@wlfi-agent/cli 1.4.13 → 1.4.15

package/crates/vault-cli-admin/src/main.rs

@@ -0,0 +1,3990 @@
+use std::collections::BTreeSet;
+use std::path::PathBuf;
+use std::sync::Arc;
+
+use anyhow::{bail, Context, Result};
+use clap::{Args, Parser, Subcommand, ValueEnum};
+use serde::Serialize;
+use time::format_description::well_known::Rfc3339;
+use uuid::Uuid;
+use vault_daemon::KeyManagerDaemonApi;
+use vault_domain::{
+    AdminSession, AssetId, EntityScope, EvmAddress, ManualApprovalDecision, ManualApprovalRequest,
+    PolicyAttachment, PolicyType, RelayConfig, SpendingPolicy, DEFAULT_MAX_GAS_SPEND_PER_CHAIN_WEI,
+};
+use vault_signer::KeyCreateRequest;
+use vault_transport_unix::{assert_root_owned_daemon_socket_path, UnixDaemonClient};
+use zeroize::Zeroize;
+
+mod io_utils;
+mod shared_config;
+mod tui;
+
+use io_utils::*;
+
+#[derive(Debug, Parser)]
+#[command(name = "wlfi-agent-admin")]
+#[command(about = "Admin CLI for configuring vault policies and agent keys")]
+struct Cli {
+    #[arg(
+        long,
+        default_value_t = false,
+        help = "Read vault password from stdin (trailing newlines are trimmed)"
+    )]
+    vault_password_stdin: bool,
+    #[arg(
+        long,
+        default_value_t = false,
+        help = "Do not prompt for password; require --vault-password-stdin"
+    )]
+    non_interactive: bool,
+    #[arg(
+        long,
+        short = 'f',
+        value_enum,
+        value_name = "text|json",
+        help = "Output format"
+    )]
+    format: Option<OutputFormat>,
+    #[arg(
+        long,
+        short = 'j',
+        default_value_t = false,
+        help = "Shortcut for --format json"
+    )]
+    json: bool,
+    #[arg(
+        long,
+        short = 'q',
+        default_value_t = false,
+        help = "Suppress non-essential status messages in text mode"
+    )]
+    quiet: bool,
+    #[arg(
+        long,
+        short = 'o',
+        value_name = "PATH",
+        help = "Write final command output to PATH (use '-' for stdout)"
+    )]
+    output: Option<PathBuf>,
+    #[arg(
+        long,
+        default_value_t = false,
+        requires = "output",
+        help = "Allow replacing an existing output file"
+    )]
+    overwrite: bool,
+    #[arg(
+        long,
+        env = "WLFI_DAEMON_SOCKET",
+        value_name = "PATH",
+        help = "Always-on daemon unix socket path (default: $WLFI_HOME/daemon.sock or ~/.wlfi_agent/daemon.sock)"
+    )]
+    daemon_socket: Option<PathBuf>,
+    #[command(subcommand)]
+    command: Commands,
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, ValueEnum)]
+enum OutputFormat {
+    Text,
+    Json,
+}
+
+#[derive(Debug)]
+enum OutputTarget {
+    Stdout,
+    File { path: PathBuf, overwrite: bool },
+}
+
+#[derive(Debug, Args)]
+struct BootstrapCommandArgs {
+    #[arg(
+        long,
+        default_value_t = false,
+        help = "Load per-token bootstrap policies from the saved shared config instead of legacy global defaults"
+    )]
+    from_shared_config: bool,
+    #[arg(
+        long,
+        default_value_t = 1_000_000_000_000_000_000u128,
+        value_parser = parse_positive_u128
+    )]
+    per_tx_max_wei: u128,
+    #[arg(
+        long,
+        default_value_t = 5_000_000_000_000_000_000u128,
+        value_parser = parse_positive_u128
+    )]
+    daily_max_wei: u128,
+    #[arg(
+        long,
+        default_value_t = 20_000_000_000_000_000_000u128,
+        value_parser = parse_positive_u128
+    )]
+    weekly_max_wei: u128,
+    #[arg(
+        long,
+        default_value_t = DEFAULT_MAX_GAS_SPEND_PER_CHAIN_WEI,
+        value_parser = parse_positive_u128
+    )]
+    max_gas_per_chain_wei: u128,
+    #[arg(long, default_value_t = 0u128, value_parser = parse_non_negative_u128)]
+    daily_max_tx_count: u128,
+    #[arg(long, default_value_t = 0u128, value_parser = parse_non_negative_u128)]
+    per_tx_max_fee_per_gas_wei: u128,
+    #[arg(long, default_value_t = 0u128, value_parser = parse_non_negative_u128)]
+    per_tx_max_priority_fee_per_gas_wei: u128,
+    #[arg(long, default_value_t = 0u128, value_parser = parse_non_negative_u128)]
+    per_tx_max_calldata_bytes: u128,
+    #[arg(long)]
+    token: Vec<EvmAddress>,
+    #[arg(long, default_value_t = false)]
+    allow_native_eth: bool,
+    #[arg(long, value_parser = parse_positive_u64)]
+    network: Option<u64>,
+    #[arg(long)]
+    recipient: Option<EvmAddress>,
+    #[arg(
+        long,
+        value_name = "UUID",
+        help = "Attach new agent key to an explicit existing policy id (repeatable)"
+    )]
+    attach_policy_id: Vec<Uuid>,
+    #[arg(
+        long,
+        default_value_t = false,
+        help = "Deprecated compatibility flag; bootstrap-created policies are always attached"
+    )]
+    attach_bootstrap_policies: bool,
+    #[arg(long, default_value_t = false)]
+    print_agent_auth_token: bool,
+    #[arg(
+        long,
+        default_value_t = false,
+        help = "Include the vault private key in bootstrap output when generating a new software wallet (high risk)"
+    )]
+    print_vault_private_key: bool,
+}
+
+#[derive(Debug, Args)]
+struct RotateAgentAuthTokenCommandArgs {
+    #[arg(long, value_name = "UUID", help = "Agent key id to rotate")]
+    agent_key_id: Uuid,
+    #[arg(long, default_value_t = false)]
+    print_agent_auth_token: bool,
+}
+
+#[derive(Debug, Args)]
+struct RevokeAgentKeyCommandArgs {
+    #[arg(long, value_name = "UUID", help = "Agent key id to revoke")]
+    agent_key_id: Uuid,
+}
+
+#[derive(Debug, Args)]
+struct AddManualApprovalPolicyCommandArgs {
+    #[arg(long, default_value_t = 100u32)]
+    priority: u32,
+    #[arg(long, value_parser = parse_positive_u128)]
+    min_amount_wei: u128,
+    #[arg(long, value_parser = parse_positive_u128)]
+    max_amount_wei: u128,
+    #[arg(long)]
+    token: Vec<EvmAddress>,
+    #[arg(long, default_value_t = false)]
+    allow_native_eth: bool,
+    #[arg(long, value_parser = parse_positive_u64)]
+    network: Option<u64>,
+    #[arg(long)]
+    recipient: Option<EvmAddress>,
+}
+
+#[derive(Debug, Args)]
+struct ApproveManualApprovalRequestCommandArgs {
+    #[arg(long, value_name = "UUID")]
+    approval_request_id: Uuid,
+}
+
+#[derive(Debug, Args)]
+struct RejectManualApprovalRequestCommandArgs {
+    #[arg(long, value_name = "UUID")]
+    approval_request_id: Uuid,
+    #[arg(long)]
+    rejection_reason: Option<String>,
+}
+
+#[derive(Debug, Args)]
+struct SetRelayConfigCommandArgs {
+    #[arg(long)]
+    relay_url: Option<String>,
+    #[arg(long)]
+    frontend_url: Option<String>,
+    #[arg(
+        long,
+        default_value_t = false,
+        conflicts_with_all = ["relay_url", "frontend_url"]
+    )]
+    clear: bool,
+}
+
+#[derive(Debug, Args)]
+struct SetupCommandArgs {
+    #[arg(
+        value_name = "ARGS",
+        num_args = 0..,
+        trailing_var_arg = true,
+        allow_hyphen_values = true,
+        help = "Additional setup arguments handled by the TypeScript wrapper"
+    )]
+    forwarded_args: Vec<String>,
+}
+
+#[derive(Debug, Args)]
+struct TuiCommandArgs {
+    #[arg(
+        long,
+        default_value_t = false,
+        help = "Include the new agent auth token in bootstrap output so the wrapper can import it"
+    )]
+    print_agent_auth_token: bool,
+}
+
+#[derive(Debug, Subcommand)]
+enum Commands {
+    #[command(about = "Create spending policies and issue a vault key + agent key")]
+    Bootstrap(Box<BootstrapCommandArgs>),
+    #[command(about = "Rotate the bearer token for an existing agent key")]
+    RotateAgentAuthToken(RotateAgentAuthTokenCommandArgs),
+    #[command(about = "Revoke an existing agent key and invalidate its bearer token")]
+    RevokeAgentKey(RevokeAgentKeyCommandArgs),
+    #[command(
+        about = "Create a manual-approval policy for matching destination/token/amount requests"
+    )]
+    AddManualApprovalPolicy(AddManualApprovalPolicyCommandArgs),
+    #[command(about = "List manual approval requests")]
+    ListManualApprovalRequests,
+    #[command(about = "Approve a pending manual approval request")]
+    ApproveManualApprovalRequest(ApproveManualApprovalRequestCommandArgs),
+    #[command(about = "Reject a pending manual approval request")]
+    RejectManualApprovalRequest(RejectManualApprovalRequestCommandArgs),
+    #[command(about = "Configure the relay URL used for approval UX")]
+    SetRelayConfig(SetRelayConfigCommandArgs),
+    #[command(about = "Read the relay configuration used for approval UX")]
+    GetRelayConfig,
+    #[command(about = "Launch interactive terminal UI for bootstrap configuration")]
+    Tui(TuiCommandArgs),
+    #[command(
+        about = "Install daemon autostart and bootstrap wallet access via the TypeScript wrapper"
+    )]
+    Setup(SetupCommandArgs),
+}
+
+#[derive(Debug, Serialize)]
+struct BootstrapOutput {
+    state_file: String,
+    lease_id: String,
+    lease_expires_at: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    daily_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    weekly_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    gas_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    daily_max_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    weekly_max_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    max_gas_per_chain_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    daily_max_tx_count: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    daily_tx_count_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_fee_per_gas_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_fee_per_gas_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_priority_fee_per_gas_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_priority_fee_per_gas_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_calldata_bytes: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_calldata_bytes_policy_id: Option<String>,
+    vault_key_id: String,
+    vault_public_key: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    vault_private_key: Option<String>,
+    agent_key_id: String,
+    agent_auth_token: String,
+    agent_auth_token_redacted: bool,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    network_scope: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    asset_scope: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    recipient_scope: Option<String>,
+    #[serde(skip_serializing_if = "Vec::is_empty")]
+    token_policies: Vec<TokenPolicyOutput>,
+    destination_override_count: usize,
+    #[serde(skip_serializing_if = "Vec::is_empty")]
+    destination_overrides: Vec<DestinationOverrideOutput>,
+    #[serde(skip_serializing_if = "Vec::is_empty")]
+    token_destination_overrides: Vec<TokenDestinationOverrideOutput>,
+    #[serde(skip_serializing_if = "Vec::is_empty")]
+    token_manual_approval_policies: Vec<TokenManualApprovalPolicyOutput>,
+    policy_attachment: String,
+    #[serde(skip_serializing_if = "Vec::is_empty")]
+    attached_policy_ids: Vec<String>,
+    policy_note: String,
+}
+
+#[derive(Debug, Serialize)]
+struct DestinationOverrideOutput {
+    recipient: String,
+    per_tx_policy_id: String,
+    daily_policy_id: String,
+    weekly_policy_id: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    gas_policy_id: Option<String>,
+    per_tx_max_wei: String,
+    daily_max_wei: String,
+    weekly_max_wei: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    max_gas_per_chain_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    daily_max_tx_count: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    daily_tx_count_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_fee_per_gas_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_fee_per_gas_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_priority_fee_per_gas_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_priority_fee_per_gas_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_calldata_bytes: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_calldata_bytes_policy_id: Option<String>,
+}
+
+#[derive(Debug, Serialize)]
+struct TokenPolicyOutput {
+    token_key: String,
+    symbol: String,
+    chain_key: String,
+    chain_id: u64,
+    asset_scope: String,
+    recipient_scope: String,
+    per_tx_policy_id: String,
+    daily_policy_id: String,
+    weekly_policy_id: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    gas_policy_id: Option<String>,
+    per_tx_max_wei: String,
+    daily_max_wei: String,
+    weekly_max_wei: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    max_gas_per_chain_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    daily_max_tx_count: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    daily_tx_count_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_fee_per_gas_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_fee_per_gas_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_priority_fee_per_gas_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_priority_fee_per_gas_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_calldata_bytes: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_calldata_bytes_policy_id: Option<String>,
+}
+
+#[derive(Debug, Serialize)]
+struct TokenDestinationOverrideOutput {
+    token_key: String,
+    symbol: String,
+    chain_key: String,
+    chain_id: u64,
+    recipient: String,
+    asset_scope: String,
+    per_tx_policy_id: String,
+    daily_policy_id: String,
+    weekly_policy_id: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    gas_policy_id: Option<String>,
+    per_tx_max_wei: String,
+    daily_max_wei: String,
+    weekly_max_wei: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    max_gas_per_chain_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    daily_max_tx_count: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    daily_tx_count_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_fee_per_gas_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_fee_per_gas_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_priority_fee_per_gas_wei: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_priority_fee_per_gas_policy_id: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_calldata_bytes: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    per_tx_max_calldata_bytes_policy_id: Option<String>,
+}
+
+#[derive(Debug, Serialize)]
+struct TokenManualApprovalPolicyOutput {
+    token_key: String,
+    symbol: String,
+    chain_key: String,
+    chain_id: u64,
+    priority: u32,
+    min_amount_wei: String,
+    max_amount_wei: String,
+    asset_scope: String,
+    recipient_scope: String,
+    policy_id: String,
+}
+
+#[derive(Debug, Serialize)]
+struct RotateAgentAuthTokenOutput {
+    agent_key_id: String,
+    agent_auth_token: String,
+    agent_auth_token_redacted: bool,
+}
+
+#[derive(Debug, Serialize)]
+struct RevokeAgentKeyOutput {
+    agent_key_id: String,
+    revoked: bool,
+}
+
+#[derive(Debug, Serialize)]
+struct ManualApprovalPolicyOutput {
+    policy_id: String,
+    priority: u32,
+    min_amount_wei: String,
+    max_amount_wei: String,
+    network_scope: String,
+    asset_scope: String,
+    recipient_scope: String,
+}
+
+#[derive(Debug, Clone)]
+pub(crate) struct DestinationPolicyOverride {
+    recipient: EvmAddress,
+    per_tx_max_wei: u128,
+    daily_max_wei: u128,
+    weekly_max_wei: u128,
+    max_gas_per_chain_wei: u128,
+    daily_max_tx_count: u128,
+    per_tx_max_fee_per_gas_wei: u128,
+    per_tx_max_priority_fee_per_gas_wei: u128,
+    per_tx_max_calldata_bytes: u128,
+}
+
+#[derive(Debug, Clone)]
+pub(crate) struct TokenPolicyConfig {
+    token_key: String,
+    symbol: String,
+    chain_key: String,
+    chain_id: u64,
+    is_native: bool,
+    address: Option<EvmAddress>,
+    per_tx_max_wei: u128,
+    daily_max_wei: u128,
+    weekly_max_wei: u128,
+    max_gas_per_chain_wei: u128,
+    daily_max_tx_count: u128,
+    per_tx_max_fee_per_gas_wei: u128,
+    per_tx_max_priority_fee_per_gas_wei: u128,
+    per_tx_max_calldata_bytes: u128,
+}
+
+#[derive(Debug, Clone)]
+pub(crate) struct TokenDestinationPolicyOverride {
+    token_key: String,
+    chain_key: String,
+    recipient: EvmAddress,
+    per_tx_max_wei: u128,
+    daily_max_wei: u128,
+    weekly_max_wei: u128,
+    max_gas_per_chain_wei: u128,
+    daily_max_tx_count: u128,
+    per_tx_max_fee_per_gas_wei: u128,
+    per_tx_max_priority_fee_per_gas_wei: u128,
+    per_tx_max_calldata_bytes: u128,
+}
+
+#[derive(Debug, Clone)]
+pub(crate) struct TokenManualApprovalPolicyConfig {
+    token_key: String,
+    symbol: String,
+    chain_key: String,
+    chain_id: u64,
+    is_native: bool,
+    address: Option<EvmAddress>,
+    priority: u32,
+    recipient: Option<EvmAddress>,
+    min_amount_wei: u128,
+    max_amount_wei: u128,
+}
+
+#[derive(Debug, Clone)]
+pub(crate) struct BootstrapParams {
+    per_tx_max_wei: u128,
+    daily_max_wei: u128,
+    weekly_max_wei: u128,
+    max_gas_per_chain_wei: u128,
+    daily_max_tx_count: u128,
+    per_tx_max_fee_per_gas_wei: u128,
+    per_tx_max_priority_fee_per_gas_wei: u128,
+    per_tx_max_calldata_bytes: u128,
+    tokens: Vec<EvmAddress>,
+    allow_native_eth: bool,
+    network: Option<u64>,
+    recipient: Option<EvmAddress>,
+    token_policies: Vec<TokenPolicyConfig>,
+    destination_overrides: Vec<DestinationPolicyOverride>,
+    token_destination_overrides: Vec<TokenDestinationPolicyOverride>,
+    token_manual_approval_policies: Vec<TokenManualApprovalPolicyConfig>,
+    attach_policy_ids: Vec<Uuid>,
+    print_agent_auth_token: bool,
+    print_vault_private_key: bool,
+    existing_vault_key_id: Option<Uuid>,
+    existing_vault_public_key: Option<String>,
+}
+
+#[derive(Debug, Clone)]
+struct RotateAgentAuthTokenParams {
+    agent_key_id: Uuid,
+    print_agent_auth_token: bool,
+}
+
+#[derive(Debug, Clone)]
+struct RevokeAgentKeyParams {
+    agent_key_id: Uuid,
+}
+
+#[derive(Debug, Clone)]
+struct AddManualApprovalPolicyParams {
+    priority: u32,
+    min_amount_wei: u128,
+    max_amount_wei: u128,
+    tokens: Vec<EvmAddress>,
+    allow_native_eth: bool,
+    network: Option<u64>,
+    recipient: Option<EvmAddress>,
+}
+
+#[derive(Debug, Clone)]
+struct DecideManualApprovalRequestParams {
+    approval_request_id: Uuid,
+    decision: ManualApprovalDecision,
+    rejection_reason: Option<String>,
+}
+
+#[derive(Debug, Clone)]
+struct SetRelayConfigParams {
+    relay_url: Option<String>,
+    frontend_url: Option<String>,
+    clear: bool,
+}
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    let cli = Cli::parse();
+    if let Commands::Setup(args) = &cli.command {
+        let forwarded = if args.forwarded_args.is_empty() {
+            String::new()
+        } else {
+            format!(" {}", args.forwarded_args.join(" "))
+        };
+        bail!(
+            "`setup` is implemented by the TypeScript wrapper, not the raw Rust binary. In local development run `node dist/cli.cjs admin setup{forwarded}` after `npm run build`, or `pnpm exec wlfi-agent admin setup{forwarded}`."
