@walletconnect/companion-wallet 0.3.0

package/dist/cli.js

@@ -0,0 +1,953 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import { readFileSync as readFileSync3 } from "fs";
+import { join as join3, dirname as dirname3 } from "path";
+import { fileURLToPath } from "url";
+
+// src/keystore.ts
+import { mkdirSync, writeFileSync, readFileSync, readdirSync, renameSync } from "fs";
+import { join, dirname } from "path";
+import { homedir } from "os";
+import { generateMnemonic, mnemonicToAccount, english } from "viem/accounts";
+import { getAddress } from "viem";
+var KEYS_DIR = join(homedir(), ".config", "wallet", "keys");
+function keyFilePath(address) {
+  return join(KEYS_DIR, `${getAddress(address)}.json`);
+}
+function generateAndStore() {
+  const mnemonic = generateMnemonic(english);
+  const account = mnemonicToAccount(mnemonic);
+  const address = getAddress(account.address);
+  const filePath = keyFilePath(address);
+  mkdirSync(dirname(filePath), { recursive: true, mode: 448 });
+  const walletFile = {
+    version: 2,
+    address,
+    mnemonic
+  };
+  atomicWrite(filePath, JSON.stringify(walletFile, null, 2));
+  return { address, mnemonic };
+}
+function loadKey(address) {
+  const filePath = keyFilePath(getAddress(address));
+  const raw = readFileSync(filePath, "utf-8");
+  const data = JSON.parse(raw);
+  const account = mnemonicToAccount(data.mnemonic);
+  return account.getHdKey().privateKey ? `0x${Buffer.from(account.getHdKey().privateKey).toString("hex")}` : (() => {
+    throw new Error("Failed to derive private key from mnemonic");
+  })();
+}
+function listAddresses() {
+  try {
+    const files = readdirSync(KEYS_DIR);
+    return files.filter((f) => f.endsWith(".json")).map((f) => f.replace(".json", ""));
+  } catch {
+    return [];
+  }
+}
+function atomicWrite(filePath, content) {
+  const tmpPath = filePath + ".tmp";
+  writeFileSync(tmpPath, content, { mode: 384 });
+  renameSync(tmpPath, filePath);
+}
+
+// src/signer.ts
+import { privateKeyToAccount } from "viem/accounts";
+
+// src/chains.ts
+import {
+  mainnet,
+  base,
+  optimism
+} from "viem/chains";
+import { http } from "viem";
+var CHAIN_REGISTRY = {
+  "eip155:1": { chain: mainnet, name: "Ethereum", defaultRpcUrl: "https://eth.drpc.org" },
+  "eip155:8453": { chain: base, name: "Base", defaultRpcUrl: "https://mainnet.base.org" },
+  "eip155:10": {
+    chain: optimism,
+    name: "Optimism",
+    defaultRpcUrl: "https://mainnet.optimism.io"
+  }
+};
+var SUPPORTED_CHAINS = Object.keys(CHAIN_REGISTRY);
+function resolveChain(caip2) {
+  const entry = CHAIN_REGISTRY[caip2];
+  if (!entry) {
+    throw new Error(
+      `Unsupported chain: ${caip2}. Supported: ${SUPPORTED_CHAINS.join(", ")}`
+    );
+  }
+  return entry.chain;
+}
+function getTransport(caip2) {
+  const entry = CHAIN_REGISTRY[caip2];
+  if (!entry) {
+    throw new Error(`Unsupported chain: ${caip2}`);
+  }
+  const chainId = caip2.split(":")[1];
+  const envUrl = process.env[`WALLET_RPC_URL_${chainId}`];
+  return http(envUrl || entry.defaultRpcUrl);
+}
+function parseChainId(caip2) {
+  const parts = caip2.split(":");
+  if (parts.length !== 2 || parts[0] !== "eip155") {
+    throw new Error(`Invalid CAIP-2 chain ID: ${caip2}`);
+  }
+  return parseInt(parts[1], 10);
+}
+function getChainName(caip2) {
+  const entry = CHAIN_REGISTRY[caip2];
+  if (!entry) {
+    throw new Error(`Unsupported chain: ${caip2}`);
+  }
+  return entry.name;
+}
+
+// src/signer.ts
+async function signMessage(privateKey, message) {
+  const account = privateKeyToAccount(privateKey);
