Skip to Content
WaaP for AgentsCLI Commands

CLI Commands

The waap-cli supports both EVM and Sui chains.

Global Options

--json

Force JSON output on stdout and suppress plaintext progress logs. This is highly recommended for AI agents and scripts parsing the CLI output.

waap-cli whoami --json
# → {"evmWalletAddress":"0x...","suiWalletAddress":"0x..."}

Setting --chain and --rpc globally

To set default chain and RPC for the current session, use chain set command.

Setting chain and RPC globally is useful, as --chain and --rpc flags do not need to be set per each command call.

waap-cli chain set --chain evm:1 --rpc https://eth.llamarpc.com
waap-cli chain set --chain sui:mainnet --rpc https://rpc.sui.io
 
waap-cli chain get   # show current default

signup

Create a new WaaP wallet account and immediately log in. Returns both your EVM and Sui wallet addresses.

waap-cli signup --email youremail+agent007@example.com --password 'S3cur3Pass!'
# optional display name:
waap-cli signup --email youremail+agent007@example.com --password 'S3cur3Pass!' --name "My Agent 007"

Note: To create multiple agent accounts, use different email addresses with the + alias syntax (e.g., “youremail+agent001@example.com”, “youremail+agent002@example.com”, etc.).

Passwords must be 8+ characters. The Sui testnet faucet (faucet.testnet.sui.io) rate-limits aggressively from VPS and cloud IPs — use a browser-based faucet or fund from an exchange if you hit limits.

login

Authenticate with an existing account and save a local session. Returns both your EVM and Sui wallet addresses.

waap-cli login --email youremail+agent007@example.com --password 'S3cur3Pass!'

logout

Delete the local session file.

waap-cli logout

whoami

Print the wallet addresses derived from the current session’s keyshare. The waap-cli securely generates both an EVM and a Sui address from the same underlying keyshare.

waap-cli whoami
# → evmWalletAddress: "0xAbc..."
# → suiWalletAddress: "0xDef..."

session-info

Inspect the raw metadata stored in ~/.waap-cli/session.json.

waap-cli session-info

sign-message

Sign an arbitrary message.

EVM — Signs using EIP-191 (personal_sign format). Accepts plain text or 0x-prefixed hex.

waap-cli sign-message --message "Hello WaaP"
waap-cli sign-message --message 0x48656c6c6f
# bypass 2FA with a privilege:
waap-cli sign-message --message "Hello" --permission-token <encoded-pt>

Sui — Signs using Blake2b hashing. Returns a Base64-encoded signature and message bytes.

waap-cli sign-message --message "Hello Sui" --chain sui:mainnet

sign-typed-data

Sign EIP-712 typed data (eth_signTypedData_v4). Pass the full typed-data object as a JSON string.

waap-cli sign-typed-data --data '{
  "types": {
    "EIP712Domain": [{"name":"name","type":"string"}],
    "Mail": [{"name":"contents","type":"string"}]
  },
  "domain": {"name":"Ether Mail","chainId":1},
  "primaryType": "Mail",
  "message": {"contents":"Hello!"}
}'
 
# bypass 2FA with a privilege:
waap-cli sign-typed-data --data '{...}' --permission-token <encoded-pt>

sign-tx

Sign a transaction and print the result without broadcasting.

EVM — Returns a raw 0x-prefixed hex string ready for eth_sendRawTransaction.

# EIP-1559 (default) — ETH transfer
waap-cli sign-tx \
  --to 0xRecipientAddress \
  --value 0.01 \
  --chain evm:1 \
  --rpc https://eth.llamarpc.com
 
# Specific chain (Base)
waap-cli sign-tx \
  --to 0xRecipientAddress \
  --value 0.001 \
  --chain evm:8453 \
  --rpc https://mainnet.base.org
 
# Legacy (Type 0)
waap-cli sign-tx \
  --to 0xRecipientAddress \
  --value 0.01 \
  --chain evm:1 \
  --legacy

Sui — Returns a Base64-encoded signature and transaction bytes.

# Simple SUI transfer (value in MIST)
waap-cli sign-tx \
  --to 0xRecipientSuiAddress \
  --value 1000 \
  --chain sui:mainnet
 
# Pre-built BCS-encoded transaction bytes
waap-cli sign-tx \
  --tx-bytes "AAABA..." \
  --chain sui:mainnet
 
# JSON-serialized TransactionBlock
waap-cli sign-tx \
  --tx-json '{"version": 1, ...}' \
  --chain sui:testnet

send-tx

Build, sign, and broadcast a transaction in one step.

EVM — Returns a transaction hash.