+        );
+    }
+    let output_format = resolve_output_format(cli.format, cli.json)?;
+    let output_target = resolve_output_target(cli.output, cli.overwrite)?;
+    let daemon_socket = resolve_daemon_socket_path(cli.daemon_socket)?;
+    let mut vault_password = resolve_vault_password(cli.vault_password_stdin, cli.non_interactive)?;
+
+    let socket_client = Arc::new(UnixDaemonClient::new_with_expected_server_euid(
+        daemon_socket.clone(),
+        std::time::Duration::from_secs(10),
+        0,
+    ));
+    let daemon_api = socket_client as Arc<dyn KeyManagerDaemonApi>;
+    let state_file_display = format!("daemon_socket:{}", daemon_socket.display());
+
+    let result = match cli.command {
+        Commands::Bootstrap(args) => {
+            let BootstrapCommandArgs {
+                from_shared_config,
+                per_tx_max_wei,
+                daily_max_wei,
+                weekly_max_wei,
+                max_gas_per_chain_wei,
+                daily_max_tx_count,
+                per_tx_max_fee_per_gas_wei,
+                per_tx_max_priority_fee_per_gas_wei,
+                per_tx_max_calldata_bytes,
+                token,
+                allow_native_eth,
+                network,
+                recipient,
+                attach_policy_id,
+                attach_bootstrap_policies: _attach_bootstrap_policies,
+                print_agent_auth_token,
+                print_vault_private_key,
+            } = *args;
+            let params = if from_shared_config {
+                let shared_config = shared_config::LoadedConfig::load_default()?;
+                let mut params = tui::build_bootstrap_params_from_shared_config(
+                    &shared_config.config,
+                    print_agent_auth_token,
+                    false,
+                )?;
+                params.attach_policy_ids = attach_policy_id;
+                params
+            } else {
+                BootstrapParams {
+                    per_tx_max_wei,
+                    daily_max_wei,
+                    weekly_max_wei,
+                    max_gas_per_chain_wei,
+                    daily_max_tx_count,
+                    per_tx_max_fee_per_gas_wei,
+                    per_tx_max_priority_fee_per_gas_wei,
+                    per_tx_max_calldata_bytes,
+                    tokens: token,
+                    allow_native_eth,
+                    network,
+                    recipient,
+                    token_policies: Vec::new(),
+                    destination_overrides: Vec::new(),
+                    token_destination_overrides: Vec::new(),
+                    token_manual_approval_policies: Vec::new(),
+                    attach_policy_ids: attach_policy_id,
+                    print_agent_auth_token,
+                    print_vault_private_key,
+                    existing_vault_key_id: None,
+                    existing_vault_public_key: None,
+                }
+            };
+            let output = execute_bootstrap(
+                daemon_api.clone(),
+                &vault_password,
+                &state_file_display,
+                params,
+                |message| print_status(message, output_format, cli.quiet),
+            )
+            .await?;
+            print_status("bootstrap complete", output_format, cli.quiet);
+            print_bootstrap_output(&output, output_format, &output_target)
+        }
+        Commands::RotateAgentAuthToken(args) => {
+            let params = RotateAgentAuthTokenParams {
+                agent_key_id: args.agent_key_id,
+                print_agent_auth_token: args.print_agent_auth_token,
+            };
+            let output = execute_rotate_agent_auth_token(
+                daemon_api.clone(),
+                &vault_password,
+                params,
+                |message| print_status(message, output_format, cli.quiet),
+            )
+            .await?;
+            print_status("agent auth token rotated", output_format, cli.quiet);
+            print_rotate_agent_auth_token_output(&output, output_format, &output_target)
+        }
+        Commands::RevokeAgentKey(args) => {
+            let params = RevokeAgentKeyParams {
+                agent_key_id: args.agent_key_id,
+            };
+            let output =
+                execute_revoke_agent_key(daemon_api.clone(), &vault_password, params, |message| {
+                    print_status(message, output_format, cli.quiet)
+                })
+                .await?;
+            print_status("agent key revoked", output_format, cli.quiet);
+            print_revoke_agent_key_output(&output, output_format, &output_target)
+        }
+        Commands::AddManualApprovalPolicy(args) => {
+            let params = AddManualApprovalPolicyParams {
+                priority: args.priority,
+                min_amount_wei: args.min_amount_wei,
+                max_amount_wei: args.max_amount_wei,
+                tokens: args.token,
+                allow_native_eth: args.allow_native_eth,
+                network: args.network,
+                recipient: args.recipient,
+            };
+            let output = execute_add_manual_approval_policy(
+                daemon_api.clone(),
+                &vault_password,
+                params,
+                |message| print_status(message, output_format, cli.quiet),
+            )
+            .await?;
+            print_status("manual approval policy created", output_format, cli.quiet);
+            print_manual_approval_policy_output(&output, output_format, &output_target)
+        }
+        Commands::ListManualApprovalRequests => {
+            let output = execute_list_manual_approval_requests(
+                daemon_api.clone(),
+                &vault_password,
+                |message| print_status(message, output_format, cli.quiet),
+            )
+            .await?;
+            print_manual_approval_requests_output(&output, output_format, &output_target)
+        }
+        Commands::ApproveManualApprovalRequest(args) => {
+            let output = execute_decide_manual_approval_request(
+                daemon_api.clone(),
+                &vault_password,
+                DecideManualApprovalRequestParams {
+                    approval_request_id: args.approval_request_id,
+                    decision: ManualApprovalDecision::Approve,
+                    rejection_reason: None,
+                },
+                |message| print_status(message, output_format, cli.quiet),
+            )
+            .await?;
+            print_status("manual approval request updated", output_format, cli.quiet);
+            print_manual_approval_request_output(&output, output_format, &output_target)
+        }
+        Commands::RejectManualApprovalRequest(args) => {
+            let output = execute_decide_manual_approval_request(
+                daemon_api.clone(),
+                &vault_password,
+                DecideManualApprovalRequestParams {
+                    approval_request_id: args.approval_request_id,
+                    decision: ManualApprovalDecision::Reject,
+                    rejection_reason: args.rejection_reason,
+                },
+                |message| print_status(message, output_format, cli.quiet),
+            )
+            .await?;
+            print_status("manual approval request updated", output_format, cli.quiet);
+            print_manual_approval_request_output(&output, output_format, &output_target)
+        }
+        Commands::SetRelayConfig(args) => {
+            let relay_url = if args.clear { None } else { args.relay_url };
+            let frontend_url = if args.clear { None } else { args.frontend_url };
+            let output = execute_set_relay_config(
+                daemon_api.clone(),
+                &vault_password,
+                SetRelayConfigParams {
+                    relay_url,
+                    frontend_url,
+                    clear: args.clear,
+                },
+                |message| print_status(message, output_format, cli.quiet),
+            )
+            .await?;
+            print_status("relay configuration updated", output_format, cli.quiet);
+            print_relay_config_output(&output, output_format, &output_target)
+        }
+        Commands::GetRelayConfig => {
+            let output = execute_get_relay_config(daemon_api.clone(), &vault_password, |message| {
+                print_status(message, output_format, cli.quiet)
+            })
+            .await?;
+            print_relay_config_output(&output, output_format, &output_target)
+        }
+        Commands::Tui(args) => {
+            let shared_config = shared_config::LoadedConfig::load_default()?;
+            if let Some(output) = tui::run_bootstrap_tui(
+                &shared_config.config,
+                args.print_agent_auth_token,
+                |params| {
+                    tokio::task::block_in_place(|| {
+                        tokio::runtime::Handle::current().block_on(execute_bootstrap(
+                            daemon_api.clone(),
+                            &vault_password,
+                            &state_file_display,
+                            params,
+                            |_| {},
+                        ))
+                    })
+                },
+            )? {
+                print_status("bootstrap complete", output_format, cli.quiet);
+                print_bootstrap_output(&output, output_format, &output_target)
+            } else {
+                print_status("tui canceled", output_format, cli.quiet);
+                Ok(())
+            }
+        }
+        Commands::Setup(_) => unreachable!("setup is handled before daemon initialization"),
+    };
+
+    vault_password.zeroize();
+    result
+}
+
+async fn execute_bootstrap(
+    daemon: Arc<dyn KeyManagerDaemonApi>,
+    vault_password: &str,
+    state_file_display: &str,
+    params: BootstrapParams,
+    mut on_status: impl FnMut(&str),
+) -> Result<BootstrapOutput> {
+    if !params.token_policies.is_empty() {
+        return execute_per_token_bootstrap(
+            daemon,
+            vault_password,
+            state_file_display,
+            params,
+            on_status,
+        )
+        .await;
+    }
+
+    validate_policy_limits(
+        params.per_tx_max_wei,
+        params.daily_max_wei,
+        params.weekly_max_wei,
+    )?;
+    validate_destination_policy_overrides(&params)?;
+    on_status("initializing daemon");
+
+    on_status("issuing admin lease");
+    let lease = daemon.issue_lease(vault_password).await?;
+    let mut session = AdminSession {
+        vault_password: vault_password.to_string(),
+        lease: lease.clone(),
+    };
+    let result = async {
+        let asset_scope = build_asset_scope(&params.tokens, params.allow_native_eth);
+        let network_scope = build_network_scope(params.network);
+        let recipient_scope: EntityScope<EvmAddress> = params
+            .recipient
+            .clone()
+            .map(single_scope)
+            .unwrap_or(EntityScope::All);
+        let default_limits = PolicyLimitConfig::from_params(&params);
+        let default_bundle = build_policy_bundle(
+            0,
+            &default_limits,
+            recipient_scope.clone(),
+            asset_scope.clone(),
+            network_scope.clone(),
+        )?;
+
+        let mut destination_override_bundles = Vec::with_capacity(params.destination_overrides.len());
+        for (index, destination_override) in params.destination_overrides.iter().enumerate() {
+            let priority_base = 100 + (index as u32 * 10);
+            let bundle = build_policy_bundle(
+                priority_base,
+                &PolicyLimitConfig::from_destination_override(destination_override),
+                single_scope(destination_override.recipient.clone()),
+                asset_scope.clone(),
+                network_scope.clone(),
+            )?;
+            destination_override_bundles.push((destination_override, bundle));
+        }
+
+        validate_existing_policy_attachments(daemon.as_ref(), &session, &params.attach_policy_ids)
+            .await?;
+
+        on_status("registering spending policies");
+        register_policy_bundle(daemon.as_ref(), &session, &default_bundle).await?;
+        for (_, bundle) in &destination_override_bundles {
+            register_policy_bundle(daemon.as_ref(), &session, bundle).await?;
+        }
+
+        let mut created_policy_ids = default_bundle.policy_ids();
+        for (_, bundle) in &destination_override_bundles {
+            created_policy_ids.extend(bundle.policy_ids());
+        }
+
+        let (policy_attachment, policy_attachment_label, attached_policy_ids, mut policy_note) =
+            resolve_bootstrap_policy_attachment(created_policy_ids, &params.attach_policy_ids)?;
+
+        if !params.destination_overrides.is_empty() {
+            policy_note.push_str(&format!(
+                "; {} destination override(s) apply as stricter overlays and do not replace the default limits",
+                params.destination_overrides.len()
+            ));
+        }
+
+        let (vault_key_id, vault_public_key, vault_private_key, key_status_message) =
+            match (
+                params.existing_vault_key_id,
+                params.existing_vault_public_key.as_ref(),
+            ) {
+                (Some(vault_key_id), Some(vault_public_key)) => {
+                    policy_note.push_str("; reused the existing wallet address");
+                    (vault_key_id, vault_public_key.clone(), None, "creating agent key")
+                }
+                (Some(_), None) => {
+                    bail!("existing wallet metadata is incomplete: wallet.vaultPublicKey is required");
+                }
+                (None, Some(_)) => {
+                    bail!("existing wallet metadata is incomplete: wallet.vaultKeyId is required");
+                }
+                (None, None) => {
+                    let vault_key = daemon
+                        .create_vault_key(&session, KeyCreateRequest::Generate)
+                        .await?;
+                    let vault_private_key = if params.print_vault_private_key {
+                        daemon.export_vault_private_key(&session, vault_key.id).await?