+  return account.signMessage({ message });
+}
+async function signTypedData(privateKey, typedData) {
+  const account = privateKeyToAccount(privateKey);
+  return account.signTypedData(typedData);
+}
+async function signTransaction(privateKey, transaction, caip2Chain) {
+  const account = privateKeyToAccount(privateKey);
+  const chainId = parseChainId(caip2Chain);
+  const normalized = normalizeTransaction(transaction);
+  const tx = {
+    ...normalized,
+    chainId
+  };
+  if (!transaction.type && !transaction.gasPrice && !transaction.maxFeePerGas && !transaction.accessList && !transaction.blobs && !transaction.authorizationList) {
+    tx.type = "eip1559";
+  }
+  return account.signTransaction(tx);
+}
+function normalizeTransaction(tx) {
+  return {
+    to: tx.to,
+    value: tx.value !== void 0 ? BigInt(tx.value) : void 0,
+    data: tx.data,
+    nonce: tx.nonce !== void 0 ? Number(tx.nonce) : void 0,
+    gas: tx.gas !== void 0 ? BigInt(tx.gas) : void 0,
+    gasPrice: tx.gasPrice !== void 0 ? BigInt(tx.gasPrice) : void 0,
+    maxFeePerGas: tx.maxFeePerGas !== void 0 ? BigInt(tx.maxFeePerGas) : void 0,
+    maxPriorityFeePerGas: tx.maxPriorityFeePerGas !== void 0 ? BigInt(tx.maxPriorityFeePerGas) : void 0
+  };
+}
+
+// src/rpc.ts
+import {
+  createWalletClient,
+  createPublicClient
+} from "viem";
+import { privateKeyToAccount as privateKeyToAccount2 } from "viem/accounts";
+async function sendTransaction(privateKey, transaction, caip2Chain) {
+  const chain = resolveChain(caip2Chain);
+  const transport = getTransport(caip2Chain);
+  const account = privateKeyToAccount2(privateKey);
+  const publicClient = createPublicClient({ chain, transport });
+  const walletClient = createWalletClient({ account, chain, transport });
+  const normalized = normalizeTransaction(transaction);
+  const request = {
+    to: normalized.to,
+    value: normalized.value,
+    data: normalized.data,
+    nonce: normalized.nonce,
+    gas: normalized.gas,
+    account,
+    chain
+  };
+  if (!request.gas) {
+    request.gas = await publicClient.estimateGas({
+      account: account.address,
+      to: request.to,
+      value: request.value,
+      data: request.data
+    });
+  }
+  const hash = await walletClient.sendTransaction(request);
+  return hash;
+}
+
+// src/fund.ts
+import { parseEther } from "viem";
+import { withWallet, resolveProjectId } from "@walletconnect/cli-sdk";
+
+// src/tokens.ts
+import { encodeFunctionData } from "viem";
+var USDC_ADDRESSES = {
+  "eip155:1": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
+  "eip155:8453": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+  "eip155:10": "0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85"
+};
+var TOKEN_REGISTRY = {
+  "eip155:1": ["eth", "usdc"],
+  "eip155:8453": ["eth", "usdc"],
+  "eip155:10": ["eth", "usdc"]
+};
+function getTokenSymbols(chain) {
+  return TOKEN_REGISTRY[chain] ?? ["eth"];
+}
+function getToken(symbol, chain) {
+  const s = symbol.toLowerCase();
+  if (s === "eth") {
+    return { symbol: "ETH", decimals: 18 };
+  }
+  if (s === "usdc") {
+    const address = USDC_ADDRESSES[chain];
+    if (!address) {
+      throw new Error(`USDC not supported on chain ${chain}`);
+    }
+    return { symbol: "USDC", decimals: 6, address };
+  }
+  throw new Error(`Unknown token: ${symbol}`);
+}
+function parseTokenAmount(amount, decimals) {
+  const [whole = "0", frac = ""] = amount.split(".");
+  const paddedFrac = frac.padEnd(decimals, "0").slice(0, decimals);
+  return BigInt(whole) * 10n ** BigInt(decimals) + BigInt(paddedFrac);
+}
+var ERC20_TRANSFER_ABI = [
+  {
