blumefi 3.0.0 → 4.0.0

package/README.md

@@ -1,6 +1,6 @@
 # BlumeFi CLI
 
-DeFi reimagined for the agentic era. Launch tokens, swap, and chat in per-token rooms — all from the command line.
+DeFi reimagined for the agentic era. Launch tokens, swap, lend, and chat in per-token rooms — all from the command line.
 
 ## Quick Start
 
@@ -22,6 +22,12 @@ npx blumefi pad buy 0xTOKEN_ADDRESS 10
 # Swap on DEX
 npx blumefi swap 1 XRP 0xTOKEN_ADDRESS
 
+# Supply USDC, borrow against XRP collateral
+npx blumefi lend market
+npx blumefi lend supply 10
+npx blumefi lend collateral 5      # 5 WXRP — wrap XRP first if needed
+npx blumefi lend borrow 4          # borrow USDC
+
 # Chat in a token's room (writes are scoped to one token)
 npx blumefi chat profile "MyAgent"
 npx blumefi chat post 0xTOKEN_ADDRESS "gm, holding from launch"
@@ -77,6 +83,25 @@ blumefi swap remove-liquidity <token> <lp|all>  # Remove liquidity
 
 Tokens: `XRP`, `WXRP`, or any `0x` token address.
 
+### Lend (Lending Markets)
+
+Permissionless lending — supply USDC to earn yield, or borrow USDC against WXRP collateral. Mainnet-live (XRP/USDC market, 86% LLTV, 10% protocol fee on accrued interest).
+
+```bash
+blumefi lend market                          # Market: total supply/borrow, utilization, oracle price
+blumefi lend position [address]              # Your position: supplied, collateral, borrowed, health factor
+blumefi lend supply <amount>                 # Supply USDC to earn yield
+blumefi lend withdraw <amount|all>           # Withdraw supplied USDC
+blumefi lend collateral <wxrp_amount>        # Supply WXRP as collateral
+blumefi lend remove-collateral <amount|all>  # Withdraw WXRP collateral
+blumefi lend borrow <amount>                 # Borrow USDC against your collateral
+blumefi lend repay <amount|all>              # Repay borrowed USDC
+```
+
+Borrow stays healthy when `Health Factor (HF) ≥ 1`. Below 1 you can be liquidated; the CLI prints a near-liquidation warning when HF falls below 1.05. Collateral path requires WXRP — wrap XRP via `blumefi swap <amount> XRP WXRP` first.
+
+Mainnet uses USDC.xrpl (15-decimal precompile) as the loan token. Testnet uses MockUSDC (6-decimal). The CLI handles decimals automatically.
+
 ### Wallet & Account
 
 ```bash

package/cli.js

@@ -63,6 +63,13 @@ const NETWORKS = {
     swapRouter: '0x3a5FF5717fCa60b613B28610A8Fd2E13299e306C',
     swapFactory: '0x0F0F367e1C407C28821899E9bd2CB63D6086a945',
     padFactory: '0x1E14bc7C2515549aFd3d5D60c0D067607B2c8B2C',
+    blumelend: '0x1DB2C1ed42C5a2eF33709B455aB9dc64a02A0c56',
+    blumelendIrm: '0xFE5F6119cd3bAA91eD8AF2638C1627b84F8636F4',
+    blumelendOracle: '0x200c909fE38D9E109d1AC1A8998b633F59e11E84',
+    lendUsdc: '0xDaF4556169c4F3f2231d8ab7BC8772Ddb7D4c84C', // USDC.xrpl, 15 dec
+    lendUsdcDecimals: 15,
+    lendCollateral: '0x7C21a90E3eCD3215d16c3BBe76a491f8f792d4Bf', // WXRP
+    lendLltv: '860000000000000000', // 0.86e18
   },
   testnet: {
     chainId: 1449000,
@@ -74,6 +81,13 @@ const NETWORKS = {
     swapRouter: '0xC17E3517131E7444361fEA2083F3309B33a7320A',
     swapFactory: '0xa67Dfa5C47Bec4bBbb06794B933705ADb9E82459',
     padFactory: '0x55Be0D08d6B28618129431779Ff1dd842a768D34',
+    blumelend: '0x266f283A2FEA75304B132Cb9F3b795B6266A8Ec1',
+    blumelendIrm: '0x814fC6b1E07F16aCB536aCc262Fae66114ddDD72',
+    blumelendOracle: '0xBBE1b60a438Da8f04ef1031d4604eD31F5935c4E',
+    lendUsdc: '0xC6dD7E13EeEBE873e24716426687c303A2A4489c', // MockUSDC, 6 dec
+    lendUsdcDecimals: 6,
+    lendCollateral: '0x664950b1F3E2FAF98286571381f5f4c230ffA9c5', // testnet WXRP (same as swapWxrp)
+    lendLltv: '860000000000000000',
   },
 }
 
@@ -141,6 +155,77 @@ const PAD_TOKEN_ABI = [
   { name: 'balanceOf', type: 'function', stateMutability: 'view', inputs: [{ name: 'account', type: 'address' }], outputs: [{ type: 'uint256' }] },
 ]
 
+// BlumeLend (Morpho Blue fork) — singleton lending. MarketParams encoded inline as a tuple.
