@vultisig/cli 0.2.0 → 0.3.0

package/CHANGELOG.md

@@ -1,5 +1,54 @@
 # @vultisig/cli
 
+## 0.3.0
+
+### Minor Changes
+
+- [#71](https://github.com/vultisig/vultisig-sdk/pull/71) [`cc4e5fd`](https://github.com/vultisig/vultisig-sdk/commit/cc4e5fd2ff83bcce1723435107af869a43ea069f) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Update CLI to support SDK vault creation API changes
+
+  **Breaking Changes:**
+  - Renamed `import-seedphrase` command to `create-from-seedphrase` to match SDK naming
+    - `vultisig import-seedphrase fast` → `vultisig create-from-seedphrase fast`
+    - `vultisig import-seedphrase secure` → `vultisig create-from-seedphrase secure`
+
+  **New Features:**
+  - Added `join secure` command to join existing SecureVault creation sessions
+    - Supports QR payload via `--qr`, `--qr-file`, or interactive prompt
+    - Auto-detects if mnemonic is required based on session type
+    - Example: `vultisig join secure --qr "vultisig://..."`
+
+  **Internal Changes:**
+  - Updated SDK API calls to use new method names:
+    - `importSeedphraseAsFastVault` → `createFastVaultFromSeedphrase`
+    - `importSeedphraseAsSecureVault` → `createSecureVaultFromSeedphrase`
+  - Renamed internal functions and types to match SDK naming conventions
+
+### Patch Changes
+
+- [#71](https://github.com/vultisig/vultisig-sdk/pull/71) [`fee3f37`](https://github.com/vultisig/vultisig-sdk/commit/fee3f375f85011d14be814f06ff3d7f6684ea2fe) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - fix: address CodeRabbit PR #71 review suggestions
+
+  **Critical fixes:**
+  - JoinSecureVaultService: require `devices` parameter instead of defaulting to 2
+  - CLI vault-management: validate `devices` parameter before calling SDK
+  - parseKeygenQR: throw error on unknown libType instead of silently defaulting
+
+  **Code quality:**
+  - Replace try-catch with attempt() pattern in JoinSecureVaultService and parseKeygenQR
+  - Add abort signal checks in SecureVaultJoiner callbacks
+
+  **Documentation:**
+  - Add onProgress callback to joinSecureVault README documentation
+  - Fix markdown heading format in SDK-USERS-GUIDE.md
+  - Add language specifier to code block in CLAUDE.md
+
+  **Tests:**
+  - Fix Korean test mnemonic (removed invalid comma)
+  - Add Korean language detection test
+  - Remove sensitive private key logging in test helpers
+
+- Updated dependencies [[`fee3f37`](https://github.com/vultisig/vultisig-sdk/commit/fee3f375f85011d14be814f06ff3d7f6684ea2fe), [`695e664`](https://github.com/vultisig/vultisig-sdk/commit/695e664668082ca55861cf4d8fcc8c323be94c06), [`4edf52d`](https://github.com/vultisig/vultisig-sdk/commit/4edf52d3a2985d2adf772239bf19b8301f360af8), [`d145809`](https://github.com/vultisig/vultisig-sdk/commit/d145809eb68653a3b22921fcb90ebc985de2b16a)]:
+  - @vultisig/sdk@0.3.0
+
 ## 0.2.0
 
 ### Minor Changes

package/dist/index.js

@@ -1103,9 +1103,10 @@ var require_main = __commonJS({
 
 // src/index.ts
 import "dotenv/config";
-import { Vultisig as Vultisig4 } from "@vultisig/sdk";
+import { parseKeygenQR, Vultisig as Vultisig4 } from "@vultisig/sdk";
 import chalk12 from "chalk";
 import { program } from "commander";
+import { promises as fs3 } from "fs";
 import inquirer8 from "inquirer";
 
