arc402-cli 0.9.19 → 0.10.0

package/dist/commands/wallet.js

@@ -1,36 +1,41 @@
-import { PolicyClient, TrustClient } from "@arc402/sdk";
-import { ethers } from "ethers";
-import prompts from "prompts";
-import fs from "fs";
-import path from "path";
-import os from "os";
-import { spawnSync } from "child_process";
-import { getConfigPath, getUsdcAddress, loadConfig, NETWORK_DEFAULTS, saveConfig } from "../config.js";
-import { getClient, requireSigner } from "../client.js";
-import { getTrustTier } from "../utils/format.js";
-import { AGENT_REGISTRY_ABI, ARC402_WALLET_EXECUTE_ABI, ARC402_WALLET_GUARDIAN_ABI, ARC402_WALLET_MACHINE_KEY_ABI, ARC402_WALLET_OWNER_ABI, ARC402_WALLET_PASSKEY_ABI, ARC402_WALLET_PROTOCOL_ABI, ARC402_WALLET_REGISTRY_ABI, POLICY_ENGINE_GOVERNANCE_ABI, POLICY_ENGINE_LIMITS_ABI, TRUST_REGISTRY_ABI, WALLET_FACTORY_ABI } from "../abis.js";
-import { warnIfPublicRpc } from "../config.js";
-import { connectPhoneWallet, sendTransactionWithSession, requestPhoneWalletSignature } from "../walletconnect.js";
-import { BundlerClient, PaymasterClient, DEFAULT_ENTRY_POINT } from "../bundler.js";
-import { clearWCSession } from "../walletconnect-session.js";
-import { handleWalletError } from "../wallet-router.js";
-import { requestCoinbaseSmartWalletSignature } from "../coinbase-smart-wallet.js";
-import { sendTelegramMessage } from "../telegram-notify.js";
-import { renderTree } from "../ui/tree.js";
-import { startSpinner } from "../ui/spinner.js";
-import { c } from "../ui/colors.js";
-import { callWithFallback } from "../ui/rpc-fallback.js";
-const POLICY_ENGINE_DEFAULT = "0xAA5Ef3489C929bFB3BFf5D5FE15aa62d3763c847";
-const GUARDIAN_KEY_PATH = path.join(os.homedir(), ".arc402", "guardian.key");
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerWalletCommands = registerWalletCommands;
+const sdk_1 = require("@arc402/sdk");
+const ethers_1 = require("ethers");
+const prompts_1 = __importDefault(require("prompts"));
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const os_1 = __importDefault(require("os"));
+const child_process_1 = require("child_process");
+const config_1 = require("../config");
+const client_1 = require("../client");
+const format_1 = require("../utils/format");
+const abis_1 = require("../abis");
+const config_2 = require("../config");
+const walletconnect_1 = require("../walletconnect");
+const bundler_1 = require("../bundler");
+const walletconnect_session_1 = require("../walletconnect-session");
+const wallet_router_1 = require("../wallet-router");
+const coinbase_smart_wallet_1 = require("../coinbase-smart-wallet");
+const telegram_notify_1 = require("../telegram-notify");
+const tree_1 = require("../ui/tree");
+const spinner_1 = require("../ui/spinner");
+const colors_1 = require("../ui/colors");
+const POLICY_ENGINE_DEFAULT = "0x44102e70c2A366632d98Fe40d892a2501fC7fFF2";
+const GUARDIAN_KEY_PATH = path_1.default.join(os_1.default.homedir(), ".arc402", "guardian.key");
 /** Save guardian private key to a restricted standalone file (never to config.json). */
 function saveGuardianKey(privateKey) {
-    fs.mkdirSync(path.dirname(GUARDIAN_KEY_PATH), { recursive: true, mode: 0o700 });
-    fs.writeFileSync(GUARDIAN_KEY_PATH, privateKey + "\n", { mode: 0o400 });
+    fs_1.default.mkdirSync(path_1.default.dirname(GUARDIAN_KEY_PATH), { recursive: true, mode: 0o700 });
+    fs_1.default.writeFileSync(GUARDIAN_KEY_PATH, privateKey + "\n", { mode: 0o400 });
 }
 /** Load guardian private key from file, falling back to config for backwards compat. */
 function loadGuardianKey(config) {
     try {
-        return fs.readFileSync(GUARDIAN_KEY_PATH, "utf-8").trim();
+        return fs_1.default.readFileSync(GUARDIAN_KEY_PATH, "utf-8").trim();
     }
     catch {
         // Migration: if key still in config, migrate it to the file now
@@ -44,7 +49,7 @@ function loadGuardianKey(config) {
 function parseAmount(raw) {
     const lower = raw.toLowerCase();
     if (lower.endsWith("eth")) {
-        return ethers.parseEther(lower.slice(0, -3).trim());
+        return ethers_1.ethers.parseEther(lower.slice(0, -3).trim());
     }
     return BigInt(raw);
 }
@@ -63,25 +68,25 @@ const ONBOARDING_CATEGORIES = [
  */
 async function runWalletOnboardingCeremony(walletAddress, ownerAddress, config, provider, sendTx) {
     const policyAddress = config.policyEngineAddress ?? POLICY_ENGINE_DEFAULT;
-    const executeIface = new ethers.Interface(ARC402_WALLET_EXECUTE_ABI);
-    const govIface = new ethers.Interface(POLICY_ENGINE_GOVERNANCE_ABI);
-    const limitsIface = new ethers.Interface(POLICY_ENGINE_LIMITS_ABI);
-    const policyGov = new ethers.Contract(policyAddress, POLICY_ENGINE_GOVERNANCE_ABI, provider);
+    const executeIface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_EXECUTE_ABI);
+    const govIface = new ethers_1.ethers.Interface(abis_1.POLICY_ENGINE_GOVERNANCE_ABI);
+    const limitsIface = new ethers_1.ethers.Interface(abis_1.POLICY_ENGINE_LIMITS_ABI);
+    const policyGov = new ethers_1.ethers.Contract(policyAddress, abis_1.POLICY_ENGINE_GOVERNANCE_ABI, provider);
     // Check what's already done (constructor may have done registerWallet + enableDefiAccess)
     let alreadyRegistered = false;
     let alreadyDefiEnabled = false;
     try {
         const registeredOwner = await policyGov.walletOwners(walletAddress);
-        alreadyRegistered = registeredOwner !== ethers.ZeroAddress;
+        alreadyRegistered = registeredOwner !== ethers_1.ethers.ZeroAddress;
     }
     catch { /* older PolicyEngine without this getter — assume not registered */ }
     try {
         alreadyDefiEnabled = await policyGov.defiAccessEnabled(walletAddress);
     }
     catch { /* assume not enabled */ }
-    console.log("\n" + c.dim("── Onboarding ceremony ────────────────────────────────────────"));
-    console.log(" " + c.dim("PolicyEngine:") + " " + c.white(policyAddress));
-    console.log(" " + c.dim("Wallet:      ") + " " + c.white(walletAddress));
+    console.log("\n" + colors_1.c.dim("── Onboarding ceremony ────────────────────────────────────────"));
+    console.log(" " + colors_1.c.dim("PolicyEngine:") + " " + colors_1.c.white(policyAddress));
+    console.log(" " + colors_1.c.dim("Wallet:      ") + " " + colors_1.c.white(walletAddress));
     // Step 1: registerWallet (if not already done)
     if (!alreadyRegistered) {
         const registerCalldata = govIface.encodeFunctionData("registerWallet", [walletAddress, ownerAddress]);
@@ -93,13 +98,13 @@ async function runWalletOnboardingCeremony(walletAddress, ownerAddress, config,
                     value: 0n,
                     minReturnValue: 0n,
                     maxApprovalAmount: 0n,
-                    approvalToken: ethers.ZeroAddress,
+                    approvalToken: ethers_1.ethers.ZeroAddress,
                 }]),
             value: "0x0",
         }, "registerWallet on PolicyEngine");
     }
     else {
-        console.log(" " + c.success + c.dim(" registerWallet — already done by constructor"));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(" registerWallet — already done by constructor"));
     }
     // Step 2: enableDefiAccess (if not already done)
     if (!alreadyDefiEnabled) {
@@ -110,7 +115,7 @@ async function runWalletOnboardingCeremony(walletAddress, ownerAddress, config,
         }, "enableDefiAccess on PolicyEngine");
     }
     else {
-        console.log(" " + c.success + c.dim(" enableDefiAccess — already done by constructor"));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(" enableDefiAccess — already done by constructor"));
     }
     // Steps 3–6: category limits (always set — idempotent)
     for (const { name, amountEth } of ONBOARDING_CATEGORIES) {
@@ -119,15 +124,15 @@ async function runWalletOnboardingCeremony(walletAddress, ownerAddress, config,
             data: limitsIface.encodeFunctionData("setCategoryLimitFor", [
                 walletAddress,
                 name,
-                ethers.parseEther(amountEth),
+                ethers_1.ethers.parseEther(amountEth),
             ]),
             value: "0x0",
         }, `setCategoryLimitFor: ${name} → ${amountEth} ETH`);
     }
-    console.log(c.dim("── Onboarding complete ─────────────────────────────────────────"));
-    console.log(c.dim("Tip: For production security, also configure:"));
-    console.log(" " + c.dim("arc402 wallet set-velocity-limit <eth>   — wallet-level hourly ETH cap"));
-    console.log(" " + c.dim("arc402 wallet policy set-daily-limit --category general --amount <eth>   — daily per-category cap"));
+    console.log(colors_1.c.dim("── Onboarding complete ─────────────────────────────────────────"));
+    console.log(colors_1.c.dim("Tip: For production security, also configure:"));
+    console.log(" " + colors_1.c.dim("arc402 wallet set-velocity-limit <eth>   — wallet-level hourly ETH cap"));
+    console.log(" " + colors_1.c.dim("arc402 wallet policy set-daily-limit --category general --amount <eth>   — daily per-category cap"));
 }
 /**
  * Complete ARC-402 onboarding ceremony — matches web flow at app.arc402.xyz/onboard.
@@ -143,116 +148,116 @@ async function runWalletOnboardingCeremony(walletAddress, ownerAddress, config,
 async function runCompleteOnboardingCeremony(walletAddress, ownerAddress, config, provider, sendTx) {
     const policyAddress = config.policyEngineAddress ?? POLICY_ENGINE_DEFAULT;
     const agentRegistryAddress = config.agentRegistryV2Address ??
-        NETWORK_DEFAULTS[config.network]?.agentRegistryV2Address;
+        config_1.NETWORK_DEFAULTS[config.network]?.agentRegistryV2Address;
     const handshakeAddress = config.handshakeAddress ??
-        NETWORK_DEFAULTS[config.network]?.handshakeAddress ??
+        config_1.NETWORK_DEFAULTS[config.network]?.handshakeAddress ??
         "0x4F5A38Bb746d7E5d49d8fd26CA6beD141Ec2DDb3";
     // ── Step 2: Machine Key ────────────────────────────────────────────────────
-    console.log("\n" + c.dim("── Step 2: Machine Key ────────────────────────────────────────"));
+    console.log("\n" + colors_1.c.dim("── Step 2: Machine Key ────────────────────────────────────────"));
     let machineKeyAddress;
     if (config.privateKey) {
-        machineKeyAddress = new ethers.Wallet(config.privateKey).address;
+        machineKeyAddress = new ethers_1.ethers.Wallet(config.privateKey).address;
     }
     else {
-        const mk = ethers.Wallet.createRandom();
+        const mk = ethers_1.ethers.Wallet.createRandom();
         machineKeyAddress = mk.address;
         config.privateKey = mk.privateKey;
-        saveConfig(config);
-        console.log(" " + c.dim("Machine key generated: ") + c.white(machineKeyAddress));
-        console.log(" " + c.dim("Private key saved to ~/.arc402/config.json (chmod 600)"));
+        (0, config_1.saveConfig)(config);
+        console.log(" " + colors_1.c.dim("Machine key generated: ") + colors_1.c.white(machineKeyAddress));
+        console.log(" " + colors_1.c.dim("Private key saved to ~/.arc402/config.json (chmod 600)"));
     }
     let mkAlreadyAuthorized = false;
     try {
-        const mkContract = new ethers.Contract(walletAddress, ARC402_WALLET_MACHINE_KEY_ABI, provider);
+        const mkContract = new ethers_1.ethers.Contract(walletAddress, abis_1.ARC402_WALLET_MACHINE_KEY_ABI, provider);
         mkAlreadyAuthorized = await mkContract.authorizedMachineKeys(machineKeyAddress);
     }
     catch { /* older wallet — will try to authorize */ }
     if (mkAlreadyAuthorized) {
-        console.log(" " + c.success + c.dim(" Machine key already authorized: ") + c.white(machineKeyAddress));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(" Machine key already authorized: ") + colors_1.c.white(machineKeyAddress));
     }
     else {
-        console.log(" " + c.dim("Authorizing machine key: ") + c.white(machineKeyAddress));
-        const mkIface = new ethers.Interface(ARC402_WALLET_MACHINE_KEY_ABI);
+        console.log(" " + colors_1.c.dim("Authorizing machine key: ") + colors_1.c.white(machineKeyAddress));
+        const mkIface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_MACHINE_KEY_ABI);
         await sendTx({ to: walletAddress, data: mkIface.encodeFunctionData("authorizeMachineKey", [machineKeyAddress]), value: "0x0" }, "authorizeMachineKey");
-        console.log(" " + c.success + " Machine key authorized");
+        console.log(" " + colors_1.c.success + " Machine key authorized");
     }
     // Save progress after machine key step
     config.onboardingProgress = { walletAddress, step: 2, completedSteps: ["machineKey"] };
-    saveConfig(config);
+    (0, config_1.saveConfig)(config);
     // ── Step 3: Passkey ───────────────────────────────────────────────────────
-    console.log("\n" + c.dim("── Step 3: Passkey (Face ID / WebAuthn) ──────────────────────"));
+    console.log("\n" + colors_1.c.dim("── Step 3: Passkey (Face ID / WebAuthn) ──────────────────────"));
     let passkeyActive = false;
     try {
-        const walletC = new ethers.Contract(walletAddress, ARC402_WALLET_PASSKEY_ABI, provider);
+        const walletC = new ethers_1.ethers.Contract(walletAddress, abis_1.ARC402_WALLET_PASSKEY_ABI, provider);
         const auth = await walletC.ownerAuth();
         passkeyActive = Number(auth[0]) === 1;
     }
     catch { /* ignore */ }
     if (passkeyActive) {
-        console.log(" " + c.success + c.dim(" Passkey already active"));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(" Passkey already active"));
     }
     else {
         const passkeyUrl = `https://app.arc402.xyz/passkey-setup?wallet=${walletAddress}`;
-        console.log("\n " + c.white("Open this URL in your browser to set up Face ID:"));
-        console.log("   " + c.cyan(passkeyUrl));
-        console.log(" " + c.dim("Complete Face ID registration, then press Enter. Type 'n' + Enter to skip.\n"));
-        const passkeyAns = await prompts({
+        console.log("\n " + colors_1.c.white("Open this URL in your browser to set up Face ID:"));
+        console.log("   " + colors_1.c.cyan(passkeyUrl));
+        console.log(" " + colors_1.c.dim("Complete Face ID registration, then press Enter. Type 'n' + Enter to skip.\n"));
+        const passkeyAns = await (0, prompts_1.default)({
             type: "text",
             name: "done",
             message: "Press Enter when done (or type 'n' to skip)",
             initial: "",
         });
         if (passkeyAns.done?.toLowerCase() === "n") {
-            console.log(" " + c.warning + " Passkey skipped");
+            console.log(" " + colors_1.c.warning + " Passkey skipped");
         }
         else {
             passkeyActive = true;
-            console.log(" " + c.success + " Passkey set (via browser)");
+            console.log(" " + colors_1.c.success + " Passkey set (via browser)");
         }
     }
     // Save progress after passkey step
     config.onboardingProgress = { walletAddress, step: 3, completedSteps: ["machineKey", "passkey"] };
-    saveConfig(config);
+    (0, config_1.saveConfig)(config);
     // ── Step 4: Policy ────────────────────────────────────────────────────────
-    console.log("\n" + c.dim("── Step 4: Policy ─────────────────────────────────────────────"));
+    console.log("\n" + colors_1.c.dim("── Step 4: Policy ─────────────────────────────────────────────"));
     // 4a) setVelocityLimit
     let velocityLimitEth = "0.05";
     let velocityAlreadySet = false;
     try {
-        const ownerC = new ethers.Contract(walletAddress, ARC402_WALLET_OWNER_ABI, provider);
+        const ownerC = new ethers_1.ethers.Contract(walletAddress, abis_1.ARC402_WALLET_OWNER_ABI, provider);
         const existing = await ownerC.velocityLimit();
         if (existing > 0n) {
             velocityAlreadySet = true;
-            velocityLimitEth = ethers.formatEther(existing);
-            console.log(" " + c.success + c.dim(` Velocity limit already set: ${velocityLimitEth} ETH`));
+            velocityLimitEth = ethers_1.ethers.formatEther(existing);
+            console.log(" " + colors_1.c.success + colors_1.c.dim(` Velocity limit already set: ${velocityLimitEth} ETH`));
         }
     }
     catch { /* ignore */ }
     if (!velocityAlreadySet) {
-        const velAns = await prompts({
+        const velAns = await (0, prompts_1.default)({
             type: "text",
             name: "limit",
             message: "Velocity limit (ETH / rolling window)?",
             initial: "0.05",
         });
         velocityLimitEth = velAns.limit || "0.05";
-        const velIface = new ethers.Interface(["function setVelocityLimit(uint256 limit) external"]);
-        await sendTx({ to: walletAddress, data: velIface.encodeFunctionData("setVelocityLimit", [ethers.parseEther(velocityLimitEth)]), value: "0x0" }, `setVelocityLimit: ${velocityLimitEth} ETH`);
-        saveConfig(config);
+        const velIface = new ethers_1.ethers.Interface(["function setVelocityLimit(uint256 limit) external"]);
+        await sendTx({ to: walletAddress, data: velIface.encodeFunctionData("setVelocityLimit", [ethers_1.ethers.parseEther(velocityLimitEth)]), value: "0x0" }, `setVelocityLimit: ${velocityLimitEth} ETH`);
+        (0, config_1.saveConfig)(config);
     }
     // 4b) setGuardian (optional — address, 'g' to generate, or skip)
     let guardianAddress = null;
     try {
-        const guardianC = new ethers.Contract(walletAddress, ARC402_WALLET_GUARDIAN_ABI, provider);
+        const guardianC = new ethers_1.ethers.Contract(walletAddress, abis_1.ARC402_WALLET_GUARDIAN_ABI, provider);
         const existing = await guardianC.guardian();
-        if (existing && existing !== ethers.ZeroAddress) {
+        if (existing && existing !== ethers_1.ethers.ZeroAddress) {
             guardianAddress = existing;
-            console.log(" " + c.success + c.dim(` Guardian already set: ${existing}`));
+            console.log(" " + colors_1.c.success + colors_1.c.dim(` Guardian already set: ${existing}`));
         }
     }
     catch { /* ignore */ }
     if (!guardianAddress) {
-        const guardianAns = await prompts({
+        const guardianAns = await (0, prompts_1.default)({
             type: "text",
             name: "guardian",
             message: "Guardian address? (address, 'g' to generate, Enter to skip)",
@@ -260,119 +265,93 @@ async function runCompleteOnboardingCeremony(walletAddress, ownerAddress, config
         });
         const guardianInput = guardianAns.guardian?.trim() ?? "";
         if (guardianInput.toLowerCase() === "g") {
-            const generatedGuardian = ethers.Wallet.createRandom();
+            const generatedGuardian = ethers_1.ethers.Wallet.createRandom();
             // Save guardian private key to a separate restricted file, NOT config.json
-            const guardianKeyPath = path.join(os.homedir(), ".arc402", "guardian.key");
-            fs.mkdirSync(path.dirname(guardianKeyPath), { recursive: true, mode: 0o700 });
-            fs.writeFileSync(guardianKeyPath, generatedGuardian.privateKey + "\n", { mode: 0o400 });
+            const guardianKeyPath = path_1.default.join(os_1.default.homedir(), ".arc402", "guardian.key");
+            fs_1.default.mkdirSync(path_1.default.dirname(guardianKeyPath), { recursive: true, mode: 0o700 });
+            fs_1.default.writeFileSync(guardianKeyPath, generatedGuardian.privateKey + "\n", { mode: 0o400 });
             // Only save address (not private key) to config
             config.guardianAddress = generatedGuardian.address;
-            saveConfig(config);
+            (0, config_1.saveConfig)(config);
             guardianAddress = generatedGuardian.address;
-            console.log("\n " + c.warning + " Guardian key saved to ~/.arc402/guardian.key — move offline for security");
-            console.log("   " + c.dim("Address: ") + c.white(generatedGuardian.address) + "\n");
-            const guardianIface = new ethers.Interface(["function setGuardian(address _guardian) external"]);
+            console.log("\n " + colors_1.c.warning + " Guardian key saved to ~/.arc402/guardian.key — move offline for security");
+            console.log("   " + colors_1.c.dim("Address: ") + colors_1.c.white(generatedGuardian.address) + "\n");
+            const guardianIface = new ethers_1.ethers.Interface(["function setGuardian(address _guardian) external"]);
             await sendTx({ to: walletAddress, data: guardianIface.encodeFunctionData("setGuardian", [guardianAddress]), value: "0x0" }, "setGuardian");
-            saveConfig(config);
+            (0, config_1.saveConfig)(config);
         }
-        else if (guardianInput && ethers.isAddress(guardianInput)) {
+        else if (guardianInput && ethers_1.ethers.isAddress(guardianInput)) {
             guardianAddress = guardianInput;
             config.guardianAddress = guardianInput;
-            const guardianIface = new ethers.Interface(["function setGuardian(address _guardian) external"]);
+            const guardianIface = new ethers_1.ethers.Interface(["function setGuardian(address _guardian) external"]);
             await sendTx({ to: walletAddress, data: guardianIface.encodeFunctionData("setGuardian", [guardianAddress]), value: "0x0" }, "setGuardian");
-            saveConfig(config);
+            (0, config_1.saveConfig)(config);
         }
         else if (guardianInput) {
-            console.log(" " + c.warning + " Invalid address — guardian skipped");
+            console.log(" " + colors_1.c.warning + " Invalid address — guardian skipped");
         }
     }
     // 4c) setCategoryLimitFor('hire')
     let hireLimit = "0.1";
     let hireLimitAlreadySet = false;
     try {