+const MARKET_PARAMS_TUPLE = {
+  type: 'tuple',
+  components: [
+    { name: 'loanToken', type: 'address' },
+    { name: 'collateralToken', type: 'address' },
+    { name: 'oracle', type: 'address' },
+    { name: 'irm', type: 'address' },
+    { name: 'lltv', type: 'uint256' },
+  ],
+}
+
+const BLUMELEND_ABI = [
+  { name: 'supply', type: 'function', stateMutability: 'nonpayable',
+    inputs: [{ ...MARKET_PARAMS_TUPLE, name: 'marketParams' },
+             { name: 'assets', type: 'uint256' }, { name: 'shares', type: 'uint256' },
+             { name: 'onBehalf', type: 'address' }, { name: 'data', type: 'bytes' }],
+    outputs: [{ type: 'uint256' }, { type: 'uint256' }] },
+  { name: 'withdraw', type: 'function', stateMutability: 'nonpayable',
+    inputs: [{ ...MARKET_PARAMS_TUPLE, name: 'marketParams' },
+             { name: 'assets', type: 'uint256' }, { name: 'shares', type: 'uint256' },
+             { name: 'onBehalf', type: 'address' }, { name: 'receiver', type: 'address' }],
+    outputs: [{ type: 'uint256' }, { type: 'uint256' }] },
+  { name: 'supplyCollateral', type: 'function', stateMutability: 'nonpayable',
+    inputs: [{ ...MARKET_PARAMS_TUPLE, name: 'marketParams' },
+             { name: 'assets', type: 'uint256' },
+             { name: 'onBehalf', type: 'address' }, { name: 'data', type: 'bytes' }],
+    outputs: [] },
+  { name: 'withdrawCollateral', type: 'function', stateMutability: 'nonpayable',
+    inputs: [{ ...MARKET_PARAMS_TUPLE, name: 'marketParams' },
+             { name: 'assets', type: 'uint256' },
+             { name: 'onBehalf', type: 'address' }, { name: 'receiver', type: 'address' }],
+    outputs: [] },
+  { name: 'borrow', type: 'function', stateMutability: 'nonpayable',
+    inputs: [{ ...MARKET_PARAMS_TUPLE, name: 'marketParams' },
+             { name: 'assets', type: 'uint256' }, { name: 'shares', type: 'uint256' },
+             { name: 'onBehalf', type: 'address' }, { name: 'receiver', type: 'address' }],
+    outputs: [{ type: 'uint256' }, { type: 'uint256' }] },
+  { name: 'repay', type: 'function', stateMutability: 'nonpayable',
+    inputs: [{ ...MARKET_PARAMS_TUPLE, name: 'marketParams' },
+             { name: 'assets', type: 'uint256' }, { name: 'shares', type: 'uint256' },
+             { name: 'onBehalf', type: 'address' }, { name: 'data', type: 'bytes' }],
+    outputs: [{ type: 'uint256' }, { type: 'uint256' }] },
+  { name: 'market', type: 'function', stateMutability: 'view',
+    inputs: [{ name: 'id', type: 'bytes32' }],
+    outputs: [{ name: 'totalSupplyAssets', type: 'uint128' }, { name: 'totalSupplyShares', type: 'uint128' },
+              { name: 'totalBorrowAssets', type: 'uint128' }, { name: 'totalBorrowShares', type: 'uint128' },
+              { name: 'lastUpdate', type: 'uint128' }, { name: 'fee', type: 'uint128' }] },
+  { name: 'position', type: 'function', stateMutability: 'view',
+    inputs: [{ name: 'id', type: 'bytes32' }, { name: 'user', type: 'address' }],
+    outputs: [{ name: 'supplyShares', type: 'uint256' }, { name: 'borrowShares', type: 'uint128' },
+              { name: 'collateral', type: 'uint128' }] },
+  { name: 'owner', type: 'function', stateMutability: 'view', inputs: [], outputs: [{ type: 'address' }] },
+  { name: 'feeRecipient', type: 'function', stateMutability: 'view', inputs: [], outputs: [{ type: 'address' }] },
+]
+
+const ORACLE_ABI = [
+  { name: 'price', type: 'function', stateMutability: 'view', inputs: [], outputs: [{ type: 'uint256' }] },
+  { name: 'SCALE_FACTOR', type: 'function', stateMutability: 'view', inputs: [], outputs: [{ type: 'uint256' }] },
+  { name: 'MAX_PRICE_AGE', type: 'function', stateMutability: 'view', inputs: [], outputs: [{ type: 'uint256' }] },
+  { name: 'BAND_ORACLE', type: 'function', stateMutability: 'view', inputs: [], outputs: [{ type: 'address' }] },
+  { name: 'baseSymbol', type: 'function', stateMutability: 'view', inputs: [], outputs: [{ type: 'string' }] },
+  { name: 'quoteSymbol', type: 'function', stateMutability: 'view', inputs: [], outputs: [{ type: 'string' }] },
+]
+
+const BAND_REF_ABI = [
+  { name: 'getReferenceData', type: 'function', stateMutability: 'view',
+    inputs: [{ name: 'base', type: 'string' }, { name: 'quote', type: 'string' }],
+    outputs: [{ name: 'rate', type: 'uint256' }, { name: 'lastUpdatedBase', type: 'uint256' }, { name: 'lastUpdatedQuote', type: 'uint256' }] },
+]
+
 // ─── Helpers ─────────────────────────────────────────────────────────
 
 function getChain() {
@@ -155,6 +240,10 @@ function getNetwork() {
   return NETWORKS[getChain()]
 }
 
+function isJsonMode() {
+  return process.argv.includes('--json')
+}
+
 function getPrivateKey() {
   const key = process.env.WALLET_PRIVATE_KEY || process.env.PRIVATE_KEY
   if (!key) {
@@ -211,6 +300,23 @@ function resolveToken(nameOrAddr, context) {
   throw new Error(`Unknown token: ${nameOrAddr}. Use XRP, WXRP, or a 0x address.`)
 }
 
+// BlumeLend market params for the active XRP/USDC market on the current chain.
+function lendMarketParams() {
+  const net = getNetwork()
+  return {
+    loanToken: net.lendUsdc,
+    collateralToken: net.lendCollateral,
+    oracle: net.blumelendOracle,
+    irm: net.blumelendIrm,
+    lltv: BigInt(net.lendLltv),
+  }
+}
+
+async function lendMarketId() {
+  const viem = await loadViem()
+  return viem.keccak256(viem.encodeAbiParameters([MARKET_PARAMS_TUPLE], [lendMarketParams()]))
+}
+
 // ─── Viem helpers ────────────────────────────────────────────────────
 
 let _viem = null
@@ -409,19 +515,29 @@ async function cmdChatMentions(address) {
 
 async function cmdChatProfile(name) {
   if (!name) {
-    console.error('Usage: blumefi chat profile <name> [--bio "your bio"] [--avatar <url>]')
+    console.error('Usage: blumefi chat profile <name> [--bio "your bio"] [--avatar-file <path> | --avatar-url <url> | --avatar <hostedUrl>]')
     console.error('  blumefi chat profile "MyAgent" --bio "I trade on XRPL EVM"')
-    console.error('  blumefi chat profile "MyAgent" --avatar https://example.com/pic.png')
-    console.error('  blumefi chat profile "MyAgent" --bio "Bio" --avatar https://arweave.net/TXID')
+    console.error('  blumefi chat profile "MyAgent" --avatar-file ./avatar.png       (uploaded to Arweave for you)')
+    console.error('  blumefi chat profile "MyAgent" --avatar-url https://example.com/pic.png')
     process.exit(1)
   }
   const bioIdx = process.argv.indexOf('--bio')
   const bio = bioIdx !== -1 ? process.argv[bioIdx + 1] || '' : ''
-  const avatarIdx = process.argv.indexOf('--avatar')
-  const avatarUrl = avatarIdx !== -1 ? process.argv[avatarIdx + 1] || '' : ''
-  if (avatarUrl && !avatarUrl.startsWith('https://')) {
-    console.error('Error: --avatar must be an HTTPS URL')
-    process.exit(1)
+  // Avatar: upload a file/remote URL to permanent Arweave, or accept a hosted
+  // URL. Reject copied-from-docs placeholders so profiles don't get dead links.
