@vultisig/cli 0.7.0 → 0.9.0

package/dist/index.js

@@ -1432,9 +1432,9 @@ var init_sha3 = __esm({
 
 // src/index.ts
 import "dotenv/config";
-import { promises as fs3 } from "node:fs";
+import { promises as fs4 } from "node:fs";
 import { parseKeygenQR, Vultisig as Vultisig7 } from "@vultisig/sdk";
-import chalk14 from "chalk";
+import chalk15 from "chalk";
 import { program } from "commander";
 import inquirer8 from "inquirer";
 
@@ -1517,6 +1517,9 @@ import chalk from "chalk";
 import ora from "ora";
 var silentMode = false;
 var outputFormat = "table";
+function setSilentMode(silent) {
+  silentMode = silent;
+}
 function isSilent() {
   return silentMode;
 }
@@ -1852,6 +1855,11 @@ function displayVaultInfo(vault) {
   printResult(chalk2.bold("\nPublic Keys:"));
   printResult(`  ECDSA:         ${vault.publicKeys.ecdsa.substring(0, 20)}...`);
   printResult(`  EdDSA:         ${vault.publicKeys.eddsa.substring(0, 20)}...`);
+  if (vault.publicKeyMldsa) {
+    printResult(`  ML-DSA-44:     ${vault.publicKeyMldsa.substring(0, 20)}...`);
+  } else {
+    printResult(`  ML-DSA-44:     ${chalk2.gray("Not available")}`);
+  }
   printResult(`  Chain Code:    ${vault.hexChainCode.substring(0, 20)}...
 `);
 }
@@ -2480,8 +2488,9 @@ Or use this URL: ${qrPayload}
     });
   }
   try {
+    const cosmosChain = params.chain;
     const coin = {
-      chain: params.chain,
+      chain: cosmosChain,
       address,
       decimals: 8,
       // THORChain uses 8 decimals
@@ -2501,7 +2510,7 @@ Or use this URL: ${qrPayload}
       gas: chainConfig.gasLimit
     };
     const keysignPayload = await vault.prepareSignAminoTx({
-      chain: params.chain,
+      chain: cosmosChain,
       coin,
       msgs: [executeContractMsg],
       fee,
@@ -2511,7 +2520,7 @@ Or use this URL: ${qrPayload}
     const signature = await vault.sign(
       {
         transaction: keysignPayload,
-        chain: params.chain,
+        chain: cosmosChain,
         messageHashes
       },
       { signal: params.signal }
@@ -2519,7 +2528,7 @@ Or use this URL: ${qrPayload}
     signSpinner.succeed("Transaction signed");
     const broadcastSpinner = createSpinner("Broadcasting transaction...");
     const txHash = await vault.broadcastTx({
-      chain: params.chain,
+      chain: cosmosChain,
       keysignPayload,
       signature
     });
@@ -2603,7 +2612,8 @@ Or use this URL: ${qrPayload}
     const result = {
       signature: sigBase64,
       recovery: signature.recovery,
-      format: signature.format
+      format: signature.format,
+      mldsaSignature: signature.mldsaSignature
     };
     if (isJsonOutput()) {
       outputJson(result);
@@ -2613,6 +2623,9 @@ Or use this URL: ${qrPayload}
         printResult(`Recovery: ${result.recovery}`);
       }
       printResult(`Format: ${result.format}`);
+      if (result.mldsaSignature) {
+        printResult(`ML-DSA-44 Signature: ${result.mldsaSignature.substring(0, 40)}...`);
+      }
     }
     return result;
   } finally {
@@ -2733,7 +2746,11 @@ function withAbortSignal(promise, signal) {
   ]);
 }
 async function executeCreateFast(ctx2, options) {
-  const { name, password, email, signal, twoStep } = options;
+  const twoStep = options.twoStep || !process.stdin.isTTY;
+  const { name, password, email, signal } = options;
+  if (!options.twoStep && twoStep) {
+    info("Non-interactive terminal detected. Using --two-step mode automatically.");
+  }
   const spinner = createSpinner("Creating vault...");
   const vaultId = await withAbortSignal(
     ctx2.sdk.createFastVault({
@@ -2749,6 +2766,16 @@ async function executeCreateFast(ctx2, options) {
   );
   spinner.succeed(`Vault keys generated: ${name}`);
   if (twoStep) {
+    if (isJsonOutput()) {
+      outputJson({
+        vaultId,
+        status: "pending_verification",
+        message: "Vault created. Verify with email OTP to activate.",
+        verifyCommand: `vultisig verify ${vaultId} --code <OTP>`,
+        resendCommand: `vultisig verify ${vaultId} --resend --email ${email} --password <password>`
+      });
+      return void 0;
+    }
     success("\n+ Vault created and saved to disk (pending verification)");
     info(`
 Vault ID: ${vaultId}`);
@@ -2897,15 +2924,19 @@ Important: Save your vault backup file (.vult) in a secure location.`);
     throw err;
   }
 }
-async function executeImport(ctx2, file) {
-  const { password } = await inquirer4.prompt([
-    {
-      type: "password",
-      name: "password",
-      message: "Enter vault password (if encrypted):",
-      mask: "*"
-    }
-  ]);
+async function executeImport(ctx2, file, flagPassword) {
+  let password = flagPassword || process.env.VAULT_PASSWORD || "";
+  if (!password) {
+    const answers = await inquirer4.prompt([
+      {
+        type: "password",
+        name: "password",
+        message: "Enter vault password (if encrypted):",
+        mask: "*"
+      }
+    ]);
+    password = answers.password;
+  }
   const spinner = createSpinner("Importing vault...");
   const vultContent = await fs.readFile(file, "utf-8");
   const vault = await ctx2.sdk.importVault(vultContent, password || void 0);
@@ -2973,11 +3004,25 @@ async function executeVerify(ctx2, vaultId, options = {}) {
     spinner.succeed("Vault verified successfully!");
     setupVaultEvents(vault);
     await ctx2.setActiveVault(vault);
+    if (isJsonOutput()) {
+      outputJson({
+        verified: true,
+        vault: { id: vaultId, name: vault.name, type: "fast" }
+      });
+      return true;
+    }
     success(`
 + Vault "${vault.name}" is now ready to use!`);
     return true;
   } catch (err) {
     spinner.fail("Verification failed");
+    if (isJsonOutput()) {
+      outputJson({
+        verified: false,
+        error: err.message || "Verification failed. Please check the code and try again."
+      });
+      return false;
+    }
     error(`
 \u2717 ${err.message || "Verification failed. Please check the code and try again."}`);
     warn("\nTip: Use --resend to get a new verification code:");
@@ -3058,10 +3103,28 @@ async function executeVaults(ctx2) {
 }
 async function executeSwitch(ctx2, vaultId) {
   const spinner = createSpinner("Loading vault...");
-  const vault = await ctx2.sdk.getVaultById(vaultId);
+  let vault = await ctx2.sdk.getVaultById(vaultId);
+  if (!vault) {
+    const allVaults = await ctx2.sdk.listVaults();
+    const byName = allVaults.filter((v) => v.name.toLowerCase() === vaultId.toLowerCase());
+    if (byName.length === 1) {
+      vault = await ctx2.sdk.getVaultById(byName[0].id);
+    } else if (byName.length > 1) {
+      spinner.fail("Ambiguous vault name");
+      throw new Error(`Multiple vaults match name "${vaultId}". Use the full vault ID instead.`);
+    } else {
+      const byPrefix = allVaults.filter((v) => v.id.startsWith(vaultId));
+      if (byPrefix.length === 1) {
+        vault = await ctx2.sdk.getVaultById(byPrefix[0].id);
+      } else if (byPrefix.length > 1) {
+        spinner.fail("Ambiguous vault ID prefix");
+        throw new Error(`Multiple vaults match prefix "${vaultId}". Use a longer prefix or the full ID.`);
+      }
+    }
+  }
   if (!vault) {
     spinner.fail("Vault not found");
-    throw new Error(`No vault found with ID: ${vaultId}`);
+    throw new Error(`No vault found matching: ${vaultId}`);
   }
   await ctx2.setActiveVault(vault);
   setupVaultEvents(vault);
@@ -3103,6 +3166,7 @@ async function executeInfo(ctx2) {
         publicKeys: {
           ecdsa: vault.publicKeys.ecdsa,
           eddsa: vault.publicKeys.eddsa,
+          ...vault.publicKeyMldsa ? { mldsa: vault.publicKeyMldsa } : {},
           chainCode: vault.hexChainCode
         }
       }
@@ -4097,6 +4161,93 @@ function displayDiscountTier(tierInfo) {
   printResult("");
 }
 
+// src/commands/agent.ts
+import chalk9 from "chalk";
+import Table from "cli-table3";
+
+// src/agent/ask.ts
+var AskInterface = class {
+  session;
+  verbose;
+  responseParts = [];
+  toolCalls = [];
+  transactions = [];
+  constructor(session, verbose = false) {
+    this.session = session;
+    this.verbose = verbose;
+  }
+  /**
+   * Get UI callbacks that silently collect results.
+   * Tool progress is logged to stderr in verbose mode.
+   */
+  getCallbacks() {
+    return {
+      onTextDelta: (_delta) => {
+      },
+      onToolCall: (_id, action, params) => {
+        if (this.verbose) {
+          const paramStr = params ? ` ${JSON.stringify(params)}` : "";
+          process.stderr.write(`[tool] ${action}${paramStr} ...
+`);
+        }
+      },
+      onToolResult: (_id, action, success2, data, error2) => {
+        this.toolCalls.push({ action, success: success2, data, error: error2 });
+        if (this.verbose) {
+          const status = success2 ? "ok" : `error: ${error2}`;
+          process.stderr.write(`[tool] ${action}: ${status}
+`);
+        }
+      },
+      onAssistantMessage: (content) => {
+        if (content) {
+          this.responseParts.push(content);
+        }
+      },
+      onSuggestions: (_suggestions) => {
+      },
+      onTxStatus: (txHash, chain, _status, explorerUrl) => {
+        this.transactions.push({ hash: txHash, chain, explorerUrl });
+        if (this.verbose) {
+          process.stderr.write(`[tx] ${chain}: ${txHash}
+`);
+        }
+      },
+      onError: (message) => {
+        process.stderr.write(`[error] ${message}
+`);
+      },
+      onDone: () => {
+      },
+      requestPassword: async () => {
+        throw new Error(
+          "Password required but not provided. Use --password flag."
+        );
+      },
+      requestConfirmation: async (_message) => {
+        return true;
+      }
+    };
+  }
+  /**
+   * Send a message and wait for the complete response.
+   * All tool calls and actions are executed automatically.
+   */
+  async ask(message) {
+    this.responseParts = [];
+    this.toolCalls = [];
+    this.transactions = [];
+    const callbacks = this.getCallbacks();
+    await this.session.sendMessage(message, callbacks);
+    return {
+      sessionId: this.session.getConversationId() || "",
+      response: this.responseParts[this.responseParts.length - 1] || "",
+      toolCalls: this.toolCalls,
+      transactions: this.transactions
+    };
+  }
+};
+
 // src/agent/auth.ts
 init_sha3();
 import { randomBytes } from "node:crypto";
@@ -4372,8 +4523,8 @@ var AgentClient = class {
   // ============================================================================
   // Private helpers
   // ============================================================================
-  async post(path3, body) {
-    const res = await fetch(`${this.baseUrl}${path3}`, {
+  async post(path4, body) {
+    const res = await fetch(`${this.baseUrl}${path4}`, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
@@ -4387,8 +4538,8 @@ var AgentClient = class {
     }
     return await res.json();
   }
-  async delete(path3, body) {
-    const res = await fetch(`${this.baseUrl}${path3}`, {
+  async delete(path4, body) {
+    const res = await fetch(`${this.baseUrl}${path4}`, {
       method: "DELETE",
       headers: {
         "Content-Type": "application/json",
@@ -4408,7 +4559,8 @@ import { Chain as Chain8 } from "@vultisig/sdk";
 async function buildMessageContext(vault) {
   const context = {
     vault_address: vault.publicKeys.ecdsa,
-    vault_name: vault.name
+    vault_name: vault.name,
+    mldsa_public_key: vault.publicKeyMldsa
   };
   try {
     const chains = vault.chains;
@@ -4468,6 +4620,30 @@ async function buildMessageContext(vault) {
   }
   return context;
 }
+async function buildMinimalContext(vault) {
+  const context = {
+    vault_address: vault.publicKeys.ecdsa,
+    vault_name: vault.name
+  };
+  try {
+    const chains = vault.chains;
+    const addressEntries = await Promise.allSettled(
+      chains.map(async (chain) => ({
+        chain: chain.toString(),
+        address: await vault.address(chain)
+      }))
+    );
+    const addresses = {};
+    for (const result of addressEntries) {
+      if (result.status === "fulfilled") {
+        addresses[result.value.chain] = result.value.address;
+      }
+    }
+    context.addresses = addresses;
+  } catch {
+  }
+  return context;
+}
 function getNativeTokenTicker(chain) {
   const tickers = {
     [Chain8.Ethereum]: "ETH",
@@ -4528,6 +4704,161 @@ function getNativeTokenDecimals(chain) {
 // src/agent/executor.ts
 import { Chain as Chain9, Vultisig as Vultisig6 } from "@vultisig/sdk";
 
