diff --git a/.gitignore b/.gitignore
index 54175c1f..7739f925 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+.claude/settings.local.json 
 .DS_Store
 build
 out
@@ -11,4 +12,24 @@ src/gen
 tools
 src/main/resources/static/js/tronjs/tron-protoc.js
 logs
+docs
+!docs/
+!docs/standard-cli-contract-spec.md
 FileTest
+bin
+
+# Wallet keystore files created at runtime
+Wallet/
+Mnemonic/
+wallet_data/
+
+# QA runtime output
+qa/results/
+qa/runtime/
+qa/report.txt
+qa/.verify.lock/
+
+# claude
+.claude/
+
+.private/
diff --git a/CLAUDE.md b/CLAUDE.md
new file mode 100644
index 00000000..67bc9fcb
--- /dev/null
+++ b/CLAUDE.md
@@ -0,0 +1,124 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Build & Run
+
+```bash
+# Build the project (generates protobuf sources into src/main/gen/)
+./gradlew build
+
+# Build fat JAR (output: build/libs/wallet-cli.jar)
+./gradlew shadowJar
+
+# Run in REPL 交互模式 (human-friendly, interactive prompts)
+./gradlew run
+# Or after building: java -jar build/libs/wallet-cli.jar
+
+# Run in standard CLI mode (non-interactive, scriptable)
+java -jar build/libs/wallet-cli.jar --network nile get-account --address TXyz...
+java -jar build/libs/wallet-cli.jar --output json --network nile get-account --address TXyz...
+
+# Run tests
+./gradlew test
+
+# Run a single test class
+./gradlew test --tests "org.tron.keystore.StringUtilsTest"
+
+# Clean (also removes src/main/gen/)
+./gradlew clean
+```
+
+Java 8 source/target compatibility. Protobuf sources are in `src/main/protos/` and generate into `src/main/gen/` — this directory is git-tracked but rebuilt on `clean`.
+
+## QA Verification
+
+The `qa/` directory contains shell-based parity tests that compare interactive REPL output vs standard CLI (text and JSON modes). Requires a funded Nile testnet account.
+
+```bash
+# Run QA verification (needs TRON_TEST_PRIVATE_KEY env var for private key)
+TRON_TEST_PRIVATE_KEY=<nile-private-key> bash qa/run.sh verify
+
+# QA config is in qa/config.sh; test commands are in qa/commands/*.sh
+# MASTER_PASSWORD env var is used for keystore auto-login (default: testpassword123A)
+```
+
+## Architecture
+
+This is a **TRON blockchain CLI wallet** built on the [Trident SDK](https://github.com/tronprotocol/trident). It communicates with TRON nodes via gRPC.
+
+### Two CLI Modes
+
+1. **REPL 交互模式** (human-friendly) — `Client` class with JCommander `@Parameters` inner classes. Entry point: `org.tron.walletcli.Client`. Features tab completion, interactive prompts, and conversational output. This is the largest file (~4700 lines). Best for manual exploration and day-to-day wallet management by humans.
+2. **Standard CLI 模式** (AI-agent-friendly) — `StandardCliRunner` with `CommandRegistry`/`CommandDefinition` pattern in `org.tron.walletcli.cli.*`. Supports `--output json`, `--network`, `--quiet` flags. Commands are registered in `cli/commands/` classes (e.g., `WalletCommands`, `TransactionCommands`, `QueryCommands`). Designed for automation: deterministic exit codes, structured JSON output, no interactive prompts, and env-var-based authentication — ideal for AI agents, scripts, and CI/CD pipelines.
+
+The standard CLI suppresses all stray stdout/stderr in JSON mode to ensure machine-parseable output. Authentication is automatic via `MASTER_PASSWORD` env var + keystore files in `Wallet/`.
+
+### Standard CLI Contract
+
+Before changing parser behavior, auth flow, JSON output, command success/failure semantics, or `qa/` expectations for
+the standard CLI, read:
+
+- `docs/standard-cli-contract-spec.md`
+
+Treat that file as the source of truth for the standard CLI contract unless the repository owner explicitly decides to
+revise it.
+
+### Request Flow
+
+```
+# Standard CLI mode:
+User Input → GlobalOptions → StandardCliRunner → CommandRegistry → CommandHandler → WalletApiWrapper → WalletApi → Trident SDK → gRPC → TRON Node
+
+# Interactive REPL mode:
+User Input → Client (JCommander) → WalletApiWrapper → WalletApi → Trident SDK → gRPC → TRON Node
+```
+
+### Key Classes
+
+- **`org.tron.walletcli.Client`** — Legacy REPL entry point and CLI command dispatcher. Each command is a JCommander `@Parameters` inner class.
+- **`org.tron.walletcli.cli.StandardCliRunner`** — New standard CLI executor. Handles network init, auto-authentication, JSON stream suppression, and command dispatch.
+- **`org.tron.walletcli.cli.CommandRegistry`** — Maps command names/aliases to `CommandDefinition` instances. Supports fuzzy suggestion on typos.
+- **`org.tron.walletcli.cli.CommandDefinition`** — Immutable command metadata (name, aliases, options, handler). Built via fluent `Builder` API.
+- **`org.tron.walletcli.cli.OutputFormatter`** — Formats output as text or JSON. In JSON mode, wraps results in `{"success":true,"data":...}` envelope.
+- **`org.tron.walletcli.WalletApiWrapper`** — Orchestration layer between CLI and core wallet logic. Handles transaction construction, signing, and broadcasting.
+- **`org.tron.walletserver.WalletApi`** — Core wallet operations: account management, transaction creation, proposals, asset operations. Delegates gRPC calls to Trident.
+- **`org.tron.walletcli.ApiClientFactory`** — Creates gRPC client instances for different networks (mainnet, Nile testnet, Shasta testnet, custom).
+
+### Adding a New Standard CLI Command
+
+1. Create or extend a class in `cli/commands/` (e.g., `TransactionCommands.java`)
+2. Build a `CommandDefinition` via `CommandDefinition.builder()` with name, aliases, options, and handler
+3. Register it in the appropriate `register(CommandRegistry)` method
+4. The handler receives `(ParsedOptions, WalletApiWrapper, OutputFormatter)` — use `formatter.success()/error()` for output
+
+### Package Organization
+
+| Package | Purpose |
+|---------|---------|
+| `walletcli` | CLI entry points, API wrapper |
+| `walletcli.cli` | Standard CLI framework: registry, definitions, options, formatter |
+| `walletcli.cli.commands` | Standard CLI command implementations by domain |
+| `walletserver` | Core wallet API and gRPC communication |
+| `common` | Crypto utilities, encoding, enums, shared helpers |
+| `core` | Configuration, data converters, DAOs, exceptions, managers |
+| `keystore` | Wallet file encryption/decryption, key management |
+| `ledger` | Ledger hardware wallet integration via HID |
+| `mnemonic` | BIP39 mnemonic seed phrase support |
+| `multi` | Multi-signature transaction handling |
+| `gasfree` | GasFree transaction API (transfer tokens without gas) |
+
+### Configuration
+
+- **Network config:** `src/main/resources/config.conf` (HOCON format via Typesafe Config)
+- **Logging:** `src/main/resources/logback.xml` (Logback, INFO level console + rolling file)
+- **Lombok:** `lombok.config` — uses `logger` as the log field name (not the default `log`)
+
+### Key Frameworks & Libraries
+
+- **Trident SDK 0.10.0** — All gRPC API calls to TRON nodes
+- **JCommander 1.82** — CLI argument parsing (REPL 交互模式)
+- **JLine 3.25.0** — Interactive terminal/readline
+- **BouncyCastle** — Cryptographic operations
+- **Protobuf 3.25.5 / gRPC 1.60.0** — Protocol definitions and transport
+- **Lombok** — `@Getter`, `@Setter`, `@Slf4j` etc. (annotation processing)
diff --git a/build.gradle b/build.gradle
index ff2c8514..db4aac2d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -130,6 +130,10 @@ protobuf {
     }
 }
 