 // src/core/command-context.ts
@@ -2506,7 +2507,7 @@ async function executeInfo(ctx2) {
   }
   displayVaultInfo(vault);
 }
-async function executeImportSeedphraseFast(ctx2, options) {
+async function executeCreateFromSeedphraseFast(ctx2, options) {
   const { mnemonic, name, password, email, discoverChains, chains, signal } = options;
   const validateSpinner = createSpinner("Validating seedphrase...");
   const validation = await ctx2.sdk.validateSeedphrase(mnemonic);
@@ -2539,7 +2540,7 @@ async function executeImportSeedphraseFast(ctx2, options) {
   }
   const importSpinner = createSpinner("Importing seedphrase...");
   const vaultId = await withAbortSignal(
-    ctx2.sdk.importSeedphraseAsFastVault({
+    ctx2.sdk.createFastVaultFromSeedphrase({
       mnemonic,
       name,
       password,
@@ -2573,7 +2574,7 @@ async function executeImportSeedphraseFast(ctx2, options) {
       verifySpinner.succeed("Email verified successfully!");
       setupVaultEvents(vault);
       await ctx2.setActiveVault(vault);
-      success("\n+ Vault imported from seedphrase!");
+      success("\n+ Vault created from seedphrase!");
       info("\nYour vault is ready. Run the following commands:");
       printResult(chalk5.cyan("  vultisig balance     ") + "- View balances");
       printResult(chalk5.cyan("  vultisig addresses   ") + "- View addresses");
@@ -2623,7 +2624,7 @@ async function executeImportSeedphraseFast(ctx2, options) {
   }
   throw new Error("Verification loop exited unexpectedly");
 }
-async function executeImportSeedphraseSecure(ctx2, options) {
+async function executeCreateFromSeedphraseSecure(ctx2, options) {
   const { mnemonic, name, password, threshold, shares: totalShares, discoverChains, chains, signal } = options;
   const validateSpinner = createSpinner("Validating seedphrase...");
   const validation = await ctx2.sdk.validateSeedphrase(mnemonic);
@@ -2657,7 +2658,7 @@ async function executeImportSeedphraseSecure(ctx2, options) {
   const importSpinner = createSpinner("Importing seedphrase as secure vault...");
   try {
     const result = await withAbortSignal(
-      ctx2.sdk.importSeedphraseAsSecureVault({
+      ctx2.sdk.createSecureVaultFromSeedphrase({
         mnemonic,
         name,
         password,
@@ -2713,16 +2714,62 @@ Or use this URL: ${qrPayload}
     warn(`
 Important: Save your vault backup file (.vult) in a secure location.`);
     warn(`This is a ${threshold}-of-${totalShares} vault. You'll need ${threshold} devices to sign transactions.`);
-    success("\n+ Vault imported from seedphrase!");
+    success("\n+ Vault created from seedphrase!");
     return result.vault;
   } catch (err) {
-    importSpinner.fail("Secure vault import failed");
+    importSpinner.fail("Secure vault creation failed");
     if (err.message?.includes("not implemented")) {
-      warn("\nSecure vault seedphrase import is not yet implemented in the SDK");
+      warn("\nSecure vault creation from seedphrase is not yet implemented in the SDK");
     }
     throw err;
   }
 }
+async function executeJoinSecure(ctx2, options) {
+  const { qrPayload, mnemonic, password, devices, signal } = options;
+  if (!devices || devices < 2) {
+    throw new Error("devices is required when joining a SecureVault (minimum 2)");
+  }
+  const spinner = createSpinner("Joining SecureVault session...");
+  try {
+    const result = await withAbortSignal(
+      ctx2.sdk.joinSecureVault(qrPayload, {
+        mnemonic,
+        password,
+        devices,
+        onProgress: (step) => {
+          spinner.text = `${step.message} (${step.progress}%)`;
+        },
+        onDeviceJoined: (deviceId, totalJoined, required) => {
+          if (!isSilent()) {
+            spinner.text = `Device joined: ${totalJoined}/${required} (${deviceId})`;
+          } else if (!isJsonOutput()) {
+            printResult(`Device joined: ${totalJoined}/${required}`);
+          }
+        }
+      }),
+      signal
+    );
+    setupVaultEvents(result.vault);
+    await ctx2.setActiveVault(result.vault);
+    spinner.succeed(`Joined SecureVault: ${result.vault.name}`);
+    if (isJsonOutput()) {
+      outputJson({
+        vault: {
+          id: result.vaultId,
+          name: result.vault.name,
+          type: "secure"
+        }
+      });
+      return result.vault;
+    }
+    warn("\nImportant: Save your vault backup file (.vult) in a secure location.");
+    success("\n+ Successfully joined vault!");
+    return result.vault;
+  } catch (err) {
+    spinner.fail("Failed to join SecureVault session");
+    throw err;
+  }
+}
 