+// src/core/VaultStateStore.ts
+import * as fs2 from "node:fs";
+import * as os from "node:os";
+import * as path2 from "node:path";
+var LOCK_STALE_MS = 6e4;
+var LOCK_RETRY_INIT_MS = 100;
+var LOCK_MAX_WAIT_MS = 3e4;
+var STATE_TTL_MS = 10 * 6e4;
+var VaultStateStore = class {
+  baseDir;
+  constructor(vaultId) {
+    const safeId = vaultId.replace(/[^a-zA-Z0-9]/g, "").slice(0, 40);
+    if (!safeId) {
+      throw new Error("Invalid vaultId: must contain alphanumeric characters");
+    }
+    this.baseDir = path2.join(os.homedir(), ".vultisig", "vault-state", safeId);
+    fs2.mkdirSync(this.baseDir, { recursive: true });
+  }
+  // -------------------------------------------------------------------------
+  // Chain-level locking
+  // -------------------------------------------------------------------------
+  /**
+   * Acquire an exclusive file lock for the given chain.
+   * Blocks (with exponential backoff) until the lock is available or timeout.
+   *
+   * @returns A release function — caller MUST call it when done.
+   */
+  async acquireChainLock(chain) {
+    const lockPath = path2.join(this.baseDir, `${chain}.lock`);
+    const startTime = Date.now();
+    let delay = LOCK_RETRY_INIT_MS;
+    while (true) {
+      try {
+        const fd = fs2.openSync(lockPath, "wx");
+        const lockToken = `${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        const info2 = { pid: process.pid, timestamp: Date.now(), token: lockToken };
+        fs2.writeSync(fd, JSON.stringify(info2));
+        fs2.closeSync(fd);
+        return async () => {
+          try {
+            const content = fs2.readFileSync(lockPath, "utf8");
+            const current = JSON.parse(content);
+            if (current.token === lockToken) {
+              fs2.unlinkSync(lockPath);
+            }
+          } catch {
+          }
+        };
+      } catch (err) {
+        if (err.code !== "EEXIST") throw err;
+        if (this.tryCleanStaleLock(lockPath)) {
+          continue;
+        }
+        if (Date.now() - startTime > LOCK_MAX_WAIT_MS) {
+          throw new Error(
+            `Timeout after ${LOCK_MAX_WAIT_MS}ms waiting for ${chain} chain lock. Another process may be stuck. Lock file: ${lockPath}`
+          );
+        }
+        await sleep2(delay);
+        delay = Math.min(delay * 1.5, 2e3);
+      }
+    }
+  }
+  // -------------------------------------------------------------------------
+  // EVM nonce management
+  // -------------------------------------------------------------------------
+  /**
+   * Get the next nonce to use for an EVM chain.
+   *
+   * Takes the on-chain nonce (from `getTransactionCount`) and returns
+   * `max(onChainNonce, localLastUsed + 1)`. This ensures that:
+   *   - Locally queued txs get incrementing nonces
+   *   - External txs (MetaMask, other wallets) are respected
+   *
+   * MUST be called while holding the chain lock.
+   */
+  getNextEvmNonce(chain, onChainNonce) {
+    const state = this.readEvmState(chain);
+    if (!state) return onChainNonce;
+    if (Date.now() - state.updatedAt > STATE_TTL_MS) return onChainNonce;
+    const localNext = BigInt(state.lastUsedNonce) + 1n;
+    return localNext > onChainNonce ? localNext : onChainNonce;
+  }
+  /**
+   * Clear persisted nonce state for a chain (e.g. when pending txs were evicted).
+   */
+  clearEvmState(chain) {
+    const filePath = path2.join(this.baseDir, `${chain}.state.json`);
+    try {
+      fs2.unlinkSync(filePath);
+    } catch {
+    }
+  }
+  /**
+   * Record that we broadcast a tx using the given nonce.
+   * For approve+swap flows, pass the HIGHEST nonce used.
+   *
+   * MUST be called while holding the chain lock (before releasing).
+   */
+  recordEvmNonce(chain, nonce) {
+    const state = {
+      lastUsedNonce: nonce.toString(),
+      updatedAt: Date.now()
+    };
+    this.writeEvmState(chain, state);
+  }
+  // -------------------------------------------------------------------------
+  // Internal helpers
+  // -------------------------------------------------------------------------
+  readEvmState(chain) {
+    const filePath = path2.join(this.baseDir, `${chain}.state.json`);
+    try {
+      const content = fs2.readFileSync(filePath, "utf8");
+      return JSON.parse(content);
+    } catch {
+      return null;
+    }
+  }
+  writeEvmState(chain, state) {
+    const filePath = path2.join(this.baseDir, `${chain}.state.json`);
+    const tmpPath = filePath + `.tmp.${process.pid}`;
+    fs2.writeFileSync(tmpPath, JSON.stringify(state, null, 2));
+    fs2.renameSync(tmpPath, filePath);
+  }
+  /**
+   * Check if a lock file is stale and remove it if so.
+   * @returns true if a stale lock was removed.
+   */
+  tryCleanStaleLock(lockPath) {
+    try {
+      const content = fs2.readFileSync(lockPath, "utf8");
+      const info2 = JSON.parse(content);
+      if (Date.now() - info2.timestamp > LOCK_STALE_MS) {
+        fs2.unlinkSync(lockPath);
+        return true;
+      }
+    } catch {
+      try {
+        const stat = fs2.statSync(lockPath);
+        if (Date.now() - stat.mtimeMs > LOCK_STALE_MS) {
+          fs2.unlinkSync(lockPath);
+          return true;
+        }
+      } catch {
+        return true;
+      }
+      return false;
+    }
+    return false;
+  }
+};
+function sleep2(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
 // src/agent/types.ts
 var AUTO_EXECUTE_ACTIONS = /* @__PURE__ */ new Set([
   "add_chain",
@@ -4555,14 +4886,50 @@ var AUTO_EXECUTE_ACTIONS = /* @__PURE__ */ new Set([
 var PASSWORD_REQUIRED_ACTIONS = /* @__PURE__ */ new Set(["sign_tx", "sign_typed_data", "build_custom_tx"]);
 