+tasks.named("processResources") {
+    dependsOn tasks.named("generateProto")
+}
+
 clean.doFirst {
     delete "src/main/gen"
 }
@@ -146,3 +150,10 @@ shadowJar {
     version = null
     mergeServiceFiles() //  https://github.com/grpc/grpc-java/issues/10853
 }
+
+task qaRun(type: JavaExec) {
+    classpath = sourceSets.main.runtimeClasspath
+    mainClass = 'org.tron.qa.QARunner'
+    args = project.hasProperty('qaArgs') ? project.property('qaArgs').split(' ') : ['list']
+    standardInput = System.in
+}
diff --git a/docs/standard-cli-contract-spec.md b/docs/standard-cli-contract-spec.md
new file mode 100644
index 00000000..8ef0ca9d
--- /dev/null
+++ b/docs/standard-cli-contract-spec.md
@@ -0,0 +1,964 @@
+# Standard CLI Contract Spec
+
+This document defines the intended contract for the standard CLI path under `org.tron.walletcli.cli.*`.
+When changing parser behavior, command execution, machine-readable output, authentication, or QA coverage,
+follow this spec unless the repository owner explicitly decides to revise it.
+
+## Scope
+
+This spec applies to:
+
+- `GlobalOptions`
+- `StandardCliRunner`
+- `CommandDefinition` / `ParsedOptions`
+- `OutputFormatter`
+- `cli/commands/*`
+- `WalletApiWrapper` behavior as exposed through the standard CLI
+- `qa/` verification for the standard CLI
+
+This spec does not require the legacy REPL path in `Client` to match the same UX or parsing behavior exactly.
+
+## Design Goals
+
+The standard CLI is intended to be:
+
+- deterministic
+- scriptable
+- machine-readable in JSON mode
+- strict about malformed input
+- explicit about authentication behavior
+
+The standard CLI should not rely on "best effort" guessing for ambiguous user input.
+
+## Request Flow
+
+The standard CLI request flow is:
+
+1. Parse global options
+2. Resolve the command name
+3. Parse command-local options
+4. Apply runner-level setup such as network and auth policy
+5. Execute the command handler
+6. Emit a single structured success or error outcome
+
+## Option Layering
+
+The standard CLI has two distinct option layers:
+
+- global options
+- command-local options
+
+### Global Options
+
+Global options affect the overall execution environment before the command is known.
+
+Examples:
+
+- output mode
+- network selection
+- wallet override
+- grpc endpoint override
+- quiet / verbose behavior
+- global help / version handling
+
+Global options are parsed by `GlobalOptions.parse(String[] args)`.
+
+### Command-Local Options
+
+Command-local options belong to a specific command and are meaningful only after the command has been resolved.
+
+Examples:
+
+- `get-balance --address T...`
+- `send-coin --to T... --amount 1`
+- `trigger-constant-contract --contract T... --method "balanceOf(address)"`
+
+Command-local options are parsed by `CommandDefinition.parseArgs(String[] args)`.
+
+### Layer Boundary
+
+- global options configure how the CLI run is executed
+- command-local options configure what the chosen command does
+- global parsing happens first
+- command-local parsing happens only after the command token is known
+- a token must not be interpreted as both a global option and a command-local option in the same pass
+
+## Contract 1: Global Option Parsing
+
+`GlobalOptions.parse(String[] args)` is responsible only for parsing options that affect the whole run before
+the command is known.
+
+### Parsing Model
+
+Global option parsing is a left-to-right first-pass scan.
+
+The parser consumes tokens until one of these happens:
+
+1. it reaches the first command token
+2. it reaches the end of input
+3. it encounters a malformed global option and fails with a usage error
+
+This pass is intentionally narrow. It must not inspect or reinterpret command-local options.
+
+### Supported Syntax
+
+Supported global options are:
+
+- valueless flags:
+  - `--interactive`
+  - `--help`
+  - `-h`
+  - `--version`
+  - `--quiet`
+  - `--verbose`
+- valued options:
+  - `--output <text|json>`
+  - `--network <main|nile|shasta|custom>`
+  - `--wallet <value>`
+  - `--grpc-endpoint <value>`
+
+Long options may be provided in either of these equivalent forms when the option accepts a value:
+
+- `--name value`
+- `--name=value`
+
+For Contract 1, this applies to valued global options only.
+
+### Boundary Rules
+
+- Global options are only recognized before the command token.
+- The first token before command resolution that does not begin with `-` is the command token.
+- The command token is normalized to lowercase for registry lookup.
+- After the command token is found, all remaining tokens are passed through unchanged as command arguments.
+- Tokens after the command token are never reinterpreted as global options, even if they look like global flags.
+
+Examples:
+
+- `wallet-cli --output json --network nile get-balance --address T...`
+  - global options: `--output json`, `--network nile`
+  - command: `get-balance`
+  - command args: `--address T...`
+- `wallet-cli --output=json --network=nile get-balance --address T...`
+  - global options: `--output=json`, `--network=nile`
+  - command: `get-balance`
+  - command args: `--address T...`
+- `wallet-cli get-balance --network nile`
+  - command: `get-balance`
+  - command args: `--network nile`
+  - `--network` is not treated as a global option because it appears after the command token
+- `wallet-cli get-balance --network=nile`
+  - command: `get-balance`
+  - command args: `--network=nile`
+  - `--network=nile` is not treated as a global option because it appears after the command token
+
+### No-Command Cases
+
+The global parser may produce no command token when the invocation is global-only, such as:
+
+- `wallet-cli --help`
+- `wallet-cli -h`
+- `wallet-cli --version`
+- `wallet-cli --interactive`
+
+In those cases, the parser succeeds and leaves handling to the runner / entrypoint.
+
+If no command is present and the invocation is not a supported global-only mode, the runner should treat that as a
+usage error.
+
+### Help Flag Semantics
+
+`--help` and `-h` are reserved for help behavior.
+
+Rules:
+
+- before the command token, `--help` and `-h` request global help
+- after the command token, `--help` and `-h` are passed through for command help handling
+- `-h` is not available for unrelated global short-option meanings
+- the global parser must not reinterpret `-h` as a command token
+- standard CLI commands should treat trailing `--help` and `-h` as command-help requests, not as normal business
+  options
+
+Examples:
+
+- `wallet-cli -h`
+  - global help
+- `wallet-cli --help`
+  - global help
+- `wallet-cli get-balance -h`
+  - `get-balance` command help
+- `wallet-cli get-balance --help`
+  - `get-balance` command help
+
+### Error Rules
+
+The following are usage errors at the global parsing layer:
+
+- unknown global option before the command token
+- missing value for a valued global option
+- invalid value for a constrained global option
+- malformed global syntax before the command token
+
+Specific expectations:
+
+- `--outputt json get-balance`
+  - usage error: unknown global option `--outputt`
+- `--outputt=json get-balance`
+  - usage error: unknown global option `--outputt`
+- `--network get-balance`
+  - usage error: invalid value for `--network`
+- `--network=get-balance`
+  - usage error: invalid value for `--network`
+- `--network --output json`
+  - usage error: missing value for `--network`
+- `--grpc-endpoint`
+  - usage error: missing value for `--grpc-endpoint`
+- `--output=`
+  - usage error: missing or empty value for `--output`
+- `--quiet=true`
+  - usage error: option `--quiet` does not take a value
+
+Error classification for valued global options:
+
+- if the next token does not exist: missing value
+- if the next token is another long option token such as `--output`: missing value
+- if the next token exists but is not allowed for a constrained option: invalid value
+- if the option is provided as `--name=` with an empty value: missing or empty value
+- if a valueless flag is provided as `--flag=value`: option does not take a value
+
+### Valued Option Rules
+
+For valued global options:
+
+- the value may be the next token or may be provided inline as `--name=value`
+- the value must not itself be another long option token such as `--output`
+- constrained options must validate their allowed values during global parsing, not later
+
+For valueless global flags:
+
+- the presence of the flag means `true`
+- `--flag=value` is not allowed
+- `--flag=` is not allowed
+
+Examples:
+
+- `--output=json` is valid
+- `--network=nile` is valid
+- `--wallet=/tmp/keystore.json` is valid
+- `--output=` is invalid
+- `--quiet=true` is invalid
+
+For now, the standard CLI contract does not require support for:
+
+- combined short flags
+- `--` as a special end-of-options sentinel
+
+These may be added later only if the spec is updated explicitly.
+
+### Global and Command Parser Consistency
+
+The standard CLI should not support `--name=value` in one parsing layer but reject it in the other.
+
+If long-option inline-value syntax is supported for global parsing, it should also be supported consistently for
+command-local parsing where the command option accepts a value.
+
+### Value-Detection Heuristic
+
+The global parser and command parser use intentionally different heuristics to detect whether the next token is a
+missing value or a legitimate option value:
+
+- the global parser treats any token starting with `-` as a non-value token (rejects `-anything` as a value)
+- the command parser treats only tokens starting with `--` as a non-value token (allows `-anything` as a value)
+
+This difference is deliberate. Command-local options include numeric types (`LONG`) where negative values such as
+`-5` are legitimate. Global valued options (`--output`, `--network`, `--wallet`, `--grpc-endpoint`) never accept
+negative numbers or dash-prefixed values, so the stricter heuristic is safe and catches more user errors early.
+
+### Repetition Rules
+
+Repeated global options must behave deterministically.
+
+- repeated valued global options are a usage error
+  - example: `--network nile --network main` is an error
+  - example: `--output json --output text` is an error
+  - example: `--wallet a.json --wallet b.json` is an error
+- repeated boolean flags are idempotent when they do not conflict
+  - example: `--verbose --verbose` is equivalent to `--verbose`
+- conflicting boolean flags are a usage error
+  - example: `--quiet --verbose` is an error
+
+### Explicit Non-Goals
+
+- Do not silently reinterpret unknown global options as command arguments.
+- Do not allow a malformed global option to fall through into downstream command execution errors.
+- Do not support "guessing" whether a token was meant to be a global option or a command option.
+- Do not let downstream command parsing decide whether a pre-command token was a valid global option.
+
+## Contract 2: Command Option Parsing
+
+`CommandDefinition.parseArgs(String[] args)` parses only command-local options using the schema declared by the
+command definition.
+
+### Scope
+
+`CommandDefinition.parseArgs(String[] args)` is responsible only for command-local syntax parsing.
+
+It is responsible for:
+
+- recognizing declared command options
+- extracting option values
+- performing parser-level validation of token shape and option syntax
+- producing `ParsedOptions`
+
+It is not responsible for:
+
+- global option parsing
+- auth, network, or output-mode policy
+- command execution
+- domain validation beyond parser-level type and shape checks
+
+### Supported Syntax
+
+Command-local options should support:
+
+- `--name value`
+- `--name=value`
+- boolean options as valueless flags, such as `--multi`
+- boolean options with explicit values:
+  - `--multi=true`
+  - `--multi=false`
+  - `--multi=1`
+  - `--multi=0`
+  - `--multi=yes`
+  - `--multi=no`
+- `-m` only for commands that explicitly declare the `multi` option
+
+Command-local parsing does not support:
+
+- arbitrary short-option aliases
+- combined short flags
+- positional arguments
+- unknown short flags
+
+### Boundary Rules
+
+- command parsing starts only after the runner has already resolved the command token
+- command parsing operates only on command arguments
+- command parsing does not reinterpret tokens as global options
+- command parsing does not guess whether a token was intended as a global option
+- if the runner reserves `--help` or `-h` for command-help handling, those tokens should not be treated as normal
+  business options by generic command parsing
+- unexpected bare tokens are usage errors unless positional arguments are explicitly introduced by a future spec
+
+### Error Rules
+
+The following are usage errors at the command parsing layer:
+
+- unknown command option
+- non-boolean option missing value
+- non-boolean option empty value
+- boolean option with an invalid explicit value
+- option provided in an unsupported form
+- option that does not take a value being provided as `--name=value`
+- empty option name such as `--`
+- unexpected bare token
+
+Specific expectations:
+
+- a non-boolean option must never fall back to `"true"` when its value is missing
+- malformed input should fail in the parser layer, not later during command execution
+- `--contract --method balanceOf(address)` must fail as a parser usage error
+- `--contract=` must fail as a parser usage error
+- `--multi=maybe` must fail as a parser usage error
+
+### Repetition Rules
+
+Repeated command options must behave deterministically and strictly.
+
+- repeated valued options are a usage error
+- repeated boolean options with the same effective meaning are idempotent
+- repeated boolean options with conflicting explicit values are a usage error
+
+Examples:
+
+- `--amount 1 --amount 2`
+  - usage error
+- `--multi --multi`
+  - valid, equivalent to `--multi`
+- `--multi=true --multi=false`
+  - usage error
+
+### Parser vs Semantic Validation
+
+Parser-level validation and semantic validation are distinct.
+
+Parser-level validation is responsible for:
+
+- whether an option name exists
+- whether an option requires a value
+- whether a token is in a supported parser form
+- whether a boolean literal is valid
+- whether the basic shape of the argument list is valid
+
+Semantic validation is responsible for:
+
+- address validity
+- numeric range checks
+- command-specific business rules
+- relationships between multiple options that depend on command semantics
+
+Examples:
+
+- `--contract --method balanceOf(address)`
+  - parser error
+- `--contract=`
+  - parser error
+- `--address abc`
+  - semantic validation error unless a stricter command-specific parser rule is added
+- malformed vote counts or domain-specific numeric constraints
+  - semantic or command-specific pre-execution validation
+
+Command-specific validation that runs immediately after parsing may still surface as `usage_error` when the problem
+is malformed user input rather than runtime execution failure.
+
+### Rationale
+
+This contract prevents malformed input such as `--contract --method balanceOf(address)` from being treated as
+`contract=true` and then failing later with a misleading execution error.
+
+## Contract 3: Authentication Policy
+
+`StandardCliRunner` controls whether automatic authentication is attempted for a command.
+
+### Rules
+
+- Auto-auth is a runner policy decision, not a side effect of arbitrary wrapper calls.
+- Commands that do not require a logged-in wallet must not fail purely because wallet auto-auth setup is absent.
+- Commands that require a wallet should authenticate deterministically or fail with an explicit execution error.
+- `--wallet` must be honored as an explicit override even if the local `Wallet/` directory is absent or empty.
+- Authentication skip conditions should be surfaced as text-mode info messages when appropriate.
+
+### Policy Shape
+
+Each command should have one clear auth policy:
+
+- never auto-auth
+- require auto-auth
+- conditional auto-auth based on specific options
+
+Avoid ad hoc checks spread across handlers.
+
+### Decision Point
+
+Auth policy is resolved only after:
+
+1. global options have been parsed
+2. the command has been resolved
+3. command-local options have been parsed
+
+The runner then decides whether the command instance for this invocation is:
+
+- `NEVER`
+- `REQUIRE`
+
+If a command has conditional auth behavior, that condition must be evaluated from parsed command options and must
+resolve deterministically to either `NEVER` or `REQUIRE` before handler execution begins.
+
+### Policy Semantics
+
+`NEVER` means:
+
+- the runner must not attempt wallet discovery
+- the runner must not read active-wallet state for authentication
+- the runner must not load or decrypt a keystore for authentication
+- the runner must not require `MASTER_PASSWORD`
+- the command must be allowed to execute even if wallet auth setup is absent or broken
+
+`REQUIRE` means:
+
+- the runner must resolve an authentication target before handler execution
+- the runner must successfully complete keystore loading and password verification before handler execution
+- if authentication cannot be completed, the handler must not run
+- failure to authenticate is an execution error, not a silent skip
+
+### Resolution Order
+
+When auth policy resolves to `REQUIRE`, the runner must resolve the target wallet in this order:
+
+1. explicit `--wallet` override
+2. active wallet selection
+
+`--wallet` is authoritative for that invocation and takes precedence over active-wallet state.
+
+### `--wallet` Override Rules
+
+When `--wallet` is present, the runner must try to resolve it as:
+
+1. an explicit filesystem path
+2. a file entry under local `Wallet/`
+3. a wallet name
+
+Specific rules:
+
+- an explicit filesystem path must be honored even if the local `Wallet/` directory does not exist
+- `--wallet` must not be ignored merely because the current working directory has no keystore directory
+- if `--wallet` is ambiguous or does not resolve to a keystore, the command must fail with an explicit execution error
+
+### Active Wallet Rules
+
+If `--wallet` is absent and auth policy resolves to `REQUIRE`, active-wallet resolution is authoritative.
+
+Rules:
+
+- unreadable or malformed active-wallet state must not be silently treated as "unset"
+- an active wallet pointing to a missing keystore must not silently fall back to another wallet
+- wallet-required commands must fail explicitly when the selected active wallet cannot be used
+
+For commands whose auth policy resolves to `NEVER`, active-wallet problems must not block execution.
+
+Commands whose purpose is wallet inspection or recovery may intentionally use a more lenient read of active-wallet
+state, but that behavior must be explicit in command design rather than an accidental side effect of runner auth.
+
+### Skip vs Fail
+
+For invocations whose resolved auth policy is `NEVER`:
+
+- auth may be skipped without error
+- text-mode info messages may explain why auth was skipped
+- JSON mode does not need to surface skip info as a top-level result
+- the runner may still pass through the already-parsed global `--wallet` value as an explicit target selector for
+  command-specific business logic, as long as that does not trigger runner-managed authentication semantics
+
+For invocations whose resolved auth policy is `REQUIRE`:
+
+- missing wallet directory is an execution error unless an explicit `--wallet` path resolves successfully
+- missing keystore is an execution error
+- missing `MASTER_PASSWORD` is an execution error
+- invalid password is an execution error
+- unreadable wallet metadata or keystore content is an execution error
+- the standard CLI must not fall back to interactive password prompts, wallet-selection prompts, permission prompts,
+  confirmation prompts, or other interactive auth flows
+- "skip auto-login and let the handler fail later" is not allowed
+
+### Handler Boundary
+
+- handlers must not re-decide runner auth policy ad hoc
+- handlers may still perform command-specific checks about whether a logged-in wallet is acceptable for the requested
+  operation
+- handlers must be able to rely on the runner guarantee that `REQUIRE` commands either start authenticated or do not
+  start at all
+- when a `NEVER` command intentionally uses global `--wallet` as a business-level target selector, that behavior
+  must be explicit in command design and must not implicitly fall back into runner-style auth or `MASTER_PASSWORD`
+  requirements
+
+### Standard CLI vs REPL
+
+This contract applies only to the standard CLI path.
+
+Rules:
+
+- changes made to satisfy this auth contract must not silently change legacy REPL auth behavior
+- REPL prompt flow, password prompting, and legacy interactive recovery behavior remain separate compatibility concerns
+- if standard CLI needs stricter auth handling than the REPL, isolate that behavior in `StandardCliRunner` or other
+  standard-CLI-only code paths rather than changing shared legacy behavior by accident
+
+## Contract 4: Result and Error Model
+
+The standard CLI must have one clear source of truth for success, failure, and exit code behavior.
+
+### Rules
+
+- Usage mistakes map to a usage error and exit code `2`.
+- Execution failures map to an execution error and exit code `1`.
+- Success maps to exit code `0`.
+- A command must not report success if the underlying operation merely printed a warning and returned early.
+- The standard CLI path must not depend on legacy direct `System.out.println(...)` calls to signal success or failure.
+
+### Recommended Responsibility Split
+
+- Command handlers decide the public CLI outcome.
+- `WalletApiWrapper` should return structured results or throw explicit exceptions for failure cases.
+- `OutputFormatter` is the only place that should emit standard CLI envelopes and terminal-facing error formatting.
+
+### Outcome Ownership
+
+For the standard CLI path, the public outcome of a command is determined by the standard CLI layer, not by legacy
+printing side effects.
+
+Rules:
+
+- a command invocation must end in exactly one public outcome:
+  - success
+  - usage error
+  - execution error
+- a handler must not rely on legacy stdout/stderr text to imply success
+- a handler must not report success merely because no exception was thrown
+- if an underlying operation returns early, reports failure, or leaves the command without a real result, the handler
+  must map that to a non-success outcome
+
+### Usage Error vs Execution Error
+
+`usage_error` covers malformed CLI input, including:
+
+- invalid option syntax
+- missing required arguments
+- parser-level invalid values
+- command-specific malformed user input detected before execution
+
+`execution_error` covers failures after the invocation is otherwise well-formed, including:
+
+- authentication failure
+- keystore resolution or loading failure
+- RPC or network failure
+- chain rejection
+- wrapper-level operational failure
+- command execution that cannot produce the promised result
+
+The standard CLI must prefer early `usage_error` classification for malformed input rather than letting parser problems
+leak into downstream execution failures.
+
+### Single-Outcome Rule
+
+The standard CLI invocation model is single-outcome.
+
+Rules:
+
+- one invocation must not emit multiple competing terminal outcomes
+- once a command has emitted a terminal success or error outcome, no later layer should reinterpret that invocation
+- handlers must not emit success and then continue into a later failure path
+- if a handler returns without establishing a valid outcome for the requested operation, that is a standard CLI
+  contract violation and should surface as an execution error rather than silent success
+
+### Legacy Integration Boundary
+
+The standard CLI may call shared legacy layers such as `WalletApiWrapper`, but legacy behavior is not the public
+result contract for the standard CLI.
+
+Rules:
+
+- direct prints from shared legacy code are compatibility details, not the standard CLI source of truth
+- if a shared wrapper method only prints warnings or status text, the standard CLI must not treat that as sufficient
+  success signaling
+- if a shared wrapper method cannot express failure cleanly enough for the standard CLI contract, the standard CLI
+  should adapt it explicitly rather than inheriting ambiguous behavior
+
+### Additive Change Preference
+
+Because `WalletApiWrapper` and related utilities are shared with the legacy REPL path, changes to shared layers should
+prefer additive evolution.
+
+Rules:
+
+- prefer adding new structured return paths, helper methods, adapters, or standard-CLI-specific wrappers
+- avoid silently changing the meaning of existing shared methods that the REPL already depends on
+- do not require an immediate rewrite of legacy REPL-oriented wrapper behavior just to satisfy the standard CLI
+  contract
+- if a non-additive shared-layer change becomes necessary, it must be evaluated explicitly for REPL compatibility and
+  called out in the spec or PR discussion
+
+### Standard CLI vs REPL
+
+This result contract applies to the standard CLI public surface.
+
+Rules:
+
+- tightening result semantics for the standard CLI must not silently change legacy REPL success/failure behavior
+- if stricter standard CLI outcome handling is needed, isolate that logic in handlers, adapters, runner code, or
+  formatter-controlled paths before changing shared REPL behavior
+
+## Contract 5: Machine-Readable Output
+
+JSON mode exists to provide a stable machine-readable contract.
+
+### Rules
+
+- JSON mode must emit one structured success envelope or one structured error envelope.
+- Commands participating in standard CLI mode must not bypass `OutputFormatter` for their public result.
+- Stray legacy stdout/stderr may be suppressed in JSON mode, but this is only a containment mechanism, not the
+  primary success path.
+- Command behavior in JSON mode must not rely on legacy printing side effects being visible to the caller.
+
+### Formal Interface
+
+For the standard CLI path, `--output json` is a formal machine-readable interface, not an incidental alternate
+display format.
+
+Rules:
+
+- if `--output` is omitted, the standard CLI defaults to text mode
+- text mode is the formal human-facing interface
+- new standard CLI commands must treat JSON output as a maintained contract
+- changes to existing standard CLI commands must preserve JSON-mode contract compatibility unless the spec is revised
+- machine consumers that require a stable structured contract must explicitly request `--output json`
+- callers must be able to determine success or failure from the JSON envelope itself without inspecting suppressed
+  legacy output
+
+### Single JSON Output Rule
+
+Each standard CLI invocation in JSON mode must emit exactly one top-level JSON envelope to `stdout`.
+
+Rules:
+
+- `stdout` must contain one terminal JSON result
+- JSON mode must not emit multiple competing top-level JSON outcomes
+- empty `stdout` in JSON mode is never a valid success outcome
+- legacy or debug output that would otherwise pollute `stdout` is a bug to contain, not part of the public contract
+
+### Output Ownership
+
+For the standard CLI path, `OutputFormatter` is the only valid public JSON emitter.
+
+Rules:
+
+- command handlers must route their public outcome through `OutputFormatter`
+- shared legacy code may still print internally, but those prints are not part of the JSON contract
+- suppressing stray legacy output does not convert it into valid JSON output
+- if a shared legacy method cannot produce a standard-CLI-safe result directly, the standard CLI should adapt it
+  explicitly
+- a command that bypasses `OutputFormatter` is outside the standard CLI JSON contract until adapted
+
+### Envelope Shape
+
+The top-level JSON envelope is stable and must not vary by command.
+
+Success:
+
+```json
+{
+  "success": true,
+  "data": {}
+}
+```
+
+Error:
+
+```json
+{
+  "success": false,
+  "error": "usage_error|execution_error|domain_specific_code",
+  "message": "human-readable explanation"
+}
+```
+
+### Field Stability
+
+The JSON contract distinguishes stable machine-readable fields from human-oriented fields.
+
+Rules:
+
+- `success` is the stable top-level discriminator
+- `error` is a stable machine-readable error code when `success` is `false`
+- `message` is human-readable explanation text and must not be the only machine contract
+- command-specific machine-readable payload belongs under `data`
+- future command output expansion should prefer additive changes inside `data` rather than changing the top-level
+  envelope shape
+
+### Text and JSON Consistency
+
+Text mode and JSON mode are two renderings of the same command outcome.
+
+Rules:
+
+- text mode and JSON mode must not represent different success/failure semantics for the same invocation
+- a command must not succeed in text mode but produce empty output in JSON mode
+- a command must not fail in text mode while reporting JSON success for the same underlying outcome
+- machine-readable payload richness may differ from text formatting, but outcome classification must remain aligned
+
+### Command Participation
+
+A command is considered compliant with the standard CLI JSON contract only if all of the following are true:
+
+- it emits its public result through `OutputFormatter`
+- it produces one valid JSON envelope in JSON mode
+- it does not require callers to inspect suppressed legacy output to determine success or failure
+
+If a command cannot yet satisfy these rules cleanly, it should be adapted explicitly or treated as outside the
+guaranteed JSON contract until that work is completed.
+
+Such commands being temporarily outside the guaranteed JSON contract does not relax the standard CLI JSON contract
+itself. It means those commands are not yet compliant and must not be used to redefine the contract for compliant
+commands.
+
+## Contract 6: Standard CLI vs Legacy Interactive Behavior
+
+The standard CLI is not a thin alias for the legacy REPL path.
+
+### Rules
+
+- Standard CLI behavior takes precedence over legacy prompt-oriented behavior when the two conflict.
+- Interactive viewers, prompts, and direct prints from legacy code are compatibility hazards in the standard CLI path.
+- If a legacy path cannot satisfy the standard CLI contract cleanly, either adapt it explicitly or exclude it from
+  the standard CLI guarantees.
+- Hidden stdin scripting, prompt auto-confirmation, or injected prompt answers are not allowed as standard CLI
+  behavior.
+
+### Interface Identity
+
+The standard CLI and the legacy REPL are separate public interfaces with different operating models.
+
+Rules:
+
+- the standard CLI is a non-interactive command interface intended for deterministic terminal use, scripts, agents,
+  and automation
+- the legacy REPL is an interactive prompt-oriented interface intended for human-driven sessions
+- shared implementation is allowed, but shared UX and behavioral contract must not be assumed automatically
+
+### Contract Precedence
+
+When standard CLI requirements conflict with inherited REPL behavior, the standard CLI contract wins for the standard
+CLI path.
+
+Rules:
+
+- standard CLI parser rules are not constrained by legacy REPL parsing quirks
+- standard CLI auth behavior is not defined by legacy prompt flow
+- standard CLI result and exit-code behavior are not defined by legacy print side effects
+- standard CLI JSON behavior is not defined by what the legacy interactive path happens to print
+
+### Interactive Boundary
+
+Interactive behavior is not part of the intended standard CLI contract unless explicitly designed into a future spec
+revision.
+
+Rules:
+
+- prompts, menus, viewer UIs, and multi-step confirmations from legacy code must not be treated as standard CLI
+  contract behavior
+- if a command capability currently depends on interactive legacy flow, it should be adapted explicitly before being
+  considered fully standard-CLI-compliant
+- hidden stdin feeding, prompt auto-confirmation, prompt suppression, or interactive fallback are not valid standard
+  CLI implementation techniques
+
+### Adaptation Strategy
+
+When standard CLI needs capabilities that currently exist only in legacy interactive form, prefer explicit adaptation
+over behavioral inheritance.
+
+Rules:
+
+- prefer additive adapters, standard-CLI-safe wrapper methods, or dedicated handler logic
+- do not force standard CLI callers to emulate REPL interactions as part of the public contract
+- do not silently redefine REPL behavior just to satisfy standard CLI requirements
+
+### Temporary Compatibility Mechanisms
+
+Some temporary containment techniques may be necessary while migrating legacy functionality.
+
+Rules:
+
+- temporary shims must be understood as migration aids, not as the target design
+- code comments, tests, and PR descriptions should avoid presenting temporary compatibility hacks as the intended
+  long-term contract
+- when a command still depends on such a shim, that command is not standard-CLI-compliant and the dependency should be
+  treated as technical debt to retire
+
+## Contract 7: QA Verification Scope
+
+The purpose of `qa/` for the standard CLI is to validate the public CLI contract, not to preserve incidental
+legacy side effects.
+
+### Rules
+
+- QA should primarily validate observable CLI outcomes:
+  - exit code behavior
+  - text-mode success/failure semantics
+  - JSON envelope correctness
+  - meaningful parity between text and JSON where appropriate
+- QA should not claim coverage for flows that are known stale, retired, or outside the supported standard CLI path.
+- If a QA path no longer represents real supported behavior, retire it instead of keeping a misleading green check.
+
+### QA Purpose
+
+Standard CLI QA exists to validate contract behavior at the CLI boundary.
+
+Rules:
+
+- QA should verify what callers can observe from the standard CLI interface
+- QA should not treat incidental legacy stdout/stderr behavior as the thing being preserved
+- QA should not elevate temporary migration shims into the supported contract merely because they currently exist
+
+### Priority Coverage Areas
+
+QA for the standard CLI should prioritize coverage for:
+
+- global option parsing behavior
+- command-local parsing behavior
+- authentication policy behavior
+- success/failure classification
+- exit code behavior
+- JSON envelope correctness
+- text/JSON outcome consistency
+- help and other public top-level CLI flows
+
+### Contract-Level Bias
+
+Contract-level verification is more valuable than reproducing isolated implementation details.
+
+Rules:
+
+- prefer tests that validate user-visible contract guarantees at the CLI boundary
+- when a bug is fixed, add regression coverage at the contract boundary if feasible
+- avoid overfitting QA to temporary implementation quirks that are not part of the intended contract
+
+### Text and JSON Verification
+
+Text and JSON outputs should be validated according to their roles.
+
+Rules:
+
+- JSON-mode QA should validate both envelope shape and command outcome semantics
+- text-mode QA should validate human-facing success/failure behavior without requiring brittle formatting snapshots
+- text/JSON parity should primarily mean semantic outcome parity, not exact string equality
+- if text and JSON intentionally differ in presentation detail, QA should still ensure they agree on success/failure
+  and core public meaning
+
+### Coverage Integrity
+
+QA reporting must reflect real supported coverage.
+
+Rules:
+
+- do not represent stale, broken, or unsupported flows as validated simply because a script still runs
+- if a command is not yet fully compliant with the standard CLI contract, QA should either mark that gap clearly or
+  exclude the command from compliance claims
+- a passing QA check must not rely on output that actually indicates an internal failure path
+
+### Shared Layer vs CLI Boundary
+
+Tests at different layers serve different purposes.
+
+Rules:
+
+- shared-layer unit tests are useful but do not replace CLI-boundary contract tests
+- standard CLI QA should not assume that a passing wrapper or utility test proves public CLI correctness
+- REPL-oriented tests do not count as standard CLI contract coverage unless they explicitly exercise the standard CLI
+  surface
+
+### Maintenance Expectations
+
+QA should evolve with the contract.
+
+Rules:
+
+- when behavior covered by this spec changes, QA should be updated in the same change
+- new standard CLI commands should add or extend contract-relevant coverage
+- if a QA path becomes misleading, retire or rewrite it rather than keeping nominal coverage
+
+## Reviewer Expectations Captured by This Spec
+
+Review feedback in this area has consistently pushed toward:
+
+- early parser failures instead of downstream surprises
+- explicit auth policy instead of implicit side effects
+- one reliable machine-readable output path
+- one reliable success/failure model
+- QA that validates supported behavior instead of historical implementation details
+
+## Change Management
+
+When changing behavior covered by this spec:
+
+1. Update this document first or in the same change.
+2. Update tests to reflect the intended contract.
+3. Prefer contract-level tests over narrowly reproducing only the latest reported bug.
+
+If a change intentionally violates this spec, document the reason in the PR and revise this file in the same patch.
diff --git a/gradle.properties b/gradle.properties
new file mode 100644
index 00000000..336465ce
--- /dev/null
+++ b/gradle.properties
@@ -0,0 +1 @@
+org.gradle.console=plain
diff --git a/qa/config.sh b/qa/config.sh
new file mode 100644
index 00000000..f98798b8
--- /dev/null
+++ b/qa/config.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+NETWORK="${TRON_NETWORK:-nile}"
+PRIVATE_KEY="${TRON_TEST_PRIVATE_KEY:-}"
+MNEMONIC="${TRON_TEST_MNEMONIC:-}"
+TRON_PRIVATE_KEY="${TRON_PRIVATE_KEY:-$PRIVATE_KEY}"
+TRON_MNEMONIC="${TRON_MNEMONIC:-$MNEMONIC}"
+MASTER_PASSWORD="${MASTER_PASSWORD:-testpassword123A}"
+ALT_PASSWORD="${QA_ALT_PASSWORD:-TempPass123!B}"
+
+WALLET_JAR="$PROJECT_DIR/build/libs/wallet-cli.jar"
+RESULTS_DIR="$PROJECT_DIR/qa/results"
+RUNTIME_DIR="$PROJECT_DIR/qa/runtime"
+REPORT_FILE="$PROJECT_DIR/qa/report.txt"
+MANIFEST_FILE="$PROJECT_DIR/qa/manifest.tsv"
+CONTRACTS_FILE="$PROJECT_DIR/qa/contracts.tsv"
+
+TARGET_ADDR="${TRON_QA_TARGET_ADDR:-TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL}"
+USDT_NILE="${TRON_QA_USDT_NILE:-TXYZopYRdj2D9XRtbG411XZZ3kM5VkAeBf}"
+FAKE_ID_64="0000000000000000000000000000000000000000000000000000000000000001"
+
+export NETWORK PRIVATE_KEY MNEMONIC MASTER_PASSWORD ALT_PASSWORD
+export TRON_PRIVATE_KEY TRON_MNEMONIC
+export WALLET_JAR RESULTS_DIR RUNTIME_DIR REPORT_FILE MANIFEST_FILE CONTRACTS_FILE
+export TARGET_ADDR USDT_NILE FAKE_ID_64 PROJECT_DIR
+
+qa_has_private_key() {
+  [ -n "$PRIVATE_KEY" ]
+}
+
+qa_has_mnemonic() {
+  [ -n "$MNEMONIC" ]
+}
+
+qa_requires_available() {
+  case "$1" in
+    none|"")
+      return 0
+      ;;
+    private_key)
+      qa_has_private_key
+      ;;
+    mnemonic)
+      qa_has_mnemonic
+      ;;
+    *)
+      return 1
+      ;;
+  esac
+}
diff --git a/qa/contracts.tsv b/qa/contracts.tsv
new file mode 100644
index 00000000..505db667
--- /dev/null
+++ b/qa/contracts.tsv
@@ -0,0 +1,44 @@
+# label|template|requires|env_mode|stream_mode|expectation|args_json|json_path_exists|json_path_absent|error_code|text_contains|text_absent|preflight|workspace_path_exists|workspace_path_absent
+global-help|empty|none|default|dual|help_dual|["--help"]|data.help|||Usage:,TRON Wallet CLI|Error:|
+version-flag|empty|none|default|text|success|["--version"]||||wallet-cli|| 
+missing-command|empty|none|default|json|usage|["--output","json"]|||usage_error|||
+unknown-global-option|empty|none|default|json|usage|["--output","json","--outputt","json","get-balance"]|||usage_error|||
+unknown-command|empty|none|default|text|usage|["sendkon"]||||Did you mean||
+contract__global_network_separate|empty|none|default|text|success|["--network","nile","current-network"]||||Current network:||
+contract__global_network_inline_json|empty|none|default|json|success|["--output","json","--network=nile","current-network"]||||||
+contract__global_missing_network_value_json|empty|none|default|json|usage|["--output","json","--network"]|||usage_error|||
+contract__global_empty_output_value_json|empty|none|default|text|usage|["--output="]||||Missing or empty value for --output||
+contract__global_invalid_network_value_json|empty|none|default|json|usage|["--output","json","--network=beta","current-network"]|||usage_error|||
+contract__global_flag_with_value_json|empty|none|default|json|usage|["--output","json","--quiet=true","current-network"]|||usage_error|||
+contract__global_repeated_network_json|empty|none|default|json|usage|["--output","json","--network","nile","--network","main","current-network"]|||usage_error|||
+contract__global_quiet_verbose_conflict_json|empty|none|default|json|usage|["--output","json","--quiet","--verbose","current-network"]|||usage_error|||
+contract__post_command_global_like_token_text|empty|none|default|text|usage|["current-network","--network","nile"]||||Unknown option: --network||
+contract__command_missing_required_value_text|empty|none|default|text|usage|["get-block-by-latest-num","--count"]||||Missing value for --count||
+contract__command_empty_required_value_json|empty|none|default|json|usage|["--output","json","get-block-by-latest-num","--count="]|||usage_error|||
+contract__command_boolean_flag_exec|empty|none|default|text|execution|["freeze-balance-v2","--amount","1","--multi"]|||execution_error|Error:||
+contract__command_boolean_true_exec|empty|none|default|json|execution|["--output","json","freeze-balance-v2","--amount","1","--multi=true"]|||execution_error|||
+contract__command_boolean_false_exec|empty|none|default|json|execution|["--output","json","freeze-balance-v2","--amount","1","--multi=false"]|||execution_error|||
+contract__command_boolean_invalid_text|empty|none|default|text|usage|["freeze-balance-v2","--amount","1","--multi=maybe"]||||requires a boolean value||
+contract__command_repeated_value_text|empty|none|default|text|usage|["freeze-balance-v2","--amount","1","--amount","2"]||||Repeated option: --amount||
+contract__command_repeated_boolean_same_exec|empty|none|default|json|execution|["--output","json","freeze-balance-v2","--amount","1","--multi","--multi"]|||execution_error|||
+contract__command_repeated_boolean_conflict_text|empty|none|default|text|usage|["freeze-balance-v2","--amount","1","--multi=true","--multi=false"]||||Conflicting values for option: --multi||
+contract__command_unknown_option_text|empty|none|default|text|usage|["get-block","--wat"]||||Unknown option: --wat||
+contract__command_unexpected_argument_text|empty|none|default|text|usage|["get-block","oops"]||||Unexpected argument: oops||
+contract__command_help_short_text|empty|none|default|text|help_text|["get-balance","-h"]||||Usage:,wallet-cli get-balance|Error:|
+contract__command_help_short_json|empty|none|default|json|help_json|["--output","json","get-balance","-h"]|data.help|||||
+contract__command_help_not_option_value_text|empty|none|default|text|usage|["get-balance","--address","--help"]||||Missing value for --address||
+contract__auth_never_without_wallet_text|empty|none|default|text|success|["current-network"]||||Current network:||
+contract__auth_require_without_wallet_json|empty|none|default|json|execution|["--output","json","get-address"]|||execution_error|||
+contract__auth_require_no_password_text|auth|private_key|no-password|text|execution|["get-address"]||||MASTER_PASSWORD is required||
+contract__auth_wallet_override_without_active_text|auth-no-active|private_key|default|text|success|["--network","nile","--wallet","mywallet","get-address"]||||GetAddress successful,address =||
+contract__auth_wallet_override_missing_text|auth-no-active|private_key|default|text|execution|["--network","nile","--wallet","missing-wallet","get-address"]||||No wallet found for --wallet||
+contract__auth_wallet_bad_active_text|auth-bad-active|private_key|default|text|execution|["--network","nile","get-address"]||||Could not read active wallet config||
+contract__clear_wallet_external_target_text|auth-external-wallet|private_key|default|text|success|["--network","nile","--wallet","./External/{{FIRST_WALLET_FILE}}","clear-wallet-keystore","--force"]||||ClearWalletKeystore successful !!|||Wallet/.active-wallet|External/{{FIRST_WALLET_FILE}}
+contract__auth_get_usdt_balance_with_address_json|empty|none|default|json|success|["--output","json","--network","nile","get-usdt-balance","--address","{{TARGET_ADDR}}"]||||||
+contract__auth_get_usdt_balance_without_address_json|empty|none|default|json|execution|["--output","json","--network","nile","get-usdt-balance"]|||execution_error|||
+contract__auth_trigger_constant_with_owner_json|empty|none|default|json|success|["--output","json","--network","nile","trigger-constant-contract","--contract","{{USDT_NILE}}","--method","balanceOf(address)","--params","\"{{TARGET_ADDR}}\"","--owner","{{TARGET_ADDR}}"]||||||
+contract__auth_trigger_constant_without_owner_json|empty|none|default|json|execution|["--output","json","--network","nile","trigger-constant-contract","--contract","{{USDT_NILE}}","--method","balanceOf(address)","--params","\"{{TARGET_ADDR}}\""]|||execution_error|||
+contract__auth_estimate_energy_with_owner_json|empty|none|default|json|success|["--output","json","--network","nile","estimate-energy","--contract","{{USDT_NILE}}","--method","transfer(address,uint256)","--params","\"{{TARGET_ADDR}}\",1","--owner","{{TARGET_ADDR}}"]||||||
+contract__auth_estimate_energy_without_owner_json|empty|none|default|json|execution|["--output","json","--network","nile","estimate-energy","--contract","{{USDT_NILE}}","--method","transfer(address,uint256)","--params","\"{{TARGET_ADDR}}\",1"]|||execution_error|||
+contract__unsupported_encoding_converter_json|empty|none|default|json|execution|["--output","json","encoding-converter"]|||unsupported_in_standard_cli|||
+contract__unsupported_tronlink_multisign_json|empty|none|default|json|execution|["--output","json","tronlink-multi-sign"]|||unsupported_in_standard_cli|||
diff --git a/qa/lib/case_resolver.py b/qa/lib/case_resolver.py
new file mode 100644
index 00000000..3ff9fe6f
--- /dev/null
+++ b/qa/lib/case_resolver.py
@@ -0,0 +1,239 @@
+#!/usr/bin/env python3
+import json
+import os
+import shlex
+import sys
+
+
+def read_table(path):
+    rows = []
+    if not os.path.exists(path):
+        return rows
+    with open(path, "r", encoding="utf-8") as fh:
+        for raw_line in fh:
+            line = raw_line.rstrip("\n")
+            if not line or line.lstrip().startswith("#"):
+                continue
+            rows.append(line.split("|"))
+    return rows
+
+
+def find_row(rows, label):
+    for row in rows:
+        if row and row[0] == label:
+            return row
+    return None
+
+
+def load_seeds(path):
+    result = {}
+    if not path or not os.path.exists(path):
+        return result
+    with open(path, "r", encoding="utf-8") as fh:
+        for raw_line in fh:
+            line = raw_line.strip()
+            if not line or "=" not in line:
+                continue
+            key, value = line.split("=", 1)
+            try:
+                tokens = shlex.split(value)
+                result[key] = tokens[0] if tokens else ""
+            except Exception:
+                result[key] = value
+    return result
+
+
+def substitute_token(token, values):
+    updated = token
+    for key, value in values.items():
+        updated = updated.replace("{{%s}}" % key, value)
+    return updated
+
+
+def unresolved_tokens(tokens):
+    missing = []
+    for token in tokens:
+        start = 0
+        while True:
+            open_idx = token.find("{{", start)
+            if open_idx < 0:
+                break
+            close_idx = token.find("}}", open_idx + 2)
+            if close_idx < 0:
+                break
+            missing.append(token[open_idx:close_idx + 2])
+            start = close_idx + 2
+    return missing
+
+
+def split_csv(value):
+    if not value:
+        return []
+    return [item.strip() for item in value.split(",") if item.strip()]
+
+
+def smoke_expectation(case_type):
+    mapping = {
+        "offline-success": "success",
+        "noauth-success": "success",
+        "auth-success": "success",
+        "stateful-success": "success",
+        "stateful-replay-execution": "stateful_replay_execution",
+        "expected-usage-error": "usage",
+        "expected-execution-error": "execution",
+        "excluded-interactive": "skip",
+    }
+    return mapping.get(case_type, "invalid")
+
+
+def build_smoke_case(label, row, values):
+    case_type = row[1] if len(row) > 1 else ""
+    template = row[2] if len(row) > 2 else "empty"
+    requires = row[3] if len(row) > 3 else "none"
+    args_string = row[4] if len(row) > 4 else ""
+    json_path_exists = split_csv(row[5] if len(row) > 5 else "")
+    json_path_absent = split_csv(row[6] if len(row) > 6 else "")
+    error_code = row[7] if len(row) > 7 else ""
+    text_contains = split_csv(row[8] if len(row) > 8 else "")
+    preflight = split_csv(row[9] if len(row) > 9 else "")
+
+    raw_tokens = shlex.split(args_string) if args_string else []
+    resolved_tokens = [substitute_token(token, values) for token in raw_tokens]
+    unresolved = unresolved_tokens(resolved_tokens)
+
+    command_tokens = [label] + resolved_tokens
+    return {
+        "label": label,
+        "suite": "stateful" if case_type.startswith("stateful-") else "smoke",
+        "template": template or "empty",
+        "requires": requires or "none",
+        "env_mode": "default",
+        "expectation": smoke_expectation(case_type),
+        "text_argv": ["--network", values["NETWORK"]] + command_tokens,
+        "json_argv": ["--output", "json", "--network", values["NETWORK"]] + command_tokens,
+        "json_path_exists": json_path_exists,
+        "json_path_absent": json_path_absent,
+        "error_code": error_code,
+        "text_contains": text_contains,
+        "text_absent": ["Error:", "Usage:"] if smoke_expectation(case_type) == "success" else [],
+        "preflight": preflight,
+        "unresolved_placeholders": unresolved,
+        "excluded": case_type == "excluded-interactive",
+    }
+
+
+def build_help_case(label, values):
+    return {
+        "label": "help__%s" % label,
+        "suite": "help",
+        "template": "empty",
+        "requires": "none",
+        "env_mode": "default",
+        "expectation": "help_dual",
+        "text_argv": ["--network", values["NETWORK"], label, "--help"],
+        "json_argv": ["--output", "json", "--network", values["NETWORK"], label, "--help"],
+        "json_path_exists": ["data.help"],
+        "json_path_absent": [],
+        "error_code": "",
+        "text_contains": ["Usage:", "wallet-cli %s" % label],
+        "text_absent": ["Error:"],
+        "preflight": [],
+        "unresolved_placeholders": [],
+        "excluded": False,
+    }
+
+
+def build_contract_case(label, row, values):
+    template = row[1] if len(row) > 1 else "empty"
+    requires = row[2] if len(row) > 2 else "none"
+    env_mode = row[3] if len(row) > 3 else "default"
+    stream_mode = row[4] if len(row) > 4 else "text"
+    expectation = row[5] if len(row) > 5 else "success"
+    args_json = row[6] if len(row) > 6 else "[]"
+    json_path_exists = split_csv(row[7] if len(row) > 7 else "")
+    json_path_absent = split_csv(row[8] if len(row) > 8 else "")
+    error_code = row[9] if len(row) > 9 else ""
+    text_contains = split_csv(row[10] if len(row) > 10 else "")
+    text_absent = split_csv(row[11] if len(row) > 11 else "")
+    preflight = split_csv(row[12] if len(row) > 12 else "")
+    workspace_path_exists = split_csv(row[13] if len(row) > 13 else "")
+    workspace_path_absent = split_csv(row[14] if len(row) > 14 else "")
+
+    raw_tokens = json.loads(args_json)
+    if not isinstance(raw_tokens, list) or not all(isinstance(item, str) for item in raw_tokens):
+        raise SystemExit("Contract args_json must be an array of strings: %s" % label)
+    resolved_tokens = [substitute_token(token, values) for token in raw_tokens]
+    unresolved = unresolved_tokens(resolved_tokens)
+
+    text_argv = None
+    json_argv = None
+    if stream_mode in ("text", "dual"):
+      text_argv = resolved_tokens
+    if stream_mode in ("json", "dual"):
+      if stream_mode == "dual" and "--output" not in resolved_tokens and not any(
+          token.startswith("--output=") for token in resolved_tokens):
+          json_argv = ["--output", "json"] + resolved_tokens
+      else:
+          json_argv = list(resolved_tokens)
+
+    return {
+        "label": label,
+        "suite": "contract",
+        "template": template or "empty",
+        "requires": requires or "none",
+        "env_mode": env_mode or "default",
+        "expectation": expectation,
+        "text_argv": text_argv,
+        "json_argv": json_argv,
+        "json_path_exists": json_path_exists,
+        "json_path_absent": json_path_absent,
+        "error_code": error_code,
+        "text_contains": text_contains,
+        "text_absent": text_absent,
+        "preflight": preflight,
+        "workspace_path_exists": workspace_path_exists,
+        "workspace_path_absent": workspace_path_absent,
+        "unresolved_placeholders": unresolved,
+        "excluded": False,
+    }
+
+
+def main():
+    if len(sys.argv) != 3:
+        raise SystemExit("Usage: case_resolver.py <help|smoke|contract> <label>")
+
+    kind, label = sys.argv[1], sys.argv[2]
+    seed_values = load_seeds(os.environ.get("QA_SEED_FILE", ""))
+    values = {
+        "NETWORK": os.environ.get("NETWORK", ""),
+        "MY_ADDR": os.environ.get("MY_ADDR", ""),
+        "TARGET_ADDR": os.environ.get("TARGET_ADDR", ""),
+        "USDT_NILE": os.environ.get("USDT_NILE", ""),
+        "FAKE_ID_64": os.environ.get("FAKE_ID_64", ""),
+        "PRIVATE_KEY": os.environ.get("PRIVATE_KEY", ""),
+        "MNEMONIC": os.environ.get("MNEMONIC", ""),
+        "MASTER_PASSWORD": os.environ.get("MASTER_PASSWORD", ""),
+        "ALT_PASSWORD": os.environ.get("ALT_PASSWORD", ""),
+    }
+    values.update(seed_values)
+
+    if kind == "help":
+        resolved = build_help_case(label, values)
+    elif kind == "smoke":
+        row = find_row(read_table(os.environ["MANIFEST_FILE"]), label)
+        if row is None:
+            raise SystemExit("Manifest case not found: %s" % label)
+        resolved = build_smoke_case(label, row, values)
+    elif kind == "contract":
+        row = find_row(read_table(os.environ["CONTRACTS_FILE"]), label)
+        if row is None:
+            raise SystemExit("Contract case not found: %s" % label)
+        resolved = build_contract_case(label, row, values)
+    else:
+        raise SystemExit("Unknown case kind: %s" % kind)
+
+    print(json.dumps(resolved))
+
+
+if __name__ == "__main__":
+    main()
diff --git a/qa/lib/cli.sh b/qa/lib/cli.sh
new file mode 100644
index 00000000..1f2b95d4
--- /dev/null
+++ b/qa/lib/cli.sh
@@ -0,0 +1,914 @@
+#!/bin/bash
+
+# ---- Per-case timeout support ----
+QA_CASE_TIMEOUT="${QA_CASE_TIMEOUT:-120}"
+
+if command -v timeout >/dev/null 2>&1; then
+  _qa_timeout_cmd="timeout"
+elif command -v gtimeout >/dev/null 2>&1; then
+  _qa_timeout_cmd="gtimeout"
+else
+  _qa_timeout_cmd=""
+fi
+
+_qa_run_with_timeout() {
+  local secs="$1"; shift
+  if [ -n "$_qa_timeout_cmd" ]; then
+    "$_qa_timeout_cmd" "$secs" "$@"
+  else
+    "$@" &
+    local pid=$!
+    ( sleep "$secs"; kill "$pid" 2>/dev/null ) &
+    local watchdog=$!
+    wait "$pid" 2>/dev/null; local rc=$?
+    kill "$watchdog" 2>/dev/null; wait "$watchdog" 2>/dev/null
+    return $rc
+  fi
+}
+
+qa_manifest_line() {
+  local command="$1"
+  awk -F'|' -v cmd="$command" '$1 == cmd { print; exit }' "$MANIFEST_FILE"
+}
+
+qa_manifest_field() {
+  local command="$1"
+  local field="$2"
+  qa_manifest_line "$command" | awk -F'|' -v idx="$field" '{ print $idx }'
+}
+
+qa_contract_line() {
+  local label="$1"
+  awk -F'|' -v case_label="$label" '$1 == case_label { print; exit }' "$CONTRACTS_FILE"
+}
+
+qa_contract_field() {
+  local label="$1"
+  local field="$2"
+  qa_contract_line "$label" | awk -F'|' -v idx="$field" '{ print $idx }'
+}
+
+qa_case_type() {
+  qa_manifest_field "$1" 2
+}
+
+qa_case_template() {
+  qa_manifest_field "$1" 3
+}
+
+qa_case_requires() {
+  qa_manifest_field "$1" 4
+}
+
+qa_case_args() {
+  qa_manifest_field "$1" 5
+}
+
+qa_case_json_path_exists() {
+  qa_manifest_field "$1" 6
+}
+
+qa_case_json_path_absent() {
+  qa_manifest_field "$1" 7
+}
+
+qa_case_error_code() {
+  qa_manifest_field "$1" 8
+}
+
+qa_case_text_contains() {
+  qa_manifest_field "$1" 9
+}
+
+qa_case_preflight() {
+  qa_manifest_field "$1" 10
+}
+
+qa_contract_template() {
+  qa_contract_field "$1" 2
+}
+
+qa_contract_requires() {
+  qa_contract_field "$1" 3
+}
+
+qa_contract_args_json() {
+  qa_contract_field "$1" 4
+}
+
+qa_contract_expectation() {
+  qa_contract_field "$1" 5
+}
+
+qa_contract_json_path_exists() {
+  qa_contract_field "$1" 6
+}
+
+qa_contract_json_path_absent() {
+  qa_contract_field "$1" 7
+}
+
+qa_contract_error_code() {
+  qa_contract_field "$1" 8
+}
+
+qa_contract_text_contains() {
+  qa_contract_field "$1" 9
+}
+
+qa_contract_text_absent() {
+  qa_contract_field "$1" 10
+}
+
+qa_contract_env_mode() {
+  qa_contract_field "$1" 11
+}
+
+qa_contract_stream_mode() {
+  qa_contract_field "$1" 12
+}
+
+qa_contract_preflight() {
+  qa_contract_field "$1" 13
+}
+
+qa_prepare_directories() {
+  mkdir -p "$RESULTS_DIR" "$RUNTIME_DIR/templates" "$RUNTIME_DIR/workspaces"
+}
+
+qa_clean_runtime() {
+  rm -rf "$RESULTS_DIR" "$RUNTIME_DIR"
+  qa_prepare_directories
+}
+
+qa_import_template_wallet() {
+  local template_dir="$1"
+  local mode="$2"
+
+  mkdir -p "$template_dir"
+  (
+    cd "$template_dir" || exit 1
+    rm -rf Wallet Mnemonic
+    case "$mode" in
+      private-key)
+        MASTER_PASSWORD="$MASTER_PASSWORD" TRON_TEST_PRIVATE_KEY="$PRIVATE_KEY" \
+          java -cp "$WALLET_JAR" org.tron.qa.QASecretImporter private-key >/dev/null
+        ;;
+      mnemonic)
+        MASTER_PASSWORD="$MASTER_PASSWORD" TRON_TEST_MNEMONIC="$MNEMONIC" \
+          java -cp "$WALLET_JAR" org.tron.qa.QASecretImporter mnemonic >/dev/null
+        ;;
+      *)
+        return 1
+        ;;
+    esac
+  )
+}
+
+qa_clone_template() {
+  local source_dir="$1"
+  local target_dir="$2"
+  rm -rf "$target_dir"
+  mkdir -p "$target_dir"
+  if [ -d "$source_dir" ]; then
+    cp -R "$source_dir"/. "$target_dir"/ 2>/dev/null || true
+  fi
+}
+
+qa_prepare_templates() {
+  mkdir -p "$RUNTIME_DIR/templates/empty"
+  if qa_has_private_key; then
+    qa_import_template_wallet "$RUNTIME_DIR/templates/auth" private-key
+
+    qa_clone_template "$RUNTIME_DIR/templates/auth" "$RUNTIME_DIR/templates/auth-external-wallet"
+    mkdir -p "$RUNTIME_DIR/templates/auth-external-wallet/External"
+    if ls "$RUNTIME_DIR/templates/auth-external-wallet/Wallet/"*.json >/dev/null 2>&1; then
+      cp "$RUNTIME_DIR/templates/auth-external-wallet/Wallet/"*.json \
+        "$RUNTIME_DIR/templates/auth-external-wallet/External/" 2>/dev/null || true
+    fi
+
+    qa_clone_template "$RUNTIME_DIR/templates/auth" "$RUNTIME_DIR/templates/auth-no-active"
+    rm -f "$RUNTIME_DIR/templates/auth-no-active/Wallet/.active-wallet"
+
+    qa_clone_template "$RUNTIME_DIR/templates/auth" "$RUNTIME_DIR/templates/auth-bad-active"
+    mkdir -p "$RUNTIME_DIR/templates/auth-bad-active/Wallet"
+    printf '{bad json\n' > "$RUNTIME_DIR/templates/auth-bad-active/Wallet/.active-wallet"
+  fi
+}
+
+qa_reset_workspace() {
+  local label="$1"
+  local template="$2"
+  local workspace="$RUNTIME_DIR/workspaces/$label"
+
+  rm -rf "$workspace"
+  mkdir -p "$workspace"
+  if [ -d "$RUNTIME_DIR/templates/$template" ]; then
+    cp -R "$RUNTIME_DIR/templates/$template"/. "$workspace"/ 2>/dev/null || true
+  fi
+  echo "$workspace"
+}
+
+qa_seed_file() {
+  echo "$RUNTIME_DIR/seeds.env"
+}
+
+qa_export_seeds() {
+  qa_load_seeds
+  export MY_ADDR FIRST_WALLET_ADDRESS FIRST_WALLET_NAME FIRST_WALLET_FILE
+  export BLOCK_ID TX_ID WITNESS_ADDR MY_TRX_BALANCE
+}
+
+qa_load_seeds() {
+  local seed_file
+  seed_file="$(qa_seed_file)"
+  if [ -f "$seed_file" ]; then
+    # shellcheck disable=SC1090
+    source "$seed_file"
+  fi
+}
+
+qa_seed_value() {
+  qa_load_seeds
+  local key="$1"
+  printf '%s' "${!key:-}"
+}
+
+qa_substitute_placeholders() {
+  local text="$1"
+  qa_load_seeds
+
+  text="${text//\{\{NETWORK\}\}/$NETWORK}"
+  text="${text//\{\{TARGET_ADDR\}\}/$TARGET_ADDR}"
+  text="${text//\{\{USDT_NILE\}\}/$USDT_NILE}"
+  text="${text//\{\{FAKE_ID_64\}\}/$FAKE_ID_64}"
+  text="${text//\{\{PRIVATE_KEY\}\}/$PRIVATE_KEY}"
+  text="${text//\{\{MNEMONIC\}\}/$MNEMONIC}"
+  text="${text//\{\{MASTER_PASSWORD\}\}/$MASTER_PASSWORD}"
+  text="${text//\{\{ALT_PASSWORD\}\}/$ALT_PASSWORD}"
+  text="${text//\{\{MY_ADDR\}\}/${MY_ADDR:-}}"
+  text="${text//\{\{FIRST_WALLET_ADDRESS\}\}/${FIRST_WALLET_ADDRESS:-}}"
+  text="${text//\{\{BLOCK_ID\}\}/${BLOCK_ID:-}}"
+  text="${text//\{\{TX_ID\}\}/${TX_ID:-}}"
+  text="${text//\{\{WITNESS_ADDR\}\}/${WITNESS_ADDR:-}}"
+  text="${text//\{\{FIRST_WALLET_NAME\}\}/${FIRST_WALLET_NAME:-}}"
+  text="${text//\{\{FIRST_WALLET_FILE\}\}/${FIRST_WALLET_FILE:-}}"
+  text="${text//\{\{MY_TRX_BALANCE\}\}/${MY_TRX_BALANCE:-}}"
+
+  printf '%s' "$text"
+}
+
+qa_unresolved_placeholders() {
+  local text="$1"
+  (printf '%s' "$text" | grep -o '{{[^}]\+}}' || true) | tr '\n' ' ' | sed 's/[[:space:]]*$//'
+}
+
+qa_args_to_lines() {
+  local args_string="$1"
+  local substituted
+  substituted="$(qa_substitute_placeholders "$args_string")"
+  python3 - <<'PY' "$substituted"
+import shlex
+import sys
+
+for item in shlex.split(sys.argv[1]):
+    print(item)
+PY
+}
+
+qa_args_json_to_lines() {
+  local args_json="$1"
+  local substituted
+  substituted="$(qa_substitute_placeholders "$args_json")"
+  python3 - <<'PY' "$substituted"