 // src/commands/swap.ts
 async function executeSwapChains(ctx2) {
@@ -3040,8 +3087,9 @@ var COMMANDS = [
   "vaults",
   "vault",
   "import",
-  "import-seedphrase",
+  "create-from-seedphrase",
   "create",
+  "join",
   "info",
   "export",
   // Wallet operations
@@ -3099,13 +3147,20 @@ function createCompleter(ctx2) {
         const partial = parts[1] || "";
         return completeChainName(partial);
       }
-      if ((command === "create" || command === "import-seedphrase") && parts.length === 2) {
+      if ((command === "create" || command === "create-from-seedphrase") && parts.length === 2) {
         const types = ["fast", "secure"];
         const partial = parts[1] || "";
         const partialLower = partial.toLowerCase();
         const matches = types.filter((t) => t.startsWith(partialLower));
         return [matches.length ? matches : types, partial];
       }
+      if (command === "join" && parts.length === 2) {
+        const types = ["secure"];
+        const partial = parts[1] || "";
+        const partialLower = partial.toLowerCase();
+        const matches = types.filter((t) => t.startsWith(partialLower));
+        return [matches.length ? matches : types, partial];
+      }
       const hits = COMMANDS.filter((c) => c.startsWith(line));
       const show = hits.length ? hits : COMMANDS;
       return [show, line];
@@ -3863,7 +3918,7 @@ Error: ${error2.message}`));
       case "create":
         await this.createVault(args);
         break;
-      case "import-seedphrase":
+      case "create-from-seedphrase":
         await this.importSeedphrase(args);
         break;
       case "info":
@@ -4049,7 +4104,7 @@ Error: ${error2.message}`));
   async importSeedphrase(args) {
     const type = args[0]?.toLowerCase();
     if (!type || type !== "fast" && type !== "secure") {
-      console.log(chalk9.cyan("Usage: import-seedphrase <fast|secure>"));
+      console.log(chalk9.cyan("Usage: create-from-seedphrase <fast|secure>"));
       console.log(chalk9.gray("  fast   - Import with VultiServer (2-of-2)"));
       console.log(chalk9.gray("  secure - Import with device coordination (N-of-M)"));
       return;
@@ -4085,7 +4140,7 @@ Error: ${error2.message}`));
       const discoverStr = await this.prompt("Discover chains with balances? (y/n)", "y");
       const discoverChains = discoverStr.toLowerCase() === "y";
       vault = await this.withCancellation(
-        (signal) => executeImportSeedphraseFast(this.ctx, {
+        (signal) => executeCreateFromSeedphraseFast(this.ctx, {
           mnemonic,
           name,
           password,
@@ -4116,7 +4171,7 @@ Error: ${error2.message}`));
       const discoverStr = await this.prompt("Discover chains with balances? (y/n)", "y");
       const discoverChains = discoverStr.toLowerCase() === "y";
       vault = await this.withCancellation(
-        (signal) => executeImportSeedphraseSecure(this.ctx, {
+        (signal) => executeCreateFromSeedphraseSecure(this.ctx, {
           mnemonic,
           name,
           password: password || void 0,
@@ -4387,7 +4442,7 @@ var cachedVersion = null;
 function getVersion() {
   if (cachedVersion) return cachedVersion;
   if (true) {
-    cachedVersion = "0.2.0";
+    cachedVersion = "0.3.0";
     return cachedVersion;
   }
   try {
@@ -4906,7 +4961,7 @@ program.command("import <file>").description("Import vault from .vult file").act
     await executeImport(context, file);
   })
 );
-var importSeedphraseCmd = program.command("import-seedphrase").description("Import wallet from BIP39 seedphrase");
+var createFromSeedphraseCmd = program.command("create-from-seedphrase").description("Create vault from BIP39 seedphrase");
 async function promptSeedphrase() {
   info("\nEnter your 12 or 24-word recovery phrase.");
   info("Words will be hidden as you type.\n");
@@ -4927,7 +4982,26 @@ async function promptSeedphrase() {
   ]);
   return answer.mnemonic.trim().toLowerCase();
 }
-importSeedphraseCmd.command("fast").description("Import as FastVault (server-assisted 2-of-2)").requiredOption("--name <name>", "Vault name").requiredOption("--password <password>", "Vault password").requiredOption("--email <email>", "Email for verification").option("--mnemonic <words>", "Seedphrase (12 or 24 words, space-separated)").option("--discover-chains", "Scan chains for existing balances").option("--chains <chains>", "Specific chains to enable (comma-separated)").action(
+async function promptQrPayload() {
+  info("\nEnter the QR code payload from the initiator device.");
+  info('The payload starts with "vultisig://".\n');
+  const answer = await inquirer8.prompt([
+    {
+      type: "input",
+      name: "qrPayload",
+      message: "QR Payload:",
+      validate: (input) => {
+        const trimmed = input.trim();
+        if (!trimmed.startsWith("vultisig://")) {
+          return 'QR payload must start with "vultisig://"';
