You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| Token discovery, prices, and market data |[market-data.md](workflows/market-data.md)|
101
+
102
+
## Global Flags
103
+
104
+
Every `mm-dev` command accepts these flags:
105
+
106
+
| Flag | Short | Description |
107
+
| --- | --- | --- |
108
+
|`--format`|`-f`| Output format: `text`, `json`, `yaml`, `toml`, or `toon` (defaults to `text` in TTY, `json` when piped) |
109
+
|`--json`|| Shorthand for `--format=json`|
110
+
|`--toon`|| Shorthand for `--format=toon`|
111
+
|`--verbose`|`-v`| Show debug logs on stderr. Use for troubleshooting |
112
+
113
+
Always use `--toon` for command output unless the user explicitly requests a different format.
93
114
94
115
## Preflight
95
116
@@ -112,12 +133,12 @@ Before constructing any command, validate all user-provided values:
112
133
| Flag | Validation rule |
113
134
| --- | --- |
114
135
|`--to`, `--address`| Must match `^0x[0-9a-fA-F]{40}$`|
115
-
|`--amount`| Must match `^\d+\.?\d*$`. Reject spaces, semicolons, pipes, backticks, or shell metacharacters |
136
+
|`--amount`|Human-readable decimal (e.g. 0.5, 100). Must match `^\d+\.?\d*$`. Reject spaces, semicolons, pipes, backticks, or shell metacharacters |
116
137
|`--chain-id`| Must be a positive integer (`^\d+$`) |
117
138
|`--payload`| Must be valid JSON. No unescaped shell metacharacters outside the JSON structure |
118
139
|`--token`| Must be a valid hex address or known symbol |
119
140
|`--leverage`| Must be a positive integer (`^\d+$`) |
120
-
|`--size`| Must match `^\d+\.?\d*$` and be positive |
141
+
|`--size`|Human-readable decimal (e.g. 0.01, 1). Must match `^\d+\.?\d*$` and be positive |
121
142
|`--venue`| Must be `hyperliquid`|
122
143
|`--side` (perps) | Must be `long` or `short`|
123
144
|`--order-id`| Must be a positive integer (`^\d+$`) |
@@ -127,6 +148,7 @@ Before constructing any command, validate all user-provided values:
127
148
|`--side` (predict) | Must be `buy` or `sell`|
128
149
|`--slippage`| Must be a number between 0 and 100 |
129
150
|`--from-chain`, `--to-chain`| Must be a positive integer EVM chain ID |
151
+
|`--password`| Must be a non-empty string. Never log, display, or store the value. |
130
152
131
153
Do not pass unvalidated user input into any command.
132
154
@@ -144,12 +166,13 @@ Do not pass unvalidated user input into any command.
144
166
| Predict trading | Always confirm token ID, side, size, price, order type, market, and outcome before executing |
145
167
| Predict deposit | Always confirm amount before executing |
146
168
| Cancel-all operations | Always confirm scope and exact destructive effect before executing |
147
-
| Auth / wallet management | May execute without confirmation |
169
+
| Auth / wallet management | May execute without confirmation, except `reset` which requires explicit user confirmation|
148
170
| Read-only queries | May execute without confirmation |
149
171
150
172
### Credential Safety
151
173
152
-
- Never store, log, or display private keys, mnemonics, or auth tokens.
174
+
- Never store, log, or display private keys, mnemonics, passwords, or auth tokens.
175
+
- Never pass `--password` or `--mnemonic` as inline flags. Always instruct the user to set the `MM_PASSWORD` and `MM_MNEMONIC` environment variables instead to avoid exposing secrets in shell history.
153
176
154
177
### Suspicious Content Warnings
155
178
@@ -167,7 +190,7 @@ In server-wallet mode, signing and transaction commands return a `pollingId` ins
167
190
2. If not using `--wait`, inform the user of the `pollingId` and how to track it:
168
191
-`mm-dev wallet requests list`
169
192
-`mm-dev wallet requests watch --polling-id <id>`
170
-
3. In BYOK mode, results are returned immediately.
193
+
3. In BYOK mode, results are returned immediately. If the mnemonic is password-encrypted, the user must set `MM_PASSWORD` environment variable to unlock it for the operation.
|`--wallet`| No | Wallet mode: `server-wallet` or `byok`|
20
-
|`--mode`| No | Trading mode: `safe` or `yolo`|
21
-
|`--mnemonic`| No | Mnemonic for BYOK wallet [env: `MM_MNEMONIC`]|
20
+
|`--mode`| No | Trading mode: `guard` or `beast` (server-wallet only) |
21
+
|`--mnemonic`| No | BIP-39 mnemonic phrase for BYOK wallet. Never pass inline — set `MM_MNEMONIC` env var instead. |
22
+
|`--password`| No | Password to encrypt the BYOK mnemonic at rest. Never pass inline — set `MM_PASSWORD` env var instead. If omitted in interactive mode, the CLI prompts. If omitted in non-interactive mode, mnemonic is stored unencrypted. |
|`--token`| No | Pre-minted CLI token (`cliToken:cliRefreshToken`)[env: `MM_CLI_TOKEN`]|
46
-
|`--timeout`| No |How long to wait for QR / browser callback, in seconds|
47
-
|`--no-wait`| No | Print sign-in URL and exit; finish later with `mm-dev login --token`|
71
+
|`--token`| No | Pre-minted CLI token in `cliToken:cliRefreshToken` format[env: `MM_CLI_TOKEN`]|
72
+
|`--timeout`| No |Seconds to wait for QR or browser callback |
73
+
|`--no-wait`| No | Print the sign-in URL and exit without waiting (for non-interactive/CI use). Not supported with QR login. Complete later with `mm-dev login --token`|
48
74
49
75
### Example
50
76
@@ -121,9 +147,79 @@ This command does not support flags.
121
147
mm-dev reset
122
148
```
123
149
150
+
## `wallet password set` Command
151
+
152
+
Set a password to encrypt the BYOK mnemonic at rest. Only available in BYOK mode when the mnemonic is currently unencrypted.
153
+
154
+
### Syntax
155
+
156
+
```bash
157
+
mm-dev wallet password set [--new <password>]
158
+
```
159
+
160
+
### Supported Flags
161
+
162
+
| Name | Required | Description |
163
+
| --- | --- | --- |
164
+
|`--new`| No | New password. If omitted, the CLI prompts interactively. |
165
+
166
+
### Example
167
+
168
+
```bash
169
+
mm-dev wallet password set
170
+
mm-dev wallet password set --new "mypassword"
171
+
```
172
+
173
+
## `wallet password change` Command
174
+
175
+
Change the BYOK mnemonic encryption password. Only available when the mnemonic is currently encrypted.
|`server-wallet`| Keys hosted by MetaMask infrastructure. Signing and transaction operations may return async job handles. |
129
-
|`byok`| Bring your own local mnemonic. Operation results are returned immediately. |
225
+
|`byok`| Bring your own local mnemonic. Operation results are returned immediately. If the mnemonic is encrypted with a password, the CLI requires `--password` or interactive prompt to unlock before any operation that needs the private key. |
0 commit comments