateSpinner.fail("Invalid seedphrase");
+    if (validation.invalidWords?.length) {
+      warn(`Invalid words: ${validation.invalidWords.join(", ")}`);
+    }
+    throw new Error(validation.error || "Invalid mnemonic phrase");
+  }
+  validateSpinner.succeed(`Valid ${validation.wordCount}-word seedphrase`);
+  if (discoverChains) {
+    const discoverSpinner = createSpinner("Discovering chains with balances...");
+    try {
+      const discovered = await ctx2.sdk.discoverChainsFromSeedphrase(mnemonic, chains, (p) => {
+        discoverSpinner.text = `Discovering: ${p.chain || "scanning"} (${p.chainsProcessed}/${p.chainsTotal})`;
+      });
+      const chainsWithBalance = discovered.filter((c) => c.hasBalance);
+      discoverSpinner.succeed(`Found ${chainsWithBalance.length} chains with balances`);
+      if (chainsWithBalance.length > 0 && !isSilent()) {
+        info("\nChains with balances:");
+        for (const result of chainsWithBalance) {
+          info(`  ${result.chain}: ${result.balance} ${result.symbol}`);
+        }
+        info("");
+      }
+    } catch {
+      discoverSpinner.warn("Chain discovery failed, continuing with import...");
+    }
+  }
+  const importSpinner = createSpinner("Importing seedphrase as secure vault...");
+  try {
+    const result = await withAbortSignal(
+      ctx2.sdk.createSecureVaultFromSeedphrase({
+        mnemonic,
+        name,
+        password,
+        devices: totalShares,
+        threshold,
+        // Don't pass discoverChains - CLI handles discovery above
+        chains,
+        onProgress: (step) => {
+          importSpinner.text = `${step.message} (${step.progress}%)`;
+        },
+        onQRCodeReady: (qrPayload) => {
+          if (isJsonOutput()) {
+            printResult(qrPayload);
+          } else if (isSilent()) {
+            printResult(`QR Payload: ${qrPayload}`);
+          } else {
+            importSpinner.stop();
+            info("\nScan this QR code with your Vultisig mobile app:");
+            import_qrcode_terminal3.default.generate(qrPayload, { small: true });
+            info(`
+Or use this URL: ${qrPayload}
+`);
+            info(chalk5.gray("(Press Ctrl+C to cancel)\n"));
+            importSpinner.start(`Waiting for ${totalShares} devices to join...`);
+          }
+        },
+        onDeviceJoined: (deviceId, totalJoined, required) => {
+          if (!isSilent()) {
+            importSpinner.text = `Device joined: ${totalJoined}/${required} (${deviceId})`;
+          } else if (!isJsonOutput()) {
+            printResult(`Device joined: ${totalJoined}/${required}`);
+          }
+        }
+      }),
+      signal
+    );
+    setupVaultEvents(result.vault);
+    await ctx2.setActiveVault(result.vault);
+    importSpinner.succeed(`Secure vault imported: ${name} (${threshold}-of-${totalShares})`);
+    if (isJsonOutput()) {
+      outputJson({
+        vault: {
+          id: result.vaultId,
+          name,
+          type: "secure",
+          threshold,
+          totalSigners: totalShares
+        },
+        sessionId: result.sessionId
+      });
+      return result.vault;
+    }
+    warn(`
+Important: Save your vault backup file (.vult) in a secure location.`);
+    warn(`This is a ${threshold}-of-${totalShares} vault. You'll need ${threshold} devices to sign transactions.`);
+    success("\n+ Vault created from seedphrase!");
+    return result.vault;
+  } catch (err) {
+    importSpinner.fail("Secure vault creation failed");
+    if (err.message?.includes("not implemented")) {
+      warn("\nSecure vault creation from seedphrase is not yet implemented in the SDK");
+    }
+    throw err;
+  }
+}
+async function executeJoinSecure(ctx2, options) {
+  const { qrPayload, mnemonic, password, devices, signal } = options;
+  if (!devices || devices < 2) {
+    throw new Error("devices is required when joining a SecureVault (minimum 2)");
+  }
+  const spinner = createSpinner("Joining SecureVault session...");
+  try {
+    const result = await withAbortSignal(
+      ctx2.sdk.joinSecureVault(qrPayload, {
+        mnemonic,
+        password,
+        devices,
+        onProgress: (step) => {
+          spinner.text = `${step.message} (${step.progress}%)`;
+        },
+        onDeviceJoined: (deviceId, totalJoined, required) => {
+          if (!isSilent()) {
+            spinner.text = `Device joined: ${totalJoined}/${required} (${deviceId})`;
+          } else if (!isJsonOutput()) {
+            printResult(`Device joined: ${totalJoined}/${required}`);