+import json
+import sys
+
+value = json.loads(sys.argv[1])
+if not isinstance(value, list):
+    raise SystemExit("args_json must be a JSON array")
+for item in value:
+    if not isinstance(item, str):
+        raise SystemExit("args_json entries must be strings")
+    print(item)
+PY
+}
+
+qa_resolve_case_to_file() {
+  local kind="$1"
+  local label="$2"
+  local output_file="$3"
+  QA_SEED_FILE="$(qa_seed_file)" python3 "$SCRIPT_DIR/lib/case_resolver.py" "$kind" "$label" > "$output_file"
+}
+
+qa_case_json_get() {
+  local json_file="$1"
+  local path="$2"
+  python3 - <<'PY' "$json_file" "$path"
+import json
+import sys
+
+payload = json.load(open(sys.argv[1], "r", encoding="utf-8"))
+value = payload
+for segment in [s for s in sys.argv[2].split(".") if s]:
+    if isinstance(value, dict):
+        value = value.get(segment)
+    else:
+        value = None
+        break
+if isinstance(value, list):
+    print(",".join(str(item) for item in value))
+elif value is None:
+    print("")
+else:
+    print(value)
+PY
+}
+
+qa_case_json_bool() {
+  local json_file="$1"
+  local path="$2"
+  python3 - <<'PY' "$json_file" "$path"
+import json
+import sys
+
+payload = json.load(open(sys.argv[1], "r", encoding="utf-8"))
+value = payload
+for segment in [s for s in sys.argv[2].split(".") if s]:
+    value = value.get(segment) if isinstance(value, dict) else None
+print("true" if value else "false")
+PY
+}
+
+qa_case_json_write_lines() {
+  local json_file="$1"
+  local path="$2"
+  local output_file="$3"
+  python3 - <<'PY' "$json_file" "$path" "$output_file"
+import json
+import sys
+
+payload = json.load(open(sys.argv[1], "r", encoding="utf-8"))
+value = payload
+for segment in [s for s in sys.argv[2].split(".") if s]:
+    value = value.get(segment) if isinstance(value, dict) else None
+with open(sys.argv[3], "w", encoding="utf-8") as out:
+    if isinstance(value, list):
+        for item in value:
+            out.write(str(item))
+            out.write("\n")
+PY
+}
+
+qa_filtered_text_stdout() {
+  local file="$1"
+  sed '/^User defined config file/d;/^$/d' "$file"
+}
+
+qa_filtered_stderr() {
+  local file="$1"
+  sed '/^$/d' "$file"
+}
+
+qa_run_capture() {
+  local workspace="$1"
+  local label="$2"
+  local suffix="$3"
+  local env_mode="$4"
+  shift 4
+
+  local stdout_file="$RESULTS_DIR/${label}_${suffix}.out"
+  local stderr_file="$RESULTS_DIR/${label}_${suffix}.err"
+  local exit_file="$RESULTS_DIR/${label}_${suffix}.exit"
+  local -a cmd
+  cmd=(java -jar "$WALLET_JAR" "$@")
+
+  local status
+  if (
+    cd "$workspace" || exit 98
+    case "$env_mode" in
+      ""|default)
+        MASTER_PASSWORD="$MASTER_PASSWORD" \
+          TRON_PRIVATE_KEY="$TRON_PRIVATE_KEY" \
+          TRON_MNEMONIC="$TRON_MNEMONIC" \
+          TRON_OLD_PASSWORD="$MASTER_PASSWORD" \
+          TRON_NEW_PASSWORD="$ALT_PASSWORD" \
+          _qa_run_with_timeout "$QA_CASE_TIMEOUT" "${cmd[@]}" >"$stdout_file" 2>"$stderr_file"
+        ;;
+      no-password)
+        unset MASTER_PASSWORD
+        _qa_run_with_timeout "$QA_CASE_TIMEOUT" "${cmd[@]}" >"$stdout_file" 2>"$stderr_file"
+        ;;
+      *)
+        echo "Unknown env mode: $env_mode" >&2
+        exit 97
+        ;;
+    esac
+  ); then
+    status=0
+  else
+    status=$?
+  fi
+  printf '%s\n' "$status" > "$exit_file"
+  return 0
+}
+
+qa_run_cli_capture() {
+  local workspace="$1"
+  local label="$2"
+  local mode="$3"
+  local env_mode="${4:-default}"
+  shift 4
+
+  local -a argv
+  argv=(--network "$NETWORK")
+  if [ "$mode" = "json" ]; then
+    argv+=(--output json)
+  fi
+  argv+=("$@")
+  qa_run_capture "$workspace" "$label" "$mode" "$env_mode" "${argv[@]}"
+}
+
+qa_run_raw_capture() {
+  local workspace="$1"
+  local label="$2"
+  local mode="$3"
+  local env_mode="${4:-default}"
+  shift 4
+  qa_run_capture "$workspace" "$label" "$mode" "$env_mode" "$@"
+}
+
+qa_write_result() {
+  local label="$1"
+  local status="$2"
+  printf '%s\n' "$status" > "$RESULTS_DIR/${label}.result"
+  printf '[%s] %s\n' "$label" "$status"
+}
+
+qa_extract_json_field() {
+  local file="$1"
+  local path="$2"
+  python3 - <<'PY' "$file" "$path"
+import json
+import sys
+
+payload = json.load(open(sys.argv[1], "r", encoding="utf-8"))
+segments = [segment for segment in sys.argv[2].split(".") if segment]
+value = payload
+for segment in segments:
+    if isinstance(value, dict) and segment in value:
+        value = value[segment]
+        continue
+    raise SystemExit(1)
+if isinstance(value, (dict, list)):
+    print(json.dumps(value, sort_keys=True))
+elif value is None:
+    print("null")
+else:
+    print(value)
+PY
+}
+
+qa_json_path_exists_in_file() {
+  local file="$1"
+  local path="$2"
+  qa_extract_json_field "$file" "$path" >/dev/null 2>&1
+}
+
+qa_json_field_equals() {
+  local file="$1"
+  local path="$2"
+  local expected="$3"
+  local actual
+  actual="$(qa_extract_json_field "$file" "$path" 2>/dev/null)" || return 1
+  [ "$actual" = "$expected" ]
+}
+
+qa_auth_wallet_available() {
+  [ -f "$RUNTIME_DIR/templates/auth/Wallet/.active-wallet" ]
+}
+
+qa_is_stateful_command() {
+  case "$(qa_case_type "$1")" in
+    stateful-*)
+      return 0
+      ;;
+    *)
+      return 1
+      ;;
+  esac
+}
+
+qa_parse_named_long() {
+  local option_name="$1"
+  shift
+  python3 - <<'PY' "$option_name" "$@"
+import sys
+
+name = sys.argv[1]
+args = sys.argv[2:]
+for i, token in enumerate(args):
+    if token == name:
+        if i + 1 < len(args):
+            print(args[i + 1])
+        sys.exit(0)
+    if token.startswith(name + "="):
+        print(token.split("=", 1)[1])
+        sys.exit(0)
+sys.exit(1)
+PY
+}
+
+qa_parse_named_value() {
+  local option_name="$1"
+  shift
+  python3 - <<'PY' "$option_name" "$@"
+import sys
+
+name = sys.argv[1]
+args = sys.argv[2:]
+for i, token in enumerate(args):
+    if token == name:
+        if i + 1 < len(args):
+            print(args[i + 1])
+        sys.exit(0)
+    if token.startswith(name + "="):
+        print(token.split("=", 1)[1])
+        sys.exit(0)
+sys.exit(1)
+PY
+}
+
+qa_preflight_stateful_case() {
+  local command="$1"
+  shift
+
+  if ! qa_auth_wallet_available; then
+    echo "missing auth wallet seed"
+    return 1
+  fi
+  if [ -z "$TARGET_ADDR" ]; then
+    echo "missing target address"
+    return 1
+  fi
+
+  qa_load_seeds
+  case "$command" in
+    send-coin|freeze-balance-v2)
+      local required_amount current_balance
+      required_amount="$(qa_parse_named_long --amount "$@" 2>/dev/null || true)"
+      [ -n "$required_amount" ] || required_amount=1
+      current_balance="${MY_TRX_BALANCE:-0}"
+      if [ "$current_balance" -lt "$required_amount" ]; then
+        echo "insufficient TRX balance"
+        return 1
+      fi
+      ;;
+    trigger-contract|transfer-usdt|unfreeze-balance-v2)
+      if [ "${MY_TRX_BALANCE:-0}" -le 0 ]; then
+        echo "missing TRX balance for fees"
+        return 1
+      fi
+      ;;
+  esac
+  return 0
+}
+
+qa_run_preflight_json_query() {
+  local field_path="$1"
+  shift
+  local token label workspace out_file value
+  token="$(mktemp "$RUNTIME_DIR/preflight.XXXXXX")"
+  rm -f "$token"
+  label="$(basename "$token")"
+  workspace="$(qa_reset_workspace "$label" "empty")"
+  qa_run_cli_capture "$workspace" "$label" json default "$@" >/dev/null 2>&1 || true
+  out_file="$RESULTS_DIR/${label}_json.out"
+  value="$(qa_extract_json_field "$out_file" "$field_path" 2>/dev/null)" || {
+    rm -rf "$workspace"
+    rm -f "$RESULTS_DIR/${label}_json.out" "$RESULTS_DIR/${label}_json.err" "$RESULTS_DIR/${label}_json.exit"
+    return 1
+  }
+  rm -rf "$workspace"
+  rm -f "$RESULTS_DIR/${label}_json.out" "$RESULTS_DIR/${label}_json.err" "$RESULTS_DIR/${label}_json.exit"
+  printf '%s\n' "$value"
+}
+
+qa_preflight_needs_witness_wallet() {
+  qa_load_seeds
+  [ -n "${MY_ADDR:-}" ] || return 1
+  [ -n "${WITNESS_ADDR:-}" ] || return 1
+  [ "$MY_ADDR" = "$WITNESS_ADDR" ]
+}
+
+qa_preflight_can_delegate_requested_amount() {
+  local owner amount resource max_size
+  owner="$(qa_parse_named_value --owner "$@" 2>/dev/null || true)"
+  [ -n "$owner" ] || owner="${MY_ADDR:-}"
+  amount="$(qa_parse_named_long --amount "$@" 2>/dev/null || true)"
+  resource="$(qa_parse_named_long --resource "$@" 2>/dev/null || true)"
+  [ -n "$owner" ] || return 1
+  [ -n "$amount" ] || return 1
+  [ -n "$resource" ] || return 1
+  max_size="$(qa_run_preflight_json_query "data.max_size" get-can-delegated-max-size --owner "$owner" --type "$resource" 2>/dev/null)" || return 1
+  [ "${max_size:-0}" -ge "$amount" ]
+}
+
+qa_preflight_has_undelegatable_requested_amount() {
+  local owner receiver amount resource
+  owner="$(qa_parse_named_value --owner "$@" 2>/dev/null || true)"
+  receiver="$(qa_parse_named_value --receiver "$@" 2>/dev/null || true)"
+  amount="$(qa_parse_named_long --amount "$@" 2>/dev/null || true)"
+  resource="$(qa_parse_named_long --resource "$@" 2>/dev/null || true)"
+  [ -n "$owner" ] || owner="${MY_ADDR:-}"
+  [ -n "$owner" ] || return 1
+  [ -n "$receiver" ] || return 1
+  [ -n "$amount" ] || return 1
+  [ -n "$resource" ] || return 1
+
+  local token label workspace out_file available
+  token="$(mktemp "$RUNTIME_DIR/preflight.XXXXXX")"
+  rm -f "$token"
+  label="$(basename "$token")"
+  workspace="$(qa_reset_workspace "$label" "empty")"
+  qa_run_cli_capture "$workspace" "$label" json default \
+    get-delegated-resource-v2 --from "$owner" --to "$receiver" >/dev/null 2>&1 || true
+  out_file="$RESULTS_DIR/${label}_json.out"
+  available="$(python3 - <<'PY' "$out_file" "$resource"
+import json, sys, time
+
+path = sys.argv[1]
+resource = int(sys.argv[2])
+now = int(time.time() * 1000)
+
+try:
+    payload = json.load(open(path, "r", encoding="utf-8"))
+except Exception:
+    print(0)
+    raise SystemExit(0)
+
+data = payload.get("data", {})
+
+def walk(node):
+    total = 0
+    if isinstance(node, dict):
+        bw = int(node.get("frozenBalanceForBandwidth", 0) or 0)
+        en = int(node.get("frozenBalanceForEnergy", 0) or 0)
+        bw_expire = int(node.get("expireTimeForBandwidth", 0) or 0)
+        en_expire = int(node.get("expireTimeForEnergy", 0) or 0)
+        if resource == 0 and bw:
+            if bw_expire == 0 or bw_expire < now:
+                total += bw
+        if resource == 1 and en:
+            if en_expire == 0 or en_expire < now:
+                total += en
+        for value in node.values():
+            total += walk(value)
+    elif isinstance(node, list):
+        for item in node:
+            total += walk(item)
+    return total
+
+print(walk(data))
+PY
+)" || available=0
+  rm -rf "$workspace"
+  rm -f "$RESULTS_DIR/${label}_json.out" "$RESULTS_DIR/${label}_json.err" "$RESULTS_DIR/${label}_json.exit"
+  [ "${available:-0}" -ge "$amount" ]
+}
+
+qa_preflight_has_available_unfreeze_v2_entry() {
+  local owner
+  owner="$(qa_parse_named_value --owner "$@" 2>/dev/null || true)"
+  [ -n "$owner" ] || owner="${MY_ADDR:-}"
+  [ -n "$owner" ] || return 1
+
+  local token label workspace out_file has_entry
+  token="$(mktemp "$RUNTIME_DIR/preflight.XXXXXX")"
+  rm -f "$token"
+  label="$(basename "$token")"
+  workspace="$(qa_reset_workspace "$label" "empty")"
+  qa_run_cli_capture "$workspace" "$label" json default \
+    get-account --address "$owner" >/dev/null 2>&1 || true
+  out_file="$RESULTS_DIR/${label}_json.out"
+  has_entry="$(python3 - <<'PY' "$out_file"
+import json, sys
+
+try:
+    payload = json.load(open(sys.argv[1], "r", encoding="utf-8"))
+except Exception:
+    print("false")
+    raise SystemExit(0)
+
+data = payload.get("data")
+
+def walk(node):
+    if isinstance(node, dict):
+        for key, value in node.items():
+            lowered = str(key).lower()
+            if lowered in ("unfrozenv2", "unfrozenv2list"):
+                if isinstance(value, list) and value:
+                    return True
+            if walk(value):
+                return True
+    elif isinstance(node, list):
+        for item in node:
+            if walk(item):
+                return True
+    return False
+
+print("true" if walk(data) else "false")
+PY
+)" || has_entry=false
+  rm -rf "$workspace"
+  rm -f "$RESULTS_DIR/${label}_json.out" "$RESULTS_DIR/${label}_json.err" "$RESULTS_DIR/${label}_json.exit"
+  [ "$has_entry" = "true" ]
+}
+
+qa_preflight_can_withdraw_witness_balance() {
+  local owner
+  owner="$(qa_parse_named_value --owner "$@" 2>/dev/null || true)"
+  [ -n "$owner" ] || owner="${MY_ADDR:-}"
+  [ -n "$owner" ] || return 1
+
+  local token label workspace out_file can_withdraw
+  token="$(mktemp "$RUNTIME_DIR/preflight.XXXXXX")"
+  rm -f "$token"
+  label="$(basename "$token")"
+  workspace="$(qa_reset_workspace "$label" "empty")"
+  qa_run_cli_capture "$workspace" "$label" json default \
+    get-account --address "$owner" >/dev/null 2>&1 || true
+  out_file="$RESULTS_DIR/${label}_json.out"
+  can_withdraw="$(python3 - <<'PY' "$out_file"
+import json, sys, time
+
+try:
+    payload = json.load(open(sys.argv[1], "r", encoding="utf-8"))
+except Exception:
+    print("false")
+    raise SystemExit(0)
+
+data = payload.get("data") if isinstance(payload, dict) else {}
+if not isinstance(data, dict):
+    print("false")
+    raise SystemExit(0)
+
+allowance = int(data.get("allowance", 0) or 0)
+latest_withdraw_time = int(data.get("latest_withdraw_time", 0) or 0)
+now = int(time.time() * 1000)
+eligible_time = latest_withdraw_time <= 0 or now - latest_withdraw_time >= 24 * 60 * 60 * 1000
+print("true" if data.get("is_witness") is True and allowance > 0 and eligible_time else "false")
+PY
+)" || can_withdraw=false
+  rm -rf "$workspace"
+  rm -f "$RESULTS_DIR/${label}_json.out" "$RESULTS_DIR/${label}_json.err" "$RESULTS_DIR/${label}_json.exit"
+  [ "$can_withdraw" = "true" ]
+}
+
+qa_preflight_check() {
+  local spec_csv="$1"
+  shift
+  local -a argv=("$@")
+  local item threshold required_amount
+  local -a specs=()
+  qa_load_seeds
+  IFS=',' read -r -a specs <<< "$spec_csv"
+  for item in "${specs[@]-}"; do
+    item="$(printf '%s' "$item" | xargs)"
+    [ -z "$item" ] && continue
+    case "$item" in
+      none)
+        ;;
+      needs_auth_wallet)
+        qa_auth_wallet_available || { echo "missing auth wallet seed"; return 1; }
+        ;;
+      needs_target_addr)
+        [ -n "$TARGET_ADDR" ] || { echo "missing target address"; return 1; }
+        ;;
+      needs_block_seed)
+        [ -n "${BLOCK_ID:-}" ] || { echo "missing block seed"; return 1; }
+        ;;
+      needs_tx_seed)
+        [ -n "${TX_ID:-}" ] || { echo "missing tx seed"; return 1; }
+        ;;
+      needs_positive_trx_balance)
+        [ "${MY_TRX_BALANCE:-0}" -gt 0 ] || { echo "missing TRX balance"; return 1; }
+        ;;
+      needs_witness_wallet)
+        qa_preflight_needs_witness_wallet || { echo "auth wallet is not a witness"; return 1; }
+        ;;
+      needs_delegatable_resource)
+        qa_preflight_can_delegate_requested_amount "${argv[@]}" \
+          || { echo "delegatable resource below requested amount"; return 1; }
+        ;;
+      needs_undelegatable_resource)
+        qa_preflight_has_undelegatable_requested_amount "${argv[@]}" \
+          || { echo "undelegatable resource below requested amount"; return 1; }
+        ;;
+      needs_available_unfreeze_v2)
+        qa_preflight_has_available_unfreeze_v2_entry "${argv[@]}" \
+          || { echo "no cancelable unfreezeV2 entries available"; return 1; }
+        ;;
+      needs_withdrawable_witness_balance)
+        qa_preflight_can_withdraw_witness_balance "${argv[@]}" \
+          || { echo "no currently withdrawable witness balance"; return 1; }
+        ;;
+      needs_trx_balance_at_least:*)
+        threshold="${item#needs_trx_balance_at_least:}"
+        [ "${MY_TRX_BALANCE:-0}" -ge "$threshold" ] || { echo "TRX balance below $threshold"; return 1; }
+        ;;
+      legacy_stateful)
+        qa_preflight_stateful_case "${argv[@]}" || return 1
+        ;;
+      *)
+        echo "unknown preflight $item"
+        return 1
+        ;;
+    esac
+  done
+  return 0
+}
+
+qa_prepare_seeds() {
+  local seed_workspace auth_workspace seed_file
+  seed_file="$(qa_seed_file)"
+  : > "$seed_file"
+
+  local my_addr="" first_wallet="" first_wallet_name="" first_wallet_file="" witness_addr="" my_trx_balance="0"
+  if qa_has_private_key; then
+    auth_workspace="$(qa_reset_workspace "_seed_auth" "auth")"
+    qa_run_cli_capture "$auth_workspace" "_seed_get_address" text default get-address
+    qa_run_cli_capture "$auth_workspace" "_seed_list_wallet" json default list-wallet
+    qa_run_cli_capture "$auth_workspace" "_seed_list_witnesses" json default list-witnesses
+    qa_run_cli_capture "$auth_workspace" "_seed_get_balance" json default get-balance
+
+    my_addr="$(grep -o 'T[A-Za-z0-9]\{33\}' "$RESULTS_DIR/_seed_get_address_text.out" | head -1 || true)"
+    first_wallet="$(python3 - <<'PY' "$RESULTS_DIR/_seed_list_wallet_json.out"
+import json, sys
+try:
+    data = json.load(open(sys.argv[1], 'r', encoding='utf-8'))
+    wallets = data.get('data', {}).get('wallets', [])
+    print(wallets[0].get('wallet-address', '') if wallets else '')
+except Exception:
+    print('')
+PY
+)"
+    first_wallet_name="$(python3 - <<'PY' "$RESULTS_DIR/_seed_list_wallet_json.out"
+import json, sys
+try:
+    data = json.load(open(sys.argv[1], 'r', encoding='utf-8'))
+    wallets = data.get('data', {}).get('wallets', [])
+    print(wallets[0].get('wallet-name', '') if wallets else '')
+except Exception:
+    print('')
+PY
+)"
+    witness_addr="$(grep -o 'T[A-Za-z0-9]\{33\}' "$RESULTS_DIR/_seed_list_witnesses_json.out" | head -1 || true)"
+    my_trx_balance="$(python3 - <<'PY' "$RESULTS_DIR/_seed_get_balance_json.out"
+import json, sys
+try:
+    data = json.load(open(sys.argv[1], 'r', encoding='utf-8'))
+    payload = data.get('data', {})
+    balance = payload.get('balance_sun')
+    if balance is None:
+        balance = payload.get('balance')
+    print(int(balance) if balance is not None else 0)
+except Exception:
+    print(0)
+PY
+)"
+    first_wallet_file="$(find "$RUNTIME_DIR/templates/auth/Wallet" -maxdepth 1 -type f -name '*.json' | sort | head -1 | sed "s|$RUNTIME_DIR/templates/auth/Wallet/||" || true)"
+  fi
+
+  seed_workspace="$(qa_reset_workspace "_seed_public" "empty")"
+  qa_run_cli_capture "$seed_workspace" "_seed_blocks" json default get-block-by-latest-num --count 10
+
+  local block_id tx_id
+  block_id="$(python3 - <<'PY' "$RESULTS_DIR/_seed_blocks_json.out"
+import json, sys
+try:
+    data = json.load(open(sys.argv[1], 'r', encoding='utf-8'))
+    payload = data.get('data', {})
+    result = payload.get('result')
+    blocks = result if isinstance(result, list) else payload.get('block', [])
+    if isinstance(blocks, list) and blocks:
+        print(blocks[0].get('blockid', ''))
+    else:
+        print('')
+except Exception:
+    print('')
+PY
+)"
+  tx_id="$(grep -o '"txid"[[:space:]]*:[[:space:]]*"[^"]*"' "$RESULTS_DIR/_seed_blocks_json.out" | head -1 | awk -F'"' '{print $4}' || true)"
+
+  {
+    printf 'MY_ADDR=%q\n' "$my_addr"
+    printf 'FIRST_WALLET_ADDRESS=%q\n' "$first_wallet"
+    printf 'FIRST_WALLET_NAME=%q\n' "$first_wallet_name"
+    printf 'FIRST_WALLET_FILE=%q\n' "$first_wallet_file"
+    printf 'WITNESS_ADDR=%q\n' "$witness_addr"
+    printf 'BLOCK_ID=%q\n' "$block_id"
+    printf 'TX_ID=%q\n' "$tx_id"
+    printf 'MY_TRX_BALANCE=%q\n' "$my_trx_balance"
+  } >> "$seed_file"
+}
diff --git a/qa/lib/report.sh b/qa/lib/report.sh
new file mode 100644
index 00000000..43e9383a
--- /dev/null
+++ b/qa/lib/report.sh
@@ -0,0 +1,135 @@
+#!/bin/bash
+
+qa_is_contract_label() {
+  local label="$1"
+  awk -F'|' -v case_label="$label" '$1 == case_label { found=1 } END { exit(found ? 0 : 1) }' \
+    "$CONTRACTS_FILE"
+}
+
+qa_is_stateful_label() {
+  local label="$1"
+  qa_is_stateful_command "$label"
+}
+
+qa_generate_report() {
+  local registered_count="$1"
+  local smoke_count="$2"
+  local excluded_count="$3"
+  local missing_count="$4"
+  local stale_count="$5"
+  local contract_case_count="$6"
+
+  local smoke_total=0 smoke_passed=0 smoke_failed=0 smoke_skipped=0
+  local stateful_total=0 stateful_passed=0 stateful_failed=0 stateful_skipped=0
+  local help_total=0 help_passed=0 help_failed=0 help_skipped=0
+  local contract_total=0 contract_passed=0 contract_failed=0 contract_skipped=0
+  local validated_supported=0 skipped_supported=0 overall_failures=0
+
+  {
+    echo "==============================================================="
+    echo "  Standard CLI Contract Report"
+    echo "==============================================================="
+    echo
+    echo "Registered commands: $registered_count"
+    echo "Smoke-covered commands: $smoke_count"
+    echo "Unsupported/excluded commands: $excluded_count"
+    echo "Contract regression cases: $contract_case_count"
+    echo "Missing manifest entries: $missing_count"
+    echo "Stale manifest entries: $stale_count"
+    echo
+  } > "$REPORT_FILE"
+
+  for result_file in "$RESULTS_DIR"/*.result; do
+    [ -f "$result_file" ] || continue
+    local label status bucket
+    label="$(basename "$result_file" .result)"
+    status="$(cat "$result_file")"
+
+    if [[ "$label" == help__* ]]; then
+      bucket="help"
+    elif qa_is_contract_label "$label"; then
+      bucket="contract"
+    elif qa_is_stateful_label "$label"; then
+      bucket="stateful"
+    else
+      bucket="smoke"
+    fi
+
+    case "$bucket" in
+      help)
+        help_total=$((help_total + 1))
+        if [[ "$status" == PASS* ]]; then
+          help_passed=$((help_passed + 1))
+        elif [[ "$status" == SKIP* ]]; then
+          help_skipped=$((help_skipped + 1))
+        else
+          help_failed=$((help_failed + 1))
+          overall_failures=$((overall_failures + 1))
+        fi
+        ;;
+      contract)
+        contract_total=$((contract_total + 1))
+        if [[ "$status" == PASS* ]]; then
+          contract_passed=$((contract_passed + 1))
+          echo "  [contract] ✓ $label" >> "$REPORT_FILE"
+        elif [[ "$status" == SKIP* ]]; then
+          contract_skipped=$((contract_skipped + 1))
+          echo "  [contract] - $label ($status)" >> "$REPORT_FILE"
+        else
+          contract_failed=$((contract_failed + 1))
+          overall_failures=$((overall_failures + 1))
+          echo "  [contract] ✗ $label — $status" >> "$REPORT_FILE"
+        fi
+        ;;
+      stateful)
+        stateful_total=$((stateful_total + 1))
+        if [[ "$status" == PASS* ]]; then
+          stateful_passed=$((stateful_passed + 1))
+          validated_supported=$((validated_supported + 1))
+          echo "  [stateful] ✓ $label" >> "$REPORT_FILE"
+        elif [[ "$status" == SKIP* ]]; then
+          stateful_skipped=$((stateful_skipped + 1))
+          skipped_supported=$((skipped_supported + 1))
+          echo "  [stateful] - $label ($status)" >> "$REPORT_FILE"
+        else
+          stateful_failed=$((stateful_failed + 1))
+          overall_failures=$((overall_failures + 1))
+          echo "  [stateful] ✗ $label — $status" >> "$REPORT_FILE"
+        fi
+        ;;
+      smoke)
+        smoke_total=$((smoke_total + 1))
+        if [[ "$status" == PASS* ]]; then
+          smoke_passed=$((smoke_passed + 1))
+          validated_supported=$((validated_supported + 1))
+          echo "  [smoke] ✓ $label" >> "$REPORT_FILE"
+        elif [[ "$status" == SKIP* ]]; then
+          smoke_skipped=$((smoke_skipped + 1))
+          skipped_supported=$((skipped_supported + 1))
+          echo "  [smoke] - $label ($status)" >> "$REPORT_FILE"
+        else
+          smoke_failed=$((smoke_failed + 1))
+          overall_failures=$((overall_failures + 1))
+          echo "  [smoke] ✗ $label — $status" >> "$REPORT_FILE"
+        fi
+        ;;
+    esac
+  done
+
+  {
+    echo
+    echo "---------------------------------------------------------------"
+    echo "Validated supported commands: $validated_supported"
+    echo "Skipped supported commands: $skipped_supported"
+    echo "Smoke Cases: total=$smoke_total passed=$smoke_passed failed=$smoke_failed skipped=$smoke_skipped"
+    echo "Stateful Cases: total=$stateful_total passed=$stateful_passed failed=$stateful_failed skipped=$stateful_skipped"
+    echo "Help Cases: total=$help_total passed=$help_passed failed=$help_failed skipped=$help_skipped"
+    echo "Contract Cases: total=$contract_total passed=$contract_passed failed=$contract_failed skipped=$contract_skipped"
+    if [ "$missing_count" -eq 0 ] && [ "$stale_count" -eq 0 ] && [ "$overall_failures" -eq 0 ]; then
+      echo "Overall Compliance: PASS"
+    else
+      echo "Overall Compliance: FAIL"
+    fi
+    echo "==============================================================="
+  } >> "$REPORT_FILE"
+}
diff --git a/qa/lib/semantic.sh b/qa/lib/semantic.sh
new file mode 100644
index 00000000..d9dc16a6
--- /dev/null
+++ b/qa/lib/semantic.sh
@@ -0,0 +1,259 @@
+#!/bin/bash
+
+qa_assert_exit_code() {
+  local file="$1"
+  local expected="$2"
+  [ "$(cat "$file")" = "$expected" ]
+}
+
+qa_assert_single_json_object() {
+  local file="$1"
+  python3 - <<'PY' "$file"
+import json
+import sys
+
+text = open(sys.argv[1], "r", encoding="utf-8").read()
+if not text.strip():
+    raise SystemExit("JSON stdout is empty")
+decoder = json.JSONDecoder()
+_, end = decoder.raw_decode(text.lstrip())
+remaining = text.lstrip()[end:].strip()
+if remaining:
+    raise SystemExit("JSON stdout must contain exactly one top-level object")
+print("PASS")
+PY
+}
+
+qa_assert_json_success() {
+  local file="$1"
+  qa_assert_single_json_object "$file" >/dev/null 2>&1 || return 1
+  python3 - <<'PY' "$file"
+import json
+import sys
+
+payload = json.load(open(sys.argv[1], "r", encoding="utf-8"))
+if not isinstance(payload, dict) or payload.get("success") is not True or "data" not in payload:
+    raise SystemExit(1)
+print("PASS")
+PY
+}
+
+qa_assert_json_error() {
+  local file="$1"
+  local expectation="$2"
+  local expected_code="${3:-}"
+  qa_assert_single_json_object "$file" >/dev/null 2>&1 || return 1
+  python3 - <<'PY' "$file" "$expectation" "$expected_code"
+import json
+import sys
+
+payload = json.load(open(sys.argv[1], "r", encoding="utf-8"))
+expectation = sys.argv[2]
+expected_code = sys.argv[3]
+if not isinstance(payload, dict) or payload.get("success") is not False:
+    raise SystemExit(1)
+error = payload.get("error")
+message = payload.get("message")
+if not error or not message:
+    raise SystemExit(1)
+if expected_code and error != expected_code:
+    raise SystemExit(1)
+if expectation == "usage" and error != "usage_error":
+    raise SystemExit(1)
+if expectation == "execution" and error == "usage_error":
+    raise SystemExit(1)
+print("PASS")
+PY
+}
+
+qa_assert_json_path_exists() {
+  local file="$1"
+  local path="$2"
+  qa_json_path_exists_in_file "$file" "$path"
+}
+
+qa_assert_json_path_absent() {
+  local file="$1"
+  local path="$2"
+  ! qa_json_path_exists_in_file "$file" "$path"
+}
+
+qa_assert_json_stderr_clean() {
+  local file="$1"
+  [ -z "$(qa_filtered_stderr "$file")" ]
+}
+
+qa_assert_text_contains() {
+  local file="$1"
+  local csv="${2:-}"
+  local token text
+  local -a tokens=()
+  text="$(qa_filtered_text_stdout "$file")"
+  IFS=',' read -r -a tokens <<< "$csv"
+  for token in "${tokens[@]-}"; do
+    token="$(printf '%s' "$token" | xargs)"
+    [ -z "$token" ] && continue
+    printf '%s' "$text" | grep -Fq -- "$token" || return 1
+  done
+  return 0
+}
+
+qa_assert_text_absent() {
+  local file="$1"
+  local csv="${2:-}"
+  local token text
+  local -a tokens=()
+  text="$(qa_filtered_text_stdout "$file")"
+  IFS=',' read -r -a tokens <<< "$csv"
+  for token in "${tokens[@]-}"; do
+    token="$(printf '%s' "$token" | xargs)"
+    [ -z "$token" ] && continue
+    printf '%s' "$text" | grep -Fq -- "$token" && return 1
+  done
+  return 0
+}
+
+qa_assert_text_not_error_like() {
+  local file="$1"
+  qa_assert_text_absent "$file" "Error:,Usage:"
+}
+
+qa_assert_json_paths() {
+  local file="$1"
+  local exists_csv="${2:-}"
+  local absent_csv="${3:-}"
+  local path
+  local -a exists_paths=()
+  local -a absent_paths=()
+  IFS=',' read -r -a exists_paths <<< "$exists_csv"
+  IFS=',' read -r -a absent_paths <<< "$absent_csv"
+  for path in "${exists_paths[@]-}"; do
+    path="$(printf '%s' "$path" | xargs)"
+    [ -z "$path" ] && continue
+    qa_assert_json_path_exists "$file" "$path" || return 1
+  done
+  for path in "${absent_paths[@]-}"; do
+    path="$(printf '%s' "$path" | xargs)"
+    [ -z "$path" ] && continue
+    qa_assert_json_path_absent "$file" "$path" || return 1
+  done
+  return 0
+}
+
+qa_assert_workspace_paths() {
+  local workspace="$1"
+  local exists_csv="${2:-}"
+  local absent_csv="${3:-}"
+  local path
+  local -a exists_paths=()
+  local -a absent_paths=()
+  IFS=',' read -r -a exists_paths <<< "$exists_csv"
+  IFS=',' read -r -a absent_paths <<< "$absent_csv"
+  for path in "${exists_paths[@]-}"; do
+    path="$(printf '%s' "$path" | xargs)"
+    [ -z "$path" ] && continue
+    [ -e "$workspace/$path" ] || return 1
+  done
+  for path in "${absent_paths[@]-}"; do
+    path="$(printf '%s' "$path" | xargs)"
+    [ -z "$path" ] && continue
+    [ ! -e "$workspace/$path" ] || return 1
+  done
+  return 0
+}
+
+qa_assert_case_files() {
+  local label="$1"
+  local expectation="$2"
+  local mode="$3"
+  local json_path_exists="${4:-}"
+  local json_path_absent="${5:-}"
+  local error_code="${6:-}"
+  local text_contains="${7:-}"
+  local text_absent="${8:-}"
+  local workspace="${9:-}"
+  local workspace_path_exists="${10:-}"
+  local workspace_path_absent="${11:-}"
+
+  case "$expectation" in
+    success)
+      if [ "$mode" = "dual" ] || [ "$mode" = "text" ]; then
+        qa_assert_exit_code "$RESULTS_DIR/${label}_text.exit" 0 || return 1
+        qa_assert_text_not_error_like "$RESULTS_DIR/${label}_text.out" || return 1
+        qa_assert_text_contains "$RESULTS_DIR/${label}_text.out" "$text_contains" || return 1
+        qa_assert_text_absent "$RESULTS_DIR/${label}_text.out" "$text_absent" || return 1
+      fi
+      if [ "$mode" = "dual" ] || [ "$mode" = "json" ]; then
+        qa_assert_exit_code "$RESULTS_DIR/${label}_json.exit" 0 || return 1
+        qa_assert_json_success "$RESULTS_DIR/${label}_json.out" >/dev/null 2>&1 || return 1
+        qa_assert_json_stderr_clean "$RESULTS_DIR/${label}_json.err" || return 1
+        qa_assert_json_paths "$RESULTS_DIR/${label}_json.out" "$json_path_exists" "$json_path_absent" || return 1
+      fi
+      ;;
+    stateful_replay_execution)
+      qa_assert_exit_code "$RESULTS_DIR/${label}_text.exit" 0 || return 1
+      qa_assert_text_not_error_like "$RESULTS_DIR/${label}_text.out" || return 1
+      qa_assert_text_contains "$RESULTS_DIR/${label}_text.out" "$text_contains" || return 1
+      qa_assert_text_absent "$RESULTS_DIR/${label}_text.out" "$text_absent" || return 1
+      qa_assert_exit_code "$RESULTS_DIR/${label}_json.exit" 1 || return 1
+      qa_assert_json_error "$RESULTS_DIR/${label}_json.out" execution "$error_code" >/dev/null 2>&1 || return 1
+      qa_assert_json_stderr_clean "$RESULTS_DIR/${label}_json.err" || return 1
+      qa_assert_json_paths "$RESULTS_DIR/${label}_json.out" "$json_path_exists" "$json_path_absent" || return 1
+      ;;
+    usage)
+      if [ "$mode" = "dual" ] || [ "$mode" = "text" ]; then
+        qa_assert_exit_code "$RESULTS_DIR/${label}_text.exit" 2 || return 1
+        qa_assert_text_contains "$RESULTS_DIR/${label}_text.err" "$text_contains" || return 1
+        qa_assert_text_absent "$RESULTS_DIR/${label}_text.err" "$text_absent" || return 1
+        qa_assert_text_absent "$RESULTS_DIR/${label}_text.out" "Error:" || return 1
+      fi
+      if [ "$mode" = "dual" ] || [ "$mode" = "json" ]; then
+        qa_assert_exit_code "$RESULTS_DIR/${label}_json.exit" 2 || return 1
+        qa_assert_json_error "$RESULTS_DIR/${label}_json.out" usage "$error_code" >/dev/null 2>&1 || return 1
+        qa_assert_json_stderr_clean "$RESULTS_DIR/${label}_json.err" || return 1
+        qa_assert_json_paths "$RESULTS_DIR/${label}_json.out" "$json_path_exists" "$json_path_absent" || return 1
+      fi
+      ;;
+    execution)
+      if [ "$mode" = "dual" ] || [ "$mode" = "text" ]; then
+        qa_assert_exit_code "$RESULTS_DIR/${label}_text.exit" 1 || return 1
+        qa_assert_text_contains "$RESULTS_DIR/${label}_text.err" "$text_contains" || return 1
+        qa_assert_text_absent "$RESULTS_DIR/${label}_text.err" "$text_absent" || return 1
+        qa_assert_text_absent "$RESULTS_DIR/${label}_text.out" "Error:" || return 1
+      fi
+      if [ "$mode" = "dual" ] || [ "$mode" = "json" ]; then
+        qa_assert_exit_code "$RESULTS_DIR/${label}_json.exit" 1 || return 1
+        qa_assert_json_error "$RESULTS_DIR/${label}_json.out" execution "$error_code" >/dev/null 2>&1 || return 1
+        qa_assert_json_stderr_clean "$RESULTS_DIR/${label}_json.err" || return 1
+        qa_assert_json_paths "$RESULTS_DIR/${label}_json.out" "$json_path_exists" "$json_path_absent" || return 1
+      fi
+      ;;
+    help_dual)
+      qa_assert_exit_code "$RESULTS_DIR/${label}_text.exit" 0 || return 1
+      qa_assert_exit_code "$RESULTS_DIR/${label}_json.exit" 0 || return 1
+      qa_assert_text_contains "$RESULTS_DIR/${label}_text.out" "${text_contains:-Usage:,wallet-cli}" || return 1
+      qa_assert_text_absent "$RESULTS_DIR/${label}_text.out" "${text_absent:-Error:}" || return 1
+      qa_assert_json_success "$RESULTS_DIR/${label}_json.out" >/dev/null 2>&1 || return 1
+      qa_assert_json_stderr_clean "$RESULTS_DIR/${label}_json.err" || return 1
+      qa_assert_json_paths "$RESULTS_DIR/${label}_json.out" "${json_path_exists:-data.help}" "$json_path_absent" || return 1
+      ;;
+    help_text)
+      qa_assert_exit_code "$RESULTS_DIR/${label}_text.exit" 0 || return 1
+      qa_assert_text_contains "$RESULTS_DIR/${label}_text.out" "${text_contains:-Usage:,wallet-cli}" || return 1
+      qa_assert_text_absent "$RESULTS_DIR/${label}_text.out" "${text_absent:-Error:}" || return 1
+      ;;
+    help_json)
+      qa_assert_exit_code "$RESULTS_DIR/${label}_json.exit" 0 || return 1
+      qa_assert_json_success "$RESULTS_DIR/${label}_json.out" >/dev/null 2>&1 || return 1
+      qa_assert_json_stderr_clean "$RESULTS_DIR/${label}_json.err" || return 1
+      qa_assert_json_paths "$RESULTS_DIR/${label}_json.out" "${json_path_exists:-data.help}" "$json_path_absent" || return 1
+      ;;
+    *)
+      return 1
+      ;;
+  esac
+  if [ -n "$workspace" ]; then
+    qa_assert_workspace_paths "$workspace" "$workspace_path_exists" "$workspace_path_absent" || return 1
+  fi
+  return 0
+}
diff --git a/qa/manifest.tsv b/qa/manifest.tsv
new file mode 100644
index 00000000..e9e2111c
--- /dev/null
+++ b/qa/manifest.tsv
@@ -0,0 +1,118 @@
+get-address|auth-success|auth|private_key|
+get-balance|auth-success|auth|private_key|
+get-account|noauth-success|auth|private_key|--address {{MY_ADDR}}
+get-account-by-id|expected-usage-error|auth|private_key|
+get-account-net|noauth-success|auth|private_key|--address {{MY_ADDR}}
+get-account-resource|noauth-success|auth|private_key|--address {{MY_ADDR}}
+get-usdt-balance|auth-success|auth|private_key|
+current-network|noauth-success|empty|none|
+get-block|noauth-success|empty|none|
+get-block-by-id|noauth-success|empty|none|--id {{BLOCK_ID}}
+get-block-by-id-or-num|noauth-success|empty|none|--value 1
+get-block-by-latest-num|noauth-success|empty|none|--count 2
+get-block-by-limit-next|noauth-success|empty|none|--start 1 --end 3
+get-transaction-by-id|noauth-success|empty|none|--id {{TX_ID}}
+get-transaction-info-by-id|noauth-success|empty|none|--id {{TX_ID}}
+get-transaction-count-by-block-num|noauth-success|empty|none|--number 1
+get-asset-issue-by-account|noauth-success|auth|private_key|--address {{MY_ADDR}}
+get-asset-issue-by-id|noauth-success|empty|none|--id 1000001
+get-asset-issue-by-name|noauth-success|empty|none|--name TRX
+get-asset-issue-list-by-name|noauth-success|empty|none|--name TRX
+get-chain-parameters|noauth-success|empty|none|
+get-bandwidth-prices|noauth-success|empty|none|
+get-energy-prices|noauth-success|empty|none|
+get-memo-fee|noauth-success|empty|none|
+get-next-maintenance-time|noauth-success|empty|none|
+get-contract|noauth-success|empty|none|--address {{USDT_NILE}}
+get-contract-info|noauth-success|empty|none|--address {{USDT_NILE}}
+get-delegated-resource|noauth-success|auth|private_key|--from {{MY_ADDR}} --to {{MY_ADDR}}
+get-delegated-resource-v2|noauth-success|auth|private_key|--from {{MY_ADDR}} --to {{MY_ADDR}}
+get-delegated-resource-account-index|noauth-success|auth|private_key|--address {{MY_ADDR}}
+get-delegated-resource-account-index-v2|noauth-success|auth|private_key|--address {{MY_ADDR}}
+get-can-delegated-max-size|noauth-success|auth|private_key|--owner {{MY_ADDR}} --type 0
+get-available-unfreeze-count|noauth-success|auth|private_key|--address {{MY_ADDR}}
+get-can-withdraw-unfreeze-amount|noauth-success|auth|private_key|--address {{MY_ADDR}}
+get-brokerage|noauth-success|auth|private_key|--address {{MY_ADDR}}
+get-reward|noauth-success|auth|private_key|--address {{MY_ADDR}}
+list-nodes|noauth-success|empty|none|
+list-witnesses|noauth-success|empty|none|
+list-asset-issue|noauth-success|empty|none|
+list-asset-issue-paginated|noauth-success|empty|none|--offset 0 --limit 5
+list-proposals|noauth-success|empty|none|
+list-proposals-paginated|noauth-success|empty|none|--offset 0 --limit 5
+get-proposal|noauth-success|empty|none|--id 1
+list-exchanges|noauth-success|empty|none|
+list-exchanges-paginated|noauth-success|empty|none|--offset 0 --limit 5
+get-exchange|noauth-success|empty|none|--id 1
+get-market-order-by-account|noauth-success|auth|private_key|--address {{MY_ADDR}}
+get-market-order-by-id|expected-execution-error|empty|none|--id {{FAKE_ID_64}}
+get-market-order-list-by-pair|noauth-success|empty|none|--sell-token _ --buy-token 1000001
+get-market-pair-list|noauth-success|empty|none|
+get-market-price-by-pair|noauth-success|empty|none|--sell-token _ --buy-token 1000001
+gas-free-info|expected-execution-error|empty|none|--address {{TARGET_ADDR}}
+gas-free-trace|expected-execution-error|empty|none|--id {{FAKE_ID_64}}
+send-coin|stateful-success|auth|private_key|--to {{TARGET_ADDR}} --amount 1|data.txid|||SendCoin successful !!|needs_auth_wallet,needs_target_addr,needs_trx_balance_at_least:1
+transfer-asset|expected-execution-error|auth|private_key|--to {{TARGET_ADDR}} --asset 1000001 --amount 1
+transfer-usdt|stateful-success|auth|private_key|--to {{TARGET_ADDR}} --amount 1|data.txid|||TransferUSDT successful !!|needs_auth_wallet,needs_target_addr,needs_positive_trx_balance
+participate-asset-issue|expected-execution-error|auth|private_key|--to {{TARGET_ADDR}} --asset 1000001 --amount 1
+asset-issue|expected-usage-error|auth|private_key|--name TESTTOKEN --abbr TT --total-supply 1000000 --trx-num 1 --ico-num 1 --start-time 2099-01-01 --end-time 2099-01-02 --url http://test.example.com --free-net-limit 0 --public-free-net-limit 0
+create-account|expected-usage-error|auth|private_key|--address TINVALIDADDRESS
+update-account|expected-execution-error|auth|private_key|--name qa-test
+set-account-id|expected-execution-error|auth|private_key|--id qa-test-id
+update-asset|expected-execution-error|auth|private_key|--description test --url http://test.example.com --new-limit 1000 --new-public-limit 1000
+broadcast-transaction|expected-execution-error|empty|none|--transaction 0a0200
+add-transaction-sign|expected-execution-error|empty|none|--transaction 0a0200
+update-account-permission|expected-execution-error|auth|private_key|--owner {{MY_ADDR}} --permissions '{"owner_permission":{"type":0,"permission_name":"owner","threshold":1,"keys":[{"address":"{{MY_ADDR}}","weight":1}]}}'
+tronlink-multi-sign|excluded-interactive|auth|private_key|
+gas-free-transfer|expected-execution-error|auth|private_key|--to {{TARGET_ADDR}} --amount 1
+deploy-contract|auth-success|auth|private_key|--name TestContract --abi '[]' --bytecode 6080 --fee-limit 1000000000|data.txid|||DeployContract successful !!|needs_auth_wallet,needs_positive_trx_balance
+trigger-contract|stateful-success|auth|private_key|--contract {{USDT_NILE}} --method 'transfer(address,uint256)' --params '"{{TARGET_ADDR}}",1' --fee-limit 100000000|data.txid|||TriggerContract successful !!|needs_auth_wallet,needs_target_addr,needs_positive_trx_balance
+trigger-constant-contract|noauth-success|auth|private_key|--contract {{USDT_NILE}} --method 'balanceOf(address)' --params '"{{MY_ADDR}}"'
+estimate-energy|auth-success|auth|private_key|--contract {{USDT_NILE}} --method 'transfer(address,uint256)' --params '"{{TARGET_ADDR}}",1'
+clear-contract-abi|expected-execution-error|auth|private_key|--contract {{USDT_NILE}}
+update-setting|expected-execution-error|auth|private_key|--contract {{USDT_NILE}} --consume-user-resource-percent 0
+update-energy-limit|expected-execution-error|auth|private_key|--contract {{USDT_NILE}} --origin-energy-limit 10000000
+freeze-balance|expected-execution-error|auth|private_key|--amount 1000000 --duration 3
+freeze-balance-v2|stateful-success|auth|private_key|--amount 1000000 --resource 1|data.txid|||FreezeBalanceV2 successful !!|needs_auth_wallet,needs_trx_balance_at_least:1000000
+unfreeze-balance|expected-execution-error|auth|private_key|
+unfreeze-balance-v2|stateful-success|auth|private_key|--amount 1000000 --resource 1|data.txid|||UnfreezeBalanceV2 successful !!|needs_auth_wallet,needs_positive_trx_balance
+withdraw-expire-unfreeze|expected-execution-error|auth|private_key|
+delegate-resource|auth-success|auth|private_key|--amount 1000000 --resource 0 --receiver {{TARGET_ADDR}}|data.txid|||DelegateResource successful !!|needs_auth_wallet,needs_target_addr,needs_delegatable_resource
+undelegate-resource|auth-success|auth|private_key|--amount 1000000 --resource 0 --receiver {{TARGET_ADDR}}|data.txid|||UndelegateResource successful !!|needs_auth_wallet,needs_target_addr,needs_undelegatable_resource
+cancel-all-unfreeze-v2|stateful-replay-execution|auth|private_key|||||CancelAllUnfreezeV2 successful !!|needs_auth_wallet,needs_available_unfreeze_v2
+withdraw-balance|stateful-replay-execution|auth|private_key|||||WithdrawBalance successful !!|needs_auth_wallet,needs_withdrawable_witness_balance
+unfreeze-asset|expected-execution-error|auth|private_key|
+create-witness|expected-execution-error|auth|private_key|--url http://test.example.com
+update-witness|auth-success|auth|private_key|--url http://test.example.com|data.txid|||UpdateWitness successful !!|needs_auth_wallet,needs_witness_wallet
+vote-witness|expected-usage-error|auth|private_key|--votes {{TARGET_ADDR}}
+update-brokerage|auth-success|auth|private_key|--brokerage 10|data.txid|||UpdateBrokerage successful !!|needs_auth_wallet,needs_witness_wallet
+create-proposal|expected-execution-error|auth|private_key|--parameters '0 1'
+approve-proposal|expected-execution-error|auth|private_key|--id 1 --approve=true
+delete-proposal|expected-execution-error|auth|private_key|--id 1
+exchange-create|expected-execution-error|auth|private_key|--first-token _ --first-balance 1000000 --second-token 1000001 --second-balance 1
+exchange-inject|expected-execution-error|auth|private_key|--exchange-id 1 --token-id _ --quant 1000000
+exchange-withdraw|expected-execution-error|auth|private_key|--exchange-id 1 --token-id _ --quant 1000000
+exchange-transaction|expected-execution-error|auth|private_key|--exchange-id 1 --token-id _ --quant 1000000 --expected 1
+market-sell-asset|expected-execution-error|auth|private_key|--sell-token _ --sell-quantity 1000000 --buy-token 1000001 --buy-quantity 1
+market-cancel-order|expected-execution-error|auth|private_key|--order-id {{FAKE_ID_64}}
+register-wallet|excluded-interactive|empty|none|--words 12
+import-wallet|offline-success|empty|private_key|--name qaimport
+import-wallet-by-mnemonic|offline-success|empty|mnemonic|--name qamnemonic
+list-wallet|auth-success|auth|private_key|
+set-active-wallet|auth-success|auth|private_key|--address {{FIRST_WALLET_ADDRESS}}
+get-active-wallet|auth-success|auth|private_key|
+change-password|offline-success|auth|private_key|
+clear-wallet-keystore|offline-success|auth|private_key|--force
+reset-wallet|offline-success|auth|private_key|--confirm delete-all-wallets
+modify-wallet-name|auth-success|auth|private_key|--name renamed-wallet
+switch-network|offline-success|auth|private_key|--network nile
+lock|expected-execution-error|auth|private_key|
+unlock|expected-execution-error|auth|private_key|--duration 60
+generate-sub-account|excluded-interactive|auth|private_key|
+generate-address|offline-success|empty|none|
+get-private-key-by-mnemonic|offline-success|empty|mnemonic|
+encoding-converter|excluded-interactive|empty|none|
+address-book|excluded-interactive|empty|none|
+view-transaction-history|excluded-interactive|auth|private_key|
+view-backup-records|excluded-interactive|auth|private_key|
+help|offline-success|empty|none|
diff --git a/qa/run.sh b/qa/run.sh
new file mode 100644
index 00000000..9c26c78f
--- /dev/null
+++ b/qa/run.sh
@@ -0,0 +1,326 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+# shellcheck disable=SC1091
+source "$SCRIPT_DIR/config.sh"
+# shellcheck disable=SC1091
+source "$SCRIPT_DIR/lib/cli.sh"
+# shellcheck disable=SC1091
+source "$SCRIPT_DIR/lib/report.sh"
+
+# ---- Prerequisite checks ----
+for prereq in python3 java; do
+  if ! command -v "$prereq" >/dev/null 2>&1; then
+    echo "ERROR: Required command '$prereq' not found in PATH." >&2
+    exit 1
+  fi
+done
+
+MODE="verify"
+NO_BUILD=0
+SKIP_HELP=0
+CASE_FILTER=""
+MAX_JOBS="${QA_MAX_JOBS:-4}"
+LOCK_DIR="$PROJECT_DIR/qa/.verify.lock"
+LOCK_PID_FILE="$LOCK_DIR/pid"
+LOCK_CASE_FILE="$LOCK_DIR/case"
+LOCK_STARTED_FILE="$LOCK_DIR/started_at"
+LOCK_CMD_FILE="$LOCK_DIR/cmd"
+
+if [ $# -gt 0 ] && [[ "$1" != --* ]]; then
+  MODE="$1"
+  shift
+fi
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --case)
+      CASE_FILTER="$2"
+      shift 2
+      ;;
+    --no-build)
+      NO_BUILD=1
+      shift
+      ;;
+    --skip-help)
+      SKIP_HELP=1
+      shift
+      ;;
+    *)
+      echo "Unknown option: $1"
+      exit 1
+      ;;
+  esac
+done
+
+build_required() {
+  if [ ! -f "$WALLET_JAR" ]; then
+    return 0
+  fi
+  find src/main/java src/main/gen src/main/protos -type f -newer "$WALLET_JAR" -print -quit 2>/dev/null | grep -q . && return 0
+  for f in build.gradle settings.gradle; do
+    [ -f "$f" ] && [ "$f" -nt "$WALLET_JAR" ] && return 0
+  done
+  return 1
+}
+
+load_registered_commands() {
+  java -cp "$WALLET_JAR" org.tron.qa.QARunner list \
+    | sed -n 's/^  \([^ ]*\).*/\1/p'
+}
+
+load_manifest_commands() {
+  awk -F'|' 'NF >= 4 && $1 !~ /^#/ { print $1 }' "$MANIFEST_FILE"
+}
+
+load_contract_labels() {
+  awk -F'|' 'NF >= 6 && $1 !~ /^#/ { print $1 }' "$CONTRACTS_FILE"
+}
+
+manifest_count() {
+  load_manifest_commands | wc -l | tr -d ' '
+}
+
+manifest_excluded_count() {
+  awk -F'|' '$2 == "excluded-interactive" { count++ } END { print count + 0 }' "$MANIFEST_FILE"
+}
+
+audit_manifest() {
+  local registered_file manifest_file missing_file stale_file duplicates_file
+  registered_file="$RUNTIME_DIR/registered.txt"
+  manifest_file="$RUNTIME_DIR/manifest.txt"
+  missing_file="$RUNTIME_DIR/missing.txt"
+  stale_file="$RUNTIME_DIR/stale.txt"
+  duplicates_file="$RUNTIME_DIR/duplicates.txt"
+
+  load_registered_commands | sort > "$registered_file"
+  load_manifest_commands | sort > "$manifest_file"
+  awk -F'|' 'NF >= 4 && $1 !~ /^#/ { count[$1]++ } END { for (cmd in count) if (count[cmd] > 1) print cmd }' \
+    "$MANIFEST_FILE" | sort > "$duplicates_file"
+  comm -23 "$registered_file" "$manifest_file" > "$missing_file"
+  comm -13 "$registered_file" "$manifest_file" > "$stale_file"
+
+  if [ -s "$duplicates_file" ] || [ -s "$missing_file" ] || [ -s "$stale_file" ]; then
+    echo "Manifest audit failed."
+    [ -s "$duplicates_file" ] && { echo "Duplicate manifest entries:"; cat "$duplicates_file"; }
+    [ -s "$missing_file" ] && { echo "Missing manifest entries:"; cat "$missing_file"; }
+    [ -s "$stale_file" ] && { echo "Stale manifest entries:"; cat "$stale_file"; }
+    exit 1
+  fi
+}
+
+enqueue_task() {
+  printf '%s|%s\n' "$1" "$2"
+}
+
+run_task_file_parallel() {
+  local task_file="$1"
+  local jobs="$2"
+  [ -s "$task_file" ] || return 0
+  xargs -P "$jobs" -n 2 bash "$SCRIPT_DIR/task_runner.sh" < <(tr '|' '\n' < "$task_file")
+}
+
+run_task_file_serial() {
+  local task_file="$1"
+  [ -s "$task_file" ] || return 0
+  while IFS='|' read -r kind name; do
+    bash "$SCRIPT_DIR/task_runner.sh" "$kind" "$name"
+  done < "$task_file"
+}
+
+prepare_task_files() {
+  local help_tasks regular_tasks stateful_tasks contract_tasks
+  help_tasks="$RUNTIME_DIR/help.tasks"
+  regular_tasks="$RUNTIME_DIR/regular.tasks"
+  stateful_tasks="$RUNTIME_DIR/stateful.tasks"
+  contract_tasks="$RUNTIME_DIR/contract.tasks"
+  : > "$help_tasks"
+  : > "$regular_tasks"
+  : > "$stateful_tasks"
+  : > "$contract_tasks"
+
+  if [ -n "$CASE_FILTER" ]; then
+    if grep -qx "$CASE_FILTER" "$RUNTIME_DIR/registered.txt"; then
+      if [ "$SKIP_HELP" -ne 1 ]; then
+        enqueue_task help "$CASE_FILTER" >> "$help_tasks"
+      fi
+      case "$(qa_case_type "$CASE_FILTER")" in
+        stateful-*)
+          enqueue_task smoke "$CASE_FILTER" >> "$stateful_tasks"
+          ;;
+        *)
+          enqueue_task smoke "$CASE_FILTER" >> "$regular_tasks"
+          ;;
+      esac
+      return 0
+    fi
+    if load_contract_labels | grep -qx "$CASE_FILTER"; then
+      enqueue_task contract "$CASE_FILTER" >> "$contract_tasks"
+      return 0
+    fi
+    echo "Unknown case: $CASE_FILTER"
+    exit 1
+  fi
+
+  while IFS= read -r command; do
+    if [ "$SKIP_HELP" -ne 1 ]; then
+      enqueue_task help "$command" >> "$help_tasks"
+    fi
+    case "$(qa_case_type "$command")" in
+      stateful-*)
+        enqueue_task smoke "$command" >> "$stateful_tasks"
+        ;;
+      *)
+        enqueue_task smoke "$command" >> "$regular_tasks"
+        ;;
+    esac
+  done < "$RUNTIME_DIR/registered.txt"
+
+  while IFS= read -r contract_case; do
+    enqueue_task contract "$contract_case" >> "$contract_tasks"
+  done < <(load_contract_labels)
+}
+
+task_count() {
+  local task_file="$1"
+  [ -f "$task_file" ] || { echo 0; return; }
+  wc -l < "$task_file" | tr -d ' '
+}
+
+lock_case_label() {
+  if [ -n "$CASE_FILTER" ]; then
+    printf '%s' "$CASE_FILTER"
+  else
+    printf '%s' "<all>"
+  fi
+}
+
+lock_cmdline() {
+  local cmd="$0 $MODE"
+  if [ -n "$CASE_FILTER" ]; then
+    cmd="$cmd --case $CASE_FILTER"
+  fi
+  if [ "$NO_BUILD" -eq 1 ]; then
+    cmd="$cmd --no-build"
+  fi
+  if [ "$SKIP_HELP" -eq 1 ]; then
+    cmd="$cmd --skip-help"
+  fi
+  printf '%s' "$cmd"
+}
+
+write_lock_metadata() {
+  printf '%s\n' "$$" > "$LOCK_PID_FILE"
+  printf '%s\n' "$(lock_case_label)" > "$LOCK_CASE_FILE"
+  date '+%Y-%m-%d %H:%M:%S %z' > "$LOCK_STARTED_FILE"
+  lock_cmdline > "$LOCK_CMD_FILE"
+}
+
+print_existing_lock_info() {
+  local pid case_label started_at cmd
+  pid="$(cat "$LOCK_PID_FILE" 2>/dev/null || true)"
+  case_label="$(cat "$LOCK_CASE_FILE" 2>/dev/null || true)"
+  started_at="$(cat "$LOCK_STARTED_FILE" 2>/dev/null || true)"
+  cmd="$(cat "$LOCK_CMD_FILE" 2>/dev/null || true)"
+
+  if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then
+    echo "Another qa/run.sh verify is already in progress."
+    echo "  pid: $pid"
+    [ -n "$case_label" ] && echo "  case: $case_label"
+    [ -n "$started_at" ] && echo "  started: $started_at"
+    [ -n "$cmd" ] && echo "  command: $cmd"
+    echo "  lock: $LOCK_DIR"
+    return 0
+  fi
+
+  echo "Found a stale qa verify lock."
+  [ -n "$pid" ] && echo "  stale pid: $pid"
+  [ -n "$case_label" ] && echo "  case: $case_label"
+  [ -n "$started_at" ] && echo "  started: $started_at"
+  [ -n "$cmd" ] && echo "  command: $cmd"
+  echo "  lock: $LOCK_DIR"
+  echo "Remove it with: rm -rf $LOCK_DIR"
+  return 0
+}
+
+if [ "$MODE" = "list" ]; then
+  if [ ! -f "$WALLET_JAR" ]; then
+    echo "wallet-cli.jar not found: $WALLET_JAR"
+    exit 1
+  fi
+  java -cp "$WALLET_JAR" org.tron.qa.QARunner list
+  exit 0
+fi
+
+if [ "$MODE" != "verify" ]; then
+  echo "Unknown mode: $MODE"
+  echo "Usage: $0 <verify|list> [--case X] [--no-build] [--skip-help]"
+  exit 1
+fi
+
+echo "=== Standard CLI Contract Verification — Network: $NETWORK${CASE_FILTER:+, Case: $CASE_FILTER} ==="
+echo
+
+if ! mkdir "$LOCK_DIR" 2>/dev/null; then
+  print_existing_lock_info
+  exit 1
+fi
+trap 'rm -rf "$LOCK_DIR"' EXIT
+write_lock_metadata
+
+if [ "$NO_BUILD" -eq 1 ]; then
+  [ -f "$WALLET_JAR" ] || { echo "Cannot skip build: $WALLET_JAR does not exist"; exit 1; }
+  echo "Skipping build (--no-build)."
+elif build_required; then
+  echo "Building wallet-cli..."
+  ./gradlew shadowJar -q
+  echo "Build complete."
+else
+  echo "Build skipped (wallet-cli.jar is up to date)."
+fi
+echo
+
+qa_clean_runtime
+echo "Auditing manifest coverage..."
+audit_manifest
+echo "Preparing workspace templates..."
+qa_prepare_templates
+echo "Seeding shared runtime data..."
+qa_prepare_seeds
+echo "Building task queues..."
+prepare_task_files
+
+if [ "$SKIP_HELP" -eq 1 ]; then
+  echo "Help cases: $(task_count "$RUNTIME_DIR/help.tasks") (skipped)"
+else
+  echo "Help cases: $(task_count "$RUNTIME_DIR/help.tasks")"
+fi
+echo "Parallel main cases: $(task_count "$RUNTIME_DIR/regular.tasks")"
+echo "Serial stateful cases: $(task_count "$RUNTIME_DIR/stateful.tasks")"
+echo "Contract cases: $(task_count "$RUNTIME_DIR/contract.tasks")"
+echo
+
+if [ "$SKIP_HELP" -eq 1 ]; then
+  echo "Skipping help cases (--skip-help)..."
+else
+  echo "Running help cases..."
+  run_task_file_parallel "$RUNTIME_DIR/help.tasks" "$MAX_JOBS"
+fi
+echo "Running parallel main cases..."
+run_task_file_parallel "$RUNTIME_DIR/regular.tasks" "$MAX_JOBS"
+echo "Running serial stateful cases..."
+run_task_file_serial "$RUNTIME_DIR/stateful.tasks"
+echo "Running contract cases..."
+run_task_file_parallel "$RUNTIME_DIR/contract.tasks" "$MAX_JOBS"
+echo "Generating report..."
+
+registered_count="$(wc -l < "$RUNTIME_DIR/registered.txt" | tr -d ' ')"
+covered_count="$(manifest_count)"
+excluded_count="$(manifest_excluded_count)"
+missing_count="$(wc -l < "$RUNTIME_DIR/missing.txt" | tr -d ' ')"
+stale_count="$(wc -l < "$RUNTIME_DIR/stale.txt" | tr -d ' ')"
+contract_count="$(load_contract_labels | wc -l | tr -d ' ')"
+
+qa_generate_report "$registered_count" "$covered_count" "$excluded_count" "$missing_count" "$stale_count" "$contract_count"
+cat "$REPORT_FILE"
diff --git a/qa/task_runner.sh b/qa/task_runner.sh
new file mode 100644
index 00000000..9b992df9
--- /dev/null
+++ b/qa/task_runner.sh
@@ -0,0 +1,127 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+# shellcheck disable=SC1091
+source "$SCRIPT_DIR/config.sh"
+# shellcheck disable=SC1091
+source "$SCRIPT_DIR/lib/cli.sh"
+# shellcheck disable=SC1091
+source "$SCRIPT_DIR/lib/semantic.sh"
+
+task_kind="${1:?task kind required}"
+task_name="${2:?task name required}"
+
+run_case() {
+  local kind="$1"
+  local label="$2"
+  local resolved_json argv_text_file argv_json_file
+  local resolved_label suite template requires env_mode expectation error_code
+  local json_path_exists json_path_absent text_contains text_absent preflight excluded
+  local workspace_path_exists workspace_path_absent
+  local workspace_text workspace_json assertion_workspace unresolved mode
+  local -a argv_text=()
+  local -a argv_json=()
+  local -a preflight_argv=()
+  local line preflight_reason
+
+  resolved_json="$(mktemp "$RUNTIME_DIR/case.XXXXXX")"
+  argv_text_file="$(mktemp "$RUNTIME_DIR/argvtext.XXXXXX")"
+  argv_json_file="$(mktemp "$RUNTIME_DIR/argvjson.XXXXXX")"
+  trap 'rm -f "$resolved_json" "$argv_text_file" "$argv_json_file"' RETURN
+
+  qa_export_seeds
+  qa_resolve_case_to_file "$kind" "$label" "$resolved_json"
+
+  resolved_label="$(qa_case_json_get "$resolved_json" "label")"
+  suite="$(qa_case_json_get "$resolved_json" "suite")"
+  template="$(qa_case_json_get "$resolved_json" "template")"
+  requires="$(qa_case_json_get "$resolved_json" "requires")"
+  env_mode="$(qa_case_json_get "$resolved_json" "env_mode")"
+  expectation="$(qa_case_json_get "$resolved_json" "expectation")"
+  error_code="$(qa_case_json_get "$resolved_json" "error_code")"
+  json_path_exists="$(qa_case_json_get "$resolved_json" "json_path_exists")"
+  json_path_absent="$(qa_case_json_get "$resolved_json" "json_path_absent")"
+  text_contains="$(qa_case_json_get "$resolved_json" "text_contains")"
+  text_absent="$(qa_case_json_get "$resolved_json" "text_absent")"
+  preflight="$(qa_case_json_get "$resolved_json" "preflight")"
+  workspace_path_exists="$(qa_case_json_get "$resolved_json" "workspace_path_exists")"
+  workspace_path_absent="$(qa_case_json_get "$resolved_json" "workspace_path_absent")"
+  excluded="$(qa_case_json_bool "$resolved_json" "excluded")"
+  unresolved="$(qa_case_json_get "$resolved_json" "unresolved_placeholders")"
+
+  if [ "$excluded" = "true" ]; then
+    qa_write_result "$resolved_label" "SKIP: unsupported/excluded from standard CLI smoke coverage"
+    return 0
+  fi
+
+  if ! qa_requires_available "$requires"; then
+    qa_write_result "$resolved_label" "SKIP: missing required secret ($requires)"
+    return 0
+  fi
+
+  if [ -n "$unresolved" ]; then
+    qa_write_result "$resolved_label" "SKIP: missing runtime seed(s): $unresolved"
+    return 0
+  fi
+
+  qa_case_json_write_lines "$resolved_json" "text_argv" "$argv_text_file"
+  qa_case_json_write_lines "$resolved_json" "json_argv" "$argv_json_file"
+
+  while IFS= read -r line || [ -n "$line" ]; do
+    argv_text+=("$line")
+  done < "$argv_text_file"
+  while IFS= read -r line || [ -n "$line" ]; do
+    argv_json+=("$line")
+  done < "$argv_json_file"
+
+  mode="dual"
+  if [ ${#argv_text[@]} -eq 0 ]; then
+    mode="json"
+  elif [ ${#argv_json[@]} -eq 0 ]; then
+    mode="text"
+  fi
+
+  if [ "$mode" = "json" ]; then
+    preflight_argv=("${argv_json[@]}")
+  else
+    preflight_argv=("${argv_text[@]}")
+  fi
+
+  if [ -n "$preflight" ]; then
+    if ! preflight_reason="$(qa_preflight_check "$preflight" "$label" "${preflight_argv[@]}" 2>/dev/null)"; then
+      qa_write_result "$resolved_label" "SKIP: unmet chain precondition ($preflight_reason)"
+      return 0
+    fi
+  fi
+
+  if [ ${#argv_text[@]} -gt 0 ]; then
+    workspace_text="$(qa_reset_workspace "${resolved_label}__text" "$template")"
+    qa_run_raw_capture "$workspace_text" "$resolved_label" text "$env_mode" "${argv_text[@]}"
+  fi
+
+  if [ ${#argv_json[@]} -gt 0 ]; then
+    workspace_json="$(qa_reset_workspace "${resolved_label}__json" "$template")"
+    qa_run_raw_capture "$workspace_json" "$resolved_label" json "$env_mode" "${argv_json[@]}"
+  fi
+
+  assertion_workspace="${workspace_text:-$workspace_json}"
+
+  if qa_assert_case_files "$resolved_label" "$expectation" "$mode" \
+    "$json_path_exists" "$json_path_absent" "$error_code" "$text_contains" "$text_absent" \
+    "$assertion_workspace" "$workspace_path_exists" "$workspace_path_absent"; then
+    qa_write_result "$resolved_label" "PASS"
+  else
+    qa_write_result "$resolved_label" "FAIL: ${suite} contract violated"
+  fi
+}
+
+case "$task_kind" in
+  help|smoke|contract)
+    run_case "$task_kind" "$task_name"
+    ;;
+  *)
+    echo "Unknown task kind: $task_kind" >&2
+    exit 1
+    ;;
+esac
diff --git a/src/main/java/org/tron/common/utils/AbiUtil.java b/src/main/java/org/tron/common/utils/AbiUtil.java
index 9efdceda..e190404c 100644
--- a/src/main/java/org/tron/common/utils/AbiUtil.java
+++ b/src/main/java/org/tron/common/utils/AbiUtil.java
@@ -340,7 +340,6 @@ public static String parseMethod(String methodSign, String params) {
   public static String parseMethod(String methodSign, String input, boolean isHex) {
     byte[] selector = new byte[4];
     System.arraycopy(Hash.sha3(methodSign.getBytes()), 0, selector,0, 4);
-    System.out.println(methodSign + ":" + Hex.toHexString(selector));
     if (input.length() == 0) {
       return Hex.toHexString(selector);
     }
diff --git a/src/main/java/org/tron/common/utils/FilePermissionUtils.java b/src/main/java/org/tron/common/utils/FilePermissionUtils.java
new file mode 100644
index 00000000..e6218f11
--- /dev/null
+++ b/src/main/java/org/tron/common/utils/FilePermissionUtils.java
@@ -0,0 +1,44 @@
+package org.tron.common.utils;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.attribute.PosixFilePermission;
+import java.util.EnumSet;
+import java.util.Set;
+
+public final class FilePermissionUtils {
+
+  private FilePermissionUtils() {}
+
+  /**
+   * Set owner-only read/write permissions (0600) on a file.
+   * Skips silently on non-POSIX filesystems.
+   */
+  public static void setOwnerOnlyFile(Path path) throws IOException {
+    try {
+      Set<PosixFilePermission> perms = EnumSet.of(
+          PosixFilePermission.OWNER_READ,
+          PosixFilePermission.OWNER_WRITE);
+      Files.setPosixFilePermissions(path, perms);
+    } catch (UnsupportedOperationException e) {
+      // Non-POSIX filesystem (e.g. Windows), skip
+    }
+  }
+
+  /**
+   * Set owner-only read/write/execute permissions (0700) on a directory.
+   * Skips silently on non-POSIX filesystems.
+   */
+  public static void setOwnerOnlyDirectory(Path path) throws IOException {
+    try {
+      Set<PosixFilePermission> perms = EnumSet.of(
+          PosixFilePermission.OWNER_READ,
+          PosixFilePermission.OWNER_WRITE,
+          PosixFilePermission.OWNER_EXECUTE);
+      Files.setPosixFilePermissions(path, perms);
+    } catch (UnsupportedOperationException e) {
+      // Non-POSIX filesystem (e.g. Windows), skip
+    }
+  }
+}
diff --git a/src/main/java/org/tron/common/utils/TransactionUtils.java b/src/main/java/org/tron/common/utils/TransactionUtils.java
index ecc54a84..1eb00340 100644
--- a/src/main/java/org/tron/common/utils/TransactionUtils.java
+++ b/src/main/java/org/tron/common/utils/TransactionUtils.java
@@ -51,7 +51,8 @@
 import org.tron.protos.contract.WitnessContract.WitnessCreateContract;
 import org.tron.trident.proto.Chain;
 