 // src/agent/executor.ts
+var EVM_CHAINS = /* @__PURE__ */ new Set([
+  "Ethereum",
+  "BSC",
+  "Polygon",
+  "Avalanche",
+  "Arbitrum",
+  "Optimism",
+  "Base",
+  "Blast",
+  "Zksync",
+  "Mantle",
+  "CronosChain",
+  "Hyperliquid",
+  "Sei"
+]);
+var EVM_GAS_RPC = {
+  Ethereum: "https://eth.llamarpc.com",
+  BSC: "https://bsc-dataseed.binance.org",
+  Polygon: "https://polygon-rpc.com",
+  Avalanche: "https://api.avax.network/ext/bc/C/rpc",
+  Arbitrum: "https://arb1.arbitrum.io/rpc",
+  Optimism: "https://mainnet.optimism.io",
+  Base: "https://mainnet.base.org",
+  Blast: "https://rpc.blast.io",
+  Zksync: "https://mainnet.era.zksync.io",
+  Mantle: "https://rpc.mantle.xyz",
+  CronosChain: "https://cronos-evm-rpc.publicnode.com",
+  Hyperliquid: "https://rpc.hyperliquid.xyz/evm",
+  Sei: "https://evm-rpc.sei-apis.com"
+};
 var AgentExecutor = class {
   vault;
   pendingPayloads = /* @__PURE__ */ new Map();
   password = null;
   verbose;
-  constructor(vault, verbose = false) {
+  stateStore = null;
+  /** Held chain lock release functions, keyed by chain name */
+  chainLockReleases = /* @__PURE__ */ new Map();
+  constructor(vault, verbose = false, vaultId) {
     this.vault = vault;
     this.verbose = verbose;
+    if (vaultId) {
+      this.stateStore = new VaultStateStore(vaultId);
+    }
   }
   setPassword(password) {
     this.password = password;
@@ -4581,6 +4948,7 @@ var AgentExecutor = class {
       return;
     }
     const chain = resolveChainFromTxReady(txReadyData) || Chain9.Ethereum;
+    this.pendingPayloads.clear();
     this.pendingPayloads.set("latest", {
       payload: { __serverTx: true, ...txReadyData },
       coin: { chain, address: "", decimals: 18, ticker: "" },
@@ -4786,39 +5154,47 @@ var AgentExecutor = class {
     const amountStr = params.amount;
     if (!toAddress) throw new Error("Destination address is required");
     if (!amountStr) throw new Error("Amount is required");
-    const address = await this.vault.address(chain);
-    const balance = await this.vault.balance(chain, params.token_id);
-    const coin = {
-      chain,
-      address,
-      decimals: balance.decimals,
-      ticker: symbol || balance.symbol,
-      id: params.token_id
-    };
-    const amount = parseAmount(amountStr, balance.decimals);
-    const memo = params.memo;
-    const payload = await this.vault.prepareSendTx({ coin, receiver: toAddress, amount, memo });
-    const payloadId = `tx_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
-    this.pendingPayloads.set(payloadId, { payload, coin, chain, timestamp: Date.now() });
-    this.pendingPayloads.set("latest", { payload, coin, chain, timestamp: Date.now() });
-    const messageHashes = await this.vault.extractMessageHashes(payload);
-    return {
-      keysign_payload: payloadId,
-      from_chain: chain.toString(),
-      from_symbol: coin.ticker,
-      amount: amountStr,
-      sender: address,
-      destination: toAddress,
-      memo: memo || void 0,
-      message_hashes: messageHashes,
-      tx_details: {
-        chain: chain.toString(),
-        from: address,
-        to: toAddress,
+    await this.acquireEvmLockIfNeeded(chain);
+    try {
+      const address = await this.vault.address(chain);
+      const balance = await this.vault.balance(chain, params.token_id);
+      const coin = {
+        chain,
+        address,
+        decimals: balance.decimals,
+        ticker: symbol || balance.symbol,
+        id: params.token_id
+      };
+      const amount = parseAmount(amountStr, balance.decimals);
+      const memo = params.memo;
+      const payload = await this.vault.prepareSendTx({ coin, receiver: toAddress, amount, memo });
+      await this.patchEvmNonce(chain, payload);
+      const messageHashes = await this.vault.extractMessageHashes(payload);
+      this.pendingPayloads.clear();
+      const payloadId = `tx_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+      this.pendingPayloads.set(payloadId, { payload, coin, chain, timestamp: Date.now() });
+      this.pendingPayloads.set("latest", { payload, coin, chain, timestamp: Date.now() });
+      return {
+        keysign_payload: payloadId,
+        from_chain: chain.toString(),
+        from_symbol: coin.ticker,
         amount: amountStr,
-        symbol: coin.ticker
-      }
-    };
+        sender: address,
+        destination: toAddress,
+        memo: memo || void 0,
+        message_hashes: messageHashes,
+        tx_details: {
+          chain: chain.toString(),
+          from: address,
+          to: toAddress,
+          amount: amountStr,
+          symbol: coin.ticker
+        }
+      };
+    } catch (err) {
+      await this.releaseEvmLock(chain);
+      throw err;
+    }
   }
   async buildSwapTx(params) {
     if (this.verbose) process.stderr.write(`[build_swap_tx] called with params: ${JSON.stringify(params).slice(0, 500)}
@@ -4828,42 +5204,50 @@ var AgentExecutor = class {
     const fromChain = resolveChain(fromChainName);
     const toChain = toChainName ? resolveChain(toChainName) : null;
     if (!fromChain) throw new Error(`Unknown from_chain: ${fromChainName}`);
-    const amountStr = params.amount;
-    const fromSymbol = params.from_symbol || params.from_token || "";
-    const toSymbol = params.to_symbol || params.to_token || "";
-    const fromToken = params.from_contract || params.from_token_id;
-    const toToken = params.to_contract || params.to_token_id;
-    const fromCoin = { chain: fromChain, token: fromToken || void 0 };
-    const toCoin = { chain: toChain || fromChain, token: toToken || void 0 };
-    const quote = await this.vault.getSwapQuote({
-      fromCoin,
-      toCoin,
-      amount: parseFloat(amountStr)
-    });
-    const swapResult = await this.vault.prepareSwapTx({
-      fromCoin,
-      toCoin,
-      amount: parseFloat(amountStr),
-      swapQuote: quote,
-      autoApprove: true
-    });
-    const chain = fromChain;
-    const payload = swapResult.keysignPayload;
-    const payloadId = `swap_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
-    this.pendingPayloads.set(payloadId, { payload, coin: { chain, address: "", decimals: 18, ticker: fromSymbol }, chain, timestamp: Date.now() });
-    this.pendingPayloads.set("latest", { payload, coin: { chain, address: "", decimals: 18, ticker: fromSymbol }, chain, timestamp: Date.now() });
-    const messageHashes = await this.vault.extractMessageHashes(payload);
-    return {
-      keysign_payload: payloadId,
-      from_chain: fromChain.toString(),
-      to_chain: (toChain || fromChain).toString(),
-      from_symbol: fromSymbol,
-      to_symbol: toSymbol,
-      amount: amountStr,
-      estimated_output: quote.estimatedOutput?.toString(),
-      provider: quote.provider,
-      message_hashes: messageHashes
-    };
+    await this.acquireEvmLockIfNeeded(fromChain);
+    try {
+      const amountStr = params.amount;
+      const fromSymbol = params.from_symbol || params.from_token || "";
+      const toSymbol = params.to_symbol || params.to_token || "";
+      const fromToken = params.from_contract || params.from_token_id;
+      const toToken = params.to_contract || params.to_token_id;
+      const fromCoin = { chain: fromChain, token: fromToken || void 0 };
+      const toCoin = { chain: toChain || fromChain, token: toToken || void 0 };
+      const quote = await this.vault.getSwapQuote({
+        fromCoin,
+        toCoin,
+        amount: parseFloat(amountStr)
+      });
+      const swapResult = await this.vault.prepareSwapTx({
+        fromCoin,
+        toCoin,
+        amount: parseFloat(amountStr),
+        swapQuote: quote,
+        autoApprove: true
+      });
+      const chain = fromChain;
+      const payload = swapResult.keysignPayload;
+      await this.patchEvmNonce(chain, payload);
+      const messageHashes = await this.vault.extractMessageHashes(payload);
+      this.pendingPayloads.clear();
+      const payloadId = `swap_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+      this.pendingPayloads.set(payloadId, { payload, coin: { chain, address: "", decimals: 18, ticker: fromSymbol }, chain, timestamp: Date.now() });
+      this.pendingPayloads.set("latest", { payload, coin: { chain, address: "", decimals: 18, ticker: fromSymbol }, chain, timestamp: Date.now() });
+      return {
+        keysign_payload: payloadId,
+        from_chain: fromChain.toString(),
+        to_chain: (toChain || fromChain).toString(),
+        from_symbol: fromSymbol,
+        to_symbol: toSymbol,
+        amount: amountStr,
+        estimated_output: quote.estimatedOutput?.toString(),
+        provider: quote.provider,
+        message_hashes: messageHashes
+      };
+    } catch (err) {
+      await this.releaseEvmLock(fromChain);
+      throw err;
+    }
   }
   async buildTx(params) {
     if (params.function_name && params.contract_address) {
@@ -4944,6 +5328,18 @@ var AgentExecutor = class {
     }
     const { payload, chain } = stored;
     if (payload.__serverTx) {
+      if (chain === "Solana" && (payload.swap_tx || payload.provider)) {
+        try {
+          return await this.buildAndSignSolanaSwapLocally(payload);
+        } catch (e) {
+          if (e._phase === "prepare") {
+            if (this.verbose) process.stderr.write(`[sign_tx] Solana local build failed (${e.message}), falling back to signServerTx
+`);
+          } else {
+            throw e;
+          }
+        }
+      }
       return this.signServerTx(payload, chain, params);
     }
     return this.signSdkTx(payload, chain, payloadId);
@@ -4951,37 +5347,46 @@ var AgentExecutor = class {
   /**
    * Sign and broadcast an SDK-built transaction (keysign payload from local build methods).
    */
-  async signSdkTx(payload, chain, payloadId) {
-    if (this.vault.isEncrypted && !this.vault.isUnlocked?.()) {
-      if (this.password) {
-        await this.vault.unlock?.(this.password);
+  async signSdkTx(payload, chain, _payloadId) {
+    try {
+      if (this.vault.isEncrypted && !this.vault.isUnlocked?.()) {
+        if (this.password) {
+          await this.vault.unlock?.(this.password);
+        }
       }
+      await this.patchEvmGas(chain, payload);
+      const messageHashes = await this.vault.extractMessageHashes(payload);
+      const signature = await this.vault.sign(
+        {
+          transaction: payload,
+          chain: payload.coin?.chain || chain,
+          messageHashes
+        },
+        {}
+      );
+      const txHash = await this.vault.broadcastTx({
+        chain,
+        keysignPayload: payload,
+        signature
+      });
+      try {
+        this.recordEvmNonceFromPayload(chain, payload, messageHashes.length);
+      } catch (nonceErr) {
+        console.warn(`[nonce] failed to persist nonce for ${chain}:`, nonceErr);
+      }
+      await this.releaseEvmLock(chain);
+      this.pendingPayloads.clear();
+      const explorerUrl = Vultisig6.getTxExplorerUrl(chain, txHash);
+      return {
+        tx_hash: txHash,
+        chain: chain.toString(),
+        status: "pending",
+        explorer_url: explorerUrl
+      };
+    } catch (err) {
+      await this.releaseEvmLock(chain);
+      throw err;
     }
-    const messageHashes = await this.vault.extractMessageHashes(payload);
-    const signature = await this.vault.sign(
-      {
-        transaction: payload,
-        chain: payload.coin?.chain || chain,
-        messageHashes
-      },
-      {}
-    );
-    const txHash = await this.vault.broadcastTx({
-      chain,
-      keysignPayload: payload,
-      signature
-    });
-    this.pendingPayloads.delete(payloadId);
-    if (payloadId !== "latest") {
-      this.pendingPayloads.delete("latest");
-    }
-    const explorerUrl = Vultisig6.getTxExplorerUrl(chain, txHash);
-    return {
-      tx_hash: txHash,
-      chain: chain.toString(),
-      status: "pending",
-      explorer_url: explorerUrl
-    };
   }
   /**
    * Sign and broadcast a server-built transaction (raw EVM tx from tx_ready SSE).
@@ -5000,38 +5405,121 @@ var AgentExecutor = class {
     } else if (chainId) {
       chain = resolveChainId(chainId) || defaultChain;
     }
-    const address = await this.vault.address(chain);
-    const balance = await this.vault.balance(chain);
-    const coin = {
-      chain,
-      address,
-      decimals: balance.decimals || 18,
-      ticker: balance.symbol || chain.toString()
-    };
-    const amount = BigInt(swapTx.value || "0");
-    const hasCalldata = !!(swapTx.data && swapTx.data !== "0x");
-    if (this.verbose) process.stderr.write(`[sign_server_tx] chain=${chain}, to=${swapTx.to}, value=${swapTx.value}, amount=${amount}, hasCalldata=${hasCalldata}
+    await this.acquireEvmLockIfNeeded(chain);
+    try {
+      const address = await this.vault.address(chain);
+      const balance = await this.vault.balance(chain);
+      const coin = {
+        chain,
+        address,
+        decimals: balance.decimals || 18,
+        ticker: balance.symbol || chain.toString()
+      };
+      const amount = BigInt(swapTx.value || "0");
+      const hasCalldata = !!(swapTx.data && swapTx.data !== "0x");
+      if (this.verbose) process.stderr.write(`[sign_server_tx] chain=${chain}, to=${swapTx.to}, value=${swapTx.value}, amount=${amount}, hasCalldata=${hasCalldata}
+`);
+      if (this.vault.isEncrypted && !this.vault.isUnlocked?.()) {
+        if (this.password) {
+          await this.vault.unlock?.(this.password);
+        }
+      }
+      const buildAmount = amount === 0n && hasCalldata ? 1n : amount;
+      const keysignPayload = await this.vault.prepareSendTx({
+        coin,
+        receiver: swapTx.to,
+        amount: buildAmount,
+        memo: swapTx.data
+      });
+      if (amount === 0n && hasCalldata) {
+        ;
+        keysignPayload.toAmount = "0";
+      }
+      await this.patchEvmNonce(chain, keysignPayload);
+      await this.patchEvmGas(chain, keysignPayload);
+      const messageHashes = await this.vault.extractMessageHashes(keysignPayload);
+      const signature = await this.vault.sign(
+        {
+          transaction: keysignPayload,
+          chain,
+          messageHashes
+        },
+        {}
+      );
+      const txHash = await this.vault.broadcastTx({
+        chain,
+        keysignPayload,
+        signature
+      });
+      try {
+        this.recordEvmNonceFromPayload(chain, keysignPayload, messageHashes.length);
+      } catch (nonceErr) {
+        console.warn(`[nonce] failed to persist nonce for ${chain}:`, nonceErr);
+      }
+      await this.releaseEvmLock(chain);
+      this.pendingPayloads.clear();
+      const explorerUrl = Vultisig6.getTxExplorerUrl(chain, txHash);
+      return {
+        tx_hash: txHash,
+        chain: chain.toString(),
+        status: "pending",
+        explorer_url: explorerUrl
+      };
+    } catch (err) {
+      await this.releaseEvmLock(chain);
+      throw err;
+    }
+  }
+  /**
+   * Build, sign, and broadcast a Solana swap locally using the SDK's swap flow.
+   * Uses swap params from the tx_ready event to call vault.getSwapQuote → prepareSwapTx.
+   */
+  async buildAndSignSolanaSwapLocally(serverTxData) {
+    const fromChainName = serverTxData.from_chain || serverTxData.chain || "Solana";
+    const toChainName = serverTxData.to_chain;
+    const fromChain = resolveChain(fromChainName);
+    if (!fromChain) throw Object.assign(new Error(`Unknown from_chain: ${fromChainName}`), { _phase: "prepare" });
+    const toChain = toChainName ? resolveChain(toChainName) : fromChain;
+    if (!toChain) throw Object.assign(new Error(`Unknown to_chain: ${toChainName}`), { _phase: "prepare" });
+    const amountStr = serverTxData.amount;
+    if (!amountStr) throw Object.assign(new Error("Missing amount in tx_ready data for local Solana swap build"), { _phase: "prepare" });
+    const fromToken = serverTxData.from_address;
+    const toToken = serverTxData.to_address;
+    const fromDecimals = serverTxData.from_decimals;
+    if (fromDecimals == null) throw Object.assign(new Error("Missing from_decimals in tx_ready data for local Solana swap build"), { _phase: "prepare" });
+    const fromCoin = { chain: fromChain, token: fromToken || void 0 };
+    const toCoin = { chain: toChain, token: toToken || void 0 };
+    const humanAmount = Number(amountStr) / Math.pow(10, fromDecimals);
+    if (this.verbose) process.stderr.write(`[solana_local_swap] from=${fromChainName} to=${toChainName || fromChainName} amount=${amountStr}
 `);
     if (this.vault.isEncrypted && !this.vault.isUnlocked?.()) {
       if (this.password) {
         await this.vault.unlock?.(this.password);
       }
     }
-    const buildAmount = amount === 0n && hasCalldata ? 1n : amount;
-    const keysignPayload = await this.vault.prepareSendTx({
-      coin,
-      receiver: swapTx.to,
-      amount: buildAmount,
-      memo: swapTx.data
-    });
-    if (amount === 0n && hasCalldata) {
-      ;
-      keysignPayload.toAmount = "0";
+    let quote, swapResult;
+    try {
+      quote = await this.vault.getSwapQuote({
+        fromCoin,
+        toCoin,
+        amount: humanAmount
+      });
+      swapResult = await this.vault.prepareSwapTx({
+        fromCoin,
+        toCoin,
+        amount: humanAmount,
+        swapQuote: quote,
+        autoApprove: true
+      });
+    } catch (e) {
+      throw Object.assign(e, { _phase: "prepare" });
     }
-    const messageHashes = await this.vault.extractMessageHashes(keysignPayload);
+    const payload = swapResult.keysignPayload;
+    const chain = fromChain;
+    const messageHashes = await this.vault.extractMessageHashes(payload);
     const signature = await this.vault.sign(
       {
-        transaction: keysignPayload,
+        transaction: payload,
         chain,
         messageHashes
       },
@@ -5039,10 +5527,10 @@ var AgentExecutor = class {
     );
     const txHash = await this.vault.broadcastTx({
       chain,
-      keysignPayload,
+      keysignPayload: payload,
       signature
     });
-    this.pendingPayloads.delete("latest");
+    this.pendingPayloads.clear();
     const explorerUrl = Vultisig6.getTxExplorerUrl(chain, txHash);
     return {
       tx_hash: txHash,
@@ -5052,6 +5540,147 @@ var AgentExecutor = class {
     };
   }
   // ============================================================================
+  // EVM Nonce Management
+  // ============================================================================
+  /**
+   * Acquire chain-level file lock if the chain is EVM.
+   * Releases any previously held lock first (e.g. from an abandoned build).
+   */
+  async acquireEvmLockIfNeeded(chain) {
+    if (!this.stateStore || !EVM_CHAINS.has(chain)) return;
+    await this.releaseEvmLock(chain);
+    const release = await this.stateStore.acquireChainLock(chain);
+    this.chainLockReleases.set(chain, release);
+    if (this.verbose) process.stderr.write(`[nonce] Acquired lock for ${chain}
+`);
+  }
+  /**
+   * Release the held chain lock (no-op if not held).
+   */
+  async releaseEvmLock(chain) {
+    const release = this.chainLockReleases.get(chain);
+    if (release) {
+      await release();
+      this.chainLockReleases.delete(chain);
+      if (this.verbose) process.stderr.write(`[nonce] Released lock for ${chain}
+`);
+    }
+  }
+  /**
+   * Patch the EVM nonce in a keysign payload if our local state is ahead of on-chain.
+   * The payload's blockchainSpecific.ethereumSpecific.nonce was set from RPC during
+   * prepareSendTx(). If we have locally-tracked pending txs, we override with a higher value.
+   *
+   * Also detects evicted txs: if local state claims a higher nonce but there are
+   * no pending txs in the mempool (pending == latest), the intermediate txs were
+   * dropped and local state is stale.
+   */
+  async patchEvmNonce(chain, payload) {
+    if (!this.stateStore || !EVM_CHAINS.has(chain)) return;
+    const bs = payload.blockchainSpecific;
+    if (!bs || bs.case !== "ethereumSpecific") return;
+    const rpcNonce = bs.value.nonce;
+    const nextNonce = this.stateStore.getNextEvmNonce(chain, rpcNonce);
+    if (nextNonce !== rpcNonce) {
+      const pendingNonce = await this.fetchEvmPendingNonce(chain);
+      if (pendingNonce !== null && pendingNonce === rpcNonce) {
+        if (this.verbose) process.stderr.write(`[nonce] Stale local state for ${chain}: local=${nextNonce}, on-chain=${rpcNonce}, no pending txs \u2014 using on-chain nonce
+`);
+        this.stateStore.clearEvmState(chain);
+        return;
+      }
+      const nonceGap = nextNonce - rpcNonce;
+      if (pendingNonce === null && nonceGap > 3n) {
+        if (this.verbose) process.stderr.write(`[nonce] Large nonce gap for ${chain} (${nonceGap}) and couldn't verify pending txs \u2014 using on-chain nonce ${rpcNonce}
+`);
+        this.stateStore.clearEvmState(chain);
+        return;
+      }
+      bs.value.nonce = nextNonce;
+      if (this.verbose) process.stderr.write(`[nonce] Patched ${chain} nonce: ${rpcNonce} \u2192 ${nextNonce}
+`);
+    }
+  }
+  /**
+   * Ensure the keysign payload's maxFeePerGas covers current network base fee.
+   * Re-fetches latest base fee from RPC and bumps maxFeePerGas if it's too low.
+   * Compensates for gas price drift between build time and sign time.
+   */
+  async patchEvmGas(chain, payload) {
+    if (!EVM_CHAINS.has(chain)) return;
+    const bs = payload.blockchainSpecific;
+    if (!bs || bs.case !== "ethereumSpecific") return;
+    const rpcUrl = EVM_GAS_RPC[chain];
+    if (!rpcUrl) return;
+    try {
+      const res = await fetch(rpcUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          method: "eth_getBlockByNumber",
+          params: ["latest", false],
+          id: 1
+        }),
+        signal: AbortSignal.timeout(5e3)
+      });
+      const data = await res.json();
+      const baseFee = BigInt(data.result?.baseFeePerGas || "0");
+      if (baseFee === 0n) return;
+      const currentPriorityFee = BigInt(bs.value.priorityFee || "0");
+      const currentMaxFee = BigInt(bs.value.maxFeePerGasWei || "0");
+      const minMaxFee = baseFee * 25n / 10n + currentPriorityFee;
+      if (currentMaxFee < minMaxFee) {
+        bs.value.maxFeePerGasWei = minMaxFee.toString();
+        if (this.verbose) process.stderr.write(`[gas] Bumped ${chain} maxFeePerGas: ${currentMaxFee} \u2192 ${minMaxFee} (baseFee=${baseFee})
+`);
+      }
+    } catch {
+      if (this.verbose) process.stderr.write(`[gas] Failed to refresh base fee for ${chain}, keeping original
+`);
+    }
+  }
+  /**
+   * Fetch the pending nonce from RPC (eth_getTransactionCount with "pending" tag).
+   * Returns null if the RPC call fails (non-fatal).
+   */
+  async fetchEvmPendingNonce(chain) {
+    const rpcUrl = EVM_GAS_RPC[chain];
+    if (!rpcUrl) return null;
+    try {
+      const address = await this.vault.address(chain);
+      const res = await fetch(rpcUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          method: "eth_getTransactionCount",
+          params: [address, "pending"],
+          id: 1
+        }),
+        signal: AbortSignal.timeout(5e3)
+      });
+      const data = await res.json();
+      return BigInt(data.result || "0");
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Record the nonce(s) used after a successful broadcast.
+   * For approve+swap flows with N message hashes, the highest nonce used is base + N - 1.
+   */
+  recordEvmNonceFromPayload(chain, payload, numTxs) {
+    if (!this.stateStore || !EVM_CHAINS.has(chain)) return;
+    const bs = payload.blockchainSpecific;
+    if (!bs || bs.case !== "ethereumSpecific") return;
+    const baseNonce = bs.value.nonce;
+    const highestNonce = baseNonce + BigInt(Math.max(0, numTxs - 1));
+    this.stateStore.recordEvmNonce(chain, highestNonce);
+    if (this.verbose) process.stderr.write(`[nonce] Recorded ${chain} nonce: ${highestNonce}
+`);
+  }
+  // ============================================================================
   // EIP-712 Typed Data Signing
   // ============================================================================
   /**
@@ -5491,6 +6120,17 @@ var PipeInterface = class {
       terminal: false
     });
     this.emit({ type: "ready", vault: vaultName, addresses });
+    const sessionId = this.session.getConversationId();
+    if (sessionId) {
+      this.emit({ type: "session", id: sessionId });
+    }
+    const history = this.session.getHistoryMessages();
+    if (history.length > 0) {
+      this.emit({
+        type: "history",
+        messages: history.filter((m) => m.content_type !== "action_result").map((m) => ({ role: m.role, content: m.content, created_at: m.created_at }))
+      });
+    }
     const lines = [];
     let inputDone = false;
     let processing = false;
@@ -5621,9 +6261,9 @@ var PipeInterface = class {
 };
 