+          }
+        }
+      }),
+      signal
+    );
+    setupVaultEvents(result.vault);
+    await ctx2.setActiveVault(result.vault);
+    spinner.succeed(`Joined SecureVault: ${result.vault.name}`);
+    if (isJsonOutput()) {
+      outputJson({
+        vault: {
+          id: result.vaultId,
+          name: result.vault.name,
+          type: "secure"
+        }
+      });
+      return result.vault;
+    }
+    warn("\nImportant: Save your vault backup file (.vult) in a secure location.");
+    success("\n+ Successfully joined vault!");
+    return result.vault;
+  } catch (err) {
+    spinner.fail("Failed to join SecureVault session");
+    throw err;
+  }
+}
 
 // src/commands/swap.ts
 async function executeSwapChains(ctx2) {
@@ -2790,7 +3087,9 @@ var COMMANDS = [
   "vaults",
   "vault",
   "import",
+  "create-from-seedphrase",
   "create",
+  "join",
   "info",
   "export",
   // Wallet operations
@@ -2848,6 +3147,20 @@ function createCompleter(ctx2) {
         const partial = parts[1] || "";
         return completeChainName(partial);
       }
+      if ((command === "create" || command === "create-from-seedphrase") && parts.length === 2) {
+        const types = ["fast", "secure"];
+        const partial = parts[1] || "";
+        const partialLower = partial.toLowerCase();
+        const matches = types.filter((t) => t.startsWith(partialLower));
+        return [matches.length ? matches : types, partial];
+      }
+      if (command === "join" && parts.length === 2) {
+        const types = ["secure"];
+        const partial = parts[1] || "";
+        const partialLower = partial.toLowerCase();
+        const matches = types.filter((t) => t.startsWith(partialLower));
+        return [matches.length ? matches : types, partial];
+      }
       const hits = COMMANDS.filter((c) => c.startsWith(line));
       const show = hits.length ? hits : COMMANDS;
       return [show, line];
@@ -3605,6 +3918,9 @@ Error: ${error2.message}`));
       case "create":
         await this.createVault(args);
         break;
+      case "create-from-seedphrase":
+        await this.importSeedphrase(args);
+        break;
       case "info":
         await executeInfo(this.ctx);
         break;
@@ -3785,6 +4101,92 @@ Error: ${error2.message}`));
       this.eventBuffer.setupVaultListeners(vault);
     }
   }
+  async importSeedphrase(args) {
+    const type = args[0]?.toLowerCase();
+    if (!type || type !== "fast" && type !== "secure") {
+      console.log(chalk9.cyan("Usage: create-from-seedphrase <fast|secure>"));
+      console.log(chalk9.gray("  fast   - Import with VultiServer (2-of-2)"));
+      console.log(chalk9.gray("  secure - Import with device coordination (N-of-M)"));
+      return;
+    }
+    console.log(chalk9.cyan("\nEnter your recovery phrase (words separated by spaces):"));
+    const mnemonic = await this.promptPassword("Seedphrase");
+    const validation = await this.ctx.sdk.validateSeedphrase(mnemonic);
+    if (!validation.valid) {
+      console.log(chalk9.red(`Invalid seedphrase: ${validation.error}`));
+      if (validation.invalidWords?.length) {
+        console.log(chalk9.yellow(`Invalid words: ${validation.invalidWords.join(", ")}`));
+      }
+      return;
+    }
+    console.log(chalk9.green(`\u2713 Valid ${validation.wordCount}-word seedphrase`));
+    let vault;
+    if (type === "fast") {
+      const name = await this.prompt("Vault name");
+      if (!name) {
+        console.log(chalk9.red("Name is required"));
+        return;
+      }
+      const password = await this.promptPassword("Vault password");
+      if (!password) {
+        console.log(chalk9.red("Password is required"));
+        return;
+      }
+      const email = await this.prompt("Email for verification");
+      if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+        console.log(chalk9.red("Valid email is required"));
+        return;
+      }
+      const discoverStr = await this.prompt("Discover chains with balances? (y/n)", "y");
+      const discoverChains = discoverStr.toLowerCase() === "y";
+      vault = await this.withCancellation(
+        (signal) => executeCreateFromSeedphraseFast(this.ctx, {
+          mnemonic,
+          name,
+          password,
+          email,
+          discoverChains,
+          signal
+        })
+      );
+    } else {
+      const name = await this.prompt("Vault name");
+      if (!name) {
+        console.log(chalk9.red("Name is required"));
+        return;
+      }