-        const limitsContract = new ethers.Contract(policyAddress, POLICY_ENGINE_LIMITS_ABI, provider);
+        const limitsContract = new ethers_1.ethers.Contract(policyAddress, abis_1.POLICY_ENGINE_LIMITS_ABI, provider);
         const existing = await limitsContract.categoryLimits(walletAddress, "hire");
         if (existing > 0n) {
             hireLimitAlreadySet = true;
-            hireLimit = ethers.formatEther(existing);
-            console.log(" " + c.success + c.dim(` Hire limit already set: ${hireLimit} ETH`));
+            hireLimit = ethers_1.ethers.formatEther(existing);
+            console.log(" " + colors_1.c.success + colors_1.c.dim(` Hire limit already set: ${hireLimit} ETH`));
         }
     }
     catch { /* ignore */ }
     if (!hireLimitAlreadySet) {
-        const limitAns = await prompts({
+        const limitAns = await (0, prompts_1.default)({
             type: "text",
             name: "limit",
             message: "Max price per hire (ETH)?",
             initial: "0.1",
         });
         hireLimit = limitAns.limit || "0.1";
-        const hireLimitWei = ethers.parseEther(hireLimit);
-        const policyIface = new ethers.Interface([
+        const hireLimitWei = ethers_1.ethers.parseEther(hireLimit);
+        const policyIface = new ethers_1.ethers.Interface([
             "function setCategoryLimitFor(address wallet, string category, uint256 limitPerTx) external",
         ]);
         await sendTx({ to: policyAddress, data: policyIface.encodeFunctionData("setCategoryLimitFor", [walletAddress, "hire", hireLimitWei]), value: "0x0" }, `setCategoryLimitFor: hire → ${hireLimit} ETH`);
-        saveConfig(config);
+        (0, config_1.saveConfig)(config);
     }
-    // 4d) whitelistContract(wallet, Handshake) — enableContractInteraction reverts on PolicyEngine
-    const contractInteractionIface = new ethers.Interface([
-        "function whitelistContract(address wallet, address target) external",
-        "function isContractWhitelisted(address wallet, address target) external view returns (bool)",
+    // 4d) enableContractInteraction(wallet, Handshake)
+    const contractInteractionIface = new ethers_1.ethers.Interface([
+        "function enableContractInteraction(address wallet, address target) external",
     ]);
-    const hsAlreadyWhitelisted = await callWithFallback(config.rpcUrl, async (provider) => {
-        const pe = new ethers.Contract(policyAddress, contractInteractionIface, provider);
-        return await pe.isContractWhitelisted(walletAddress, handshakeAddress);
-    }).catch(() => false);
-    if (!hsAlreadyWhitelisted) {
-        try {
-            await sendTx({ to: policyAddress, data: contractInteractionIface.encodeFunctionData("whitelistContract", [walletAddress, handshakeAddress]), value: "0x0" }, "whitelistContract: Handshake");
-        }
-        catch (e) {
-            const msg = e instanceof Error ? e.message : String(e);
-            if (msg.includes("already whitelisted") || msg.includes("cancel")) {
-                console.log(" " + c.success + c.dim(" Handshake contract already whitelisted"));
-            }
-            else {
-                console.log(" " + c.warning + c.dim(` whitelistContract skipped: ${msg.slice(0, 80)}`));
-            }
-        }
-    }
-    else {
-        console.log(" " + c.success + c.dim(" Handshake contract already whitelisted"));
-    }
-    saveConfig(config);
-    console.log(" " + c.success + " Policy configured");
+    await sendTx({ to: policyAddress, data: contractInteractionIface.encodeFunctionData("enableContractInteraction", [walletAddress, handshakeAddress]), value: "0x0" }, "enableContractInteraction: Handshake");
+    (0, config_1.saveConfig)(config);
+    console.log(" " + colors_1.c.success + " Policy configured");
     // Save progress after policy step
     config.onboardingProgress = { walletAddress, step: 4, completedSteps: ["machineKey", "passkey", "policy"] };
-    saveConfig(config);
+    (0, config_1.saveConfig)(config);
     // ── Step 5: Agent Registration ─────────────────────────────────────────────
-    console.log("\n" + c.dim("── Step 5: Agent Registration ─────────────────────────────────"));
+    console.log("\n" + colors_1.c.dim("── Step 5: Agent Registration ─────────────────────────────────"));
     let agentAlreadyRegistered = false;
     let agentName = "";
     let agentServiceType = "";
     let agentEndpoint = "";
     if (agentRegistryAddress) {
         try {
-            agentAlreadyRegistered = await callWithFallback(config.rpcUrl, async (p) => {
-                const reg = new ethers.Contract(agentRegistryAddress, AGENT_REGISTRY_ABI, p);
-                return await reg.isRegistered(walletAddress);
-            });
+            const regContract = new ethers_1.ethers.Contract(agentRegistryAddress, abis_1.AGENT_REGISTRY_ABI, provider);
+            agentAlreadyRegistered = await regContract.isRegistered(walletAddress);
             if (agentAlreadyRegistered) {
-                const info = await callWithFallback(config.rpcUrl, async (p) => {
-                    const reg = new ethers.Contract(agentRegistryAddress, AGENT_REGISTRY_ABI, p);
-                    return await reg.getAgent(walletAddress);
-                });
+                const info = await regContract.getAgent(walletAddress);
                 agentName = info.name;
                 agentServiceType = info.serviceType;
                 agentEndpoint = info.endpoint;
-                console.log(" " + c.success + c.dim(` Agent already registered: ${agentName}`));
+                console.log(" " + colors_1.c.success + colors_1.c.dim(` Agent already registered: ${agentName}`));
             }
         }
         catch { /* ignore */ }
         if (!agentAlreadyRegistered) {
-            const rawHostname = os.hostname();
+            const rawHostname = os_1.default.hostname();
             const cleanHostname = rawHostname.toLowerCase().replace(/[^a-z0-9-]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "");
-            const answers = await prompts([
+            const answers = await (0, prompts_1.default)([
                 { type: "text", name: "name", message: "Agent name?", initial: cleanHostname },
                 { type: "text", name: "serviceType", message: "Service type?", initial: "intelligence" },
                 { type: "text", name: "caps", message: "Capabilities? (comma-separated)", initial: "research" },
@@ -384,33 +363,33 @@ async function runCompleteOnboardingCeremony(walletAddress, ownerAddress, config
             const capabilities = (answers.caps || "research")
                 .split(",").map((s) => s.trim()).filter(Boolean);
             // 5a) enableDefiAccess (check first)
-            const peExtIface = new ethers.Interface([
+            const peExtIface = new ethers_1.ethers.Interface([
                 "function enableDefiAccess(address wallet) external",
                 "function whitelistContract(address wallet, address target) external",
                 "function defiAccessEnabled(address) external view returns (bool)",
                 "function isContractWhitelisted(address wallet, address target) external view returns (bool)",
             ]);
-            const peContract = new ethers.Contract(policyAddress, peExtIface, provider);
+            const peContract = new ethers_1.ethers.Contract(policyAddress, peExtIface, provider);
             const defiEnabled = await peContract.defiAccessEnabled(walletAddress).catch(() => false);
             if (!defiEnabled) {
                 await sendTx({ to: policyAddress, data: peExtIface.encodeFunctionData("enableDefiAccess", [walletAddress]), value: "0x0" }, "enableDefiAccess on PolicyEngine");
-                saveConfig(config);
+                (0, config_1.saveConfig)(config);
             }
             else {
-                console.log(" " + c.success + c.dim(" enableDefiAccess — already done"));
+                console.log(" " + colors_1.c.success + colors_1.c.dim(" enableDefiAccess — already done"));
             }
             // 5b) whitelistContract for AgentRegistry (check first)
             const whitelisted = await peContract.isContractWhitelisted(walletAddress, agentRegistryAddress).catch(() => false);
             if (!whitelisted) {
                 await sendTx({ to: policyAddress, data: peExtIface.encodeFunctionData("whitelistContract", [walletAddress, agentRegistryAddress]), value: "0x0" }, "whitelistContract: AgentRegistry on PolicyEngine");
-                saveConfig(config);
+                (0, config_1.saveConfig)(config);
             }
             else {
-                console.log(" " + c.success + c.dim(" whitelistContract(AgentRegistry) — already done"));
+                console.log(" " + colors_1.c.success + colors_1.c.dim(" whitelistContract(AgentRegistry) — already done"));
             }
             // 5c+d) executeContractCall → register
-            const regIface = new ethers.Interface(AGENT_REGISTRY_ABI);
-            const execIface = new ethers.Interface(ARC402_WALLET_EXECUTE_ABI);
+            const regIface = new ethers_1.ethers.Interface(abis_1.AGENT_REGISTRY_ABI);
+            const execIface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_EXECUTE_ABI);
             const regData = regIface.encodeFunctionData("register", [agentName, capabilities, agentServiceType, agentEndpoint, ""]);
             const execData = execIface.encodeFunctionData("executeContractCall", [{
                     target: agentRegistryAddress,
@@ -418,103 +397,103 @@ async function runCompleteOnboardingCeremony(walletAddress, ownerAddress, config
                     value: 0n,
                     minReturnValue: 0n,
                     maxApprovalAmount: 0n,
-                    approvalToken: ethers.ZeroAddress,
+                    approvalToken: ethers_1.ethers.ZeroAddress,
                 }]);
             await sendTx({ to: walletAddress, data: execData, value: "0x0" }, `register agent: ${agentName}`);
-            console.log(" " + c.success + " Agent registered: " + agentName);
+            console.log(" " + colors_1.c.success + " Agent registered: " + agentName);
         }
     }
     else {
-        console.log(" " + c.warning + " AgentRegistry address not configured — skipping");
+        console.log(" " + colors_1.c.warning + " AgentRegistry address not configured — skipping");
     }
     // Save progress after agent step, then clear on ceremony complete
     config.onboardingProgress = { walletAddress, step: 5, completedSteps: ["machineKey", "passkey", "policy", "agent"] };
-    saveConfig(config);
+    (0, config_1.saveConfig)(config);
     // ── Step 7: Workroom Init ─────────────────────────────────────────────────
-    console.log("\n" + c.dim("── Step 7: Workroom ────────────────────────────────────────────"));
+    console.log("\n" + colors_1.c.dim("── Step 7: Workroom ────────────────────────────────────────────"));
     let workroomInitialized = false;
     let dockerFound = false;
     try {
-        const dockerCheck = spawnSync("docker", ["--version"], { encoding: "utf-8", timeout: 5000 });
+        const dockerCheck = (0, child_process_1.spawnSync)("docker", ["--version"], { encoding: "utf-8", timeout: 5000 });
         dockerFound = dockerCheck.status === 0;
     }
     catch {
         dockerFound = false;
     }
     if (dockerFound) {
-        console.log(" " + c.dim("Docker found — initializing workroom..."));
+        console.log(" " + colors_1.c.dim("Docker found — initializing workroom..."));
         try {
-            const initResult = spawnSync(process.execPath, [process.argv[1], "workroom", "init"], {
+            const initResult = (0, child_process_1.spawnSync)(process.execPath, [process.argv[1], "workroom", "init"], {
                 encoding: "utf-8",
                 timeout: 120000,
                 env: { ...process.env },
             });
             workroomInitialized = initResult.status === 0;
             if (workroomInitialized) {
-                console.log(" " + c.success + " Workroom initialized");
+                console.log(" " + colors_1.c.success + " Workroom initialized");
             }
             else {
-                console.log(" " + c.warning + " Workroom init incomplete — run: arc402 workroom init");
+                console.log(" " + colors_1.c.warning + " Workroom init incomplete — run: arc402 workroom init");
             }
         }
         catch {
-            console.log(" " + c.warning + " Workroom init failed — run: arc402 workroom init");
+            console.log(" " + colors_1.c.warning + " Workroom init failed — run: arc402 workroom init");
         }
     }
     else {
-        console.log(" " + c.warning + " Docker not found");
+        console.log(" " + colors_1.c.warning + " Docker not found");
         console.log("   Install Docker: https://docs.docker.com/get-docker/");
-        console.log("   Or run daemon in host mode: " + c.white("arc402 daemon start --host"));
+        console.log("   Or run daemon in host mode: " + colors_1.c.white("arc402 daemon start --host"));
     }
     // ── Step 8: Daemon Start ──────────────────────────────────────────────────
-    console.log("\n" + c.dim("── Step 8: Daemon ──────────────────────────────────────────────"));
+    console.log("\n" + colors_1.c.dim("── Step 8: Daemon ──────────────────────────────────────────────"));
     let daemonRunning = false;
     const relayPort = 4402;
     if (workroomInitialized) {
         try {
-            const startResult = spawnSync(process.execPath, [process.argv[1], "workroom", "start"], {
+            const startResult = (0, child_process_1.spawnSync)(process.execPath, [process.argv[1], "workroom", "start"], {
                 encoding: "utf-8",
                 timeout: 30000,
                 env: { ...process.env },
             });
             daemonRunning = startResult.status === 0;
             if (daemonRunning) {
-                console.log(" " + c.success + " Daemon online (port " + relayPort + ")");
+                console.log(" " + colors_1.c.success + " Daemon online (port " + relayPort + ")");
             }
             else {
-                console.log(" " + c.warning + " Daemon start failed — run: arc402 workroom start");
+                console.log(" " + colors_1.c.warning + " Daemon start failed — run: arc402 workroom start");
             }
         }
         catch {
-            console.log(" " + c.warning + " Daemon start failed — run: arc402 workroom start");
+            console.log(" " + colors_1.c.warning + " Daemon start failed — run: arc402 workroom start");
         }
     }
     else if (!dockerFound) {
         try {
-            const startResult = spawnSync(process.execPath, [process.argv[1], "daemon", "start", "--host"], {
+            const startResult = (0, child_process_1.spawnSync)(process.execPath, [process.argv[1], "daemon", "start", "--host"], {
                 encoding: "utf-8",
                 timeout: 30000,
                 env: { ...process.env },
             });
             daemonRunning = startResult.status === 0;
             if (daemonRunning) {
-                console.log(" " + c.success + " Daemon online — host mode (port " + relayPort + ")");
+                console.log(" " + colors_1.c.success + " Daemon online — host mode (port " + relayPort + ")");
             }
             else {
-                console.log(" " + c.warning + " Daemon not started — run: arc402 daemon start --host");
+                console.log(" " + colors_1.c.warning + " Daemon not started — run: arc402 daemon start --host");
             }
         }
         catch {
-            console.log(" " + c.warning + " Daemon not started — run: arc402 daemon start --host");
+            console.log(" " + colors_1.c.warning + " Daemon not started — run: arc402 daemon start --host");
         }
     }
     else {
-        console.log(" " + c.warning + " Daemon not started — run: arc402 workroom init first");
+        console.log(" " + colors_1.c.warning + " Daemon not started — run: arc402 workroom init first");
     }
     // ── Step 6: Summary ───────────────────────────────────────────────────────
     const trustScore = await (async () => {
         try {
-            const trust = new ethers.Contract(config.trustRegistryAddress, TRUST_REGISTRY_ABI, provider);
+            const trust = new ethers_1.ethers.Contract(config.trustRegistryAddress, abis_1.TRUST_REGISTRY_ABI, provider);
             const s = await trust.getScore(walletAddress);
             return s.toString();
         }
@@ -523,37 +502,37 @@ async function runCompleteOnboardingCeremony(walletAddress, ownerAddress, config
         }
     })();
     const workroomLabel = dockerFound
-        ? (workroomInitialized ? (daemonRunning ? c.green("✓ Running") : c.yellow("✓ Initialized")) : c.yellow("⚠ Init needed"))
-        : c.yellow("⚠ No Docker");
+        ? (workroomInitialized ? (daemonRunning ? colors_1.c.green("✓ Running") : colors_1.c.yellow("✓ Initialized")) : colors_1.c.yellow("⚠ Init needed"))
+        : colors_1.c.yellow("⚠ No Docker");
     const daemonLabel = daemonRunning
-        ? c.green("✓ Online (port " + relayPort + ")")
-        : c.dim("not started");
+        ? colors_1.c.green("✓ Online (port " + relayPort + ")")
+        : colors_1.c.dim("not started");
     const endpointLabel = agentEndpoint
-        ? c.white(agentEndpoint) + c.dim(` → localhost:${relayPort}`)
-        : c.dim("—");
+        ? colors_1.c.white(agentEndpoint) + colors_1.c.dim(` → localhost:${relayPort}`)
+        : colors_1.c.dim("—");
     // Clear onboarding progress — ceremony complete
     delete config.onboardingProgress;
-    saveConfig(config);
-    console.log("\n " + c.success + c.white(" Onboarding complete"));
-    renderTree([
-        { label: "Wallet", value: c.white(walletAddress) },
-        { label: "Owner", value: c.white(ownerAddress) },
-        { label: "Machine", value: c.white(machineKeyAddress) + c.dim(" (authorized)") },
-        { label: "Passkey", value: passkeyActive ? c.green("✓ set") : c.yellow("⚠ skipped") },
-        { label: "Velocity", value: c.white(velocityLimitEth + " ETH") },
-        { label: "Guardian", value: guardianAddress ? c.white(guardianAddress) : c.dim("none") },
-        { label: "Hire limit", value: c.white(hireLimit + " ETH") },
-        { label: "Agent", value: agentName ? c.white(agentName) : c.dim("not registered") },
-        { label: "Service", value: agentServiceType ? c.white(agentServiceType) : c.dim("—") },
+    (0, config_1.saveConfig)(config);
+    console.log("\n " + colors_1.c.success + colors_1.c.white(" Onboarding complete"));
+    (0, tree_1.renderTree)([
+        { label: "Wallet", value: colors_1.c.white(walletAddress) },
+        { label: "Owner", value: colors_1.c.white(ownerAddress) },
+        { label: "Machine", value: colors_1.c.white(machineKeyAddress) + colors_1.c.dim(" (authorized)") },
+        { label: "Passkey", value: passkeyActive ? colors_1.c.green("✓ set") : colors_1.c.yellow("⚠ skipped") },
+        { label: "Velocity", value: colors_1.c.white(velocityLimitEth + " ETH") },
+        { label: "Guardian", value: guardianAddress ? colors_1.c.white(guardianAddress) : colors_1.c.dim("none") },
+        { label: "Hire limit", value: colors_1.c.white(hireLimit + " ETH") },
+        { label: "Agent", value: agentName ? colors_1.c.white(agentName) : colors_1.c.dim("not registered") },
+        { label: "Service", value: agentServiceType ? colors_1.c.white(agentServiceType) : colors_1.c.dim("—") },
         { label: "Workroom", value: workroomLabel },
         { label: "Daemon", value: daemonLabel },
         { label: "Endpoint", value: endpointLabel },
-        { label: "Trust", value: c.white(`${trustScore}`), last: true },
+        { label: "Trust", value: colors_1.c.white(`${trustScore}`), last: true },
     ]);
-    console.log("\n " + c.dim("Next: fund your wallet with 0.002 ETH on Base"));
+    console.log("\n " + colors_1.c.dim("Next: fund your wallet with 0.002 ETH on Base"));
 }
 function printOpenShellHint() {
-    const r = spawnSync("which", ["openshell"], { encoding: "utf-8" });
+    const r = (0, child_process_1.spawnSync)("which", ["openshell"], { encoding: "utf-8" });
     if (r.status === 0 && r.stdout.trim()) {
         console.log("\nOpenShell detected. Run: arc402 openshell init");
     }
@@ -561,28 +540,37 @@ function printOpenShellHint() {
         console.log("\nOptional: install OpenShell for sandboxed execution: arc402 openshell install");
     }
 }
-export function registerWalletCommands(program) {
+function registerWalletCommands(program) {
     const wallet = program.command("wallet").description("Wallet utilities");
     // ─── status ────────────────────────────────────────────────────────────────
     wallet.command("status").description("Show address, balances, contract wallet, guardian, and frozen status").option("--json").action(async (opts) => {
-        const config = loadConfig();
-        const { provider, address } = await getClient(config);
+        const config = (0, config_1.loadConfig)();
+        const { provider, address } = await (0, client_1.getClient)(config);
         if (!address)
             throw new Error("No wallet configured");
-        const usdcAddress = getUsdcAddress(config);
-        const usdc = new ethers.Contract(usdcAddress, ["function balanceOf(address owner) external view returns (uint256)"], provider);
-        const trust = new TrustClient(config.trustRegistryAddress, provider);
-        const [ethBalance, usdcBalance, score] = await Promise.all([
-            provider.getBalance(address),