-public class TransactionUtils {
+public class TransactionUtils {
+  private static final ThreadLocal<Integer> PERMISSION_ID_OVERRIDE = new ThreadLocal<>();
 
   /**
    * Obtain a data bytes after removing the id and SHA-256(data)
@@ -389,15 +390,35 @@ public static Chain.Transaction setPermissionId(Chain.Transaction transaction, S
         setPermissionId(Transaction.parseFrom(transaction.toByteArray()), tipString).toByteArray());
   }
 
-  public static Transaction setPermissionId(Transaction transaction, String tipString)
-      throws CancelException {
-    if (transaction.getSignatureCount() != 0
-        || transaction.getRawData().getContract(0).getPermissionId() != 0) {
-      return transaction;
-    }
-
-    System.out.println(tipString);
-    int permissionId = inputPermissionId();
+  public static Transaction setPermissionId(Transaction transaction, String tipString)
+      throws CancelException {
+    if (transaction.getSignatureCount() != 0
+        || transaction.getRawData().getContract(0).getPermissionId() != 0) {
+      return transaction;
+    }
+
+    Integer permissionIdOverride = PERMISSION_ID_OVERRIDE.get();
+    if (permissionIdOverride != null) {
+      if (permissionIdOverride < 0) {
+        throw new CancelException("User cancelled");
+      }
+      if (permissionIdOverride != 0) {
+        Transaction.raw.Builder raw = transaction.getRawData().toBuilder();
+        Transaction.Contract.Builder contract =
+            raw.getContract(0).toBuilder().setPermissionId(permissionIdOverride);
+        raw.clearContract();
+        raw.addContract(contract);
+        return transaction.toBuilder().setRawData(raw).build();
+      }
+      return transaction;
+    }
+
+    if (tipString == null) {
+      return transaction;
+    }
+
+    System.out.println(tipString);
+    int permissionId = inputPermissionId();
     if (permissionId < 0) {
       throw new CancelException("User cancelled");
     }
@@ -408,9 +429,21 @@ public static Transaction setPermissionId(Transaction transaction, String tipStr
       raw.clearContract();
       raw.addContract(contract);
       transaction = transaction.toBuilder().setRawData(raw).build();
-    }
-    return transaction;
-  }
+    }
+    return transaction;
+  }
+
+  public static void setPermissionIdOverride(Integer permissionId) {
+    if (permissionId == null) {
+      PERMISSION_ID_OVERRIDE.remove();
+      return;
+    }
+    PERMISSION_ID_OVERRIDE.set(permissionId);
+  }
+
+  public static void clearPermissionIdOverride() {
+    PERMISSION_ID_OVERRIDE.remove();
+  }
 
   private static int inputPermissionId() {
     Scanner in = new Scanner(System.in);
diff --git a/src/main/java/org/tron/common/utils/Utils.java b/src/main/java/org/tron/common/utils/Utils.java
index 3c1c0c29..174c62d7 100644
--- a/src/main/java/org/tron/common/utils/Utils.java
+++ b/src/main/java/org/tron/common/utils/Utils.java
@@ -122,6 +122,8 @@
 import org.tron.walletserver.WalletApi;
 
 public class Utils {
+  private static final ThreadLocal<Boolean> ENV_PASSWORD_INPUT_ENABLED =
+      new ThreadLocal<Boolean>();
   public static final String PERMISSION_ID = "Permission_id";
   public static final String VISIBLE = "visible";
   public static final String TRANSACTION = "transaction";
@@ -327,6 +329,13 @@ public static char[] inputPassword2Twice(boolean isNew) throws IOException {
   }
 
   public static char[] inputPassword(boolean checkStrength) throws IOException {
+    if (isEnvPasswordInputEnabled()) {
+      char[] envPassword = resolveEnvPassword(System.getenv("MASTER_PASSWORD"), checkStrength);
+      if (envPassword != null) {
+        return envPassword;
+      }
+    }
+
     char[] password;
     Console cons = System.console();
     while (true) {
@@ -357,6 +366,31 @@ public static char[] inputPassword(boolean checkStrength) throws IOException {
     }
   }
 
+  static char[] resolveEnvPassword(String envPassword, boolean checkStrength) {
+    if (envPassword == null || envPassword.isEmpty()) {
+      return null;
+    }
+
+    char[] password = envPassword.toCharArray();
+    if (!checkStrength || WalletApi.passwordValid(password)) {
+      return password;
+    }
+    StringUtils.clear(password);
+    throw new IllegalArgumentException("MASTER_PASSWORD does not meet password strength requirements");
+  }
+
+  public static void setEnvPasswordInputEnabled(boolean enabled) {
+    if (enabled) {
+      ENV_PASSWORD_INPUT_ENABLED.set(Boolean.TRUE);
+    } else {
+      ENV_PASSWORD_INPUT_ENABLED.remove();
+    }
+  }
+
+  public static boolean isEnvPasswordInputEnabled() {
+    return Boolean.TRUE.equals(ENV_PASSWORD_INPUT_ENABLED.get());
+  }
+
   public static char[] inputPasswordWithoutCheck() throws IOException {
     char[] password;
     Console cons = System.console();
diff --git a/src/main/java/org/tron/core/config/Configuration.java b/src/main/java/org/tron/core/config/Configuration.java
index 13b8eb9d..fa46fba7 100644
--- a/src/main/java/org/tron/core/config/Configuration.java
+++ b/src/main/java/org/tron/core/config/Configuration.java
@@ -20,8 +20,6 @@
 
 import com.typesafe.config.Config;
 import com.typesafe.config.ConfigFactory;
-import lombok.extern.slf4j.Slf4j;
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
@@ -30,7 +28,6 @@
 import static org.apache.commons.lang3.StringUtils.isBlank;
 
 
-@Slf4j
 public class Configuration {
 
   private static Config config;
@@ -47,17 +44,16 @@ public static Config getByPath(final String configurationPath) {
     }
 
     if (config == null) {
-      File configFile = new File(System.getProperty("user.dir")+'/'+configurationPath);
-      if(configFile.exists()){
+      File configFile = new File(System.getProperty("user.dir") + '/' + configurationPath);
+      if (configFile.exists()) {
         try {
-          config = ConfigFactory.parseReader(new InputStreamReader(new FileInputStream(configurationPath)));
-          System.out.println("Use user defined config file in current dir");
+          config = ConfigFactory.parseReader(
+              new InputStreamReader(new FileInputStream(configFile)));
         } catch (FileNotFoundException e) {
-          System.out.println("Load user defined config file exception: " + e.getMessage());
+          config = ConfigFactory.load(configurationPath);
         }
-      }else {
+      } else {
         config = ConfigFactory.load(configurationPath);
-        System.out.println("User defined config file doesn't exists, use default config file in jar");
       }
     }
     return config;
diff --git a/src/main/java/org/tron/gasfree/GasFreeApi.java b/src/main/java/org/tron/gasfree/GasFreeApi.java
index 55449bf6..79017241 100644
--- a/src/main/java/org/tron/gasfree/GasFreeApi.java
+++ b/src/main/java/org/tron/gasfree/GasFreeApi.java
@@ -203,6 +203,13 @@ public static String signOffChain(byte[] hash, String privateKey) {
     return Hex.toHexString(signBytes);
   }
 
+  public static String signOffChain(byte[] hash, byte[] privateKey) {
+    ECKeyPair keypair = ECKeyPair.create(new BigInteger(1, privateKey));
+    Sign.SignatureData signature = Sign.signMessage(hash, keypair, false);
+    byte[] signBytes = abiEncodePacked(signature.getR(), signature.getS(), signature.getV());
+    return Hex.toHexString(signBytes);
+  }
+
   public static boolean validateSignOffChain(byte[] hash, String signature, String publicAddress) {
     // parse signatureData
     byte[] signatureBytes = Numeric.hexStringToByteArray(signature);
diff --git a/src/main/java/org/tron/keystore/ClearWalletUtils.java b/src/main/java/org/tron/keystore/ClearWalletUtils.java
index 136a7e81..2278b1f6 100644
--- a/src/main/java/org/tron/keystore/ClearWalletUtils.java
+++ b/src/main/java/org/tron/keystore/ClearWalletUtils.java
@@ -21,9 +21,10 @@
 
 public class ClearWalletUtils {
 
+  private static final String CONFIRMATION_WORD = "DELETE";
+  private static final int MAX_ATTEMPTS = 3;
+
   public static boolean confirmAndDeleteWallet(String address, Collection<String> filePaths) {
-    final String CONFIRMATION_WORD = "DELETE";
-    final int MAX_ATTEMPTS = 3;
     try {
       Terminal terminal = TerminalBuilder.builder().system(true).dumb(true).build();
       LineReader lineReader = LineReaderBuilder.builder().terminal(terminal).build();
@@ -74,6 +75,19 @@ public static boolean confirmAndDeleteWallet(String address, Collection<String>
     }
   }
 
+  public static boolean forceDeleteWallet(String address, Collection<String> filePaths) {
+    try {
+      System.out.println("\n\u001B[31mWarning: Dangerous operation!\u001B[0m");
+      System.out.println("Force deletion enabled. Permanently deleting the Wallet&Mnemonic files "
+          + (isEmpty(address) ? EMPTY : "of the Address: " + address));
+      System.out.println("\u001B[31mWarning: The private key and mnemonic words will be permanently lost and cannot be recovered!\u001B[0m");
+      return deleteFiles(filePaths);
+    } catch (Exception e) {
+      System.err.println("Operation failed:" + e.getMessage());
+      return false;
+    }
+  }
+
   private static boolean isConfirmed(String input) {
     return input.equalsIgnoreCase("y") || input.equalsIgnoreCase("Y");
   }
@@ -81,6 +95,14 @@ private static boolean isConfirmed(String input) {
   private static final String BACKUP_SUFFIX = ".bak";
 
   public static boolean deleteFiles(Collection<String> filePaths) {
+    return deleteFiles(filePaths, true);
+  }
+
+  public static boolean deleteFilesQuiet(Collection<String> filePaths) {
+    return deleteFiles(filePaths, false);
+  }
+
+  private static boolean deleteFiles(Collection<String> filePaths, boolean verbose) {
     if (filePaths == null || filePaths.isEmpty()) {
       return true;
     }
@@ -90,30 +112,36 @@ public static boolean deleteFiles(Collection<String> filePaths) {
     }
 
     try {
-      if (!validateFiles(pathPairs)) {
+      if (!validateFiles(pathPairs, verbose)) {
         return false;
       }
 
-      if (!createBackups(pathPairs)) {
-        cleanupBackups(pathPairs);
+      if (!createBackups(pathPairs, verbose)) {
+        cleanupBackups(pathPairs, verbose);
         return false;
       }
 
-      if (!deleteOriginals(pathPairs)) {
-        rollback(pathPairs);
+      if (!deleteOriginals(pathPairs, verbose)) {
+        rollback(pathPairs, verbose);
         return false;
       }
 
-      cleanupBackups(pathPairs);
-      printSuccess(pathPairs);
+      cleanupBackups(pathPairs, verbose);
+      if (verbose) {
+        printSuccess(pathPairs);
+      }
       return true;
     } catch (Exception e) {
-      System.err.println("An error occurred during operation: " + e.getMessage());
+      if (verbose) {
+        System.err.println("An error occurred during operation: " + e.getMessage());
+      }
       try {
-        rollback(pathPairs);
+        rollback(pathPairs, verbose);
       } catch (Exception rollbackEx) {
-        System.err.println("Rollback failed: " + rollbackEx.getMessage());
-        printBackupLocations(pathPairs);
+        if (verbose) {
+          System.err.println("Rollback failed: " + rollbackEx.getMessage());
+          printBackupLocations(pathPairs);
+        }
       }
       return false;
     }
@@ -131,40 +159,46 @@ private static class PathPair {
     }
   }
 