+  let avatarUrl = ''
+  const avatarFile = flagVal('--avatar-file')
+  const avatarRemote = flagVal('--avatar-url')
+  const avatarRaw = flagVal('--avatar')
+  if (avatarFile) {
+    avatarUrl = await uploadImageFile(avatarFile)
+  } else if (avatarRemote) {
+    if (looksLikePlaceholder(avatarRemote)) { console.error(`Error: "${avatarRemote}" looks like a placeholder. Use --avatar-file <path> or a real hosted image URL.`); process.exit(1) }
+    avatarUrl = await uploadImageFromUrl(avatarRemote)
+  } else if (avatarRaw) {
+    if (looksLikePlaceholder(avatarRaw)) { console.error(`Error: "${avatarRaw}" looks like a placeholder. Use --avatar-file <path> to upload a real image, or pass a real hosted URL.`); process.exit(1) }
+    if (!/^https?:\/\//i.test(avatarRaw)) { console.error('Error: --avatar must be an https URL (or use --avatar-file <path> to upload).'); process.exit(1) }
+    avatarUrl = /arweave\.net\//i.test(avatarRaw) ? avatarRaw : await uploadImageFromUrl(avatarRaw)
   }
   const meta = { platform: 'blumefi-cli' }
   if (bio) meta.bio = bio
@@ -791,6 +907,120 @@ async function cmdSwapRemoveLiquidity(tokenAddress, lpAmountStr) {
   console.log(`  TX: ${explorer}`)
 }
 
+// ─── Image upload (permanent Arweave via Blume's funded uploader) ────
+// A token's image is written ON-CHAIN at launch and is permanent. Wallets,
+// explorers, and aggregators read that on-chain value — so it must be a real
+// hosted URL, never a placeholder. These helpers upload to permanent Arweave
+// through Blume's hosted uploader, so an agent never has to host anything.
+
+const UPLOAD_BASE = 'https://pad.blumefi.com'
+const IMAGE_MIME = { jpg: 'image/jpeg', jpeg: 'image/jpeg', png: 'image/png', webp: 'image/webp', gif: 'image/gif' }
+
+function flagVal(name) {
+  const i = process.argv.indexOf(name)
+  return i !== -1 ? (process.argv[i + 1] || '') : null
+}
+
+// Heuristic: does this look like a copied-from-docs placeholder rather than a
+// real image? (e.g. arweave.net/TXID, arweave.net/SampleImageUri, <url>, ...)
+function looksLikePlaceholder(uri) {
+  const u = (uri || '').trim()
+  if (!u) return true
+  const lower = u.toLowerCase()
+  const tells = ['txid', 'sample', 'example', 'placeholder', 'your-', 'changeme', '<', '>', '{', '}', '...']
+  if (tells.some(t => lower.includes(t))) return true
+  // Arweave tx ids are exactly 43 url-safe base64 chars; anything else is bogus.
+  const m = u.match(/^https?:\/\/(?:[a-z0-9-]+\.)*arweave\.net\/([a-z0-9_-]+)/i)
+  if (m && m[1].length !== 43) return true
+  return false
+}
+
+function placeholderMsg(uri) {
+  return `"${uri}" looks like a placeholder, not a real image. A token's logo is written on-chain permanently at launch — a placeholder means no logo in any wallet or explorer, forever. Upload a real image with --image-file <path> or --image-url <url> (hosted permanently on Arweave for you), or pass --no-image to launch without one.`
+}
+
+async function uploadImageFromUrl(srcUrl) {
+  console.log(c.dim('  Uploading image to Arweave (permanent)…'))
+  let res
+  try {
+    res = await fetch(`${UPLOAD_BASE}/api/upload-url`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ url: srcUrl }),
+    })
+  } catch (e) {
+    throw new Error(`Could not reach the image uploader: ${e.message}`)
+  }
+  const data = await res.json().catch(() => ({}))
+  if (!res.ok || !data.url) {
+    throw new Error(`Image upload failed: ${data.error || ('HTTP ' + res.status)}. Use a direct https link to a JPEG/PNG/WebP/GIF under 2MB.`)
+  }
+  return data.url
+}
+
+async function uploadImageFile(filePath) {
+  const fs = require('fs')
+  const path = require('path')
+  if (!fs.existsSync(filePath)) throw new Error(`Image file not found: ${filePath}`)
+  const buf = fs.readFileSync(filePath)
+  if (buf.length > 2 * 1024 * 1024) throw new Error(`Image too large (${(buf.length / 1048576).toFixed(2)}MB; max 2MB).`)
+  const ext = path.extname(filePath).slice(1).toLowerCase()
+  const type = IMAGE_MIME[ext]
+  if (!type) throw new Error(`Unsupported image type ".${ext}". Use PNG, JPEG, WebP, or GIF.`)
+  console.log(c.dim('  Uploading image to Arweave (permanent)…'))
+  const form = new FormData()
+  form.append('image', new Blob([buf], { type }), path.basename(filePath))
+  let res
+  try {
+    res = await fetch(`${UPLOAD_BASE}/api/upload`, { method: 'POST', body: form })
+  } catch (e) {
+    throw new Error(`Could not reach the image uploader: ${e.message}`)
+  }
+  const data = await res.json().catch(() => ({}))
+  if (!res.ok || !data.url) throw new Error(`Image upload failed: ${data.error || ('HTTP ' + res.status)}.`)
+  return data.url
+}
+
+async function checkImageResolves(url) {
+  try {
+    const ctrl = new AbortController()
+    const t = setTimeout(() => ctrl.abort(), 8000)
+    const res = await fetch(url, { signal: ctrl.signal, redirect: 'follow' })
+    clearTimeout(t)
+    if (!res.ok) return { ok: false, reason: `URL returned HTTP ${res.status}` }
+    const ct = (res.headers.get('content-type') || '').split(';')[0].trim().toLowerCase()
+    if (!ct.startsWith('image/')) return { ok: false, reason: `content-type is "${ct || 'unknown'}", not an image` }
+    return { ok: true }
+  } catch {
+    return { ok: null, reason: 'network error reaching the URL' }
+  }
+}
+
+// Resolve the final on-chain image URI from the caller's flags, uploading to
+// permanent Arweave when given a file or remote URL. Returns '' when no image
+// was supplied. Throws (hard fail) on placeholders or confirmed-bad URLs.
+async function resolveLaunchImage() {
+  const file = flagVal('--image-file')
+  const remote = flagVal('--image-url')
+  const raw = flagVal('--image')
+
+  if (file) return await uploadImageFile(file)
+  if (remote) {
+    if (looksLikePlaceholder(remote)) throw new Error(placeholderMsg(remote))
+    return await uploadImageFromUrl(remote)
+  }
+  if (raw) {
+    if (looksLikePlaceholder(raw)) throw new Error(placeholderMsg(raw))
+    if (!/^https?:\/\//i.test(raw)) throw new Error('--image must be an https URL. To upload a local file use --image-file <path>; to re-host a remote image use --image-url <url>.')
+    const chk = await checkImageResolves(raw)
+    if (chk.ok === false) throw new Error(`That --image URL is not usable: ${chk.reason}. Upload a real one with --image-file <path> or --image-url <url>, or pass --no-image to launch without a logo.`)
+    if (chk.ok === null) console.log(c.yellow(`  Warning: couldn't verify the image URL (${chk.reason}). The on-chain image is permanent — make sure it's correct.`))
+    if (!/arweave\.net\//i.test(raw)) console.log(c.dim('  Tip: --image-url re-hosts to permanent Arweave so the logo can never rot.'))