+                    } else {
+                        None
+                    };
+                    (
+                        vault_key.id,
+                        vault_key.public_key_hex,
+                        vault_private_key,
+                        "creating vault and agent keys",
+                    )
+                }
+            };
+        on_status(key_status_message);
+        let mut agent_credentials = daemon
+            .create_agent_key(&session, vault_key_id, policy_attachment)
+            .await?;
+        let agent_auth_token = if params.print_agent_auth_token {
+            std::mem::take(&mut agent_credentials.auth_token)
+        } else {
+            agent_credentials.auth_token.zeroize();
+            "<redacted>".to_string()
+        };
+
+        let destination_override_outputs = destination_override_bundles
+            .iter()
+            .map(|(destination_override, bundle)| DestinationOverrideOutput {
+                recipient: destination_override.recipient.to_string(),
+                per_tx_policy_id: bundle.per_tx.id.to_string(),
+                daily_policy_id: bundle.daily.id.to_string(),
+                weekly_policy_id: bundle.weekly.id.to_string(),
+                gas_policy_id: bundle.gas.as_ref().map(|policy| policy.id.to_string()),
+                per_tx_max_wei: destination_override.per_tx_max_wei.to_string(),
+                daily_max_wei: destination_override.daily_max_wei.to_string(),
+                weekly_max_wei: destination_override.weekly_max_wei.to_string(),
+                max_gas_per_chain_wei: (destination_override.max_gas_per_chain_wei > 0)
+                    .then(|| destination_override.max_gas_per_chain_wei.to_string()),
+                daily_max_tx_count: (destination_override.daily_max_tx_count > 0)
+                    .then(|| destination_override.daily_max_tx_count.to_string()),
+                daily_tx_count_policy_id: bundle
+                    .daily_tx_count
+                    .as_ref()
+                    .map(|policy| policy.id.to_string()),
+                per_tx_max_fee_per_gas_wei: (destination_override.per_tx_max_fee_per_gas_wei > 0)
+                    .then(|| destination_override.per_tx_max_fee_per_gas_wei.to_string()),
+                per_tx_max_fee_per_gas_policy_id: bundle
+                    .per_tx_max_fee
+                    .as_ref()
+                    .map(|policy| policy.id.to_string()),
+                per_tx_max_priority_fee_per_gas_wei: (destination_override
+                    .per_tx_max_priority_fee_per_gas_wei
+                    > 0)
+                    .then(|| {
+                        destination_override
+                            .per_tx_max_priority_fee_per_gas_wei
+                            .to_string()
+                    }),
+                per_tx_max_priority_fee_per_gas_policy_id: bundle
+                    .per_tx_max_priority_fee
+                    .as_ref()
+                    .map(|policy| policy.id.to_string()),
+                per_tx_max_calldata_bytes: (destination_override.per_tx_max_calldata_bytes > 0)
+                    .then(|| destination_override.per_tx_max_calldata_bytes.to_string()),
+                per_tx_max_calldata_bytes_policy_id: bundle
+                    .per_tx_max_calldata_bytes
+                    .as_ref()
+                    .map(|policy| policy.id.to_string()),
+            })
+            .collect::<Vec<_>>();
+
+        Ok(BootstrapOutput {
+            state_file: state_file_display.to_string(),
+            lease_id: lease.lease_id.to_string(),
+            lease_expires_at: lease
+                .expires_at
+                .format(&Rfc3339)
+                .context("failed to format lease expiry as RFC3339")?,
+            per_tx_policy_id: Some(default_bundle.per_tx.id.to_string()),
+            daily_policy_id: Some(default_bundle.daily.id.to_string()),
+            weekly_policy_id: Some(default_bundle.weekly.id.to_string()),
+            gas_policy_id: default_bundle.gas.as_ref().map(|policy| policy.id.to_string()),
+            per_tx_max_wei: Some(params.per_tx_max_wei.to_string()),
+            daily_max_wei: Some(params.daily_max_wei.to_string()),
+            weekly_max_wei: Some(params.weekly_max_wei.to_string()),
+            max_gas_per_chain_wei: (params.max_gas_per_chain_wei > 0)
+                .then(|| params.max_gas_per_chain_wei.to_string()),
+            daily_max_tx_count: (params.daily_max_tx_count > 0)
+                .then(|| params.daily_max_tx_count.to_string()),
+            daily_tx_count_policy_id: default_bundle
+                .daily_tx_count
+                .as_ref()
+                .map(|policy| policy.id.to_string()),
+            per_tx_max_fee_per_gas_wei: (params.per_tx_max_fee_per_gas_wei > 0)
+                .then(|| params.per_tx_max_fee_per_gas_wei.to_string()),
+            per_tx_max_fee_per_gas_policy_id: default_bundle
+                .per_tx_max_fee
+                .as_ref()
+                .map(|policy| policy.id.to_string()),
+            per_tx_max_priority_fee_per_gas_wei: (params.per_tx_max_priority_fee_per_gas_wei > 0)
+                .then(|| params.per_tx_max_priority_fee_per_gas_wei.to_string()),
+            per_tx_max_priority_fee_per_gas_policy_id: default_bundle
+                .per_tx_max_priority_fee
+                .as_ref()
+                .map(|policy| policy.id.to_string()),
+            per_tx_max_calldata_bytes: (params.per_tx_max_calldata_bytes > 0)
+                .then(|| params.per_tx_max_calldata_bytes.to_string()),
+            per_tx_max_calldata_bytes_policy_id: default_bundle
+                .per_tx_max_calldata_bytes
+                .as_ref()
+                .map(|policy| policy.id.to_string()),
+            vault_key_id: vault_key_id.to_string(),
+            vault_public_key,
+            vault_private_key,
+            agent_key_id: agent_credentials.agent_key.id.to_string(),
+            agent_auth_token,
+            agent_auth_token_redacted: !params.print_agent_auth_token,
+            network_scope: Some(describe_network_scope(&network_scope)),
+            asset_scope: Some(describe_asset_scope(&asset_scope)),
+            recipient_scope: Some(describe_recipient_scope(&recipient_scope)),
+            token_policies: Vec::new(),
+            destination_override_count: destination_override_outputs.len(),
+            destination_overrides: destination_override_outputs,
+            token_destination_overrides: Vec::new(),
+            token_manual_approval_policies: Vec::new(),
+            policy_attachment: policy_attachment_label,
+            attached_policy_ids,
+            policy_note,
+        })
+    }
+    .await;
+
+    session.vault_password.zeroize();
+    result
+}
+
+async fn execute_per_token_bootstrap(
+    daemon: Arc<dyn KeyManagerDaemonApi>,
+    vault_password: &str,
+    state_file_display: &str,
+    params: BootstrapParams,
+    mut on_status: impl FnMut(&str),
+) -> Result<BootstrapOutput> {
+    validate_per_token_bootstrap_params(&params)?;
+    on_status("initializing daemon");
+
+    on_status("issuing admin lease");
+    let lease = daemon.issue_lease(vault_password).await?;
+    let mut session = AdminSession {
+        vault_password: vault_password.to_string(),
+        lease: lease.clone(),
+    };
+
+    let result = async {
+        let mut token_policy_bundles = Vec::with_capacity(params.token_policies.len());
+        for (index, token_policy) in params.token_policies.iter().enumerate() {
+            let asset_scope = build_asset_scope_for_token_policy(token_policy)?;
+            let network_scope = single_scope(token_policy.chain_id);
+            let bundle = build_policy_bundle(
+                index as u32 * 100,
+                &PolicyLimitConfig::from_token_policy(token_policy),
+                EntityScope::All,
+                asset_scope.clone(),
+                network_scope.clone(),
+            )?;
+            token_policy_bundles.push((token_policy, asset_scope, network_scope, bundle));
+        }
+
+        let mut token_destination_override_bundles =
+            Vec::with_capacity(params.token_destination_overrides.len());
+        for (index, destination_override) in params.token_destination_overrides.iter().enumerate() {
+            let token_policy = params
+                .token_policies
+                .iter()
+                .find(|policy| {
+                    policy.token_key == destination_override.token_key
+                        && policy.chain_key == destination_override.chain_key
+                })
+                .with_context(|| {
+                    format!(
+                        "unknown token selector for destination override: {}:{}",
+                        destination_override.token_key, destination_override.chain_key
+                    )
+                })?;
+            let asset_scope = build_asset_scope_for_token_policy(token_policy)?;
+            let network_scope = single_scope(token_policy.chain_id);
+            let bundle = build_policy_bundle(
+                10_000 + index as u32 * 100,
+                &PolicyLimitConfig::from_token_destination_override(destination_override),
+                single_scope(destination_override.recipient.clone()),
+                asset_scope.clone(),
+                network_scope.clone(),
+            )?;
+            token_destination_override_bundles.push((
+                destination_override,
+                token_policy,
+                asset_scope,
+                network_scope,
+                bundle,
+            ));
+        }
+
+        let mut token_manual_approval_policies =
+            Vec::with_capacity(params.token_manual_approval_policies.len());
+        for manual_approval in &params.token_manual_approval_policies {
+            let asset_scope = build_asset_scope_for_token_manual_approval(manual_approval)?;
+            let network_scope = single_scope(manual_approval.chain_id);
+            let recipient_scope = manual_approval
+                .recipient
+                .clone()
+                .map_or(EntityScope::All, single_scope);
+            let policy = SpendingPolicy::new_manual_approval(
+                manual_approval.priority,
+                manual_approval.min_amount_wei,
+                manual_approval.max_amount_wei,
+                recipient_scope.clone(),
+                asset_scope.clone(),
+                network_scope.clone(),
+            )?;
+            token_manual_approval_policies.push((
+                manual_approval,
+                asset_scope,
+                recipient_scope,
+                network_scope,
+                policy,
+            ));
+        }
+
+        validate_existing_policy_attachments(daemon.as_ref(), &session, &params.attach_policy_ids)
+            .await?;
+
+        on_status("registering spending policies");
+        for (_, _, _, bundle) in &token_policy_bundles {
+            register_policy_bundle(daemon.as_ref(), &session, bundle).await?;
+        }
+        for (_, _, _, _, bundle) in &token_destination_override_bundles {
+            register_policy_bundle(daemon.as_ref(), &session, bundle).await?;
+        }
+        for (_, _, _, _, policy) in &token_manual_approval_policies {
+            daemon.add_policy(&session, policy.clone()).await?;
+        }
+
+        let mut created_policy_ids = BTreeSet::new();
+        for (_, _, _, bundle) in &token_policy_bundles {
+            created_policy_ids.extend(bundle.policy_ids());
+        }
+        for (_, _, _, _, bundle) in &token_destination_override_bundles {
+            created_policy_ids.extend(bundle.policy_ids());
+        }
+        for (_, _, _, _, policy) in &token_manual_approval_policies {
+            created_policy_ids.insert(policy.id);
+        }
+
+        let (policy_attachment, policy_attachment_label, attached_policy_ids, mut policy_note) =
+            resolve_bootstrap_policy_attachment(created_policy_ids, &params.attach_policy_ids)?;
+        policy_note.push_str(&format!(
+            "; {} per-token policy bundle(s) created",
+            token_policy_bundles.len()
+        ));
+        if !token_destination_override_bundles.is_empty() {
+            policy_note.push_str(&format!(
+                "; {} per-token destination override(s) apply as stricter overlays",
+                token_destination_override_bundles.len()
+            ));
+        }
+        if !token_manual_approval_policies.is_empty() {
+            policy_note.push_str(&format!(
+                "; {} token manual approval policy/policies created",
+                token_manual_approval_policies.len()
+            ));
+        }
+
+        let (vault_key_id, vault_public_key, vault_private_key, key_status_message) = match (
+            params.existing_vault_key_id,
+            params.existing_vault_public_key.as_ref(),
+        ) {
+            (Some(vault_key_id), Some(vault_public_key)) => {
+                policy_note.push_str("; reused the existing wallet address");
+                (
+                    vault_key_id,
+                    vault_public_key.clone(),
+                    None,
+                    "creating agent key",
+                )
+            }
+            (Some(_), None) => {
+                bail!("existing wallet metadata is incomplete: wallet.vaultPublicKey is required");
+            }
+            (None, Some(_)) => {
+                bail!("existing wallet metadata is incomplete: wallet.vaultKeyId is required");
+            }
+            (None, None) => {
+                let vault_key = daemon
+                    .create_vault_key(&session, KeyCreateRequest::Generate)
+                    .await?;
+                let vault_private_key = if params.print_vault_private_key {
+                    daemon
+                        .export_vault_private_key(&session, vault_key.id)
+                        .await?
+                } else {
+                    None
+                };
+                (
+                    vault_key.id,
+                    vault_key.public_key_hex,
+                    vault_private_key,
+                    "creating vault and agent keys",
+                )
+            }
+        };
+        on_status(key_status_message);
+        let mut agent_credentials = daemon
+            .create_agent_key(&session, vault_key_id, policy_attachment)
+            .await?;
+        let agent_auth_token = if params.print_agent_auth_token {
+            std::mem::take(&mut agent_credentials.auth_token)
+        } else {
+            agent_credentials.auth_token.zeroize();
+            "<redacted>".to_string()
+        };
+
+        let token_policy_outputs = token_policy_bundles
+            .iter()
+            .map(|(token_policy, asset_scope, _, bundle)| TokenPolicyOutput {
+                token_key: token_policy.token_key.clone(),
+                symbol: token_policy.symbol.clone(),
+                chain_key: token_policy.chain_key.clone(),
+                chain_id: token_policy.chain_id,
+                asset_scope: describe_asset_scope(asset_scope),
+                recipient_scope: "all recipients".to_string(),
+                per_tx_policy_id: bundle.per_tx.id.to_string(),
+                daily_policy_id: bundle.daily.id.to_string(),
+                weekly_policy_id: bundle.weekly.id.to_string(),
+                gas_policy_id: bundle.gas.as_ref().map(|policy| policy.id.to_string()),
+                per_tx_max_wei: token_policy.per_tx_max_wei.to_string(),
+                daily_max_wei: token_policy.daily_max_wei.to_string(),
+                weekly_max_wei: token_policy.weekly_max_wei.to_string(),
+                max_gas_per_chain_wei: (token_policy.max_gas_per_chain_wei > 0)
+                    .then(|| token_policy.max_gas_per_chain_wei.to_string()),
+                daily_max_tx_count: (token_policy.daily_max_tx_count > 0)
+                    .then(|| token_policy.daily_max_tx_count.to_string()),
+                daily_tx_count_policy_id: bundle
+                    .daily_tx_count
+                    .as_ref()
+                    .map(|policy| policy.id.to_string()),
+                per_tx_max_fee_per_gas_wei: (token_policy.per_tx_max_fee_per_gas_wei > 0)
+                    .then(|| token_policy.per_tx_max_fee_per_gas_wei.to_string()),
+                per_tx_max_fee_per_gas_policy_id: bundle
+                    .per_tx_max_fee
+                    .as_ref()
+                    .map(|policy| policy.id.to_string()),
+                per_tx_max_priority_fee_per_gas_wei: (token_policy
+                    .per_tx_max_priority_fee_per_gas_wei
+                    > 0)
+                .then(|| token_policy.per_tx_max_priority_fee_per_gas_wei.to_string()),
+                per_tx_max_priority_fee_per_gas_policy_id: bundle
+                    .per_tx_max_priority_fee
+                    .as_ref()
+                    .map(|policy| policy.id.to_string()),
+                per_tx_max_calldata_bytes: (token_policy.per_tx_max_calldata_bytes > 0)
+                    .then(|| token_policy.per_tx_max_calldata_bytes.to_string()),
+                per_tx_max_calldata_bytes_policy_id: bundle
+                    .per_tx_max_calldata_bytes
+                    .as_ref()
+                    .map(|policy| policy.id.to_string()),
+            })
+            .collect::<Vec<_>>();
+
+        let token_destination_override_outputs = token_destination_override_bundles
+            .iter()
+            .map(
+                |(destination_override, token_policy, asset_scope, _, bundle)| {
+                    TokenDestinationOverrideOutput {
+                        token_key: destination_override.token_key.clone(),
+                        symbol: token_policy.symbol.clone(),
+                        chain_key: destination_override.chain_key.clone(),
+                        chain_id: token_policy.chain_id,
+                        recipient: destination_override.recipient.to_string(),
+                        asset_scope: describe_asset_scope(asset_scope),
+                        per_tx_policy_id: bundle.per_tx.id.to_string(),
+                        daily_policy_id: bundle.daily.id.to_string(),
+                        weekly_policy_id: bundle.weekly.id.to_string(),
+                        gas_policy_id: bundle.gas.as_ref().map(|policy| policy.id.to_string()),
+                        per_tx_max_wei: destination_override.per_tx_max_wei.to_string(),
+                        daily_max_wei: destination_override.daily_max_wei.to_string(),
+                        weekly_max_wei: destination_override.weekly_max_wei.to_string(),
+                        max_gas_per_chain_wei: (destination_override.max_gas_per_chain_wei > 0)
+                            .then(|| destination_override.max_gas_per_chain_wei.to_string()),