# ETH transfer on mainnet
waap-cli send-tx \
  --to 0xRecipientAddress \
  --value 0.01 \
  --chain evm:1 \
  --rpc https://eth.llamarpc.com
 
# Transfer on Base
waap-cli send-tx \
  --to 0xRecipientAddress \
  --value 0.001 \
  --chain evm:8453 \
  --rpc https://mainnet.base.org
 
# bypass 2FA with a privilege:
waap-cli send-tx --to 0xRecipient --value 0.01 --chain evm:1 --permission-token <encoded-pt>

Sui — Returns a transaction digest.

# Simple SUI transfer (value in MIST)
waap-cli send-tx \
  --to 0xId \
  --value 1000 \
  --chain sui:mainnet
 
# Pre-built BCS-encoded transaction bytes (Programmable Transaction Blocks)
# You can generate this using the official MystenLabs `sui` CLI:
RAW_TX_BYTES=$(sui client ptb \
  --assign coin @gas \
  --transfer-objects "[coin]" 0xRecipientSuiAddress \
  --serialize-unsigned-transaction)
 
waap-cli send-tx \
  --tx-bytes "$RAW_TX_BYTES" \
  --chain sui:mainnet
 
# JSON-serialized TransactionBlock
waap-cli send-tx \
  --tx-json '<json-string>' \
  --chain sui:testnet

chain get

Show the current default chain and RPC settings.

waap-cli chain get
# → {"chain":"evm:1","rpc":"https://..."}

chain set

Set the default chain and/or RPC for the current session.

# Set default chain to Sui Mainnet
waap-cli chain set sui:mainnet
 
# Set default EVM chain to Polygon with a custom RPC
waap-cli chain set evm:137 --rpc https://polygon-rpc.com

request

Generic EIP-1193 JSON-RPC interface. Takes optional params as a JSON array string.

# Get wallet address
waap-cli request eth_accounts
 
# Get chain ID
waap-cli request eth_chainId
 
# Get ETH balance
waap-cli request eth_getBalance '["0xYourAddress","latest"]' --chain evm:1 --rpc https://eth.llamarpc.com
 
# Sign a message (personal_sign)
waap-cli request personal_sign '["0x48656c6c6f20576161502021","0xYourAddress"]'
 
# EIP-712 typed data sign
waap-cli request eth_signTypedData_v4 '["0xYourAddress","{\"types\":{...},\"domain\":{...},\"primaryType\":\"Mail\",\"message\":{...}}"]'
 
# Send transaction via EIP-1193
waap-cli request eth_sendTransaction \
  '[{"from":"0xYourAddress","to":"0xRecipient","value":"0x2386F26FC10000","chainId":"0x1"}]' \
  --chain evm:1 --rpc https://eth.llamarpc.com

policy get

Show current wallet policy settings.

waap-cli policy get
# →
# Policy Settings:
#    2FA Method:        EMAIL_AUTHZ
#    Daily Spend Limit: $100
#    Min Risk for 2FA:  HighWarn

The output includes three fields:

  • 2FA Method — Current authorization method: EMAIL_AUTHZ, PHONE_AUTHZ, EXTERNAL_WALLET_AUTHZ, or DISABLED.
  • Daily Spend Limit — Cumulative USD cap per calendar day (default: $5,000, max: $10,000).
  • Min Risk for 2FA — The risk threshold at which 2FA is triggered (default: HighWarn). See Risk Levels.

policy set

Update wallet policy settings. Currently supports --daily-spend-limit.

# Set daily spend limit to $500 (requires 2FA approval if enabled)
waap-cli policy set --daily-spend-limit 500

Valid range: 0–10,000 USD. The limit is floored to the nearest integer.

2fa status

View the current Two-Factor Authentication method configured for the wallet.

waap-cli 2fa status

2fa enable

Enable 2FA using email, phone, Telegram, or an external hardware wallet.

# Email 2FA — a verification link is sent to the provided address
waap-cli 2fa enable --email agent@example.com
 
# Phone 2FA
waap-cli 2fa enable --phone "+1234567890"
 
# Telegram 2FA
waap-cli 2fa enable --telegram 7381029636
 
# External wallet (hardware wallet) 2FA
waap-cli 2fa enable --wallet 0xHardwareWalletAddress

If an existing 2FA method is already active, enabling a new one is a 2-step flow:

  1. approve with your current method, then
  2. verify the new method.

2fa disable

Disable 2FA, allowing autonomous signing without out-of-band approval.

waap-cli 2fa disable

Disabling 2FA requires approval from the currently-configured 2FA method before taking effect.

Last updated on
OverviewApprovals & Notifications