 // src/agent/session.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
-import { homedir } from "node:os";
-import { join } from "node:path";
+import { existsSync, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "node:fs";
+import { homedir as homedir2 } from "node:os";
+import { join as join2 } from "node:path";
 var AgentSession = class {
   client;
   vault;
@@ -5633,12 +6273,13 @@ var AgentSession = class {
   publicKey;
   cachedContext = null;
   abortController = null;
+  historyMessages = [];
   constructor(vault, config) {
     this.vault = vault;
     this.config = config;
     this.client = new AgentClient(config.backendUrl);
     this.client.verbose = !!config.verbose;
-    this.executor = new AgentExecutor(vault, !!config.verbose);
+    this.executor = new AgentExecutor(vault, !!config.verbose, vault.publicKeys.ecdsa);
     this.publicKey = vault.publicKeys.ecdsa;
     if (config.password) {
       this.executor.setPassword(config.password);
@@ -5669,17 +6310,38 @@ var AgentSession = class {
     } catch (err) {
       throw new Error(`Authentication failed: ${err.message}`);
     }
-    if (this.config.conversationId) {
-      this.conversationId = this.config.conversationId;
+    if (this.config.sessionId) {
+      this.conversationId = this.config.sessionId;
+      try {
+        const conv = await this.client.getConversation(this.conversationId, this.publicKey);
+        this.historyMessages = conv.messages || [];
+      } catch (err) {
+        if (err.message?.includes("401") || err.message?.includes("403")) {
+          clearCachedToken(this.publicKey);
+          const auth = await authenticateVault(this.client, this.vault, this.config.password);
+          this.client.setAuthToken(auth.token);
+          saveCachedToken(this.publicKey, auth.token, auth.expiresAt);
+          const conv = await this.client.getConversation(this.conversationId, this.publicKey);
+          this.historyMessages = conv.messages || [];
+        } else {
+          this.conversationId = null;
+          this.historyMessages = [];
+          const conv = await this.client.createConversation(this.publicKey);
+          this.conversationId = conv.id;
+        }
+      }
     } else {
       const conv = await this.client.createConversation(this.publicKey);
       this.conversationId = conv.id;
     }
-    this.cachedContext = await buildMessageContext(this.vault);
+    this.cachedContext = this.config.viaAgent || this.config.askMode ? await buildMinimalContext(this.vault) : await buildMessageContext(this.vault);
   }
   getConversationId() {
     return this.conversationId;
   }
+  getHistoryMessages() {
+    return this.historyMessages;
+  }
   getVaultAddresses() {
     return this.cachedContext?.addresses || {};
   }
@@ -5699,7 +6361,7 @@ var AgentSession = class {
     }
     this.abortController = new AbortController();
     try {
-      this.cachedContext = await buildMessageContext(this.vault);
+      this.cachedContext = this.config.viaAgent || this.config.askMode ? await buildMinimalContext(this.vault) : await buildMessageContext(this.vault);
     } catch {
     }
     try {
@@ -5728,6 +6390,9 @@ var AgentSession = class {
       public_key: this.publicKey,
       context: this.cachedContext
     };
+    if (this.config.viaAgent || this.config.askMode) {
+      request.via_agent = true;
+    }
     if (content) {
       request.content = content;
     }
@@ -5785,15 +6450,14 @@ var AgentSession = class {
     } else if (responseText) {
       ui.onAssistantMessage(responseText);
     }
-    const nonSignActions = streamResult.actions.filter((a) => a.type !== "sign_tx");
-    const backendSignActions = streamResult.actions.filter((a) => a.type === "sign_tx");
-    if (nonSignActions.length > 0) {
-      const results = await this.executeActions(nonSignActions, ui);
+    const actions = streamResult.actions.filter((a) => a.type !== "sign_tx");
+    if (actions.length > 0) {
+      const results = await this.executeActions(actions, ui);
       const hasBuildSuccess = results.some(
         (r) => r.success && r.action.startsWith("build_")
       );
       if (hasBuildSuccess && this.executor.hasPendingTransaction()) {
-        if (this.config.verbose) process.stderr.write(`[session] build_* action produced pending tx, auto-chaining sign_tx
+        if (this.config.verbose) process.stderr.write(`[session] build_* action produced pending tx, auto-signing client-side
 `);
         const signAction = {
           id: `tx_sign_${Date.now()}`,
@@ -5803,11 +6467,11 @@ var AgentSession = class {
           auto_execute: true
         };
         const signResults = await this.executeActions([signAction], ui);
-        const allResults = [...results, ...signResults];
-        for (const result of allResults) {
-          await this.processMessageLoop(null, [result], ui);
+        const signResult = signResults[0];
+        if (signResult) {
+          await this.processMessageLoop(null, [signResult], ui);
+          return;
         }
-        return;
       }
       if (results.length > 0) {
         for (const result of results) {
@@ -5833,27 +6497,6 @@ var AgentSession = class {
         }
         return;
       }
-    } else if (backendSignActions.length > 0 && this.executor.hasPendingTransaction()) {
-      if (this.config.verbose) process.stderr.write(`[session] Backend sent sign_tx action, using it
-`);
-      const results = await this.executeActions(backendSignActions, ui);
-      if (results.length > 0) {
-        for (const result of results) {
-          await this.processMessageLoop(null, [result], ui);
-        }
-        return;
-      }
-    } else if (backendSignActions.length > 0 && !this.executor.hasPendingTransaction()) {
-      if (this.config.verbose) process.stderr.write(`[session] Backend sent sign_tx but no pending tx, reporting error
-`);
-      const errorResult = {
-        action: "sign_tx",
-        action_id: backendSignActions[0].id,
-        success: false,
-        error: "No pending transaction. The swap transaction data was not received."
-      };
-      await this.processMessageLoop(null, [errorResult], ui);
-      return;
     }
     ui.onDone();
   }
@@ -5911,6 +6554,7 @@ var AgentSession = class {
     this.cancel();
     this.cachedContext = null;
     this.conversationId = null;
+    this.historyMessages = [];
   }
 };
 function parseInlineToolCalls(text) {
@@ -5943,23 +6587,23 @@ function parseInlineToolCalls(text) {
   return actions;
 }
 function getTokenCachePath() {
-  const dir = process.env.VULTISIG_CONFIG_DIR ?? join(homedir(), ".vultisig");
-  return join(dir, "agent-tokens.json");
+  const dir = process.env.VULTISIG_CONFIG_DIR ?? join2(homedir2(), ".vultisig");
+  return join2(dir, "agent-tokens.json");
 }
 function readTokenStore() {
   try {
-    const path3 = getTokenCachePath();
-    if (!existsSync(path3)) return {};
-    return JSON.parse(readFileSync(path3, "utf-8"));
+    const path4 = getTokenCachePath();
+    if (!existsSync(path4)) return {};
+    return JSON.parse(readFileSync2(path4, "utf-8"));
   } catch {
     return {};
   }
 }
 function writeTokenStore(store) {
-  const path3 = getTokenCachePath();
-  const dir = join(path3, "..");
-  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
-  writeFileSync(path3, JSON.stringify(store, null, 2), { mode: 384 });
+  const path4 = getTokenCachePath();
+  const dir = join2(path4, "..");
+  if (!existsSync(dir)) mkdirSync2(dir, { recursive: true });
+  writeFileSync2(path4, JSON.stringify(store, null, 2), { mode: 384 });
 }
 function loadCachedToken(publicKey) {
   const store = readTokenStore();
@@ -6021,6 +6665,15 @@ var ChatTUI = class {
    */
   async start() {
     this.printHeader();
+    const sessionId = this.session.getConversationId();
+    if (sessionId) {
+      console.log(chalk8.gray(`  Session: ${sessionId}`));
+      console.log("");
+    }
+    const history = this.session.getHistoryMessages();
+    if (history.length > 0) {
+      this.printHistory(history);
+    }
     this.printHelp();
     this.showPrompt();
     this.rl.on("line", async (line) => {
@@ -6229,6 +6882,30 @@ var ChatTUI = class {
     console.log(chalk8.bold.cyan(`  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D`));
     console.log("");
   }
+  printHistory(messages) {
+    console.log(chalk8.gray("  \u2500\u2500 Session History \u2500\u2500"));
+    console.log("");
+    for (const msg of messages) {
+      if (msg.content_type === "action_result") continue;
+      const ts = this.formatHistoryTimestamp(msg.created_at);
+      if (msg.role === "user") {
+        console.log(`${chalk8.gray(ts)} ${chalk8.green.bold("You")}: ${msg.content}`);
+      } else if (msg.role === "assistant") {
+        console.log(`${chalk8.gray(ts)} ${chalk8.cyan.bold("Agent")}: ${renderMarkdown(msg.content)}`);
+      }
+    }
+    console.log("");
+    console.log(chalk8.gray("  \u2500\u2500 End of History \u2500\u2500"));
+    console.log("");
+  }
+  formatHistoryTimestamp(iso) {
+    try {
+      const d = new Date(iso);
+      return `[${d.getHours().toString().padStart(2, "0")}:${d.getMinutes().toString().padStart(2, "0")}:${d.getSeconds().toString().padStart(2, "0")}]`;
+    } catch {
+      return "[--:--:--]";
+    }
+  }
   printHelp() {
     console.log(chalk8.gray("  Commands: /help, /clear, /quit"));
     console.log(chalk8.gray("  Press Ctrl+C to cancel a response, or to exit"));
@@ -6277,7 +6954,7 @@ async function executeAgent(ctx2, options) {
     vaultName: vault.name,
     password: options.password,
     viaAgent: options.viaAgent,
-    conversationId: options.conversationId,
+    sessionId: options.sessionId,
     verbose: options.verbose
   };
   const session = new AgentSession(vault, config);
@@ -6304,11 +6981,146 @@ async function executeAgent(ctx2, options) {
     }
   }
 }
+async function executeAgentAsk(ctx2, message, options) {
+  setSilentMode(true);
+  const originalConsoleLog = console.log;
+  console.log = (...args) => {
+    process.stderr.write(args.map(String).join(" ") + "\n");
+  };
+  try {
+    const vault = await ctx2.ensureActiveVault();
+    const config = {
+      backendUrl: options.backendUrl || process.env.VULTISIG_AGENT_URL || "http://localhost:9998",
+      vaultName: vault.name,
+      password: options.password,
+      sessionId: options.session,
+      verbose: options.verbose,
+      askMode: true
+    };
+    const session = new AgentSession(vault, config);
+    const ask = new AskInterface(session, !!config.verbose);
+    const callbacks = ask.getCallbacks();
+    await session.initialize(callbacks);
+    const result = await ask.ask(message);
+    if (options.json) {
+      process.stdout.write(
+        JSON.stringify({
+          session_id: result.sessionId,
+          response: result.response,
+          tool_calls: result.toolCalls,
+          transactions: result.transactions
+        }) + "\n"
+      );
+    } else {
+      process.stdout.write(`session:${result.sessionId}
+`);
+      if (result.response) {
+        process.stdout.write(`
+${result.response}
+`);
+      }
+      for (const tx of result.transactions) {
+        process.stdout.write(`
+tx:${tx.chain}:${tx.hash}
+`);
+        if (tx.explorerUrl) {
+          process.stdout.write(`explorer:${tx.explorerUrl}
+`);
+        }
+      }
+    }
+  } catch (err) {
+    if (options.json) {
+      process.stdout.write(JSON.stringify({ error: err.message }) + "\n");
+    } else {
+      process.stderr.write(`Error: ${err.message}
+`);
+    }
+    process.exit(1);
+  } finally {
+    console.log = originalConsoleLog;
+    setSilentMode(false);
+  }
+  process.exit(0);
+}
+async function executeAgentSessionsList(ctx2, options) {
+  const vault = await ctx2.ensureActiveVault();
+  const backendUrl = options.backendUrl || process.env.VULTISIG_AGENT_URL || "http://localhost:9998";
+  const client = await createAuthenticatedClient(backendUrl, vault, options.password);
+  const publicKey = vault.publicKeys.ecdsa;
+  const PAGE_SIZE = 100;
+  const allConversations = [];
+  let totalCount = 0;
+  let skip = 0;
+  while (true) {
+    const page = await client.listConversations(publicKey, skip, PAGE_SIZE);
+    totalCount = page.total_count;
+    allConversations.push(...page.conversations);
+    if (allConversations.length >= totalCount || page.conversations.length < PAGE_SIZE) break;
+    skip += PAGE_SIZE;
+  }
+  if (isJsonOutput()) {
+    outputJson({
+      sessions: allConversations.map((c) => ({
+        id: c.id,
+        title: c.title,
+        created_at: c.created_at,
+        updated_at: c.updated_at
+      })),
+      total_count: totalCount
+    });
+    return;
+  }
+  if (allConversations.length === 0) {
+    printResult("No sessions found.");
+    return;
+  }
+  const table = new Table({
+    head: [chalk9.cyan("ID"), chalk9.cyan("Title"), chalk9.cyan("Created"), chalk9.cyan("Updated")]
+  });
+  for (const conv of allConversations) {
+    table.push([
+      conv.id,
+      conv.title || chalk9.gray("(untitled)"),
+      formatDate(conv.created_at),
+      formatDate(conv.updated_at)
+    ]);
+  }
+  printResult(table.toString());
+  printResult(chalk9.gray(`
+  ${totalCount} session(s) total`));
+}
+async function executeAgentSessionsDelete(ctx2, sessionId, options) {
+  const vault = await ctx2.ensureActiveVault();
+  const backendUrl = options.backendUrl || process.env.VULTISIG_AGENT_URL || "http://localhost:9998";
+  const client = await createAuthenticatedClient(backendUrl, vault, options.password);
+  const publicKey = vault.publicKeys.ecdsa;
+  await client.deleteConversation(sessionId, publicKey);
+  if (isJsonOutput()) {
+    outputJson({ deleted: sessionId });
+    return;
+  }
+  printResult(chalk9.green(`Session ${sessionId} deleted.`));
+}
+async function createAuthenticatedClient(backendUrl, vault, password) {
+  const client = new AgentClient(backendUrl);
+  const auth = await authenticateVault(client, vault, password);
+  client.setAuthToken(auth.token);
+  return client;
+}
+function formatDate(iso) {
+  try {
+    const d = new Date(iso);
+    return d.toLocaleDateString() + " " + d.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" });
+  } catch {
+    return iso;
+  }
+}
 