-  private static boolean validateFiles(List<PathPair> pairs) {
+  private static boolean validateFiles(List<PathPair> pairs, boolean verbose) {
     boolean allValid = true;
     for (PathPair pair : pairs) {
       if (!Files.exists(pair.original)) {
-        System.err.println("File not found: " + pair.original);
+        if (verbose) {
+          System.err.println("File not found: " + pair.original);
+        }
         allValid = false;
       }
     }
     return allValid;
   }
 
-  private static boolean createBackups(List<PathPair> pairs) {
+  private static boolean createBackups(List<PathPair> pairs, boolean verbose) {
     for (PathPair pair : pairs) {
       try {
         Files.copy(pair.original, pair.backup);
         pair.backupCreated = true;
       } catch (Exception e) {
-        System.err.println("Failed to create backup: " + pair.original);
-        System.err.println("Error message: " + e.getMessage());
+        if (verbose) {
+          System.err.println("Failed to create backup: " + pair.original);
+          System.err.println("Error message: " + e.getMessage());
+        }
         return false;
       }
     }
     return true;
   }
 
-  private static boolean deleteOriginals(List<PathPair> pairs) {
+  private static boolean deleteOriginals(List<PathPair> pairs, boolean verbose) {
     boolean allDeleted = true;
     for (PathPair pair : pairs) {
       try {
         Files.deleteIfExists(pair.original);
         pair.originalDeleted = true;
       } catch (Exception e) {
-        System.err.println("Failed to delete the file: " + pair.original);
-        System.err.println("Error message: " + e.getMessage());
+        if (verbose) {
+          System.err.println("Failed to delete the file: " + pair.original);
+          System.err.println("Error message: " + e.getMessage());
+        }
         allDeleted = false;
         break;
       }
@@ -172,20 +206,22 @@ private static boolean deleteOriginals(List<PathPair> pairs) {
     return allDeleted;
   }
 
-  private static void cleanupBackups(List<PathPair> pairs) {
+  private static void cleanupBackups(List<PathPair> pairs, boolean verbose) {
     for (PathPair pair : pairs) {
       if (pair.backupCreated) {
         try {
           Files.deleteIfExists(pair.backup);
         } catch (Exception e) {
-          System.err.println("Warning: Unable to delete backup file: " + pair.backup);
-          System.err.println("Error message: " + e.getMessage());
+          if (verbose) {
+            System.err.println("Warning: Unable to delete backup file: " + pair.backup);
+            System.err.println("Error message: " + e.getMessage());
+          }
         }
       }
     }
   }
 
-  private static void rollback(List<PathPair> pairs) throws Exception {
+  private static void rollback(List<PathPair> pairs, boolean verbose) throws Exception {
     for (PathPair pair : pairs) {
       if (pair.backupCreated && pair.originalDeleted) {
         if (Files.exists(pair.backup)) {
diff --git a/src/main/java/org/tron/keystore/WalletUtils.java b/src/main/java/org/tron/keystore/WalletUtils.java
index 7690b44e..2d2aeaaa 100644
--- a/src/main/java/org/tron/keystore/WalletUtils.java
+++ b/src/main/java/org/tron/keystore/WalletUtils.java
@@ -10,6 +10,7 @@
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Path;
+import org.tron.common.utils.FilePermissionUtils;
 import java.nio.file.Paths;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
@@ -88,6 +89,7 @@ public static String generateWalletFile(
     File destination = new File(destinationDirectory, fileName);
 
     objectMapper.writeValue(destination, walletFile);
+    FilePermissionUtils.setOwnerOnlyFile(destination.toPath());
 
     return fileName;
   }
@@ -104,6 +106,7 @@ public static void updateWalletFile(
     }
 
     objectMapper.writeValue(source, walletFile);
+    FilePermissionUtils.setOwnerOnlyFile(source.toPath());
   }
 
   public static String generateWalletFile(WalletFile walletFile, File destinationDirectory)
@@ -118,6 +121,7 @@ public static String generateWalletFile(WalletFile walletFile, File destinationD
 
     File destination = new File(destinationDirectory, fileName);
     objectMapper.writeValue(destination, walletFile);
+    FilePermissionUtils.setOwnerOnlyFile(destination.toPath());
     if (StringUtils.isEmpty(walletFile.getName())) {
       walletFile.setName(fileName);
     }
@@ -132,6 +136,7 @@ public static String generateLegerWalletFile(WalletFile walletFile, File destina
     File destination = new File(destinationDirectory, fileName);
 
     objectMapper.writeValue(destination, walletFile);
+    FilePermissionUtils.setOwnerOnlyFile(destination.toPath());
     if (StringUtils.isEmpty(walletFile.getName())) {
       walletFile.setName(fileName);
     }
@@ -146,6 +151,7 @@ public static String exportWalletFile(WalletFile walletFile, String walletAddres
     File destination = new File(destinationDirectory, fileName);
 
     objectMapper.writeValue(destination, walletFile);
+    FilePermissionUtils.setOwnerOnlyFile(destination.toPath());
     return fileName;
   }
 
@@ -269,6 +275,7 @@ public static String getMainnetKeyDirectory() {
   public static void generateSkeyFile(SKeyCapsule skey, File file)
       throws IOException {
     objectMapper.writeValue(file, skey);
+    FilePermissionUtils.setOwnerOnlyFile(file.toPath());
   }
 
   public static SKeyCapsule loadSkeyFile(File source) throws IOException {
diff --git a/src/main/java/org/tron/mnemonic/MnemonicUtils.java b/src/main/java/org/tron/mnemonic/MnemonicUtils.java
index a0f2b397..08834fa5 100644
--- a/src/main/java/org/tron/mnemonic/MnemonicUtils.java
+++ b/src/main/java/org/tron/mnemonic/MnemonicUtils.java
@@ -8,6 +8,7 @@
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.IOException;
+import org.tron.common.utils.FilePermissionUtils;
 import java.io.InputStreamReader;
 import java.nio.file.Paths;
 import java.security.SecureRandom;
@@ -86,6 +87,7 @@ public static String store2Keystore(MnemonicFile mnemonicFile) throws IOExceptio
         }
       }
     }
+    FilePermissionUtils.setOwnerOnlyDirectory(file.toPath());
     return generateWalletFile(mnemonicFile, file);
   }
 
@@ -95,6 +97,7 @@ public static String generateWalletFile(MnemonicFile walletFile, File destinatio
     File destination = new File(destinationDirectory, fileName);
 
     objectMapper.writeValue(destination, walletFile);
+    FilePermissionUtils.setOwnerOnlyFile(destination.toPath());
     return fileName;
   }
 
@@ -148,6 +151,7 @@ public static void updateMnemonicFile(
     }
 
     objectMapper.writeValue(source, mnemonicFile);
+    FilePermissionUtils.setOwnerOnlyFile(source.toPath());
   }
 
   public static int inputMnemonicWordsNumber() {
diff --git a/src/main/java/org/tron/qa/QARunner.java b/src/main/java/org/tron/qa/QARunner.java
new file mode 100644
index 00000000..3fab7214
--- /dev/null
+++ b/src/main/java/org/tron/qa/QARunner.java
@@ -0,0 +1,68 @@
+package org.tron.qa;
+
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+
+import java.util.List;
+
+/**
+ * QA helper entry point for listing the registered standard CLI commands.
+ *
+ * <p>Usage:
+ * <pre>
+ *   java -cp wallet-cli.jar org.tron.qa.QARunner list
+ * </pre>
+ */
+public class QARunner {
+    public static void main(String[] args) throws Exception {
+        String mode = args.length > 0 ? args[0] : "list";
+
+        if ("list".equals(mode)) {
+            listCommands();
+        } else {
+            System.err.println("Unknown mode: " + mode);
+            System.err.println("Usage: QARunner <list>");
+            System.exit(1);
+        }
+    }
+
+    /**
+     * Lists all registered standard CLI commands.
+     */
+    private static void listCommands() {
+        CommandRegistry registry = buildRegistry();
+        List<CommandDefinition> commands = registry.getAllCommands();
+        System.out.println("Registered standard CLI commands: " + commands.size());
+        System.out.println();
+        for (CommandDefinition cmd : commands) {
+            StringBuilder sb = new StringBuilder();
+            sb.append("  ").append(cmd.getName());
+            if (!cmd.getAliases().isEmpty()) {
+                sb.append(" (aliases: ");
+                for (int i = 0; i < cmd.getAliases().size(); i++) {
+                    if (i > 0) sb.append(", ");
+                    sb.append(cmd.getAliases().get(i));
+                }
+                sb.append(")");
+            }
+            System.out.println(sb.toString());
+        }
+    }
+
+    /**
+     * Builds the full command registry (same as Client.initRegistry()).
+     */
+    private static CommandRegistry buildRegistry() {
+        CommandRegistry registry = new CommandRegistry();
+        org.tron.walletcli.cli.commands.QueryCommands.register(registry);
+        org.tron.walletcli.cli.commands.TransactionCommands.register(registry);
+        org.tron.walletcli.cli.commands.ContractCommands.register(registry);
+        org.tron.walletcli.cli.commands.StakingCommands.register(registry);
+        org.tron.walletcli.cli.commands.WitnessCommands.register(registry);
+        org.tron.walletcli.cli.commands.ProposalCommands.register(registry);
+        org.tron.walletcli.cli.commands.ExchangeCommands.register(registry);
+        org.tron.walletcli.cli.commands.WalletCommands.register(registry);
+        org.tron.walletcli.cli.commands.MiscCommands.register(registry);
+        return registry;
+    }
+}
diff --git a/src/main/java/org/tron/qa/QASecretImporter.java b/src/main/java/org/tron/qa/QASecretImporter.java
new file mode 100644
index 00000000..02844680
--- /dev/null
+++ b/src/main/java/org/tron/qa/QASecretImporter.java
@@ -0,0 +1,89 @@
+package org.tron.qa;
+
+import org.tron.common.crypto.ECKey;
+import org.tron.common.utils.ByteArray;
+import org.tron.keystore.StringUtils;
+import org.tron.keystore.Wallet;
+import org.tron.keystore.WalletFile;
+import org.tron.mnemonic.MnemonicUtils;
+import org.tron.walletcli.cli.ActiveWalletConfig;
+import org.tron.walletserver.WalletApi;
+
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * QA-only helper for importing wallets from environment variables without
+ * exposing secrets through process arguments.
+ */
+public class QASecretImporter {
+
+  public static void main(String[] args) throws Exception {
+    if (args.length != 1) {
+      System.err.println("Usage: QASecretImporter <private-key|mnemonic>");
+      System.exit(1);
+    }
+
+    String envPassword = System.getenv("MASTER_PASSWORD");
+    if (envPassword == null || envPassword.isEmpty()) {
+      System.err.println("MASTER_PASSWORD is required");
+      System.exit(1);
+    }
+
+    byte[] password = StringUtils.char2Byte(envPassword.toCharArray());
+    try {
+      if ("private-key".equals(args[0])) {
+        importPrivateKey(password);
+      } else if ("mnemonic".equals(args[0])) {
+        importMnemonic(password);
+      } else {
+        System.err.println("Unknown import mode: " + args[0]);
+        System.exit(1);
+      }
+    } finally {
+      Arrays.fill(password, (byte) 0);
+    }
+  }
+
+  private static void importPrivateKey(byte[] password) throws Exception {
+    String privateKeyHex = System.getenv("TRON_TEST_PRIVATE_KEY");
+    if (privateKeyHex == null || privateKeyHex.isEmpty()) {
+      System.err.println("TRON_TEST_PRIVATE_KEY is required for private-key import");
+      System.exit(1);
+    }
+
+    byte[] privateKey = ByteArray.fromHexString(privateKeyHex);
+    try {
+      ECKey ecKey = ECKey.fromPrivate(privateKey);
+      storeWallet(password, ecKey);
+      System.out.println("Import wallet successful, keystore created");
+    } finally {
+      Arrays.fill(privateKey, (byte) 0);
+    }
+  }
+
+  private static void importMnemonic(byte[] password) throws Exception {
+    String mnemonic = System.getenv("TRON_TEST_MNEMONIC");
+    if (mnemonic == null || mnemonic.trim().isEmpty()) {
+      System.err.println("TRON_TEST_MNEMONIC is required for mnemonic import");
+      System.exit(1);
+    }
+
+    List<String> words = Arrays.asList(mnemonic.trim().split("\\s+"));
+    byte[] privateKey = MnemonicUtils.getPrivateKeyFromMnemonic(words);
+    try {
+      ECKey ecKey = ECKey.fromPrivate(privateKey);
+      storeWallet(password, ecKey);
+      System.out.println("Import wallet by mnemonic successful, keystore created");
+    } finally {
+      Arrays.fill(privateKey, (byte) 0);
+    }
+  }
+
+  private static void storeWallet(byte[] password, ECKey ecKey) throws Exception {
+    WalletFile walletFile = Wallet.createStandard(password, ecKey);
+    walletFile.setName("mywallet");
+    WalletApi.store2Keystore(walletFile);
+    ActiveWalletConfig.setActiveAddress(walletFile.getAddress());
+  }
+}
diff --git a/src/main/java/org/tron/walletcli/ApiClientFactory.java b/src/main/java/org/tron/walletcli/ApiClientFactory.java
index a1d942d1..4ff4e50a 100644
--- a/src/main/java/org/tron/walletcli/ApiClientFactory.java
+++ b/src/main/java/org/tron/walletcli/ApiClientFactory.java
@@ -1,9 +1,6 @@
 package org.tron.walletcli;
 
 import static org.apache.commons.lang3.StringUtils.isEmpty;
-import static org.tron.common.utils.Utils.blueBoldHighlight;
-import static org.tron.common.utils.Utils.greenBoldHighlight;
-
 import com.typesafe.config.Config;
 import org.tron.common.enums.NetType;
 import org.tron.core.config.Configuration;
@@ -27,10 +24,6 @@ public static ApiWrapper createClient(NetType type, String privateKey, String gr
     switch (type) {
       case MAIN:
         if (isEmpty(apiKey)) {
-          System.out.println("Detected in config.conf that " + greenBoldHighlight("grpc.mainnet.apiKey")
-              + " is not configured, API calls may be limited in speed. If you want a better "
-              + "experience, please apply for the apiKey of the main network of " + blueBoldHighlight("Trongrid") +
-              " and configure it in the config.conf.");
           return new ApiWrapper(type.getGrpc().getFullNode(), type.getGrpc().getSolidityNode(), privateKey);
         }
         return ApiWrapper.ofMainnet(privateKey, apiKey);
@@ -48,4 +41,3 @@ public static ApiWrapper createClient(NetType type, String privateKey, String gr
     }
   }
 }
-
diff --git a/src/main/java/org/tron/walletcli/Client.java b/src/main/java/org/tron/walletcli/Client.java
index 3084d231..c17f470d 100755
--- a/src/main/java/org/tron/walletcli/Client.java
+++ b/src/main/java/org/tron/walletcli/Client.java
@@ -31,6 +31,11 @@
 import static org.tron.walletserver.WalletApi.addressValid;
 import static org.tron.walletserver.WalletApi.decodeFromBase58Check;
 
+import org.tron.walletcli.cli.GlobalOptions;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OutputFormatter;
+import org.tron.walletcli.cli.StandardCliRunner;
+
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.beust.jcommander.JCommander;
@@ -623,7 +628,7 @@ private void switchNetwork(String[] parameters) throws InterruptedException {
   }
 
   private void resetWallet() {
-    boolean result = walletApiWrapper.resetWallet();
+    boolean result = walletApiWrapper.resetWallet(false);
     if (result) {
       walletApiWrapper.logout();
       System.out.println("resetWallet " + successfulHighlight() + " !!!");
@@ -2692,7 +2697,7 @@ private void clearContractABI(String[] parameters)
   }
 
   private void clearWalletKeystoreIfExists() {
-    if (walletApiWrapper.clearWalletKeystore()) {
+    if (walletApiWrapper.clearWalletKeystore(false)) {
       System.out.println("ClearWalletKeystore " + successfulHighlight() + " !!!");
     } else {
       System.out.println("ClearWalletKeystore " + failedHighlight() + " !!!");
@@ -4431,7 +4436,13 @@ private void transferUSDT(String[] parameters) throws Exception {
         ownerAddress, contractAddress, 0, input, 0, 0, "", true, true, false);
     long energyUsed = estimateTtriple.getMiddle();
     // The fee limit rises by 20% in the total energy price
-    long feeLimit = (long) (energyFee * energyUsed * 1.2);
+    long feeLimit;
+    try {
+      feeLimit = WalletApiWrapper.computeBufferedFeeLimit(energyFee, energyUsed);
+    } catch (ArithmeticException e) {
+      System.out.println("Estimated fee limit is too large.");
+      return;
+    }
     if (multi) {
       if (!DecodeUtil.addressValid(decodeFromBase58Check(base58ToAddress))) {
         System.out.println("Invalid toAddress!");
@@ -4662,12 +4673,123 @@ private void unlock(String[] parameters) throws IOException {
   }
 
   public static void main(String[] args) {
-    Client cli = new Client();
-    JCommander.newBuilder()
-        .addObject(cli)
-        .build()
-        .parse(args);
+    System.exit(runMain(args));
+  }
+
+  static int runMain(String[] args) {
+    GlobalOptions globalOpts;
+    try {
+      globalOpts = GlobalOptions.parse(args);
+    } catch (IllegalArgumentException e) {
+      OutputFormatter.OutputMode mode = requestsJsonOutput(args)
+          ? OutputFormatter.OutputMode.JSON
+          : OutputFormatter.OutputMode.TEXT;
+      OutputFormatter formatter = new OutputFormatter(mode, false, System.out, System.err);
+      try {
+        formatter.usageError(e.getMessage(), null);
+      } catch (RuntimeException ignored) {
+        // usageError intentionally aborts normal control flow after recording the outcome
+      }
+      formatter.flush();
+      return 2;
+    }
+
+    if (globalOpts.isVersion()) {
+      System.out.println("wallet-cli" + VERSION);
+      return 0;
+    }
+
+    if (globalOpts.isInteractive() || shouldLaunchInteractiveByDefault(args, globalOpts)) {
+      Client cli = new Client();
+      JCommander.newBuilder()
+          .addObject(cli)
+          .build()
+          .parse(new String[0]);
+      cli.run();
+      return 0;
+    }
+
+    if (globalOpts.isHelp()) {
+      CommandRegistry registry = initRegistry();
+      String helpText = registry.formatGlobalHelp(VERSION);
+      if (globalOpts.getOutputMode() == OutputFormatter.OutputMode.JSON) {
+        OutputFormatter formatter = new OutputFormatter(
+            OutputFormatter.OutputMode.JSON, false, System.out, System.err);
+        formatter.help(helpText);
+        formatter.flush();
+      } else {
+        System.out.println(helpText);
+      }
+      return 0;
+    }
+
+    if (globalOpts.getCommand() == null) {
+      CommandRegistry registry = initRegistry();
+      if (globalOpts.getOutputMode() == OutputFormatter.OutputMode.JSON) {
+        OutputFormatter formatter = new OutputFormatter(
+            OutputFormatter.OutputMode.JSON, false, System.out, System.err);
+        try {
+          formatter.usageError("Missing command.", null);
+        } catch (RuntimeException ignored) {
+          // usageError intentionally aborts normal control flow after recording the outcome
+        }
+        formatter.flush();
+      } else {
+        OutputFormatter formatter = new OutputFormatter(
+            OutputFormatter.OutputMode.TEXT, false, System.out, System.err);
+        try {
+          formatter.usageError("Missing command.", null);
+        } catch (RuntimeException ignored) {
+          // usageError intentionally aborts normal control flow after recording the outcome
+        }
+        formatter.flush();
+        System.err.println();
+        System.err.println(registry.formatGlobalHelp(VERSION));
+      }
+      return 2;
+    }
+
+    // Standard CLI mode
+    CommandRegistry registry = initRegistry();
+    StandardCliRunner runner = new StandardCliRunner(registry, globalOpts);
+    return runner.execute();
+  }
+
+  static boolean shouldLaunchInteractiveByDefault(String[] args, GlobalOptions globalOpts) {
+    return args.length == 0
+        && globalOpts.getOutputMode() == OutputFormatter.OutputMode.TEXT
+        && globalOpts.getCommand() == null
+        && !globalOpts.isHelp()
+        && !globalOpts.isVersion();
+  }
+
+  private static boolean requestsJsonOutput(String[] args) {
+    for (int i = 0; i < args.length; i++) {
+      String token = args[i];
+      if (!token.startsWith("-")) {
+        return false;
+      }
+      if ("--output".equals(token)) {
+        return i + 1 < args.length && "json".equalsIgnoreCase(args[i + 1]);
+      }
+      if (token.startsWith("--output=")) {
+        return "json".equalsIgnoreCase(token.substring("--output=".length()));
+      }
+    }
+    return false;
+  }
 
-    cli.run();
+  private static CommandRegistry initRegistry() {
+    CommandRegistry registry = new CommandRegistry();
+    org.tron.walletcli.cli.commands.QueryCommands.register(registry);
+    org.tron.walletcli.cli.commands.TransactionCommands.register(registry);
+    org.tron.walletcli.cli.commands.ContractCommands.register(registry);
+    org.tron.walletcli.cli.commands.StakingCommands.register(registry);
+    org.tron.walletcli.cli.commands.WitnessCommands.register(registry);
+    org.tron.walletcli.cli.commands.ProposalCommands.register(registry);
+    org.tron.walletcli.cli.commands.ExchangeCommands.register(registry);
+    org.tron.walletcli.cli.commands.WalletCommands.register(registry);
+    org.tron.walletcli.cli.commands.MiscCommands.register(registry);
+    return registry;
   }
 }
diff --git a/src/main/java/org/tron/walletcli/WalletApiWrapper.java b/src/main/java/org/tron/walletcli/WalletApiWrapper.java
index bf692829..88ef0cdb 100644
--- a/src/main/java/org/tron/walletcli/WalletApiWrapper.java
+++ b/src/main/java/org/tron/walletcli/WalletApiWrapper.java
@@ -50,6 +50,7 @@
 import com.typesafe.config.Config;
 import java.io.File;
 import java.io.IOException;
+import java.math.BigInteger;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.time.LocalDateTime;
@@ -113,6 +114,7 @@
 import org.tron.trident.proto.Response;
 import org.tron.walletserver.ApiClient;
 import org.tron.walletserver.WalletApi;
+import org.tron.walletcli.cli.CommandErrorException;
 import org.web3j.utils.Numeric;
 
 @Slf4j
@@ -121,23 +123,31 @@ public class WalletApiWrapper {
   @Getter
   @Setter
   private WalletApi wallet;
+  private String lastGasFreeId;
   private static final String MnemonicFilePath = "Mnemonic";
   private static final String GAS_FREE_SUPPORT_NETWORK_TIP = "Gas free currently only supports the " + blueBoldHighlight("MAIN") + " network and " + blueBoldHighlight("NILE") + " test network, and does not support other networks at the moment.";
 
+  public static long computeBufferedFeeLimit(long energyFee, long energyUsed) {
+    long base = Math.multiplyExact(energyFee, energyUsed);
+    return Math.addExact(base, Math.floorDiv(base, 5));
+  }
+
   public String registerWallet(char[] password, int wordsNumber) throws CipherException, IOException {
     if (!WalletApi.passwordValid(password)) {
       return null;
     }
 
     byte[] passwd = char2Byte(password);
+    try {
+      WalletFile walletFile = WalletApi.CreateWalletFile(passwd, wordsNumber);
+      nameWallet(walletFile, false);
 
-    WalletFile walletFile = WalletApi.CreateWalletFile(passwd, wordsNumber);
-    nameWallet(walletFile, false);
-    clear(passwd);
-
-    String keystoreName = WalletApi.store2Keystore(walletFile);
-    logout();
-    return keystoreName;
+      String keystoreName = WalletApi.store2Keystore(walletFile);
+      logout();
+      return keystoreName;
+    } finally {
+      clear(passwd);
+    }
   }
 
   public String importWallet(char[] password, byte[] priKey, List<String> mnemonic) throws CipherException, IOException {
@@ -149,22 +159,24 @@ public String importWallet(char[] password, byte[] priKey, List<String> mnemonic
     }
 
     byte[] passwd = char2Byte(password);
+    try {
+      WalletFile walletFile = WalletApi.CreateWalletFile(passwd, priKey, mnemonic);
+      nameWallet(walletFile, false);
 
-    WalletFile walletFile = WalletApi.CreateWalletFile(passwd, priKey, mnemonic);
-    nameWallet(walletFile, false);
-    clear(passwd);
-
-    String keystoreName = WalletApi.store2Keystore(walletFile);
-    if (mnemonic == null && WalletUtils.hasStoreFile(walletFile.getAddress(), MnemonicFilePath)) {
-      WalletUtils.deleteStoreFile(walletFile.getAddress(), MnemonicFilePath);
-    }
-    if (isUnifiedExist()) {
-      wallet.getWalletList().add(walletFile);
-    }
-    if (!isUnifiedExist()) {
-      logout();
+      String keystoreName = WalletApi.store2Keystore(walletFile);
+      if (mnemonic == null && WalletUtils.hasStoreFile(walletFile.getAddress(), MnemonicFilePath)) {
+        WalletUtils.deleteStoreFile(walletFile.getAddress(), MnemonicFilePath);
+      }
+      if (isUnifiedExist()) {
+        wallet.getWalletList().add(walletFile);
+      }
+      if (!isUnifiedExist()) {
+        logout();
+      }
+      return keystoreName;
+    } finally {
+      clear(passwd);
     }
-    return keystoreName;
   }
 
   public String importWalletByLedger(char[] password, HidDevice device) {
@@ -323,6 +335,11 @@ public String doImportAccount(char[] password, String path, String importAddress
 
   public boolean changePassword(char[] oldPassword, char[] newPassword)
       throws IOException, CipherException {
+    return changePassword(oldPassword, newPassword, null);
+  }
+
+  public boolean changePassword(char[] oldPassword, char[] newPassword, File walletFile)
+      throws IOException, CipherException {
     logout();
     if (!WalletApi.passwordValid(newPassword)) {
       System.out.println("Warning: ChangePassword " + failedHighlight() + ", NewPassword is invalid !!");
@@ -332,7 +349,9 @@ public boolean changePassword(char[] oldPassword, char[] newPassword)
     byte[] oldPasswd = char2Byte(oldPassword);
     byte[] newPasswd = char2Byte(newPassword);
 
-    boolean result = WalletApi.changeKeystorePassword(oldPasswd, newPasswd);
+    boolean result = walletFile == null
+        ? WalletApi.changeKeystorePassword(oldPasswd, newPasswd)
+        : WalletApi.changeKeystorePassword(oldPasswd, newPasswd, walletFile);
     clear(oldPasswd);
     clear(newPasswd);
 
@@ -343,6 +362,45 @@ public boolean isLoginState() {
     return wallet != null && wallet.isLoginState();
   }
 
+  public void requireLoggedInWalletForCli() {
+    if (!isLoginState()) {
+      throw new CommandErrorException("auth_required", "Please login first !!");
+    }
+  }
+
+  public void throwIfCliOperationFailed(boolean success, String failureMessage) {
+    String detailedMessage = consumeLastCliOperationError();
+    if (!success) {
+      throw new CommandErrorException("execution_error",
+          StringUtils.isNotBlank(detailedMessage) ? detailedMessage : failureMessage);
+    }
+  }
+
+  protected String consumeLastCliOperationError() {
+    return WalletApi.consumeLastCliOperationError();
+  }
+
+  private void throwCliError(String code, String fallbackMessage, Exception e) {
+    if (e instanceof CommandErrorException) {
+      throw (CommandErrorException) e;
+    }
+    String message = fallbackMessage;
+    if (e != null && StringUtils.isNotEmpty(e.getMessage())) {
+      message = e.getMessage();
+    }
+    throw new CommandErrorException(code, message);
+  }
+
+  private byte[] getUnifiedPasswordCopyForCli(String commandName) {
+    requireLoggedInWalletForCli();
+    byte[] pwd = wallet.getUnifiedPassword();
+    if (ArrayUtils.isEmpty(pwd)) {
+      throw new CommandErrorException("auth_required",
+          "MASTER_PASSWORD is required for " + commandName + " in standard CLI mode.");
+    }
+    return Arrays.copyOf(pwd, pwd.length);
+  }
+
   public boolean isUnifiedExist() {
     return isLoginState() && ArrayUtils.isNotEmpty(wallet.getUnifiedPassword());
   }
@@ -622,6 +680,38 @@ public boolean generateSubAccount() throws IOException {
     return true;
   }
 
+  public void generateSubAccountOrThrow() throws IOException {
+    requireLoggedInWalletForCli();
+
+    byte[] passwd = getUnifiedPasswordCopyForCli("generate-sub-account");
+    byte[] mnemonic = null;
+    SubAccount subAccount = null;
+    try {
+      wallet.checkPassword(passwd);
+      String ownerAddress = WalletApi.encode58Check(wallet.getAddress());
+      mnemonic = MnemonicUtils.exportMnemonic(passwd, ownerAddress);
+      if (mnemonic == null || mnemonic.length == 0) {
+        throw new CommandErrorException("execution_error", "GenerateSubAccount failed !!");
+      }
+      subAccount = new SubAccount(passwd, new String(mnemonic), 0);
+      subAccount.start(wallet);
+    } catch (CipherException e) {
+      throw new CommandErrorException("auth_required",
+          "MASTER_PASSWORD verification failed for generate-sub-account.");
+    } catch (CommandErrorException e) {
+      throw e;
+    } catch (Exception e) {
+      throw new CommandErrorException("execution_error",
+          StringUtils.isNotEmpty(e.getMessage()) ? e.getMessage() : "GenerateSubAccount failed !!");
+    } finally {
+      if (subAccount != null) {
+        subAccount.clearSensitiveData();
+      }
+      clear(mnemonic);
+      clear(passwd);
+    }
+  }
+
   public boolean importWalletByMnemonic(List<String> mnemonicWords, byte[] passwd) {
     SubAccount subAccount = null;
     try {
@@ -779,7 +869,7 @@ public Response.Account queryAccount(byte[] address) {
       return null;
     }
 
-    return wallet.queryAccount();
+    return WalletApi.queryAccount(address);
   }
 
   public boolean sendCoin(byte[] ownerAddress, byte[] toAddress, long amount, boolean multi)
@@ -792,6 +882,19 @@ public boolean sendCoin(byte[] ownerAddress, byte[] toAddress, long amount, bool
     return wallet.sendCoin(ownerAddress, toAddress, amount, multi);
   }
 
+  public void sendCoinForCli(byte[] ownerAddress, byte[] toAddress, long amount, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.sendCoinForCli(ownerAddress, toAddress, amount, multi),
+          "SendCoin failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "SendCoin failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "SendCoin failed !!", e);
+    }
+  }
+
   public boolean transferAsset(byte[] ownerAddress, byte[] toAddress, String assertName,
                                long amount, boolean multi)
       throws IOException, CipherException, CancelException, IllegalException {
@@ -803,6 +906,20 @@ public boolean transferAsset(byte[] ownerAddress, byte[] toAddress, String asser
     return wallet.transferAsset(ownerAddress, toAddress, assertName.getBytes(), amount, multi);
   }
 
+  public void transferAssetForCli(byte[] ownerAddress, byte[] toAddress, String assetName,
+      long amount, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.transferAssetForCli(ownerAddress, toAddress, assetName.getBytes(), amount, multi),
+          "TransferAsset failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "TransferAsset failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "TransferAsset failed !!", e);
+    }
+  }
+
   public boolean participateAssetIssue(byte[] ownerAddress, byte[] toAddress, String assertName,
                                        long amount, boolean multi) throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -813,6 +930,21 @@ public boolean participateAssetIssue(byte[] ownerAddress, byte[] toAddress, Stri
     return wallet.participateAssetIssue(ownerAddress, toAddress, assertName.getBytes(), amount, multi);
   }
 
+  public void participateAssetIssueForCli(byte[] ownerAddress, byte[] toAddress, String assetName,
+      long amount, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.participateAssetIssueForCli(ownerAddress, toAddress, assetName.getBytes(), amount,
+              multi),
+          "ParticipateAssetIssue failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "ParticipateAssetIssue failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "ParticipateAssetIssue failed !!", e);
+    }
+  }
+
   public boolean assetIssue(byte[] ownerAddress, String name, String abbrName, long totalSupply,
                             int trxNum, int icoNum,
                             int precision, long startTime, long endTime, int voteScore, String description, String url,
@@ -889,6 +1021,19 @@ public boolean createWitness(byte[] ownerAddress, String url, boolean multi)
     return wallet.createWitness(ownerAddress, url.getBytes(), multi);
   }
 
+  public void createWitnessForCli(byte[] ownerAddress, String url, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.createWitnessForCli(ownerAddress, url.getBytes(), multi),
+          "CreateWitness failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "CreateWitness failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "CreateWitness failed !!", e);
+    }
+  }
+
   public boolean updateWitness(byte[] ownerAddress, String url, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -899,10 +1044,83 @@ public boolean updateWitness(byte[] ownerAddress, String url, boolean multi)
     return wallet.updateWitness(ownerAddress, url.getBytes(), multi);
   }
 
+  public void updateWitnessForCli(byte[] ownerAddress, String url, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.updateWitnessForCli(ownerAddress, url.getBytes(), multi),
+          "UpdateWitness failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "UpdateWitness failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "UpdateWitness failed !!", e);
+    }
+  }
+
   public Chain.Block getBlock(long blockNum) throws IllegalException {
     return WalletApi.getBlock(blockNum);
   }
 
+  public Response.AccountNetMessage getAccountNetForCli(byte[] address) {
+    try {
+      Response.AccountNetMessage result = WalletApi.getAccountNet(address);
+      if (result == null) {
+        throw new CommandErrorException("query_failed", "GetAccountNet failed");
+      }
+      return result;
+    } catch (CommandErrorException e) {
+      throw e;
+    } catch (Exception e) {
+      throwCliError("query_failed", "GetAccountNet failed", e);
+      return null;
+    }
+  }
+
+  public Response.AccountResourceMessage getAccountResourceForCli(byte[] address) {
+    try {
+      Response.AccountResourceMessage result = WalletApi.getAccountResource(address);
+      if (result == null) {
+        throw new CommandErrorException("query_failed", "GetAccountResource failed");
+      }
+      return result;
+    } catch (CommandErrorException e) {
+      throw e;
+    } catch (Exception e) {
+      throwCliError("query_failed", "GetAccountResource failed", e);
+      return null;
+    }
+  }
+
+  public Chain.Transaction getTransactionByIdForCli(String txId) {
+    try {
+      Chain.Transaction result = WalletApi.getTransactionById(txId);
+      if (result == null) {
+        throw new CommandErrorException("query_failed", "GetTransactionById failed");
+      }
+      return result;
+    } catch (CommandErrorException e) {
+      throw e;
+    } catch (Exception e) {
+      throwCliError("query_failed", "GetTransactionById failed", e);
+      return null;
+    }
+  }
+
+  public Response.TransactionInfo getTransactionInfoByIdForCli(String txId) {
+    try {
+      Response.TransactionInfo result = WalletApi.getTransactionInfoById(txId);
+      if (result == null) {
+        throw new CommandErrorException("query_failed", "GetTransactionInfoById failed");
+      }
+      return result;
+    } catch (CommandErrorException e) {
+      throw e;
+    } catch (Exception e) {
+      throwCliError("query_failed", "GetTransactionInfoById failed", e);
+      return null;
+    }
+  }
+
   public long getTransactionCountByBlockNum(long blockNum) {
     return WalletApi.getTransactionCountByBlockNum(blockNum);
   }
@@ -925,7 +1143,21 @@ public Response.WitnessList listWitnesses() {
     try {
       return WalletApi.listWitnesses();
     } catch (Exception ex) {
-      ex.printStackTrace();
+      return null;
+    }
+  }
+
+  public Response.WitnessList listWitnessesForCli() {
+    try {
+      Response.WitnessList result = WalletApi.listWitnesses();
+      if (result == null) {
+        throw new CommandErrorException("query_failed", "ListWitnesses failed");
+      }
+      return result;
+    } catch (CommandErrorException e) {
+      throw e;
+    } catch (Exception e) {
+      throwCliError("query_failed", "ListWitnesses failed", e);
       return null;
     }
   }
@@ -1016,6 +1248,19 @@ public boolean updateAccount(byte[] ownerAddress, byte[] accountNameBytes, boole
     return wallet.updateAccount(ownerAddress, accountNameBytes, multi);
   }
 
+  public void updateAccountForCli(byte[] ownerAddress, byte[] accountNameBytes, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.updateAccountForCli(ownerAddress, accountNameBytes, multi),
+          "Update Account failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "Update Account failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "Update Account failed !!", e);
+    }
+  }
+
   public boolean setAccountId(byte[] ownerAddress, byte[] accountIdBytes)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1026,6 +1271,19 @@ public boolean setAccountId(byte[] ownerAddress, byte[] accountIdBytes)
     return wallet.setAccountId(ownerAddress, accountIdBytes);
   }
 
+  public void setAccountIdForCli(byte[] ownerAddress, byte[] accountIdBytes) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.setAccountIdForCli(ownerAddress, accountIdBytes),
+          "Set AccountId failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "Set AccountId failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "Set AccountId failed !!", e);
+    }
+  }
+
 
   public boolean updateAsset(byte[] ownerAddress, byte[] description, byte[] url, long newLimit,
                              long newPublicLimit, boolean multi) throws CipherException, IOException, CancelException, IllegalException {
@@ -1037,6 +1295,20 @@ public boolean updateAsset(byte[] ownerAddress, byte[] description, byte[] url,
     return wallet.updateAsset(ownerAddress, description, url, newLimit, newPublicLimit, multi);
   }
 
+  public void updateAssetForCli(byte[] ownerAddress, byte[] description, byte[] url, long newLimit,
+      long newPublicLimit, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.updateAssetForCli(ownerAddress, description, url, newLimit, newPublicLimit, multi),
+          "UpdateAsset failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "UpdateAsset failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "UpdateAsset failed !!", e);
+    }
+  }
+
   public boolean freezeBalance(byte[] ownerAddress, long frozen_balance, long frozen_duration,
                                int resourceCode, byte[] receiverAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1049,6 +1321,21 @@ public boolean freezeBalance(byte[] ownerAddress, long frozen_balance, long froz
         receiverAddress, multi);
   }
 
+  public void freezeBalanceForCli(byte[] ownerAddress, long frozenBalance, long frozenDuration,
+      int resourceCode, byte[] receiverAddress, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.freezeBalanceForCli(ownerAddress, frozenBalance, frozenDuration, resourceCode,
+              receiverAddress, multi),
+          "FreezeBalance failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "FreezeBalance failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "FreezeBalance failed !!", e);
+    }
+  }
+
   public boolean freezeBalanceV2(byte[] ownerAddress, long frozenBalance,
                                  int resourceCode, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1059,6 +1346,20 @@ public boolean freezeBalanceV2(byte[] ownerAddress, long frozenBalance,
     return wallet.freezeBalanceV2(ownerAddress, frozenBalance, resourceCode, multi);
   }
 