+    name: "transfer",
+    type: "function",
+    stateMutability: "nonpayable",
+    inputs: [
+      { name: "to", type: "address" },
+      { name: "amount", type: "uint256" }
+    ],
+    outputs: [{ name: "", type: "bool" }]
+  }
+];
+function buildErc20Transfer(tokenAddress, to, amount) {
+  const data = encodeFunctionData({
+    abi: ERC20_TRANSFER_ABI,
+    functionName: "transfer",
+    args: [to, amount]
+  });
+  return { to: tokenAddress, data, value: "0x0" };
+}
+
+// src/fund.ts
+async function fund(options) {
+  const { amount, chain, token: tokenSymbol = "eth" } = options;
+  const embeddedAddress = resolveAccount(options.account);
+  const tokenInfo = getToken(tokenSymbol, chain);
+  const projectId = resolveProjectId();
+  if (!projectId) {
+    throw new Error(
+      "WalletConnect project ID not found. Set WALLETCONNECT_PROJECT_ID env var."
+    );
+  }
+  let result;
+  await withWallet(
+    {
+      projectId,
+      metadata: {
+        name: "companion-wallet",
+        description: "Fund companion wallet",
+        url: "https://walletconnect.com",
+        icons: []
+      },
+      chains: [chain],
+      methods: ["eth_sendTransaction"],
+      events: []
+    },
+    async (wallet, { accounts }) => {
+      const caip10Account = accounts.find((a) => a.startsWith(`${chain}:`));
+      if (!caip10Account) {
+        throw new Error(
+          `No account found on chain ${chain}. Connected accounts: ${accounts.join(", ")}`
+        );
+      }
+      const externalAddress = caip10Account.split(":").slice(2).join(":");
+      let tx;
+      if (tokenInfo.address) {
+        const rawAmount = parseTokenAmount(amount, tokenInfo.decimals);
+        const erc20Tx = buildErc20Transfer(
+          tokenInfo.address,
+          embeddedAddress,
+          rawAmount
+        );
+        tx = { from: externalAddress, ...erc20Tx };
+      } else {
+        const amountWei = parseEther(amount);
+        const valueHex = `0x${amountWei.toString(16)}`;
+        tx = {
+          from: externalAddress,
+          to: embeddedAddress,
+          value: valueHex,
+          gas: `0x${21e3.toString(16)}`
+        };
+      }
+      const transactionHash = await wallet.request({
+        chainId: chain,
+        request: {
+          method: "eth_sendTransaction",
+          params: [tx]
+        }
+      });
+      result = {
+        transactionHash,
+        from: externalAddress,
+        to: embeddedAddress,
+        amount,
+        token: tokenInfo.symbol
+      };
+    }
+  );
+  if (!result) {
+    throw new Error("Fund operation completed without a result");
+  }
+  return result;
+}
+function resolveAccount(account) {
+  if (account) return account;
+  const addresses = listAddresses();
+  if (addresses.length === 0) {
+    throw new Error("No wallet found. Run 'companion-wallet generate' first.");
+  }
+  return addresses[0];
+}
+
+// src/drain.ts
+import {
+  createWalletClient as createWalletClient2,
+  createPublicClient as createPublicClient2,
+  formatEther,
+  encodeFunctionData as encodeFunctionData2
+} from "viem";
+import { privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts";
+var NATIVE_TRANSFER_GAS = 21000n;
+var ERC20_ABI = [
+  {
+    name: "balanceOf",
+    type: "function",
+    stateMutability: "view",
+    inputs: [{ name: "account", type: "address" }],
+    outputs: [{ name: "", type: "uint256" }]
+  },
+  {
+    name: "transfer",
+    type: "function",
+    stateMutability: "nonpayable",
+    inputs: [
+      { name: "to", type: "address" },
+      { name: "amount", type: "uint256" }
+    ],