-            usdc.balanceOf(address),
-            trust.getScore(address),
-        ]);
+        const usdcAddress = (0, config_1.getUsdcAddress)(config);
+        const usdc = new ethers_1.ethers.Contract(usdcAddress, ["function balanceOf(address owner) external view returns (uint256)"], provider);
+        const trust = new sdk_1.TrustClient(config.trustRegistryAddress, provider);
+        const statusSpinner = opts.json ? null : (0, spinner_1.startSpinner)("Loading wallet status…");
+        let ethBalance, usdcBalance, score;
+        try {
+            [ethBalance, usdcBalance, score] = await Promise.all([
+                provider.getBalance(address),
+                usdc.balanceOf(address),
+                trust.getScore(address),
+            ]);
+            statusSpinner?.succeed("Wallet status loaded");
+        }
+        catch (err) {
+            statusSpinner?.fail("Failed to load wallet status");
+            throw err;
+        }
         // Query contract wallet for frozen/guardian state if deployed
         let contractFrozen = null;
         let contractGuardian = null;
         if (config.walletContractAddress) {
             try {
-                const walletContract = new ethers.Contract(config.walletContractAddress, ARC402_WALLET_GUARDIAN_ABI, provider);
+                const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, abis_1.ARC402_WALLET_GUARDIAN_ABI, provider);
                 [contractFrozen, contractGuardian] = await Promise.all([
                     walletContract.frozen(),
                     walletContract.guardian(),
@@ -593,10 +581,10 @@ export function registerWalletCommands(program) {
         const payload = {
             address,
             network: config.network,
-            ethBalance: ethers.formatEther(ethBalance),
+            ethBalance: ethers_1.ethers.formatEther(ethBalance),
             usdcBalance: (Number(usdcBalance) / 1e6).toFixed(2),
             trustScore: score.score,
-            trustTier: getTrustTier(score.score),
+            trustTier: (0, format_1.getTrustTier)(score.score),
             walletContractAddress: config.walletContractAddress ?? null,
             frozen: contractFrozen,
             guardian: contractGuardian,
@@ -616,11 +604,11 @@ export function registerWalletCommands(program) {
             if (payload.walletContractAddress)
                 treeItems.push({ label: "Contract", value: payload.walletContractAddress });
             if (contractFrozen !== null)
-                treeItems.push({ label: "Frozen", value: contractFrozen ? c.red("YES") : c.green("no") });
-            if (contractGuardian && contractGuardian !== ethers.ZeroAddress)
+                treeItems.push({ label: "Frozen", value: contractFrozen ? colors_1.c.red("YES") : colors_1.c.green("no") });
+            if (contractGuardian && contractGuardian !== ethers_1.ethers.ZeroAddress)
                 treeItems.push({ label: "Guardian", value: contractGuardian });
             treeItems[treeItems.length - 1].last = true;
-            renderTree(treeItems);
+            (0, tree_1.renderTree)(treeItems);
         }
     });
     // ─── wc-reset ──────────────────────────────────────────────────────────────
@@ -633,16 +621,16 @@ export function registerWalletCommands(program) {
         .description("Clear stale WalletConnect session — forces a fresh QR pairing on next connection")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         const hadSession = !!config.wcSession;
         // 1. Clear from config
-        clearWCSession(config);
+        (0, walletconnect_session_1.clearWCSession)(config);
         // 2. Wipe WC SDK storage (may be a file or a directory depending on SDK version)
-        const wcStoragePath = path.join(os.homedir(), ".arc402", "wc-storage.json");
+        const wcStoragePath = path_1.default.join(os_1.default.homedir(), ".arc402", "wc-storage.json");
         let storageWiped = false;
         try {
-            if (fs.existsSync(wcStoragePath)) {
-                fs.rmSync(wcStoragePath, { recursive: true, force: true });
+            if (fs_1.default.existsSync(wcStoragePath)) {
+                fs_1.default.rmSync(wcStoragePath, { recursive: true, force: true });
                 storageWiped = true;
             }
         }
@@ -652,7 +640,7 @@ export function registerWalletCommands(program) {
                 console.log(JSON.stringify({ ok: false, error: `Could not delete ${wcStoragePath}: ${msg}` }));
             }
             else {
-                console.warn(" " + c.warning + " " + c.yellow(`Could not delete ${wcStoragePath}: ${msg}`));
+                console.warn(" " + colors_1.c.warning + " " + colors_1.c.yellow(`Could not delete ${wcStoragePath}: ${msg}`));
                 console.warn("  You may need to delete it manually.");
             }
             return;
@@ -661,12 +649,12 @@ export function registerWalletCommands(program) {
             console.log(JSON.stringify({ ok: true, hadSession, storageWiped }));
         }
         else {
-            console.log(" " + c.success + c.white(" WalletConnect session cleared"));
+            console.log(" " + colors_1.c.success + colors_1.c.white(" WalletConnect session cleared"));
             if (storageWiped)
-                console.log(" " + c.dim("Storage wiped:") + " " + c.white(wcStoragePath));
+                console.log(" " + colors_1.c.dim("Storage wiped:") + " " + colors_1.c.white(wcStoragePath));
             else
-                console.log(" " + c.dim("(No storage file found — already clean)"));
-            console.log("\n" + c.dim("Next: run any wallet command and scan the fresh QR code."));
+                console.log(" " + colors_1.c.dim("(No storage file found — already clean)"));
+            console.log("\n" + colors_1.c.dim("Next: run any wallet command and scan the fresh QR code."));
         }
     });
     // ─── new ───────────────────────────────────────────────────────────────────
@@ -675,12 +663,12 @@ export function registerWalletCommands(program) {
         .option("--network <network>", "Network (base-mainnet or base-sepolia)", "base-sepolia")
         .action(async (opts) => {
         const network = opts.network;
-        const defaults = NETWORK_DEFAULTS[network];
+        const defaults = config_1.NETWORK_DEFAULTS[network];
         if (!defaults) {
             console.error(`Unknown network: ${network}. Use base-mainnet or base-sepolia.`);
             process.exit(1);
         }
-        const generated = ethers.Wallet.createRandom();
+        const generated = ethers_1.ethers.Wallet.createRandom();
         const config = {
             network,
             rpcUrl: defaults.rpcUrl,
@@ -688,12 +676,12 @@ export function registerWalletCommands(program) {
             trustRegistryAddress: defaults.trustRegistryAddress,
             walletFactoryAddress: defaults.walletFactoryAddress,
         };
-        saveConfig(config);
-        renderTree([
+        (0, config_1.saveConfig)(config);
+        (0, tree_1.renderTree)([
             { label: "Address", value: generated.address },
-            { label: "Config", value: getConfigPath(), last: true },
+            { label: "Config", value: (0, config_1.getConfigPath)(), last: true },
         ]);
-        console.log(c.dim("Next: fund your wallet with ETH, then run: arc402 wallet deploy"));
+        console.log(colors_1.c.dim("Next: fund your wallet with ETH, then run: arc402 wallet deploy"));
     });
     // ─── import ────────────────────────────────────────────────────────────────
     wallet.command("import")
@@ -702,7 +690,7 @@ export function registerWalletCommands(program) {
         .option("--key-file <path>", "Read private key from file instead of prompting")
         .action(async (opts) => {
         const network = opts.network;
-        const defaults = NETWORK_DEFAULTS[network];
+        const defaults = config_1.NETWORK_DEFAULTS[network];
         if (!defaults) {
             console.error(`Unknown network: ${network}. Use base-mainnet or base-sepolia.`);
             process.exit(1);
@@ -710,7 +698,7 @@ export function registerWalletCommands(program) {
         let privateKey;
         if (opts.keyFile) {
             try {
-                privateKey = fs.readFileSync(opts.keyFile, "utf-8").trim();
+                privateKey = fs_1.default.readFileSync(opts.keyFile, "utf-8").trim();
             }
             catch (e) {
                 console.error(`Cannot read key file: ${e instanceof Error ? e.message : String(e)}`);
@@ -719,7 +707,7 @@ export function registerWalletCommands(program) {
         }
         else {
             // Interactive prompt — hidden input avoids shell history
-            const answer = await prompts({
+            const answer = await (0, prompts_1.default)({
                 type: "password",
                 name: "key",
                 message: "Paste private key (hidden):",
@@ -732,7 +720,7 @@ export function registerWalletCommands(program) {
         }
         let imported;
         try {
-            imported = new ethers.Wallet(privateKey);
+            imported = new ethers_1.ethers.Wallet(privateKey);
         }
         catch {
             console.error("Invalid private key. Must be a 0x-prefixed hex string.");
@@ -745,24 +733,24 @@ export function registerWalletCommands(program) {
             trustRegistryAddress: defaults.trustRegistryAddress,
             walletFactoryAddress: defaults.walletFactoryAddress,
         };
-        saveConfig(config);
-        renderTree([
+        (0, config_1.saveConfig)(config);
+        (0, tree_1.renderTree)([
             { label: "Address", value: imported.address },
-            { label: "Config", value: getConfigPath(), last: true },
+            { label: "Config", value: (0, config_1.getConfigPath)(), last: true },
         ]);
-        console.warn(" " + c.warning + " " + c.yellow("Store your private key safely — anyone with it controls your wallet"));
+        console.warn(" " + colors_1.c.warning + " " + colors_1.c.yellow("Store your private key safely — anyone with it controls your wallet"));
     });
     // ─── fund ──────────────────────────────────────────────────────────────────
     wallet.command("fund")
         .description("Show how to get ETH onto your wallet")
         .action(async () => {
-        const config = loadConfig();
-        const { provider, address } = await getClient(config);
+        const config = (0, config_1.loadConfig)();
+        const { provider, address } = await (0, client_1.getClient)(config);
         if (!address)
             throw new Error("No wallet configured");
         const ethBalance = await provider.getBalance(address);
         console.log(`\nYour wallet address:\n  ${address}`);
-        console.log(`\nCurrent balance: ${ethers.formatEther(ethBalance)} ETH`);
+        console.log(`\nCurrent balance: ${ethers_1.ethers.formatEther(ethBalance)} ETH`);
         console.log(`\nFunding options:`);
         console.log(`  Bridge (Base mainnet): https://bridge.base.org`);
         console.log(`  Coinbase: If you use Coinbase, you can withdraw directly to Base mainnet`);
@@ -775,17 +763,17 @@ export function registerWalletCommands(program) {
         .description("Check ETH balance on Base")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
-        const { provider, address } = await getClient(config);
+        const config = (0, config_1.loadConfig)();
+        const { provider, address } = await (0, client_1.getClient)(config);
         if (!address)
             throw new Error("No wallet configured");
         const ethBalance = await provider.getBalance(address);
-        const formatted = ethers.formatEther(ethBalance);
+        const formatted = ethers_1.ethers.formatEther(ethBalance);
         if (opts.json) {
             console.log(JSON.stringify({ address, balance: formatted, balanceWei: ethBalance.toString() }));
         }
         else {
-            renderTree([
+            (0, tree_1.renderTree)([
                 { label: "Address", value: address },
                 { label: "Balance", value: `${formatted} ETH`, last: true },
             ]);
@@ -797,8 +785,8 @@ export function registerWalletCommands(program) {
         .option("--owner <address>", "Master key address to query (defaults to config.ownerAddress)")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
-        const factoryAddress = config.walletFactoryAddress ?? NETWORK_DEFAULTS[config.network]?.walletFactoryAddress;
+        const config = (0, config_1.loadConfig)();
+        const factoryAddress = config.walletFactoryAddress ?? config_1.NETWORK_DEFAULTS[config.network]?.walletFactoryAddress;
         if (!factoryAddress) {
             console.error("walletFactoryAddress not found in config or NETWORK_DEFAULTS.");
             process.exit(1);
@@ -808,12 +796,12 @@ export function registerWalletCommands(program) {
             console.error("No owner address. Pass --owner <address> or set ownerAddress in config (run `arc402 wallet deploy` first).");
             process.exit(1);
         }
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const factory = new ethers.Contract(factoryAddress, WALLET_FACTORY_ABI, provider);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const factory = new ethers_1.ethers.Contract(factoryAddress, abis_1.WALLET_FACTORY_ABI, provider);
         const wallets = await factory.getWallets(ownerAddress);
         const results = await Promise.all(wallets.map(async (addr) => {
-            const walletContract = new ethers.Contract(addr, ARC402_WALLET_GUARDIAN_ABI, provider);
-            const trustContract = new ethers.Contract(config.trustRegistryAddress, TRUST_REGISTRY_ABI, provider);
+            const walletContract = new ethers_1.ethers.Contract(addr, abis_1.ARC402_WALLET_GUARDIAN_ABI, provider);
+            const trustContract = new ethers_1.ethers.Contract(config.trustRegistryAddress, abis_1.TRUST_REGISTRY_ABI, provider);
             const [frozen, score] = await Promise.all([
                 walletContract.frozen().catch(() => null),
                 trustContract.getScore(addr).catch(() => BigInt(0)),
@@ -846,18 +834,18 @@ export function registerWalletCommands(program) {
         .action(async (address) => {
         let checksumAddress;
         try {
-            checksumAddress = ethers.getAddress(address);
+            checksumAddress = ethers_1.ethers.getAddress(address);
         }
         catch {
             console.error(`Invalid address: ${address}`);
             process.exit(1);
         }
-        const config = loadConfig();
-        const factoryAddress = config.walletFactoryAddress ?? NETWORK_DEFAULTS[config.network]?.walletFactoryAddress;
+        const config = (0, config_1.loadConfig)();
+        const factoryAddress = config.walletFactoryAddress ?? config_1.NETWORK_DEFAULTS[config.network]?.walletFactoryAddress;
         if (factoryAddress && config.ownerAddress) {
             try {
-                const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-                const factory = new ethers.Contract(factoryAddress, WALLET_FACTORY_ABI, provider);
+                const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+                const factory = new ethers_1.ethers.Contract(factoryAddress, abis_1.WALLET_FACTORY_ABI, provider);
                 const wallets = await factory.getWallets(config.ownerAddress);
                 const found = wallets.some((w) => w.toLowerCase() === checksumAddress.toLowerCase());
                 if (!found) {
@@ -868,7 +856,7 @@ export function registerWalletCommands(program) {
             catch { /* allow override if factory call fails */ }
         }
         config.walletContractAddress = checksumAddress;
-        saveConfig(config);
+        (0, config_1.saveConfig)(config);
         console.log(`Active wallet set to ${checksumAddress}`);
     });
     // ─── deploy ────────────────────────────────────────────────────────────────
@@ -878,83 +866,61 @@ export function registerWalletCommands(program) {
         .option("--hardware", "Hardware wallet mode: show raw wc: URI only (for Ledger Live, Trezor Suite, etc.)")
         .option("--sponsored", "Use CDP paymaster for gas sponsorship (requires paymasterUrl + cdpKeyName + CDP_PRIVATE_KEY env)")
         .option("--dry-run", "Simulate the deployment ceremony without sending transactions")
-        .option("--force", "Deploy even if a wallet is already configured")
         .action(async (opts) => {
-        const config = loadConfig();
-        // ── Check for existing wallet (allow resume if onboarding incomplete) ──
-        if (config.walletContractAddress && !config.onboardingProgress) {
-            const addr = config.walletContractAddress;
-            console.log();
-            console.log(` ${c.mark} Wallet already deployed at ${c.white(addr)}`);
-            console.log(`   Use ${c.white("wallet status")} to check it.`);
-            console.log(`   Use ${c.white("wallet deploy --force")} to deploy another wallet.`);
-            console.log();
-            if (!opts.force)
-                return;
-            console.log(` ${c.warning} Deploying a second wallet (--force)...`);
-            console.log();
-        }
-        else if (config.walletContractAddress && config.onboardingProgress) {
-            const step = config.onboardingProgress.step ?? 0;
-            const completed = config.onboardingProgress.completedSteps ?? [];
-            console.log();
-            console.log(` ${c.dim("◈")} Resuming onboarding for ${c.white(config.walletContractAddress)}`);
-            console.log(`   Completed: ${completed.join(", ") || "none"} (step ${step})`);
-            console.log();
-        }
+        const config = (0, config_1.loadConfig)();
         if (opts.dryRun) {
-            const factoryAddr = config.walletFactoryAddress ?? NETWORK_DEFAULTS[config.network]?.walletFactoryAddress ?? "(not configured)";
+            const factoryAddr = config.walletFactoryAddress ?? config_1.NETWORK_DEFAULTS[config.network]?.walletFactoryAddress ?? "(not configured)";
             const chainId = config.network === "base-mainnet" ? 8453 : 84532;
             console.log();
-            console.log(" " + c.dim("── Dry run: wallet deploy ──────────────────────────────────────"));
-            console.log(" " + c.dim("Network:         ") + c.white(config.network));
-            console.log(" " + c.dim("Chain ID:        ") + c.white(String(chainId)));
-            console.log(" " + c.dim("RPC:             ") + c.white(config.rpcUrl));
-            console.log(" " + c.dim("WalletFactory:   ") + c.white(factoryAddr));
-            console.log(" " + c.dim("Signing method:  ") + c.white(opts.smartWallet ? "Base Smart Wallet" : opts.hardware ? "Hardware (WC URI)" : "WalletConnect"));
-            console.log(" " + c.dim("Sponsored:       ") + c.white(opts.sponsored ? "yes" : "no"));
+            console.log(" " + colors_1.c.dim("── Dry run: wallet deploy ──────────────────────────────────────"));
+            console.log(" " + colors_1.c.dim("Network:         ") + colors_1.c.white(config.network));
+            console.log(" " + colors_1.c.dim("Chain ID:        ") + colors_1.c.white(String(chainId)));
+            console.log(" " + colors_1.c.dim("RPC:             ") + colors_1.c.white(config.rpcUrl));
+            console.log(" " + colors_1.c.dim("WalletFactory:   ") + colors_1.c.white(factoryAddr));
+            console.log(" " + colors_1.c.dim("Signing method:  ") + colors_1.c.white(opts.smartWallet ? "Base Smart Wallet" : opts.hardware ? "Hardware (WC URI)" : "WalletConnect"));
+            console.log(" " + colors_1.c.dim("Sponsored:       ") + colors_1.c.white(opts.sponsored ? "yes" : "no"));
             console.log();
-            console.log(" " + c.dim("Steps that would run:"));
+            console.log(" " + colors_1.c.dim("Steps that would run:"));
             console.log("   1. Connect " + (opts.smartWallet ? "Coinbase Smart Wallet" : "WalletConnect") + " session");
             console.log("   2. Call WalletFactory.createWallet() → deploy ARC402Wallet");
             console.log("   3. Save walletContractAddress to config");
             console.log("   4. Run onboarding ceremony (PolicyEngine, machine key, agent registration)");
             console.log();
-            console.log(" " + c.dim("No transactions sent (--dry-run mode)."));
+            console.log(" " + colors_1.c.dim("No transactions sent (--dry-run mode)."));
             console.log();
             return;
         }
-        const factoryAddress = config.walletFactoryAddress ?? NETWORK_DEFAULTS[config.network]?.walletFactoryAddress;
+        const factoryAddress = config.walletFactoryAddress ?? config_1.NETWORK_DEFAULTS[config.network]?.walletFactoryAddress;
         if (!factoryAddress) {
             console.error("walletFactoryAddress not found in config or NETWORK_DEFAULTS. Add walletFactoryAddress to your config.");
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const factoryInterface = new ethers.Interface(WALLET_FACTORY_ABI);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const factoryInterface = new ethers_1.ethers.Interface(abis_1.WALLET_FACTORY_ABI);
         if (opts.sponsored) {
             // ── Sponsored deploy via CDP paymaster + ERC-4337 bundler ─────────────
             // Note: WalletFactoryV3/V4 use msg.sender as wallet owner. In ERC-4337
             // context msg.sender = EntryPoint. A factory upgrade with explicit owner
             // param is needed for fully correct sponsored deployment. Until then,
             // this path is available for testing and future-proofing.