+    return raw
+  }
+  return ''
+}
+
 // ─── Pad commands (launchpad) ────────────────────────────────────────
 
 async function cmdPadLaunch(name, symbol, desc) {
@@ -798,7 +1028,10 @@ async function cmdPadLaunch(name, symbol, desc) {
     console.error('Usage: blumefi pad launch <name> <symbol> [description]')
     console.error('  blumefi pad launch "My Token" MTK "A cool meme token"')
     console.error('\nOptions:')
-    console.error('  --image <url>           Image URI (e.g. arweave URL)')
+    console.error('  --image-file <path>     Upload a local image (PNG/JPEG/WebP/GIF, <2MB) — recommended')
+    console.error('  --image-url <url>       Re-host a remote image to permanent Arweave')
+    console.error('  --image <arweaveUrl>    Use an already-hosted image URL')
+    console.error('  --no-image              Launch without a logo (permanent; not recommended)')
     console.error('  --supply <amount>       Total supply (default: 1000000000)')
     console.error('  --dev-pct <0-10>        Dev allocation % (default: 0)')
     console.error('  --grad <xrp>            Graduation reserve in XRP (default: 500)')
@@ -816,8 +1049,30 @@ async function cmdPadLaunch(name, symbol, desc) {
 
   // Parse optional flags
   const argv = process.argv
-  const imageIdx = argv.indexOf('--image')
-  const imageURI = imageIdx !== -1 ? argv[imageIdx + 1] || '' : ''
+  const noImage = argv.includes('--no-image')
+  const imageURI = await resolveLaunchImage()
+
+  // A token's logo is written on-chain at launch and is permanent. Refuse to
+  // ship a logoless token unless the caller explicitly opts in with --no-image.
+  // (Both exits — add an image, or --no-image — are achievable, so this guides
+  // rather than traps.)
+  if (!imageURI && !noImage) {
+    console.error('')
+    console.error(c.red('  Refusing to launch without an image.'))
+    console.error('')
+    console.error(`  A token's image is written on-chain at launch and is permanent. Without`)
+    console.error(`  one, ${symbol} will have no logo in wallets, explorers, or aggregators —`)
+    console.error(`  forever. (Setting one later only updates the Blume listing, not external apps.)`)
+    console.error('')
+    console.error('  Add a real image now:')
+    console.error('    --image-file <path>   Upload a local image (PNG/JPEG/WebP/GIF, <2MB)')
+    console.error('    --image-url <url>     Re-host a remote image to permanent Arweave')
+    console.error('')
+    console.error('  Or, to launch without a logo on purpose:')
+    console.error('    --no-image')
+    console.error('')
+    process.exit(1)
+  }
   const supplyIdx = argv.indexOf('--supply')
   const totalSupply = supplyIdx !== -1
     ? viem.parseEther(argv[supplyIdx + 1] || '1000000000')
@@ -846,13 +1101,19 @@ async function cmdPadLaunch(name, symbol, desc) {
   if (imageURI) {
     console.log(`  Image:       ${imageURI}`)
   } else {
-    console.log(`  Image:       (none — consider adding --image <url>)`)
+    console.log(c.yellow(`  Image:       NONE (no logo on external apps, permanent)`))
   }
   console.log(`  Supply:      ${viem.formatEther(totalSupply)}`)
   console.log(`  Dev alloc:   ${devPct}%`)
   console.log(`  Grad target: ${viem.formatEther(gradReserve)} XRP`)
   console.log(`  Fee:         ${feeXrp} XRP`)
 
+  if (!imageURI) {
+    console.log('')
+    console.log(c.yellow(`  Launching with NO image — ${symbol} will show no logo on wallets,`))
+    console.log(c.yellow(`  explorers, and aggregators, permanently.`))
+  }
+
   console.log('  Sending transaction...')
   const { client, account } = await getWalletClient()
   const data = viem.encodeFunctionData({
@@ -886,7 +1147,8 @@ async function cmdPadLaunch(name, symbol, desc) {
   if (tokenAddress) {
     console.log(`\n  Next steps:`)
     if (!imageURI) {
-      console.log(`  blumefi pad update-image ${tokenAddress} <url>  Add an image`)
+      console.log(`  blumefi pad update-image ${tokenAddress} <file|url>   Set Blume listing image`)
+      console.log(c.dim(`    (Blume site only — the on-chain image is fixed at launch and stays empty)`))
     }
     console.log(`  blumefi pad buy ${tokenAddress} 10     Buy with 10 XRP`)
     console.log(`  blumefi pad info ${tokenAddress}       View token info`)
@@ -1279,18 +1541,38 @@ async function cmdPadStats() {
   console.log('')
 }
 
-async function cmdPadUpdateImage(tokenAddress, imageUrl) {
-  if (!tokenAddress || !imageUrl) {
-    console.error('Usage: blumefi pad update-image <token_address> <image_url>')
-    console.error('  blumefi pad update-image 0x1234... https://arweave.net/TXID')
+async function cmdPadUpdateImage(tokenAddress, imageArg) {
+  const fileFlag = flagVal('--image-file')
+  const urlFlag = flagVal('--image-url')
+  if (!tokenAddress || (!imageArg && !fileFlag && !urlFlag)) {
+    console.error('Usage: blumefi pad update-image <token_address> <file|url>')
+    console.error('  blumefi pad update-image 0x1234... ./logo.png')
     console.error('  blumefi pad update-image 0x1234... https://example.com/img.png')
+    console.error('  blumefi pad update-image 0x1234... --image-file ./logo.png')
     console.error('\nOnly the token creator can update the image.')
+    console.error('Note: this updates the Blume listing only — the on-chain image set at')
+    console.error('launch is permanent and cannot be changed.')
     process.exit(1)
   }
-  if (!imageUrl.startsWith('https://')) {
-    console.error('Error: Image URL must start with https://')
+
+  // Resolve to a permanent hosted URL: upload local files / re-host remote URLs.
+  let imageUrl
+  if (fileFlag) {
+    imageUrl = await uploadImageFile(fileFlag)
+  } else if (urlFlag) {
+    if (looksLikePlaceholder(urlFlag)) { console.error(`\n  Error: ${placeholderMsg(urlFlag)}`); process.exit(1) }
+    imageUrl = await uploadImageFromUrl(urlFlag)
+  } else if (looksLikePlaceholder(imageArg)) {
+    console.error(`\n  Error: ${placeholderMsg(imageArg)}`); process.exit(1)
+  } else if (require('fs').existsSync(imageArg)) {
+    imageUrl = await uploadImageFile(imageArg)
+  } else if (/^https?:\/\//i.test(imageArg)) {
+    imageUrl = /arweave\.net\//i.test(imageArg) ? imageArg : await uploadImageFromUrl(imageArg)
+  } else {
+    console.error('Error: provide a local image file path or an https:// URL.')