+    outputs: [{ name: "", type: "bool" }]
+  }
+];
+async function drain(options) {
+  const { to, chain, token: tokenSymbol = "eth" } = options;
+  const tokenInfo = getToken(tokenSymbol, chain);
+  const account = resolveAccount2(options.account);
+  const privateKey = loadKey(account);
+  const viemAccount = privateKeyToAccount3(privateKey);
+  const viemChain = resolveChain(chain);
+  const transport = getTransport(chain);
+  const publicClient = createPublicClient2({ chain: viemChain, transport });
+  const walletClient = createWalletClient2({
+    account: viemAccount,
+    chain: viemChain,
+    transport
+  });
+  let transactionHash;
+  let amount;
+  if (tokenInfo.address) {
+    const balance = await publicClient.readContract({
+      address: tokenInfo.address,
+      abi: ERC20_ABI,
+      functionName: "balanceOf",
+      args: [viemAccount.address]
+    });
+    if (balance === 0n) {
+      throw new Error(`No ${tokenInfo.symbol} balance to drain`);
+    }
+    const data = encodeFunctionData2({
+      abi: ERC20_ABI,
+      functionName: "transfer",
+      args: [to, balance]
+    });
+    transactionHash = await walletClient.sendTransaction({
+      to: tokenInfo.address,
+      data,
+      value: 0n
+    });
+    amount = balance.toString();
+  } else {
+    const balance = await publicClient.getBalance({ address: viemAccount.address });
+    const gasPrice = await publicClient.getGasPrice();
+    const gasCost = NATIVE_TRANSFER_GAS * gasPrice;
+    const maxSend = balance - gasCost;
+    if (maxSend <= 0n) {
+      throw new Error(
+        `Insufficient balance to cover gas. Balance: ${formatEther(balance)} ETH, gas cost: ${formatEther(gasCost)} ETH`
+      );
+    }
+    transactionHash = await walletClient.sendTransaction({
+      to,
+      value: maxSend,
+      gas: NATIVE_TRANSFER_GAS
+    });
+    amount = maxSend.toString();
+  }
+  return {
+    transactionHash,
+    from: viemAccount.address,
+    to,
+    amount,
+    token: tokenInfo.symbol
+  };
+}
+function resolveAccount2(account) {
+  if (account) return account;
+  const addresses = listAddresses();
+  if (addresses.length === 0) {
+    throw new Error("No wallet found. Run 'companion-wallet generate' first.");
+  }
+  return addresses[0];
+}
+
+// src/prompt.ts
+import { createInterface } from "readline/promises";
+import { stdin, stdout } from "process";
+async function ask(question) {
+  const rl = createInterface({ input: stdin, output: stdout });
+  try {
+    const answer = await rl.question(question);
+    return answer.trim();
+  } finally {
+    rl.close();
+  }
+}
+function printOptions(items) {
+  for (let i = 0; i < items.length; i++) {
+    process.stderr.write(`  ${i + 1}. ${items[i].label}
+`);
+  }
+}
+async function selectChain() {
+  const options = SUPPORTED_CHAINS.map((caip2) => ({
+    label: getChainName(caip2),
+    value: caip2
+  }));
+  process.stderr.write("\nSelect chain:\n");
+  printOptions(options);
+  const input = await ask("> ");
+  const idx = parseInt(input, 10) - 1;
+  if (isNaN(idx) || idx < 0 || idx >= options.length) {
+    throw new Error(`Invalid selection: ${input}`);
+  }
+  return options[idx].value;
+}
+async function selectToken(chain) {
+  const symbols = getTokenSymbols(chain);
+  const options = symbols.map((s) => ({
+    label: s.toUpperCase(),
+    value: s
+  }));
+  process.stderr.write("\nSelect token:\n");
+  printOptions(options);
+  const input = await ask("> ");
+  const idx = parseInt(input, 10) - 1;
+  if (isNaN(idx) || idx < 0 || idx >= options.length) {
+    throw new Error(`Invalid selection: ${input}`);