 // src/interactive/completer.ts
 import { Chain as Chain10 } from "@vultisig/sdk";
-import fs2 from "fs";
-import path2 from "path";
+import fs3 from "fs";
+import path3 from "path";
 var COMMANDS = [
   // Vault management
   "vaults",
@@ -6403,28 +7215,28 @@ function createCompleter(ctx2) {
 }
 function completeFilePath(partial, filterVult) {
   try {
-    const endsWithSeparator = partial.endsWith("/") || partial.endsWith(path2.sep);
+    const endsWithSeparator = partial.endsWith("/") || partial.endsWith(path3.sep);
     let dir;
     let basename;
     if (endsWithSeparator) {
       dir = partial;
       basename = "";
     } else {
-      dir = path2.dirname(partial);
-      basename = path2.basename(partial);
-      if (fs2.existsSync(partial) && fs2.statSync(partial).isDirectory()) {
+      dir = path3.dirname(partial);
+      basename = path3.basename(partial);
+      if (fs3.existsSync(partial) && fs3.statSync(partial).isDirectory()) {
         dir = partial;
         basename = "";
       }
     }
-    const resolvedDir = path2.resolve(dir);
-    if (!fs2.existsSync(resolvedDir) || !fs2.statSync(resolvedDir).isDirectory()) {
+    const resolvedDir = path3.resolve(dir);
+    if (!fs3.existsSync(resolvedDir) || !fs3.statSync(resolvedDir).isDirectory()) {
       return [[], partial];
     }
-    const files = fs2.readdirSync(resolvedDir);
+    const files = fs3.readdirSync(resolvedDir);
     const matches = files.filter((file) => file.startsWith(basename)).map((file) => {
-      const fullPath = path2.join(dir, file);
-      const stats = fs2.statSync(path2.join(resolvedDir, file));
+      const fullPath = path3.join(dir, file);
+      const stats = fs3.statSync(path3.join(resolvedDir, file));
       if (stats.isDirectory()) {
         return fullPath + "/";
       }
@@ -6465,7 +7277,7 @@ function findChainByName(name) {
 }
 
 // src/interactive/event-buffer.ts
-import chalk9 from "chalk";
+import chalk10 from "chalk";
 var EventBuffer = class {
   eventBuffer = [];
   isCommandRunning = false;
@@ -6505,17 +7317,17 @@ var EventBuffer = class {
   displayEvent(message, type) {
     switch (type) {
       case "success":
-        console.log(chalk9.green(message));
+        console.log(chalk10.green(message));
         break;
       case "warning":
-        console.log(chalk9.yellow(message));
+        console.log(chalk10.yellow(message));
         break;
       case "error":
-        console.error(chalk9.red(message));
+        console.error(chalk10.red(message));
         break;
       case "info":
       default:
-        console.log(chalk9.blue(message));
+        console.log(chalk10.blue(message));
         break;
     }
   }
@@ -6526,13 +7338,13 @@ var EventBuffer = class {
     if (this.eventBuffer.length === 0) {
       return;
     }
-    console.log(chalk9.gray("\n--- Background Events ---"));
+    console.log(chalk10.gray("\n--- Background Events ---"));
     this.eventBuffer.forEach((event) => {
       const timeStr = event.timestamp.toLocaleTimeString();
       const message = `[${timeStr}] ${event.message}`;
       this.displayEvent(message, event.type);
     });
-    console.log(chalk9.gray("--- End Events ---\n"));
+    console.log(chalk10.gray("--- End Events ---\n"));
   }
   /**
    * Setup all vault event listeners
@@ -6642,13 +7454,13 @@ var EventBuffer = class {
 
 // src/interactive/session.ts
 import { fiatCurrencies as fiatCurrencies3 } from "@vultisig/sdk";
-import chalk11 from "chalk";
+import chalk12 from "chalk";
 import ora3 from "ora";
 import * as readline3 from "readline";
 