+      const sharesStr = await this.prompt("Total shares (devices)", "3");
+      const shares = parseInt(sharesStr, 10);
+      if (isNaN(shares) || shares < 2) {
+        console.log(chalk9.red("Must have at least 2 shares"));
+        return;
+      }
+      const thresholdStr = await this.prompt("Signing threshold", "2");
+      const threshold = parseInt(thresholdStr, 10);
+      if (isNaN(threshold) || threshold < 1 || threshold > shares) {
+        console.log(chalk9.red(`Threshold must be between 1 and ${shares}`));
+        return;
+      }
+      const password = await this.promptPassword("Vault password (optional, Enter to skip)");
+      const discoverStr = await this.prompt("Discover chains with balances? (y/n)", "y");
+      const discoverChains = discoverStr.toLowerCase() === "y";
+      vault = await this.withCancellation(
+        (signal) => executeCreateFromSeedphraseSecure(this.ctx, {
+          mnemonic,
+          name,
+          password: password || void 0,
+          threshold,
+          shares,
+          discoverChains,
+          signal
+        })
+      );
+    }
+    if (vault) {
+      this.ctx.addVault(vault);
+      this.eventBuffer.setupVaultListeners(vault);
+    }
+  }
   async runBalance(args) {
     const chainStr = args[0];
     const includeTokens = args.includes("-t") || args.includes("--tokens");
@@ -4040,7 +4442,7 @@ var cachedVersion = null;
 function getVersion() {
   if (cachedVersion) return cachedVersion;
   if (true) {
-    cachedVersion = "0.2.0-beta.9";
+    cachedVersion = "0.3.0";
     return cachedVersion;
   }
   try {
@@ -4559,16 +4961,150 @@ program.command("import <file>").description("Import vault from .vult file").act
     await executeImport(context, file);
   })
 );
-program.command("verify <vaultId>").description("Verify vault with email verification code").option("-r, --resend", "Resend verification email").option("--code <code>", "Verification code").action(
-  withExit(async (vaultId, options) => {
-    const context = await init(program.opts().vault);
-    const verified = await executeVerify(context, vaultId, options);
-    if (!verified) {
-      const err = new Error("Verification failed");
-      err.exitCode = 1;
-      throw err;
+var createFromSeedphraseCmd = program.command("create-from-seedphrase").description("Create vault from BIP39 seedphrase");
+async function promptSeedphrase() {
+  info("\nEnter your 12 or 24-word recovery phrase.");
+  info("Words will be hidden as you type.\n");
+  const answer = await inquirer8.prompt([
+    {
+      type: "password",
+      name: "mnemonic",
+      message: "Seedphrase:",
+      mask: "*",
+      validate: (input) => {
+        const words = input.trim().split(/\s+/);
+        if (words.length !== 12 && words.length !== 24) {
+          return `Expected 12 or 24 words, got ${words.length}`;
+        }
+        return true;
+      }
     }
-  })
+  ]);
+  return answer.mnemonic.trim().toLowerCase();
+}
+async function promptQrPayload() {
+  info("\nEnter the QR code payload from the initiator device.");
+  info('The payload starts with "vultisig://".\n');
+  const answer = await inquirer8.prompt([
+    {
+      type: "input",
+      name: "qrPayload",
+      message: "QR Payload:",
+      validate: (input) => {
+        const trimmed = input.trim();
+        if (!trimmed.startsWith("vultisig://")) {
+          return 'QR payload must start with "vultisig://"';
+        }
+        return true;
+      }
+    }
+  ]);
+  return answer.qrPayload.trim();
+}
+createFromSeedphraseCmd.command("fast").description("Create FastVault from seedphrase (server-assisted 2-of-2)").requiredOption("--name <name>", "Vault name").requiredOption("--password <password>", "Vault password").requiredOption("--email <email>", "Email for verification").option("--mnemonic <words>", "Seedphrase (12 or 24 words, space-separated)").option("--discover-chains", "Scan chains for existing balances").option("--chains <chains>", "Specific chains to enable (comma-separated)").action(
+  withExit(
+    async (options) => {
+      const context = await init(program.opts().vault);
+      let mnemonic = options.mnemonic;
+      if (!mnemonic) {
+        mnemonic = await promptSeedphrase();
+      }
+      let chains;
+      if (options.chains) {
+        const chainNames = options.chains.split(",").map((c) => c.trim());
+        chains = [];
+        for (const name of chainNames) {
+          const chain = findChainByName(name);
+          if (chain) {
+            chains.push(chain);