+  }
+  return options[idx].value;
+}
+async function inputAmount(symbol) {
+  const input = await ask(`
+Amount (${symbol.toUpperCase()}): `);
+  const num = parseFloat(input);
+  if (isNaN(num) || num <= 0) {
+    throw new Error(`Invalid amount: ${input}`);
+  }
+  return input;
+}
+async function inputAddress(label) {
+  const input = await ask(`
+${label}: `);
+  if (!/^0x[0-9a-fA-F]{40}$/.test(input)) {
+    throw new Error(`Invalid address: ${input}`);
+  }
+  return input;
+}
+
+// src/sessions.ts
+import { randomBytes } from "crypto";
+import {
+  mkdirSync as mkdirSync2,
+  writeFileSync as writeFileSync2,
+  readFileSync as readFileSync2,
+  renameSync as renameSync2
+} from "fs";
+import { join as join2, dirname as dirname2 } from "path";
+import { homedir as homedir2 } from "os";
+var SESSIONS_DIR = join2(homedir2(), ".config", "wallet", "sessions");
+function sessionFilePath(sessionId) {
+  return join2(SESSIONS_DIR, `${sessionId}.json`);
+}
+function atomicWrite2(filePath, content) {
+  const tmpPath = filePath + ".tmp";
+  mkdirSync2(dirname2(filePath), { recursive: true, mode: 448 });
+  writeFileSync2(tmpPath, content, { mode: 384 });
+  renameSync2(tmpPath, filePath);
+}
+function grantSession(input) {
+  const sessionId = randomBytes(16).toString("hex");
+  const session = {
+    sessionId,
+    account: input.account,
+    chain: input.chain,
+    permissions: input.permissions,
+    expiry: input.expiry,
+    revoked: false,
+    callCounts: {},
+    totalValue: {}
+  };
+  atomicWrite2(sessionFilePath(sessionId), JSON.stringify(session, null, 2));
+  return session;
+}
+function revokeSession(sessionId) {
+  const session = loadSession(sessionId);
+  session.revoked = true;
+  atomicWrite2(
+    sessionFilePath(sessionId),
+    JSON.stringify(session, null, 2)
+  );
+}
+function loadSession(sessionId) {
+  const filePath = sessionFilePath(sessionId);
+  try {
+    const raw = readFileSync2(filePath, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    throw new Error(`Session not found: ${sessionId}`);
+  }
+}
+function validateSession(sessionId, operation, input) {
+  const session = loadSession(sessionId);
+  if (session.revoked) {
+    throw new SessionError("Session has been revoked");
+  }
+  if (Date.now() > session.expiry) {
+    throw new SessionError("Session has expired");
+  }
+  const permission = session.permissions.find(
+    (p) => p.operation === operation
+  );
+  if (!permission) {
+    throw new SessionError(
+      `Session does not permit operation: ${operation}`
+    );
+  }
+  if (permission.policies) {
+    for (const policy of permission.policies) {
+      validatePolicy(policy, session, input);
+    }
+  }
+  return session;
+}
+function recordSessionUsage(sessionId, operation, input) {
+  const session = loadSession(sessionId);
+  const key = operation;
+  session.callCounts[key] = (session.callCounts[key] || 0) + 1;
+  if (input?.transaction?.value) {
+    const chain = input.chain || "unknown";
+    const currentTotal = BigInt(session.totalValue[chain] || "0");
+    const txValue = BigInt(input.transaction.value);
+    session.totalValue[chain] = (currentTotal + txValue).toString();
+  }
+  atomicWrite2(
+    sessionFilePath(sessionId),
+    JSON.stringify(session, null, 2)
+  );
+}
+function validatePolicy(policy, session, input) {
+  switch (policy.type) {
+    case "value-limit": {
+      if (!input) break;
+      const tx = input.transaction;
+      if (!tx?.value) break;
+      const chain = input.chain || "unknown";
+      const maxValue = BigInt(policy.params.maxValue);