+  public void freezeBalanceV2ForCli(byte[] ownerAddress, long frozenBalance,
+      int resourceCode, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.freezeBalanceV2ForCli(ownerAddress, frozenBalance, resourceCode, multi),
+          "FreezeBalanceV2 failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "FreezeBalanceV2 failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "FreezeBalanceV2 failed !!", e);
+    }
+  }
+
   public boolean unfreezeBalance(byte[] ownerAddress, int resourceCode, byte[] receiverAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1069,6 +1370,20 @@ public boolean unfreezeBalance(byte[] ownerAddress, int resourceCode, byte[] rec
     return wallet.unfreezeBalance(ownerAddress, resourceCode, receiverAddress, multi);
   }
 
+  public void unfreezeBalanceForCli(byte[] ownerAddress, int resourceCode, byte[] receiverAddress,
+      boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.unfreezeBalanceForCli(ownerAddress, resourceCode, receiverAddress, multi),
+          "UnfreezeBalance failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "UnfreezeBalance failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "UnfreezeBalance failed !!", e);
+    }
+  }
+
   public boolean unfreezeBalanceV2(byte[] ownerAddress, long unfreezeBalance
       , int resourceCode, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1080,6 +1395,20 @@ public boolean unfreezeBalanceV2(byte[] ownerAddress, long unfreezeBalance
     return wallet.unfreezeBalanceV2(ownerAddress, unfreezeBalance, resourceCode, multi);
   }
 
+  public void unfreezeBalanceV2ForCli(byte[] ownerAddress, long unfreezeBalance,
+      int resourceCode, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.unfreezeBalanceV2ForCli(ownerAddress, unfreezeBalance, resourceCode, multi),
+          "UnfreezeBalanceV2 failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "UnfreezeBalanceV2 failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "UnfreezeBalanceV2 failed !!", e);
+    }
+  }
+
   public boolean withdrawExpireUnfreeze(byte[] ownerAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1090,6 +1419,19 @@ public boolean withdrawExpireUnfreeze(byte[] ownerAddress, boolean multi)
     return wallet.withdrawExpireUnfreeze(ownerAddress, multi);
   }
 
+  public void withdrawExpireUnfreezeForCli(byte[] ownerAddress, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.withdrawExpireUnfreezeForCli(ownerAddress, multi),
+          "WithdrawExpireUnfreeze failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "WithdrawExpireUnfreeze failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "WithdrawExpireUnfreeze failed !!", e);
+    }
+  }
+
   public boolean delegateresource(byte[] ownerAddress, long balance
       , int resourceCode, byte[] receiverAddress, boolean lock, long lockPeriod, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1102,6 +1444,21 @@ public boolean delegateresource(byte[] ownerAddress, long balance
         receiverAddress, lock, lockPeriod, multi);
   }
 
+  public void delegateResourceForCli(byte[] ownerAddress, long balance, int resourceCode,
+      byte[] receiverAddress, boolean lock, long lockPeriod, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.delegateResourceForCli(ownerAddress, balance, resourceCode, receiverAddress, lock,
+              lockPeriod, multi),
+          "DelegateResource failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "DelegateResource failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "DelegateResource failed !!", e);
+    }
+  }
+
   public boolean undelegateresource(byte[] ownerAddress, long balance
       , int resourceCode, byte[] receiverAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1113,6 +1470,21 @@ public boolean undelegateresource(byte[] ownerAddress, long balance
     return wallet.unDelegateResource(ownerAddress, balance, resourceCode, receiverAddress, multi);
   }
 
+  public void undelegateResourceForCli(byte[] ownerAddress, long balance, int resourceCode,
+      byte[] receiverAddress, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.unDelegateResourceForCli(ownerAddress, balance, resourceCode, receiverAddress,
+              multi),
+          "UndelegateResource failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "UndelegateResource failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "UndelegateResource failed !!", e);
+    }
+  }
+
   public boolean cancelAllUnfreezeV2(byte[] ownerAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1122,6 +1494,19 @@ public boolean cancelAllUnfreezeV2(byte[] ownerAddress, boolean multi)
     return wallet.cancelAllUnfreezeV2(ownerAddress, multi);
   }
 
+  public void cancelAllUnfreezeV2ForCli(byte[] ownerAddress, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.cancelAllUnfreezeV2ForCli(ownerAddress, multi),
+          "CancelAllUnfreezeV2 failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "CancelAllUnfreezeV2 failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "CancelAllUnfreezeV2 failed !!", e);
+    }
+  }
+
   public boolean unfreezeAsset(byte[] ownerAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1132,6 +1517,19 @@ public boolean unfreezeAsset(byte[] ownerAddress, boolean multi)
     return wallet.unfreezeAsset(ownerAddress, multi);
   }
 
+  public void unfreezeAssetForCli(byte[] ownerAddress, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.unfreezeAssetForCli(ownerAddress, multi),
+          "UnfreezeAsset failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "UnfreezeAsset failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "UnfreezeAsset failed !!", e);
+    }
+  }
+
   public boolean withdrawBalance(byte[] ownerAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1142,6 +1540,19 @@ public boolean withdrawBalance(byte[] ownerAddress, boolean multi)
     return wallet.withdrawBalance(ownerAddress, multi);
   }
 
+  public void withdrawBalanceForCli(byte[] ownerAddress, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.withdrawBalanceForCli(ownerAddress, multi),
+          "WithdrawBalance failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "WithdrawBalance failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "WithdrawBalance failed !!", e);
+    }
+  }
+
   public boolean createProposal(byte[] ownerAddress, HashMap<Long, Long> parametersMap, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1152,6 +1563,20 @@ public boolean createProposal(byte[] ownerAddress, HashMap<Long, Long> parameter
     return wallet.createProposal(ownerAddress, parametersMap, multi);
   }
 
+  public void createProposalForCli(byte[] ownerAddress, HashMap<Long, Long> parametersMap,
+      boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.createProposalForCli(ownerAddress, parametersMap, multi),
+          "CreateProposal failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "CreateProposal failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "CreateProposal failed !!", e);
+    }
+  }
+
 
   public Response.ProposalList getProposalsList() {
     try {
@@ -1192,7 +1617,21 @@ public Response.ChainParameters getChainParameters() {
     try {
       return WalletApi.getChainParameters();
     } catch (Exception ex) {
-      ex.printStackTrace();
+      return null;
+    }
+  }
+
+  public Response.ChainParameters getChainParametersForCli() {
+    try {
+      Response.ChainParameters result = WalletApi.getChainParameters();
+      if (result == null) {
+        throw new CommandErrorException("query_failed", "GetChainParameters failed");
+      }
+      return result;
+    } catch (CommandErrorException e) {
+      throw e;
+    } catch (Exception e) {
+      throwCliError("query_failed", "GetChainParameters failed", e);
       return null;
     }
   }
@@ -1208,6 +1647,20 @@ public boolean approveProposal(byte[] ownerAddress, long id, boolean is_add_appr
     return wallet.approveProposal(ownerAddress, id, is_add_approval, multi);
   }
 
+  public void approveProposalForCli(byte[] ownerAddress, long id, boolean isAddApproval,
+      boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.approveProposalForCli(ownerAddress, id, isAddApproval, multi),
+          "ApproveProposal failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "ApproveProposal failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "ApproveProposal failed !!", e);
+    }
+  }
+
   public boolean deleteProposal(byte[] ownerAddress, long id, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1218,6 +1671,19 @@ public boolean deleteProposal(byte[] ownerAddress, long id, boolean multi)
     return wallet.deleteProposal(ownerAddress, id, multi);
   }
 
+  public void deleteProposalForCli(byte[] ownerAddress, long id, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.deleteProposalForCli(ownerAddress, id, multi),
+          "DeleteProposal failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "DeleteProposal failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "DeleteProposal failed !!", e);
+    }
+  }
+
   public boolean exchangeCreate(byte[] ownerAddress, byte[] firstTokenId, long firstTokenBalance,
                                 byte[] secondTokenId, long secondTokenBalance, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1230,6 +1696,21 @@ public boolean exchangeCreate(byte[] ownerAddress, byte[] firstTokenId, long fir
         secondTokenId, secondTokenBalance, multi);
   }
 
+  public void exchangeCreateForCli(byte[] ownerAddress, byte[] firstTokenId, long firstTokenBalance,
+      byte[] secondTokenId, long secondTokenBalance, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.exchangeCreateForCli(ownerAddress, firstTokenId, firstTokenBalance,
+              secondTokenId, secondTokenBalance, multi),
+          "ExchangeCreate failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "ExchangeCreate failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "ExchangeCreate failed !!", e);
+    }
+  }
+
   public boolean exchangeInject(byte[] ownerAddress, long exchangeId, byte[] tokenId, long quant, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1240,6 +1721,20 @@ public boolean exchangeInject(byte[] ownerAddress, long exchangeId, byte[] token
     return wallet.exchangeInject(ownerAddress, exchangeId, tokenId, quant, multi);
   }
 
+  public void exchangeInjectForCli(byte[] ownerAddress, long exchangeId, byte[] tokenId, long quant,
+      boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.exchangeInjectForCli(ownerAddress, exchangeId, tokenId, quant, multi),
+          "ExchangeInject failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "ExchangeInject failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "ExchangeInject failed !!", e);
+    }
+  }
+
   public boolean exchangeWithdraw(byte[] ownerAddress, long exchangeId, byte[] tokenId, long quant, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1250,6 +1745,20 @@ public boolean exchangeWithdraw(byte[] ownerAddress, long exchangeId, byte[] tok
     return wallet.exchangeWithdraw(ownerAddress, exchangeId, tokenId, quant, multi);
   }
 
+  public void exchangeWithdrawForCli(byte[] ownerAddress, long exchangeId, byte[] tokenId, long quant,
+      boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.exchangeWithdrawForCli(ownerAddress, exchangeId, tokenId, quant, multi),
+          "ExchangeWithdraw failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "ExchangeWithdraw failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "ExchangeWithdraw failed !!", e);
+    }
+  }
+
   public boolean exchangeTransaction(byte[] ownerAddress, long exchangeId, byte[] tokenId,
                                      long quant, long expected, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1261,6 +1770,20 @@ public boolean exchangeTransaction(byte[] ownerAddress, long exchangeId, byte[]
     return wallet.exchangeTransaction(ownerAddress, exchangeId, tokenId, quant, expected, multi);
   }
 
+  public void exchangeTransactionForCli(byte[] ownerAddress, long exchangeId, byte[] tokenId,
+      long quant, long expected, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.exchangeTransactionForCli(ownerAddress, exchangeId, tokenId, quant, expected, multi),
+          "ExchangeTransaction failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "ExchangeTransaction failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "ExchangeTransaction failed !!", e);
+    }
+  }
+
   public boolean updateSetting(byte[] ownerAddress, byte[] contractAddress,
                                long consumeUserResourcePercent, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1272,38 +1795,90 @@ public boolean updateSetting(byte[] ownerAddress, byte[] contractAddress,
 
   }
 
+  public void updateSettingForCli(byte[] ownerAddress, byte[] contractAddress,
+      long consumeUserResourcePercent, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.updateSettingForCli(ownerAddress, contractAddress, consumeUserResourcePercent, multi),
+          "UpdateSetting failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "UpdateSetting failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "UpdateSetting failed !!", e);
+    }
+  }
+
   public boolean updateEnergyLimit(byte[] ownerAddress, byte[] contractAddress,
                                    long originEnergyLimit, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
-      System.out.println("Warning: updateSetting " + failedHighlight() + ",  Please login first !!");
+      System.out.println("Warning: updateEnergyLimit " + failedHighlight() + ",  Please login first !!");
       return false;
     }
 
     return wallet.updateEnergyLimit(ownerAddress, contractAddress, originEnergyLimit, multi);
   }
 
+  public void updateEnergyLimitForCli(byte[] ownerAddress, byte[] contractAddress,
+      long originEnergyLimit, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.updateEnergyLimitForCli(ownerAddress, contractAddress, originEnergyLimit, multi),
+          "UpdateEnergyLimit failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "UpdateEnergyLimit failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "UpdateEnergyLimit failed !!", e);
+    }
+  }
+
   public boolean clearContractABI(byte[] ownerAddress, byte[] contractAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
-      System.out.println("Warning: updateSetting " + failedHighlight() + ",  Please login first !!");
+      System.out.println("Warning: clearContractABI " + failedHighlight() + ",  Please login first !!");
       return false;
     }
     return wallet.clearContractABI(ownerAddress, contractAddress, multi);
   }
 
-  public boolean clearWalletKeystore() {
+  public void clearContractAbiForCli(byte[] ownerAddress, byte[] contractAddress, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.clearContractAbiForCli(ownerAddress, contractAddress, multi),
+          "ClearContractABI failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "ClearContractABI failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "ClearContractABI failed !!", e);
+    }
+  }
+
+  public boolean clearWalletKeystore(boolean force) {
     if (wallet == null || !wallet.isLoginState()) {
       System.out.println("Warning: clearWalletKeystore " + failedHighlight() + ",  Please login first !!");
       return false;
     }
-    boolean clearWalletKeystoreRet = wallet.clearWalletKeystore();
+    boolean clearWalletKeystoreRet = wallet.clearWalletKeystore(force);
     if (clearWalletKeystoreRet) {
       logout();
     }
     return clearWalletKeystoreRet;
   }
 
+  public void clearWalletKeystoreForCli(boolean force, File targetWalletFile) {
+    requireLoggedInWalletForCli();
+    if (targetWalletFile == null) {
+      throw new CommandErrorException("execution_error",
+          "ClearWalletKeystore failed: authenticated wallet target is unavailable.");
+    }
+    throwIfCliOperationFailed(clearWalletKeystoreTargetForCli(force, targetWalletFile),
+        "ClearWalletKeystore failed !!");
+    logout();
+  }
+
 
   public boolean deployContract(byte[] ownerAddress, String name, String abiStr, String codeStr,
                                 long feeLimit, long value, long consumeUserResourcePercent, long originEnergyLimit,
@@ -1320,6 +1895,24 @@ public boolean deployContract(byte[] ownerAddress, String name, String abiStr, S
             libraryAddressPair, compilerVersion, multi);
   }
 
+  public void deployContractForCli(byte[] ownerAddress, String name, String abiStr, String codeStr,
+      long feeLimit, long value, long consumeUserResourcePercent, long originEnergyLimit,
+      long tokenValue, String tokenId, String libraryAddressPair, String compilerVersion,
+      boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.deployContractForCli(ownerAddress, name, abiStr, codeStr, feeLimit, value,
+              consumeUserResourcePercent, originEnergyLimit, tokenValue, tokenId,
+              libraryAddressPair, compilerVersion, multi),
+          "DeployContract failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "DeployContract failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "DeployContract failed !!", e);
+    }
+  }
+
   public Triple<Boolean, Long, Long> callContract(byte[] ownerAddress, byte[] contractAddress, long callValue,
                               byte[] data, long feeLimit,
                               long tokenValue, String tokenId, boolean isConstant,
@@ -1336,12 +1929,75 @@ public Triple<Boolean, Long, Long> callContract(byte[] ownerAddress, byte[] cont
             isConstant, false, display, multi);
   }
 
+  public Triple<Boolean, Long, Long> callContractForCli(byte[] ownerAddress,
+      byte[] contractAddress, long callValue, byte[] data, long feeLimit, long tokenValue,
+      String tokenId, boolean isConstant, boolean display, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      Triple<Boolean, Long, Long> result = wallet.triggerContractForCli(ownerAddress,
+          contractAddress, callValue, data, feeLimit, tokenValue, tokenId, isConstant, false,
+          display, multi);
+      if (!Boolean.TRUE.equals(result.getLeft())) {
+        throwIfCliOperationFailed(false, "CallContract failed !!");
+      }
+      return result;
+    } catch (CommandErrorException e) {
+      throw e;
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "CallContract failed !!", e);
+      return Triple.of(false, 0L, 0L);
+    } catch (Exception e) {
+      throwCliError("execution_error", "CallContract failed !!", e);
+      return Triple.of(false, 0L, 0L);
+    }
+  }
+
+  public Response.TransactionExtention triggerConstantContractExtention(
+      byte[] ownerAddress,
+      byte[] contractAddress,
+      long callValue,
+      byte[] data,
+      long tokenValue,
+      String tokenId) {
+    if (wallet == null || !wallet.isLoginState()) {
+      if (ArrayUtils.isEmpty(ownerAddress)) {
+        throw new CommandErrorException("auth_required", "Please login first !!");
+      }
+      return WalletApi.triggerConstantContractExtentionDirect(
+          ownerAddress, contractAddress, callValue, data, tokenValue, tokenId);
+    }
+    try {
+      return wallet.triggerConstantContractExtention(
+          ownerAddress, contractAddress, callValue, data, tokenValue, tokenId);
+    } catch (IllegalStateException e) {
+      throw new CommandErrorException("auth_required",
+          StringUtils.isNotEmpty(e.getMessage()) ? e.getMessage() : "Please login first !!");
+    }
+  }
+
   public Triple<Boolean, Long, Long> getUSDTBalance(byte[] ownerAddress)
       throws Exception {
     if (wallet == null || !wallet.isLoginState()) {
-      // Reference Gasfree balance, login is required to query, as historical methods are reused
-      System.out.println("Warning: getUSDTBalance " + failedHighlight() + ",  Please login first !!");
-      return Triple.of(false, 0L, 0L);
+      if (ArrayUtils.isEmpty(ownerAddress)) {
+        throw new CommandErrorException("auth_required", "Please login first !!");
+      }
+      byte[] d = Hex.decode(AbiUtil.parseMethod("balanceOf(address)",
+          "\"" + encode58Check(ownerAddress) + "\"", false));
+      NetType netType = WalletApi.getCurrentNetwork();
+      byte[] contractAddress = WalletApi.decodeFromBase58Check(netType.getUsdtAddress());
+      Response.TransactionExtention result = WalletApi.triggerConstantContractExtentionDirect(
+          ownerAddress, contractAddress, 0, d, 0, EMPTY);
+      if (result == null || result.getResult() == null || !result.getResult().getResult()
+          || result.getConstantResultCount() == 0) {
+        return Triple.of(false, 0L, 0L);
+      }
+      BigInteger value = new BigInteger(1, result.getConstantResult(0).toByteArray());
+      try {
+        return Triple.of(true, 0L, value.longValueExact());
+      } catch (ArithmeticException e) {
+        throw new CommandErrorException("value_overflow",
+            "USDT balance exceeds representable range: " + value.toString());
+      }
     }
     if (ArrayUtils.isEmpty(ownerAddress)) {
       ownerAddress = wallet.getAddress();
@@ -1354,6 +2010,29 @@ public Triple<Boolean, Long, Long> getUSDTBalance(byte[] ownerAddress)
         0, d, 0, 0, EMPTY, true, true, false, false);
   }
 
+  public String getUSDTBalanceExact(byte[] ownerAddress) throws Exception {
+    if (wallet == null || !wallet.isLoginState()) {
+      if (ArrayUtils.isEmpty(ownerAddress)) {
+        throw new CommandErrorException("auth_required", "Please login first !!");
+      }
+    } else if (ArrayUtils.isEmpty(ownerAddress)) {
+      ownerAddress = wallet.getAddress();
+    }
+
+    byte[] d = Hex.decode(AbiUtil.parseMethod("balanceOf(address)",
+        "\"" + encode58Check(ownerAddress) + "\"", false));
+    NetType netType = WalletApi.getCurrentNetwork();
+    byte[] contractAddress = WalletApi.decodeFromBase58Check(netType.getUsdtAddress());
+    Response.TransactionExtention result = triggerConstantContractExtention(
+        ownerAddress, contractAddress, 0, d, 0, EMPTY);
+    if (result == null || result.getResult() == null || !result.getResult().getResult()
+        || result.getConstantResultCount() == 0) {
+      return null;
+    }
+    BigInteger value = new BigInteger(1, result.getConstantResult(0).toByteArray());
+    return value.toString();
+  }
+
   public boolean estimateEnergy(byte[] ownerAddress, byte[] contractAddress, long callValue,
                                 byte[] data, long tokenValue, String tokenId)
       throws CipherException, IOException, CancelException {
@@ -1366,6 +2045,32 @@ public boolean estimateEnergy(byte[] ownerAddress, byte[] contractAddress, long
         .estimateEnergy(ownerAddress, contractAddress, callValue, data, tokenValue, tokenId);
   }
 
+  public Response.EstimateEnergyMessage estimateEnergyMessage(
+      byte[] ownerAddress,
+      byte[] contractAddress,
+      long callValue,
+      byte[] data,
+      long tokenValue,
+      String tokenId) {
+    if (wallet == null || !wallet.isLoginState()) {
+      if (ArrayUtils.isEmpty(ownerAddress)) {
+        throw new CommandErrorException("auth_required", "Please login first !!");
+      }
+      return WalletApi.estimateEnergyMessageDirect(
+          ownerAddress, contractAddress, callValue, data, tokenValue, tokenId);
+    }
+    try {
+      return wallet.estimateEnergyMessage(
+          ownerAddress, contractAddress, callValue, data, tokenValue, tokenId);
+    } catch (IllegalStateException e) {
+      throw new CommandErrorException("auth_required",
+          StringUtils.isNotEmpty(e.getMessage()) ? e.getMessage() : "Please login first !!");
+    } catch (IOException e) {
+      throw new CommandErrorException("query_failed",
+          StringUtils.isNotEmpty(e.getMessage()) ? e.getMessage() : "EstimateEnergy failed");
+    }
+  }
+
   public boolean accountPermissionUpdate(byte[] ownerAddress, String permission, boolean multi)
       throws IOException, CipherException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
@@ -1375,6 +2080,20 @@ public boolean accountPermissionUpdate(byte[] ownerAddress, String permission, b
     return wallet.accountPermissionUpdate(ownerAddress, permission, multi);
   }
 
+  public void accountPermissionUpdateForCli(byte[] ownerAddress, String permission,
+      boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.accountPermissionUpdateForCli(ownerAddress, permission, multi),
+          "UpdateAccountPermission failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "UpdateAccountPermission failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "UpdateAccountPermission failed !!", e);
+    }
+  }
+
 
   public Chain.Transaction addTransactionSign(Chain.Transaction transaction)
       throws IOException, CipherException, CancelException {
@@ -1388,12 +2107,25 @@ public Chain.Transaction addTransactionSign(Chain.Transaction transaction)
   public boolean updateBrokerage(byte[] ownerAddress, int brokerage, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
-      System.out.println("Warning: updateSetting " + failedHighlight() + ",  Please login first !!");
+      System.out.println("Warning: updateBrokerage " + failedHighlight() + ",  Please login first !!");
       return false;
     }
     return wallet.updateBrokerage(ownerAddress, brokerage, multi);
   }
 
+  public void updateBrokerageForCli(byte[] ownerAddress, int brokerage, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.updateBrokerageForCli(ownerAddress, brokerage, multi),
+          "UpdateBrokerage failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "UpdateBrokerage failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "UpdateBrokerage failed !!", e);
+    }
+  }
+
   public org.tron.trident.api.GrpcAPI.NumberMessage getReward(byte[] ownerAddress) {
     return WalletApi.getReward(ownerAddress);
   }
@@ -1430,22 +2162,54 @@ public boolean marketSellAsset(
       long buyTokenQuantity, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
-      System.out.println("Warning: updateSetting " + failedHighlight() + ",  Please login first !!");
+      System.out.println("Warning: marketSellAsset " + failedHighlight() + ",  Please login first !!");
       return false;
     }
     return wallet.marketSellAsset(owner, sellTokenId, sellTokenQuantity,
         buyTokenId, buyTokenQuantity, multi);
   }
 
+  public void marketSellAssetForCli(
+      byte[] owner,
+      byte[] sellTokenId,
+      long sellTokenQuantity,
+      byte[] buyTokenId,
+      long buyTokenQuantity, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.marketSellAssetForCli(owner, sellTokenId, sellTokenQuantity, buyTokenId,
+              buyTokenQuantity, multi),
+          "MarketSellAsset failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "MarketSellAsset failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "MarketSellAsset failed !!", e);
+    }
+  }
+
   public boolean marketCancelOrder(byte[] owner, byte[] orderId, boolean multi)
       throws IOException, CipherException, CancelException, IllegalException {
     if (wallet == null || !wallet.isLoginState()) {
-      System.out.println("Warning: updateSetting " + failedHighlight() + ",  Please login first !!");
+      System.out.println("Warning: marketCancelOrder " + failedHighlight() + ",  Please login first !!");
       return false;
     }
     return wallet.marketCancelOrder(owner, orderId, multi);
   }
 
+  public void marketCancelOrderForCli(byte[] owner, byte[] orderId, boolean multi) {
+    requireLoggedInWalletForCli();
+    try {
+      throwIfCliOperationFailed(
+          wallet.marketCancelOrderForCli(owner, orderId, multi),
+          "MarketCancelOrder failed !!");
+    } catch (IllegalStateException e) {
+      throwCliError("execution_error", "MarketCancelOrder failed !!", e);
+    } catch (Exception e) {
+      throwCliError("execution_error", "MarketCancelOrder failed !!", e);
+    }
+  }
+
   public boolean getLedgerUser() {
     if (wallet == null || !wallet.isLoginState()) {
       System.out.println("Warning: getLedgerUser " + failedHighlight() + ",  Please login first !!");
@@ -1490,6 +2254,21 @@ public Response.MarketOrderPairList getMarketPairList() {
     }
   }
 
+  public Response.MarketOrderPairList getMarketPairListForCli() {
+    try {
+      Response.MarketOrderPairList result = WalletApi.getMarketPairList();
+      if (result == null) {
+        throw new CommandErrorException("query_failed", "GetMarketPairList failed");
+      }
+      return result;
+    } catch (CommandErrorException e) {
+      throw e;
+    } catch (Exception e) {
+      throwCliError("query_failed", "GetMarketPairList failed", e);
+      return null;
+    }
+  }
+
   public Response.MarketOrder getMarketOrderById(byte[] order) {
     try {
       return WalletApi.getMarketOrderById(order);
@@ -1508,7 +2287,7 @@ public Response.BlockExtention getBlock(String idOrNum, boolean detail) {
 
   public boolean lock() {
     if (wallet == null || !wallet.isLoginState()) {
-      System.out.println("Warning: updateSetting " + failedHighlight() + ",  Please login first !!");
+      System.out.println("Warning: lock " + failedHighlight() + ",  Please login first !!");
       return false;
     }
     if (!WalletApi.isLockAccount()) {
@@ -1520,7 +2299,7 @@ public boolean lock() {
 
   public boolean unlock(long durationSeconds) throws IOException {
     if (wallet == null || !wallet.isLoginState()) {
-      System.out.println("Warning: updateSetting " + failedHighlight() + ",  Please login first !!");
+      System.out.println("Warning: unlock " + failedHighlight() + ",  Please login first !!");
       return false;
     }
     if (!WalletApi.isLockAccount()) {
@@ -1538,13 +2317,34 @@ public boolean unlock(long durationSeconds) throws IOException {
     return wallet.unlock(passwd, durationSeconds);
   }
 
+  public void unlockOrThrow(long durationSeconds) throws IOException {
+    requireLoggedInWalletForCli();
+    if (!WalletApi.isLockAccount()) {
+      throw new CommandErrorException("execution_error",
+          "The account locking and unlocking functions are not available. Please configure "
+              + greenBoldHighlight("lockAccount = true") + " in " + blueBoldHighlight("config.conf")
+              + " and try again.");
+    }
+
+    byte[] passwd = getUnifiedPasswordCopyForCli("unlock");
+    try {
+      wallet.checkPassword(passwd);
+      throwIfCliOperationFailed(wallet.unlock(passwd, durationSeconds), "Unlock failed !!");
+    } catch (CipherException e) {
+      throw new CommandErrorException("auth_required",
+          "MASTER_PASSWORD verification failed for unlock.");
+    } finally {
+      clear(passwd);
+    }
+  }
+
   public void cleanup() {
     if (wallet != null && wallet.isLoginState()) {
       wallet.cleanup();
     }
   }
 
-  public boolean resetWallet() {
+  public boolean resetWallet(boolean force) {
     String ownerAddress = EMPTY;
     List<String> walletPath;
     try {
@@ -1561,7 +2361,9 @@ public boolean resetWallet() {
     }
     boolean deleteAll;
     try {
-      deleteAll = ClearWalletUtils.confirmAndDeleteWallet(ownerAddress, filePaths);
+      deleteAll = force
+          ? ClearWalletUtils.forceDeleteWallet(ownerAddress, filePaths)
+          : ClearWalletUtils.confirmAndDeleteWallet(ownerAddress, filePaths);
     } catch (Exception e) {
       System.err.println("Error confirming and deleting wallet: " + e.getMessage());
       return false;
@@ -1580,6 +2382,82 @@ public boolean resetWallet() {
     return deleteAll;
   }
 
+  public void resetWalletForCli(boolean force) {
+    throwIfCliOperationFailed(resetOrClearWalletForCli(force, false), "ResetWallet failed !!");
+  }
+
+  private boolean clearWalletKeystoreTargetForCli(boolean force, File targetWalletFile) {
+    String ownerAddress = WalletApi.encode58Check(wallet.getAddress());
+    List<String> filePaths = new ArrayList<String>();
+    filePaths.add(targetWalletFile.getPath());
+
+    List<String> mnemonicPath = WalletUtils.getStoreFileNames(ownerAddress, "Mnemonic");
+    if (mnemonicPath != null && !mnemonicPath.isEmpty()) {
+      filePaths.addAll(mnemonicPath);
+    }
+
+    boolean deleteAll;
+    try {
+      deleteAll = force
+          ? ClearWalletUtils.deleteFilesQuiet(filePaths)
+          : ClearWalletUtils.confirmAndDeleteWallet(ownerAddress, filePaths);
+    } catch (Exception e) {
+      throwCliError("execution_error", "ClearWalletKeystore failed !!", e);
+      return false;
+    }
+    if (deleteAll) {
+      File ledgerDir = new File(LEDGER_DIR_NAME);
+      if (ledgerDir.exists()) {
+        try {
+          FileUtils.cleanDirectory(ledgerDir);
+        } catch (IOException e) {
+          throwCliError("execution_error", "ClearWalletKeystore failed !!", e);
+        }
+      }
+    }
+    return deleteAll;
+  }
+
+  private boolean resetOrClearWalletForCli(boolean force, boolean currentWalletOnly) {
+    String ownerAddress = currentWalletOnly ? WalletApi.encode58Check(wallet.getAddress()) : EMPTY;
+    List<String> walletPath;
+    try {
+      walletPath = WalletUtils.getStoreFileNames(ownerAddress, "Wallet");
+    } catch (Exception e) {
+      throwCliError("execution_error",
+          currentWalletOnly ? "ClearWalletKeystore failed !!" : "ResetWallet failed !!", e);
+      return false;
+    }
+    List<String> filePaths = new ArrayList<>(walletPath);
+
+    List<String> mnemonicPath = WalletUtils.getStoreFileNames(ownerAddress, "Mnemonic");
+    if (mnemonicPath != null && !mnemonicPath.isEmpty()) {
+      filePaths.addAll(mnemonicPath);
+    }
+    boolean deleteAll;
+    try {
+      deleteAll = force
+          ? ClearWalletUtils.deleteFilesQuiet(filePaths)
+          : ClearWalletUtils.confirmAndDeleteWallet(ownerAddress, filePaths);
+    } catch (Exception e) {
+      throwCliError("execution_error",
+          currentWalletOnly ? "ClearWalletKeystore failed !!" : "ResetWallet failed !!", e);
+      return false;
+    }
+    if (deleteAll) {
+      File ledgerDir = new File(LEDGER_DIR_NAME);
+      if (ledgerDir.exists()) {
+        try {
+          FileUtils.cleanDirectory(ledgerDir);
+        } catch (IOException e) {
+          throwCliError("execution_error",
+              currentWalletOnly ? "ClearWalletKeystore failed !!" : "ResetWallet failed !!", e);
+        }
+      }
+    }
+    return deleteAll;
+  }
+
   public boolean switchNetwork(String netWorkSymbol, String fulNode, String solidityNode) {
     if (StringUtils.isEmpty(netWorkSymbol) && StringUtils.isEmpty(fulNode) && StringUtils.isEmpty(solidityNode)) {
       System.out.println("Please select network：");
@@ -1617,6 +2495,27 @@ public boolean switchNetwork(String netWorkSymbol, String fulNode, String solidi
     return true;
   }
 
+  public void switchNetworkForCli(String netWorkSymbol, String fullNode, String solidityNode) {
+    if (StringUtils.isEmpty(netWorkSymbol) && StringUtils.isEmpty(fullNode)
+        && StringUtils.isEmpty(solidityNode)) {
+      throw new CommandErrorException("usage_error", "switch-network requires --network or custom node options");
+    }
+    try {
+      Pair<ApiClient, NetType> pair = getApiClientAndNetType(netWorkSymbol, fullNode, solidityNode);
+      WalletApi.updateRpcCli(pair.getLeft());
+      WalletApi.setCurrentNetwork(pair.getRight());
+      if (wallet != null) {
+        wallet.multiSignService = wallet.initMultiSignService();
+      }
+    } catch (CommandErrorException e) {
+      throw e;
+    } catch (IllegalArgumentException e) {
+      throw new CommandErrorException("usage_error", e.getMessage());
+    } catch (Exception e) {
+      throwCliError("execution_error", "SwitchNetwork failed !!", e);
+    }
+  }
+
   private Pair<ApiClient, NetType> getApiClientAndNetType(String netWorkSymbol, String fullNode,
                                                           String solidityNode) {
     ApiClient client;
@@ -1782,12 +2681,114 @@ public boolean getGasFreeInfo(String address) throws Exception {
     }
   }
 
+  public GasFreeAddressResponse getGasFreeInfoData(String address) throws Exception {
+    if (WalletApi.getCurrentNetwork() != MAIN && WalletApi.getCurrentNetwork() != NILE) {
+      throw new CommandErrorException("unsupported_network", GAS_FREE_SUPPORT_NETWORK_TIP);
+    }
+    if (StringUtils.isEmpty(address)) {
+      if (wallet == null || !wallet.isLoginState()) {
+        throw new CommandErrorException("auth_required", "Please login first !!");
+      }
+      address = getAddress();
+      if (StringUtils.isEmpty(address)) {
+        throw new CommandErrorException("query_failed", "Unable to determine current wallet address.");
+      }
+    }
+    if (!addressValid(address)) {
+      throw new CommandErrorException("invalid_input", "The address you entered is invalid.");
+    }
+    String resp;
+    try {
+      resp = GasFreeApi.address(WalletApi.getCurrentNetwork(), address);
+    } catch (IllegalArgumentException e) {
+      throw new CommandErrorException("missing_config", e.getMessage());
+    }
+    if (StringUtils.isEmpty(resp)) {
+      throw new CommandErrorException("query_failed", "GasFreeInfo failed");
+    }
+    JSONObject root = JSON.parseObject(resp);
+    int respCode = root.getIntValue("code");
+    JSONObject data = root.getJSONObject("data");
+    if (HTTP_OK != respCode) {
+      throw new CommandErrorException("query_failed", root.getString("message"));
+    }
+    if (Objects.isNull(data)) {
+      throw new CommandErrorException("not_found", "gas free address does not exist.");
+    }
+
+    String gasFreeAddress = data.getString("gasFreeAddress");
+    boolean active = data.getBooleanValue("active");
+    JSONArray assets = data.getJSONArray("assets");
+    if (Objects.isNull(assets) || assets.isEmpty()) {
+      throw new CommandErrorException("query_failed",
+          "GasFreeInfo response does not contain asset metadata.");
+    }
+
+    JSONObject asset = assets.getJSONObject(0);
+    String tokenAddress = asset.getString("tokenAddress");
+    byte[] d = Hex.decode(AbiUtil.parseMethod("balanceOf(address)",
+        "\"" + gasFreeAddress + "\"", false));
+    long activateFee = asset.getLongValue("activateFee");
+    long transferFee = asset.getLongValue("transferFee");
+    Triple<Boolean, Long, Long> triggerContractPair;
+    try {
+      triggerContractPair = wallet.triggerContract(
+          null,
+          decodeFromBase58Check(tokenAddress),
+          0,
+          d,
+          0,
+          0,
+          EMPTY,
+          true,
+          true,
+          false,
+          false);
+    } catch (IllegalStateException e) {
+      throw new CommandErrorException("auth_required",
+          StringUtils.isNotEmpty(e.getMessage()) ? e.getMessage() : "Please login first !!");
+    }
+    if (Boolean.FALSE.equals(triggerContractPair.getLeft())) {
+      throw new CommandErrorException("query_failed", "Failed to query GasFree token balance.");
+    }
+
+    Long tokenBalance = triggerContractPair.getRight();
+    GasFreeAddressResponse response = new GasFreeAddressResponse();
+    response.setGasFreeAddress(gasFreeAddress);
+    response.setActive(active);
+    response.setActivateFee(active ? 0 : activateFee);
+    response.setTransferFee(transferFee);
+    response.setTokenBalance(tokenBalance);
+    long maxTransferValue = tokenBalance - response.getActivateFee() - transferFee;
+    response.setMaxTransferValue(maxTransferValue > 0 ? maxTransferValue : 0);
+    return response;
+  }
+
   public boolean gasFreeTransfer(String receiver, long value) throws NoSuchAlgorithmException, IOException, InvalidKeyException, CipherException {
+    return gasFreeTransferInternal(receiver, value, false);
+  }
+
+  public String gasFreeTransferOrThrow(String receiver, long value)
+      throws NoSuchAlgorithmException, IOException, InvalidKeyException, CipherException {
+    lastGasFreeId = null;
+    throwIfCliOperationFailed(gasFreeTransferInternal(receiver, value, true),
+        "GasFreeTransfer failed !!");
+    return lastGasFreeId;
+  }
+
+  private boolean gasFreeTransferInternal(String receiver, long value, boolean standardCli)
+      throws NoSuchAlgorithmException, IOException, InvalidKeyException, CipherException {
     if (WalletApi.getCurrentNetwork() != MAIN && WalletApi.getCurrentNetwork() != NILE) {
+      if (standardCli) {
+        throw new CommandErrorException("unsupported_network", GAS_FREE_SUPPORT_NETWORK_TIP);
+      }
       System.out.println(GAS_FREE_SUPPORT_NETWORK_TIP);
       return false;
     }
     if (wallet == null || !wallet.isLoginState()) {
+      if (standardCli) {
+        throw new CommandErrorException("auth_required", "Please login first !!");
+      }
       System.out.println("Warning: GasFreeTransfer " + failedHighlight() + ",  Please login first !!");
       return false;
     }
@@ -1795,6 +2796,9 @@ public boolean gasFreeTransfer(String receiver, long value) throws NoSuchAlgorit
       throw new IllegalStateException(LOCK_WARNING);
     }
     if (!addressValid(receiver)) {
+      if (standardCli) {
+        throw new CommandErrorException("invalid_input", "The receiverAddress you entered is invalid.");
+      }
       System.out.println("The receiverAddress you entered is invalid.");
       return false;
     }
@@ -1806,7 +2810,16 @@ public boolean gasFreeTransfer(String receiver, long value) throws NoSuchAlgorit
     gasFreeSubmitRequest.setVersion(1);
     NetType currentNet = WalletApi.getCurrentNetwork();
     byte[] domainSeparator = getDomainSeparator(currentNet);
-    byte[] message = getMessage(currentNet, gasFreeSubmitRequest);
+    byte[] message;
+    try {
+      message = getMessage(currentNet, gasFreeSubmitRequest);
+    } catch (IllegalArgumentException e) {
+      if (standardCli) {
+        throw new CommandErrorException("missing_config", e.getMessage());
+      }
+      System.out.println(e.getMessage());
+      return false;
+    }
     if (ArrayUtils.isEmpty(message)) {
       return false;
     }
@@ -1819,70 +2832,111 @@ public boolean gasFreeTransfer(String receiver, long value) throws NoSuchAlgorit
 