-            const paymasterUrl = config.paymasterUrl ?? NETWORK_DEFAULTS[config.network]?.paymasterUrl;
+            const paymasterUrl = config.paymasterUrl ?? config_1.NETWORK_DEFAULTS[config.network]?.paymasterUrl;
             const cdpKeyName = config.cdpKeyName ?? process.env.CDP_KEY_NAME;
             const cdpPrivateKey = config.cdpPrivateKey ?? process.env.CDP_PRIVATE_KEY;
             if (!paymasterUrl) {
                 console.error("paymasterUrl not configured. Add it to config or set NEXT_PUBLIC_PAYMASTER_URL.");
                 process.exit(1);
             }
-            const { signer, address: ownerAddress } = await requireSigner(config);
+            const { signer, address: ownerAddress } = await (0, client_1.requireSigner)(config);
             const bundlerUrl = process.env.BUNDLER_URL ?? "https://api.pimlico.io/v2/base/rpc";
-            const pm = new PaymasterClient(paymasterUrl, cdpKeyName, cdpPrivateKey);
-            const bundler = new BundlerClient(bundlerUrl, DEFAULT_ENTRY_POINT, chainId);
+            const pm = new bundler_1.PaymasterClient(paymasterUrl, cdpKeyName, cdpPrivateKey);
+            const bundler = new bundler_1.BundlerClient(bundlerUrl, bundler_1.DEFAULT_ENTRY_POINT, chainId);
             console.log(`Sponsoring deploy via ${paymasterUrl}...`);
-            const factoryIface = new ethers.Interface(WALLET_FACTORY_ABI);
-            const factoryData = factoryIface.encodeFunctionData("createWallet", [DEFAULT_ENTRY_POINT]);
+            const factoryIface = new ethers_1.ethers.Interface(abis_1.WALLET_FACTORY_ABI);
+            const factoryData = factoryIface.encodeFunctionData("createWallet", [bundler_1.DEFAULT_ENTRY_POINT]);
             // Predict counterfactual sender address using EntryPoint.getSenderAddress
-            const entryPoint = new ethers.Contract(DEFAULT_ENTRY_POINT, ["function getSenderAddress(bytes calldata initCode) external"], provider);
-            const initCodePacked = ethers.concat([factoryAddress, factoryData]);
+            const entryPoint = new ethers_1.ethers.Contract(bundler_1.DEFAULT_ENTRY_POINT, ["function getSenderAddress(bytes calldata initCode) external"], provider);
+            const initCodePacked = ethers_1.ethers.concat([factoryAddress, factoryData]);
             let senderAddress;
             try {
                 // getSenderAddress always reverts with SenderAddressResult(address)
@@ -968,7 +934,7 @@ export function registerWalletCommands(program) {
                     console.error("Could not predict wallet address:", msg);
                     process.exit(1);
                 }
-                senderAddress = ethers.getAddress("0x" + match[1].slice(24));
+                senderAddress = ethers_1.ethers.getAddress("0x" + match[1].slice(24));
             }
             console.log(`Predicted wallet address: ${senderAddress}`);
             const userOp = await pm.sponsorUserOperation({
@@ -977,22 +943,22 @@ export function registerWalletCommands(program) {
                 callData: "0x",
                 factory: factoryAddress,
                 factoryData,
-                callGasLimit: ethers.toBeHex(300_000),
-                verificationGasLimit: ethers.toBeHex(400_000),
-                preVerificationGas: ethers.toBeHex(60_000),
-                maxFeePerGas: ethers.toBeHex((await provider.getFeeData()).maxFeePerGas ?? BigInt(1_000_000_000)),
-                maxPriorityFeePerGas: ethers.toBeHex((await provider.getFeeData()).maxPriorityFeePerGas ?? BigInt(100_000_000)),
+                callGasLimit: ethers_1.ethers.toBeHex(300000),
+                verificationGasLimit: ethers_1.ethers.toBeHex(400000),
+                preVerificationGas: ethers_1.ethers.toBeHex(60000),
+                maxFeePerGas: ethers_1.ethers.toBeHex((await provider.getFeeData()).maxFeePerGas ?? BigInt(1000000000)),
+                maxPriorityFeePerGas: ethers_1.ethers.toBeHex((await provider.getFeeData()).maxPriorityFeePerGas ?? BigInt(100000000)),
                 signature: "0x",
-            }, DEFAULT_ENTRY_POINT);
+            }, bundler_1.DEFAULT_ENTRY_POINT);
             // Sign UserOp with owner key
-            const userOpHash = ethers.keccak256(ethers.AbiCoder.defaultAbiCoder().encode(["address", "uint256", "bytes32", "bytes32", "bytes32", "uint256", "bytes32", "bytes32"], [
+            const userOpHash = ethers_1.ethers.keccak256(ethers_1.ethers.AbiCoder.defaultAbiCoder().encode(["address", "uint256", "bytes32", "bytes32", "bytes32", "uint256", "bytes32", "bytes32"], [
                 userOp.sender, BigInt(userOp.nonce),
-                ethers.keccak256(userOp.factory ? ethers.concat([userOp.factory, userOp.factoryData ?? "0x"]) : "0x"),
-                ethers.keccak256(userOp.callData),
-                ethers.keccak256(ethers.AbiCoder.defaultAbiCoder().encode(["uint256", "uint256", "uint256", "uint256", "uint256", "address", "bytes"], [userOp.verificationGasLimit, userOp.callGasLimit, userOp.preVerificationGas, userOp.maxFeePerGas, userOp.maxPriorityFeePerGas, userOp.paymaster ?? ethers.ZeroAddress, userOp.paymasterData ?? "0x"])),
-                BigInt(chainId), DEFAULT_ENTRY_POINT, ethers.ZeroHash,
+                ethers_1.ethers.keccak256(userOp.factory ? ethers_1.ethers.concat([userOp.factory, userOp.factoryData ?? "0x"]) : "0x"),
+                ethers_1.ethers.keccak256(userOp.callData),
+                ethers_1.ethers.keccak256(ethers_1.ethers.AbiCoder.defaultAbiCoder().encode(["uint256", "uint256", "uint256", "uint256", "uint256", "address", "bytes"], [userOp.verificationGasLimit, userOp.callGasLimit, userOp.preVerificationGas, userOp.maxFeePerGas, userOp.maxPriorityFeePerGas, userOp.paymaster ?? ethers_1.ethers.ZeroAddress, userOp.paymasterData ?? "0x"])),
+                BigInt(chainId), bundler_1.DEFAULT_ENTRY_POINT, ethers_1.ethers.ZeroHash,
             ]));
-            userOp.signature = await signer.signMessage(ethers.getBytes(userOpHash));
+            userOp.signature = await signer.signMessage(ethers_1.ethers.getBytes(userOpHash));
             const userOpHash2 = await bundler.sendUserOperation(userOp);
             console.log(`UserOp submitted: ${userOpHash2}`);
             console.log("Waiting for confirmation...");
@@ -1003,24 +969,24 @@ export function registerWalletCommands(program) {
             }
             config.walletContractAddress = senderAddress;
             config.ownerAddress = ownerAddress;
-            saveConfig(config);
-            console.log("\n" + c.success + c.white(" ARC402Wallet deployed (sponsored)"));
-            renderTree([
+            (0, config_1.saveConfig)(config);
+            console.log("\n" + colors_1.c.success + colors_1.c.white(" ARC402Wallet deployed (sponsored)"));
+            (0, tree_1.renderTree)([
                 { label: "Wallet", value: senderAddress },
                 { label: "Owner", value: ownerAddress },
                 { label: "Gas", value: "Sponsorship active — initial setup ops are free", last: true },
             ]);
-            console.log(" " + c.warning + " " + c.yellow("IMPORTANT: Onboarding ceremony was not run on this wallet."));
-            console.log(c.dim("   Category spend limits have NOT been configured. All executeSpend and"));
-            console.log(c.dim(`   executeTokenSpend calls will fail with "PolicyEngine: category not configured"`));
-            console.log(c.dim("   until you run governance setup manually via WalletConnect:"));
-            console.log("\n" + c.dim("     arc402 wallet governance setup"));
-            console.log("\n" + c.dim("   This must be done before making any spend from this wallet."));
-            console.log("\n" + c.dim("Next: arc402 wallet set-passkey <x> <y> --sponsored"));
+            console.log(" " + colors_1.c.warning + " " + colors_1.c.yellow("IMPORTANT: Onboarding ceremony was not run on this wallet."));
+            console.log(colors_1.c.dim("   Category spend limits have NOT been configured. All executeSpend and"));
+            console.log(colors_1.c.dim(`   executeTokenSpend calls will fail with "PolicyEngine: category not configured"`));
+            console.log(colors_1.c.dim("   until you run governance setup manually via WalletConnect:"));
+            console.log("\n" + colors_1.c.dim("     arc402 wallet governance setup"));
+            console.log("\n" + colors_1.c.dim("   This must be done before making any spend from this wallet."));
+            console.log("\n" + colors_1.c.dim("Next: arc402 wallet set-passkey <x> <y> --sponsored"));
             printOpenShellHint();
         }
         else if (opts.smartWallet) {
-            const { txHash, account } = await requestCoinbaseSmartWalletSignature(chainId, (ownerAccount) => ({
+            const { txHash, account } = await (0, coinbase_smart_wallet_1.requestCoinbaseSmartWalletSignature)(chainId, (ownerAccount) => ({
                 to: factoryAddress,
                 data: factoryInterface.encodeFunctionData("createWallet", ["0x0000000071727De22E5E9d8BAf0edAc6f37da032"]),
                 value: "0x0",
@@ -1033,7 +999,7 @@ export function registerWalletCommands(program) {
                 process.exit(1);
             }
             let walletAddress = null;
-            const factoryContract = new ethers.Contract(factoryAddress, WALLET_FACTORY_ABI, provider);
+            const factoryContract = new ethers_1.ethers.Contract(factoryAddress, abis_1.WALLET_FACTORY_ABI, provider);
             for (const log of receipt.logs) {
                 try {
                     const parsed = factoryContract.interface.parseLog(log);
@@ -1050,14 +1016,14 @@ export function registerWalletCommands(program) {
             }
             config.walletContractAddress = walletAddress;
             config.ownerAddress = account;
-            saveConfig(config);
-            console.log("\n" + c.success + c.white(" ARC402Wallet deployed"));
-            renderTree([
+            (0, config_1.saveConfig)(config);
+            console.log("\n" + colors_1.c.success + colors_1.c.white(" ARC402Wallet deployed"));
+            (0, tree_1.renderTree)([
                 { label: "Wallet", value: walletAddress },
-                { label: "Owner", value: account + c.dim(" (Base Smart Wallet)"), last: true },
+                { label: "Owner", value: account + colors_1.c.dim(" (Base Smart Wallet)"), last: true },
             ]);
-            console.log(c.dim("Your wallet contract is ready for policy enforcement"));
-            console.log(c.dim("\nNext: run 'arc402 wallet set-guardian' to configure the emergency guardian key."));
+            console.log(colors_1.c.dim("Your wallet contract is ready for policy enforcement"));
+            console.log(colors_1.c.dim("\nNext: run 'arc402 wallet set-guardian' to configure the emergency guardian key."));
             printOpenShellHint();
         }
         else if (config.walletConnectProjectId) {
@@ -1074,37 +1040,37 @@ export function registerWalletCommands(program) {
                     2: "machine key", 3: "passkey", 4: "policy setup", 5: "agent registration",
                 };
                 const nextStep = (resumeProgress.step ?? 1) + 1;
-                console.log(" " + c.dim(`◈ Resuming onboarding from step ${nextStep} (${stepNames[nextStep] ?? "ceremony"})...`));
+                console.log(" " + colors_1.c.dim(`◈ Resuming onboarding from step ${nextStep} (${stepNames[nextStep] ?? "ceremony"})...`));
             }
             // ── Gas estimation ─────────────────────────────────────────────────────
             if (!isResuming) {
                 let gasMsg = "~0.003 ETH (6 transactions on Base)";
                 try {
                     const feeData = await provider.getFeeData();
-                    const gasPrice = feeData.maxFeePerGas ?? feeData.gasPrice ?? BigInt(1_500_000_000);
+                    const gasPrice = feeData.maxFeePerGas ?? feeData.gasPrice ?? BigInt(1500000000);
                     const deployGas = await provider.estimateGas({
                         to: factoryAddress,
                         data: factoryInterface.encodeFunctionData("createWallet", ["0x0000000071727De22E5E9d8BAf0edAc6f37da032"]),
-                    }).catch(() => BigInt(280_000));
-                    const ceremonyGas = BigInt(700_000); // ~5 ceremony txs × ~140k each
-                    const totalGasEth = parseFloat(ethers.formatEther((deployGas + ceremonyGas) * gasPrice));
+                    }).catch(() => BigInt(280000));
+                    const ceremonyGas = BigInt(700000); // ~5 ceremony txs × ~140k each
+                    const totalGasEth = parseFloat(ethers_1.ethers.formatEther((deployGas + ceremonyGas) * gasPrice));
                     gasMsg = `~${totalGasEth.toFixed(4)} ETH (6 transactions on Base)`;
                 }
                 catch { /* use default */ }
-                console.log(" " + c.dim(`◈ Estimated gas: ${gasMsg}`));
+                console.log(" " + colors_1.c.dim(`◈ Estimated gas: ${gasMsg}`));
             }
             // ── Step 1: Connect ────────────────────────────────────────────────────
             const connectPrompt = isResuming
                 ? "Connect wallet to resume onboarding"
                 : "Approve ARC402Wallet deployment — you will be set as owner";
-            const { client, session, account } = await connectPhoneWallet(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: connectPrompt, hardware: !!opts.hardware });
+            const { client, session, account } = await (0, walletconnect_1.connectPhoneWallet)(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: connectPrompt, hardware: !!opts.hardware });
             const networkName = chainId === 8453 ? "Base" : "Base Sepolia";
             const shortAddr = `${account.slice(0, 6)}...${account.slice(-5)}`;
-            console.log("\n" + c.success + c.white(` Connected: ${shortAddr} on ${networkName}`));
+            console.log("\n" + colors_1.c.success + colors_1.c.white(` Connected: ${shortAddr} on ${networkName}`));
             if (telegramOpts && !isResuming) {
                 // Send "connected" message with a deploy confirmation button.
                 // TODO: wire up full callback_data round-trip when a persistent bot process is available.
-                await sendTelegramMessage({
+                await (0, telegram_notify_1.sendTelegramMessage)({
                     botToken: telegramOpts.botToken,
                     chatId: telegramOpts.chatId,
                     threadId: telegramOpts.threadId,
@@ -1116,13 +1082,13 @@ export function registerWalletCommands(program) {
             if (isResuming) {
                 // Resume: skip deploy, use existing wallet
                 walletAddress = config.walletContractAddress;
-                console.log(" " + c.dim(`◈ Using existing wallet: ${walletAddress}`));
+                console.log(" " + colors_1.c.dim(`◈ Using existing wallet: ${walletAddress}`));
             }
             else {
                 // ── Step 2: Confirm & Deploy ─────────────────────────────────────────
                 // WalletConnect approval already confirmed intent — sending automatically
                 console.log("Deploying...");
-                const txHash = await sendTransactionWithSession(client, session, account, chainId, {
+                const txHash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, {
                     to: factoryAddress,
                     data: factoryInterface.encodeFunctionData("createWallet", ["0x0000000071727De22E5E9d8BAf0edAc6f37da032"]),
                     value: "0x0",
@@ -1135,7 +1101,7 @@ export function registerWalletCommands(program) {
                     process.exit(1);
                 }
                 let deployedWallet = null;
-                const factoryContract = new ethers.Contract(factoryAddress, WALLET_FACTORY_ABI, provider);
+                const factoryContract = new ethers_1.ethers.Contract(factoryAddress, abis_1.WALLET_FACTORY_ABI, provider);
                 for (const log of receipt.logs) {
                     try {
                         const parsed = factoryContract.interface.parseLog(log);
@@ -1154,24 +1120,24 @@ export function registerWalletCommands(program) {
                 // ── Step 1 complete: save wallet + owner immediately ─────────────────
                 config.walletContractAddress = walletAddress;
                 config.ownerAddress = account;
-                saveConfig(config);
+                (0, config_1.saveConfig)(config);
                 try {
-                    fs.chmodSync(getConfigPath(), 0o600);
+                    fs_1.default.chmodSync((0, config_1.getConfigPath)(), 0o600);
                 }
                 catch { /* best-effort */ }
-                console.log("\n " + c.success + c.white(" Wallet deployed"));
-                renderTree([
+                console.log("\n " + colors_1.c.success + colors_1.c.white(" Wallet deployed"));
+                (0, tree_1.renderTree)([
                     { label: "Wallet", value: walletAddress },
                     { label: "Owner", value: account, last: true },
                 ]);
             }
             // ── Steps 2–6: Complete onboarding ceremony (same WalletConnect session)
             const sendTxCeremony = async (call, description) => {
-                console.log(" " + c.dim(`◈ ${description}`));
-                const hash = await sendTransactionWithSession(client, session, account, chainId, call);
-                console.log(" " + c.dim("  waiting for confirmation..."));
+                console.log(" " + colors_1.c.dim(`◈ ${description}`));
+                const hash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, call);
+                console.log(" " + colors_1.c.dim("  waiting for confirmation..."));
                 await provider.waitForTransaction(hash, 1);
-                console.log(" " + c.success + " " + c.white(description));
+                console.log(" " + colors_1.c.success + " " + colors_1.c.white(description));
                 return hash;
             };
             await runCompleteOnboardingCeremony(walletAddress, account, config, provider, sendTxCeremony);
@@ -1180,9 +1146,9 @@ export function registerWalletCommands(program) {
         else {
             console.warn("⚠ WalletConnect not configured. Using stored private key (insecure).");
             console.warn("  Run `arc402 config set walletConnectProjectId <id>` to enable phone wallet signing.");
-            const { signer, address } = await requireSigner(config);
-            const factory = new ethers.Contract(factoryAddress, WALLET_FACTORY_ABI, signer);
-            const deploySpinner = startSpinner(`Deploying ARC402Wallet via factory at ${factoryAddress}...`);
+            const { signer, address } = await (0, client_1.requireSigner)(config);
+            const factory = new ethers_1.ethers.Contract(factoryAddress, abis_1.WALLET_FACTORY_ABI, signer);
+            const deploySpinner = (0, spinner_1.startSpinner)(`Deploying ARC402Wallet via factory at ${factoryAddress}...`);
             const tx = await factory.createWallet("0x0000000071727De22E5E9d8BAf0edAc6f37da032");
             const receipt = await tx.wait();
             let walletAddress = null;
@@ -1202,7 +1168,7 @@ export function registerWalletCommands(program) {
             }
             deploySpinner.succeed("Wallet deployed");
             // Generate guardian key (separate from hot key) and call setGuardian
-            const guardianWallet = ethers.Wallet.createRandom();
+            const guardianWallet = ethers_1.ethers.Wallet.createRandom();
             config.walletContractAddress = walletAddress;
             config.ownerAddress = address;
             config.guardianAddress = guardianWallet.address;
@@ -1210,23 +1176,23 @@ export function registerWalletCommands(program) {
             saveGuardianKey(guardianWallet.privateKey);
             if (config.guardianPrivateKey)
                 delete config.guardianPrivateKey;
-            saveConfig(config);
+            (0, config_1.saveConfig)(config);
             // Call setGuardian on the deployed wallet
-            const walletContract = new ethers.Contract(walletAddress, ARC402_WALLET_GUARDIAN_ABI, signer);
+            const walletContract = new ethers_1.ethers.Contract(walletAddress, abis_1.ARC402_WALLET_GUARDIAN_ABI, signer);
             const setGuardianTx = await walletContract.setGuardian(guardianWallet.address);
             await setGuardianTx.wait();
             // ── Mandatory onboarding ceremony (private key path) ──────────────────
             console.log("\nRunning mandatory onboarding ceremony...");
-            const provider2 = new ethers.JsonRpcProvider(config.rpcUrl);
+            const provider2 = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
             await runWalletOnboardingCeremony(walletAddress, address, config, provider2, async (call, description) => {
-                console.log(" " + c.dim(`Sending: ${description}`));
+                console.log(" " + colors_1.c.dim(`Sending: ${description}`));
                 const tx2 = await signer.sendTransaction({ to: call.to, data: call.data, value: call.value === "0x0" ? 0n : BigInt(call.value) });
                 await tx2.wait(1);
-                console.log(" " + c.success + " " + c.dim(description) + " " + c.dim(tx2.hash));
+                console.log(" " + colors_1.c.success + " " + colors_1.c.dim(description) + " " + colors_1.c.dim(tx2.hash));
                 return tx2.hash;
             });
-            console.log(` ${c.success} ARC402Wallet deployed`);
-            renderTree([
+            console.log(` ${colors_1.c.success} ARC402Wallet deployed`);
+            (0, tree_1.renderTree)([
                 { label: "Wallet", value: walletAddress },
                 { label: "Guardian", value: guardianWallet.address, last: true },
             ]);
@@ -1240,12 +1206,12 @@ export function registerWalletCommands(program) {
         .description("Send ETH from configured wallet (amount: '0.001eth' or wei)")
         .option("--json")
         .action(async (to, amountRaw, opts) => {
-        const config = loadConfig();
-        const { signer } = await requireSigner(config);
+        const config = (0, config_1.loadConfig)();
+        const { signer } = await (0, client_1.requireSigner)(config);
         const value = parseAmount(amountRaw);
         const tx = await signer.sendTransaction({ to, value });
         if (opts.json) {
-            console.log(JSON.stringify({ txHash: tx.hash, to, amount: ethers.formatEther(value) }));
+            console.log(JSON.stringify({ txHash: tx.hash, to, amount: ethers_1.ethers.formatEther(value) }));
         }
         else {
             console.log(`Tx hash: ${tx.hash}`);
@@ -1257,22 +1223,22 @@ export function registerWalletCommands(program) {
         .description("Show per-tx and daily spending limits for a category")
         .requiredOption("--category <cat>", "Category name (e.g. code.review)")
         .action(async (opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         const policyAddress = config.policyEngineAddress ?? POLICY_ENGINE_DEFAULT;
         const walletAddr = config.walletContractAddress;
         if (!walletAddr) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
         }
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const contract = new ethers.Contract(policyAddress, POLICY_ENGINE_LIMITS_ABI, provider);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const contract = new ethers_1.ethers.Contract(policyAddress, abis_1.POLICY_ENGINE_LIMITS_ABI, provider);
         const [perTxLimit, dailyLimit] = await Promise.all([
             contract.categoryLimits(walletAddr, opts.category),
             contract.dailyCategoryLimit(walletAddr, opts.category),
         ]);
         console.log(`Category:  ${opts.category}`);
-        console.log(`Per-tx:    ${perTxLimit === 0n ? "(not set)" : ethers.formatEther(perTxLimit) + " ETH"}`);
-        console.log(`Daily:     ${dailyLimit === 0n ? "(not set)" : ethers.formatEther(dailyLimit) + " ETH"}`);
+        console.log(`Per-tx:    ${perTxLimit === 0n ? "(not set)" : ethers_1.ethers.formatEther(perTxLimit) + " ETH"}`);