+      const currentTotal = BigInt(session.totalValue[chain] || "0");
+      const txValue = BigInt(tx.value);
+      if (currentTotal + txValue > maxValue) {
+        throw new SessionError(
+          `Value limit exceeded: ${(currentTotal + txValue).toString()} > ${maxValue.toString()}`
+        );
+      }
+      break;
+    }
+    case "recipient-allowlist": {
+      if (!input) break;
+      const tx = input.transaction;
+      if (!tx?.to) break;
+      const allowlist = policy.params.addresses.map(
+        (a) => a.toLowerCase()
+      );
+      const to = tx.to.toLowerCase();
+      if (!allowlist.includes(to)) {
+        throw new SessionError(
+          `Recipient ${tx.to} not in allowlist`
+        );
+      }
+      break;
+    }
+    case "call-limit": {
+      const maxCalls = policy.params.maxCalls;
+      const operation = policy.params.operation;
+      const currentCalls = session.callCounts[operation] || 0;
+      if (currentCalls >= maxCalls) {
+        throw new SessionError(
+          `Call limit reached for ${operation}: ${currentCalls} >= ${maxCalls}`
+        );
+      }
+      break;
+    }
+  }
+}
+var SessionError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "SessionError";
+  }
+};
+
+// src/types.ts
+var ExitCode = {
+  SUCCESS: 0,
+  ERROR: 1,
+  UNSUPPORTED: 2,
+  REJECTED: 3,
+  TIMEOUT: 4,
+  NOT_CONNECTED: 5,
+  SESSION_ERROR: 6
+};
+
+// src/cli.ts
+function getVersion() {
+  try {
+    const __dirname = dirname3(fileURLToPath(import.meta.url));
+    const pkg = JSON.parse(
+      readFileSync3(join3(__dirname, "..", "package.json"), "utf-8")
+    );
+    return pkg.version;
+  } catch {
+    return "0.0.0";
+  }
+}
+async function readStdin() {
+  if (process.stdin.isTTY) return "";
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(chunk);
+  }
+  return Buffer.concat(chunks).toString("utf-8").trim();
+}
+function respond(data) {
+  process.stdout.write(JSON.stringify(data) + "\n");
+}
+function respondError(error, code) {
+  const resp = { error, code };
+  process.stdout.write(JSON.stringify(resp) + "\n");
+}
+async function parseInput() {
+  const raw = await readStdin();
+  if (!raw) return null;
+  try {
+    return JSON.parse(raw);
+  } catch {
+    respondError("Invalid JSON input", "INVALID_INPUT");
+    process.exit(ExitCode.ERROR);
+  }
+}
+async function handleInfo() {
+  const info = {
+    name: "companion-wallet",
+    version: getVersion(),
+    rdns: "com.walletconnect.companion-wallet",
+    capabilities: [
+      "accounts",
+      "sign-message",
+      "sign-typed-data",
+      "sign-transaction",
+      "send-transaction",
+      "grant-session",
+      "revoke-session",
+      "get-session",
+      "fund",
+      "drain"
+    ],
+    chains: SUPPORTED_CHAINS
+  };
+  respond(info);
+}
+async function handleGenerate() {
+  const existing = listAddresses();
+  if (existing.length > 0) {
+    respond({ address: existing[0] });
+    return;
+  }
+  const { address, mnemonic } = generateAndStore();
+  respond({ address, mnemonic });
+  process.stderr.write(
+    "\n\u26A0\uFE0F  BACKUP YOUR SEED PHRASE \u2014 it will not be shown again.\n   Anyone with this phrase can access your funds.\n\n"
+  );
+}
+async function handleAccounts() {
+  const addresses = listAddresses();
+  const accounts = {
+    accounts: addresses.flatMap(
+      (address) => SUPPORTED_CHAINS.map((chain) => ({ chain, address }))
+    )
+  };
+  respond(accounts);
+}
+async function handleSignMessage() {
+  const input = await parseInput();
+  if (!input?.account || !input?.message) {