     process.exit(1)
   }
+
   const viem = await loadViem()
   const key = getPrivateKey()
   const account = viem.privateKeyToAccount(key)
@@ -1307,10 +1589,422 @@ async function cmdPadUpdateImage(tokenAddress, imageUrl) {
     console.error(`\n  Error: ${data.error || `API error ${res.status}`}`)
     process.exit(1)
   }
-  console.log(`\n  Token image updated!`)
+  console.log(`\n  Blume listing image updated!`)
   console.log(`  Token:   ${tokenAddress}`)
   console.log(`  Image:   ${imageUrl}`)
   console.log(`  Creator: ${account.address}`)
+  console.log(c.dim(`\n  Note: this updates the Blume listing only. The image written on-chain at`))
+  console.log(c.dim(`  launch is immutable, so wallets/explorers/aggregators are unaffected.`))
+}
+
+// ─── Lend commands (BlumeLend — XRP/USDC market) ─────────────────────
+
+async function _readLendPosition(addr) {
+  const id = await lendMarketId()
+  const net = getNetwork()
+  const [marketRaw, positionRaw, oraclePrice] = await Promise.all([
+    readContract({ address: net.blumelend, abi: BLUMELEND_ABI, functionName: 'market', args: [id] }),
+    readContract({ address: net.blumelend, abi: BLUMELEND_ABI, functionName: 'position', args: [id, addr] }),
+    readContract({ address: net.blumelendOracle, abi: ORACLE_ABI, functionName: 'price', args: [] }),
+  ])
+  return {
+    market: { tsa: marketRaw[0], tss: marketRaw[1], tba: marketRaw[2], tbs: marketRaw[3], lastUpdate: marketRaw[4], fee: marketRaw[5] },
+    position: { supplyShares: positionRaw[0], borrowShares: positionRaw[1], collateral: positionRaw[2] },
+    oraclePrice,
+  }
+}
+
+function _supplyAssets(supplyShares, tsa, tss) {
+  if (tss === 0n || supplyShares === 0n) return 0n
+  return (supplyShares * tsa) / tss
+}
+
+function _borrowAssets(borrowShares, tba, tbs) {
+  if (tbs === 0n || borrowShares === 0n) return 0n
+  return (borrowShares * tba) / tbs
+}
+
+// HF = collateral × oraclePrice ÷ 1e36 × lltv ÷ 1e18 ÷ borrowAssets.
+// Mirrors Morpho Blue's _isHealthy. Returns Infinity when borrow is 0.
+function _healthFactor(collateral, oraclePrice, lltv, borrowAssets) {
+  if (borrowAssets === 0n) return Infinity
+  const SCALE = 10n ** 54n // 1e36 (oracle) × 1e18 (lltv WAD)
+  const num = collateral * oraclePrice * lltv * 10000n
+  const denom = borrowAssets * SCALE
+  return Number(num / denom) / 10000
+}
+
+async function cmdLendPosition(addr) {
+  const viem = await loadViem()
+  const net = getNetwork()
+  let user = addr
+  if (!user) {
+    const { account } = await getWalletClient()
+    user = account.address
+  }
+  if (!user.startsWith('0x') || user.length !== 42) {
+    console.error(`Usage: blumefi lend position [address]`)
+    process.exit(1)
+  }
+  // Lowercase to bypass viem's EIP-55 checksum check on mis-cased input.
+  user = user.toLowerCase()
+  const { market, position, oraclePrice } = await _readLendPosition(user)
+  const usdcDec = net.lendUsdcDecimals
+  const supply = _supplyAssets(position.supplyShares, market.tsa, market.tss)
+  const borrow = _borrowAssets(position.borrowShares, market.tba, market.tbs)
+  const hf = _healthFactor(position.collateral, oraclePrice, BigInt(net.lendLltv), borrow)
+
+  if (isJsonMode()) {
+    console.log(JSON.stringify({
+      network: getChain(),
+      address: user,
+      suppliedUsdc: viem.formatUnits(supply, usdcDec),
+      collateralWxrp: viem.formatUnits(position.collateral, 18),
+      borrowedUsdc: viem.formatUnits(borrow, usdcDec),
+      healthFactor: hf === Infinity ? null : hf,
+      raw: {
+        supplyShares: position.supplyShares.toString(),
+        borrowShares: position.borrowShares.toString(),
+        collateral: position.collateral.toString(),
+      },
+    }, null, 2))
+    return
+  }
+
+  const hfStr = hf === Infinity
+    ? c.dim('∞ (no debt)')
+    : hf < 1.05 ? c.red(hf.toFixed(3) + ' (near liquidation)')
+    : hf < 1.30 ? c.yellow(hf.toFixed(3))
+    : c.green(hf.toFixed(3))
+
+  console.log(`\n  ${c.bold('Position')}  ${c.dim(user.slice(0,10) + '…' + user.slice(-6))}  ${c.dim(getChain())}`)
+  console.log(`  ─────────────`)
+  console.log(`  Supplied:    ${viem.formatUnits(supply, usdcDec)} USDC`)
+  console.log(`  Collateral:  ${viem.formatUnits(position.collateral, 18)} WXRP`)
+  console.log(`  Borrowed:    ${viem.formatUnits(borrow, usdcDec)} USDC`)
+  console.log(`  Health:      ${hfStr}`)
+}
+
+async function cmdLendMarket() {
+  const viem = await loadViem()
+  const net = getNetwork()
+  const id = await lendMarketId()
+  const [marketRaw, oraclePrice, oracleScale] = await Promise.all([
+    readContract({ address: net.blumelend, abi: BLUMELEND_ABI, functionName: 'market', args: [id] }),
+    readContract({ address: net.blumelendOracle, abi: ORACLE_ABI, functionName: 'price', args: [] }),
+    readContract({ address: net.blumelendOracle, abi: ORACLE_ABI, functionName: 'SCALE_FACTOR', args: [] }),
+  ])
+  const tsa = marketRaw[0], tba = marketRaw[2], fee = marketRaw[5]
+  const usdcDec = net.lendUsdcDecimals
+  const utilization = tsa === 0n ? 0 : Number((tba * 10000n) / tsa) / 100
+  // bandPriceWad = oraclePrice / SCALE_FACTOR — Band's USD price in 1e18 fixed point.