     WalletFile wf = wallet.getWalletFile();
     byte[] passwd;
-    if (WalletApi.isLockAccount() && isUnifiedExist() && Arrays.equals(decodeFromBase58Check(wf.getAddress()), wallet.getAddress())) {
+    boolean clearPassword = false;
+    if (standardCli) {
+      passwd = getUnifiedPasswordCopyForCli("gas-free-transfer");
+      clearPassword = true;
+    } else if (WalletApi.isLockAccount() && isUnifiedExist()
+        && Arrays.equals(decodeFromBase58Check(wf.getAddress()), wallet.getAddress())) {
       passwd = wallet.getUnifiedPassword();
     } else {
       System.out.println("Please input your password.");
       passwd = char2Byte(inputPassword(false));
+      clearPassword = true;
     }
 
-    Credentials credentials = wallet.getCredentials();
-    if (credentials == null) {
-      credentials = loadCredentials(passwd, wf);
-    }
-
-    String privateKey = Hex.toHexString(credentials.getPair().getPrivateKey());
-    String ledgerPath = getLedgerPath(passwd, wf);
-    boolean isLedgerFile = wf.getName().contains("Ledger");
-    String signature = null;
-    if (isLedgerFile) {
-      Chain.Transaction transaction = Chain.Transaction.newBuilder().setRawData(Chain.Transaction.raw.newBuilder().setData(ByteString.copyFrom(keccak256(concat)))).build();
-      boolean ledgerResult = LedgerSignUtil.requestLedgerSignLogic(transaction, ledgerPath, wf.getAddress(), true);
-      if (ledgerResult) {
-        signature = TransactionSignManager.getInstance().getGasfreeSignature();
+    byte[] privateKeyBytes = null;
+    try {
+      Credentials credentials = wallet.getCredentials();
+      if (credentials == null) {
+        credentials = loadCredentials(passwd, wf);
       }
-      if (Objects.isNull(signature)) {
-        System.out.println("Listening ledger did not obtain signature.");
+
+      String ledgerPath = getLedgerPath(passwd, wf);
+      boolean isLedgerFile = wf.getName().contains("Ledger");
+      String signature = null;
+      if (isLedgerFile) {
+        Chain.Transaction transaction = Chain.Transaction.newBuilder().setRawData(
+            Chain.Transaction.raw.newBuilder().setData(ByteString.copyFrom(keccak256(concat)))).build();
+        boolean ledgerResult = LedgerSignUtil.requestLedgerSignLogic(transaction, ledgerPath, wf.getAddress(), true);
+        if (ledgerResult) {
+          signature = TransactionSignManager.getInstance().getGasfreeSignature();
+        }
+        if (Objects.isNull(signature)) {
+          TransactionSignManager.getInstance().setTransaction(null);
+          TransactionSignManager.getInstance().setGasfreeSignature(null);
+          if (standardCli) {
+            throw new CommandErrorException("execution_error",
+                "Listening ledger did not obtain signature.");
+          }
+          System.out.println("Listening ledger did not obtain signature.");
+          return false;
+        }
         TransactionSignManager.getInstance().setTransaction(null);
         TransactionSignManager.getInstance().setGasfreeSignature(null);
-        return false;
+      } else {
+        privateKeyBytes = credentials.getPair().getPrivKeyBytes();
+        signature = signOffChain(keccak256(concat), privateKeyBytes);
       }
-      TransactionSignManager.getInstance().setTransaction(null);
-      TransactionSignManager.getInstance().setGasfreeSignature(null);
-    } else {
-      signature = signOffChain(keccak256(concat), privateKey);
-    }
-    gasFreeSubmitRequest.setSig(signature);
-    boolean validated = validateSignOffChain(keccak256(concat), signature, address);
-    if (validated) {
-      String result = gasFreeSubmit(currentNet, gasFreeSubmitRequest);
-      if (StringUtils.isNotEmpty(result)) {
-        Object o = JSON.parse(result);
-        System.out.println("GasFreeTransfer result: \n" + JSON.toJSONString(o, true));
-        JSONObject root = (JSONObject) o;
-        int respCode = root.getIntValue("code");
-        boolean success = HTTP_OK == respCode;
-        if (success) {
-          TxHistoryManager txHistoryManager = new TxHistoryManager(encode58Check(wallet.getAddress()));
-          JSONObject data = root.getJSONObject("data");
-          String id = data != null ? data.getString("id") : DASH;
-          Tx tx = new Tx();
-          tx.setId(id);
-          tx.setType("GasFreeTransfer");
-          tx.setFrom(encode58Check(wallet.getAddress()));
-          tx.setTo(receiver);
-          tx.setAmount(String.valueOf(value));
-          tx.setTimestamp(LocalDateTime.now());
-          tx.setStatus("success");
-          txHistoryManager.addTransaction(WalletApi.getCurrentNetwork(), tx);
+      gasFreeSubmitRequest.setSig(signature);
+      boolean validated = validateSignOffChain(keccak256(concat), signature, address);
+      if (validated) {
+        String result;
+        try {
+          result = gasFreeSubmit(currentNet, gasFreeSubmitRequest);
+        } catch (IllegalArgumentException e) {
+          if (standardCli) {
+            throw new CommandErrorException("missing_config", e.getMessage());
+          }
+          System.out.println(e.getMessage());
+          return false;
+        }
+        if (StringUtils.isNotEmpty(result)) {
+          Object o = JSON.parse(result);
+          JSONObject root = (JSONObject) o;
+          int respCode = root.getIntValue("code");
+          boolean success = HTTP_OK == respCode;
+          if (!standardCli) {
+            System.out.println("GasFreeTransfer result: \n" + JSON.toJSONString(o, true));
+          }
+          if (success) {
+            TxHistoryManager txHistoryManager = new TxHistoryManager(encode58Check(wallet.getAddress()));
+            JSONObject data = root.getJSONObject("data");
+            String id = data != null ? data.getString("id") : DASH;
+            lastGasFreeId = id;
+            Tx tx = new Tx();
+            tx.setId(id);
+            tx.setType("GasFreeTransfer");
+            tx.setFrom(encode58Check(wallet.getAddress()));
+            tx.setTo(receiver);
+            tx.setAmount(String.valueOf(value));
+            tx.setTimestamp(LocalDateTime.now());
+            tx.setStatus("success");
+            txHistoryManager.addTransaction(WalletApi.getCurrentNetwork(), tx);
+          } else if (standardCli) {
+            String messageText = root.getString("message");
+            throw new CommandErrorException("execution_error",
+                StringUtils.isNotEmpty(messageText) ? messageText : "GasFreeTransfer failed !!");
+          }
+          return success;
+        }
+        if (standardCli) {
+          throw new CommandErrorException("execution_error", "GasFreeTransfer failed !!");
         }
-        return success;
-      } else {
         return false;
       }
-    } else {
+      if (standardCli) {
+        throw new CommandErrorException("execution_error", "Signature verification failed!");
+      }
       System.out.println("Signature verification failed!");
       return false;
+    } finally {
+      if (privateKeyBytes != null) {
+        Arrays.fill(privateKeyBytes, (byte) 0);
+      }
+      if (clearPassword) {
+        clear(passwd);
+      }
     }
   }
 
@@ -1911,6 +2965,32 @@ public boolean gasFreeTrace(String traceId) throws NoSuchAlgorithmException, IOE
     return false;
   }
 