+    respondError("Missing account or message", "INVALID_INPUT");
+    process.exit(ExitCode.ERROR);
+  }
+  if (input.sessionId) {
+    validateSessionOrExit(input.sessionId, "sign-message", input);
+  }
+  const privateKey = loadKey(input.account);
+  const signature = await signMessage(privateKey, input.message);
+  if (input.sessionId) {
+    recordSessionUsage(input.sessionId, "sign-message");
+  }
+  respond({ signature });
+}
+async function handleSignTypedData() {
+  const input = await parseInput();
+  if (!input?.account || !input?.typedData) {
+    respondError("Missing account or typedData", "INVALID_INPUT");
+    process.exit(ExitCode.ERROR);
+  }
+  if (input.sessionId) {
+    validateSessionOrExit(input.sessionId, "sign-typed-data", input);
+  }
+  const privateKey = loadKey(input.account);
+  const signature = await signTypedData(privateKey, input.typedData);
+  if (input.sessionId) {
+    recordSessionUsage(input.sessionId, "sign-typed-data");
+  }
+  respond({ signature });
+}
+async function handleSignTransaction() {
+  const input = await parseInput();
+  if (!input?.account || !input?.transaction || !input?.chain) {
+    respondError("Missing account, transaction, or chain", "INVALID_INPUT");
+    process.exit(ExitCode.ERROR);
+  }
+  if (input.sessionId) {
+    validateSessionOrExit(input.sessionId, "sign-transaction", input);
+  }
+  const privateKey = loadKey(input.account);
+  const signedTransaction = await signTransaction(
+    privateKey,
+    input.transaction,
+    input.chain
+  );
+  if (input.sessionId) {
+    recordSessionUsage(input.sessionId, "sign-transaction");
+  }
+  respond({ signedTransaction });
+}
+async function handleSendTransaction() {
+  const input = await parseInput();
+  if (!input?.account || !input?.transaction || !input?.chain) {
+    respondError("Missing account, transaction, or chain", "INVALID_INPUT");
+    process.exit(ExitCode.ERROR);
+  }
+  if (input.sessionId) {
+    validateSessionOrExit(input.sessionId, "send-transaction", input);
+  }
+  const privateKey = loadKey(input.account);
+  const transactionHash = await sendTransaction(
+    privateKey,
+    input.transaction,
+    input.chain
+  );
+  if (input.sessionId) {
+    recordSessionUsage(input.sessionId, "send-transaction", input);
+  }
+  respond({ transactionHash });
+}
+async function handleGrantSession() {
+  const input = await parseInput();
+  if (!input?.account || !input?.chain || !input?.permissions || !input?.expiry) {
+    respondError(
+      "Missing account, chain, permissions, or expiry",
+      "INVALID_INPUT"
+    );
+    process.exit(ExitCode.ERROR);
+  }
+  const session = grantSession(input);
+  respond({
+    sessionId: session.sessionId,
+    permissions: session.permissions,
+    expiry: session.expiry
+  });
+}
+async function handleRevokeSession() {
+  const input = await parseInput();
+  if (!input?.sessionId) {
+    respondError("Missing sessionId", "INVALID_INPUT");
+    process.exit(ExitCode.ERROR);
+  }
+  try {
+    revokeSession(input.sessionId);
+    respond({ revoked: true });
+  } catch (err) {
+    respondError(
+      err instanceof Error ? err.message : "Failed to revoke session",
+      "SESSION_ERROR"
+    );
+    process.exit(ExitCode.SESSION_ERROR);
+  }
+}
+async function handleGetSession() {
+  const input = await parseInput();
+  if (!input?.sessionId) {
+    respondError("Missing sessionId", "INVALID_INPUT");
+    process.exit(ExitCode.ERROR);
+  }
+  try {
+    const session = loadSession(input.sessionId);
+    respond(session);
+  } catch (err) {
+    respondError(
+      err instanceof Error ? err.message : "Session not found",