+          } else {
+            console.warn(`Warning: Unknown chain "${name}" - skipping`);
+          }
+        }
+      }
+      await executeCreateFromSeedphraseFast(context, {
+        mnemonic,
+        name: options.name,
+        password: options.password,
+        email: options.email,
+        discoverChains: options.discoverChains,
+        chains
+      });
+    }
+  )
+);
+createFromSeedphraseCmd.command("secure").description("Create SecureVault from seedphrase (multi-device MPC)").requiredOption("--name <name>", "Vault name").option("--password <password>", "Vault password (optional)").option("--threshold <m>", "Signing threshold", "2").option("--shares <n>", "Total shares", "3").option("--mnemonic <words>", "Seedphrase (12 or 24 words)").option("--discover-chains", "Scan chains for existing balances").option("--chains <chains>", "Specific chains to enable (comma-separated)").action(
+  withExit(
+    async (options) => {
+      const context = await init(program.opts().vault);
+      let mnemonic = options.mnemonic;
+      if (!mnemonic) {
+        mnemonic = await promptSeedphrase();
+      }
+      let chains;
+      if (options.chains) {
+        const chainNames = options.chains.split(",").map((c) => c.trim());
+        chains = [];
+        for (const name of chainNames) {
+          const chain = findChainByName(name);
+          if (chain) {
+            chains.push(chain);
+          } else {
+            console.warn(`Warning: Unknown chain "${name}" - skipping`);
+          }
+        }
+      }
+      await executeCreateFromSeedphraseSecure(context, {
+        mnemonic,
+        name: options.name,
+        password: options.password,
+        threshold: parseInt(options.threshold, 10),
+        shares: parseInt(options.shares, 10),
+        discoverChains: options.discoverChains,
+        chains
+      });
+    }
+  )
+);
+var joinCmd = program.command("join").description("Join an existing vault creation session");
+joinCmd.command("secure").description("Join a SecureVault creation session").option("--qr <payload>", "QR code payload from initiator (vultisig://...)").option("--qr-file <path>", "Read QR payload from file").option("--mnemonic <words>", "Seedphrase (required for seedphrase-based sessions)").option("--password <password>", "Vault password (optional)").option("--devices <n>", "Total devices in session", "2").action(
+  withExit(
+    async (options) => {
+      const context = await init(program.opts().vault);
+      let qrPayload = options.qr;
+      if (!qrPayload && options.qrFile) {
+        qrPayload = (await fs3.readFile(options.qrFile, "utf-8")).trim();
+      }
+      if (!qrPayload) {
+        qrPayload = await promptQrPayload();
+      }
+      const qrParams = await parseKeygenQR(qrPayload);
+      let mnemonic = options.mnemonic;
+      if (qrParams.libType === "KEYIMPORT" && !mnemonic) {
+        info("\nThis session requires a seedphrase to join.");
+        mnemonic = await promptSeedphrase();
+      }
+      await executeJoinSecure(context, {
+        qrPayload,
+        mnemonic,
+        password: options.password,
+        devices: parseInt(options.devices, 10)
+      });
+    }
+  )
+);
+program.command("verify <vaultId>").description("Verify vault with email verification code").option("-r, --resend", "Resend verification email").option("--code <code>", "Verification code").option("--email <email>", "Email address (required for --resend)").option("--password <password>", "Vault password (required for --resend)").action(
+  withExit(
+    async (vaultId, options) => {
+      const context = await init(program.opts().vault);
+      const verified = await executeVerify(context, vaultId, options);
+      if (!verified) {
+        const err = new Error("Verification failed");
+        err.exitCode = 1;
+        throw err;
+      }
+    }
+  )
 );
 program.command("balance [chain]").description("Show balance for a chain or all chains").option("-t, --tokens", "Include token balances").action(
   withExit(async (chainStr, options) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vultisig/cli",
-  "version": "0.2.0-beta.9",
+  "version": "0.3.0",
   "description": "Command-line wallet for Vultisig - multi-chain MPC wallet management",
   "type": "module",
   "bin": {
@@ -48,7 +48,7 @@
   },
   "homepage": "https://vultisig.com",
   "dependencies": {
-    "@vultisig/sdk": "^0.2.0-beta.9",
+    "@vultisig/sdk": "^0.3.0",
     "chalk": "^5.3.0",
     "cli-table3": "^0.6.5",
     "commander": "^12.0.0",