+        console.log(`Daily:     ${dailyLimit === 0n ? "(not set)" : ethers_1.ethers.formatEther(dailyLimit) + " ETH"}`);
         if (dailyLimit > 0n) {
             console.log(`\nNote: Daily limits use two 12-hour buckets (current + previous window).`);
             console.log(`  The effective limit applies across a rolling 12-24 hour period, not a strict calendar day.`);
@@ -1283,19 +1249,19 @@ export function registerWalletCommands(program) {
         .requiredOption("--category <cat>", "Category name (e.g. code.review)")
         .requiredOption("--amount <eth>", "Limit in ETH (e.g. 0.1)")
         .action(async (opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         const policyAddress = config.policyEngineAddress ?? POLICY_ENGINE_DEFAULT;
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const amount = ethers.parseEther(opts.amount);
-        const policyInterface = new ethers.Interface(POLICY_ENGINE_LIMITS_ABI);
+        const amount = ethers_1.ethers.parseEther(opts.amount);
+        const policyInterface = new ethers_1.ethers.Interface(abis_1.POLICY_ENGINE_LIMITS_ABI);
         if (config.walletConnectProjectId) {
             const walletAddr = config.walletContractAddress;
             if (!walletAddr) {
                 console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
                 process.exit(1);
             }
-            const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-            const { txHash } = await requestPhoneWalletSignature(config.walletConnectProjectId, chainId, (account) => ({
+            const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+            const { txHash } = await (0, walletconnect_1.requestPhoneWalletSignature)(config.walletConnectProjectId, chainId, (account) => ({
                 to: policyAddress,
                 data: policyInterface.encodeFunctionData("setCategoryLimitFor", [walletAddr, opts.category, amount]),
                 value: "0x0",
@@ -1311,8 +1277,8 @@ export function registerWalletCommands(program) {
         else {
             console.warn("⚠ WalletConnect not configured. Using stored private key (insecure).");
             console.warn("  Run `arc402 config set walletConnectProjectId <id>` to enable phone wallet signing.");
-            const { signer, address } = await requireSigner(config);
-            const contract = new ethers.Contract(policyAddress, POLICY_ENGINE_LIMITS_ABI, signer);
+            const { signer, address } = await (0, client_1.requireSigner)(config);
+            const contract = new ethers_1.ethers.Contract(policyAddress, abis_1.POLICY_ENGINE_LIMITS_ABI, signer);
             await (await contract.setCategoryLimitFor(address, opts.category, amount)).wait();
             console.log(`Spend limit for ${opts.category} set to ${opts.amount} ETH`);
         }
@@ -1327,7 +1293,7 @@ export function registerWalletCommands(program) {
         .requiredOption("--category <cat>", "Category name (e.g. compute)")
         .requiredOption("--amount <eth>", "Daily limit in ETH (e.g. 0.5)")
         .action(async (opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         console.log(`\nNote: ARC-402 has two independent velocity limit layers:`);
         console.log(`  1. Wallet-level (arc402 wallet set-velocity-limit): ETH cap per rolling hour, enforced by ARC402Wallet contract. Breach auto-freezes wallet.`);
         console.log(`  2. PolicyEngine-level (arc402 wallet policy set-daily-limit): Per-category daily cap, enforced by PolicyEngine. Breach returns a soft error without freezing.`);
@@ -1339,14 +1305,14 @@ export function registerWalletCommands(program) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
         }
-        const amount = ethers.parseEther(opts.amount);
+        const amount = ethers_1.ethers.parseEther(opts.amount);
         console.log(`\nNote: Daily limits use two 12-hour buckets (current + previous window).`);
         console.log(`  The effective limit applies across a rolling 12-24 hour period, not a strict calendar day.`);
         console.log(`  Setting daily limit for category "${opts.category}" to ${opts.amount} ETH.\n`);
-        const policyInterface = new ethers.Interface(POLICY_ENGINE_LIMITS_ABI);
+        const policyInterface = new ethers_1.ethers.Interface(abis_1.POLICY_ENGINE_LIMITS_ABI);
         if (config.walletConnectProjectId) {
-            const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-            const { txHash } = await requestPhoneWalletSignature(config.walletConnectProjectId, chainId, () => ({
+            const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+            const { txHash } = await (0, walletconnect_1.requestPhoneWalletSignature)(config.walletConnectProjectId, chainId, () => ({
                 to: policyAddress,
                 data: policyInterface.encodeFunctionData("setDailyLimitFor", [walletAddr, opts.category, amount]),
                 value: "0x0",
@@ -1360,8 +1326,8 @@ export function registerWalletCommands(program) {
         }
         else {
             console.warn("⚠ WalletConnect not configured. Using stored private key (insecure).");
-            const { signer, address } = await requireSigner(config);
-            const contract = new ethers.Contract(policyAddress, POLICY_ENGINE_LIMITS_ABI, signer);
+            const { signer, address } = await (0, client_1.requireSigner)(config);
+            const contract = new ethers_1.ethers.Contract(policyAddress, abis_1.POLICY_ENGINE_LIMITS_ABI, signer);
             await (await contract.setDailyLimitFor(address, opts.category, amount)).wait();
             console.log(`Daily limit for ${opts.category} set to ${opts.amount} ETH (12/24h rolling window)`);
         }
@@ -1369,7 +1335,7 @@ export function registerWalletCommands(program) {
     walletPolicy.command("set <policyId>")
         .description("Set the active policy ID on ARC402Wallet (phone wallet signs via WalletConnect)")
         .action(async (policyId) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -1381,18 +1347,18 @@ export function registerWalletCommands(program) {
         // Normalise policyId to bytes32 hex
         let policyIdHex;
         try {
-            policyIdHex = ethers.zeroPadValue(ethers.hexlify(policyId.startsWith("0x") ? policyId : ethers.toUtf8Bytes(policyId)), 32);
+            policyIdHex = ethers_1.ethers.zeroPadValue(ethers_1.ethers.hexlify(policyId.startsWith("0x") ? policyId : ethers_1.ethers.toUtf8Bytes(policyId)), 32);
         }
         catch {
             console.error("Invalid policyId — must be a hex string (0x…) or UTF-8 label.");
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const ownerInterface = new ethers.Interface(ARC402_WALLET_OWNER_ABI);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const ownerInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_OWNER_ABI);
         let currentPolicy = "(unknown)";
         try {
-            const walletContract = new ethers.Contract(config.walletContractAddress, ARC402_WALLET_OWNER_ABI, provider);
+            const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, abis_1.ARC402_WALLET_OWNER_ABI, provider);
             currentPolicy = await walletContract.activePolicyId();
         }
         catch { /* contract may not be deployed yet */ }
@@ -1402,15 +1368,15 @@ export function registerWalletCommands(program) {
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const { txHash } = await requestPhoneWalletSignature(config.walletConnectProjectId, chainId, () => ({
+        const { txHash } = await (0, walletconnect_1.requestPhoneWalletSignature)(config.walletConnectProjectId, chainId, () => ({
             to: config.walletContractAddress,
             data: ownerInterface.encodeFunctionData("updatePolicy", [policyIdHex]),
             value: "0x0",
         }), `Approve: update policy to ${policyIdHex}`, telegramOpts, config);
         await provider.waitForTransaction(txHash);
-        console.log("\n" + c.success + c.white(" Active policy updated"));
-        console.log(" " + c.dim("Tx:") + " " + c.white(txHash));
-        console.log(" " + c.dim("Policy:") + " " + c.white(policyIdHex));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(" Active policy updated"));
+        console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(txHash));
+        console.log(" " + colors_1.c.dim("Policy:") + " " + colors_1.c.white(policyIdHex));
     });
     // ─── freeze (guardian key — emergency wallet freeze) ──────────────────────
     //
@@ -1422,7 +1388,7 @@ export function registerWalletCommands(program) {
         .option("--drain", "Also drain all ETH to owner address (use when machine compromise is suspected)")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -1432,9 +1398,9 @@ export function registerWalletCommands(program) {
             console.error(`Guardian key not found. Expected at ~/.arc402/guardian.key (or guardianPrivateKey in config for legacy setups).`);
             process.exit(1);
         }
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const guardianSigner = new ethers.Wallet(guardianKey, provider);
-        const walletContract = new ethers.Contract(config.walletContractAddress, ARC402_WALLET_GUARDIAN_ABI, guardianSigner);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const guardianSigner = new ethers_1.ethers.Wallet(guardianKey, provider);
+        const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, abis_1.ARC402_WALLET_GUARDIAN_ABI, guardianSigner);
         let tx;
         if (opts.drain) {
             console.log("Triggering freeze-and-drain via guardian key...");
@@ -1465,7 +1431,7 @@ export function registerWalletCommands(program) {
         .option("--hardware", "Hardware wallet mode: show raw wc: URI only")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -1475,19 +1441,19 @@ export function registerWalletCommands(program) {
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const walletInterface = new ethers.Interface(ARC402_WALLET_GUARDIAN_ABI);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const walletInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_GUARDIAN_ABI);
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const { client, session, account } = await connectPhoneWallet(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: "Approve: unfreeze ARC402Wallet", hardware: !!opts.hardware });
+        const { client, session, account } = await (0, walletconnect_1.connectPhoneWallet)(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: "Approve: unfreeze ARC402Wallet", hardware: !!opts.hardware });
         const networkName = chainId === 8453 ? "Base" : "Base Sepolia";
         const shortAddr = `${account.slice(0, 6)}...${account.slice(-5)}`;
-        console.log("\n" + c.success + c.white(` Connected: ${shortAddr} on ${networkName}`));
-        console.log("\n" + c.dim("Wallet to unfreeze:") + " " + c.white(config.walletContractAddress ?? ""));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(` Connected: ${shortAddr} on ${networkName}`));
+        console.log("\n" + colors_1.c.dim("Wallet to unfreeze:") + " " + colors_1.c.white(config.walletContractAddress ?? ""));
         // WalletConnect approval already confirmed intent — sending automatically
-        console.log(c.dim("Sending transaction..."));
-        const txHash = await sendTransactionWithSession(client, session, account, chainId, {
+        console.log(colors_1.c.dim("Sending transaction..."));
+        const txHash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, {
             to: config.walletContractAddress,
             data: walletInterface.encodeFunctionData("unfreeze", []),
             value: "0x0",
@@ -1497,8 +1463,8 @@ export function registerWalletCommands(program) {
             console.log(JSON.stringify({ txHash, walletAddress: config.walletContractAddress }));
         }
         else {
-            console.log("\n" + c.success + c.white(` Wallet ${config.walletContractAddress} unfrozen`));
-            console.log(" " + c.dim("Tx:") + " " + c.white(txHash));
+            console.log("\n" + colors_1.c.success + colors_1.c.white(` Wallet ${config.walletContractAddress} unfrozen`));
+            console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(txHash));
         }
     });
     // ─── set-guardian ──────────────────────────────────────────────────────────
@@ -1510,7 +1476,7 @@ export function registerWalletCommands(program) {
         .option("--guardian-key <key>", "Use an existing private key as the guardian (optional)")
         .option("--hardware", "Hardware wallet mode: show raw wc: URI only")
         .action(async (opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -1522,7 +1488,7 @@ export function registerWalletCommands(program) {
         let guardianWallet;
         if (opts.guardianKey) {
             try {
-                guardianWallet = new ethers.Wallet(opts.guardianKey);
+                guardianWallet = new ethers_1.ethers.Wallet(opts.guardianKey);
             }
             catch {
                 console.error("Invalid guardian key. Must be a 0x-prefixed hex string.");
@@ -1530,24 +1496,24 @@ export function registerWalletCommands(program) {
             }
         }
         else {
-            guardianWallet = new ethers.Wallet(ethers.Wallet.createRandom().privateKey);
+            guardianWallet = new ethers_1.ethers.Wallet(ethers_1.ethers.Wallet.createRandom().privateKey);
             console.log("Generated new guardian key.");
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const walletInterface = new ethers.Interface(ARC402_WALLET_GUARDIAN_ABI);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const walletInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_GUARDIAN_ABI);
         console.log(`\nGuardian address: ${guardianWallet.address}`);
         console.log(`Wallet contract:  ${config.walletContractAddress}`);
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const { client, session, account } = await connectPhoneWallet(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: `Approve: set guardian to ${guardianWallet.address}`, hardware: !!opts.hardware });
+        const { client, session, account } = await (0, walletconnect_1.connectPhoneWallet)(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: `Approve: set guardian to ${guardianWallet.address}`, hardware: !!opts.hardware });
         const networkName = chainId === 8453 ? "Base" : "Base Sepolia";
         const shortAddr = `${account.slice(0, 6)}...${account.slice(-5)}`;
-        console.log("\n" + c.success + c.white(` Connected: ${shortAddr} on ${networkName}`));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(` Connected: ${shortAddr} on ${networkName}`));
         // WalletConnect approval already confirmed intent — sending automatically
-        console.log(c.dim("Sending transaction..."));
-        const txHash = await sendTransactionWithSession(client, session, account, chainId, {
+        console.log(colors_1.c.dim("Sending transaction..."));
+        const txHash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, {
             to: config.walletContractAddress,
             data: walletInterface.encodeFunctionData("setGuardian", [guardianWallet.address]),
             value: "0x0",
@@ -1557,32 +1523,32 @@ export function registerWalletCommands(program) {
         if (config.guardianPrivateKey)
             delete config.guardianPrivateKey;
         config.guardianAddress = guardianWallet.address;
-        saveConfig(config);
-        console.log("\n" + c.success + c.white(` Guardian set to: ${guardianWallet.address}`));
-        console.log(" " + c.dim("Tx:") + " " + c.white(txHash));
-        console.log(" " + c.dim("Guardian private key saved to ~/.arc402/guardian.key (chmod 400)."));
-        console.log(" " + c.warning + " " + c.yellow("The guardian key can freeze your wallet. Store it separately from your hot key."));
+        (0, config_1.saveConfig)(config);
+        console.log("\n" + colors_1.c.success + colors_1.c.white(` Guardian set to: ${guardianWallet.address}`));
+        console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(txHash));
+        console.log(" " + colors_1.c.dim("Guardian private key saved to ~/.arc402/guardian.key (chmod 400)."));
+        console.log(" " + colors_1.c.warning + " " + colors_1.c.yellow("The guardian key can freeze your wallet. Store it separately from your hot key."));
     });
     // ─── policy-engine freeze / unfreeze (legacy — for PolicyEngine-level freeze) ──
     wallet.command("freeze-policy <walletAddress>")
         .description("Freeze PolicyEngine spend for a wallet address (authorized freeze agents only)")
         .action(async (walletAddress) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.policyEngineAddress)
             throw new Error("policyEngineAddress missing in config");
-        const { signer } = await requireSigner(config);
-        const client = new PolicyClient(config.policyEngineAddress, signer);
+        const { signer } = await (0, client_1.requireSigner)(config);
+        const client = new sdk_1.PolicyClient(config.policyEngineAddress, signer);
         await client.freezeSpend(walletAddress);
         console.log(`wallet ${walletAddress} spend frozen (PolicyEngine)`);
     });
     wallet.command("unfreeze-policy <walletAddress>")
         .description("Unfreeze PolicyEngine spend for a wallet. Only callable by the wallet or its registered owner.")
         .action(async (walletAddress) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.policyEngineAddress)
             throw new Error("policyEngineAddress missing in config");
-        const { signer } = await requireSigner(config);
-        const client = new PolicyClient(config.policyEngineAddress, signer);
+        const { signer } = await (0, client_1.requireSigner)(config);
+        const client = new sdk_1.PolicyClient(config.policyEngineAddress, signer);
         await client.unfreeze(walletAddress);
         console.log(`wallet ${walletAddress} spend unfrozen (PolicyEngine)`);
     });
@@ -1592,7 +1558,7 @@ export function registerWalletCommands(program) {
         .option("--dry-run", "Show calldata without connecting to wallet")
         .option("--hardware", "Hardware wallet mode: show raw wc: URI only")
         .action(async (newRegistryAddress, opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -1603,18 +1569,18 @@ export function registerWalletCommands(program) {
         }
         let checksumAddress;
         try {
-            checksumAddress = ethers.getAddress(newRegistryAddress);
+            checksumAddress = ethers_1.ethers.getAddress(newRegistryAddress);
         }
         catch {
             console.error(`Invalid address: ${newRegistryAddress}`);
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const walletInterface = new ethers.Interface(ARC402_WALLET_REGISTRY_ABI);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const walletInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_REGISTRY_ABI);
         let currentRegistry = "(unknown)";
         try {
-            const walletContract = new ethers.Contract(config.walletContractAddress, ARC402_WALLET_REGISTRY_ABI, provider);
+            const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, abis_1.ARC402_WALLET_REGISTRY_ABI, provider);
             currentRegistry = await walletContract.registry();
         }
         catch { /* contract may not expose registry() */ }
@@ -1640,21 +1606,21 @@ export function registerWalletCommands(program) {
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const { client, session, account } = await connectPhoneWallet(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: "Approve registry upgrade proposal on ARC402Wallet", hardware: !!opts.hardware });
+        const { client, session, account } = await (0, walletconnect_1.connectPhoneWallet)(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: "Approve registry upgrade proposal on ARC402Wallet", hardware: !!opts.hardware });
         const networkName = chainId === 8453 ? "Base" : "Base Sepolia";
         const shortAddr = `${account.slice(0, 6)}...${account.slice(-5)}`;
-        console.log("\n" + c.success + c.white(` Connected: ${shortAddr} on ${networkName}`));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(` Connected: ${shortAddr} on ${networkName}`));
         // WalletConnect approval already confirmed intent — sending automatically
-        console.log(c.dim("Sending transaction..."));
-        const txHash = await sendTransactionWithSession(client, session, account, chainId, {
+        console.log(colors_1.c.dim("Sending transaction..."));
+        const txHash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, {
             to: config.walletContractAddress,
             data: calldata,
             value: "0x0",
         });
         const unlockAt = new Date(Date.now() + 2 * 24 * 60 * 60 * 1000);
-        console.log("\n" + c.success + c.white(" Registry upgrade proposed"));
-        console.log(" " + c.dim("Tx:") + " " + c.white(txHash));
-        console.log(" " + c.dim("Unlock at:") + " " + c.white(unlockAt.toISOString()) + c.dim(" (approximately)"));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(" Registry upgrade proposed"));
+        console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(txHash));
+        console.log(" " + colors_1.c.dim("Unlock at:") + " " + colors_1.c.white(unlockAt.toISOString()) + colors_1.c.dim(" (approximately)"));
         console.log(`\nNext steps:`);
         console.log(`  Wait 2 days, then run:`);
         console.log(`  arc402 wallet execute-registry-upgrade`);
@@ -1665,7 +1631,7 @@ export function registerWalletCommands(program) {
     wallet.command("execute-registry-upgrade")
         .description("Execute a pending registry upgrade after the 2-day timelock (phone wallet signs via WalletConnect)")
         .action(async () => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -1675,8 +1641,8 @@ export function registerWalletCommands(program) {
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const walletContract = new ethers.Contract(config.walletContractAddress, ARC402_WALLET_REGISTRY_ABI, provider);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, abis_1.ARC402_WALLET_REGISTRY_ABI, provider);
         let pendingRegistry;
         let unlockAt;
         try {
@@ -1689,7 +1655,7 @@ export function registerWalletCommands(program) {
             console.error("Failed to read pending registry from contract:", e);
             process.exit(1);
         }
-        if (pendingRegistry === ethers.ZeroAddress) {
+        if (pendingRegistry === ethers_1.ethers.ZeroAddress) {
             console.log("No pending registry upgrade.");
             return;
         }
@@ -1709,8 +1675,8 @@ export function registerWalletCommands(program) {
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const walletInterface = new ethers.Interface(ARC402_WALLET_REGISTRY_ABI);
-        const { txHash } = await requestPhoneWalletSignature(config.walletConnectProjectId, chainId, () => ({
+        const walletInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_REGISTRY_ABI);
+        const { txHash } = await (0, walletconnect_1.requestPhoneWalletSignature)(config.walletConnectProjectId, chainId, () => ({
             to: config.walletContractAddress,
             data: walletInterface.encodeFunctionData("executeRegistryUpdate", []),
             value: "0x0",
@@ -1722,9 +1688,9 @@ export function registerWalletCommands(program) {
             confirmedRegistry = await walletContract.registry();
         }
         catch { /* use pendingRegistry as fallback */ }
-        console.log("\n" + c.success + c.white(" Registry upgrade executed"));
-        console.log(" " + c.dim("Tx:") + " " + c.white(txHash));
-        console.log(" " + c.dim("New registry:") + " " + c.white(confirmedRegistry));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(" Registry upgrade executed"));
+        console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(txHash));
+        console.log(" " + colors_1.c.dim("New registry:") + " " + colors_1.c.white(confirmedRegistry));
         if (confirmedRegistry.toLowerCase() === pendingRegistry.toLowerCase()) {