+                        daily_max_tx_count: (destination_override.daily_max_tx_count > 0)
+                            .then(|| destination_override.daily_max_tx_count.to_string()),
+                        daily_tx_count_policy_id: bundle
+                            .daily_tx_count
+                            .as_ref()
+                            .map(|policy| policy.id.to_string()),
+                        per_tx_max_fee_per_gas_wei: (destination_override
+                            .per_tx_max_fee_per_gas_wei
+                            > 0)
+                        .then(|| destination_override.per_tx_max_fee_per_gas_wei.to_string()),
+                        per_tx_max_fee_per_gas_policy_id: bundle
+                            .per_tx_max_fee
+                            .as_ref()
+                            .map(|policy| policy.id.to_string()),
+                        per_tx_max_priority_fee_per_gas_wei: (destination_override
+                            .per_tx_max_priority_fee_per_gas_wei
+                            > 0)
+                        .then(|| {
+                            destination_override
+                                .per_tx_max_priority_fee_per_gas_wei
+                                .to_string()
+                        }),
+                        per_tx_max_priority_fee_per_gas_policy_id: bundle
+                            .per_tx_max_priority_fee
+                            .as_ref()
+                            .map(|policy| policy.id.to_string()),
+                        per_tx_max_calldata_bytes: (destination_override.per_tx_max_calldata_bytes
+                            > 0)
+                        .then(|| destination_override.per_tx_max_calldata_bytes.to_string()),
+                        per_tx_max_calldata_bytes_policy_id: bundle
+                            .per_tx_max_calldata_bytes
+                            .as_ref()
+                            .map(|policy| policy.id.to_string()),
+                    }
+                },
+            )
+            .collect::<Vec<_>>();
+
+        let token_manual_approval_outputs = token_manual_approval_policies
+            .iter()
+            .map(
+                |(manual_approval, asset_scope, recipient_scope, _, policy)| {
+                    TokenManualApprovalPolicyOutput {
+                        token_key: manual_approval.token_key.clone(),
+                        symbol: manual_approval.symbol.clone(),
+                        chain_key: manual_approval.chain_key.clone(),
+                        chain_id: manual_approval.chain_id,
+                        priority: manual_approval.priority,
+                        min_amount_wei: manual_approval.min_amount_wei.to_string(),
+                        max_amount_wei: manual_approval.max_amount_wei.to_string(),
+                        asset_scope: describe_asset_scope(asset_scope),
+                        recipient_scope: describe_recipient_scope(recipient_scope),
+                        policy_id: policy.id.to_string(),
+                    }
+                },
+            )
+            .collect::<Vec<_>>();
+
+        Ok(BootstrapOutput {
+            state_file: state_file_display.to_string(),
+            lease_id: lease.lease_id.to_string(),
+            lease_expires_at: lease
+                .expires_at
+                .format(&Rfc3339)
+                .context("failed to format lease expiry as RFC3339")?,
+            per_tx_policy_id: None,
+            daily_policy_id: None,
+            weekly_policy_id: None,
+            gas_policy_id: None,
+            per_tx_max_wei: None,
+            daily_max_wei: None,
+            weekly_max_wei: None,
+            max_gas_per_chain_wei: None,
+            daily_max_tx_count: None,
+            daily_tx_count_policy_id: None,
+            per_tx_max_fee_per_gas_wei: None,
+            per_tx_max_fee_per_gas_policy_id: None,
+            per_tx_max_priority_fee_per_gas_wei: None,
+            per_tx_max_priority_fee_per_gas_policy_id: None,
+            per_tx_max_calldata_bytes: None,
+            per_tx_max_calldata_bytes_policy_id: None,
+            vault_key_id: vault_key_id.to_string(),
+            vault_public_key,
+            vault_private_key,
+            agent_key_id: agent_credentials.agent_key.id.to_string(),
+            agent_auth_token,
+            agent_auth_token_redacted: !params.print_agent_auth_token,
+            network_scope: None,
+            asset_scope: None,
+            recipient_scope: None,
+            token_policies: token_policy_outputs,
+            destination_override_count: token_destination_override_outputs.len(),
+            destination_overrides: Vec::new(),
+            token_destination_overrides: token_destination_override_outputs,
+            token_manual_approval_policies: token_manual_approval_outputs,
+            policy_attachment: policy_attachment_label,
+            attached_policy_ids,
+            policy_note,
+        })
+    }
+    .await;
+
+    session.vault_password.zeroize();
+    result
+}
+
+#[derive(Debug, Clone, Copy)]
+struct PolicyLimitConfig {
+    per_tx_max_wei: u128,
+    daily_max_wei: u128,
+    weekly_max_wei: u128,
+    max_gas_per_chain_wei: u128,
+    daily_max_tx_count: u128,
+    per_tx_max_fee_per_gas_wei: u128,
+    per_tx_max_priority_fee_per_gas_wei: u128,
+    per_tx_max_calldata_bytes: u128,
+}
+
+impl PolicyLimitConfig {
+    fn from_params(params: &BootstrapParams) -> Self {
+        Self {
+            per_tx_max_wei: params.per_tx_max_wei,
+            daily_max_wei: params.daily_max_wei,
+            weekly_max_wei: params.weekly_max_wei,
+            max_gas_per_chain_wei: params.max_gas_per_chain_wei,
+            daily_max_tx_count: params.daily_max_tx_count,
+            per_tx_max_fee_per_gas_wei: params.per_tx_max_fee_per_gas_wei,
+            per_tx_max_priority_fee_per_gas_wei: params.per_tx_max_priority_fee_per_gas_wei,
+            per_tx_max_calldata_bytes: params.per_tx_max_calldata_bytes,
+        }
+    }
+
+    fn from_token_policy(token_policy: &TokenPolicyConfig) -> Self {
+        Self {
+            per_tx_max_wei: token_policy.per_tx_max_wei,
+            daily_max_wei: token_policy.daily_max_wei,
+            weekly_max_wei: token_policy.weekly_max_wei,
+            max_gas_per_chain_wei: token_policy.max_gas_per_chain_wei,
+            daily_max_tx_count: token_policy.daily_max_tx_count,
+            per_tx_max_fee_per_gas_wei: token_policy.per_tx_max_fee_per_gas_wei,
+            per_tx_max_priority_fee_per_gas_wei: token_policy.per_tx_max_priority_fee_per_gas_wei,
+            per_tx_max_calldata_bytes: token_policy.per_tx_max_calldata_bytes,
+        }
+    }
+
+    fn from_destination_override(destination_override: &DestinationPolicyOverride) -> Self {
+        Self {
+            per_tx_max_wei: destination_override.per_tx_max_wei,
+            daily_max_wei: destination_override.daily_max_wei,
+            weekly_max_wei: destination_override.weekly_max_wei,
+            max_gas_per_chain_wei: destination_override.max_gas_per_chain_wei,
+            daily_max_tx_count: destination_override.daily_max_tx_count,
+            per_tx_max_fee_per_gas_wei: destination_override.per_tx_max_fee_per_gas_wei,
+            per_tx_max_priority_fee_per_gas_wei: destination_override
+                .per_tx_max_priority_fee_per_gas_wei,
+            per_tx_max_calldata_bytes: destination_override.per_tx_max_calldata_bytes,
+        }
+    }
+
+    fn from_token_destination_override(
+        destination_override: &TokenDestinationPolicyOverride,
+    ) -> Self {
+        Self {
+            per_tx_max_wei: destination_override.per_tx_max_wei,
+            daily_max_wei: destination_override.daily_max_wei,
+            weekly_max_wei: destination_override.weekly_max_wei,
+            max_gas_per_chain_wei: destination_override.max_gas_per_chain_wei,
+            daily_max_tx_count: destination_override.daily_max_tx_count,
+            per_tx_max_fee_per_gas_wei: destination_override.per_tx_max_fee_per_gas_wei,
+            per_tx_max_priority_fee_per_gas_wei: destination_override
+                .per_tx_max_priority_fee_per_gas_wei,
+            per_tx_max_calldata_bytes: destination_override.per_tx_max_calldata_bytes,
+        }
+    }
+}
+
+#[derive(Debug)]
+struct PolicyBundle {
+    per_tx: SpendingPolicy,
+    daily: SpendingPolicy,
+    weekly: SpendingPolicy,
+    gas: Option<SpendingPolicy>,
+    daily_tx_count: Option<SpendingPolicy>,
+    per_tx_max_fee: Option<SpendingPolicy>,
+    per_tx_max_priority_fee: Option<SpendingPolicy>,
+    per_tx_max_calldata_bytes: Option<SpendingPolicy>,
+}
+
+impl PolicyBundle {
+    fn policies(&self) -> Vec<&SpendingPolicy> {
+        let mut policies = vec![&self.per_tx, &self.daily, &self.weekly];
+        if let Some(policy) = &self.gas {
+            policies.push(policy);
+        }
+        if let Some(policy) = &self.daily_tx_count {
+            policies.push(policy);
+        }
+        if let Some(policy) = &self.per_tx_max_fee {
+            policies.push(policy);
+        }
+        if let Some(policy) = &self.per_tx_max_priority_fee {
+            policies.push(policy);
+        }
+        if let Some(policy) = &self.per_tx_max_calldata_bytes {
+            policies.push(policy);
+        }
+        policies
+    }
+
+    fn policy_ids(&self) -> BTreeSet<Uuid> {
+        self.policies()
+            .into_iter()
+            .map(|policy| policy.id)
+            .collect()
+    }
+}
+
+fn build_policy_bundle(
+    priority_base: u32,
+    limits: &PolicyLimitConfig,
+    recipient_scope: EntityScope<EvmAddress>,
+    asset_scope: EntityScope<AssetId>,
+    network_scope: EntityScope<u64>,
+) -> Result<PolicyBundle> {
+    Ok(PolicyBundle {
+        per_tx: SpendingPolicy::new(
+            priority_base,
+            PolicyType::PerTxMaxSpending,
+            limits.per_tx_max_wei,
+            recipient_scope.clone(),
+            asset_scope.clone(),
+            network_scope.clone(),
+        )
+        .context("invalid policy configuration")?,
+        daily: SpendingPolicy::new(
+            priority_base + 1,
+            PolicyType::DailyMaxSpending,
+            limits.daily_max_wei,
+            recipient_scope.clone(),
+            asset_scope.clone(),
+            network_scope.clone(),
+        )
+        .context("invalid policy configuration")?,
+        weekly: SpendingPolicy::new(
+            priority_base + 2,
+            PolicyType::WeeklyMaxSpending,
+            limits.weekly_max_wei,
+            recipient_scope.clone(),
+            asset_scope.clone(),
+            network_scope.clone(),
+        )
+        .context("invalid policy configuration")?,
+        gas: (limits.max_gas_per_chain_wei > 0)
+            .then(|| {
+                SpendingPolicy::new(
+                    priority_base + 3,
+                    PolicyType::PerChainMaxGasSpend,
+                    limits.max_gas_per_chain_wei,
+                    recipient_scope.clone(),
+                    EntityScope::All,
+                    network_scope.clone(),
+                )
+            })
+            .transpose()
+            .context("invalid policy configuration")?,
+        daily_tx_count: (limits.daily_max_tx_count > 0)
+            .then(|| {
+                SpendingPolicy::new(
+                    priority_base + 4,
+                    PolicyType::DailyMaxTxCount,
+                    limits.daily_max_tx_count,
+                    recipient_scope.clone(),
+                    asset_scope.clone(),
+                    network_scope.clone(),
+                )
+            })
+            .transpose()
+            .context("invalid policy configuration")?,
+        per_tx_max_fee: (limits.per_tx_max_fee_per_gas_wei > 0)
+            .then(|| {
+                SpendingPolicy::new(
+                    priority_base + 5,
+                    PolicyType::PerTxMaxFeePerGas,
+                    limits.per_tx_max_fee_per_gas_wei,
+                    recipient_scope.clone(),
+                    asset_scope.clone(),
+                    network_scope.clone(),
+                )
+            })
+            .transpose()
+            .context("invalid policy configuration")?,
+        per_tx_max_priority_fee: (limits.per_tx_max_priority_fee_per_gas_wei > 0)
+            .then(|| {
+                SpendingPolicy::new(
+                    priority_base + 6,
+                    PolicyType::PerTxMaxPriorityFeePerGas,
+                    limits.per_tx_max_priority_fee_per_gas_wei,
+                    recipient_scope.clone(),
+                    asset_scope.clone(),
+                    network_scope.clone(),
+                )
+            })
+            .transpose()
+            .context("invalid policy configuration")?,
+        per_tx_max_calldata_bytes: (limits.per_tx_max_calldata_bytes > 0)
+            .then(|| {
+                SpendingPolicy::new(
+                    priority_base + 7,
+                    PolicyType::PerTxMaxCalldataBytes,
+                    limits.per_tx_max_calldata_bytes,
+                    recipient_scope,
+                    asset_scope,
+                    network_scope,
+                )
+            })
+            .transpose()
+            .context("invalid policy configuration")?,
+    })
+}
+
+async fn register_policy_bundle(
+    daemon: &dyn KeyManagerDaemonApi,
+    session: &AdminSession,
+    bundle: &PolicyBundle,
+) -> Result<()> {
+    for policy in bundle.policies() {
+        daemon.add_policy(session, policy.clone()).await?;
+    }
+    Ok(())
+}
+
+fn validate_destination_policy_overrides(params: &BootstrapParams) -> Result<()> {
+    if params.recipient.is_some() && !params.destination_overrides.is_empty() {
+        bail!(
+            "destination overrides require the default recipient scope to cover every destination"
+        );
+    }
+
+    let defaults = PolicyLimitConfig::from_params(params);
+    let mut seen_recipients = BTreeSet::new();
+    for destination_override in &params.destination_overrides {
+        validate_policy_limits(
+            destination_override.per_tx_max_wei,
+            destination_override.daily_max_wei,
+            destination_override.weekly_max_wei,
+        )?;
+        if !seen_recipients.insert(destination_override.recipient.clone()) {
+            bail!(
+                "duplicate destination override recipient: {}",
+                destination_override.recipient
+            );
+        }
+        let recipient = destination_override.recipient.to_string();
+        validate_required_overlay_limit(
+            &recipient,
+            "per-tx max",
+            defaults.per_tx_max_wei,
+            destination_override.per_tx_max_wei,
+        )?;
+        validate_required_overlay_limit(
+            &recipient,
+            "daily max",
+            defaults.daily_max_wei,
+            destination_override.daily_max_wei,
+        )?;
+        validate_required_overlay_limit(
+            &recipient,
+            "weekly max",
+            defaults.weekly_max_wei,
+            destination_override.weekly_max_wei,
+        )?;
+        validate_optional_overlay_limit(
+            &recipient,
+            "max gas per chain",
+            defaults.max_gas_per_chain_wei,
+            destination_override.max_gas_per_chain_wei,
+        )?;
+        validate_optional_overlay_limit(
+            &recipient,
+            "daily max tx count",
+            defaults.daily_max_tx_count,
+            destination_override.daily_max_tx_count,
+        )?;
+        validate_optional_overlay_limit(
+            &recipient,
+            "per-tx max fee per gas",
+            defaults.per_tx_max_fee_per_gas_wei,
+            destination_override.per_tx_max_fee_per_gas_wei,
+        )?;
+        validate_optional_overlay_limit(
+            &recipient,
+            "per-tx max priority fee per gas",
+            defaults.per_tx_max_priority_fee_per_gas_wei,
+            destination_override.per_tx_max_priority_fee_per_gas_wei,
+        )?;
+        validate_optional_overlay_limit(
+            &recipient,
+            "per-tx max calldata bytes",
+            defaults.per_tx_max_calldata_bytes,
+            destination_override.per_tx_max_calldata_bytes,
+        )?;
+    }
+    Ok(())
+}
+
+fn validate_per_token_bootstrap_params(params: &BootstrapParams) -> Result<()> {
+    if params.token_policies.is_empty() {
+        bail!("at least one per-token policy is required");
+    }
+    if !params.destination_overrides.is_empty() {
+        bail!("legacy destination overrides cannot be mixed with per-token policies");
+    }
+    if params.recipient.is_some() {
+        bail!("global recipient scope is not supported with per-token policies");
+    }
+
+    let mut seen_selectors = BTreeSet::new();
+    for token_policy in &params.token_policies {
+        if token_policy.token_key.trim().is_empty() || token_policy.chain_key.trim().is_empty() {
+            bail!("token policy selectors must include token and chain keys");
+        }
+        if !seen_selectors.insert((
+            token_policy.token_key.clone(),
+            token_policy.chain_key.clone(),
+        )) {
+            bail!(
+                "duplicate token policy selector: {}:{}",
+                token_policy.token_key,
+                token_policy.chain_key
+            );
+        }
+        if token_policy.chain_id == 0 {
+            bail!(
+                "token policy '{}' chain '{}' must have a non-zero chain id",
+                token_policy.token_key,
+                token_policy.chain_key
+            );
+        }
+        if token_policy.is_native {
+            if token_policy.address.is_some() {
+                bail!(
+                    "token policy '{}:{}' must not set an address when native",
+                    token_policy.token_key,
+                    token_policy.chain_key
+                );
+            }
+        } else if token_policy.address.is_none() {
+            bail!(
+                "token policy '{}:{}' requires an ERC-20 address",
+                token_policy.token_key,
+                token_policy.chain_key
+            );
+        }
+
+        validate_policy_limits(
+            token_policy.per_tx_max_wei,
+            token_policy.daily_max_wei,
+            token_policy.weekly_max_wei,
+        )?;
+    }
+
+    let mut seen_overrides = BTreeSet::new();
+    for destination_override in &params.token_destination_overrides {
+        let Some(token_policy) = params.token_policies.iter().find(|policy| {
+            policy.token_key == destination_override.token_key
+                && policy.chain_key == destination_override.chain_key
+        }) else {
+            bail!(