 // src/interactive/shell-commands.ts
-import chalk10 from "chalk";
-import Table from "cli-table3";
+import chalk11 from "chalk";
+import Table2 from "cli-table3";
 import inquirer6 from "inquirer";
 import ora2 from "ora";
 function formatTimeRemaining(ms) {
@@ -6664,25 +7476,25 @@ function formatTimeRemaining(ms) {
 async function executeLock(ctx2) {
   const vault = ctx2.getActiveVault();
   if (!vault) {
-    console.log(chalk10.red("No active vault."));
-    console.log(chalk10.yellow('Use "vault <name>" to switch to a vault first.'));
+    console.log(chalk11.red("No active vault."));
+    console.log(chalk11.yellow('Use "vault <name>" to switch to a vault first.'));
     return;
   }
   ctx2.lockVault(vault.id);
-  console.log(chalk10.green("\n+ Vault locked"));
-  console.log(chalk10.gray("Password cache cleared. You will need to enter the password again."));
+  console.log(chalk11.green("\n+ Vault locked"));
+  console.log(chalk11.gray("Password cache cleared. You will need to enter the password again."));
 }
 async function executeUnlock(ctx2) {
   const vault = ctx2.getActiveVault();
   if (!vault) {
-    console.log(chalk10.red("No active vault."));
-    console.log(chalk10.yellow('Use "vault <name>" to switch to a vault first.'));
+    console.log(chalk11.red("No active vault."));
+    console.log(chalk11.yellow('Use "vault <name>" to switch to a vault first.'));
     return;
   }
   if (ctx2.isVaultUnlocked(vault.id)) {
     const timeRemaining = ctx2.getUnlockTimeRemaining(vault.id);
-    console.log(chalk10.yellow("\nVault is already unlocked."));
-    console.log(chalk10.gray(`Time remaining: ${formatTimeRemaining(timeRemaining)}`));
+    console.log(chalk11.yellow("\nVault is already unlocked."));
+    console.log(chalk11.gray(`Time remaining: ${formatTimeRemaining(timeRemaining)}`));
     return;
   }
   const { password } = await inquirer6.prompt([
@@ -6699,19 +7511,19 @@ async function executeUnlock(ctx2) {
     ctx2.cachePassword(vault.id, password);
     const timeRemaining = ctx2.getUnlockTimeRemaining(vault.id);
     spinner.succeed("Vault unlocked");
-    console.log(chalk10.green(`
+    console.log(chalk11.green(`
 + Vault unlocked for ${formatTimeRemaining(timeRemaining)}`));
   } catch (err) {
     spinner.fail("Failed to unlock vault");
-    console.error(chalk10.red(`
+    console.error(chalk11.red(`
 x ${err.message}`));
   }
 }
 async function executeStatus(ctx2) {
   const vault = ctx2.getActiveVault();
   if (!vault) {
-    console.log(chalk10.red("No active vault."));
-    console.log(chalk10.yellow('Use "vault <name>" to switch to a vault first.'));
+    console.log(chalk11.red("No active vault."));
+    console.log(chalk11.yellow('Use "vault <name>" to switch to a vault first.'));
     return;
   }
   const isUnlocked = ctx2.isVaultUnlocked(vault.id);
@@ -6742,30 +7554,30 @@ async function executeStatus(ctx2) {
   displayStatus(status);
 }
 function displayStatus(status) {
-  console.log(chalk10.cyan("\n+----------------------------------------+"));
-  console.log(chalk10.cyan("|            Vault Status                |"));
-  console.log(chalk10.cyan("+----------------------------------------+\n"));
-  console.log(chalk10.bold("Vault:"));
-  console.log(`  Name:     ${chalk10.green(status.name)}`);
+  console.log(chalk11.cyan("\n+----------------------------------------+"));
+  console.log(chalk11.cyan("|            Vault Status                |"));
+  console.log(chalk11.cyan("+----------------------------------------+\n"));
+  console.log(chalk11.bold("Vault:"));
+  console.log(`  Name:     ${chalk11.green(status.name)}`);
   console.log(`  ID:       ${status.id}`);
-  console.log(`  Type:     ${chalk10.yellow(status.type)}`);
-  console.log(chalk10.bold("\nSecurity:"));
+  console.log(`  Type:     ${chalk11.yellow(status.type)}`);
+  console.log(chalk11.bold("\nSecurity:"));
   if (status.isUnlocked) {
-    console.log(`  Status:   ${chalk10.green("Unlocked")} ${chalk10.green("\u{1F513}")}`);
+    console.log(`  Status:   ${chalk11.green("Unlocked")} ${chalk11.green("\u{1F513}")}`);
     console.log(`  Expires:  ${status.timeRemainingFormatted}`);
   } else {
-    console.log(`  Status:   ${chalk10.yellow("Locked")} ${chalk10.yellow("\u{1F512}")}`);
+    console.log(`  Status:   ${chalk11.yellow("Locked")} ${chalk11.yellow("\u{1F512}")}`);
   }
-  console.log(`  Encrypted: ${status.isEncrypted ? chalk10.green("Yes") : chalk10.gray("No")}`);
-  console.log(`  Backed Up: ${status.isBackedUp ? chalk10.green("Yes") : chalk10.yellow("No")}`);
-  console.log(chalk10.bold("\nMPC Configuration:"));
+  console.log(`  Encrypted: ${status.isEncrypted ? chalk11.green("Yes") : chalk11.gray("No")}`);
+  console.log(`  Backed Up: ${status.isBackedUp ? chalk11.green("Yes") : chalk11.yellow("No")}`);
+  console.log(chalk11.bold("\nMPC Configuration:"));
   console.log(`  Library:   ${status.libType}`);
-  console.log(`  Threshold: ${chalk10.cyan(status.threshold)} of ${chalk10.cyan(status.totalSigners)}`);
-  console.log(chalk10.bold("\nSigning Modes:"));
+  console.log(`  Threshold: ${chalk11.cyan(status.threshold)} of ${chalk11.cyan(status.totalSigners)}`);
+  console.log(chalk11.bold("\nSigning Modes:"));
   status.availableSigningModes.forEach((mode) => {
     console.log(`  - ${mode}`);
   });
-  console.log(chalk10.bold("\nDetails:"));
+  console.log(chalk11.bold("\nDetails:"));
   console.log(`  Chains:   ${status.chains}`);
   console.log(`  Currency: ${status.currency.toUpperCase()}`);
   console.log(`  Created:  ${new Date(status.createdAt).toLocaleString()}`);
@@ -6773,8 +7585,8 @@ function displayStatus(status) {
 `);
 }
 function showHelp() {
-  const table = new Table({
-    head: [chalk10.bold("Available Commands")],
+  const table = new Table2({
+    head: [chalk11.bold("Available Commands")],
     colWidths: [50],
     chars: {
       mid: "",
@@ -6788,7 +7600,7 @@ function showHelp() {
     }
   });
   table.push(
-    [chalk10.bold("Vault Management:")],
+    [chalk11.bold("Vault Management:")],
     ["  vaults              - List all vaults"],
     ["  vault <name>        - Switch to vault"],
     ["  import <file>       - Import vault from file"],
@@ -6797,7 +7609,7 @@ function showHelp() {
     ["  info                - Show vault details"],
     ["  export [path]       - Export vault to file"],
     [""],
-    [chalk10.bold("Wallet Operations:")],
+    [chalk11.bold("Wallet Operations:")],
     ["  balance [chain]     - Show balances"],
     ["  send <chain> <to> <amount> - Send transaction"],
     ["  tx-status <chain> <txHash> - Check transaction status"],
@@ -6806,22 +7618,22 @@ function showHelp() {
     ["  chains [--add/--remove/--add-all] - Manage chains"],
     ["  tokens <chain>      - Manage tokens"],
     [""],
-    [chalk10.bold("Swap Operations:")],
+    [chalk11.bold("Swap Operations:")],
     ["  swap-chains         - List swap-enabled chains"],
     ["  swap-quote <from> <to> <amount> - Get quote"],
     ["  swap <from> <to> <amount> - Execute swap"],
     [""],
-    [chalk10.bold("Session Commands (shell only):")],
+    [chalk11.bold("Session Commands (shell only):")],
     ["  lock                - Lock vault"],
     ["  unlock              - Unlock vault"],
     ["  status              - Show vault status"],
     [""],
-    [chalk10.bold("Settings:")],
+    [chalk11.bold("Settings:")],
     ["  currency [code]     - View/set currency"],
     ["  server              - Check server status"],
     ["  address-book        - Manage saved addresses"],
     [""],
-    [chalk10.bold("Help & Navigation:")],
+    [chalk11.bold("Help & Navigation:")],
     ["  help, ?             - Show this help"],
     ["  .clear              - Clear screen"],
     ["  .exit               - Exit shell"]
@@ -6959,12 +7771,12 @@ var ShellSession = class {
    */
   async start() {
     console.clear();
-    console.log(chalk11.cyan.bold("\n=============================================="));
-    console.log(chalk11.cyan.bold("         Vultisig Interactive Shell"));
-    console.log(chalk11.cyan.bold("==============================================\n"));
+    console.log(chalk12.cyan.bold("\n=============================================="));
+    console.log(chalk12.cyan.bold("         Vultisig Interactive Shell"));
+    console.log(chalk12.cyan.bold("==============================================\n"));
     await this.loadAllVaults();
     this.displayVaultList();
-    console.log(chalk11.gray('Type "help" for available commands, "exit" to quit\n'));
+    console.log(chalk12.gray('Type "help" for available commands, "exit" to quit\n'));
     this.promptLoop().catch(() => {
     });
   }
@@ -6998,12 +7810,12 @@ var ShellSession = class {
         const now = Date.now();
         if (now - this.lastSigintTime < this.DOUBLE_CTRL_C_TIMEOUT) {
           rl.close();
-          console.log(chalk11.yellow("\nGoodbye!"));
+          console.log(chalk12.yellow("\nGoodbye!"));
           this.ctx.dispose();
           process.exit(0);
         }
         this.lastSigintTime = now;
-        console.log(chalk11.yellow("\n(Press Ctrl+C again to exit)"));
+        console.log(chalk12.yellow("\n(Press Ctrl+C again to exit)"));
         rl.close();
         resolve("");
       });
@@ -7098,7 +7910,7 @@ var ShellSession = class {
       stopAllSpinners();
       process.stdout.write("\x1B[?25h");
       process.stdout.write("\r\x1B[K");
-      console.log(chalk11.yellow("\nCancelling operation..."));
+      console.log(chalk12.yellow("\nCancelling operation..."));
     };
     const cleanup = () => {
       process.removeListener("SIGINT", onSigint);
@@ -7135,10 +7947,10 @@ var ShellSession = class {
         stopAllSpinners();
         process.stdout.write("\x1B[?25h");
         process.stdout.write("\r\x1B[K");
-        console.log(chalk11.yellow("Operation cancelled"));
+        console.log(chalk12.yellow("Operation cancelled"));
         return;
       }
-      console.error(chalk11.red(`
+      console.error(chalk12.red(`
 Error: ${error2.message}`));
     }
   }
@@ -7171,7 +7983,7 @@ Error: ${error2.message}`));
         break;
       case "rename":
         if (args.length === 0) {
-          console.log(chalk11.yellow("Usage: rename <newName>"));
+          console.log(chalk12.yellow("Usage: rename <newName>"));
           return;
         }
         await executeRename(this.ctx, args.join(" "));
@@ -7247,41 +8059,41 @@ Error: ${error2.message}`));
       // Exit
       case "exit":
       case "quit":
-        console.log(chalk11.yellow("\nGoodbye!"));
+        console.log(chalk12.yellow("\nGoodbye!"));
         this.ctx.dispose();
         process.exit(0);
         break;
       // eslint requires break even after process.exit
       default:
-        console.log(chalk11.yellow(`Unknown command: ${command}`));
-        console.log(chalk11.gray('Type "help" for available commands'));
+        console.log(chalk12.yellow(`Unknown command: ${command}`));
+        console.log(chalk12.gray('Type "help" for available commands'));
         break;
     }
   }
   // ===== Command Helpers =====
   async switchVault(args) {
     if (args.length === 0) {
-      console.log(chalk11.yellow("Usage: vault <name>"));
-      console.log(chalk11.gray('Run "vaults" to see available vaults'));
+      console.log(chalk12.yellow("Usage: vault <name>"));
+      console.log(chalk12.gray('Run "vaults" to see available vaults'));
       return;
     }
     const vaultName = args.join(" ");
     const vault = this.ctx.findVaultByName(vaultName);
     if (!vault) {
-      console.log(chalk11.red(`Vault not found: ${vaultName}`));
-      console.log(chalk11.gray('Run "vaults" to see available vaults'));
+      console.log(chalk12.red(`Vault not found: ${vaultName}`));
+      console.log(chalk12.gray('Run "vaults" to see available vaults'));
       return;
     }
     await this.ctx.setActiveVault(vault);
-    console.log(chalk11.green(`
+    console.log(chalk12.green(`
 + Switched to: ${vault.name}`));
     const isUnlocked = this.ctx.isVaultUnlocked(vault.id);
-    const status = isUnlocked ? chalk11.green("Unlocked") : chalk11.yellow("Locked");
+    const status = isUnlocked ? chalk12.green("Unlocked") : chalk12.yellow("Locked");
     console.log(`Status: ${status}`);
   }
   async importVault(args) {
     if (args.length === 0) {
-      console.log(chalk11.yellow("Usage: import <file>"));