             console.log(`  Registry updated successfully — addresses now resolve through new registry.`);
         }
@@ -1743,7 +1709,7 @@ export function registerWalletCommands(program) {
         .option("--hardware", "Hardware wallet mode: show raw wc: URI only")
         .option("--json")
         .action(async (target, opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -1754,7 +1720,7 @@ export function registerWalletCommands(program) {
         }
         let checksumTarget;
         try {
-            checksumTarget = ethers.getAddress(target);
+            checksumTarget = ethers_1.ethers.getAddress(target);
         }
         catch {
             console.error(`Invalid address: ${target}`);
@@ -1762,20 +1728,20 @@ export function registerWalletCommands(program) {
         }
         const policyAddress = config.policyEngineAddress ?? POLICY_ENGINE_DEFAULT;
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
         // Check if already whitelisted
         const peAbi = [
             "function whitelistContract(address wallet, address target) external",
             "function isContractWhitelisted(address wallet, address target) external view returns (bool)",
         ];
-        const pe = new ethers.Contract(policyAddress, peAbi, provider);
+        const pe = new ethers_1.ethers.Contract(policyAddress, peAbi, provider);
         let alreadyWhitelisted = false;
         try {
             alreadyWhitelisted = await pe.isContractWhitelisted(config.walletContractAddress, checksumTarget);
         }
         catch { /* ignore */ }
         if (alreadyWhitelisted) {
-            console.log(" " + c.success + " " + c.white(checksumTarget) + c.dim(` is already whitelisted for ${config.walletContractAddress}`));
+            console.log(" " + colors_1.c.success + " " + colors_1.c.white(checksumTarget) + colors_1.c.dim(` is already whitelisted for ${config.walletContractAddress}`));
             process.exit(0);
         }
         console.log(`\nWallet:       ${config.walletContractAddress}`);
@@ -1784,8 +1750,8 @@ export function registerWalletCommands(program) {
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const policyIface = new ethers.Interface(peAbi);
-        const { txHash } = await requestPhoneWalletSignature(config.walletConnectProjectId, chainId, () => ({
+        const policyIface = new ethers_1.ethers.Interface(peAbi);
+        const { txHash } = await (0, walletconnect_1.requestPhoneWalletSignature)(config.walletConnectProjectId, chainId, () => ({
             to: policyAddress,
             data: policyIface.encodeFunctionData("whitelistContract", [
                 config.walletContractAddress,
@@ -1798,8 +1764,8 @@ export function registerWalletCommands(program) {
             console.log(JSON.stringify({ ok: true, txHash, wallet: config.walletContractAddress, target: checksumTarget }));
         }
         else {
-            console.log("\n" + c.success + c.white(" Contract whitelisted"));
-            renderTree([
+            console.log("\n" + colors_1.c.success + colors_1.c.white(" Contract whitelisted"));
+            (0, tree_1.renderTree)([
                 { label: "Tx", value: txHash },
                 { label: "Wallet", value: config.walletContractAddress ?? "" },
                 { label: "Target", value: checksumTarget, last: true },
@@ -1810,7 +1776,7 @@ export function registerWalletCommands(program) {
     wallet.command("set-interceptor <address>")
         .description("Set the authorized X402 interceptor address on ARC402Wallet (phone wallet signs via WalletConnect)")
         .action(async (interceptorAddress) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -1821,18 +1787,18 @@ export function registerWalletCommands(program) {
         }
         let checksumAddress;
         try {
-            checksumAddress = ethers.getAddress(interceptorAddress);
+            checksumAddress = ethers_1.ethers.getAddress(interceptorAddress);
         }
         catch {
             console.error(`Invalid address: ${interceptorAddress}`);
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const ownerInterface = new ethers.Interface(ARC402_WALLET_OWNER_ABI);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const ownerInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_OWNER_ABI);
         let currentInterceptor = "(unknown)";
         try {
-            const walletContract = new ethers.Contract(config.walletContractAddress, ARC402_WALLET_OWNER_ABI, provider);
+            const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, abis_1.ARC402_WALLET_OWNER_ABI, provider);
             currentInterceptor = await walletContract.authorizedInterceptor();
         }
         catch { /* contract may not be deployed yet */ }
@@ -1842,21 +1808,21 @@ export function registerWalletCommands(program) {
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const { txHash } = await requestPhoneWalletSignature(config.walletConnectProjectId, chainId, () => ({
+        const { txHash } = await (0, walletconnect_1.requestPhoneWalletSignature)(config.walletConnectProjectId, chainId, () => ({
             to: config.walletContractAddress,
             data: ownerInterface.encodeFunctionData("setAuthorizedInterceptor", [checksumAddress]),
             value: "0x0",
         }), `Approve: set X402 interceptor to ${checksumAddress}`, telegramOpts, config);
         await provider.waitForTransaction(txHash);
-        console.log("\n" + c.success + c.white(" X402 interceptor updated"));
-        console.log(" " + c.dim("Tx:") + " " + c.white(txHash));
-        console.log(" " + c.dim("Interceptor:") + " " + c.white(checksumAddress));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(" X402 interceptor updated"));
+        console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(txHash));
+        console.log(" " + colors_1.c.dim("Interceptor:") + " " + colors_1.c.white(checksumAddress));
     });
     // ─── set-velocity-limit ────────────────────────────────────────────────────
     wallet.command("set-velocity-limit <limit>")
         .description("Set the per-rolling-window ETH velocity limit on ARC402Wallet (limit in ETH, phone wallet signs via WalletConnect)")
         .action(async (limitEth) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         console.log(`\nNote: ARC-402 has two independent velocity limit layers:`);
         console.log(`  1. Wallet-level (arc402 wallet set-velocity-limit): ETH cap per rolling hour, enforced by ARC402Wallet contract. Breach auto-freezes wallet.`);
         console.log(`  2. PolicyEngine-level (arc402 wallet policy set-daily-limit): Per-category daily cap, enforced by PolicyEngine. Breach returns a soft error without freezing.`);
@@ -1871,20 +1837,20 @@ export function registerWalletCommands(program) {
         }
         let limitWei;
         try {
-            limitWei = ethers.parseEther(limitEth);
+            limitWei = ethers_1.ethers.parseEther(limitEth);
         }
         catch {
             console.error(`Invalid limit: ${limitEth}. Provide a value in ETH (e.g. 0.5)`);
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const ownerInterface = new ethers.Interface(ARC402_WALLET_OWNER_ABI);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const ownerInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_OWNER_ABI);
         let currentLimit = "(unknown)";
         try {
-            const walletContract = new ethers.Contract(config.walletContractAddress, ARC402_WALLET_OWNER_ABI, provider);
+            const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, abis_1.ARC402_WALLET_OWNER_ABI, provider);
             const raw = await walletContract.velocityLimit();
-            currentLimit = raw === 0n ? "disabled" : `${ethers.formatEther(raw)} ETH`;
+            currentLimit = raw === 0n ? "disabled" : `${ethers_1.ethers.formatEther(raw)} ETH`;
         }
         catch { /* contract may not be deployed yet */ }
         console.log(`\nWallet:         ${config.walletContractAddress}`);
@@ -1893,15 +1859,15 @@ export function registerWalletCommands(program) {
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const { txHash } = await requestPhoneWalletSignature(config.walletConnectProjectId, chainId, () => ({
+        const { txHash } = await (0, walletconnect_1.requestPhoneWalletSignature)(config.walletConnectProjectId, chainId, () => ({
             to: config.walletContractAddress,
             data: ownerInterface.encodeFunctionData("setVelocityLimit", [limitWei]),
             value: "0x0",
         }), `Approve: set velocity limit to ${limitEth} ETH`, telegramOpts, config);
         await provider.waitForTransaction(txHash);
-        console.log("\n" + c.success + c.white(" Velocity limit updated"));
-        console.log(" " + c.dim("Tx:") + " " + c.white(txHash));
-        console.log(" " + c.dim("New limit:") + " " + c.white(`${limitEth} ETH per rolling window`));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(" Velocity limit updated"));
+        console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(txHash));
+        console.log(" " + colors_1.c.dim("New limit:") + " " + colors_1.c.white(`${limitEth} ETH per rolling window`));
     });
     // ─── register-policy ───────────────────────────────────────────────────────
     //
@@ -1912,7 +1878,7 @@ export function registerWalletCommands(program) {
         .description("Register this wallet on PolicyEngine (required before spend limits can be set)")
         .option("--hardware", "Hardware wallet mode: show raw wc: URI only")
         .action(async (opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -1923,20 +1889,20 @@ export function registerWalletCommands(program) {
         }
         const policyAddress = config.policyEngineAddress ?? POLICY_ENGINE_DEFAULT;
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
         let ownerAddress = config.ownerAddress;
         if (!ownerAddress) {
             // Fallback 1: WalletConnect session account
             if (config.wcSession?.account) {
                 ownerAddress = config.wcSession.account;
-                console.log(c.dim(`Owner resolved from WalletConnect session: ${ownerAddress}`));
+                console.log(colors_1.c.dim(`Owner resolved from WalletConnect session: ${ownerAddress}`));
             }
             else {
                 // Fallback 2: call owner() on the wallet contract
                 try {
-                    const walletOwnerContract = new ethers.Contract(config.walletContractAddress, ["function owner() external view returns (address)"], provider);
+                    const walletOwnerContract = new ethers_1.ethers.Contract(config.walletContractAddress, ["function owner() external view returns (address)"], provider);
                     ownerAddress = await walletOwnerContract.owner();
-                    console.log(c.dim(`Owner resolved from contract: ${ownerAddress}`));
+                    console.log(colors_1.c.dim(`Owner resolved from contract: ${ownerAddress}`));
                 }
                 catch {
                     console.error("ownerAddress not set in config and could not be resolved from contract or WalletConnect session.");
@@ -1945,21 +1911,21 @@ export function registerWalletCommands(program) {
             }
         }
         // Encode registerWallet(wallet, owner) calldata — called on PolicyEngine
-        const policyInterface = new ethers.Interface([
+        const policyInterface = new ethers_1.ethers.Interface([
             "function registerWallet(address wallet, address owner) external",
         ]);
         const registerCalldata = policyInterface.encodeFunctionData("registerWallet", [
             config.walletContractAddress,
             ownerAddress,
         ]);
-        const executeInterface = new ethers.Interface(ARC402_WALLET_EXECUTE_ABI);
+        const executeInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_EXECUTE_ABI);
         console.log(`\nWallet:       ${config.walletContractAddress}`);
         console.log(`PolicyEngine: ${policyAddress}`);
         console.log(`Owner:        ${ownerAddress}`);
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const { txHash } = await requestPhoneWalletSignature(config.walletConnectProjectId, chainId, () => ({
+        const { txHash } = await (0, walletconnect_1.requestPhoneWalletSignature)(config.walletConnectProjectId, chainId, () => ({
             to: config.walletContractAddress,
             data: executeInterface.encodeFunctionData("executeContractCall", [{
                     target: policyAddress,
@@ -1967,20 +1933,20 @@ export function registerWalletCommands(program) {
                     value: 0n,
                     minReturnValue: 0n,
                     maxApprovalAmount: 0n,
-                    approvalToken: ethers.ZeroAddress,
+                    approvalToken: ethers_1.ethers.ZeroAddress,
                 }]),
             value: "0x0",
         }), `Approve: register wallet on PolicyEngine`, telegramOpts, config);
         await provider.waitForTransaction(txHash);
-        console.log("\n" + c.success + c.white(" Wallet registered on PolicyEngine"));
-        console.log(" " + c.dim("Tx:") + " " + c.white(txHash));
-        console.log(c.dim("\nNext: run 'arc402 wallet policy set-limit' to configure spending limits."));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(" Wallet registered on PolicyEngine"));
+        console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(txHash));
+        console.log(colors_1.c.dim("\nNext: run 'arc402 wallet policy set-limit' to configure spending limits."));
     });
     // ─── cancel-registry-upgrade ───────────────────────────────────────────────
     wallet.command("cancel-registry-upgrade")
         .description("Cancel a pending registry upgrade before it executes (phone wallet signs via WalletConnect)")
         .action(async () => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -1990,8 +1956,8 @@ export function registerWalletCommands(program) {
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const walletContract = new ethers.Contract(config.walletContractAddress, ARC402_WALLET_REGISTRY_ABI, provider);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, abis_1.ARC402_WALLET_REGISTRY_ABI, provider);
         let pendingRegistry;
         let unlockAtCancel = 0n;
         try {
@@ -2004,7 +1970,7 @@ export function registerWalletCommands(program) {
             console.error("Failed to read pending registry from contract:", e);
             process.exit(1);
         }
-        if (pendingRegistry === ethers.ZeroAddress) {
+        if (pendingRegistry === ethers_1.ethers.ZeroAddress) {
             console.log("No pending registry upgrade to cancel.");
             return;
         }
@@ -2022,14 +1988,14 @@ export function registerWalletCommands(program) {
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const walletInterface = new ethers.Interface(ARC402_WALLET_REGISTRY_ABI);
-        const { txHash } = await requestPhoneWalletSignature(config.walletConnectProjectId, chainId, () => ({
+        const walletInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_REGISTRY_ABI);
+        const { txHash } = await (0, walletconnect_1.requestPhoneWalletSignature)(config.walletConnectProjectId, chainId, () => ({
             to: config.walletContractAddress,
             data: walletInterface.encodeFunctionData("cancelRegistryUpdate", []),
             value: "0x0",
         }), "Approve registry upgrade cancellation on ARC402Wallet", telegramOpts, config);
-        console.log("\n" + c.success + c.white(" Registry upgrade cancelled"));
-        console.log(" " + c.dim("Tx:") + " " + c.white(txHash));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(" Registry upgrade cancelled"));
+        console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(txHash));
     });
     // ─── governance setup ──────────────────────────────────────────────────────
     //
@@ -2040,7 +2006,7 @@ export function registerWalletCommands(program) {
     governance.command("setup")
         .description("Interactive governance setup — velocity limit, guardian key, and spending limits in one WalletConnect session")
         .action(async () => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -2052,14 +2018,14 @@ export function registerWalletCommands(program) {
         const policyAddress = config.policyEngineAddress ?? POLICY_ENGINE_DEFAULT;
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
         // ── Step 1: velocity limit ────────────────────────────────────────────
-        const { velocityEth } = await prompts({
+        const { velocityEth } = await (0, prompts_1.default)({
             type: "text",
             name: "velocityEth",
             message: "Velocity limit (max ETH per rolling window)",
             initial: "0.05",
             validate: (v) => {
                 try {
-                    ethers.parseEther(v);
+                    ethers_1.ethers.parseEther(v);
                     return true;
                 }
                 catch {
@@ -2072,7 +2038,7 @@ export function registerWalletCommands(program) {
             return;
         }
         // ── Step 2: guardian key ──────────────────────────────────────────────
-        const { wantGuardian } = await prompts({
+        const { wantGuardian } = await (0, prompts_1.default)({
             type: "confirm",
             name: "wantGuardian",
             message: "Set guardian key?",
@@ -2084,7 +2050,7 @@ export function registerWalletCommands(program) {
         }
         let guardianWallet = null;
         if (wantGuardian) {
-            guardianWallet = new ethers.Wallet(ethers.Wallet.createRandom().privateKey);
+            guardianWallet = new ethers_1.ethers.Wallet(ethers_1.ethers.Wallet.createRandom().privateKey);
             console.log(`  Generated guardian address: ${guardianWallet.address}`);
         }
         const categories = [];
@@ -2095,7 +2061,7 @@ export function registerWalletCommands(program) {
         ];
         console.log("\nSpending categories — press Enter to skip any:");
         for (const { label, default: def } of defaultCategories) {
-            const { amountRaw } = await prompts({
+            const { amountRaw } = await (0, prompts_1.default)({
                 type: "text",
                 name: "amountRaw",
                 message: `  ${label} limit in ETH`,
@@ -2111,7 +2077,7 @@ export function registerWalletCommands(program) {
         }
         // Custom categories loop
         while (true) {
-            const { customName } = await prompts({
+            const { customName } = await (0, prompts_1.default)({
                 type: "text",
                 name: "customName",
                 message: "  Add custom category? [name or Enter to skip]",
@@ -2119,14 +2085,14 @@ export function registerWalletCommands(program) {
             });
             if (customName === undefined || customName.trim() === "")
                 break;
-            const { customAmount } = await prompts({
+            const { customAmount } = await (0, prompts_1.default)({
                 type: "text",
                 name: "customAmount",
                 message: `  ${customName.trim()} limit in ETH`,
                 initial: "0.05",
                 validate: (v) => {
                     try {
-                        ethers.parseEther(v);
+                        ethers_1.ethers.parseEther(v);
                         return true;
                     }
                     catch {
@@ -2157,7 +2123,7 @@ export function registerWalletCommands(program) {
         console.log(`  Transactions:   ${1 + (guardianWallet ? 1 : 0) + categories.length} + onboarding (registerWallet, enableDefiAccess) total`);
         console.log("─────────────────────────────────────────────────────");
         // ── Step 5: confirm ───────────────────────────────────────────────────
-        const { confirmed } = await prompts({
+        const { confirmed } = await (0, prompts_1.default)({
             type: "confirm",
             name: "confirmed",
             message: "Confirm and sign with your wallet?",
@@ -2172,14 +2138,14 @@ export function registerWalletCommands(program) {
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
         console.log("\nConnecting wallet...");
-        const { client, session, account } = await connectPhoneWallet(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: "Approve governance setup transactions on ARC402Wallet" });
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const ownerInterface = new ethers.Interface(ARC402_WALLET_OWNER_ABI);
-        const guardianInterface = new ethers.Interface(ARC402_WALLET_GUARDIAN_ABI);
-        const policyInterface = new ethers.Interface(POLICY_ENGINE_LIMITS_ABI);
-        const executeInterface = new ethers.Interface(ARC402_WALLET_EXECUTE_ABI);
-        const govInterface = new ethers.Interface(POLICY_ENGINE_GOVERNANCE_ABI);
-        const policyGovContract = new ethers.Contract(policyAddress, POLICY_ENGINE_GOVERNANCE_ABI, provider);
+        const { client, session, account } = await (0, walletconnect_1.connectPhoneWallet)(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: "Approve governance setup transactions on ARC402Wallet" });
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const ownerInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_OWNER_ABI);
+        const guardianInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_GUARDIAN_ABI);
+        const policyInterface = new ethers_1.ethers.Interface(abis_1.POLICY_ENGINE_LIMITS_ABI);
+        const executeInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_EXECUTE_ABI);
+        const govInterface = new ethers_1.ethers.Interface(abis_1.POLICY_ENGINE_GOVERNANCE_ABI);
+        const policyGovContract = new ethers_1.ethers.Contract(policyAddress, abis_1.POLICY_ENGINE_GOVERNANCE_ABI, provider);
         const calls = [];
         // ── P0: mandatory onboarding calls (registerWallet + enableDefiAccess) ──
         // Check what the constructor already did to avoid double-registration reverts
@@ -2187,7 +2153,7 @@ export function registerWalletCommands(program) {
         let govAlreadyDefiEnabled = false;
         try {
             const registeredOwner = await policyGovContract.walletOwners(config.walletContractAddress);
-            govAlreadyRegistered = registeredOwner !== ethers.ZeroAddress;
+            govAlreadyRegistered = registeredOwner !== ethers_1.ethers.ZeroAddress;
         }
         catch { /* assume not registered */ }
         try {
@@ -2204,7 +2170,7 @@ export function registerWalletCommands(program) {
                         value: 0n,
                         minReturnValue: 0n,
                         maxApprovalAmount: 0n,
-                        approvalToken: ethers.ZeroAddress,
+                        approvalToken: ethers_1.ethers.ZeroAddress,
                     }]),
                 value: "0x0",
             });
@@ -2219,7 +2185,7 @@ export function registerWalletCommands(program) {
         // velocity limit
         calls.push({
             to: config.walletContractAddress,
-            data: ownerInterface.encodeFunctionData("setVelocityLimit", [ethers.parseEther(velocityEth)]),
+            data: ownerInterface.encodeFunctionData("setVelocityLimit", [ethers_1.ethers.parseEther(velocityEth)]),
             value: "0x0",
         });
         // guardian
@@ -2237,7 +2203,7 @@ export function registerWalletCommands(program) {
                 data: policyInterface.encodeFunctionData("setCategoryLimitFor", [
                     config.walletContractAddress,
                     category,
-                    ethers.parseEther(amountEth),
+                    ethers_1.ethers.parseEther(amountEth),
                 ]),
                 value: "0x0",
             });
@@ -2267,7 +2233,7 @@ export function registerWalletCommands(program) {
             console.log("  (wallet_sendCalls not supported — sending sequentially)");
             for (let i = 0; i < calls.length; i++) {
                 console.log(`  Sending transaction ${i + 1}/${calls.length}...`);
-                const txHash = await sendTransactionWithSession(client, session, account, chainId, calls[i]);