+                "destination override references unknown token selector '{}:{}'",
+                destination_override.token_key,
+                destination_override.chain_key
+            );
+        };
+
+        let recipient = destination_override.recipient.to_string();
+        if !seen_overrides.insert((
+            destination_override.token_key.clone(),
+            destination_override.chain_key.clone(),
+            recipient.clone(),
+        )) {
+            bail!(
+                "duplicate per-token destination override: {}:{} for {}",
+                destination_override.token_key,
+                destination_override.chain_key,
+                recipient
+            );
+        }
+
+        validate_policy_limits(
+            destination_override.per_tx_max_wei,
+            destination_override.daily_max_wei,
+            destination_override.weekly_max_wei,
+        )?;
+        validate_token_destination_override_overlay(
+            &recipient,
+            &PolicyLimitConfig::from_token_policy(token_policy),
+            &PolicyLimitConfig::from_token_destination_override(destination_override),
+        )?;
+    }
+
+    for manual_approval in &params.token_manual_approval_policies {
+        let Some(token_policy) = params.token_policies.iter().find(|policy| {
+            policy.token_key == manual_approval.token_key
+                && policy.chain_key == manual_approval.chain_key
+        }) else {
+            bail!(
+                "manual approval policy references unknown token selector '{}:{}'",
+                manual_approval.token_key,
+                manual_approval.chain_key
+            );
+        };
+        if token_policy.chain_id != manual_approval.chain_id {
+            bail!(
+                "manual approval policy '{}:{}' must match chain id {}",
+                manual_approval.token_key,
+                manual_approval.chain_key,
+                token_policy.chain_id
+            );
+        }
+        if manual_approval.min_amount_wei == 0 || manual_approval.max_amount_wei == 0 {
+            bail!(
+                "manual approval policy '{}:{}' requires non-zero min/max amounts",
+                manual_approval.token_key,
+                manual_approval.chain_key
+            );
+        }
+        if manual_approval.min_amount_wei > manual_approval.max_amount_wei {
+            bail!(
+                "manual approval policy '{}:{}' min amount must be less than or equal to max amount",
+                manual_approval.token_key,
+                manual_approval.chain_key
+            );
+        }
+        if manual_approval.is_native != token_policy.is_native
+            || manual_approval.address != token_policy.address
+        {
+            bail!(
+                "manual approval policy '{}:{}' must match the saved token asset scope",
+                manual_approval.token_key,
+                manual_approval.chain_key
+            );
+        }
+    }
+
+    Ok(())
+}
+
+fn build_asset_scope_for_token_policy(
+    token_policy: &TokenPolicyConfig,
+) -> Result<EntityScope<AssetId>> {
+    build_asset_scope_for_token_selector(
+        &token_policy.token_key,
+        &token_policy.chain_key,
+        token_policy.is_native,
+        token_policy.address.as_ref(),
+    )
+}
+
+fn build_asset_scope_for_token_manual_approval(
+    manual_approval: &TokenManualApprovalPolicyConfig,
+) -> Result<EntityScope<AssetId>> {
+    build_asset_scope_for_token_selector(
+        &manual_approval.token_key,
+        &manual_approval.chain_key,
+        manual_approval.is_native,
+        manual_approval.address.as_ref(),
+    )
+}
+
+fn build_asset_scope_for_token_selector(
+    token_key: &str,
+    chain_key: &str,
+    is_native: bool,
+    address: Option<&EvmAddress>,
+) -> Result<EntityScope<AssetId>> {
+    if is_native {
+        if address.is_some() {
+            bail!(
+                "token policy '{}:{}' must not include an address for native asset scope",
+                token_key,
+                chain_key
+            );
+        }
+        Ok(single_scope(AssetId::NativeEth))
+    } else {
+        let address = address.cloned().with_context(|| {
+            format!(
+                "token policy '{}:{}' requires an ERC-20 address",
+                token_key, chain_key
+            )
+        })?;
+        Ok(single_scope(AssetId::Erc20(address)))
+    }
+}
+
+fn validate_token_destination_override_overlay(
+    recipient: &str,
+    defaults: &PolicyLimitConfig,
+    override_limits: &PolicyLimitConfig,
+) -> Result<()> {
+    validate_required_overlay_limit(
+        recipient,
+        "per-tx max",
+        defaults.per_tx_max_wei,
+        override_limits.per_tx_max_wei,
+    )?;
+    validate_required_overlay_limit(
+        recipient,
+        "daily max",
+        defaults.daily_max_wei,
+        override_limits.daily_max_wei,
+    )?;
+    validate_required_overlay_limit(
+        recipient,
+        "weekly max",
+        defaults.weekly_max_wei,
+        override_limits.weekly_max_wei,
+    )?;
+    validate_optional_overlay_limit(
+        recipient,
+        "max gas per chain",
+        defaults.max_gas_per_chain_wei,
+        override_limits.max_gas_per_chain_wei,
+    )?;
+    validate_optional_overlay_limit(
+        recipient,
+        "daily max tx count",
+        defaults.daily_max_tx_count,
+        override_limits.daily_max_tx_count,
+    )?;
+    validate_optional_overlay_limit(
+        recipient,
+        "per-tx max fee per gas",
+        defaults.per_tx_max_fee_per_gas_wei,
+        override_limits.per_tx_max_fee_per_gas_wei,
+    )?;
+    validate_optional_overlay_limit(
+        recipient,
+        "per-tx max priority fee per gas",
+        defaults.per_tx_max_priority_fee_per_gas_wei,
+        override_limits.per_tx_max_priority_fee_per_gas_wei,
+    )?;
+    validate_optional_overlay_limit(
+        recipient,
+        "per-tx max calldata bytes",
+        defaults.per_tx_max_calldata_bytes,
+        override_limits.per_tx_max_calldata_bytes,
+    )?;
+    Ok(())
+}
+
+fn validate_required_overlay_limit(
+    recipient: &str,
+    label: &str,
+    default_value: u128,
+    override_value: u128,
+) -> Result<()> {
+    if override_value > default_value {
+        bail!(
+            "destination override for {recipient} must not increase {label} above the default value"
+        );
+    }
+    Ok(())
+}
+
+fn validate_optional_overlay_limit(
+    recipient: &str,
+    label: &str,
+    default_value: u128,
+    override_value: u128,
+) -> Result<()> {
+    if default_value == 0 {
+        return Ok(());
+    }
+    if override_value == 0 {
+        bail!(
+            "destination override for {recipient} must keep {label} enabled because the default value is enabled"
+        );
+    }
+    if override_value > default_value {
+        bail!(
+            "destination override for {recipient} must not increase {label} above the default value"
+        );
+    }
+    Ok(())
+}
+
+async fn execute_rotate_agent_auth_token(
+    daemon: Arc<dyn KeyManagerDaemonApi>,
+    vault_password: &str,
+    params: RotateAgentAuthTokenParams,
+    mut on_status: impl FnMut(&str),
+) -> Result<RotateAgentAuthTokenOutput> {
+    on_status("issuing admin lease");
+    let lease = daemon.issue_lease(vault_password).await?;
+    let mut session = AdminSession {
+        vault_password: vault_password.to_string(),
+        lease,
+    };
+
+    let result = async {
+        on_status("rotating agent auth token");
+        let mut agent_auth_token = daemon
+            .rotate_agent_auth_token(&session, params.agent_key_id)
+            .await?;
+
+        if params.print_agent_auth_token {
+            Ok(RotateAgentAuthTokenOutput {
+                agent_key_id: params.agent_key_id.to_string(),
+                agent_auth_token,
+                agent_auth_token_redacted: false,
+            })
+        } else {
+            agent_auth_token.zeroize();
+            Ok(RotateAgentAuthTokenOutput {
+                agent_key_id: params.agent_key_id.to_string(),
+                agent_auth_token: "<redacted>".to_string(),
+                agent_auth_token_redacted: true,
+            })
+        }
+    }
+    .await;
+
+    session.vault_password.zeroize();
+    result
+}
+
+async fn execute_revoke_agent_key(
+    daemon: Arc<dyn KeyManagerDaemonApi>,
+    vault_password: &str,
+    params: RevokeAgentKeyParams,
+    mut on_status: impl FnMut(&str),
+) -> Result<RevokeAgentKeyOutput> {
+    on_status("issuing admin lease");
+    let lease = daemon.issue_lease(vault_password).await?;
+    let mut session = AdminSession {
+        vault_password: vault_password.to_string(),
+        lease,
+    };
+
+    let result = async {
+        on_status("revoking agent key");
+        daemon
+            .revoke_agent_key(&session, params.agent_key_id)
+            .await?;
+        Ok(RevokeAgentKeyOutput {
+            agent_key_id: params.agent_key_id.to_string(),
+            revoked: true,
+        })
+    }
+    .await;
+
+    session.vault_password.zeroize();
+    result
+}
+
+async fn execute_add_manual_approval_policy(
+    daemon: Arc<dyn KeyManagerDaemonApi>,
+    vault_password: &str,
+    params: AddManualApprovalPolicyParams,
+    mut on_status: impl FnMut(&str),
+) -> Result<ManualApprovalPolicyOutput> {
+    if params.min_amount_wei > params.max_amount_wei {
+        bail!("--min-amount-wei must be less than or equal to --max-amount-wei");
+    }
+
+    on_status("issuing admin lease");
+    let lease = daemon.issue_lease(vault_password).await?;
+    let mut session = AdminSession {
+        vault_password: vault_password.to_string(),
+        lease,
+    };
+
+    let recipients = params
+        .recipient
+        .clone()
+        .map_or(EntityScope::All, single_scope);
+    let assets = build_asset_scope(&params.tokens, params.allow_native_eth);
+    let networks = build_network_scope(params.network);
+    let policy = SpendingPolicy::new_manual_approval(
+        params.priority,
+        params.min_amount_wei,
+        params.max_amount_wei,
+        recipients.clone(),
+        assets.clone(),
+        networks.clone(),
+    )?;
+    let policy_id = policy.id;
+
+    let result = async {
+        on_status("creating manual approval policy");
+        daemon.add_policy(&session, policy).await?;
+        Ok(ManualApprovalPolicyOutput {
+            policy_id: policy_id.to_string(),
+            priority: params.priority,
+            min_amount_wei: params.min_amount_wei.to_string(),
+            max_amount_wei: params.max_amount_wei.to_string(),
+            network_scope: describe_network_scope(&networks),
+            asset_scope: describe_asset_scope(&assets),
+            recipient_scope: describe_recipient_scope(&recipients),
+        })
+    }
+    .await;
+
+    session.vault_password.zeroize();
+    result
+}
+
+async fn execute_list_manual_approval_requests(
+    daemon: Arc<dyn KeyManagerDaemonApi>,
+    vault_password: &str,
+    mut on_status: impl FnMut(&str),
+) -> Result<Vec<ManualApprovalRequest>> {
+    on_status("issuing admin lease");
+    let lease = daemon.issue_lease(vault_password).await?;
+    let mut session = AdminSession {
+        vault_password: vault_password.to_string(),
+        lease,
+    };
+
+    let result = async {
+        on_status("listing manual approval requests");
+        Ok(daemon.list_manual_approval_requests(&session).await?)
+    }
+    .await;
+
+    session.vault_password.zeroize();
+    result
+}
+
+async fn execute_decide_manual_approval_request(
+    daemon: Arc<dyn KeyManagerDaemonApi>,
+    vault_password: &str,
+    params: DecideManualApprovalRequestParams,
+    mut on_status: impl FnMut(&str),
+) -> Result<ManualApprovalRequest> {
+    on_status("issuing admin lease");
+    let lease = daemon.issue_lease(vault_password).await?;
+    let mut session = AdminSession {
+        vault_password: vault_password.to_string(),
+        lease,
+    };
+
+    let result = async {
+        on_status("updating manual approval request");
+        Ok(daemon
+            .decide_manual_approval_request(
+                &session,
+                params.approval_request_id,
+                params.decision,
+                params.rejection_reason,
+            )
+            .await?)
+    }
+    .await;
+
+    session.vault_password.zeroize();
+    result
+}
+
+async fn execute_set_relay_config(
+    daemon: Arc<dyn KeyManagerDaemonApi>,
+    vault_password: &str,
+    params: SetRelayConfigParams,
+    mut on_status: impl FnMut(&str),
+) -> Result<RelayConfig> {
+    on_status("issuing admin lease");
+    let lease = daemon.issue_lease(vault_password).await?;
+    let mut session = AdminSession {
+        vault_password: vault_password.to_string(),
+        lease,
+    };
+
+    let result = async {
+        let (relay_url, frontend_url) = if params.clear {
+            (None, None)
+        } else {
+            on_status("reading existing relay configuration");
+            let existing = daemon.get_relay_config(&session).await?;
+            (
+                params.relay_url.or(existing.relay_url),
+                params.frontend_url.or(existing.frontend_url),
+            )
+        };
+        on_status("updating relay configuration");
+        Ok(daemon
+            .set_relay_config(&session, relay_url, frontend_url)
+            .await?)
+    }
+    .await;
+
+    session.vault_password.zeroize();
+    result
+}
+
+async fn execute_get_relay_config(
+    daemon: Arc<dyn KeyManagerDaemonApi>,
+    vault_password: &str,
+    mut on_status: impl FnMut(&str),
+) -> Result<RelayConfig> {
+    on_status("issuing admin lease");
+    let lease = daemon.issue_lease(vault_password).await?;
+    let mut session = AdminSession {
+        vault_password: vault_password.to_string(),
+        lease,
+    };
+
+    let result = async {
+        on_status("reading relay configuration");
+        Ok(daemon.get_relay_config(&session).await?)
+    }
+    .await;
+
+    session.vault_password.zeroize();
+    result
+}
+
+async fn validate_existing_policy_attachments(
+    daemon: &dyn KeyManagerDaemonApi,
+    session: &AdminSession,
+    attach_policy_ids: &[Uuid],
+) -> Result<()> {
+    if attach_policy_ids.is_empty() {
+        return Ok(());
+    }
+
+    let existing_policy_ids = daemon
+        .list_policies(session)
+        .await?
+        .into_iter()
+        .map(|policy| policy.id)
+        .collect::<BTreeSet<_>>();
+    let missing = attach_policy_ids
+        .iter()
+        .copied()
+        .filter(|policy_id| !existing_policy_ids.contains(policy_id))
+        .collect::<Vec<_>>();
+
+    if missing.is_empty() {
+        return Ok(());
+    }
+
+    let joined = missing
+        .into_iter()
+        .map(|policy_id| policy_id.to_string())
+        .collect::<Vec<_>>()
+        .join(", ");
+    bail!("unknown --attach-policy-id value(s): {joined}");
+}
+
+fn resolve_bootstrap_policy_attachment(
+    created_policy_ids: impl IntoIterator<Item = Uuid>,
+    attach_policy_ids: &[Uuid],
+) -> Result<(PolicyAttachment, String, Vec<String>, String)> {
+    let created_policy_ids = created_policy_ids.into_iter().collect::<BTreeSet<_>>();
+    let explicit_policy_ids = attach_policy_ids.iter().copied().collect::<BTreeSet<_>>();
+    let mut policy_set_ids = created_policy_ids.clone();
+    policy_set_ids.extend(explicit_policy_ids.iter().copied());
+
+    if policy_set_ids.is_empty() {
+        bail!("bootstrap must create or attach at least one policy");
+    }
+
+    let attached_policy_ids = policy_set_ids
+        .iter()
+        .map(ToString::to_string)
+        .collect::<Vec<_>>();
+
+    let policy_note = match (created_policy_ids.len(), explicit_policy_ids.len()) {
+        (created_count, 0) => format!(
+            "agent key is attached to {created_count} bootstrap-created policy id(s)"
+        ),
+        (0, explicit_count) => {
+            format!("agent key is attached to {explicit_count} explicit policy id(s)")
+        }
+        (created_count, explicit_count) => format!(
+            "agent key is attached to {created_count} bootstrap-created policy id(s) and {explicit_count} explicit policy id(s)"
+        ),
+    };
+
+    Ok((
+        PolicyAttachment::policy_set(policy_set_ids)
+            .context("invalid policy attachment configuration")?,
+        "policy_set".to_string(),
+        attached_policy_ids,
+        policy_note,
+    ))
+}
+
+fn validate_policy_limits(per_tx: u128, daily: u128, weekly: u128) -> Result<()> {
+    if daily < per_tx {
+        bail!(
+            "--daily-max-wei ({daily}) must be greater than or equal to --per-tx-max-wei ({per_tx})"
+        );
+    }
+    if weekly < daily {
+        bail!(
+            "--weekly-max-wei ({weekly}) must be greater than or equal to --daily-max-wei ({daily})"
+        );
+    }
+    Ok(())
+}
+
+fn parse_positive_u128(input: &str) -> Result<u128, String> {
+    let parsed = input
+        .parse::<u128>()
+        .map_err(|_| "must be a valid unsigned integer".to_string())?;
+    if parsed == 0 {
+        return Err("must be greater than zero".to_string());
+    }
+    Ok(parsed)
+}
+
+fn resolve_daemon_socket_path(cli_value: Option<PathBuf>) -> Result<PathBuf> {
+    let path = match cli_value {
+        Some(path) => path,
+        None => wlfi_home_dir()?.join("daemon.sock"),
+    };
+
+    assert_root_owned_daemon_socket_path(&path).map_err(anyhow::Error::msg)
+}
+
+fn wlfi_home_dir() -> Result<PathBuf> {
+    if let Some(path) = std::env::var_os("WLFI_HOME") {
+        let candidate = PathBuf::from(path);
+        if candidate.as_os_str().is_empty() {
+            bail!("WLFI_HOME must not be empty");
+        }
+        return Ok(candidate);
+    }
+
+    let Some(home) = std::env::var_os("HOME") else {
+        bail!("HOME is not set; use WLFI_HOME to choose config directory");
+    };
+    Ok(PathBuf::from(home).join(".wlfi_agent"))
+}
+
+fn parse_non_negative_u128(input: &str) -> Result<u128, String> {
+    input
+        .parse::<u128>()
+        .map_err(|_| "must be a valid unsigned integer".to_string())
+}
+
+fn parse_positive_u64(input: &str) -> Result<u64, String> {
+    let parsed = input
+        .parse::<u64>()
+        .map_err(|_| "must be a valid unsigned integer".to_string())?;
+    if parsed == 0 {
+        return Err("must be greater than zero".to_string());
+    }
+    Ok(parsed)
+}
+
+fn display_optional_output_value(value: &Option<String>) -> &str {
+    value.as_deref().unwrap_or("unlimited")
+}
+
+fn print_bootstrap_output(
+    output: &BootstrapOutput,
+    format: OutputFormat,
+    target: &OutputTarget,
+) -> Result<()> {
+    let rendered = match format {
+        OutputFormat::Json => {
+            serde_json::to_string_pretty(output).context("failed to serialize output")?