+      console.log(chalk12.yellow("Usage: import <file>"));
       return;
     }
     const filePath = args.join(" ");
@@ -7296,45 +8108,45 @@ Error: ${error2.message}`));
   async createVault(args) {
     const type = args[0]?.toLowerCase();
     if (!type || type !== "fast" && type !== "secure") {
-      console.log(chalk11.yellow("Usage: create <fast|secure>"));
-      console.log(chalk11.gray("  create fast   - Create a fast vault (server-assisted 2-of-2)"));
-      console.log(chalk11.gray("  create secure - Create a secure vault (multi-device MPC)"));
+      console.log(chalk12.yellow("Usage: create <fast|secure>"));
+      console.log(chalk12.gray("  create fast   - Create a fast vault (server-assisted 2-of-2)"));
+      console.log(chalk12.gray("  create secure - Create a secure vault (multi-device MPC)"));
       return;
     }
     let vault;
     if (type === "fast") {
       const name = await this.prompt("Vault name");
       if (!name) {
-        console.log(chalk11.red("Name is required"));
+        console.log(chalk12.red("Name is required"));
         return;
       }
       const password = await this.promptPassword("Vault password");
       if (!password) {
-        console.log(chalk11.red("Password is required"));
+        console.log(chalk12.red("Password is required"));
         return;
       }
       const email = await this.prompt("Email for verification");
       if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
-        console.log(chalk11.red("Valid email is required"));
+        console.log(chalk12.red("Valid email is required"));
         return;
       }
       vault = await this.withCancellation((signal) => executeCreateFast(this.ctx, { name, password, email, signal }));
     } else {
       const name = await this.prompt("Vault name");
       if (!name) {
-        console.log(chalk11.red("Name is required"));
+        console.log(chalk12.red("Name is required"));
         return;
       }
       const sharesStr = await this.prompt("Total shares (devices)", "3");
       const shares = parseInt(sharesStr, 10);
       if (isNaN(shares) || shares < 2) {
-        console.log(chalk11.red("Must have at least 2 shares"));
+        console.log(chalk12.red("Must have at least 2 shares"));
         return;
       }
       const thresholdStr = await this.prompt("Signing threshold", "2");
       const threshold = parseInt(thresholdStr, 10);
       if (isNaN(threshold) || threshold < 1 || threshold > shares) {
-        console.log(chalk11.red(`Threshold must be between 1 and ${shares}`));
+        console.log(chalk12.red(`Threshold must be between 1 and ${shares}`));
         return;
       }
       const password = await this.promptPassword("Vault password (optional, press Enter to skip)");
@@ -7356,37 +8168,37 @@ Error: ${error2.message}`));
   async importSeedphrase(args) {
     const type = args[0]?.toLowerCase();
     if (!type || type !== "fast" && type !== "secure") {
-      console.log(chalk11.cyan("Usage: create-from-seedphrase <fast|secure>"));
-      console.log(chalk11.gray("  fast   - Import with VultiServer (2-of-2)"));
-      console.log(chalk11.gray("  secure - Import with device coordination (N-of-M)"));
+      console.log(chalk12.cyan("Usage: create-from-seedphrase <fast|secure>"));
+      console.log(chalk12.gray("  fast   - Import with VultiServer (2-of-2)"));
+      console.log(chalk12.gray("  secure - Import with device coordination (N-of-M)"));
       return;
     }
-    console.log(chalk11.cyan("\nEnter your recovery phrase (words separated by spaces):"));
+    console.log(chalk12.cyan("\nEnter your recovery phrase (words separated by spaces):"));
     const mnemonic = await this.promptPassword("Seedphrase");
     const validation = await this.ctx.sdk.validateSeedphrase(mnemonic);
     if (!validation.valid) {
-      console.log(chalk11.red(`Invalid seedphrase: ${validation.error}`));
+      console.log(chalk12.red(`Invalid seedphrase: ${validation.error}`));
       if (validation.invalidWords?.length) {
-        console.log(chalk11.yellow(`Invalid words: ${validation.invalidWords.join(", ")}`));
+        console.log(chalk12.yellow(`Invalid words: ${validation.invalidWords.join(", ")}`));
       }
       return;
     }
-    console.log(chalk11.green(`\u2713 Valid ${validation.wordCount}-word seedphrase`));
+    console.log(chalk12.green(`\u2713 Valid ${validation.wordCount}-word seedphrase`));
     let vault;
     if (type === "fast") {
       const name = await this.prompt("Vault name");
       if (!name) {
-        console.log(chalk11.red("Name is required"));
+        console.log(chalk12.red("Name is required"));
         return;
       }
       const password = await this.promptPassword("Vault password");
       if (!password) {
-        console.log(chalk11.red("Password is required"));
+        console.log(chalk12.red("Password is required"));
         return;
       }
       const email = await this.prompt("Email for verification");
       if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
-        console.log(chalk11.red("Valid email is required"));
+        console.log(chalk12.red("Valid email is required"));
         return;
       }
       const discoverStr = await this.prompt("Discover chains with balances? (y/n)", "y");
@@ -7404,19 +8216,19 @@ Error: ${error2.message}`));
     } else {
       const name = await this.prompt("Vault name");
       if (!name) {
-        console.log(chalk11.red("Name is required"));
+        console.log(chalk12.red("Name is required"));
         return;
       }
       const sharesStr = await this.prompt("Total shares (devices)", "3");
       const shares = parseInt(sharesStr, 10);
       if (isNaN(shares) || shares < 2) {
-        console.log(chalk11.red("Must have at least 2 shares"));
+        console.log(chalk12.red("Must have at least 2 shares"));
         return;
       }
       const thresholdStr = await this.prompt("Signing threshold", "2");
       const threshold = parseInt(thresholdStr, 10);
       if (isNaN(threshold) || threshold < 1 || threshold > shares) {
-        console.log(chalk11.red(`Threshold must be between 1 and ${shares}`));
+        console.log(chalk12.red(`Threshold must be between 1 and ${shares}`));
         return;
       }
       const password = await this.promptPassword("Vault password (optional, Enter to skip)");
@@ -7460,8 +8272,8 @@ Error: ${error2.message}`));
       }
     }
     if (!fiatCurrencies3.includes(currency)) {
-      console.log(chalk11.red(`Invalid currency: ${currency}`));
-      console.log(chalk11.yellow(`Supported currencies: ${fiatCurrencies3.join(", ")}`));
+      console.log(chalk12.red(`Invalid currency: ${currency}`));
+      console.log(chalk12.yellow(`Supported currencies: ${fiatCurrencies3.join(", ")}`));
       return;
     }
     const raw = args.includes("--raw");
@@ -7469,7 +8281,7 @@ Error: ${error2.message}`));
   }
   async runSend(args) {
     if (args.length < 3) {
-      console.log(chalk11.yellow("Usage: send <chain> <to> <amount> [--token <tokenId>] [--memo <memo>]"));
+      console.log(chalk12.yellow("Usage: send <chain> <to> <amount> [--token <tokenId>] [--memo <memo>]"));
       return;
     }
     const [chainStr, to, amount, ...rest] = args;
@@ -7489,7 +8301,7 @@ Error: ${error2.message}`));
       await this.withAbortHandler((signal) => executeSend(this.ctx, { chain, to, amount, tokenId, memo, signal }));
     } catch (err) {
       if (err.message === "Transaction cancelled by user" || err.message === "Operation cancelled" || err.message === "Operation aborted") {
-        console.log(chalk11.yellow("\nTransaction cancelled"));
+        console.log(chalk12.yellow("\nTransaction cancelled"));
         return;
       }
       throw err;
@@ -7497,7 +8309,7 @@ Error: ${error2.message}`));
   }
   async runTxStatus(args) {
     if (args.length < 2) {
-      console.log(chalk11.yellow("Usage: tx-status <chain> <txHash> [--no-wait]"));
+      console.log(chalk12.yellow("Usage: tx-status <chain> <txHash> [--no-wait]"));
       return;
     }
     const [chainStr, txHash, ...rest] = args;
@@ -7515,8 +8327,8 @@ Error: ${error2.message}`));
       } else if (args[i] === "--add" && i + 1 < args.length) {
         const chain = findChainByName(args[i + 1]);
         if (!chain) {
-          console.log(chalk11.red(`Unknown chain: ${args[i + 1]}`));
-          console.log(chalk11.gray("Use tab completion to see available chains"));
+          console.log(chalk12.red(`Unknown chain: ${args[i + 1]}`));
+          console.log(chalk12.gray("Use tab completion to see available chains"));
           return;
         }
         addChain = chain;
@@ -7524,8 +8336,8 @@ Error: ${error2.message}`));
       } else if (args[i] === "--remove" && i + 1 < args.length) {
         const chain = findChainByName(args[i + 1]);
         if (!chain) {
-          console.log(chalk11.red(`Unknown chain: ${args[i + 1]}`));
-          console.log(chalk11.gray("Use tab completion to see available chains"));
+          console.log(chalk12.red(`Unknown chain: ${args[i + 1]}`));
+          console.log(chalk12.gray("Use tab completion to see available chains"));
           return;
         }
         removeChain = chain;
@@ -7536,7 +8348,7 @@ Error: ${error2.message}`));
   }
   async runTokens(args) {
     if (args.length === 0) {
-      console.log(chalk11.yellow("Usage: tokens <chain> [--add <address>] [--remove <tokenId>]"));
+      console.log(chalk12.yellow("Usage: tokens <chain> [--add <address>] [--remove <tokenId>]"));
       return;
     }
     const chainStr = args[0];
@@ -7557,7 +8369,7 @@ Error: ${error2.message}`));
   async runSwapQuote(args) {
     if (args.length < 3) {
       console.log(
-        chalk11.yellow("Usage: swap-quote <fromChain> <toChain> <amount> [--from-token <addr>] [--to-token <addr>]")
+        chalk12.yellow("Usage: swap-quote <fromChain> <toChain> <amount> [--from-token <addr>] [--to-token <addr>]")
       );
       return;
     }
@@ -7581,7 +8393,7 @@ Error: ${error2.message}`));
   async runSwap(args) {
     if (args.length < 3) {
       console.log(
-        chalk11.yellow(
+        chalk12.yellow(
           "Usage: swap <fromChain> <toChain> <amount> [--from-token <addr>] [--to-token <addr>] [--slippage <pct>]"
         )
       );
@@ -7612,7 +8424,7 @@ Error: ${error2.message}`));
       );
     } catch (err) {
       if (err.message === "Swap cancelled by user" || err.message === "Operation cancelled" || err.message === "Operation aborted") {
-        console.log(chalk11.yellow("\nSwap cancelled"));
+        console.log(chalk12.yellow("\nSwap cancelled"));
         return;
       }
       throw err;
@@ -7674,24 +8486,24 @@ Error: ${error2.message}`));
   }
   getPrompt() {
     const vault = this.ctx.getActiveVault();
-    if (!vault) return chalk11.cyan("wallet> ");
+    if (!vault) return chalk12.cyan("wallet> ");
     const isUnlocked = this.ctx.isVaultUnlocked(vault.id);
-    const status = isUnlocked ? chalk11.green("\u{1F513}") : chalk11.yellow("\u{1F512}");
-    return chalk11.cyan(`wallet[${vault.name}]${status}> `);
+    const status = isUnlocked ? chalk12.green("\u{1F513}") : chalk12.yellow("\u{1F512}");
+    return chalk12.cyan(`wallet[${vault.name}]${status}> `);
   }
   displayVaultList() {
     const vaults = Array.from(this.ctx.getVaults().values());
     const activeVault = this.ctx.getActiveVault();
     if (vaults.length === 0) {
-      console.log(chalk11.yellow('No vaults found. Use "create" or "import <file>" to add a vault.\n'));
+      console.log(chalk12.yellow('No vaults found. Use "create" or "import <file>" to add a vault.\n'));
       return;
     }
-    console.log(chalk11.cyan("Loaded Vaults:\n"));
+    console.log(chalk12.cyan("Loaded Vaults:\n"));
     vaults.forEach((vault) => {
       const isActive = vault.id === activeVault?.id;
       const isUnlocked = this.ctx.isVaultUnlocked(vault.id);
-      const activeMarker = isActive ? chalk11.green(" (active)") : "";
-      const lockIcon = isUnlocked ? chalk11.green("\u{1F513}") : chalk11.yellow("\u{1F512}");
+      const activeMarker = isActive ? chalk12.green(" (active)") : "";
+      const lockIcon = isUnlocked ? chalk12.green("\u{1F513}") : chalk12.yellow("\u{1F512}");
       console.log(`  ${lockIcon} ${vault.name}${activeMarker} - ${vault.type}`);
     });
     console.log();
@@ -7699,23 +8511,23 @@ Error: ${error2.message}`));
 };
 