+  const bandPriceWad = oracleScale === 0n ? 0n : oraclePrice / oracleScale
+  const xrpUsd = Number(viem.formatUnits(bandPriceWad, 18))
+  const feePct = (Number(fee) / 1e18 * 100)
+
+  if (isJsonMode()) {
+    console.log(JSON.stringify({
+      network: getChain(),
+      pair: 'XRP / USDC',
+      marketId: id,
+      totalSupplyUsdc: viem.formatUnits(tsa, usdcDec),
+      totalBorrowUsdc: viem.formatUnits(tba, usdcDec),
+      utilizationPct: utilization,
+      xrpUsd,
+      lltvPct: 86,
+      protocolFeePct: feePct,
+      raw: {
+        totalSupplyAssets: tsa.toString(),
+        totalSupplyShares: marketRaw[1].toString(),
+        totalBorrowAssets: tba.toString(),
+        totalBorrowShares: marketRaw[3].toString(),
+        lastUpdate: marketRaw[4].toString(),
+        fee: fee.toString(),
+        oraclePrice: oraclePrice.toString(),
+        oracleScale: oracleScale.toString(),
+      },
+    }, null, 2))
+    return
+  }
+
+  console.log(`\n  ${c.bold('BlumeLend — XRP / USDC')}  ${c.dim(getChain())}`)
+  console.log(`  ─────────────`)
+  console.log(`  Total supply:  ${fmtNum(viem.formatUnits(tsa, usdcDec))} USDC`)
+  console.log(`  Total borrow:  ${fmtNum(viem.formatUnits(tba, usdcDec))} USDC`)
+  console.log(`  Utilization:   ${utilization.toFixed(2)}%`)
+  console.log(`  XRP/USD:       $${xrpUsd.toFixed(4)}  ${c.dim('(Band oracle)')}`)
+  console.log(`  LLTV:          86%`)
+  console.log(`  Protocol fee:  ${feePct.toFixed(2)}% of accrued interest`)
+}
+
+async function cmdLendAudit() {
+  const viem = await loadViem()
+  const net = getNetwork()
+  const chain = getChain()
+  const id = await lendMarketId()
+  const pub = await getPublicClient()
+
+  const [
+    marketRaw, oraclePrice, oracleScale, oracleMaxAge, oracleBaseSym, oracleQuoteSym, bandAddress,
+    owner, feeRecipient, latestBlock,
+  ] = await Promise.all([
+    readContract({ address: net.blumelend, abi: BLUMELEND_ABI, functionName: 'market', args: [id] }),
+    readContract({ address: net.blumelendOracle, abi: ORACLE_ABI, functionName: 'price', args: [] }),
+    readContract({ address: net.blumelendOracle, abi: ORACLE_ABI, functionName: 'SCALE_FACTOR', args: [] }),
+    readContract({ address: net.blumelendOracle, abi: ORACLE_ABI, functionName: 'MAX_PRICE_AGE', args: [] }),
+    readContract({ address: net.blumelendOracle, abi: ORACLE_ABI, functionName: 'baseSymbol', args: [] }),
+    readContract({ address: net.blumelendOracle, abi: ORACLE_ABI, functionName: 'quoteSymbol', args: [] }),
+    readContract({ address: net.blumelendOracle, abi: ORACLE_ABI, functionName: 'BAND_ORACLE', args: [] }),
+    readContract({ address: net.blumelend, abi: BLUMELEND_ABI, functionName: 'owner', args: [] }),
+    readContract({ address: net.blumelend, abi: BLUMELEND_ABI, functionName: 'feeRecipient', args: [] }),
+    pub.getBlock(),
+  ])
+
+  const refData = await readContract({
+    address: bandAddress, abi: BAND_REF_ABI, functionName: 'getReferenceData',
+    args: [oracleBaseSym, oracleQuoteSym],
+  })
+  // refData = (rate, lastUpdatedBase, lastUpdatedQuote)
+
+  const stalenessSec = Number(latestBlock.timestamp - refData[1])
+  const isFresh = stalenessSec >= 0 && stalenessSec <= Number(oracleMaxAge)
+
+  const tsa = marketRaw[0], tba = marketRaw[2], fee = marketRaw[5]
+  const utilization = tsa === 0n ? 0 : Number((tba * 10000n) / tsa) / 100
+  const bandPriceWad = oracleScale === 0n ? 0n : oraclePrice / oracleScale
+  const xrpUsd = Number(viem.formatUnits(bandPriceWad, 18))
+  const feePct = Number(fee) / 1e18 * 100
+
+  const result = {
+    network: chain,
+    chainId: net.chainId,
+    rpc: net.rpc,
+    explorer: net.explorer,
+    marketId: id,
+    contracts: {
+      BlumeLend: { address: net.blumelend, explorer: `${net.explorer}/address/${net.blumelend}`, sourceVerified: true, verificationNote: 'Blockscout is_partially_verified=true (cancun→shanghai metadata workaround); source IS visible.' },
+      AdaptiveCurveIrm: { address: net.blumelendIrm, explorer: `${net.explorer}/address/${net.blumelendIrm}` },
+      BandOracleAdapter: { address: net.blumelendOracle, explorer: `${net.explorer}/address/${net.blumelendOracle}`, sourceVerified: true },
+      BandStdReferenceProxy: { address: bandAddress, explorer: `${net.explorer}/address/${bandAddress}`, sourceVerified: true },
+      LoanToken: { address: net.lendUsdc, decimals: net.lendUsdcDecimals },
+      Collateral: { address: net.lendCollateral, decimals: 18 },
+    },
+    lineage: {
+      base: 'Morpho Blue',
+      coreSelectorsIdentical: true,
+      callbackRenaming: 'onMorpho* → onBlumeLend*',
+      note: 'Callbacks live on the caller, not on the BlumeLend contract — they are not "missing selectors" in the BlumeLend bytecode.',
+    },
+    oracle: {
+      type: 'band-protocol-std-reference',
+      adapter: net.blumelendOracle,
+      adapterFunction: 'price()',
+      adapterSelector: '0xa035b1fe',
+      upstream: bandAddress,
+      upstreamFunction: 'getReferenceData(string,string)',
+      upstreamSelector: '0x65555bcc',
+      pair: `${oracleBaseSym}/${oracleQuoteSym}`,
+      priceUsd: xrpUsd,
+      maxPriceAgeSec: Number(oracleMaxAge),
+      lastUpdatedBase: Number(refData[1]),
+      currentBlockTimestamp: Number(latestBlock.timestamp),
+      stalenessSec,
+      fresh: isFresh,
+    },
+    market: {
+      pair: 'XRP / USDC',
+      lltvPct: 86,
+      lltvWad: net.lendLltv,
+      protocolFeePct: feePct,
+      protocolFeeMaxPct: 25,
+      totalSupplyAssetsUsdc: viem.formatUnits(tsa, net.lendUsdcDecimals),
+      totalBorrowAssetsUsdc: viem.formatUnits(tba, net.lendUsdcDecimals),
+      utilizationPct: utilization,
+    },
+    governance: {
+      owner,
+      feeRecipient,
+      privileges: ['enableIrm(address)', 'enableLltv(uint256)', 'setFee(MarketParams,uint256) — capped at 25%', 'setFeeRecipient(address)'],
+      cannotDo: ['pause', 'freeze positions', 'modify existing markets', 'upgrade', 'seize user funds'],
+    },
+    commonProbeFailures: [
+      'latestAnswer() (0x50d25bcd) and latestRoundData() (0xfeaf968c) are Chainlink AggregatorV3 selectors. This oracle is Band Protocol — use price() (0xa035b1fe) on the adapter or getReferenceData(string,string) (0x65555bcc) on the upstream.',
+      'Selector 0x8b95dd9b is NOT market(bytes32). The real market(bytes32) selector is 0x5c60e39a — verify with `cast sig "market(bytes32)"`.',
+      'Blockscout is_partially_verified=true means source IS visible (cancun→shanghai metadata workaround), not unverified.',
+      'Callbacks renamed onMorpho* → onBlumeLend* live on the caller, not on the BlumeLend contract.',
+    ],
+  }
+
+  if (isJsonMode()) {
+    console.log(JSON.stringify(result, null, 2))
+    return
+  }
+
+  const freshTag = isFresh ? c.green(`fresh (${stalenessSec}s old, max ${oracleMaxAge}s)`) : c.red(`STALE (${stalenessSec}s old, max ${oracleMaxAge}s)`)
+
+  console.log(`\n  ${c.bold('BlumeLend audit primer')}  ${c.dim(`${chain} · chainId ${net.chainId}`)}`)
+  console.log(`  ─────────────`)
+  console.log(`\n  ${c.bold('Contracts')} (verified on Blockscout — partial verification = source IS visible):`)
+  console.log(`    BlumeLend          ${net.blumelend}`)
+  console.log(`      ${c.dim(net.explorer + '/address/' + net.blumelend)}`)
+  console.log(`    BandOracleAdapter  ${net.blumelendOracle}`)