+        }
+        OutputFormat::Text => {
+            let mut lines = vec![
+                format!("State File: {}", output.state_file),
+                "Lease".to_string(),
+                format!("  ID: {}", output.lease_id),
+                format!("  Expires At: {}", output.lease_expires_at),
+                format!("  Agent Policy Attachment: {}", output.policy_attachment),
+                "Keys".to_string(),
+                format!("  Vault Key ID: {}", output.vault_key_id),
+                format!("  Vault Public Key: {}", output.vault_public_key),
+                output
+                    .vault_private_key
+                    .as_ref()
+                    .map(|value| format!("  Vault Private Key: {value}"))
+                    .unwrap_or_default(),
+                format!("  Agent Key ID: {}", output.agent_key_id),
+                format!("  Agent Auth Token: {}", output.agent_auth_token),
+            ];
+            if output.token_policies.is_empty() {
+                lines.push("Policies".to_string());
+                if let Some(value) = &output.per_tx_policy_id {
+                    lines.push(format!("  Per-Tx: {value}"));
+                }
+                if let Some(value) = &output.daily_policy_id {
+                    lines.push(format!("  Daily: {value}"));
+                }
+                if let Some(value) = &output.weekly_policy_id {
+                    lines.push(format!("  Weekly: {value}"));
+                }
+                if let Some(value) = &output.gas_policy_id {
+                    lines.push(format!("  Per-Chain Max Gas: {value}"));
+                }
+                if let Some(value) = &output.per_tx_max_wei {
+                    lines.push(format!("  Per-Tx Limit (wei): {value}"));
+                }
+                if let Some(value) = &output.daily_max_wei {
+                    lines.push(format!("  Daily Limit (wei): {value}"));
+                }
+                if let Some(value) = &output.weekly_max_wei {
+                    lines.push(format!("  Weekly Limit (wei): {value}"));
+                }
+                if let Some(value) = &output.max_gas_per_chain_wei {
+                    lines.push(format!("  Per-Chain Max Gas Limit (wei): {value}"));
+                }
+                if let Some(value) = &output.daily_max_tx_count {
+                    lines.push(format!("  Daily Tx Count Limit: {value}"));
+                }
+                if let Some(id) = &output.daily_tx_count_policy_id {
+                    lines.push(format!("  Daily Tx Count: {id}"));
+                }
+                if let Some(value) = &output.per_tx_max_fee_per_gas_wei {
+                    lines.push(format!("  Per-Tx Max Fee Per Gas Limit (wei): {value}"));
+                }
+                if let Some(id) = &output.per_tx_max_fee_per_gas_policy_id {
+                    lines.push(format!("  Per-Tx Max Fee Per Gas: {id}"));
+                }
+                if let Some(value) = &output.per_tx_max_priority_fee_per_gas_wei {
+                    lines.push(format!(
+                        "  Per-Tx Max Priority Fee Per Gas Limit (wei): {value}"
+                    ));
+                }
+                if let Some(id) = &output.per_tx_max_priority_fee_per_gas_policy_id {
+                    lines.push(format!("  Per-Tx Max Priority Fee Per Gas: {id}"));
+                }
+                if let Some(value) = &output.per_tx_max_calldata_bytes {
+                    lines.push(format!("  Per-Tx Max Calldata Bytes Limit: {value}"));
+                }
+                if let Some(id) = &output.per_tx_max_calldata_bytes_policy_id {
+                    lines.push(format!("  Per-Tx Max Calldata Bytes: {id}"));
+                }
+                if let Some(value) = &output.network_scope {
+                    lines.push(format!("  Network Scope: {value}"));
+                }
+                if let Some(value) = &output.asset_scope {
+                    lines.push(format!("  Asset Scope: {value}"));
+                }
+                if let Some(value) = &output.recipient_scope {
+                    lines.push(format!("  Recipient Scope: {value}"));
+                }
+            } else {
+                lines.push("Per-Token Policies".to_string());
+                for token_policy in &output.token_policies {
+                    lines.push(format!(
+                        "  {}:{} ({})",
+                        token_policy.token_key, token_policy.chain_key, token_policy.symbol
+                    ));
+                    lines.push(format!("    Chain ID: {}", token_policy.chain_id));
+                    lines.push(format!("    Asset Scope: {}", token_policy.asset_scope));
+                    lines.push(format!(
+                        "    Limits: per-tx={} daily={} weekly={} gas={}",
+                        token_policy.per_tx_max_wei,
+                        token_policy.daily_max_wei,
+                        token_policy.weekly_max_wei,
+                        display_optional_output_value(&token_policy.max_gas_per_chain_wei)
+                    ));
+                    if let Some(value) = &token_policy.daily_max_tx_count {
+                        lines.push(format!("    Daily Tx Count Limit: {value}"));
+                    }
+                    if let Some(value) = &token_policy.per_tx_max_fee_per_gas_wei {
+                        lines.push(format!("    Per-Tx Max Fee/Gas Limit (wei): {value}"));
+                    }
+                    if let Some(value) = &token_policy.per_tx_max_priority_fee_per_gas_wei {
+                        lines.push(format!(
+                            "    Per-Tx Max Priority Fee/Gas Limit (wei): {value}"
+                        ));
+                    }
+                    if let Some(value) = &token_policy.per_tx_max_calldata_bytes {
+                        lines.push(format!("    Per-Tx Max Calldata Bytes Limit: {value}"));
+                    }
+                    lines.push(format!(
+                        "    Policy IDs: per_tx={} daily={} weekly={} gas={}",
+                        token_policy.per_tx_policy_id,
+                        token_policy.daily_policy_id,
+                        token_policy.weekly_policy_id,
+                        display_optional_output_value(&token_policy.gas_policy_id)
+                    ));
+                }
+            }
+            lines.push(format!(
+                "  Destination Override Count: {}",
+                output.destination_override_count
+            ));
+            if output.agent_auth_token == "<redacted>" {
+                lines.push(
+                    "  Note: pass --print-agent-auth-token to intentionally print secret credentials"
+                        .to_string(),
+                );
+            } else {
+                lines.push(
+                    "  Warning: keep the agent auth token and any exported private key carefully."
+                        .to_string(),
+                );
+            }
+            if !output.destination_overrides.is_empty() {
+                lines.push("Destination Overrides".to_string());
+                for destination_override in &output.destination_overrides {
+                    lines.push(format!("  Recipient: {}", destination_override.recipient));
+                    lines.push(format!(
+                        "    Limits (wei): per-tx={} daily={} weekly={} gas={}",
+                        destination_override.per_tx_max_wei,
+                        destination_override.daily_max_wei,
+                        destination_override.weekly_max_wei,
+                        display_optional_output_value(&destination_override.max_gas_per_chain_wei)
+                    ));
+                    if let Some(value) = &destination_override.daily_max_tx_count {
+                        lines.push(format!("    Daily Tx Count Limit: {value}"));
+                    }
+                    if let Some(value) = &destination_override.per_tx_max_fee_per_gas_wei {
+                        lines.push(format!("    Per-Tx Max Fee/Gas Limit (wei): {value}"));
+                    }
+                    if let Some(value) = &destination_override.per_tx_max_priority_fee_per_gas_wei {
+                        lines.push(format!(
+                            "    Per-Tx Max Priority Fee/Gas Limit (wei): {value}"
+                        ));
+                    }
+                    if let Some(value) = &destination_override.per_tx_max_calldata_bytes {
+                        lines.push(format!("    Per-Tx Max Calldata Bytes Limit: {value}"));
+                    }
+                    lines.push(format!(
+                        "    Policy IDs: per_tx={} daily={} weekly={} gas={}",
+                        destination_override.per_tx_policy_id,
+                        destination_override.daily_policy_id,
+                        destination_override.weekly_policy_id,
+                        display_optional_output_value(&destination_override.gas_policy_id)
+                    ));
+                }
+            }
+            if !output.token_destination_overrides.is_empty() {
+                lines.push("Per-Token Destination Overrides".to_string());
+                for destination_override in &output.token_destination_overrides {
+                    lines.push(format!(
+                        "  {}:{} ({}) -> {}",
+                        destination_override.token_key,
+                        destination_override.chain_key,
+                        destination_override.symbol,
+                        destination_override.recipient
+                    ));
+                    lines.push(format!(
+                        "    Limits: per-tx={} daily={} weekly={} gas={}",
+                        destination_override.per_tx_max_wei,
+                        destination_override.daily_max_wei,
+                        destination_override.weekly_max_wei,
+                        display_optional_output_value(&destination_override.max_gas_per_chain_wei)
+                    ));
+                    if let Some(value) = &destination_override.daily_max_tx_count {
+                        lines.push(format!("    Daily Tx Count Limit: {value}"));
+                    }
+                    if let Some(value) = &destination_override.per_tx_max_fee_per_gas_wei {
+                        lines.push(format!("    Per-Tx Max Fee/Gas Limit (wei): {value}"));
+                    }
+                    if let Some(value) = &destination_override.per_tx_max_priority_fee_per_gas_wei {
+                        lines.push(format!(
+                            "    Per-Tx Max Priority Fee/Gas Limit (wei): {value}"
+                        ));
+                    }
+                    if let Some(value) = &destination_override.per_tx_max_calldata_bytes {
+                        lines.push(format!("    Per-Tx Max Calldata Bytes Limit: {value}"));
+                    }
+                    lines.push(format!(
+                        "    Policy IDs: per_tx={} daily={} weekly={} gas={}",
+                        destination_override.per_tx_policy_id,
+                        destination_override.daily_policy_id,
+                        destination_override.weekly_policy_id,
+                        display_optional_output_value(&destination_override.gas_policy_id)
+                    ));
+                }
+            }
+            if !output.token_manual_approval_policies.is_empty() {
+                lines.push("Per-Token Manual Approval Policies".to_string());
+                for manual_approval in &output.token_manual_approval_policies {
+                    lines.push(format!(
+                        "  {}:{} ({})",
+                        manual_approval.token_key,
+                        manual_approval.chain_key,
+                        manual_approval.symbol
+                    ));
+                    lines.push(format!("    Chain ID: {}", manual_approval.chain_id));
+                    lines.push(format!("    Priority: {}", manual_approval.priority));
+                    lines.push(format!(
+                        "    Amount Range (wei): {} -> {}",
+                        manual_approval.min_amount_wei, manual_approval.max_amount_wei
+                    ));
+                    lines.push(format!("    Asset Scope: {}", manual_approval.asset_scope));
+                    lines.push(format!(
+                        "    Recipient Scope: {}",
+                        manual_approval.recipient_scope
+                    ));
+                    lines.push(format!("    Policy ID: {}", manual_approval.policy_id));
+                }
+            }
+            if !output.attached_policy_ids.is_empty() {
+                lines.push("Attached Policy IDs".to_string());
+                for policy_id in &output.attached_policy_ids {
+                    lines.push(format!("  {policy_id}"));
+                }
+            }
+            lines.push("Policy Note".to_string());
+            lines.push(format!("  {}", output.policy_note));
+            lines
+                .into_iter()
+                .filter(|line| !line.is_empty())
+                .collect::<Vec<_>>()
+                .join("\n")
+        }
+    };
+    emit_output(&rendered, target)
+}
+
+fn print_rotate_agent_auth_token_output(
+    output: &RotateAgentAuthTokenOutput,
+    format: OutputFormat,
+    target: &OutputTarget,
+) -> Result<()> {
+    let rendered = match format {
+        OutputFormat::Json => {
+            serde_json::to_string_pretty(output).context("failed to serialize output")?
+        }
+        OutputFormat::Text => {
+            let mut lines = vec![
+                format!("Agent Key ID: {}", output.agent_key_id),
+                format!("Agent Auth Token: {}", output.agent_auth_token),
+            ];
+            if output.agent_auth_token_redacted {
+                lines.push(
+                    "Note: pass --print-agent-auth-token to intentionally print secret credentials"
+                        .to_string(),
+                );
+            }
+            lines.join("\n")
+        }
+    };
+    emit_output(&rendered, target)
+}
+
+fn print_revoke_agent_key_output(
+    output: &RevokeAgentKeyOutput,
+    format: OutputFormat,
+    target: &OutputTarget,
+) -> Result<()> {
+    let rendered = match format {
+        OutputFormat::Json => {
+            serde_json::to_string_pretty(output).context("failed to serialize output")?
+        }
+        OutputFormat::Text => format!(
+            "Agent Key ID: {}\nRevoked: {}",
+            output.agent_key_id, output.revoked
+        ),
+    };
+    emit_output(&rendered, target)
+}
+
+fn print_manual_approval_policy_output(
+    output: &ManualApprovalPolicyOutput,
+    format: OutputFormat,
+    target: &OutputTarget,
+) -> Result<()> {
+    let rendered = match format {
+        OutputFormat::Json => {
+            serde_json::to_string_pretty(output).context("failed to serialize output")?
+        }
+        OutputFormat::Text => vec![
+            format!("Policy ID: {}", output.policy_id),
+            format!("Priority: {}", output.priority),
+            format!(
+                "Amount Range (wei): {}..={}",
+                output.min_amount_wei, output.max_amount_wei
+            ),
+            format!("Networks: {}", output.network_scope),
+            format!("Assets: {}", output.asset_scope),
+            format!("Recipients: {}", output.recipient_scope),
+        ]
+        .join(
+            "
+",
+        ),
+    };
+    emit_output(&rendered, target)
+}
+
+fn print_manual_approval_requests_output(
+    output: &[ManualApprovalRequest],
+    format: OutputFormat,
+    target: &OutputTarget,
+) -> Result<()> {
+    let rendered = match format {
+        OutputFormat::Json => {
+            serde_json::to_string_pretty(output).context("failed to serialize output")?
+        }
+        OutputFormat::Text => {
+            if output.is_empty() {
+                "No manual approval requests".to_string()
+            } else {
+                output
+                    .iter()
+                    .map(render_manual_approval_request_text)
+                    .collect::<Vec<_>>()
+                    .join(
+                        "
+
+",
+                    )
+            }
+        }
+    };
+    emit_output(&rendered, target)
+}
+
+fn print_manual_approval_request_output(
+    output: &ManualApprovalRequest,
+    format: OutputFormat,
+    target: &OutputTarget,
+) -> Result<()> {
+    let rendered = match format {
+        OutputFormat::Json => {
+            serde_json::to_string_pretty(output).context("failed to serialize output")?
+        }
+        OutputFormat::Text => render_manual_approval_request_text(output),
+    };
+    emit_output(&rendered, target)
+}
+
+fn render_manual_approval_request_text(output: &ManualApprovalRequest) -> String {
+    let created_at = output
+        .created_at
+        .format(&Rfc3339)
+        .unwrap_or_else(|_| output.created_at.to_string());
+    let updated_at = output
+        .updated_at
+        .format(&Rfc3339)
+        .unwrap_or_else(|_| output.updated_at.to_string());
+    let completed_at = output
+        .completed_at
+        .and_then(|value| value.format(&Rfc3339).ok());
+    let mut lines = vec![
+        format!("Request ID: {}", output.id),
+        format!("Status: {:?}", output.status),
+        format!("Agent Key ID: {}", output.agent_key_id),
+        format!("Vault Key ID: {}", output.vault_key_id),
+        format!("Chain ID: {}", output.chain_id),
+        format!("Asset: {}", output.asset),
+        format!("Recipient: {}", output.recipient),
+        format!("Amount (wei): {}", output.amount_wei),
+        format!("Payload Hash: {}", output.request_payload_hash_hex),
+        format!("Created At: {created_at}"),
+        format!("Updated At: {updated_at}"),
+    ];
+    if let Some(completed_at) = completed_at {
+        lines.push(format!("Completed At: {completed_at}"));
+    }
+    if let Some(reason) = &output.rejection_reason {
+        lines.push(format!("Rejection Reason: {reason}"));
+    }
+    if !output.triggered_by_policy_ids.is_empty() {
+        lines.push(format!(
+            "Triggered By Policies: {}",
+            output
+                .triggered_by_policy_ids
+                .iter()
+                .map(ToString::to_string)
+                .collect::<Vec<_>>()
+                .join(",")
+        ));
+    }
+    lines.join(
+        "
+",
+    )
+}
+
+fn print_relay_config_output(
+    output: &RelayConfig,
+    format: OutputFormat,
+    target: &OutputTarget,
+) -> Result<()> {
+    let rendered = match format {
+        OutputFormat::Json => {
+            serde_json::to_string_pretty(output).context("failed to serialize output")?