 // src/lib/errors.ts
-import chalk12 from "chalk";
+import chalk13 from "chalk";
 
 // src/lib/version.ts
-import chalk13 from "chalk";
-import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2, existsSync as existsSync2 } from "fs";
-import { homedir as homedir2 } from "os";
-import { join as join2 } from "path";
+import chalk14 from "chalk";
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3, existsSync as existsSync2 } from "fs";
+import { homedir as homedir3 } from "os";
+import { join as join3 } from "path";
 var cachedVersion = null;
 function getVersion() {
   if (cachedVersion) return cachedVersion;
   if (true) {
-    cachedVersion = "0.7.0";
+    cachedVersion = "0.9.0";
     return cachedVersion;
   }
   try {
     const packagePath = new URL("../../package.json", import.meta.url);
-    const pkg = JSON.parse(readFileSync2(packagePath, "utf-8"));
+    const pkg = JSON.parse(readFileSync3(packagePath, "utf-8"));
     cachedVersion = pkg.version;
     return cachedVersion;
   } catch {
@@ -7723,13 +8535,13 @@ function getVersion() {
     return cachedVersion;
   }
 }
-var CACHE_DIR = join2(homedir2(), ".vultisig", "cache");
-var VERSION_CACHE_FILE = join2(CACHE_DIR, "version-check.json");
+var CACHE_DIR = join3(homedir3(), ".vultisig", "cache");
+var VERSION_CACHE_FILE = join3(CACHE_DIR, "version-check.json");
 var CACHE_TTL_MS = 24 * 60 * 60 * 1e3;
 function readVersionCache() {
   try {
     if (!existsSync2(VERSION_CACHE_FILE)) return null;
-    const data = readFileSync2(VERSION_CACHE_FILE, "utf-8");
+    const data = readFileSync3(VERSION_CACHE_FILE, "utf-8");
     return JSON.parse(data);
   } catch {
     return null;
@@ -7738,9 +8550,9 @@ function readVersionCache() {
 function writeVersionCache(cache) {
   try {
     if (!existsSync2(CACHE_DIR)) {
-      mkdirSync2(CACHE_DIR, { recursive: true });
+      mkdirSync3(CACHE_DIR, { recursive: true });
     }
-    writeFileSync2(VERSION_CACHE_FILE, JSON.stringify(cache, null, 2));
+    writeFileSync3(VERSION_CACHE_FILE, JSON.stringify(cache, null, 2));
   } catch {
   }
 }
@@ -7807,7 +8619,7 @@ function formatVersionShort() {
 }
 function formatVersionDetailed() {
   const lines = [];
-  lines.push(chalk13.bold(`Vultisig CLI v${getVersion()}`));
+  lines.push(chalk14.bold(`Vultisig CLI v${getVersion()}`));
   lines.push("");
   lines.push(`  Node.js:   ${process.version}`);
   lines.push(`  Platform:  ${process.platform}-${process.arch}`);
@@ -7845,9 +8657,9 @@ function getUpdateCommand() {
 }
 
 // src/lib/completion.ts
-import { homedir as homedir3 } from "os";
-import { join as join3 } from "path";
-import { readFileSync as readFileSync3, existsSync as existsSync3 } from "fs";
+import { homedir as homedir4 } from "os";
+import { join as join4 } from "path";
+import { readFileSync as readFileSync4, existsSync as existsSync3 } from "fs";
 var tabtab = null;
 async function getTabtab() {
   if (!tabtab) {
@@ -7912,7 +8724,7 @@ var CHAINS = [
 ];
 function getVaultNames() {
   try {
-    const vaultDir = join3(homedir3(), ".vultisig", "vaults");
+    const vaultDir = join4(homedir4(), ".vultisig", "vaults");
     if (!existsSync3(vaultDir)) return [];
     const { readdirSync } = __require("fs");
     const files = readdirSync(vaultDir);
@@ -7920,7 +8732,7 @@ function getVaultNames() {
     for (const file of files) {
       if (file.startsWith("vault:") && file.endsWith(".json")) {
         try {
-          const content = readFileSync3(join3(vaultDir, file), "utf-8");
+          const content = readFileSync4(join4(vaultDir, file), "utf-8");
           const vault = JSON.parse(content);
           if (vault.name) names.push(vault.name);
           if (vault.id) names.push(vault.id);
@@ -8197,14 +9009,15 @@ async function findVaultByNameOrId(sdk, nameOrId) {
   if (byPartialId) return byPartialId;
   return null;
 }
-async function init(vaultOverride, unlockPassword) {
+async function init(vaultOverride, unlockPassword, passwordTTL) {
   if (!ctx) {
     const vaultSelector = vaultOverride || process.env.VULTISIG_VAULT;
     if (unlockPassword && vaultSelector) {
       cachePassword(vaultSelector, unlockPassword);
     }
     const sdk = new Vultisig7({
-      onPasswordRequired: createPasswordCallback()
+      onPasswordRequired: createPasswordCallback(),
+      ...passwordTTL !== void 0 ? { passwordCache: { defaultTTL: passwordTTL } } : {}
     });
     await sdk.initialize();
     ctx = new CLIContext(sdk);
@@ -8242,10 +9055,10 @@ createCmd.command("secure").description("Create a secure vault (multi-device MPC
     });
   })
 );
-program.command("import <file>").description("Import vault from .vult file").action(
-  withExit(async (file) => {
+program.command("import <file>").description("Import vault from .vult file").option("--password <password>", "Password to decrypt the vault file").action(
+  withExit(async (file, options) => {
     const context = await init(program.opts().vault);
-    await executeImport(context, file);
+    await executeImport(context, file, options.password);
   })
 );
 var createFromSeedphraseCmd = program.command("create-from-seedphrase").description("Create vault from BIP39 seedphrase");
@@ -8362,7 +9175,7 @@ joinCmd.command("secure").description("Join a SecureVault creation session").opt
       const context = await init(program.opts().vault);
       let qrPayload = options.qr;
       if (!qrPayload && options.qrFile) {
-        qrPayload = (await fs3.readFile(options.qrFile, "utf-8")).trim();
+        qrPayload = (await fs4.readFile(options.qrFile, "utf-8")).trim();
       }
       if (!qrPayload) {
         qrPayload = await promptQrPayload();
@@ -8512,10 +9325,10 @@ program.command("discount").description("Show your VULT discount tier for swap f
   })
 );
 program.command("export [path]").description("Export vault to file").option("--password <password>", "Password to unlock the vault (for encrypted vaults)").option("--exportPassword <password>", "Password to encrypt the exported file (defaults to --password)").action(
-  withExit(async (path3, options) => {
+  withExit(async (path4, options) => {
     const context = await init(program.opts().vault, options.password);
     await executeExport(context, {
-      outputPath: path3,
+      outputPath: path4,
       password: options.password,
       exportPassword: options.exportPassword
     });
@@ -8712,24 +9525,71 @@ rujiraCmd.command("withdraw <asset> <amount> <l1Address>").description("Withdraw
     }
   )
 );
-program.command("agent").description("AI-powered chat interface for wallet operations").option("--via-agent", "Use NDJSON pipe mode for agent-to-agent communication").option("--verbose", "Show detailed tool call parameters and debug output").option("--backend-url <url>", "Agent backend URL (default: http://localhost:9998)").option("--password <password>", "Vault password for signing operations").option("--conversation <id>", "Resume an existing conversation").action(async (options) => {
-  const context = await init(program.opts().vault, options.password);
+var agentCmd = program.command("agent").description("AI-powered chat interface for wallet operations").option("--via-agent", "Use NDJSON pipe mode for agent-to-agent communication").option("--verbose", "Show detailed tool call parameters and debug output").option("--backend-url <url>", "Agent backend URL (default: http://localhost:9998)").option("--password <password>", "Vault password for signing operations").option("--password-ttl <ms>", "Password cache TTL in milliseconds (default: 300000, 86400000/24h for --via-agent)").option("--session-id <id>", "Resume an existing session").action(async (options) => {
+  const MAX_TTL = 864e5;
+  let passwordTTL;
+  if (options.passwordTtl) {
+    const parsed = parseInt(options.passwordTtl, 10);
+    if (Number.isNaN(parsed) || parsed < 0) {
+      throw new Error(`Invalid --password-ttl value: "${options.passwordTtl}". Expected a non-negative integer in milliseconds.`);
+    }
+    passwordTTL = parsed;
+  } else if (options.viaAgent) {
+    passwordTTL = MAX_TTL;
+  }
+  const context = await init(program.opts().vault, options.password, passwordTTL);
   await executeAgent(context, {
     viaAgent: options.viaAgent,
     verbose: options.verbose,
     backendUrl: options.backendUrl,
     password: options.password,
-    conversationId: options.conversation
+    sessionId: options.sessionId
   });
 });
+agentCmd.command("ask <message>").description("Send a single message and get the response (for AI agent integration)").option("--session <id>", "Continue an existing conversation").option("--backend-url <url>", "Agent backend URL (default: http://localhost:9998)").option("--password <password>", "Vault password for signing operations").option("--verbose", "Show tool calls and debug info on stderr").option("--json", "Output structured JSON instead of text").action(
+  async (message, options) => {
+    const parentOpts = agentCmd.opts();
+    const context = await init(
+      program.opts().vault,
+      options.password || parentOpts.password
+    );
+    await executeAgentAsk(context, message, {
+      ...options,
+      backendUrl: options.backendUrl || parentOpts.backendUrl,
+      password: options.password || parentOpts.password,
+      verbose: options.verbose || parentOpts.verbose
+    });
+  }
+);
+var sessionsCmd = agentCmd.command("sessions").description("Manage agent chat sessions");
+sessionsCmd.command("list").description("List chat sessions for the current vault").option("--backend-url <url>", "Agent backend URL (default: http://localhost:9998)").option("--password <password>", "Vault password for authentication").action(
+  withExit(async (options) => {
+    const parentOpts = agentCmd.opts();
+    const context = await init(program.opts().vault, options.password || parentOpts.password);
+    await executeAgentSessionsList(context, {
+      backendUrl: options.backendUrl || parentOpts.backendUrl,
+      password: options.password || parentOpts.password
+    });
+  })
+);
+sessionsCmd.command("delete <id>").description("Delete a chat session").option("--backend-url <url>", "Agent backend URL (default: http://localhost:9998)").option("--password <password>", "Vault password for authentication").action(
+  withExit(async (id, options) => {
+    const parentOpts = agentCmd.opts();
+    const context = await init(program.opts().vault, options.password || parentOpts.password);
+    await executeAgentSessionsDelete(context, id, {
+      backendUrl: options.backendUrl || parentOpts.backendUrl,
+      password: options.password || parentOpts.password
+    });
+  })
+);
 program.command("version").description("Show detailed version information").action(
   withExit(async () => {
     printResult(formatVersionDetailed());
     const result = await checkForUpdates();
     if (result?.updateAvailable && result.latestVersion) {
       info("");
-      info(chalk14.yellow(`Update available: ${result.currentVersion} -> ${result.latestVersion}`));
-      info(chalk14.gray(`Run "${getUpdateCommand()}" to update`));
+      info(chalk15.yellow(`Update available: ${result.currentVersion} -> ${result.latestVersion}`));
+      info(chalk15.gray(`Run "${getUpdateCommand()}" to update`));
     }
   })
 );
@@ -8738,22 +9598,22 @@ program.command("update").description("Check for updates and show update command
     info("Checking for updates...");
     const result = await checkForUpdates();
     if (!result) {
-      printResult(chalk14.gray("Update checking is disabled"));
+      printResult(chalk15.gray("Update checking is disabled"));
       return;
     }
     if (result.updateAvailable && result.latestVersion) {
       printResult("");
-      printResult(chalk14.green(`Update available: ${result.currentVersion} -> ${result.latestVersion}`));
+      printResult(chalk15.green(`Update available: ${result.currentVersion} -> ${result.latestVersion}`));
       printResult("");
       if (options.check) {
         printResult(`Run "${getUpdateCommand()}" to update`);
       } else {
         const updateCmd = getUpdateCommand();
         printResult(`To update, run:`);
-        printResult(chalk14.cyan(`  ${updateCmd}`));
+        printResult(chalk15.cyan(`  ${updateCmd}`));
       }
     } else {
-      printResult(chalk14.green(`You're on the latest version (${result.currentVersion})`));
+      printResult(chalk15.green(`You're on the latest version (${result.currentVersion})`));
     }
   })
 );