+                const txHash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, calls[i]);
                 txHashes.push(txHash);
             }
         }
@@ -2277,26 +2243,26 @@ export function registerWalletCommands(program) {
             if (config.guardianPrivateKey)
                 delete config.guardianPrivateKey;
             config.guardianAddress = guardianWallet.address;
-            saveConfig(config);
+            (0, config_1.saveConfig)(config);
         }
-        console.log("\n" + c.success + c.white(" Governance setup complete"));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(" Governance setup complete"));
         if (usedBatch) {
-            console.log(" " + c.dim("Batch tx:") + " " + c.white(txHashes[0]));
+            console.log(" " + colors_1.c.dim("Batch tx:") + " " + colors_1.c.white(txHashes[0]));
         }
         else {
-            txHashes.forEach((h, i) => console.log(" " + c.dim(`Tx ${i + 1}:`) + " " + c.white(h)));
+            txHashes.forEach((h, i) => console.log(" " + colors_1.c.dim(`Tx ${i + 1}:`) + " " + colors_1.c.white(h)));
         }
         if (guardianWallet) {
-            console.log(" " + c.success + c.dim(` Guardian key saved to ~/.arc402/guardian.key — address: ${guardianWallet.address}`));
-            console.log(" " + c.warning + " " + c.yellow("Store the guardian private key separately from your hot key."));
+            console.log(" " + colors_1.c.success + colors_1.c.dim(` Guardian key saved to ~/.arc402/guardian.key — address: ${guardianWallet.address}`));
+            console.log(" " + colors_1.c.warning + " " + colors_1.c.yellow("Store the guardian private key separately from your hot key."));
         }
-        console.log(c.dim("\nVerify with: arc402 wallet status && arc402 wallet policy show"));
+        console.log(colors_1.c.dim("\nVerify with: arc402 wallet status && arc402 wallet policy show"));
     });
     // ─── authorize-machine-key ─────────────────────────────────────────────────
     wallet.command("authorize-machine-key <key>")
         .description("Authorize a machine key (hot key) on your ARC402Wallet (phone wallet signs via WalletConnect)")
         .action(async (keyAddress) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -2307,23 +2273,23 @@ export function registerWalletCommands(program) {
         }
         let checksumKey;
         try {
-            checksumKey = ethers.getAddress(keyAddress);
+            checksumKey = ethers_1.ethers.getAddress(keyAddress);
         }
         catch {
             console.error(`Invalid address: ${keyAddress}`);
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
         const machineKeyAbi = ["function authorizeMachineKey(address key) external", "function authorizedMachineKeys(address) external view returns (bool)"];
-        const walletContract = new ethers.Contract(config.walletContractAddress, machineKeyAbi, provider);
+        const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, machineKeyAbi, provider);
         let alreadyAuthorized = false;
         try {
             alreadyAuthorized = await walletContract.authorizedMachineKeys(checksumKey);
         }
         catch { /* ignore */ }
         if (alreadyAuthorized) {
-            console.log("\n" + c.success + " " + c.white(checksumKey) + c.dim(` is already authorized as a machine key on ${config.walletContractAddress}`));
+            console.log("\n" + colors_1.c.success + " " + colors_1.c.white(checksumKey) + colors_1.c.dim(` is already authorized as a machine key on ${config.walletContractAddress}`));
             process.exit(0);
         }
         console.log(`\nWallet:      ${config.walletContractAddress}`);
@@ -2331,29 +2297,29 @@ export function registerWalletCommands(program) {
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const walletInterface = new ethers.Interface(machineKeyAbi);
+        const walletInterface = new ethers_1.ethers.Interface(machineKeyAbi);
         const txData = {
             to: config.walletContractAddress,
             data: walletInterface.encodeFunctionData("authorizeMachineKey", [checksumKey]),
             value: "0x0",
         };
-        const { client, session, account } = await connectPhoneWallet(config.walletConnectProjectId, chainId, config, {
+        const { client, session, account } = await (0, walletconnect_1.connectPhoneWallet)(config.walletConnectProjectId, chainId, config, {
             telegramOpts,
             prompt: `Authorize machine key ${checksumKey} on ARC402Wallet — allows autonomous protocol ops`,
         });
-        console.log("\n" + c.success + c.white(` Connected: ${account}`));
-        console.log(c.dim("Sending authorizeMachineKey transaction..."));
-        const hash = await sendTransactionWithSession(client, session, account, chainId, txData);
-        console.log("\n" + c.dim("Transaction submitted:") + " " + c.white(hash));
-        console.log(c.dim("Waiting for confirmation..."));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(` Connected: ${account}`));
+        console.log(colors_1.c.dim("Sending authorizeMachineKey transaction..."));
+        const hash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, txData);
+        console.log("\n" + colors_1.c.dim("Transaction submitted:") + " " + colors_1.c.white(hash));
+        console.log(colors_1.c.dim("Waiting for confirmation..."));
         const receipt = await provider.waitForTransaction(hash, 1, 60000);
         if (!receipt || receipt.status !== 1) {
-            console.error(c.failure + " " + c.red("Transaction failed."));
+            console.error(colors_1.c.failure + " " + colors_1.c.red("Transaction failed."));
             process.exit(1);
         }
         const confirmed = await walletContract.authorizedMachineKeys(checksumKey);
-        console.log("\n" + c.success + c.white(` Machine key authorized: ${confirmed ? "YES" : "NO"}`));
-        renderTree([
+        console.log("\n" + colors_1.c.success + colors_1.c.white(` Machine key authorized: ${confirmed ? "YES" : "NO"}`));
+        (0, tree_1.renderTree)([
             { label: "Wallet", value: config.walletContractAddress ?? "" },
             { label: "Machine key", value: checksumKey },
             { label: "Tx", value: hash, last: true },
@@ -2368,7 +2334,7 @@ export function registerWalletCommands(program) {
     wallet.command("revoke-machine-key <address>")
         .description("Revoke an authorized machine key on ARC402Wallet (phone wallet signs via WalletConnect)")
         .action(async (keyAddress) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -2379,15 +2345,15 @@ export function registerWalletCommands(program) {
         }
         let checksumKey;
         try {
-            checksumKey = ethers.getAddress(keyAddress);
+            checksumKey = ethers_1.ethers.getAddress(keyAddress);
         }
         catch {
             console.error(`Invalid address: ${keyAddress}`);
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const walletContract = new ethers.Contract(config.walletContractAddress, ARC402_WALLET_MACHINE_KEY_ABI, provider);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const walletContract = new ethers_1.ethers.Contract(config.walletContractAddress, abis_1.ARC402_WALLET_MACHINE_KEY_ABI, provider);
         // Pre-check: verify the key IS currently authorized
         let isAuthorized = false;
         try {
@@ -2404,25 +2370,25 @@ export function registerWalletCommands(program) {
         const telegramOpts = config.telegramBotToken && config.telegramChatId
             ? { botToken: config.telegramBotToken, chatId: config.telegramChatId, threadId: config.telegramThreadId }
             : undefined;
-        const walletInterface = new ethers.Interface(ARC402_WALLET_MACHINE_KEY_ABI);
-        const { client, session, account } = await connectPhoneWallet(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: `Revoke machine key ${checksumKey} on ARC402Wallet` });
-        console.log("\n" + c.success + c.white(` Connected: ${account}`));
-        console.log(c.dim("Sending revokeMachineKey transaction..."));
-        const hash = await sendTransactionWithSession(client, session, account, chainId, {
+        const walletInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_MACHINE_KEY_ABI);
+        const { client, session, account } = await (0, walletconnect_1.connectPhoneWallet)(config.walletConnectProjectId, chainId, config, { telegramOpts, prompt: `Revoke machine key ${checksumKey} on ARC402Wallet` });
+        console.log("\n" + colors_1.c.success + colors_1.c.white(` Connected: ${account}`));
+        console.log(colors_1.c.dim("Sending revokeMachineKey transaction..."));
+        const hash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, {
             to: config.walletContractAddress,
             data: walletInterface.encodeFunctionData("revokeMachineKey", [checksumKey]),
             value: "0x0",
         });
-        console.log("\n" + c.dim("Transaction submitted:") + " " + c.white(hash));
-        console.log(c.dim("Waiting for confirmation..."));
+        console.log("\n" + colors_1.c.dim("Transaction submitted:") + " " + colors_1.c.white(hash));
+        console.log(colors_1.c.dim("Waiting for confirmation..."));
         const receipt = await provider.waitForTransaction(hash, 1, 60000);
         if (!receipt || receipt.status !== 1) {
-            console.error(c.failure + " " + c.red("Transaction failed."));
+            console.error(colors_1.c.failure + " " + colors_1.c.red("Transaction failed."));
             process.exit(1);
         }
         const stillAuthorized = await walletContract.authorizedMachineKeys(checksumKey);
-        console.log("\n" + c.success + c.white(` Machine key revoked: ${stillAuthorized ? "NO (still authorized — check tx)" : "YES"}`));
-        renderTree([
+        console.log("\n" + colors_1.c.success + colors_1.c.white(` Machine key revoked: ${stillAuthorized ? "NO (still authorized — check tx)" : "YES"}`));
+        (0, tree_1.renderTree)([
             { label: "Wallet", value: config.walletContractAddress ?? "" },
             { label: "Machine key", value: checksumKey },
             { label: "Tx", value: hash, last: true },
@@ -2438,17 +2404,17 @@ export function registerWalletCommands(program) {
         .description("List authorized machine keys by scanning contract events")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         const walletAddr = config.walletContractAddress;
         if (!walletAddr) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
         }
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const walletContract = new ethers.Contract(walletAddr, ARC402_WALLET_MACHINE_KEY_ABI, provider);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const walletContract = new ethers_1.ethers.Contract(walletAddr, abis_1.ARC402_WALLET_MACHINE_KEY_ABI, provider);
         // Scan for MachineKeyAuthorized and MachineKeyRevoked events
-        const authorizedTopic = ethers.id("MachineKeyAuthorized(address)");
-        const revokedTopic = ethers.id("MachineKeyRevoked(address)");
+        const authorizedTopic = ethers_1.ethers.id("MachineKeyAuthorized(address)");
+        const revokedTopic = ethers_1.ethers.id("MachineKeyRevoked(address)");
         const authorizedKeys = new Set();
         const revokedKeys = new Set();
         try {
@@ -2457,11 +2423,11 @@ export function registerWalletCommands(program) {
                 provider.getLogs({ address: walletAddr, topics: [revokedTopic], fromBlock: 0 }),
             ]);
             for (const log of authLogs) {
-                const key = ethers.getAddress("0x" + log.topics[1].slice(26));
+                const key = ethers_1.ethers.getAddress("0x" + log.topics[1].slice(26));
                 authorizedKeys.add(key);
             }
             for (const log of revokeLogs) {
-                const key = ethers.getAddress("0x" + log.topics[1].slice(26));
+                const key = ethers_1.ethers.getAddress("0x" + log.topics[1].slice(26));
                 revokedKeys.add(key);
             }
         }
@@ -2469,7 +2435,7 @@ export function registerWalletCommands(program) {
         // Build active key list: authorized but not revoked
         const activeFromEvents = [...authorizedKeys].filter((k) => !revokedKeys.has(k));
         // Also check configured machine key
-        const configMachineKey = config.privateKey ? new ethers.Wallet(config.privateKey).address : null;
+        const configMachineKey = config.privateKey ? new ethers_1.ethers.Wallet(config.privateKey).address : null;
         // Verify each candidate against chain
         const candidates = new Set(activeFromEvents);
         if (configMachineKey)
@@ -2511,8 +2477,8 @@ export function registerWalletCommands(program) {
         .option("--task-type <type>", "Task type string for the context", "general")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
-        warnIfPublicRpc(config);
+        const config = (0, config_1.loadConfig)();
+        (0, config_2.warnIfPublicRpc)(config);
         const walletAddr = config.walletContractAddress;
         if (!walletAddr) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
@@ -2522,9 +2488,9 @@ export function registerWalletCommands(program) {
             console.error("privateKey not set in config — machine key required for open-context.");
             process.exit(1);
         }
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const machineKey = new ethers.Wallet(config.privateKey, provider);
-        const walletContract = new ethers.Contract(walletAddr, ARC402_WALLET_PROTOCOL_ABI, machineKey);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const machineKey = new ethers_1.ethers.Wallet(config.privateKey, provider);
+        const walletContract = new ethers_1.ethers.Contract(walletAddr, abis_1.ARC402_WALLET_PROTOCOL_ABI, machineKey);
         // Check context isn't already open
         const isOpen = await walletContract.contextOpen();
         if (isOpen) {
@@ -2532,7 +2498,7 @@ export function registerWalletCommands(program) {
             console.error("Close it first: arc402 wallet close-context");
             process.exit(1);
         }
-        const contextId = ethers.hexlify(ethers.randomBytes(32));
+        const contextId = ethers_1.ethers.hexlify(ethers_1.ethers.randomBytes(32));
         console.log(`Opening context (taskType: ${opts.taskType})...`);
         const tx = await walletContract.openContext(contextId, opts.taskType);
         const receipt = await tx.wait(1);
@@ -2540,13 +2506,13 @@ export function registerWalletCommands(program) {
             console.log(JSON.stringify({ walletAddress: walletAddr, contextId, taskType: opts.taskType, txHash: receipt?.hash }));
         }
         else {
-            console.log(" " + c.success + c.white(" Context opened"));
-            renderTree([
+            console.log(" " + colors_1.c.success + colors_1.c.white(" Context opened"));
+            (0, tree_1.renderTree)([
                 { label: "contextId", value: contextId },
                 { label: "taskType", value: opts.taskType },
                 { label: "Tx", value: receipt?.hash ?? "", last: true },
             ]);
-            console.log(c.dim("\nNote: Each context allows only one spend. Call `arc402 wallet attest` then `arc402 wallet drain` (or executeSpend directly)."));
+            console.log(colors_1.c.dim("\nNote: Each context allows only one spend. Call `arc402 wallet attest` then `arc402 wallet drain` (or executeSpend directly)."));
         }
     });
     // ─── attest (J1-03) ────────────────────────────────────────────────────────
@@ -2562,8 +2528,8 @@ export function registerWalletCommands(program) {
         .option("--ttl <seconds>", "Attestation TTL in seconds (default: 600)", "600")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
-        warnIfPublicRpc(config);
+        const config = (0, config_1.loadConfig)();
+        (0, config_2.warnIfPublicRpc)(config);
         const walletAddr = config.walletContractAddress;
         if (!walletAddr) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
@@ -2575,19 +2541,19 @@ export function registerWalletCommands(program) {
         }
         let checksumRecipient;
         try {
-            checksumRecipient = ethers.getAddress(opts.recipient);
+            checksumRecipient = ethers_1.ethers.getAddress(opts.recipient);
         }
         catch {
             console.error(`Invalid recipient address: ${opts.recipient}`);
             process.exit(1);
         }
-        const tokenAddress = opts.token ? ethers.getAddress(opts.token) : ethers.ZeroAddress;
-        const amount = ethers.parseEther(opts.amount);
+        const tokenAddress = opts.token ? ethers_1.ethers.getAddress(opts.token) : ethers_1.ethers.ZeroAddress;
+        const amount = ethers_1.ethers.parseEther(opts.amount);
         const expiresAt = Math.floor(Date.now() / 1000) + parseInt(opts.ttl, 10);
-        const attestationId = ethers.hexlify(ethers.randomBytes(32));
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const machineKey = new ethers.Wallet(config.privateKey, provider);
-        const walletContract = new ethers.Contract(walletAddr, ARC402_WALLET_PROTOCOL_ABI, machineKey);
+        const attestationId = ethers_1.ethers.hexlify(ethers_1.ethers.randomBytes(32));
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const machineKey = new ethers_1.ethers.Wallet(config.privateKey, provider);
+        const walletContract = new ethers_1.ethers.Contract(walletAddr, abis_1.ARC402_WALLET_PROTOCOL_ABI, machineKey);
         console.log(`Creating attestation...`);
         const tx = await walletContract.attest(attestationId, opts.category, `cli attest: ${opts.category} to ${checksumRecipient}`, checksumRecipient, amount, tokenAddress, expiresAt);
         const receipt = await tx.wait(1);
@@ -2604,16 +2570,16 @@ export function registerWalletCommands(program) {
             }));
         }
         else {
-            console.log(" " + c.success + c.white(" Attestation created"));
-            renderTree([
+            console.log(" " + colors_1.c.success + colors_1.c.white(" Attestation created"));
+            (0, tree_1.renderTree)([
                 { label: "attestationId", value: attestationId },
                 { label: "recipient", value: checksumRecipient },
                 { label: "amount", value: opts.amount + " ETH" },
-                { label: "token", value: tokenAddress === ethers.ZeroAddress ? "ETH" : tokenAddress },
+                { label: "token", value: tokenAddress === ethers_1.ethers.ZeroAddress ? "ETH" : tokenAddress },
                 { label: "expiresAt", value: new Date(expiresAt * 1000).toISOString() },
                 { label: "Tx", value: receipt?.hash ?? "", last: true },
             ]);
-            console.log(c.dim("\nUse this attestationId in `arc402 wallet drain` or your spend flow."));
+            console.log(colors_1.c.dim("\nUse this attestationId in `arc402 wallet drain` or your spend flow."));
         }
     });
     // ─── velocity-status (J8-03) ───────────────────────────────────────────────
@@ -2623,14 +2589,14 @@ export function registerWalletCommands(program) {
         .description("Show wallet-level velocity limit, current window spend, and remaining budget")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         const walletAddr = config.walletContractAddress;
         if (!walletAddr) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
         }
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const walletContract = new ethers.Contract(walletAddr, ARC402_WALLET_OWNER_ABI, provider);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const walletContract = new ethers_1.ethers.Contract(walletAddr, abis_1.ARC402_WALLET_OWNER_ABI, provider);
         let velocityLimit = 0n;
         let velocityWindowStart = 0n;
         let cumulativeSpend = 0n;
@@ -2650,11 +2616,11 @@ export function registerWalletCommands(program) {
         if (opts.json) {
             console.log(JSON.stringify({
                 walletAddress: walletAddr,
-                velocityLimit: ethers.formatEther(velocityLimit),
+                velocityLimit: ethers_1.ethers.formatEther(velocityLimit),
                 velocityLimitEnabled: velocityLimit > 0n,
                 velocityWindowStart: windowStartDate?.toISOString() ?? null,
-                cumulativeSpend: ethers.formatEther(cumulativeSpend),
-                remaining: remaining !== null ? ethers.formatEther(remaining) : null,
+                cumulativeSpend: ethers_1.ethers.formatEther(cumulativeSpend),
+                remaining: remaining !== null ? ethers_1.ethers.formatEther(remaining) : null,
             }, null, 2));
         }
         else {
@@ -2663,10 +2629,10 @@ export function registerWalletCommands(program) {
                 console.log(`  Velocity limit: disabled (set with \`arc402 wallet set-velocity-limit <eth>\`)`);
             }
             else {
-                console.log(`  Limit:          ${ethers.formatEther(velocityLimit)} ETH per rolling window`);
+                console.log(`  Limit:          ${ethers_1.ethers.formatEther(velocityLimit)} ETH per rolling window`);
                 console.log(`  Window start:   ${windowStartDate?.toISOString() ?? "(no window yet)"}`);
-                console.log(`  Spent:          ${ethers.formatEther(cumulativeSpend)} ETH`);
-                console.log(`  Remaining:      ${remaining !== null ? ethers.formatEther(remaining) + " ETH" : "N/A"}`);
+                console.log(`  Spent:          ${ethers_1.ethers.formatEther(cumulativeSpend)} ETH`);
+                console.log(`  Remaining:      ${remaining !== null ? ethers_1.ethers.formatEther(remaining) + " ETH" : "N/A"}`);
             }
         }
     });
@@ -2677,15 +2643,15 @@ export function registerWalletCommands(program) {
         .description("Check whether the wallet's spend context is currently open (uses Alchemy RPC)")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
-        warnIfPublicRpc(config);
+        const config = (0, config_1.loadConfig)();
+        (0, config_2.warnIfPublicRpc)(config);
         const walletAddr = config.walletContractAddress;
         if (!walletAddr) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
         }
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const walletContract = new ethers.Contract(walletAddr, ARC402_WALLET_PROTOCOL_ABI, provider);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const walletContract = new ethers_1.ethers.Contract(walletAddr, abis_1.ARC402_WALLET_PROTOCOL_ABI, provider);
         const isOpen = await walletContract.contextOpen();
         if (opts.json) {
             console.log(JSON.stringify({ walletAddress: walletAddr, contextOpen: isOpen }));
@@ -2703,8 +2669,8 @@ export function registerWalletCommands(program) {
         .description("Force-close a stale open context on the wallet (machine key signs — onlyOwnerOrMachineKey)")
         .option("--json")
         .action(async (opts) => {
-        const config = loadConfig();
-        warnIfPublicRpc(config);
+        const config = (0, config_1.loadConfig)();
+        (0, config_2.warnIfPublicRpc)(config);
         const walletAddr = config.walletContractAddress;
         if (!walletAddr) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
@@ -2714,9 +2680,9 @@ export function registerWalletCommands(program) {
             console.error("privateKey not set in config — machine key required for close-context.");
             process.exit(1);
         }
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const machineKey = new ethers.Wallet(config.privateKey, provider);
-        const walletContract = new ethers.Contract(walletAddr, ARC402_WALLET_PROTOCOL_ABI, machineKey);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const machineKey = new ethers_1.ethers.Wallet(config.privateKey, provider);
+        const walletContract = new ethers_1.ethers.Contract(walletAddr, abis_1.ARC402_WALLET_PROTOCOL_ABI, machineKey);
         const isOpen = await walletContract.contextOpen();
         if (!isOpen) {
             if (opts.json) {
@@ -2734,9 +2700,9 @@ export function registerWalletCommands(program) {