+        }
+        OutputFormat::Text => vec![
+            format!(
+                "Relay URL: {}",
+                output.relay_url.as_deref().unwrap_or("<unset>")
+            ),
+            format!(
+                "Frontend URL: {}",
+                output.frontend_url.as_deref().unwrap_or("<unset>")
+            ),
+            format!("Daemon ID: {}", output.daemon_id_hex),
+            format!("Daemon Public Key: {}", output.daemon_public_key_hex),
+        ]
+        .join(
+            "
+",
+        ),
+    };
+    emit_output(&rendered, target)
+}
+
+fn build_asset_scope(tokens: &[EvmAddress], allow_native_eth: bool) -> EntityScope<AssetId> {
+    if tokens.is_empty() && !allow_native_eth {
+        return EntityScope::All;
+    }
+
+    let mut set = BTreeSet::new();
+    if allow_native_eth {
+        set.insert(AssetId::NativeEth);
+    }
+    for token in tokens {
+        set.insert(AssetId::Erc20(token.clone()));
+    }
+    EntityScope::Set(set)
+}
+
+fn build_network_scope(network: Option<u64>) -> EntityScope<u64> {
+    match network {
+        Some(chain_id) => single_scope(chain_id),
+        None => EntityScope::All,
+    }
+}
+
+fn describe_network_scope(scope: &EntityScope<u64>) -> String {
+    match scope {
+        EntityScope::All => "all networks".to_string(),
+        EntityScope::Set(values) => values
+            .iter()
+            .map(ToString::to_string)
+            .collect::<Vec<_>>()
+            .join(","),
+    }
+}
+
+fn describe_asset_scope(scope: &EntityScope<AssetId>) -> String {
+    match scope {
+        EntityScope::All => "all assets".to_string(),
+        EntityScope::Set(values) => values
+            .iter()
+            .map(ToString::to_string)
+            .collect::<Vec<_>>()
+            .join(","),
+    }
+}
+
+fn describe_recipient_scope(scope: &EntityScope<EvmAddress>) -> String {
+    match scope {
+        EntityScope::All => "all recipients".to_string(),
+        EntityScope::Set(values) => values
+            .iter()
+            .map(ToString::to_string)
+            .collect::<Vec<_>>()
+            .join(","),
+    }
+}
+
+fn single_scope<T: Ord>(value: T) -> EntityScope<T> {
+    let mut set = BTreeSet::new();
+    set.insert(value);
+    EntityScope::Set(set)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::{
+        build_asset_scope, build_network_scope, describe_recipient_scope, ensure_output_parent,
+        execute_bootstrap, execute_revoke_agent_key, execute_rotate_agent_auth_token,
+        resolve_daemon_socket_path, resolve_output_format, resolve_output_target,
+        should_print_status, validate_existing_policy_attachments, validate_password,
+        validate_policy_limits, write_output_file, BootstrapParams, Cli, Commands,
+        DestinationPolicyOverride, OutputFormat, OutputTarget, RevokeAgentKeyParams,
+        RotateAgentAuthTokenParams, TokenDestinationPolicyOverride, TokenPolicyConfig,
+    };
+    use crate::{shared_config::WlfiConfig, tui};
+    use clap::Parser;
+    use serde_json::to_vec;
+    use std::sync::Arc;
+    use std::time::{SystemTime, UNIX_EPOCH};
+    use uuid::Uuid;
+    use vault_daemon::{DaemonError, InMemoryDaemon, KeyManagerDaemonApi};
+    use vault_domain::{AdminSession, AgentAction, AssetId, EntityScope, EvmAddress, SignRequest};
+    use vault_signer::{KeyCreateRequest, SoftwareSignerBackend};
+    use zeroize::Zeroize;
+
+    #[test]
+    fn resolve_output_format_defaults_to_text() {
+        let format = resolve_output_format(None, false).expect("format");
+        assert!(matches!(format, OutputFormat::Text));
+    }
+
+    #[test]
+    fn resolve_output_format_json_shortcut() {
+        let format = resolve_output_format(None, true).expect("format");
+        assert!(matches!(format, OutputFormat::Json));
+    }
+
+    #[test]
+    fn resolve_output_format_rejects_text_conflict_with_json_shortcut() {
+        let err = resolve_output_format(Some(OutputFormat::Text), true).expect_err("must fail");
+        assert!(err.to_string().contains("--format text"));
+    }
+
+    #[test]
+    fn resolve_output_format_allows_json_redundancy() {
+        let format = resolve_output_format(Some(OutputFormat::Json), true).expect("format");
+        assert!(matches!(format, OutputFormat::Json));
+    }
+
+    #[test]
+    fn validate_password_rejects_whitespace_only() {
+        let err = validate_password("   ".to_string(), "argument").expect_err("must fail");
+        assert!(err.to_string().contains("must not be empty or whitespace"));
+    }
+
+    #[test]
+    fn cli_rejects_inline_vault_password_argument() {
+        let err = Cli::try_parse_from([
+            "wlfi-agent-admin",
+            "--vault-password",
+            "vault-secret",
+            "bootstrap",
+        ])
+        .expect_err("must reject");
+        assert!(err.to_string().contains("--vault-password"));
+    }
+
+    #[test]
+    fn validate_policy_limits_enforce_ordering() {
+        let err = validate_policy_limits(10, 9, 20).expect_err("must fail");
+        assert!(err.to_string().contains("--daily-max-wei"));
+
+        let err = validate_policy_limits(10, 10, 9).expect_err("must fail");
+        assert!(err.to_string().contains("--weekly-max-wei"));
+    }
+
+    #[test]
+    fn build_asset_scope_supports_native_and_erc20_sets() {
+        let token: EvmAddress = "0x1000000000000000000000000000000000000000"
+            .parse()
+            .expect("token");
+
+        let all_scope = build_asset_scope(&[], false);
+        assert!(matches!(all_scope, EntityScope::All));
+
+        let native_only = build_asset_scope(&[], true);
+        assert!(matches!(
+            native_only,
+            EntityScope::Set(values) if values.contains(&AssetId::NativeEth) && values.len() == 1
+        ));
+
+        let mixed = build_asset_scope(std::slice::from_ref(&token), true);
+        assert!(matches!(
+            mixed,
+            EntityScope::Set(values)
+                if values.contains(&AssetId::NativeEth)
+                && values.contains(&AssetId::Erc20(token))
+        ));
+    }
+
+    #[test]
+    fn build_network_scope_supports_all_or_specific_chain() {
+        assert!(matches!(build_network_scope(None), EntityScope::All));
+        assert!(matches!(
+            build_network_scope(Some(1)),
+            EntityScope::Set(values) if values.contains(&1)
+        ));
+    }
+
+    #[test]
+    fn describe_recipient_scope_supports_all_or_specific_recipient() {
+        assert_eq!(
+            describe_recipient_scope(&EntityScope::All),
+            "all recipients"
+        );
+
+        let recipient: EvmAddress = "0x1000000000000000000000000000000000000001"
+            .parse()
+            .expect("recipient");
+        let mut recipients = std::collections::BTreeSet::new();
+        recipients.insert(recipient.clone());
+
+        assert_eq!(
+            describe_recipient_scope(&EntityScope::Set(recipients)),
+            recipient.to_string()
+        );
+    }
+
+    #[tokio::test]
+    async fn validate_existing_policy_attachments_rejects_unknown_policy_ids() {
+        let daemon = test_daemon();
+        let lease = daemon.issue_lease("vault-password").await.expect("lease");
+        let mut session = vault_domain::AdminSession {
+            vault_password: "vault-password".to_string(),
+            lease,
+        };
+
+        let missing = Uuid::parse_str("00000000-0000-0000-0000-000000000111").expect("uuid");
+        let err = validate_existing_policy_attachments(daemon.as_ref(), &session, &[missing])
+            .await
+            .expect_err("must reject unknown policy id");
+
+        session.vault_password.zeroize();
+        assert!(err
+            .to_string()
+            .contains("unknown --attach-policy-id value(s):"));
+        assert!(err.to_string().contains(&missing.to_string()));
+    }
+
+    #[test]
+    fn status_printing_only_in_text_when_not_quiet() {
+        assert!(should_print_status(OutputFormat::Text, false));
+        assert!(!should_print_status(OutputFormat::Text, true));
+        assert!(!should_print_status(OutputFormat::Json, false));
+    }
+
+    #[test]
+    fn resolve_output_target_maps_dash_to_stdout() {
+        let target = resolve_output_target(Some("-".into()), false).expect("target");
+        assert!(matches!(target, OutputTarget::Stdout));
+    }
+
+    #[test]
+    fn resolve_output_target_rejects_overwrite_with_stdout() {
+        let err = resolve_output_target(Some("-".into()), true).expect_err("must fail");
+        assert!(err.to_string().contains("--overwrite cannot be used"));
+    }
+
+    #[test]
+    fn output_file_write_respects_overwrite_flag() {
+        let unique = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .expect("time")
+            .as_nanos();
+        let path = std::env::temp_dir().join(format!(
+            "wlfi-admin-cli-output-{}-{}.txt",
+            std::process::id(),
+            unique
+        ));
+        std::fs::write(&path, "existing\n").expect("seed");
+
+        let err = write_output_file(&path, "next", false).expect_err("must fail");
+        assert!(err.to_string().contains("already exists"));
+
+        write_output_file(&path, "next", true).expect("overwrite");
+        let updated = std::fs::read_to_string(&path).expect("read");
+        assert_eq!(updated, "next\n");
+
+        std::fs::remove_file(&path).expect("cleanup");
+    }
+
+    #[cfg(unix)]
+    #[test]
+    fn output_file_write_rejects_symlink_target() {
+        use std::os::unix::fs::symlink;
+
+        let unique = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .expect("time")
+            .as_nanos();
+        let target = std::env::temp_dir().join(format!(
+            "wlfi-admin-cli-symlink-target-{}-{}.txt",
+            std::process::id(),
+            unique
+        ));
+        let link = std::env::temp_dir().join(format!(
+            "wlfi-admin-cli-symlink-link-{}-{}.txt",
+            std::process::id(),
+            unique
+        ));
+        std::fs::write(&target, "seed\n").expect("seed");
+        symlink(&target, &link).expect("symlink");
+
+        let err = ensure_output_parent(&link).expect_err("must fail");
+        assert!(err.to_string().contains("must not be a symlink"));
+
+        std::fs::remove_file(&link).expect("cleanup link");
+        std::fs::remove_file(&target).expect("cleanup target");
+    }
+
+    #[test]
+    fn canonical_bootstrap_command_is_accepted() {
+        let cli = Cli::try_parse_from([
+            "wlfi-agent-admin",
+            "--daemon-socket",
+            "/tmp/wlfi.sock",
+            "bootstrap",
+        ])
+        .expect("parse");
+        assert!(matches!(cli.command, Commands::Bootstrap(_)));
+    }
+
+    #[test]
+    fn bootstrap_supports_explicit_agent_policy_attachment_flags() {
+        let cli = Cli::try_parse_from([
+            "wlfi-agent-admin",
+            "--daemon-socket",
+            "/tmp/wlfi.sock",
+            "bootstrap",
+            "--from-shared-config",
+            "--attach-bootstrap-policies",
+            "--attach-policy-id",
+            "00000000-0000-0000-0000-000000000001",
+            "--attach-policy-id",
+            "00000000-0000-0000-0000-000000000002",
+        ])
+        .expect("parse");
+
+        let Commands::Bootstrap(args) = cli.command else {
+            panic!("expected bootstrap command");
+        };
+        assert!(args.from_shared_config);
+        assert!(args.attach_bootstrap_policies);
+        assert_eq!(args.attach_policy_id.len(), 2);
+    }
+
+    #[test]
+    fn bootstrap_command_accepts_explicit_vault_private_key_export_flag() {
+        let cli = Cli::try_parse_from([
+            "wlfi-agent-admin",
+            "--daemon-socket",
+            "/tmp/wlfi.sock",
+            "bootstrap",
+            "--print-vault-private-key",
+        ])
+        .expect("parse");
+
+        let Commands::Bootstrap(args) = cli.command else {
+            panic!("expected bootstrap command");
+        };
+        assert!(args.print_vault_private_key);
+    }
+
+    #[test]
+    fn shared_config_bootstrap_params_expand_seeded_token_policies() {
+        let params =
+            tui::build_bootstrap_params_from_shared_config(&WlfiConfig::default(), false, false)
+                .expect("params");
+        assert_eq!(params.token_policies.len(), 3);
+        assert!(params.tokens.is_empty());
+        assert!(params.token_destination_overrides.is_empty());
+    }
+
+    #[test]
+    fn tui_command_is_accepted() {
+        let cli = Cli::try_parse_from([
+            "wlfi-agent-admin",
+            "--daemon-socket",
+            "/tmp/wlfi.sock",
+            "tui",
+        ])
+        .expect("parse");
+        let Commands::Tui(args) = cli.command else {
+            panic!("expected tui command");
+        };
+        assert!(!args.print_agent_auth_token);
+    }
+
+    #[test]
+    fn tui_command_accepts_print_agent_auth_token_flag() {
+        let cli = Cli::try_parse_from([
+            "wlfi-agent-admin",
+            "--daemon-socket",
+            "/tmp/wlfi.sock",
+            "tui",
+            "--print-agent-auth-token",
+        ])
+        .expect("parse");
+        let Commands::Tui(args) = cli.command else {
+            panic!("expected tui command");
+        };
+        assert!(args.print_agent_auth_token);
+    }
+
+    #[test]
+    fn setup_command_is_accepted() {
+        let cli = Cli::try_parse_from(["wlfi-agent-admin", "setup", "--network", "11155111"])
+            .expect("parse");
+        let Commands::Setup(args) = cli.command else {
+            panic!("expected setup command");
+        };
+        assert_eq!(args.forwarded_args, vec!["--network", "11155111"]);
+    }
+
+    #[test]
+    fn rotate_agent_auth_token_command_is_accepted() {
+        let cli = Cli::try_parse_from([
+            "wlfi-agent-admin",
+            "--daemon-socket",
+            "/tmp/wlfi.sock",
+            "rotate-agent-auth-token",
+            "--agent-key-id",
+            "00000000-0000-0000-0000-000000000001",
+        ])
+        .expect("parse");
+
+        let Commands::RotateAgentAuthToken(args) = cli.command else {
+            panic!("expected rotate-agent-auth-token command");
+        };
+        assert_eq!(
+            args.agent_key_id,
+            Uuid::parse_str("00000000-0000-0000-0000-000000000001").expect("uuid")
+        );
+        assert!(!args.print_agent_auth_token);
+    }
+
+    #[test]
+    fn revoke_agent_key_command_is_accepted() {
+        let cli = Cli::try_parse_from([
+            "wlfi-agent-admin",
+            "--daemon-socket",
+            "/tmp/wlfi.sock",
+            "revoke-agent-key",
+            "--agent-key-id",
+            "00000000-0000-0000-0000-000000000001",
+        ])
+        .expect("parse");
+
+        let Commands::RevokeAgentKey(args) = cli.command else {
+            panic!("expected revoke-agent-key command");
+        };
+        assert_eq!(
+            args.agent_key_id,
+            Uuid::parse_str("00000000-0000-0000-0000-000000000001").expect("uuid")
+        );
+    }
+
+    fn test_bootstrap_params(print_agent_auth_token: bool) -> BootstrapParams {
+        BootstrapParams {
+            per_tx_max_wei: 1_000_000_000_000_000_000,
+            daily_max_wei: 5_000_000_000_000_000_000,
+            weekly_max_wei: 20_000_000_000_000_000_000,
+            max_gas_per_chain_wei: 1_000_000_000_000_000,
+            daily_max_tx_count: 0,
+            per_tx_max_fee_per_gas_wei: 0,
+            per_tx_max_priority_fee_per_gas_wei: 0,
+            per_tx_max_calldata_bytes: 0,
+            tokens: Vec::new(),
+            allow_native_eth: true,
+            network: Some(1),
+            recipient: None,
+            token_policies: Vec::new(),
+            destination_overrides: Vec::new(),
+            token_destination_overrides: Vec::new(),
+            token_manual_approval_policies: Vec::new(),
+            attach_policy_ids: Vec::new(),
+            print_agent_auth_token,
+            print_vault_private_key: false,
+            existing_vault_key_id: None,
+            existing_vault_public_key: None,
+        }
+    }
+
+    fn test_per_token_bootstrap_params(print_agent_auth_token: bool) -> BootstrapParams {
+        BootstrapParams {
+            per_tx_max_wei: 0,
+            daily_max_wei: 0,
+            weekly_max_wei: 0,
+            max_gas_per_chain_wei: 0,
+            daily_max_tx_count: 0,
+            per_tx_max_fee_per_gas_wei: 0,
+            per_tx_max_priority_fee_per_gas_wei: 0,
+            per_tx_max_calldata_bytes: 0,
+            tokens: Vec::new(),
+            allow_native_eth: false,
+            network: None,
+            recipient: None,
+            token_policies: vec![
+                TokenPolicyConfig {
+                    token_key: "eth".to_string(),
+                    symbol: "ETH".to_string(),
+                    chain_key: "ethereum".to_string(),
+                    chain_id: 1,
+                    is_native: true,
+                    address: None,
+                    per_tx_max_wei: 100,
+                    daily_max_wei: 500,
+                    weekly_max_wei: 1_000,
+                    max_gas_per_chain_wei: 1_000_000,
+                    daily_max_tx_count: 0,
+                    per_tx_max_fee_per_gas_wei: 0,
+                    per_tx_max_priority_fee_per_gas_wei: 0,
+                    per_tx_max_calldata_bytes: 0,
+                },
+                TokenPolicyConfig {
+                    token_key: "usdc".to_string(),
+                    symbol: "USDC".to_string(),
+                    chain_key: "ethereum".to_string(),
+                    chain_id: 1,
+                    is_native: false,
+                    address: Some(
+                        "0x1000000000000000000000000000000000000000"
+                            .parse()
+                            .expect("usdc address"),
+                    ),
+                    per_tx_max_wei: 250,
+                    daily_max_wei: 1_000,
+                    weekly_max_wei: 2_000,
+                    max_gas_per_chain_wei: 1_000_000,
+                    daily_max_tx_count: 0,
+                    per_tx_max_fee_per_gas_wei: 0,
+                    per_tx_max_priority_fee_per_gas_wei: 0,
+                    per_tx_max_calldata_bytes: 0,
+                },
+            ],
+            destination_overrides: Vec::new(),
+            token_destination_overrides: Vec::new(),
+            token_manual_approval_policies: Vec::new(),
+            attach_policy_ids: Vec::new(),
+            print_agent_auth_token,
+            print_vault_private_key: false,
+            existing_vault_key_id: None,
+            existing_vault_public_key: None,
+        }
+    }
+
+    fn test_daemon() -> Arc<dyn KeyManagerDaemonApi> {
+        Arc::new(
+            InMemoryDaemon::new(
+                "vault-password",
+                SoftwareSignerBackend::default(),
+                Default::default(),
+            )
+            .expect("daemon"),
+        )
+    }
+
+    fn build_sign_request(
+        agent_key_id: &str,
+        agent_auth_token: &str,
+        action: AgentAction,
+    ) -> SignRequest {
+        let now = time::OffsetDateTime::now_utc();
+        SignRequest {
+            request_id: Uuid::new_v4(),
+            agent_key_id: Uuid::parse_str(agent_key_id).expect("agent key uuid"),
+            agent_auth_token: agent_auth_token.to_string(),
+            payload: to_vec(&action).expect("action payload"),
+            action,
+            requested_at: now,
+            expires_at: now + time::Duration::minutes(2),
+        }
+    }
+
+    async fn create_existing_vault_key(daemon: Arc<dyn KeyManagerDaemonApi>) -> (Uuid, String) {
+        let lease = daemon
+            .issue_lease("vault-password")
+            .await
+            .expect("issue lease");
+        let session = AdminSession {
+            vault_password: "vault-password".to_string(),
+            lease,
+        };
+        let vault_key = daemon
+            .create_vault_key(&session, KeyCreateRequest::Generate)
+            .await
+            .expect("create vault key");
+        (vault_key.id, vault_key.public_key_hex)
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_creates_destination_override_policy_sets() {