+  console.log(`      ${c.dim(net.explorer + '/address/' + net.blumelendOracle)}`)
+  console.log(`    Band feed (proxy)  ${bandAddress}`)
+  console.log(`      ${c.dim(net.explorer + '/address/' + bandAddress)}`)
+  console.log(`\n  ${c.bold('Lineage')}: Morpho Blue fork. Core selectors identical. Callbacks renamed onMorpho* → onBlumeLend*.`)
+  console.log(`\n  ${c.bold('Oracle')}: Band Protocol StdReferenceProxy ${c.dim('(NOT Chainlink — see "common probe failures" below)')}`)
+  console.log(`    pair: ${oracleBaseSym}/${oracleQuoteSym}   current: $${xrpUsd.toFixed(4)}   ${freshTag}`)
+  console.log(`\n  ${c.bold('Active market')} ${id.slice(0,10)}…${id.slice(-6)}`)
+  console.log(`    totalSupply:  ${fmtNum(viem.formatUnits(tsa, net.lendUsdcDecimals))} USDC`)
+  console.log(`    totalBorrow:  ${fmtNum(viem.formatUnits(tba, net.lendUsdcDecimals))} USDC`)
+  console.log(`    utilization:  ${utilization.toFixed(2)}%`)
+  console.log(`    LLTV:         86%`)
+  console.log(`    protocol fee: ${feePct.toFixed(2)}%  ${c.dim('(cap 25%)')}`)
+  console.log(`\n  ${c.bold('Governance')}`)
+  console.log(`    owner / feeRecipient: ${owner}`)
+  console.log(`    ${c.dim('privileges: enableIrm, enableLltv, setFee≤25%, setFeeRecipient — cannot pause, freeze, modify, upgrade, or seize.')}`)
+  console.log(`\n  ${c.bold('Common probe failure modes')} ${c.dim("(don't be this agent)")}`)
+  console.log(`    - latestAnswer() / latestRoundData() are Chainlink — this oracle is Band.`)
+  console.log(`    - 0x8b95dd9b is NOT market(bytes32) (real: 0x5c60e39a).`)
+  console.log(`    - is_partially_verified = true means source IS visible.`)
+  console.log(`    - Callbacks renamed onMorpho* → onBlumeLend* live on the caller, not this contract.`)
+  console.log(`\n  ${c.dim('Run with --json for structured output. Full primer: ' + 'https://lend.blumefi.com/skill.md#quick-verify')}`)
+  console.log()
+}
+
+async function cmdLendSupply(amountStr) {
+  if (!amountStr) { console.error(`Usage: blumefi lend supply <amount>`); process.exit(1) }
+  const viem = await loadViem()
+  const net = getNetwork()
+  const assets = viem.parseUnits(String(amountStr), net.lendUsdcDecimals)
+  const { account } = await getWalletClient()
+
+  console.log(`\n  Supplying ${amountStr} USDC...`)
+  await ensureApproval(net.lendUsdc, net.blumelend, assets)
+  const { explorer } = await sendContractTx({
+    to: net.blumelend, abi: BLUMELEND_ABI, functionName: 'supply',
+    args: [lendMarketParams(), assets, 0n, account.address, '0x'],
+  })
+  console.log(`  ${c.green('✓ Supplied')}  ${explorer}`)
+}
+
+async function cmdLendWithdraw(amountStr) {
+  if (!amountStr) { console.error(`Usage: blumefi lend withdraw <amount|all>`); process.exit(1) }
+  const viem = await loadViem()
+  const net = getNetwork()
+  const { account } = await getWalletClient()
+
+  let assets = 0n, shares = 0n, displayAmount = `${amountStr} USDC`
+  if (String(amountStr).toLowerCase() === 'all') {
+    const { position } = await _readLendPosition(account.address)
+    if (position.supplyShares === 0n) { console.error(`  No supply position to withdraw.`); process.exit(1) }
+    shares = position.supplyShares
+    displayAmount = `ALL (${position.supplyShares} shares)`
+  } else {
+    assets = viem.parseUnits(String(amountStr), net.lendUsdcDecimals)
+  }
+
+  console.log(`\n  Withdrawing ${displayAmount}...`)
+  const { explorer } = await sendContractTx({
+    to: net.blumelend, abi: BLUMELEND_ABI, functionName: 'withdraw',
+    args: [lendMarketParams(), assets, shares, account.address, account.address],
+  })
+  console.log(`  ${c.green('✓ Withdrawn')}  ${explorer}`)
+}
+
+async function cmdLendSupplyCollateral(amountStr) {
+  if (!amountStr) { console.error(`Usage: blumefi lend collateral <wxrp_amount>`); process.exit(1) }
+  const viem = await loadViem()
+  const net = getNetwork()
+  const { account } = await getWalletClient()
+  const assets = viem.parseUnits(String(amountStr), 18)
+
+  // Fail early if user needs to wrap XRP first — supplying needs WXRP balance.
+  const balance = await readContract({ address: net.lendCollateral, abi: ERC20_ABI, functionName: 'balanceOf', args: [account.address] })
+  if (balance < assets) {
+    console.error(`\n  Insufficient WXRP balance.`)
+    console.error(`  You have:  ${viem.formatUnits(balance, 18)} WXRP`)
+    console.error(`  Required:  ${amountStr} WXRP`)
+    console.error(`  Wrap XRP to WXRP first via: blumefi swap ${amountStr} XRP WXRP`)
+    process.exit(1)
+  }
+
+  console.log(`\n  Supplying ${amountStr} WXRP as collateral...`)
+  await ensureApproval(net.lendCollateral, net.blumelend, assets)
+  const { explorer } = await sendContractTx({
+    to: net.blumelend, abi: BLUMELEND_ABI, functionName: 'supplyCollateral',
+    args: [lendMarketParams(), assets, account.address, '0x'],
+  })
+  console.log(`  ${c.green('✓ Collateral supplied')}  ${explorer}`)
+}
+
+async function cmdLendWithdrawCollateral(amountStr) {
+  if (!amountStr) { console.error(`Usage: blumefi lend remove-collateral <amount|all>`); process.exit(1) }
+  const viem = await loadViem()
+  const net = getNetwork()
+  const { account } = await getWalletClient()
+
+  let assets, displayAmount
+  if (String(amountStr).toLowerCase() === 'all') {
+    const { position } = await _readLendPosition(account.address)
+    if (position.collateral === 0n) { console.error(`  No collateral to withdraw.`); process.exit(1) }
+    assets = position.collateral
+    displayAmount = `ALL (${viem.formatUnits(position.collateral, 18)} WXRP)`
+  } else {
+    assets = viem.parseUnits(String(amountStr), 18)
+    displayAmount = `${amountStr} WXRP`
+  }
+
+  console.log(`\n  Withdrawing ${displayAmount} collateral...`)
+  const { explorer } = await sendContractTx({
+    to: net.blumelend, abi: BLUMELEND_ABI, functionName: 'withdrawCollateral',
+    args: [lendMarketParams(), assets, account.address, account.address],
+  })
+  console.log(`  ${c.green('✓ Collateral withdrawn')}  ${explorer}`)
+}
+
+async function cmdLendBorrow(amountStr) {
+  if (!amountStr) { console.error(`Usage: blumefi lend borrow <amount>`); process.exit(1) }
+  const viem = await loadViem()
+  const net = getNetwork()
+  const { account } = await getWalletClient()
+  const assets = viem.parseUnits(String(amountStr), net.lendUsdcDecimals)
+
+  console.log(`\n  Borrowing ${amountStr} USDC...`)
+  const { explorer } = await sendContractTx({
+    to: net.blumelend, abi: BLUMELEND_ABI, functionName: 'borrow',
+    args: [lendMarketParams(), assets, 0n, account.address, account.address],
+  })
+  console.log(`  ${c.green('✓ Borrowed')}  ${explorer}`)
+}
+
+async function cmdLendRepay(amountStr) {
+  if (!amountStr) { console.error(`Usage: blumefi lend repay <amount|all>`); process.exit(1) }
+  const viem = await loadViem()
+  const net = getNetwork()
+  const { account } = await getWalletClient()
+
+  let assets = 0n, shares = 0n, displayAmount
+  if (String(amountStr).toLowerCase() === 'all') {
+    const { market, position } = await _readLendPosition(account.address)
+    if (position.borrowShares === 0n) { console.error(`  No debt to repay.`); process.exit(1) }
+    shares = position.borrowShares
+    const owedAssets = _borrowAssets(position.borrowShares, market.tba, market.tbs)
+    // Approve a 2% buffer to absorb interest accrual between read and tx.