+      "SESSION_ERROR"
+    );
+    process.exit(ExitCode.SESSION_ERROR);
+  }
+}
+function parseCliArg(name) {
+  const flag = `--${name}`;
+  const idx = process.argv.indexOf(flag);
+  if (idx === -1 || idx + 1 >= process.argv.length) return void 0;
+  return process.argv[idx + 1];
+}
+function warnBeta() {
+  process.stderr.write(
+    "WARNING: companion-wallet is beta software. Do not use with real funds on mainnet.\n"
+  );
+}
+async function handleFund() {
+  warnBeta();
+  const account = parseCliArg("account");
+  let amount = parseCliArg("amount");
+  let chain = parseCliArg("chain");
+  let token = parseCliArg("token");
+  try {
+    if (process.stdin.isTTY) {
+      if (!chain) chain = await selectChain();
+      if (!token) token = await selectToken(chain);
+      if (!amount) amount = await inputAmount(token);
+    }
+    if (!amount) {
+      respondError("Missing --amount", "INVALID_INPUT");
+      process.exit(ExitCode.ERROR);
+    }
+    chain = chain || "eip155:1";
+    token = token || "eth";
+    const result = await fund({ account, amount, chain, token });
+    respond(result);
+  } catch (err) {
+    respondError(
+      err instanceof Error ? err.message : "Fund failed",
+      "FUND_ERROR"
+    );
+    process.exit(ExitCode.ERROR);
+  }
+}
+async function handleDrain() {
+  warnBeta();
+  const account = parseCliArg("account");
+  let to = parseCliArg("to");
+  let chain = parseCliArg("chain");
+  let token = parseCliArg("token");
+  try {
+    if (process.stdin.isTTY) {
+      if (!chain) chain = await selectChain();
+      if (!token) token = await selectToken(chain);
+      if (!to) to = await inputAddress("Recipient address");
+    }
+    if (!to) {
+      respondError("Missing --to", "INVALID_INPUT");
+      process.exit(ExitCode.ERROR);
+    }
+    chain = chain || "eip155:1";
+    token = token || "eth";
+    const result = await drain({ account, to, chain, token });
+    respond(result);
+  } catch (err) {
+    respondError(
+      err instanceof Error ? err.message : "Drain failed",
+      "DRAIN_ERROR"
+    );
+    process.exit(ExitCode.ERROR);
+  }
+}
+function validateSessionOrExit(sessionId, operation, input) {
+  try {
+    validateSession(sessionId, operation, input);
+  } catch (err) {
+    respondError(
+      err instanceof Error ? err.message : "Session validation failed",
+      "SESSION_ERROR"
+    );
+    process.exit(
+      err instanceof SessionError ? ExitCode.SESSION_ERROR : ExitCode.ERROR
+    );
+  }
+}
+var HANDLERS = {
+  info: handleInfo,
+  generate: handleGenerate,
+  accounts: handleAccounts,
+  "sign-message": handleSignMessage,
+  "sign-typed-data": handleSignTypedData,
+  "sign-transaction": handleSignTransaction,
+  "send-transaction": handleSendTransaction,
+  "grant-session": handleGrantSession,
+  "revoke-session": handleRevokeSession,
+  "get-session": handleGetSession,
+  fund: handleFund,
+  drain: handleDrain
+};
+async function main() {
+  const operation = process.argv[2];
+  if (!operation || !(operation in HANDLERS)) {
+    respondError(
+      `Unsupported operation: ${operation || "(none)"}`,
+      "UNSUPPORTED_OPERATION"
+    );
+    process.exit(ExitCode.UNSUPPORTED);
+  }
+  try {
+    await HANDLERS[operation]();
+  } catch (err) {
+    if (err instanceof SessionError) {
+      respondError(err.message, "SESSION_ERROR");
+      process.exit(ExitCode.SESSION_ERROR);
+    }
+    respondError(
+      err instanceof Error ? err.message : "Internal error",
+      "INTERNAL_ERROR"
+    );
+    process.exit(ExitCode.ERROR);
+  }
+}
+main();