+        let daemon = test_daemon();
+        let mut params = test_bootstrap_params(true);
+        params
+            .destination_overrides
+            .push(DestinationPolicyOverride {
+                recipient: "0x1000000000000000000000000000000000000001"
+                    .parse()
+                    .expect("recipient"),
+                per_tx_max_wei: 100,
+                daily_max_wei: 200,
+                weekly_max_wei: 300,
+                max_gas_per_chain_wei: 400,
+                daily_max_tx_count: 2,
+                per_tx_max_fee_per_gas_wei: 3,
+                per_tx_max_priority_fee_per_gas_wei: 4,
+                per_tx_max_calldata_bytes: 5,
+            });
+
+        let output = execute_bootstrap(
+            daemon,
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            params,
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        assert_eq!(output.destination_override_count, 1);
+        assert_eq!(output.destination_overrides.len(), 1);
+        let override_output = &output.destination_overrides[0];
+        assert_eq!(
+            override_output.recipient,
+            "0x1000000000000000000000000000000000000001"
+        );
+        assert_eq!(override_output.per_tx_max_wei, "100");
+        assert_eq!(override_output.daily_max_tx_count.as_deref(), Some("2"));
+        assert!(output.policy_note.contains("stricter overlays"));
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_supports_per_token_policy_bundles() {
+        let daemon = Arc::new(
+            InMemoryDaemon::new(
+                "vault-password",
+                SoftwareSignerBackend::default(),
+                Default::default(),
+            )
+            .expect("daemon"),
+        );
+        let daemon_api: Arc<dyn KeyManagerDaemonApi> = daemon.clone();
+
+        let output = execute_bootstrap(
+            daemon_api,
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            test_per_token_bootstrap_params(true),
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        assert_eq!(output.token_policies.len(), 2);
+        assert!(output.per_tx_policy_id.is_none());
+        assert_eq!(output.policy_attachment, "policy_set");
+        assert!(!output.attached_policy_ids.is_empty());
+        assert!(output
+            .attached_policy_ids
+            .contains(&output.token_policies[0].per_tx_policy_id));
+
+        let native_err = daemon
+            .sign_for_agent(build_sign_request(
+                &output.agent_key_id,
+                &output.agent_auth_token,
+                AgentAction::TransferNative {
+                    chain_id: 1,
+                    to: "0x2000000000000000000000000000000000000001"
+                        .parse()
+                        .expect("recipient"),
+                    amount_wei: 150,
+                },
+            ))
+            .await
+            .expect_err("native transfer must exceed ETH per-tx policy");
+        assert!(matches!(native_err, DaemonError::Policy(_)));
+
+        let erc20_signature = daemon
+            .sign_for_agent(build_sign_request(
+                &output.agent_key_id,
+                &output.agent_auth_token,
+                AgentAction::Transfer {
+                    chain_id: 1,
+                    token: "0x1000000000000000000000000000000000000000"
+                        .parse()
+                        .expect("token"),
+                    to: "0x2000000000000000000000000000000000000002"
+                        .parse()
+                        .expect("recipient"),
+                    amount_wei: 200,
+                },
+            ))
+            .await
+            .expect("erc20 transfer should use the USDC token policy");
+        assert!(!erc20_signature.bytes.is_empty());
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_reuses_existing_wallet_when_requested() {
+        let daemon = test_daemon();
+        let (vault_key_id, vault_public_key) = create_existing_vault_key(daemon.clone()).await;
+        let mut params = test_per_token_bootstrap_params(true);
+        params.existing_vault_key_id = Some(vault_key_id);
+        params.existing_vault_public_key = Some(vault_public_key.clone());
+
+        let output = execute_bootstrap(
+            daemon,
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            params,
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        assert_eq!(output.vault_key_id, vault_key_id.to_string());
+        assert_eq!(output.vault_public_key, vault_public_key);
+        assert!(output
+            .policy_note
+            .contains("reused the existing wallet address"));
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_allows_per_token_unlimited_gas_defaults() {
+        let daemon = Arc::new(
+            InMemoryDaemon::new(
+                "vault-password",
+                SoftwareSignerBackend::default(),
+                Default::default(),
+            )
+            .expect("daemon"),
+        );
+        let daemon_api: Arc<dyn KeyManagerDaemonApi> = daemon.clone();
+        let mut params = test_per_token_bootstrap_params(true);
+        for token_policy in &mut params.token_policies {
+            token_policy.max_gas_per_chain_wei = 0;
+        }
+
+        let output = execute_bootstrap(
+            daemon_api,
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            params,
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        assert!(output
+            .token_policies
+            .iter()
+            .all(|token_policy| token_policy.gas_policy_id.is_none()));
+        assert!(output
+            .token_policies
+            .iter()
+            .all(|token_policy| token_policy.max_gas_per_chain_wei.is_none()));
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_applies_per_token_destination_overrides() {
+        let daemon = Arc::new(
+            InMemoryDaemon::new(
+                "vault-password",
+                SoftwareSignerBackend::default(),
+                Default::default(),
+            )
+            .expect("daemon"),
+        );
+        let daemon_api: Arc<dyn KeyManagerDaemonApi> = daemon.clone();
+        let mut params = test_per_token_bootstrap_params(true);
+        params
+            .token_destination_overrides
+            .push(TokenDestinationPolicyOverride {
+                token_key: "eth".to_string(),
+                chain_key: "ethereum".to_string(),
+                recipient: "0x3000000000000000000000000000000000000003"
+                    .parse()
+                    .expect("recipient"),
+                per_tx_max_wei: 50,
+                daily_max_wei: 250,
+                weekly_max_wei: 500,
+                max_gas_per_chain_wei: 1_000_000,
+                daily_max_tx_count: 0,
+                per_tx_max_fee_per_gas_wei: 0,
+                per_tx_max_priority_fee_per_gas_wei: 0,
+                per_tx_max_calldata_bytes: 0,
+            });
+
+        let output = execute_bootstrap(
+            daemon_api,
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            params,
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        assert_eq!(output.token_destination_overrides.len(), 1);
+
+        let strict_err = daemon
+            .sign_for_agent(build_sign_request(
+                &output.agent_key_id,
+                &output.agent_auth_token,
+                AgentAction::TransferNative {
+                    chain_id: 1,
+                    to: "0x3000000000000000000000000000000000000003"
+                        .parse()
+                        .expect("recipient"),
+                    amount_wei: 75,
+                },
+            ))
+            .await
+            .expect_err("override recipient should be constrained by stricter ETH limit");
+        assert!(matches!(strict_err, DaemonError::Policy(_)));
+
+        let allowed_elsewhere = daemon
+            .sign_for_agent(build_sign_request(
+                &output.agent_key_id,
+                &output.agent_auth_token,
+                AgentAction::TransferNative {
+                    chain_id: 1,
+                    to: "0x3000000000000000000000000000000000000004"
+                        .parse()
+                        .expect("recipient"),
+                    amount_wei: 75,
+                },
+            ))
+            .await
+            .expect("non-overridden recipient should keep the base ETH limit");
+        assert!(!allowed_elsewhere.bytes.is_empty());
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_destination_override_applies_stricter_limit() {
+        let daemon = Arc::new(
+            InMemoryDaemon::new(
+                "vault-password",
+                SoftwareSignerBackend::default(),
+                Default::default(),
+            )
+            .expect("daemon"),
+        );
+        let daemon_api: Arc<dyn KeyManagerDaemonApi> = daemon.clone();
+        let mut params = test_bootstrap_params(true);
+        params.per_tx_max_wei = 1_000;
+        params.daily_max_wei = 5_000;
+        params.weekly_max_wei = 20_000;
+        params
+            .destination_overrides
+            .push(DestinationPolicyOverride {
+                recipient: "0x2000000000000000000000000000000000000002"
+                    .parse()
+                    .expect("recipient"),
+                per_tx_max_wei: 100,
+                daily_max_wei: 500,
+                weekly_max_wei: 1_000,
+                max_gas_per_chain_wei: params.max_gas_per_chain_wei,
+                daily_max_tx_count: 0,
+                per_tx_max_fee_per_gas_wei: 0,
+                per_tx_max_priority_fee_per_gas_wei: 0,
+                per_tx_max_calldata_bytes: 0,
+            });
+
+        let output = execute_bootstrap(
+            daemon_api,
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            params,
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        let strict_action = AgentAction::TransferNative {
+            chain_id: 1,
+            to: "0x2000000000000000000000000000000000000002"
+                .parse()
+                .expect("recipient"),
+            amount_wei: 150,
+        };
+        let err = daemon
+            .sign_for_agent(build_sign_request(
+                &output.agent_key_id,
+                &output.agent_auth_token,
+                strict_action,
+            ))
+            .await
+            .expect_err("override recipient should be constrained by stricter limit");
+        assert!(matches!(err, DaemonError::Policy(_)));
+
+        let allowed_elsewhere = AgentAction::TransferNative {
+            chain_id: 1,
+            to: "0x2000000000000000000000000000000000000003"
+                .parse()
+                .expect("recipient"),
+            amount_wei: 150,
+        };
+        let signature = daemon
+            .sign_for_agent(build_sign_request(
+                &output.agent_key_id,
+                &output.agent_auth_token,
+                allowed_elsewhere,
+            ))
+            .await
+            .expect("non-overridden recipient should use default limit");
+        assert!(!signature.bytes.is_empty());
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_rejects_destination_override_that_relaxes_default() {
+        let daemon = test_daemon();
+        let mut params = test_bootstrap_params(true);
+        params
+            .destination_overrides
+            .push(DestinationPolicyOverride {
+                recipient: "0x1000000000000000000000000000000000000001"
+                    .parse()
+                    .expect("recipient"),
+                per_tx_max_wei: params.per_tx_max_wei + 1,
+                daily_max_wei: params.daily_max_wei,
+                weekly_max_wei: params.weekly_max_wei,
+                max_gas_per_chain_wei: params.max_gas_per_chain_wei,
+                daily_max_tx_count: params.daily_max_tx_count,
+                per_tx_max_fee_per_gas_wei: params.per_tx_max_fee_per_gas_wei,
+                per_tx_max_priority_fee_per_gas_wei: params.per_tx_max_priority_fee_per_gas_wei,
+                per_tx_max_calldata_bytes: params.per_tx_max_calldata_bytes,
+            });
+
+        let err = execute_bootstrap(
+            daemon,
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            params,
+            |_| {},
+        )
+        .await
+        .expect_err("override must be rejected");
+        assert!(err
+            .to_string()
+            .contains("must not increase per-tx max above the default value"));
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_emits_rfc3339_lease_expiry() {
+        let daemon = test_daemon();
+        let output = execute_bootstrap(
+            daemon,
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            test_bootstrap_params(true),
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        assert!(time::OffsetDateTime::parse(
+            &output.lease_expires_at,
+            &time::format_description::well_known::Rfc3339
+        )
+        .is_ok());
+        assert!(output.lease_expires_at.contains('T'));
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_does_not_export_private_key_when_printing_agent_token() {
+        let daemon = test_daemon();
+        let output = execute_bootstrap(
+            daemon,
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            test_bootstrap_params(true),
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        assert!(output.vault_private_key.is_none());
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_exports_software_private_key_only_when_requested() {
+        let daemon = test_daemon();
+        let mut params = test_bootstrap_params(true);
+        params.print_vault_private_key = true;
+        let output = execute_bootstrap(
+            daemon,
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            params,
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        let private_key = output
+            .vault_private_key
+            .as_ref()
+            .expect("software backend should export private key when requested");
+        assert_eq!(private_key.len(), 64);
+        assert!(private_key.chars().all(|ch| ch.is_ascii_hexdigit()));
+    }
+
+    #[tokio::test]
+    async fn execute_rotate_agent_auth_token_redacts_by_default() {
+        let daemon = test_daemon();
+        let bootstrap = execute_bootstrap(
+            daemon.clone(),
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            test_bootstrap_params(true),
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        let output = execute_rotate_agent_auth_token(
+            daemon,
+            "vault-password",
+            RotateAgentAuthTokenParams {
+                agent_key_id: Uuid::parse_str(&bootstrap.agent_key_id).expect("agent key uuid"),
+                print_agent_auth_token: false,
+            },
+            |_| {},
+        )
+        .await
+        .expect("rotate output");
+
+        assert_eq!(output.agent_key_id, bootstrap.agent_key_id);
+        assert_eq!(output.agent_auth_token, "<redacted>");
+        assert!(output.agent_auth_token_redacted);
+    }
+
+    #[tokio::test]
+    async fn execute_rotate_agent_auth_token_can_print_new_secret() {
+        let daemon = test_daemon();
+        let bootstrap = execute_bootstrap(
+            daemon.clone(),
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            test_bootstrap_params(true),
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        let output = execute_rotate_agent_auth_token(
+            daemon,
+            "vault-password",
+            RotateAgentAuthTokenParams {
+                agent_key_id: Uuid::parse_str(&bootstrap.agent_key_id).expect("agent key uuid"),
+                print_agent_auth_token: true,
+            },
+            |_| {},
+        )
+        .await
+        .expect("rotate output");
+
+        assert_eq!(output.agent_key_id, bootstrap.agent_key_id);
+        assert!(!output.agent_auth_token_redacted);
+        assert_ne!(output.agent_auth_token, bootstrap.agent_auth_token);
+        assert!(!output.agent_auth_token.is_empty());
+    }
+
+    #[tokio::test]
+    async fn execute_revoke_agent_key_revokes_existing_agent_credentials() {
+        let daemon = test_daemon();
+        let bootstrap = execute_bootstrap(
+            daemon.clone(),
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            test_bootstrap_params(true),
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        let output = execute_revoke_agent_key(
+            daemon,
+            "vault-password",
+            RevokeAgentKeyParams {
+                agent_key_id: Uuid::parse_str(&bootstrap.agent_key_id).expect("agent key uuid"),
+            },
+            |_| {},
+        )
+        .await
+        .expect("revoke output");
+
+        assert_eq!(output.agent_key_id, bootstrap.agent_key_id);
+        assert!(output.revoked);
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_rejects_unknown_attachment_before_mutating_policies() {
+        let daemon = test_daemon();
+        let mut params = test_bootstrap_params(true);
+        params.attach_policy_ids =
+            vec![Uuid::parse_str("00000000-0000-0000-0000-000000000222").expect("uuid")];
+
+        let err = execute_bootstrap(
+            daemon.clone(),
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            params,
+            |_| {},
+        )
+        .await
+        .expect_err("bootstrap must fail for unknown attachment id");
+
+        assert!(err
+            .to_string()
+            .contains("unknown --attach-policy-id value(s):"));
+
+        let lease = daemon.issue_lease("vault-password").await.expect("lease");
+        let mut session = vault_domain::AdminSession {
+            vault_password: "vault-password".to_string(),
+            lease,
+        };
+        let policies = daemon.list_policies(&session).await.expect("list policies");
+        session.vault_password.zeroize();
+
+        assert!(
+            policies.is_empty(),
+            "bootstrap failure must not register policies"
+        );
+    }
+
+    #[tokio::test]
+    async fn execute_bootstrap_attaches_created_policies_by_default() {
+        let output = execute_bootstrap(
+            test_daemon(),
+            "vault-password",
+            "daemon_socket:/tmp/wlfi.sock",
+            test_bootstrap_params(true),
+            |_| {},
+        )
+        .await
+        .expect("bootstrap");
+
+        assert_eq!(output.policy_attachment, "policy_set");
+        assert_eq!(output.attached_policy_ids.len(), 4);
+        assert!(output
+            .attached_policy_ids
+            .contains(output.per_tx_policy_id.as_ref().expect("per-tx policy id")));
+        assert!(output
+            .attached_policy_ids
+            .contains(output.daily_policy_id.as_ref().expect("daily policy id")));
+        assert!(output
+            .attached_policy_ids
+            .contains(output.weekly_policy_id.as_ref().expect("weekly policy id")));
+        assert!(output
+            .attached_policy_ids
+            .contains(output.gas_policy_id.as_ref().expect("gas policy id")));
+        assert!(output
+            .policy_note
+            .contains("bootstrap-created policy id(s)"));
+    }
+
+    #[test]
+    #[cfg(unix)]
+    fn resolve_daemon_socket_path_rejects_non_root_owned_socket() {
+        use std::os::unix::fs::PermissionsExt;
+        use std::os::unix::net::UnixListener;
+
+        let unique = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .expect("time")
+            .as_nanos();
+        let root = std::env::temp_dir().join(format!("wa-{unique:x}"));
+        std::fs::create_dir_all(&root).expect("create root directory");
+        std::fs::set_permissions(&root, std::fs::Permissions::from_mode(0o700))
+            .expect("secure root directory permissions");
+
+        let socket_path = root.join("daemon.sock");
+        let listener = UnixListener::bind(&socket_path).expect("bind socket");
+
+        let err = resolve_daemon_socket_path(Some(socket_path.clone())).expect_err("must reject");
+        assert!(err.to_string().contains("must be owned by root"));
+
+        drop(listener);
+        std::fs::remove_file(&socket_path).expect("cleanup socket");
+        std::fs::remove_dir_all(&root).expect("cleanup root directory");
+    }
+}