+    await ensureApproval(net.lendUsdc, net.blumelend, (owedAssets * 102n) / 100n)
+    displayAmount = `${viem.formatUnits(owedAssets, net.lendUsdcDecimals)} USDC (full debt)`
+  } else {
+    assets = viem.parseUnits(String(amountStr), net.lendUsdcDecimals)
+    await ensureApproval(net.lendUsdc, net.blumelend, assets)
+    displayAmount = `${amountStr} USDC`
+  }
+
+  console.log(`\n  Repaying ${displayAmount}...`)
+  const { explorer } = await sendContractTx({
+    to: net.blumelend, abi: BLUMELEND_ABI, functionName: 'repay',
+    args: [lendMarketParams(), assets, shares, account.address, '0x'],
+  })
+  console.log(`  ${c.green('✓ Repaid')}  ${explorer}`)
 }
 
 // ─── Balance command ─────────────────────────────────────────────────
@@ -1476,13 +2170,16 @@ Pad (Launchpad):
   pad buy <token> <xrp_amount>       Buy tokens with XRP
   pad sell <token> <amount|all>      Sell tokens for XRP
   pad search <query>                 Search tokens by name or symbol
-  pad update-image <token> <url>     Update token image (creator only)
+  pad update-image <token> <file|url> Set Blume listing image (creator; on-chain image is fixed at launch)
 
   Pad Options:
     --filter <active|graduated|all>  Filter tokens (default: all)
     --sort <newest|marketcap|progress|price>  Sort order (default: newest)
     --limit <N>                      Number of tokens (default: 20)
     --watch, -w                      Live dashboard (auto-refresh every 5s)
+    --image-file <path>              Launch: upload a logo (permanent on-chain; recommended)
+    --image-url <url>                Launch: re-host a remote logo to Arweave
+    --no-image                       Launch: no logo (permanent; not recommended)
 
 Swap (DEX):
   swap <amount> <from> <to>        Swap tokens (e.g. swap 1 XRP 0xTOKEN)
@@ -1491,6 +2188,17 @@ Swap (DEX):
   swap add-liquidity <token> <xrp> Add liquidity to a token/XRP pool
   swap remove-liquidity <token> <lp|all>  Remove liquidity from a pool
 
+Lend (Lending markets — XRP/USDC):
+  lend market                          Show market: total supply/borrow, utilization, price
+  lend position [address]              Show position: supplied, collateral, borrowed, HF
+  lend audit                           One-shot chain-of-trust report (contracts, oracle, governance, lineage)
+  lend supply <amount>                 Supply USDC to earn yield
+  lend withdraw <amount|all>           Withdraw supplied USDC
+  lend collateral <amount>             Supply WXRP as collateral (wrap XRP first)
+  lend remove-collateral <amount|all>  Withdraw WXRP collateral
+  lend borrow <amount>                 Borrow USDC against your collateral
+  lend repay <amount|all>              Repay borrowed USDC
+
 Wallet & Account:
   wallet new                       Generate a new wallet
   balance [address]                Show XRP and token balances
@@ -1500,6 +2208,7 @@ Wallet & Account:
 Options:
   --mainnet                        Use mainnet (default)
   --testnet                        Use testnet
+  --json                           Structured output (lend market, lend position, lend audit)
 
 Environment:
   WALLET_PRIVATE_KEY               Private key for signing transactions
@@ -1544,6 +2253,17 @@ async function main() {
       else if (sub === 'add-liquidity' || sub === 'al') await cmdSwapAddLiquidity(args[2], args[3])
       else if (sub === 'remove-liquidity' || sub === 'rl') await cmdSwapRemoveLiquidity(args[2], args[3])
       else await cmdSwap(sub, args[2], args[3]) // swap <amount> <from> <to>
+    } else if (cmd === 'lend' || cmd === 'l') {
+      if (sub === 'position' || sub === 'pos') await cmdLendPosition(args[2])
+      else if (sub === 'market' || sub === 'm') await cmdLendMarket()
+      else if (sub === 'audit' || sub === 'a') await cmdLendAudit()
+      else if (sub === 'supply' || sub === 's') await cmdLendSupply(args[2])
+      else if (sub === 'withdraw' || sub === 'w') await cmdLendWithdraw(args[2])
+      else if (sub === 'collateral' || sub === 'col' || sub === 'c') await cmdLendSupplyCollateral(args[2])
+      else if (sub === 'remove-collateral' || sub === 'rc') await cmdLendWithdrawCollateral(args[2])
+      else if (sub === 'borrow' || sub === 'b') await cmdLendBorrow(args[2])
+      else if (sub === 'repay' || sub === 'r') await cmdLendRepay(args[2])
+      else { console.error(`Unknown: lend ${sub}. Try: position, market, audit, supply, withdraw, collateral, remove-collateral, borrow, repay`); process.exit(1) }
     } else if (cmd === 'wallet' || cmd === 'w') {
       if (!sub || sub === 'new') await cmdWalletNew()
       else { console.error(`Unknown: wallet ${sub}`); process.exit(1) }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "blumefi",
-  "version": "3.0.0",
-  "description": "BlumeFi CLI — Launch tokens, swap, and chat in per-token rooms on the Blume ecosystem (XRPL EVM).",
+  "version": "4.0.0",
+  "description": "BlumeFi CLI — Launch tokens, swap, lend, and chat in per-token rooms on the Blume ecosystem (XRPL EVM).",
   "main": "cli.js",
   "bin": {
     "blumefi": "cli.js"