             console.log(JSON.stringify({ walletAddress: walletAddr, txHash: receipt?.hash, contextOpen: false }));
         }
         else {
-            console.log(" " + c.success + c.white(" Context closed"));
-            console.log(" " + c.dim("Tx:") + " " + c.white(receipt?.hash ?? ""));
-            console.log(" " + c.dim("Wallet:") + " " + c.white(walletAddr));
+            console.log(" " + colors_1.c.success + colors_1.c.white(" Context closed"));
+            console.log(" " + colors_1.c.dim("Tx:") + " " + colors_1.c.white(receipt?.hash ?? ""));
+            console.log(" " + colors_1.c.dim("Wallet:") + " " + colors_1.c.white(walletAddr));
         }
     });
     // ─── drain ─────────────────────────────────────────────────────────────────
@@ -2751,8 +2717,8 @@ export function registerWalletCommands(program) {
         .option("--category <cat>", "Spend category (default: general)", "general")
         .option("--json")
         .action(async (recipientArg, opts) => {
-        const config = loadConfig();
-        warnIfPublicRpc(config);
+        const config = (0, config_1.loadConfig)();
+        (0, config_2.warnIfPublicRpc)(config);
         const walletAddr = config.walletContractAddress;
         if (!walletAddr) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
@@ -2769,26 +2735,26 @@ export function registerWalletCommands(program) {
         }
         let checksumRecipient;
         try {
-            checksumRecipient = ethers.getAddress(recipient);
+            checksumRecipient = ethers_1.ethers.getAddress(recipient);
         }
         catch {
             console.error(`Invalid recipient address: ${recipient}`);
             process.exit(1);
         }
-        const GAS_RESERVE = ethers.parseEther("0.00005");
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const machineKey = new ethers.Wallet(config.privateKey, provider);
-        const walletContract = new ethers.Contract(walletAddr, ARC402_WALLET_PROTOCOL_ABI, machineKey);
+        const GAS_RESERVE = ethers_1.ethers.parseEther("0.00005");
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const machineKey = new ethers_1.ethers.Wallet(config.privateKey, provider);
+        const walletContract = new ethers_1.ethers.Contract(walletAddr, abis_1.ARC402_WALLET_PROTOCOL_ABI, machineKey);
         // ── Pre-flight checks ──────────────────────────────────────────────────
         const balance = await provider.getBalance(walletAddr);
-        console.log(`Wallet balance: ${ethers.formatEther(balance)} ETH`);
+        console.log(`Wallet balance: ${ethers_1.ethers.formatEther(balance)} ETH`);
         if (balance <= GAS_RESERVE) {
-            console.error(`Insufficient balance: ${ethers.formatEther(balance)} ETH — need more than ${ethers.formatEther(GAS_RESERVE)} ETH reserve`);
+            console.error(`Insufficient balance: ${ethers_1.ethers.formatEther(balance)} ETH — need more than ${ethers_1.ethers.formatEther(GAS_RESERVE)} ETH reserve`);
             process.exit(1);
         }
         // Check category is configured on PolicyEngine
         const policyAddress = config.policyEngineAddress ?? POLICY_ENGINE_DEFAULT;
-        const policyContract = new ethers.Contract(policyAddress, POLICY_ENGINE_LIMITS_ABI, provider);
+        const policyContract = new ethers_1.ethers.Contract(policyAddress, abis_1.POLICY_ENGINE_LIMITS_ABI, provider);
         const categoryLimit = await policyContract.categoryLimits(walletAddr, opts.category);
         if (categoryLimit === 0n) {
             console.error(`Category "${opts.category}" is not configured on PolicyEngine for this wallet.`);
@@ -2797,7 +2763,7 @@ export function registerWalletCommands(program) {
         }
         // Verify machine key is authorized
         const machineKeyAbi = ["function authorizedMachineKeys(address) external view returns (bool)"];
-        const walletCheck = new ethers.Contract(walletAddr, machineKeyAbi, provider);
+        const walletCheck = new ethers_1.ethers.Contract(walletAddr, machineKeyAbi, provider);
         let isAuthorized = false;
         try {
             isAuthorized = await walletCheck.authorizedMachineKeys(machineKey.address);
@@ -2813,46 +2779,46 @@ export function registerWalletCommands(program) {
         // Compute drain amount
         let drainAmount;
         if (opts.amount) {
-            drainAmount = ethers.parseEther(opts.amount);
+            drainAmount = ethers_1.ethers.parseEther(opts.amount);
         }
         else {
             drainAmount = balance - GAS_RESERVE;
         }
         if (drainAmount > categoryLimit) {
-            console.warn(`WARN: drainAmount (${ethers.formatEther(drainAmount)} ETH) exceeds category limit (${ethers.formatEther(categoryLimit)} ETH)`);
+            console.warn(`WARN: drainAmount (${ethers_1.ethers.formatEther(drainAmount)} ETH) exceeds category limit (${ethers_1.ethers.formatEther(categoryLimit)} ETH)`);
             console.warn(`  Capping at category limit.`);
             drainAmount = categoryLimit;
         }
         console.log(`\nDrain plan:`);
         console.log(`  Wallet:    ${walletAddr}`);
         console.log(`  Recipient: ${checksumRecipient}`);
-        console.log(`  Amount:    ${ethers.formatEther(drainAmount)} ETH`);
+        console.log(`  Amount:    ${ethers_1.ethers.formatEther(drainAmount)} ETH`);
         console.log(`  Category:  ${opts.category}`);
         console.log(`  MachineKey: ${machineKey.address}`);
         console.log(`\nNote: Each context allows exactly one spend. A new context is opened for each drain call.\n`);
         // ── Step 1: context cleanup ────────────────────────────────────────────
         const isOpen = await walletContract.contextOpen();
         if (isOpen) {
-            console.log(c.dim("Stale context found — closing it first..."));
+            console.log(colors_1.c.dim("Stale context found — closing it first..."));
             const closeTx = await walletContract.closeContext();
             await closeTx.wait(2);
-            console.log(" " + c.success + c.dim(` Closed: ${closeTx.hash}`));
+            console.log(" " + colors_1.c.success + colors_1.c.dim(` Closed: ${closeTx.hash}`));
         }
         // ── Step 2: openContext ────────────────────────────────────────────────
-        const contextId = ethers.keccak256(ethers.toUtf8Bytes(`drain-${Date.now()}`));
-        console.log(c.dim("Opening context..."));
+        const contextId = ethers_1.ethers.keccak256(ethers_1.ethers.toUtf8Bytes(`drain-${Date.now()}`));
+        console.log(colors_1.c.dim("Opening context..."));
         const openTx = await walletContract.openContext(contextId, "drain");
         const openReceipt = await openTx.wait(1);
-        console.log(" " + c.success + c.dim(` openContext: ${openReceipt?.hash}`));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(` openContext: ${openReceipt?.hash}`));
         // ── Step 3: attest (direct on wallet — onlyOwnerOrMachineKey, NOT via executeContractCall)
-        const attestationId = ethers.hexlify(ethers.randomBytes(32));
+        const attestationId = ethers_1.ethers.hexlify(ethers_1.ethers.randomBytes(32));
         const expiry = Math.floor(Date.now() / 1000) + 600; // 10 min TTL
-        console.log(c.dim("Creating attestation (direct on wallet)..."));
-        const attestTx = await walletContract.attest(attestationId, "spend", `drain to ${checksumRecipient}`, checksumRecipient, drainAmount, ethers.ZeroAddress, expiry);
+        console.log(colors_1.c.dim("Creating attestation (direct on wallet)..."));
+        const attestTx = await walletContract.attest(attestationId, "spend", `drain to ${checksumRecipient}`, checksumRecipient, drainAmount, ethers_1.ethers.ZeroAddress, expiry);
         const attestReceipt = await attestTx.wait(1);
-        console.log(" " + c.success + c.dim(` attest: ${attestReceipt?.hash}`));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(` attest: ${attestReceipt?.hash}`));
         // ── Step 4: executeSpend ───────────────────────────────────────────────
-        console.log(c.dim("Executing spend..."));
+        console.log(colors_1.c.dim("Executing spend..."));
         let spendReceiptHash;
         try {
             const spendTx = await walletContract.executeSpend(checksumRecipient, drainAmount, opts.category, attestationId);
@@ -2860,21 +2826,21 @@ export function registerWalletCommands(program) {
             spendReceiptHash = spendReceipt?.hash;
         }
         catch (e) {
-            handleWalletError(e);
+            (0, wallet_router_1.handleWalletError)(e);
         }
-        console.log(" " + c.success + c.dim(` executeSpend: ${spendReceiptHash}`));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(` executeSpend: ${spendReceiptHash}`));
         // ── Step 5: closeContext ───────────────────────────────────────────────
-        console.log(c.dim("Closing context..."));
+        console.log(colors_1.c.dim("Closing context..."));
         const closeTx2 = await walletContract.closeContext();
         const closeReceipt = await closeTx2.wait(1);
-        console.log(" " + c.success + c.dim(` closeContext: ${closeReceipt?.hash}`));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(` closeContext: ${closeReceipt?.hash}`));
         const newBalance = await provider.getBalance(walletAddr);
         if (opts.json) {
             console.log(JSON.stringify({
                 ok: true,
                 walletAddress: walletAddr,
                 recipient: checksumRecipient,
-                amount: ethers.formatEther(drainAmount),
+                amount: ethers_1.ethers.formatEther(drainAmount),
                 category: opts.category,
                 txHashes: {
                     openContext: openReceipt?.hash,
@@ -2882,14 +2848,14 @@ export function registerWalletCommands(program) {
                     executeSpend: spendReceiptHash,
                     closeContext: closeReceipt?.hash,
                 },
-                remainingBalance: ethers.formatEther(newBalance),
+                remainingBalance: ethers_1.ethers.formatEther(newBalance),
             }));
         }
         else {
-            console.log("\n" + c.success + c.white(" Drain complete"));
-            renderTree([
-                { label: "Sent", value: `${ethers.formatEther(drainAmount)} ETH → ${checksumRecipient}` },
-                { label: "Remaining", value: `${ethers.formatEther(newBalance)} ETH`, last: true },
+            console.log("\n" + colors_1.c.success + colors_1.c.white(" Drain complete"));
+            (0, tree_1.renderTree)([
+                { label: "Sent", value: `${ethers_1.ethers.formatEther(drainAmount)} ETH → ${checksumRecipient}` },
+                { label: "Remaining", value: `${ethers_1.ethers.formatEther(newBalance)} ETH`, last: true },
             ]);
         }
     });
@@ -2909,8 +2875,8 @@ export function registerWalletCommands(program) {
         .option("--decimals <n>", "Token decimals override (default: auto-detect from contract)", "auto")
         .option("--json")
         .action(async (recipientArg, amountArg, opts) => {
-        const config = loadConfig();
-        warnIfPublicRpc(config);
+        const config = (0, config_1.loadConfig)();
+        (0, config_2.warnIfPublicRpc)(config);
         const walletAddr = config.walletContractAddress;
         if (!walletAddr) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
@@ -2923,11 +2889,11 @@ export function registerWalletCommands(program) {
         // Resolve token address
         let tokenAddress;
         if (opts.token.toLowerCase() === "usdc") {
-            tokenAddress = getUsdcAddress(config);
+            tokenAddress = (0, config_1.getUsdcAddress)(config);
         }
         else {
             try {
-                tokenAddress = ethers.getAddress(opts.token);
+                tokenAddress = ethers_1.ethers.getAddress(opts.token);
             }
             catch {
                 console.error(`Invalid token address: ${opts.token}`);
@@ -2936,20 +2902,20 @@ export function registerWalletCommands(program) {
         }
         let checksumRecipient;
         try {
-            checksumRecipient = ethers.getAddress(recipientArg);
+            checksumRecipient = ethers_1.ethers.getAddress(recipientArg);
         }
         catch {
             console.error(`Invalid recipient address: ${recipientArg}`);
             process.exit(1);
         }
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const machineKey = new ethers.Wallet(config.privateKey, provider);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const machineKey = new ethers_1.ethers.Wallet(config.privateKey, provider);
         // Determine token decimals
         const erc20Abi = [
             "function decimals() external view returns (uint8)",
             "function balanceOf(address owner) external view returns (uint256)",
         ];
-        const erc20 = new ethers.Contract(tokenAddress, erc20Abi, provider);
+        const erc20 = new ethers_1.ethers.Contract(tokenAddress, erc20Abi, provider);
         let decimals;
         if (opts.decimals !== "auto") {
             decimals = parseInt(opts.decimals, 10);
@@ -2964,7 +2930,7 @@ export function registerWalletCommands(program) {
         }
         let tokenAmount;
         try {
-            tokenAmount = ethers.parseUnits(amountArg, decimals);
+            tokenAmount = ethers_1.ethers.parseUnits(amountArg, decimals);
         }
         catch {
             console.error(`Invalid amount: ${amountArg}. Provide a decimal value (e.g. 1.5).`);
@@ -2973,12 +2939,12 @@ export function registerWalletCommands(program) {
         // Check token balance
         const tokenBalance = await erc20.balanceOf(walletAddr);
         if (tokenBalance < tokenAmount) {
-            console.error(`Insufficient token balance: ${ethers.formatUnits(tokenBalance, decimals)} < ${amountArg}`);
+            console.error(`Insufficient token balance: ${ethers_1.ethers.formatUnits(tokenBalance, decimals)} < ${amountArg}`);
             process.exit(1);
         }
         // Check category is configured on PolicyEngine
         const policyAddressT = config.policyEngineAddress ?? POLICY_ENGINE_DEFAULT;
-        const policyContractT = new ethers.Contract(policyAddressT, POLICY_ENGINE_LIMITS_ABI, provider);
+        const policyContractT = new ethers_1.ethers.Contract(policyAddressT, abis_1.POLICY_ENGINE_LIMITS_ABI, provider);
         const categoryLimitT = await policyContractT.categoryLimits(walletAddr, opts.category);
         if (categoryLimitT === 0n) {
             console.error(`Category "${opts.category}" is not configured on PolicyEngine for this wallet.`);
@@ -2987,7 +2953,7 @@ export function registerWalletCommands(program) {
         }
         // Verify machine key is authorized
         const mkAbi = ["function authorizedMachineKeys(address) external view returns (bool)"];
-        const walletCheckT = new ethers.Contract(walletAddr, mkAbi, provider);
+        const walletCheckT = new ethers_1.ethers.Contract(walletAddr, mkAbi, provider);
         let isAuthorizedT = false;
         try {
             isAuthorizedT = await walletCheckT.authorizedMachineKeys(machineKey.address);
@@ -3000,7 +2966,7 @@ export function registerWalletCommands(program) {
             console.error(`Fix: arc402 wallet authorize-machine-key ${machineKey.address}`);
             process.exit(1);
         }
-        const walletContractT = new ethers.Contract(walletAddr, ARC402_WALLET_PROTOCOL_ABI, machineKey);
+        const walletContractT = new ethers_1.ethers.Contract(walletAddr, abis_1.ARC402_WALLET_PROTOCOL_ABI, machineKey);
         console.log(`\nDrain token plan:`);
         console.log(`  Wallet:     ${walletAddr}`);
         console.log(`  Recipient:  ${checksumRecipient}`);
@@ -3012,34 +2978,34 @@ export function registerWalletCommands(program) {
         // ── Step 1: context cleanup ──────────────────────────────────────────────
         const isOpenT = await walletContractT.contextOpen();
         if (isOpenT) {
-            console.log(c.dim("Stale context found — closing it first..."));
+            console.log(colors_1.c.dim("Stale context found — closing it first..."));
             const closeTxT = await walletContractT.closeContext();
             await closeTxT.wait(2);
-            console.log(" " + c.success + c.dim(` Closed: ${closeTxT.hash}`));
+            console.log(" " + colors_1.c.success + colors_1.c.dim(` Closed: ${closeTxT.hash}`));
         }
         // ── Step 2: openContext ──────────────────────────────────────────────────
-        const contextIdT = ethers.keccak256(ethers.toUtf8Bytes(`drain-token-${Date.now()}`));
-        console.log(c.dim("Opening context..."));
+        const contextIdT = ethers_1.ethers.keccak256(ethers_1.ethers.toUtf8Bytes(`drain-token-${Date.now()}`));
+        console.log(colors_1.c.dim("Opening context..."));
         const openTxT = await walletContractT.openContext(contextIdT, "drain");
         const openReceiptT = await openTxT.wait(1);
-        console.log(" " + c.success + c.dim(` openContext: ${openReceiptT?.hash}`));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(` openContext: ${openReceiptT?.hash}`));
         // ── Step 3: attest with token address ────────────────────────────────────
-        const attestationIdT = ethers.hexlify(ethers.randomBytes(32));
+        const attestationIdT = ethers_1.ethers.hexlify(ethers_1.ethers.randomBytes(32));
         const expiryT = Math.floor(Date.now() / 1000) + 600; // 10 min TTL
-        console.log(c.dim("Creating attestation (with token address)..."));
+        console.log(colors_1.c.dim("Creating attestation (with token address)..."));
         const attestTxT = await walletContractT.attest(attestationIdT, "spend", `token drain to ${checksumRecipient}`, checksumRecipient, tokenAmount, tokenAddress, expiryT);
         const attestReceiptT = await attestTxT.wait(1);
-        console.log(" " + c.success + c.dim(` attest: ${attestReceiptT?.hash}`));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(` attest: ${attestReceiptT?.hash}`));
         // ── Step 4: executeTokenSpend ────────────────────────────────────────────
-        console.log(c.dim("Executing token spend..."));
+        console.log(colors_1.c.dim("Executing token spend..."));
         const spendTxT = await walletContractT.executeTokenSpend(checksumRecipient, tokenAmount, tokenAddress, opts.category, attestationIdT);
         const spendReceiptT = await spendTxT.wait(1);
-        console.log(" " + c.success + c.dim(` executeTokenSpend: ${spendReceiptT?.hash}`));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(` executeTokenSpend: ${spendReceiptT?.hash}`));
         // ── Step 5: closeContext ─────────────────────────────────────────────────
-        console.log(c.dim("Closing context..."));
+        console.log(colors_1.c.dim("Closing context..."));
         const closeTxT2 = await walletContractT.closeContext();
         const closeReceiptT = await closeTxT2.wait(1);
-        console.log(" " + c.success + c.dim(` closeContext: ${closeReceiptT?.hash}`));
+        console.log(" " + colors_1.c.success + colors_1.c.dim(` closeContext: ${closeReceiptT?.hash}`));
         const newTokenBalance = await erc20.balanceOf(walletAddr);
         if (opts.json) {
             console.log(JSON.stringify({
@@ -3055,15 +3021,15 @@ export function registerWalletCommands(program) {
                     executeTokenSpend: spendReceiptT?.hash,
                     closeContext: closeReceiptT?.hash,
                 },
-                remainingTokenBalance: ethers.formatUnits(newTokenBalance, decimals),
+                remainingTokenBalance: ethers_1.ethers.formatUnits(newTokenBalance, decimals),
             }));
         }
         else {
-            console.log("\n" + c.success + c.white(" Token drain complete"));
-            renderTree([
+            console.log("\n" + colors_1.c.success + colors_1.c.white(" Token drain complete"));
+            (0, tree_1.renderTree)([
                 { label: "Sent", value: `${amountArg} → ${checksumRecipient}` },
                 { label: "Token", value: tokenAddress },
-                { label: "Remaining", value: ethers.formatUnits(newTokenBalance, decimals), last: true },
+                { label: "Remaining", value: ethers_1.ethers.formatUnits(newTokenBalance, decimals), last: true },
             ]);
         }
     });
@@ -3076,7 +3042,7 @@ export function registerWalletCommands(program) {
     wallet.command("set-passkey <pubKeyX> <pubKeyY>")
         .description("Activate passkey (Face ID) on ARC402Wallet — takes P256 x/y coords from passkey setup (phone wallet signs via WalletConnect)")
         .action(async (pubKeyX, pubKeyY) => {
-        const config = loadConfig();
+        const config = (0, config_1.loadConfig)();
         if (!config.walletContractAddress) {
             console.error("walletContractAddress not set in config. Run `arc402 wallet deploy` first.");
             process.exit(1);
@@ -3096,8 +3062,8 @@ export function registerWalletCommands(program) {
             process.exit(1);
         }
         const chainId = config.network === "base-mainnet" ? 8453 : 84532;
-        const provider = new ethers.JsonRpcProvider(config.rpcUrl);
-        const walletInterface = new ethers.Interface(ARC402_WALLET_PASSKEY_ABI);
+        const provider = new ethers_1.ethers.JsonRpcProvider(config.rpcUrl);
+        const walletInterface = new ethers_1.ethers.Interface(abis_1.ARC402_WALLET_PASSKEY_ABI);
         console.log(`\nWallet:   ${config.walletContractAddress}`);
         console.log(`pubKeyX:  ${pubKeyX}`);
         console.log(`pubKeyY:  ${pubKeyY}`);
@@ -3109,28 +3075,28 @@ export function registerWalletCommands(program) {
             data: walletInterface.encodeFunctionData("setPasskey", [pubKeyX, pubKeyY]),
             value: "0x0",
         };
-        const { client, session, account } = await connectPhoneWallet(config.walletConnectProjectId, chainId, config, {
+        const { client, session, account } = await (0, walletconnect_1.connectPhoneWallet)(config.walletConnectProjectId, chainId, config, {
             telegramOpts,
             prompt: `Activate passkey (Face ID) on ARC402Wallet — enables P256 governance signing`,
         });
-        console.log("\n" + c.success + c.white(` Connected: ${account}`));
-        console.log(c.dim("Sending setPasskey transaction..."));
-        const hash = await sendTransactionWithSession(client, session, account, chainId, txData);
-        console.log("\n" + c.dim("Transaction submitted:") + " " + c.white(hash));
-        console.log(c.dim("Waiting for confirmation..."));
+        console.log("\n" + colors_1.c.success + colors_1.c.white(` Connected: ${account}`));
+        console.log(colors_1.c.dim("Sending setPasskey transaction..."));
+        const hash = await (0, walletconnect_1.sendTransactionWithSession)(client, session, account, chainId, txData);
+        console.log("\n" + colors_1.c.dim("Transaction submitted:") + " " + colors_1.c.white(hash));
+        console.log(colors_1.c.dim("Waiting for confirmation..."));
         const receipt = await provider.waitForTransaction(hash, 1, 60000);
         if (!receipt || receipt.status !== 1) {
-            console.error(c.failure + " " + c.red("Transaction failed."));
+            console.error(colors_1.c.failure + " " + colors_1.c.red("Transaction failed."));
             process.exit(1);
         }
-        console.log("\n" + c.success + c.white(" Passkey activated on ARC402Wallet"));
-        renderTree([
+        console.log("\n" + colors_1.c.success + colors_1.c.white(" Passkey activated on ARC402Wallet"));
+        (0, tree_1.renderTree)([
             { label: "Wallet", value: config.walletContractAddress ?? "" },
             { label: "pubKeyX", value: pubKeyX },
             { label: "pubKeyY", value: pubKeyY },
             { label: "Tx", value: hash, last: true },
         ]);
-        console.log(c.dim("\nGovernance ops now require Face ID instead of MetaMask."));
+        console.log(colors_1.c.dim("\nGovernance ops now require Face ID instead of MetaMask."));
         await client.disconnect({ topic: session.topic, reason: { code: 6000, message: "done" } });
         process.exit(0);
     });