+        }
+        return true;
+      }
+    }
+  ]);
+  return answer.qrPayload.trim();
+}
+createFromSeedphraseCmd.command("fast").description("Create FastVault from seedphrase (server-assisted 2-of-2)").requiredOption("--name <name>", "Vault name").requiredOption("--password <password>", "Vault password").requiredOption("--email <email>", "Email for verification").option("--mnemonic <words>", "Seedphrase (12 or 24 words, space-separated)").option("--discover-chains", "Scan chains for existing balances").option("--chains <chains>", "Specific chains to enable (comma-separated)").action(
   withExit(
     async (options) => {
       const context = await init(program.opts().vault);
@@ -4948,7 +5022,7 @@ importSeedphraseCmd.command("fast").description("Import as FastVault (server-ass
           }
         }
       }
-      await executeImportSeedphraseFast(context, {
+      await executeCreateFromSeedphraseFast(context, {
         mnemonic,
         name: options.name,
         password: options.password,
@@ -4959,7 +5033,7 @@ importSeedphraseCmd.command("fast").description("Import as FastVault (server-ass
     }
   )
 );
-importSeedphraseCmd.command("secure").description("Import as SecureVault (multi-device MPC)").requiredOption("--name <name>", "Vault name").option("--password <password>", "Vault password (optional)").option("--threshold <m>", "Signing threshold", "2").option("--shares <n>", "Total shares", "3").option("--mnemonic <words>", "Seedphrase (12 or 24 words)").option("--discover-chains", "Scan chains for existing balances").option("--chains <chains>", "Specific chains to enable (comma-separated)").action(
+createFromSeedphraseCmd.command("secure").description("Create SecureVault from seedphrase (multi-device MPC)").requiredOption("--name <name>", "Vault name").option("--password <password>", "Vault password (optional)").option("--threshold <m>", "Signing threshold", "2").option("--shares <n>", "Total shares", "3").option("--mnemonic <words>", "Seedphrase (12 or 24 words)").option("--discover-chains", "Scan chains for existing balances").option("--chains <chains>", "Specific chains to enable (comma-separated)").action(
   withExit(
     async (options) => {
       const context = await init(program.opts().vault);
@@ -4980,7 +5054,7 @@ importSeedphraseCmd.command("secure").description("Import as SecureVault (multi-
           }
         }
       }
-      await executeImportSeedphraseSecure(context, {
+      await executeCreateFromSeedphraseSecure(context, {
         mnemonic,
         name: options.name,
         password: options.password,
@@ -4992,6 +5066,33 @@ importSeedphraseCmd.command("secure").description("Import as SecureVault (multi-
     }
   )
 );
+var joinCmd = program.command("join").description("Join an existing vault creation session");
+joinCmd.command("secure").description("Join a SecureVault creation session").option("--qr <payload>", "QR code payload from initiator (vultisig://...)").option("--qr-file <path>", "Read QR payload from file").option("--mnemonic <words>", "Seedphrase (required for seedphrase-based sessions)").option("--password <password>", "Vault password (optional)").option("--devices <n>", "Total devices in session", "2").action(
+  withExit(
+    async (options) => {
+      const context = await init(program.opts().vault);
+      let qrPayload = options.qr;
+      if (!qrPayload && options.qrFile) {
+        qrPayload = (await fs3.readFile(options.qrFile, "utf-8")).trim();
+      }
+      if (!qrPayload) {
+        qrPayload = await promptQrPayload();
+      }
+      const qrParams = await parseKeygenQR(qrPayload);
+      let mnemonic = options.mnemonic;
+      if (qrParams.libType === "KEYIMPORT" && !mnemonic) {
+        info("\nThis session requires a seedphrase to join.");
+        mnemonic = await promptSeedphrase();
+      }
+      await executeJoinSecure(context, {
+        qrPayload,
+        mnemonic,
+        password: options.password,
+        devices: parseInt(options.devices, 10)
+      });
+    }
+  )
+);
 program.command("verify <vaultId>").description("Verify vault with email verification code").option("-r, --resend", "Resend verification email").option("--code <code>", "Verification code").option("--email <email>", "Email address (required for --resend)").option("--password <password>", "Vault password (required for --resend)").action(
   withExit(
     async (vaultId, options) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vultisig/cli",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Command-line wallet for Vultisig - multi-chain MPC wallet management",
   "type": "module",
   "bin": {
@@ -48,7 +48,7 @@
   },
   "homepage": "https://vultisig.com",
   "dependencies": {
-    "@vultisig/sdk": "^0.2.0",
+    "@vultisig/sdk": "^0.3.0",
     "chalk": "^5.3.0",
     "cli-table3": "^0.6.5",
     "commander": "^12.0.0",