+  public JSONObject gasFreeTraceData(String traceId)
+      throws NoSuchAlgorithmException, IOException, InvalidKeyException {
+    if (WalletApi.getCurrentNetwork() != MAIN && WalletApi.getCurrentNetwork() != NILE) {
+      throw new CommandErrorException("unsupported_network", GAS_FREE_SUPPORT_NETWORK_TIP);
+    }
+    String result;
+    try {
+      result = GasFreeApi.gasFreeTrace(WalletApi.getCurrentNetwork(), traceId);
+    } catch (IllegalArgumentException e) {
+      throw new CommandErrorException("missing_config", e.getMessage());
+    }
+    if (StringUtils.isEmpty(result)) {
+      throw new CommandErrorException("query_failed", "GasFreeTrace failed");
+    }
+
+    JSONObject root = JSON.parseObject(result);
+    int respCode = root.getIntValue("code");
+    if (HTTP_OK != respCode) {
+      throw new CommandErrorException("query_failed", root.getString("message"));
+    }
+    if (Objects.isNull(root.get("data"))) {
+      throw new CommandErrorException("not_found", "This id " + traceId + " does not have a trace.");
+    }
+    return root;
+  }
+
   public boolean modifyWalletName(String newName) throws IOException {
     if (wallet == null || !wallet.isLoginState()) {
       System.out.println("Warning: modifyWalletName " + failedHighlight() + ",  Please login first !!");
diff --git a/src/main/java/org/tron/walletcli/cli/ActiveWalletConfig.java b/src/main/java/org/tron/walletcli/cli/ActiveWalletConfig.java
new file mode 100644
index 00000000..3f95af92
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/ActiveWalletConfig.java
@@ -0,0 +1,243 @@
+package org.tron.walletcli.cli;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import org.tron.common.utils.FilePermissionUtils;
+import org.tron.keystore.WalletFile;
+import org.tron.keystore.WalletUtils;
+
+import java.io.File;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * Manages the active wallet configuration stored in Wallet/.active-wallet.
+ */
+public class ActiveWalletConfig {
+
+    private static final String WALLET_DIR = "Wallet";
+    private static final String CONFIG_FILE = ".active-wallet";
+    private static final Gson gson = new GsonBuilder().setPrettyPrinting().create();
+
+    public static File getWalletDir() {
+        return new File(System.getProperty("user.dir"), WALLET_DIR);
+    }
+
+    /**
+     * Get the active wallet address for inspection/recovery style commands.
+     *
+     * <p>This method is intentionally lenient: malformed or unreadable config is
+     * treated as "unset". Standard CLI auth paths must use the strict APIs.
+     */
+    public static String getActiveAddressLenient() {
+        File configFile = new File(getWalletDir(), CONFIG_FILE);
+        if (!configFile.exists()) {
+            return null;
+        }
+        try {
+            return readActiveAddressFromFile(configFile);
+        } catch (Exception e) {
+            // Corrupted config — treat as unset
+        }
+        return null;
+    }
+
+    /**
+     * Get the active wallet address, or null if not set.
+     * Throws if the config exists but cannot be read or validated.
+     */
+    public static String getActiveAddressStrict() throws IOException {
+        File configFile = new File(getWalletDir(), CONFIG_FILE);
+        if (!configFile.exists()) {
+            return null;
+        }
+        return readActiveAddressFromFile(configFile);
+    }
+
+    /**
+     * Set the active wallet address.
+     */
+    public static void setActiveAddress(String address) throws IOException {
+        File dir = getWalletDir();
+        if (!dir.exists()) {
+            dir.mkdirs();
+        }
+        FilePermissionUtils.setOwnerOnlyDirectory(dir.toPath());
+        File configFile = new File(dir, CONFIG_FILE);
+        Map<String, String> data = new LinkedHashMap<String, String>();
+        data.put("address", address);
+        try (FileWriter writer = new FileWriter(configFile)) {
+            gson.toJson(data, writer);
+        }
+        FilePermissionUtils.setOwnerOnlyFile(configFile.toPath());
+    }
+
+    /**
+     * Clear the active wallet config.
+     */
+    public static void clear() {
+        clearConfigFile(new File(getWalletDir(), CONFIG_FILE));
+    }
+
+    /**
+     * Find a keystore file by wallet address (Base58Check format).
+     * Returns null if not found.
+     */
+    public static File findWalletFileByAddress(String address) throws IOException {
+        File dir = getWalletDir();
+        return findWalletFileByAddress(dir, address);
+    }
+
+    static File findWalletFileByAddress(File dir, String address) throws IOException {
+        if (!dir.exists() || !dir.isDirectory()) {
+            return null;
+        }
+        File[] files = dir.listFiles((d, name) -> name.endsWith(".json"));
+        if (files == null) {
+            return null;
+        }
+        for (File f : files) {
+            WalletFile wf = WalletUtils.loadWalletFile(f);
+            if (address.equals(wf.getAddress())) {
+                return f;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * Find a keystore file by wallet name.
+     * Returns null if not found, throws if multiple matches.
+     */
+    public static File findWalletFileByName(String name) throws IOException {
+        File dir = getWalletDir();
+        return findWalletFileByName(dir, name);
+    }
+
+    static File findWalletFileByName(File dir, String name) throws IOException {
+        if (!dir.exists() || !dir.isDirectory()) {
+            return null;
+        }
+        File[] files = dir.listFiles((d, n) -> n.endsWith(".json"));
+        if (files == null) {
+            return null;
+        }
+        File match = null;
+        int count = 0;
+        for (File f : files) {
+            WalletFile wf = WalletUtils.loadWalletFile(f);
+            String walletName = wf.getName();
+            if (walletName == null) {
+                walletName = f.getName();
+            }
+            if (name.equals(walletName)) {
+                match = f;
+                count++;
+            }
+        }
+        if (count > 1) {
+            throw new IllegalArgumentException(
+                    "Multiple wallets found with name '" + name + "'. Use --address instead.");
+        }
+        return match;
+    }
+
+    public static File resolveWalletOverrideStrict(String walletSelection) throws IOException {
+        return resolveWalletOverrideStrict(getWalletDir(), walletSelection);
+    }
+
+    static File resolveWalletOverrideStrict(File walletDir, String walletSelection) throws IOException {
+        if (walletSelection == null || walletSelection.trim().isEmpty()) {
+            throw new IOException("Wallet selection must not be empty");
+        }
+
+        File explicitPath = new File(walletSelection);
+        if (explicitPath.isFile()) {
+            return explicitPath;
+        }
+
+        // If input looks like a filesystem path, it was an explicit path attempt —
+        // fail immediately instead of falling through to Wallet/ directory lookup.
+        // (Contract 3: --wallet Override Rules)
+        boolean looksLikePath = explicitPath.isAbsolute()
+                || walletSelection.contains("/")
+                || walletSelection.contains("\\")
+                || walletSelection.startsWith("./")
+                || walletSelection.startsWith("../")
+                || walletSelection.equals(".")
+                || walletSelection.equals("..");
+        if (looksLikePath) {
+            throw new IOException("Wallet file not found: " + walletSelection);
+        }
+
+        if (!walletDir.exists() || !walletDir.isDirectory()) {
+            throw new IOException("Wallet directory not found: " + walletDir.getPath());
+        }
+
+        File walletDirEntry = new File(walletDir, walletSelection);
+        if (walletDirEntry.isFile()) {
+            return walletDirEntry;
+        }
+
+        File byName = findWalletFileByName(walletDir, walletSelection);
+        if (byName != null) {
+            return byName;
+        }
+
+        throw new IOException("No wallet found for --wallet: " + walletSelection);
+    }
+
+    public static File resolveActiveWalletFileStrict() throws IOException {
+        return resolveActiveWalletFileStrict(getWalletDir());
+    }
+
+    static File resolveActiveWalletFileStrict(File walletDir) throws IOException {
+        if (!walletDir.exists() || !walletDir.isDirectory()) {
+            throw new IOException("Wallet directory not found: " + walletDir.getPath());
+        }
+        File configFile = new File(walletDir, CONFIG_FILE);
+        if (!configFile.exists()) {
+            return null;
+        }
+        String activeAddress = readActiveAddressFromFile(configFile);
+        if (activeAddress == null) {
+            return null;
+        }
+
+        File targetFile = findWalletFileByAddress(walletDir, activeAddress);
+        if (targetFile == null) {
+            throw new IOException(
+                    "Active wallet keystore not found for address: " + activeAddress
+                            + ". Use --wallet or set-active-wallet to select a valid wallet.");
+        }
+        return targetFile;
+    }
+
+    static String readActiveAddressFromFile(File configFile) throws IOException {
+        try (FileReader reader = new FileReader(configFile)) {
+            Map<String, Object> map = gson.fromJson(reader, Map.class);
+            if (map == null || !map.containsKey("address")) {
+                throw new IOException("Active wallet config is missing the address field");
+            }
+            Object address = map.get("address");
+            if (!(address instanceof String) || ((String) address).trim().isEmpty()) {
+                throw new IOException("Active wallet config contains an invalid address value");
+            }
+            return (String) address;
+        } catch (IOException e) {
+            throw e;
+        } catch (Exception e) {
+            throw new IOException("Could not read active wallet config: " + e.getMessage(), e);
+        }
+    }
+
+    static void clearConfigFile(File configFile) {
+        if (configFile.exists() && !configFile.delete()) {
+            System.err.println("Warning: Failed to delete active wallet config: "
+                    + configFile.getPath());
+        }
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/CliAbortException.java b/src/main/java/org/tron/walletcli/cli/CliAbortException.java
new file mode 100644
index 00000000..85939074
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/CliAbortException.java
@@ -0,0 +1,20 @@
+package org.tron.walletcli.cli;
+
+final class CliAbortException extends RuntimeException {
+
+    enum Kind {
+        EXECUTION,
+        USAGE
+    }
+
+    private final Kind kind;
+
+    CliAbortException(Kind kind) {
+        super(null, null, false, false);
+        this.kind = kind;
+    }
+
+    Kind getKind() {
+        return kind;
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/CliUsageException.java b/src/main/java/org/tron/walletcli/cli/CliUsageException.java
new file mode 100644
index 00000000..f73f3efe
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/CliUsageException.java
@@ -0,0 +1,8 @@
+package org.tron.walletcli.cli;
+
+final class CliUsageException extends IllegalArgumentException {
+
+    CliUsageException(String message) {
+        super(message);
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/CommandContext.java b/src/main/java/org/tron/walletcli/cli/CommandContext.java
new file mode 100644
index 00000000..3bae6310
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/CommandContext.java
@@ -0,0 +1,40 @@
+package org.tron.walletcli.cli;
+
+import java.io.File;
+
+public class CommandContext {
+
+    private static final CommandContext EMPTY = new CommandContext(null, null);
+
+    private final String walletOverride;
+    private final File resolvedAuthWalletFile;
+
+    public CommandContext(String walletOverride) {
+        this(walletOverride, null);
+    }
+
+    public CommandContext(String walletOverride, File resolvedAuthWalletFile) {
+        this.walletOverride = walletOverride;
+        this.resolvedAuthWalletFile = resolvedAuthWalletFile;
+    }
+
+    public static CommandContext empty() {
+        return EMPTY;
+    }
+
+    public static CommandContext fromGlobalOptions(GlobalOptions globalOptions) {
+        return new CommandContext(globalOptions != null ? globalOptions.getWallet() : null, null);
+    }
+
+    public String getWalletOverride() {
+        return walletOverride;
+    }
+
+    public File getResolvedAuthWalletFile() {
+        return resolvedAuthWalletFile;
+    }
+
+    public CommandContext withResolvedAuthWalletFile(File file) {
+        return new CommandContext(walletOverride, file);
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/CommandDefinition.java b/src/main/java/org/tron/walletcli/cli/CommandDefinition.java
new file mode 100644
index 00000000..8d4b4085
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/CommandDefinition.java
@@ -0,0 +1,360 @@
+package org.tron.walletcli.cli;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Immutable metadata for a single CLI command: name, aliases, description,
+ * option definitions, and the handler that executes it.
+ *
+ * <p>Use {@link #builder()} to construct instances via the fluent Builder API.
+ */
+public class CommandDefinition {
+
+    public enum AuthPolicy {
+        NEVER,
+        REQUIRE
+    }
+
+    public interface AuthPolicyResolver {
+        AuthPolicy resolve(ParsedOptions opts);
+    }
+
+    private final String name;
+    private final List<String> aliases;
+    private final String description;
+    private final List<OptionDef> options;
+    private final CommandHandler handler;
+    private final AuthPolicyResolver authPolicyResolver;
+
+    private CommandDefinition(Builder b) {
+        this.name = b.name;
+        this.aliases = Collections.unmodifiableList(new ArrayList<String>(b.aliases));
+        this.description = b.description;
+        this.options = Collections.unmodifiableList(new ArrayList<OptionDef>(b.options));
+        this.handler = b.handler;
+        this.authPolicyResolver = b.authPolicyResolver;
+    }
+
+    // ---- Accessors ----------------------------------------------------------
+
+    public String getName() {
+        return name;
+    }
+
+    public List<String> getAliases() {
+        return aliases;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public List<OptionDef> getOptions() {
+        return options;
+    }
+
+    public CommandHandler getHandler() {
+        return handler;
+    }
+
+    public AuthPolicy resolveAuthPolicy(ParsedOptions opts) {
+        AuthPolicy policy = authPolicyResolver.resolve(opts);
+        if (policy == null) {
+            throw new IllegalStateException("Auth policy resolver returned null for command: " + name);
+        }
+        return policy;
+    }
+
+    // ---- Argument parsing ---------------------------------------------------
+
+    /**
+     * Parses command-local option tokens into {@link ParsedOptions}.
+     *
+     * <p>Rules:
+     * <ul>
+     *   <li>{@code --key value} or {@code --key=value} sets key to value</li>
+     *   <li>{@code -m} is accepted only for commands that declare a {@code multi} option</li>
+     *   <li>Boolean flags: {@code --flag} implies {@code true}; explicit values must be
+     *       one of {@code true}, {@code false}, {@code 1}, {@code 0}, {@code yes}, or {@code no}</li>
+     * </ul>
+     *
+     * <p>After parsing, all required options are validated.
+     *
+     * @param args the argument tokens (excluding the command name itself)
+     * @return parsed options
+     * @throws IllegalArgumentException if required options are missing or args are malformed
+     */
+    public ParsedOptions parseArgs(String[] args) {
+        Map<String, String> values = new LinkedHashMap<String, String>();
+
+        Map<String, OptionDef> optionsByName = new LinkedHashMap<String, OptionDef>();
+        for (OptionDef opt : options) {
+            optionsByName.put(opt.getName(), opt);
+        }
+
+        int i = 0;
+        while (i < args.length) {
+            String token = args[i];
+
+            if ("-m".equals(token)) {
+                OptionDef multiOption = optionsByName.get("multi");
+                if (multiOption == null || multiOption.getType() != OptionDef.Type.BOOLEAN) {
+                    throw new CliUsageException("Option -m is only supported for commands with --multi");
+                }
+                putBooleanValue(values, "multi", "true");
+                i++;
+                continue;
+            }
+
+            if (token.startsWith("--")) {
+                ParsedOptionToken optionToken = parseLongOptionToken(token);
+                OptionDef def = optionsByName.get(optionToken.name);
+                if (def == null) {
+                    throw new CliUsageException("Unknown option: --" + optionToken.name);
+                }
+
+                if (def.getType() == OptionDef.Type.BOOLEAN) {
+                    if (optionToken.hasInlineValue()) {
+                        putBooleanValue(values, optionToken.name,
+                                normalizeBooleanValue(optionToken.name, optionToken.inlineValue));
+                        i++;
+                        continue;
+                    }
+
+                    putBooleanValue(values, optionToken.name, "true");
+                    i++;
+                } else {
+                    if (values.containsKey(optionToken.name)) {
+                        throw new CliUsageException("Repeated option: --" + optionToken.name);
+                    }
+
+                    if (optionToken.hasInlineValue()) {
+                        values.put(optionToken.name,
+                                requireNonEmptyValue(optionToken.name, optionToken.inlineValue));
+                        i++;
+                    } else {
+                        if (i + 1 >= args.length || args[i + 1].startsWith("--")) {
+                            throw new CliUsageException("Missing value for --" + optionToken.name);
+                        }
+                        values.put(optionToken.name,
+                                requireNonEmptyValue(optionToken.name, args[i + 1]));
+                        i += 2;
+                    }
+                }
+            } else {
+                if (token.startsWith("-")) {
+                    throw new CliUsageException("Unknown option: " + token);
+                }
+                throw new CliUsageException("Unexpected argument: " + token);
+            }
+        }
+
+        List<String> missing = new ArrayList<String>();
+        for (OptionDef opt : options) {
+            if (opt.isRequired() && !values.containsKey(opt.getName())) {
+                missing.add(opt.getName());
+            }
+        }
+        if (!missing.isEmpty()) {
+            StringBuilder sb = new StringBuilder("Missing required option(s): ");
+            for (int j = 0; j < missing.size(); j++) {
+                if (j > 0) {
+                    sb.append(", ");
+                }
+                sb.append("--").append(missing.get(j));
+            }
+            throw new CliUsageException(sb.toString());
+        }
+
+        return new ParsedOptions(values);
+    }
+
+    private static String requireNonEmptyValue(String optionName, String rawValue) {
+        if (rawValue == null || rawValue.isEmpty()) {
+            throw new CliUsageException("Missing or empty value for --" + optionName);
+        }
+        return rawValue;
+    }
+
+    private static String normalizeBooleanValue(String optionName, String rawValue) {
+        return "true".equalsIgnoreCase(rawValue)
+                || "1".equals(rawValue)
+                || "yes".equalsIgnoreCase(rawValue)
+                ? "true"
+                : "false".equalsIgnoreCase(rawValue)
+                || "0".equals(rawValue)
+                || "no".equalsIgnoreCase(rawValue)
+                ? "false"
+                : invalidBooleanValue(optionName, rawValue);
+    }
+
+    private static String invalidBooleanValue(String optionName, String rawValue) {
+        throw new CliUsageException(
+                "Option --" + optionName + " requires a boolean value (true/false/1/0/yes/no), got: "
+                        + rawValue);
+    }
+
+    private static void putBooleanValue(Map<String, String> values, String optionName, String normalizedValue) {
+        String existing = values.get(optionName);
+        if (existing == null) {
+            values.put(optionName, normalizedValue);
+            return;
+        }
+        if (!existing.equals(normalizedValue)) {
+            throw new CliUsageException("Conflicting values for option: --" + optionName);
+        }
+    }
+
+    private static ParsedOptionToken parseLongOptionToken(String token) {
+        int equalsIndex = token.indexOf('=');
+        if (equalsIndex < 0) {
+            String name = token.substring(2);
+            if (name.isEmpty()) {
+                throw new CliUsageException("Empty option name: --");
+            }
+            return new ParsedOptionToken(name, null, false);
+        }
+
+        String name = token.substring(2, equalsIndex);
+        if (name.isEmpty()) {
+            throw new CliUsageException("Empty option name: --");
+        }
+        return new ParsedOptionToken(name, token.substring(equalsIndex + 1), true);
+    }
+
+    private static final class ParsedOptionToken {
+        private final String name;
+        private final String inlineValue;
+        private final boolean hasInlineValue;
+
+        private ParsedOptionToken(String name, String inlineValue, boolean hasInlineValue) {
+            this.name = name;
+            this.inlineValue = inlineValue;
+            this.hasInlineValue = hasInlineValue;
+        }
+
+        private boolean hasInlineValue() {
+            return hasInlineValue;
+        }
+    }
+
+    // ---- Help formatting ----------------------------------------------------
+
+    /**
+     * Formats a help text block for this command.
+     */
+    public String formatHelp() {
+        StringBuilder sb = new StringBuilder();
+        sb.append("Usage: wallet-cli ").append(name).append(" [options]\n\n");
+        sb.append(description).append("\n");
+
+        if (!aliases.isEmpty()) {
+            sb.append("\nAliases: ");
+            for (int i = 0; i < aliases.size(); i++) {
+                if (i > 0) {
+                    sb.append(", ");
+                }
+                sb.append(aliases.get(i));
+            }
+            sb.append("\n");
+        }
+
+        if (!options.isEmpty()) {
+            sb.append("\nOptions:\n");
+
+            // Calculate column width
+            int maxNameLen = 0;
+            for (OptionDef opt : options) {
+                int len = opt.getName().length() + 2; // "--" prefix
+                if (len > maxNameLen) {
+                    maxNameLen = len;
+                }
+            }
+
+            String fmt = "  %-" + (maxNameLen + 4) + "s %s%s\n";
+            for (OptionDef opt : options) {
+                String nameCol = "--" + opt.getName();
+                String reqMarker = opt.isRequired() ? " (required)" : "";
+                sb.append(String.format(fmt, nameCol, opt.getDescription(), reqMarker));
+            }
+        }
+
+        return sb.toString();
+    }
+
+    // ---- Builder ------------------------------------------------------------
+
+    public static Builder builder() {
+        return new Builder();
+    }
+
+    public static class Builder {
+        private String name;
+        private List<String> aliases = new ArrayList<String>();
+        private String description = "";
+        private List<OptionDef> options = new ArrayList<OptionDef>();
+        private CommandHandler handler;
+        private AuthPolicyResolver authPolicyResolver = opts -> AuthPolicy.REQUIRE;
+
+        private Builder() {
+        }
+
+        public Builder name(String name) {
+            this.name = name;
+            return this;
+        }
+
+        public Builder aliases(String... aliases) {
+            this.aliases = Arrays.asList(aliases);
+            return this;
+        }
+
+        public Builder description(String description) {
+            this.description = description;
+            return this;
+        }
+
+        public Builder option(String name, String desc, boolean required) {
+            this.options.add(new OptionDef(name, desc, required));
+            return this;
+        }
+
+        public Builder option(String name, String desc, boolean required, OptionDef.Type type) {
+            this.options.add(new OptionDef(name, desc, required, type));
+            return this;
+        }
+
+        public Builder handler(CommandHandler handler) {
+            this.handler = handler;
+            return this;
+        }
+
+        public Builder authPolicy(AuthPolicy authPolicy) {
+            this.authPolicyResolver = opts -> authPolicy;
+            return this;
+        }
+
+        public Builder authPolicyResolver(AuthPolicyResolver authPolicyResolver) {
+            if (authPolicyResolver == null) {
+                throw new IllegalArgumentException("authPolicyResolver cannot be null");
+            }
+            this.authPolicyResolver = authPolicyResolver;
+            return this;
+        }
+
+        public CommandDefinition build() {
+            if (name == null || name.isEmpty()) {
+                throw new IllegalStateException("Command name is required");
+            }
+            if (handler == null) {
+                throw new IllegalStateException("Command handler is required");
+            }
+            return new CommandDefinition(this);
+        }
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/CommandErrorException.java b/src/main/java/org/tron/walletcli/cli/CommandErrorException.java
new file mode 100644
index 00000000..b080dc92
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/CommandErrorException.java
@@ -0,0 +1,15 @@
+package org.tron.walletcli.cli;
+
+public final class CommandErrorException extends RuntimeException {
+
+    private final String code;
+
+    public CommandErrorException(String code, String message) {
+        super(message, null, false, false);
+        this.code = code;
+    }
+
+    public String getCode() {
+        return code;
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/CommandHandler.java b/src/main/java/org/tron/walletcli/cli/CommandHandler.java
new file mode 100644
index 00000000..1584f3b3
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/CommandHandler.java
@@ -0,0 +1,21 @@
+package org.tron.walletcli.cli;
+
+import org.tron.walletcli.WalletApiWrapper;
+
+/**
+ * Functional interface for command execution logic.
+ */
+public interface CommandHandler {
+
+    /**
+     * Executes the command.
+     *
+     * @param ctx     command execution context derived from runner-level state
+     * @param opts    parsed command-line options
+     * @param wrapper wallet API wrapper for blockchain operations
+     * @param out     output formatter for writing results
+     * @throws Exception if execution fails
+     */
+    void execute(CommandContext ctx, ParsedOptions opts, WalletApiWrapper wrapper, OutputFormatter out)
+            throws Exception;
+}
diff --git a/src/main/java/org/tron/walletcli/cli/CommandRegistry.java b/src/main/java/org/tron/walletcli/cli/CommandRegistry.java
new file mode 100644
index 00000000..63727fe3
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/CommandRegistry.java
@@ -0,0 +1,113 @@
+package org.tron.walletcli.cli;
+
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+public class CommandRegistry {
+
+    private final Map<String, CommandDefinition> commands = new LinkedHashMap<String, CommandDefinition>();
+    private final Map<String, String> aliasToName = new LinkedHashMap<String, String>();
+
+    public void add(CommandDefinition cmd) {
+        String nameLower = cmd.getName().toLowerCase();
+        if (aliasToName.containsKey(nameLower)) {
+            throw new IllegalStateException(
+                "Command name '" + cmd.getName() + "' conflicts with existing command '"
+                + aliasToName.get(nameLower) + "'");
+        }
+        for (String alias : cmd.getAliases()) {
+            String aliasLower = alias.toLowerCase();
+            if (aliasToName.containsKey(aliasLower)) {
+                throw new IllegalStateException(
+                    "Alias '" + alias + "' of command '" + cmd.getName()
+                    + "' conflicts with existing command '" + aliasToName.get(aliasLower) + "'");
+            }
+        }
+        commands.put(cmd.getName(), cmd);
+        aliasToName.put(nameLower, cmd.getName());
+        for (String alias : cmd.getAliases()) {
+            aliasToName.put(alias.toLowerCase(), cmd.getName());
+        }
+    }
+
+    public CommandDefinition lookup(String nameOrAlias) {
+        String normalized = nameOrAlias.toLowerCase();
+        String primaryName = aliasToName.get(normalized);
+        if (primaryName == null) return null;
+        return commands.get(primaryName);
+    }
+
+    public List<CommandDefinition> getAllCommands() {
+        return new ArrayList<CommandDefinition>(commands.values());
+    }
+
+    public List<String> getAllNames() {
+        return new ArrayList<String>(commands.keySet());
+    }
+
+    public int size() {
+        return commands.size();
+    }
+
+    public String formatGlobalHelp(String version) {
+        StringBuilder sb = new StringBuilder();
+        sb.append("TRON Wallet CLI").append(version).append("\n\n");
+        sb.append("Usage:\n");
+        sb.append("  wallet-cli [global options] <command> [command options]\n");
+        sb.append("  wallet-cli --interactive    Launch interactive REPL\n");
+        sb.append("  wallet-cli --help           Show this help\n");
+        sb.append("  wallet-cli <command> --help  Show command help\n\n");
+        sb.append("Global Options:\n");
+        sb.append("  --output <text|json>         Output format (default: text)\n");
+        sb.append("  --network <main|nile|shasta|custom> Network selection\n");
+        sb.append("  --wallet <name|path>         Select wallet file\n");
+        sb.append("  --grpc-endpoint <host:port>  Custom gRPC endpoint\n");
+        sb.append("  --quiet                      Suppress non-essential output\n");
+        sb.append("  --verbose                    Debug logging\n\n");
+        sb.append("Commands:\n");
+
+        int maxLen = 0;
+        for (CommandDefinition cmd : commands.values()) {
+            maxLen = Math.max(maxLen, cmd.getName().length());
+        }
+        String fmt = "  %-" + (maxLen + 2) + "s %s\n";
+        for (CommandDefinition cmd : commands.values()) {
+            sb.append(String.format(fmt, cmd.getName(), cmd.getDescription()));
+        }
+        sb.append("\nUse \"wallet-cli <command> --help\" for more information about a command.\n");
+        return sb.toString();
+    }
+
+    /** Find similar command names for "did you mean?" suggestions. */
+    public String suggest(String input) {
+        String normalized = input.toLowerCase();
+        int bestDist = Integer.MAX_VALUE;
+        String bestMatch = null;
+        for (String name : aliasToName.keySet()) {
+            int dist = levenshtein(normalized, name);
+            if (dist < bestDist && dist <= 3) {
+                bestDist = dist;
+                bestMatch = name;
+            }
+        }
+        return bestMatch;
+    }
+
+    private static int levenshtein(String a, String b) {
+        int[][] dp = new int[a.length() + 1][b.length() + 1];
+        for (int i = 0; i <= a.length(); i++) dp[i][0] = i;
+        for (int j = 0; j <= b.length(); j++) dp[0][j] = j;
+        for (int i = 1; i <= a.length(); i++) {
+            for (int j = 1; j <= b.length(); j++) {
+                int cost = a.charAt(i - 1) == b.charAt(j - 1) ? 0 : 1;
+                dp[i][j] = Math.min(Math.min(
+                        dp[i - 1][j] + 1,
+                        dp[i][j - 1] + 1),
+                        dp[i - 1][j - 1] + cost);
+            }
+        }
+        return dp[a.length()][b.length()];
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/GlobalOptions.java b/src/main/java/org/tron/walletcli/cli/GlobalOptions.java
new file mode 100644
index 00000000..1183ea29
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/GlobalOptions.java
@@ -0,0 +1,202 @@
+package org.tron.walletcli.cli;
+
+import java.util.Arrays;
+
+public class GlobalOptions {
+
+    private boolean interactive = false;
+    private boolean help = false;
+    private boolean version = false;
+    private String output = "text";
+    private String network = null;
+    private String wallet = null;
+    private String grpcEndpoint = null;
+    private boolean quiet = false;
+    private boolean verbose = false;
+    private String command = null;
+    private String[] commandArgs = new String[0];
+
+    public boolean isInteractive() { return interactive; }
+    public boolean isHelp() { return help; }
+    public boolean isVersion() { return version; }
+    public String getOutput() { return output; }
+    public String getNetwork() { return network; }
+    public String getWallet() { return wallet; }
+    public String getGrpcEndpoint() { return grpcEndpoint; }
+    public boolean isQuiet() { return quiet; }
+    public boolean isVerbose() { return verbose; }
+    public String getCommand() { return command; }
+    public String[] getCommandArgs() { return java.util.Arrays.copyOf(commandArgs, commandArgs.length); }
+
+    public OutputFormatter.OutputMode getOutputMode() {
+        return "json".equalsIgnoreCase(output)
+                ? OutputFormatter.OutputMode.JSON
+                : OutputFormatter.OutputMode.TEXT;
+    }
+
+    public static GlobalOptions parse(String[] args) {
+        GlobalOptions opts = new GlobalOptions();
+        boolean outputSeen = false;
+        boolean networkSeen = false;
+        boolean walletSeen = false;
+        boolean grpcEndpointSeen = false;
+        for (int i = 0; i < args.length; i++) {
+            String token = args[i];
+
+            if (!token.startsWith("-")) {
+                opts.command = token.toLowerCase();
+                opts.commandArgs = Arrays.copyOfRange(args, i + 1, args.length);
+                return opts;
+            }
+
+            if ("-h".equals(token)) {
+                opts.help = true;
+                continue;
+            }
+
+            if (token.startsWith("-h=")) {
+                throw new CliUsageException("Option -h does not take a value");
+            }
+
+            if (!token.startsWith("--")) {
+                throw new CliUsageException("Unknown global option: " + token);
+            }
+
+            ParsedLongOption parsed = parseLongOptionToken(token);
+            switch (parsed.name) {
+                case "interactive":
+                    ensureNoInlineValue(parsed, "--interactive");
+                    opts.interactive = true;
+                    break;
+                case "help":
+                    ensureNoInlineValue(parsed, "--help");
+                    opts.help = true;
+                    break;
+                case "version":
+                    ensureNoInlineValue(parsed, "--version");
+                    opts.version = true;
+                    break;
+                case "quiet":
+                    ensureNoInlineValue(parsed, "--quiet");
+                    if (opts.verbose) {
+                        throw new CliUsageException("Conflicting global options: --quiet and --verbose");
+                    }
+                    opts.quiet = true;
+                    break;
+                case "verbose":
+                    ensureNoInlineValue(parsed, "--verbose");
+                    if (opts.quiet) {
+                        throw new CliUsageException("Conflicting global options: --quiet and --verbose");
+                    }
+                    opts.verbose = true;
+                    break;
+                case "output":
+                    ensureNotRepeated(outputSeen, "--output");
+                    outputSeen = true;
+                    opts.output = requireOneOf(args, i, parsed, "--output", "text", "json");
+                    if (!parsed.hasInlineValue()) {
+                        i++;
+                    }
+                    break;
+                case "network":
+                    ensureNotRepeated(networkSeen, "--network");
+                    networkSeen = true;
+                    opts.network = requireOneOf(args, i, parsed, "--network", "main", "nile", "shasta", "custom");
+                    if (!parsed.hasInlineValue()) {
+                        i++;
+                    }
+                    break;
+                case "wallet":
+                    ensureNotRepeated(walletSeen, "--wallet");
+                    walletSeen = true;
+                    opts.wallet = requireValue(args, i, parsed, "--wallet");
+                    if (!parsed.hasInlineValue()) {
+                        i++;
+                    }
+                    break;
+                case "grpc-endpoint":
+                    ensureNotRepeated(grpcEndpointSeen, "--grpc-endpoint");
+                    grpcEndpointSeen = true;
+                    opts.grpcEndpoint = requireValue(args, i, parsed, "--grpc-endpoint");
+                    if (!parsed.hasInlineValue()) {
+                        i++;
+                    }
+                    break;
+                default:
+                    throw new CliUsageException("Unknown global option: --" + parsed.name);
+            }
+        }
+        return opts;
+    }
+
+    private static void ensureNoInlineValue(ParsedLongOption option, String optionName) {
+        if (option.hasInlineValue()) {
+            throw new CliUsageException("Option " + optionName + " does not take a value");
+        }
+    }
+
+    private static void ensureNotRepeated(boolean alreadySeen, String optionName) {
+        if (alreadySeen) {
+            throw new CliUsageException("Repeated global option: " + optionName);
+        }
+    }
+
+    private static String requireValue(String[] args, int optionIndex, ParsedLongOption option, String optionName) {
+        if (option.hasInlineValue()) {
+            if (option.inlineValue.isEmpty()) {
+                throw new CliUsageException("Missing or empty value for " + optionName);
+            }
+            return option.inlineValue;
+        }
+
+        int valueIndex = optionIndex + 1;
+        if (valueIndex >= args.length || args[valueIndex].startsWith("-")) {
+            throw new CliUsageException("Missing value for " + optionName);
+        }
+        return args[valueIndex];
+    }
+
+    private static String requireOneOf(String[] args, int optionIndex, ParsedLongOption option, String optionName,
+                                       String... allowedValues) {
+        String value = requireValue(args, optionIndex, option, optionName);
+        for (String allowedValue : allowedValues) {
+            if (allowedValue.equalsIgnoreCase(value)) {
+                return allowedValue;
+            }
+        }
+        throw new CliUsageException("Invalid value for " + optionName + ": " + value);
+    }
+
+    private static ParsedLongOption parseLongOptionToken(String token) {
+        int equalsIndex = token.indexOf('=');
+        if (equalsIndex < 0) {
+            String name = token.substring(2);
+            if (name.isEmpty()) {
+                throw new CliUsageException("Empty option name: --");
+            }
+            return new ParsedLongOption(name, null, false);
+        }
+
+        String name = token.substring(2, equalsIndex);
+        if (name.isEmpty()) {
+            throw new CliUsageException("Empty option name: --");
+        }
+        return new ParsedLongOption(name, token.substring(equalsIndex + 1), true);
+    }
+
+    private static final class ParsedLongOption {
+        private final String name;
+        private final String inlineValue;
+        private final boolean hasInlineValue;
+
+        private ParsedLongOption(String name, String inlineValue, boolean hasInlineValue) {
+            this.name = name;
+            this.inlineValue = inlineValue;
+            this.hasInlineValue = hasInlineValue;
+        }
+
+        private boolean hasInlineValue() {
+            return hasInlineValue;
+        }
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/OptionDef.java b/src/main/java/org/tron/walletcli/cli/OptionDef.java
new file mode 100644
index 00000000..fed770c1
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/OptionDef.java
@@ -0,0 +1,47 @@
+package org.tron.walletcli.cli;
+
+/**
+ * Defines a single command-line option: its name, description, whether it is
+ * required, and the expected value type.
+ */
+public class OptionDef {
+
+    public enum Type {
+        STRING,
+        LONG,
+        BOOLEAN,
+        ADDRESS
+    }
+
+    private final String name;
+    private final String description;
+    private final boolean required;
+    private final Type type;
+
+    public OptionDef(String name, String description, boolean required, Type type) {
+        this.name = name;
+        this.description = description;
+        this.required = required;
+        this.type = type;
+    }
+
+    public OptionDef(String name, String description, boolean required) {
+        this(name, description, required, Type.STRING);
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public boolean isRequired() {
+        return required;
+    }
+
+    public Type getType() {
+        return type;
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/OutputFormatter.java b/src/main/java/org/tron/walletcli/cli/OutputFormatter.java
new file mode 100644
index 00000000..d480907c
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/OutputFormatter.java
@@ -0,0 +1,253 @@
+package org.tron.walletcli.cli;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParser;
+import com.google.protobuf.Message;
+
+import java.io.PrintStream;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+public class OutputFormatter {
+
+    public enum OutputMode { TEXT, JSON }
+    private static final String MULTIPLE_OUTCOMES_MESSAGE = "Multiple terminal outcomes emitted";
+
+    private final OutputMode mode;
+    private final boolean quiet;
+    private final PrintStream out;
+    private final PrintStream err;
+    private Outcome outcome;
+    private static final Gson gson = new GsonBuilder().setPrettyPrinting().create();
+
+    public OutputFormatter(OutputMode mode, boolean quiet) {
+        this(mode, quiet, System.out, System.err);
+    }
+
+    public OutputFormatter(OutputMode mode, boolean quiet, PrintStream out, PrintStream err) {
+        this.mode = mode;
+        this.quiet = quiet;
+        this.out = out;
+        this.err = err;
+    }
+
+    OutputMode getMode() {
+        return mode;
+    }
+
+    private void emitJsonSuccess(Object data) {
+        Map<String, Object> envelope = new LinkedHashMap<String, Object>();
+        envelope.put("success", true);
+        envelope.put("data", data != null ? data : new LinkedHashMap<String, Object>());
+        out.println(gson.toJson(envelope));
+    }
+
+    private void emitJsonError(String code, String message) {
+        Map<String, Object> envelope = new LinkedHashMap<String, Object>();
+        envelope.put("success", false);
+        envelope.put("error", code);
+        envelope.put("message", message);
+        out.println(gson.toJson(envelope));
+    }
+
+    private Map<String, Object> wrapMessage(String text) {
+        Map<String, Object> data = new LinkedHashMap<String, Object>();
+        data.put("message", text);
+        return data;
+    }
+
+    private Map<String, Object> wrapResult(Object value) {
+        Map<String, Object> data = new LinkedHashMap<String, Object>();
+        data.put("result", value);
+        return data;
+    }
+
+    private Object normalizeJsonElement(JsonElement element) {
+        if (element == null || element.isJsonNull()) {
+            return new LinkedHashMap<String, Object>();
+        }
+        if (element.isJsonObject()) {
+            return element;
+        }
+        return wrapResult(element);
+    }
+
+    private Object normalizeJsonData(Object payload) {
+        if (payload == null) {
+            return new LinkedHashMap<String, Object>();
+        }
+        if (payload instanceof Map) {
+            return payload;
+        }
+        if (payload instanceof JsonElement) {
+            return normalizeJsonElement((JsonElement) payload);
+        }
+        if (payload instanceof Number || payload instanceof Boolean) {
+            return wrapResult(payload);
+        }
+
+        String text = String.valueOf(payload);
+        try {
+            return normalizeJsonElement(JsonParser.parseString(text));
+        } catch (Exception e) {
+            return wrapMessage(text);
+        }
+    }
+
+    private void recordSuccess(String textMessage, Object jsonData) {
+        if (outcome != null) {
+            recordMultipleOutcomeViolation();
+            throw new CliAbortException(CliAbortException.Kind.EXECUTION);
+        }
+        outcome = Outcome.success(textMessage, normalizeJsonData(jsonData));
+    }
+
+    private void recordError(String code, String message, CliAbortException.Kind abortKind, String usageHelp) {
+        if (outcome != null) {
+            recordMultipleOutcomeViolation();
+            throw new CliAbortException(CliAbortException.Kind.EXECUTION);
+        }
+        outcome = Outcome.error(code, message, usageHelp);
+        throw new CliAbortException(abortKind);
+    }
+
+    private void recordMultipleOutcomeViolation() {
+        outcome = Outcome.error("execution_error", MULTIPLE_OUTCOMES_MESSAGE, null);
+    }
+
+    public boolean hasOutcome() {
+        return outcome != null;
+    }
+
+    public void flush() {
+        if (outcome == null) {
+            return;
+        }
+
+        Outcome current = outcome;
+        outcome = null;
+        if (current.success) {
+            if (mode == OutputMode.JSON) {
+                emitJsonSuccess(current.jsonData);
+            } else {
+                out.println(current.textMessage);
+            }
+            return;
+        }
+
+        if (mode == OutputMode.JSON) {
+            emitJsonError(current.errorCode, current.errorMessage);
+        } else {
+            err.println("Error: " + current.errorMessage);
+            if (current.usageHelp != null) {
+                err.println();
+                err.println(current.usageHelp);
+            }
+        }
+    }
+
+    /** Print a successful result with a text message and optional JSON data. */
+    public void success(String textMessage, Object jsonData) {
+        recordSuccess(textMessage, jsonData);
+    }
+
+    /** Print a success message in text mode and expose it under data.message in JSON mode. */
+    public void successMessage(String textMessage) {
+        recordSuccess(textMessage, wrapMessage(textMessage));
+    }
+
+    /** Print command help in a formatter-owned success shape. */
+    public void help(String helpText) {
+        Map<String, Object> data = new LinkedHashMap<String, Object>();
+        data.put("help", helpText);
+        recordSuccess(helpText, data);
+    }
+
+    /** Print a simple success/failure result. */
+    public void result(boolean success, String successMsg, String failMsg) {
+        if (!success) {
+            error("execution_error", failMsg);
+            return;
+        }
+        successMessage(successMsg);
+    }
+
+    /** Print a protobuf message. Uses Utils.formatMessageString which decodes
+     *  addresses to Base58 and bytes to readable strings for both modes. */
+    public void protobuf(Message message, String failMsg) {
+        if (message == null) {
+            error("not_found", failMsg);
+            return;
+        }
+        String formatted = org.tron.common.utils.Utils.formatMessageString(message);
+        recordSuccess(formatted, formatted);
+    }
+
+    /** Print a message object (trident Response types or pre-formatted strings). */
+    public void printMessage(Object message, String failMsg) {
+        if (message == null) {
+            error("not_found", failMsg);
+            return;
+        }
+        recordSuccess(String.valueOf(message), message);
+    }
+
+    /** Print raw text. */
+    public void raw(String text) {
+        recordSuccess(text, wrapMessage(text));
+    }
+
+    /** Print a key-value pair. */
+    public void keyValue(String key, Object value) {
+        Map<String, Object> data = new LinkedHashMap<String, Object>();
+        data.put(key, value);
+        recordSuccess(key + " = " + value, data);
+    }
+
+    /** Print an error and signal exit code 1. */
+    public void error(String code, String message) {
+        recordError(code, message, CliAbortException.Kind.EXECUTION, null);
+    }
+
+    /** Print an error for usage mistakes and signal exit code 2. */
+    public void usageError(String message, CommandDefinition cmd) {
+        recordError("usage_error", message, CliAbortException.Kind.USAGE,
+                cmd != null ? cmd.formatHelp() : null);
+    }
+
+    /** Print info to stderr (suppressed in quiet mode and JSON mode). */
+    public void info(String message) {
+        if (!quiet && mode != OutputMode.JSON) {
+            err.println(message);
+        }
+    }
+
+    private static final class Outcome {
+        private final boolean success;
+        private final String textMessage;
+        private final Object jsonData;
+        private final String errorCode;
+        private final String errorMessage;
+        private final String usageHelp;
+
+        private Outcome(boolean success, String textMessage, Object jsonData,
+                        String errorCode, String errorMessage, String usageHelp) {
+            this.success = success;
+            this.textMessage = textMessage;
+            this.jsonData = jsonData;
+            this.errorCode = errorCode;
+            this.errorMessage = errorMessage;
+            this.usageHelp = usageHelp;
+        }
+
+        private static Outcome success(String textMessage, Object jsonData) {
+            return new Outcome(true, textMessage, jsonData, null, null, null);
+        }
+
+        private static Outcome error(String errorCode, String errorMessage, String usageHelp) {
+            return new Outcome(false, null, null, errorCode, errorMessage, usageHelp);
+        }
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/ParsedOptions.java b/src/main/java/org/tron/walletcli/cli/ParsedOptions.java
new file mode 100644
index 00000000..e61c1172
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/ParsedOptions.java
@@ -0,0 +1,85 @@
+package org.tron.walletcli.cli;
+
+import org.tron.walletserver.WalletApi;
+
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * Holds the parsed key-value pairs produced by {@link CommandDefinition#parseArgs}
+ * and provides typed accessors.
+ */
+public class ParsedOptions {
+
+    private final Map<String, String> values;
+
+    public ParsedOptions(Map<String, String> values) {
+        this.values = values == null
+                ? Collections.<String, String>emptyMap()
+                : new LinkedHashMap<String, String>(values);
+    }
+
+    /** Returns {@code true} if the option was supplied on the command line. */
+    public boolean has(String key) {
+        return values.containsKey(key);
+    }
+
+    /** Returns the raw string value, or {@code null} if absent. */
+    public String getString(String key) {
+        return values.get(key);
+    }
+
+    /**
+     * Returns the value parsed as a {@code long}.
+     *
+     * @throws IllegalArgumentException if the key is absent or not a valid long
+     */
+    public long getLong(String key) {
+        String raw = values.get(key);
+        if (raw == null) {
+            throw new IllegalArgumentException("Missing required option: --" + key);
+        }
+        try {
+            return Long.parseLong(raw);
+        } catch (NumberFormatException e) {
+            throw new IllegalArgumentException(
+                    "Option --" + key + " requires a numeric value, got: " + raw);
+        }
+    }
+
+    /**
+     * Returns the value parsed as a boolean.  Absent keys default to {@code false}.
+     */
+    public boolean getBoolean(String key) {
+        String raw = values.get(key);
+        if (raw == null) {
+            return false;
+        }
+        return "true".equalsIgnoreCase(raw) || "1".equals(raw) || "yes".equalsIgnoreCase(raw);
+    }
+
+    /**
+     * Decodes a Base58Check TRON address.
+     *
+     * @return the decoded address bytes
+     * @throws IllegalArgumentException if the key is absent or the address is invalid
+     */
+    public byte[] getAddress(String key) {
+        String raw = values.get(key);
+        if (raw == null) {
+            throw new IllegalArgumentException("Missing required option: --" + key);
+        }
+        byte[] decoded = WalletApi.decodeFromBase58Check(raw);
+        if (decoded == null) {
+            throw new IllegalArgumentException(
+                    "Invalid TRON address for --" + key + ": " + raw);
+        }
+        return decoded;
+    }
+
+    /** Returns an unmodifiable view of all parsed values. */
+    public Map<String, String> asMap() {
+        return Collections.unmodifiableMap(values);
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/StandardCliRunner.java b/src/main/java/org/tron/walletcli/cli/StandardCliRunner.java
new file mode 100644
index 00000000..e23759ff
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/StandardCliRunner.java
@@ -0,0 +1,266 @@
+package org.tron.walletcli.cli;
+
+import org.tron.common.enums.NetType;
+import org.tron.common.utils.TransactionUtils;
+import org.tron.keystore.StringUtils;
+import org.tron.keystore.WalletFile;
+import org.tron.walletserver.ApiClient;
+import org.tron.walletcli.WalletApiWrapper;
+import org.tron.walletserver.WalletApi;
+
+import java.io.File;
+import java.io.PrintStream;
+import java.util.Arrays;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+public class StandardCliRunner {
+
+    interface MasterPasswordProvider {
+        String get();
+    }
+
+    private final CommandRegistry registry;
+    private final GlobalOptions globalOpts;
+    private final OutputFormatter formatter;
+    private final MasterPasswordProvider masterPasswordProvider;
+
+    public StandardCliRunner(CommandRegistry registry, GlobalOptions globalOpts) {
+        this(registry, globalOpts, System.out, System.err);
+    }
+
+    StandardCliRunner(CommandRegistry registry, GlobalOptions globalOpts,
+                      PrintStream out, PrintStream err) {
+        this(registry, globalOpts, out, err, () -> System.getenv("MASTER_PASSWORD"));
+    }
+
+    StandardCliRunner(CommandRegistry registry, GlobalOptions globalOpts,
+                      MasterPasswordProvider masterPasswordProvider) {
+        this(registry, globalOpts, System.out, System.err, masterPasswordProvider);
+    }
+
+    StandardCliRunner(CommandRegistry registry, GlobalOptions globalOpts,
+                      PrintStream out, PrintStream err,
+                      MasterPasswordProvider masterPasswordProvider) {
+        this.registry = registry;
+        this.globalOpts = globalOpts;
+        this.formatter = new OutputFormatter(globalOpts.getOutputMode(), globalOpts.isQuiet(), out, err);
+        this.masterPasswordProvider = masterPasswordProvider;
+    }
+
+    public int execute() {
+        try {
+            return executeInternal();
+        } catch (CliAbortException e) {
+            formatter.flush();
+            return e.getKind() == CliAbortException.Kind.USAGE ? 2 : 1;
+        } finally {
+            TransactionUtils.clearPermissionIdOverride();
+        }
+    }
+
+    private int executeInternal() {
+        try {
+            // Apply network setting
+            if (globalOpts.getNetwork() != null) {
+                applyNetwork(globalOpts.getNetwork());
+            }
+            applyGrpcEndpointOverride();
+
+            // Lookup command
+            String cmdName = globalOpts.getCommand();
+            CommandDefinition cmd = registry.lookup(cmdName);
+            if (cmd == null) {
+                String suggestion = registry.suggest(cmdName);
+                String msg = "Unknown command: " + cmdName;
+                if (suggestion != null) {
+                    msg += ". Did you mean: " + suggestion + "?";
+                }
+                formatter.usageError(msg, null);
+                return 2; // unreachable after usageError()
+            }
+
+            // Check for per-command --help
+            String[] cmdArgs = globalOpts.getCommandArgs();
+            if (hasStandaloneCommandHelpToken(cmd, cmdArgs)) {
+                formatter.help(cmd.formatHelp());
+                formatter.flush();
+                return 0;
+            }
+            // Parse command options
+            ParsedOptions opts;
+            try {
+                opts = cmd.parseArgs(cmdArgs);
+            } catch (IllegalArgumentException e) {
+                formatter.usageError(e.getMessage(), cmd);
+                return 2; // unreachable after usageError()
+            }
+
+            CommandContext ctx = CommandContext.fromGlobalOptions(globalOpts);
+
+            // Create wrapper and authenticate
+            WalletApiWrapper wrapper = new WalletApiWrapper();
+            try {
+                if (requiresAutoAuth(cmd, opts)) {
+                    ctx = ctx.withResolvedAuthWalletFile(authenticate(wrapper));
+                }
+
+                // Execute command
+                cmd.getHandler().execute(ctx, opts, wrapper, formatter);
+                if (!formatter.hasOutcome()) {
+                    formatter.error("execution_error",
+                            "Command completed without emitting an outcome");
+                }
+                formatter.flush();
+                return 0;
+            } finally {
+                wrapper.cleanup();
+            }
+
+        } catch (CliAbortException e) {
+            formatter.flush();
+            throw e;
+        } catch (CommandErrorException e) {
+            formatter.error(e.getCode(), e.getMessage());
+            return 1; // unreachable after error()
+        } catch (CliUsageException e) {
+            formatter.usageError(e.getMessage(), null);
+            return 2; // unreachable after usageError()
+        } catch (IllegalArgumentException e) {
+            formatter.usageError(e.getMessage(), null);
+            return 2; // unreachable after usageError()
+        } catch (Exception e) {
+            formatter.error("execution_error",
+                    e.getMessage() != null ? e.getMessage() : e.getClass().getSimpleName());
+            return 1; // unreachable after error()
+        }
+    }
+
+    static boolean requiresAutoAuth(CommandDefinition cmd, ParsedOptions opts) {
+        return cmd.resolveAuthPolicy(opts) == CommandDefinition.AuthPolicy.REQUIRE;
+    }
+
+    /**
+     * Auto-login from the resolved keystore target for wallet-authenticated standard CLI commands.
+     */
+    private File authenticate(WalletApiWrapper wrapper) throws Exception {
+        File targetFile = resolveAuthenticationWalletFile();
+        String envPwd = masterPasswordProvider.get();
+        if (envPwd == null || envPwd.isEmpty()) {
+            throw new IllegalStateException("MASTER_PASSWORD is required for wallet-authenticated commands");
+        }
+
+        // Load specific wallet file and authenticate
+        byte[] password = StringUtils.char2Byte(envPwd.toCharArray());
+        try {
+            WalletFile wf = org.tron.keystore.WalletUtils.loadWalletFile(targetFile);
+            wf.setSourceFile(targetFile);
+            if (wf.getName() == null || wf.getName().isEmpty()) {
+                wf.setName(targetFile.getName());
+            }
+            WalletApi walletApi = new WalletApi(wf);
+            boolean passwordValid;
+            try {
+                passwordValid = walletApi.checkPassword(password);
+            } catch (Exception e) {
+                throw new IllegalStateException("Invalid MASTER_PASSWORD for wallet: " + wf.getAddress(), e);
+            }
+            if (!passwordValid) {
+                throw new IllegalStateException("Invalid MASTER_PASSWORD for wallet: " + wf.getAddress());
+            }
+            walletApi.setLogin(null);
+            // WalletApi stores the provided array by reference, so keep an internal
+            // copy there and only clear this temporary buffer locally.
+            walletApi.setUnifiedPassword(Arrays.copyOf(password, password.length));
+            wrapper.setWallet(walletApi);
+            formatter.info("Authenticated with wallet: " + wf.getAddress());
+            return targetFile;
+        } finally {
+            Arrays.fill(password, (byte) 0);
+        }
+    }
+
+    private void applyGrpcEndpointOverride() {
+        String grpcEndpoint = globalOpts.getGrpcEndpoint();
+        if (grpcEndpoint != null && !grpcEndpoint.isEmpty()) {
+            WalletApi.updateRpcCli(new ApiClient(grpcEndpoint, grpcEndpoint));
+        }
+    }
+
+    private File resolveAuthenticationWalletFile() throws Exception {
+        File walletDir = ActiveWalletConfig.getWalletDir();
+        String walletOverride = globalOpts.getWallet();
+        if (walletOverride != null && !walletOverride.isEmpty()) {
+            return ActiveWalletConfig.resolveWalletOverrideStrict(walletDir, walletOverride);
+        }
+
+        File targetFile = ActiveWalletConfig.resolveActiveWalletFileStrict(walletDir);
+        if (targetFile == null) {
+            throw new IllegalStateException(
+                    "No active wallet selected. Use --wallet or set-active-wallet to choose a wallet.");
+        }
+        return targetFile;
+    }
+
+    static File resolveWalletOverride(File walletDir, String walletSelection) throws Exception {
+        return ActiveWalletConfig.resolveWalletOverrideStrict(walletDir, walletSelection);
+    }
+
+    private void applyNetwork(String network) {
+        switch (network.toLowerCase()) {
+            case "main":
+                WalletApi.setCurrentNetwork(NetType.MAIN);
+                WalletApi.updateRpcCli(WalletApi.initApiCli());
+                break;
+            case "nile":
+                WalletApi.setCurrentNetwork(NetType.NILE);
+                WalletApi.updateRpcCli(WalletApi.initApiCli());
+                break;
+            case "shasta":
+                WalletApi.setCurrentNetwork(NetType.SHASTA);
+                WalletApi.updateRpcCli(WalletApi.initApiCli());
+                break;
+            case "custom":
+                WalletApi.setCurrentNetwork(NetType.CUSTOM);
+                WalletApi.updateRpcCli(WalletApi.initApiCli());
+                break;
+            default:
+                formatter.usageError("Unknown network: " + network
+                        + ". Use: main, nile, shasta, custom", null);
+        }
+    }
+
+    private static boolean hasStandaloneCommandHelpToken(CommandDefinition cmd, String[] cmdArgs) {
+        Map<String, OptionDef> optionsByName = new LinkedHashMap<String, OptionDef>();
+        for (OptionDef option : cmd.getOptions()) {
+            optionsByName.put(option.getName(), option);
+        }
+
+        for (int i = 0; i < cmdArgs.length; i++) {
+            String token = cmdArgs[i];
+            if ("--help".equals(token) || "-h".equals(token)) {
+                return true;
+            }
+
+            if ("-m".equals(token)) {
+                continue;
+            }
+
+            if (!token.startsWith("--")) {
+                continue;
+            }
+
+            String optionName = parseLongOptionName(token);
+            OptionDef option = optionsByName.get(optionName);
+            if (option != null && option.getType() != OptionDef.Type.BOOLEAN && !token.contains("=")) {
+                i++;
+            }
+        }
+        return false;
+    }
+
+    private static String parseLongOptionName(String token) {
+        int equalsIndex = token.indexOf('=');
+        return equalsIndex >= 0 ? token.substring(2, equalsIndex) : token.substring(2);
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/commands/CommandSupport.java b/src/main/java/org/tron/walletcli/cli/commands/CommandSupport.java
new file mode 100644
index 00000000..1f9bd3c7
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/commands/CommandSupport.java
@@ -0,0 +1,58 @@
+package org.tron.walletcli.cli.commands;
+
+import org.tron.walletcli.cli.OutputFormatter;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+final class CommandSupport {
+
+    private CommandSupport() {
+    }
+
+    static void emitBooleanResult(OutputFormatter out, boolean success,
+                                  String successMessage, String failureMessage) {
+        if (!success) {
+            out.error("execution_error", failureMessage);
+            return;
+        }
+        out.successMessage(successMessage);
+    }
+
+    static void emitBooleanResult(OutputFormatter out, boolean success,
+                                  String successMessage, String failureMessage,
+                                  Map<String, Object> jsonData) {
+        if (!success) {
+            out.error("execution_error", failureMessage);
+            return;
+        }
+        if (jsonData == null || jsonData.isEmpty()) {
+            out.successMessage(successMessage);
+            return;
+        }
+        if (!jsonData.containsKey("message")) {
+            jsonData.put("message", successMessage);
+        }
+        out.success(successMessage, jsonData);
+    }
+
+    static Map<String, Object> lastBroadcastTxResultData() {
+        Map<String, Object> data = new LinkedHashMap<String, Object>();
+        String txid = org.tron.walletserver.WalletApi.consumeLastBroadcastTxId();
+        if (txid != null && !txid.isEmpty()) {
+            data.put("txid", txid);
+        }
+        return data;
+    }
+
+    static void requireForce(OutputFormatter out, String commandName, boolean force) {
+        if (!force) {
+            out.usageError(commandName + " requires --force in standard CLI mode.", null);
+        }
+    }
+
+    static void rejectUnsupportedStandardCliCommand(OutputFormatter out, String commandName) {
+        out.error("unsupported_in_standard_cli",
+                commandName + " is not available in standard CLI mode. Use --interactive mode.");
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/commands/ContractCommands.java b/src/main/java/org/tron/walletcli/cli/commands/ContractCommands.java
new file mode 100644
index 00000000..4345b0c2
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/commands/ContractCommands.java
@@ -0,0 +1,309 @@
+package org.tron.walletcli.cli.commands;
+
+import org.tron.common.utils.AbiUtil;
+import org.tron.common.utils.ByteArray;
+import org.tron.common.utils.TransactionUtils;
+import org.tron.common.utils.Utils;
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OptionDef;
+import org.tron.trident.proto.Response;
+
+public class ContractCommands {
+
+    public static void register(CommandRegistry registry) {
+        registerDeployContract(registry);
+        registerTriggerContract(registry);
+        registerTriggerConstantContract(registry);
+        registerEstimateEnergy(registry);
+        registerClearContractABI(registry);
+        registerUpdateSetting(registry);
+        registerUpdateEnergyLimit(registry);
+    }
+
+    private static void registerDeployContract(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("deploy-contract")
+                .aliases("deploycontract")
+                .description("Deploy a smart contract")
+                .option("name", "Contract name", true)
+                .option("abi", "Contract ABI JSON string", true)
+                .option("bytecode", "Contract bytecode hex", true)
+                .option("constructor", "Constructor signature (optional)", false)
+                .option("params", "Constructor parameters (optional)", false)
+                .option("fee-limit", "Fee limit in SUN", true, OptionDef.Type.LONG)
+                .option("consume-user-resource-percent", "Consume user resource percent (0-100)", false, OptionDef.Type.LONG)
+                .option("origin-energy-limit", "Origin energy limit", false, OptionDef.Type.LONG)
+                .option("value", "Call value in SUN (default: 0)", false, OptionDef.Type.LONG)
+                .option("token-value", "Token value (default: 0)", false, OptionDef.Type.LONG)
+                .option("token-id", "Token ID", false)
+                .option("library", "Library address pair (libName:address)", false)
+                .option("compiler-version", "Compiler version", false)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    String name = opts.getString("name");
+                    String abi = opts.getString("abi");
+                    String bytecode = opts.getString("bytecode");
+                    long feeLimit = opts.getLong("fee-limit");
+                    long value = opts.has("value") ? opts.getLong("value") : 0;
+                    long consumePercent = opts.has("consume-user-resource-percent")
+                            ? opts.getLong("consume-user-resource-percent") : 0;
+                    long originEnergyLimit = opts.has("origin-energy-limit")
+                            ? opts.getLong("origin-energy-limit") : 1;
+                    long tokenValue = opts.has("token-value") ? opts.getLong("token-value") : 0;
+                    String tokenId = opts.has("token-id") ? opts.getString("token-id") : "";
+                    if ("#".equals(tokenId)) {
+                        tokenId = "";
+                    }
+                    String library = opts.has("library") ? opts.getString("library") : null;
+                    String compilerVersion = opts.has("compiler-version")
+                            ? opts.getString("compiler-version") : null;
+                    boolean multi = opts.getBoolean("multi");
+
+                    if (consumePercent < 0 || consumePercent > 100) {
+                        out.usageError("consume-user-resource-percent should be between 0 and 100", null);
+                        return;
+                    }
+                    if (originEnergyLimit <= 0) {
+                        out.usageError("origin-energy-limit must be greater than 0", null);
+                        return;
+                    }
+                    if (opts.has("constructor") != opts.has("params")) {
+                        out.usageError("Provide both --constructor and --params together", null);
+                        return;
+                    }
+
+                    // If constructor + params provided, append encoded params to bytecode
+                    String codeStr = bytecode;
+                    if (opts.has("constructor") && opts.has("params")) {
+                        String encodedParams = AbiUtil.parseMethod(
+                                opts.getString("constructor"), opts.getString("params"), true);
+                        // parseMethod with isHex=true returns just the encoded params without selector
+                        codeStr = bytecode + encodedParams;
+                    }
+
+                    wrapper.deployContractForCli(owner, name, abi, codeStr,
+                            feeLimit, value, consumePercent, originEnergyLimit,
+                            tokenValue, tokenId, library, compilerVersion, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "DeployContract successful !!", "DeployContract failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerTriggerContract(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("trigger-contract")
+                .aliases("triggercontract")
+                .description("Trigger a smart contract function")
+                .option("contract", "Contract address", true)
+                .option("method", "Method signature (e.g. transfer(address,uint256))", true)
+                .option("params", "Method parameters", false)
+                .option("fee-limit", "Fee limit in SUN", true, OptionDef.Type.LONG)
+                .option("value", "Call value in SUN (default: 0)", false, OptionDef.Type.LONG)
+                .option("token-value", "Token value (default: 0)", false, OptionDef.Type.LONG)
+                .option("token-id", "Token ID", false)
+                .option("owner", "Caller address", false)
+                .option("permission-id", "Permission ID for signing (default: 0)", false, OptionDef.Type.LONG)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] contractAddress = opts.getAddress("contract");
+                    String method = opts.getString("method");
+                    String params = opts.has("params") ? opts.getString("params") : "";
+                    long feeLimit = opts.getLong("fee-limit");
+                    long callValue = opts.has("value") ? opts.getLong("value") : 0;
+                    long tokenValue = opts.has("token-value") ? opts.getLong("token-value") : 0;
+                    String tokenId = opts.has("token-id") ? opts.getString("token-id") : "";
+                    int permissionId = opts.has("permission-id") ? (int) opts.getLong("permission-id") : 0;
+                    boolean multi = opts.getBoolean("multi");
+
+                    byte[] data = ByteArray.fromHexString(AbiUtil.parseMethod(method, params, false));
+                    TransactionUtils.setPermissionIdOverride(permissionId);
+                    org.apache.commons.lang3.tuple.Triple<Boolean, Long, Long> result;
+                    try {
+                        result = wrapper.callContractForCli(owner, contractAddress, callValue, data,
+                                feeLimit, tokenValue, tokenId, false, true, multi);
+                    } finally {
+                        TransactionUtils.clearPermissionIdOverride();
+                    }
+                    if (!Boolean.TRUE.equals(result.getLeft())) {
+                        out.error("execution_error", "TriggerContract failed !!");
+                        return;
+                    }
+                    CommandSupport.emitBooleanResult(out, true,
+                            "TriggerContract successful !!", "TriggerContract failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerTriggerConstantContract(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicyResolver(opts -> opts.has("owner")
+                        ? CommandDefinition.AuthPolicy.NEVER
+                        : CommandDefinition.AuthPolicy.REQUIRE)
+                .name("trigger-constant-contract")
+                .aliases("triggerconstantcontract")
+                .description("Call a constant (view/pure) contract function")
+                .option("contract", "Contract address", true)
+                .option("method", "Method signature", true)
+                .option("params", "Method parameters", false)
+                .option("owner", "Caller address", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] contractAddress = opts.getAddress("contract");
+                    String method = opts.getString("method");
+                    String params = opts.has("params") ? opts.getString("params") : "";
+
+                    byte[] data = ByteArray.fromHexString(AbiUtil.parseMethod(method, params, false));
+                    Response.TransactionExtention result =
+                            wrapper.triggerConstantContractExtention(owner, contractAddress, 0, data, 0, "");
+                    if (result == null) {
+                        out.error("query_failed", "TriggerConstantContract failed");
+                        return;
+                    }
+                    if (!result.getResult().getResult()) {
+                        out.error("query_failed", constantContractMessage(result, "TriggerConstantContract failed"));
+                        return;
+                    }
+                    String formatted = Utils.formatMessageString(result);
+                    out.success("Execution result = " + formatted, formatted);
+                })
+                .build());
+    }
+
+    private static String constantContractMessage(Response.TransactionExtention result, String fallback) {
+        if (result == null || result.getResult() == null) {
+            return fallback;
+        }
+        String message = result.getResult().getMessage().toStringUtf8();
+        return message != null && !message.isEmpty() ? message : fallback;
+    }
+
+    private static String estimateEnergyMessage(Response.EstimateEnergyMessage result, String fallback) {
+        if (result == null || result.getResult() == null) {
+            return fallback;
+        }
+        String message = result.getResult().getMessage().toStringUtf8();
+        return message != null && !message.isEmpty() ? message : fallback;
+    }
+
+    private static void registerEstimateEnergy(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicyResolver(opts -> opts.has("owner")
+                        ? CommandDefinition.AuthPolicy.NEVER
+                        : CommandDefinition.AuthPolicy.REQUIRE)
+                .name("estimate-energy")
+                .aliases("estimateenergy")
+                .description("Estimate energy for a contract call")
+                .option("contract", "Contract address", true)
+                .option("method", "Method signature", true)
+                .option("params", "Method parameters", false)
+                .option("value", "Call value (default: 0)", false, OptionDef.Type.LONG)
+                .option("token-value", "Token value (default: 0)", false, OptionDef.Type.LONG)
+                .option("token-id", "Token ID", false)
+                .option("owner", "Caller address", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] contractAddress = opts.getAddress("contract");
+                    String method = opts.getString("method");
+                    String params = opts.has("params") ? opts.getString("params") : "";
+                    long callValue = opts.has("value") ? opts.getLong("value") : 0;
+                    long tokenValue = opts.has("token-value") ? opts.getLong("token-value") : 0;
+                    String tokenId = opts.has("token-id") ? opts.getString("token-id") : "";
+
+                    byte[] data = ByteArray.fromHexString(AbiUtil.parseMethod(method, params, false));
+                    Response.EstimateEnergyMessage result = wrapper.estimateEnergyMessage(
+                            owner, contractAddress, callValue, data, tokenValue, tokenId);
+                    if (result == null) {
+                        out.error("query_failed", "EstimateEnergy failed");
+                        return;
+                    }
+                    if (!result.getResult().getResult()) {
+                        out.error("query_failed", estimateEnergyMessage(result, "EstimateEnergy failed"));
+                        return;
+                    }
+                    String formatted = Utils.formatMessageString(result);
+                    out.success("Estimate energy result = " + formatted, formatted);
+                })
+                .build());
+    }
+
+    private static void registerClearContractABI(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("clear-contract-abi")
+                .aliases("clearcontractabi")
+                .description("Clear a contract's ABI")
+                .option("contract", "Contract address", true)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] contractAddress = opts.getAddress("contract");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.clearContractAbiForCli(owner, contractAddress, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "ClearContractABI successful !!", "ClearContractABI failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerUpdateSetting(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("update-setting")
+                .aliases("updatesetting")
+                .description("Update contract consume_user_resource_percent")
+                .option("contract", "Contract address", true)
+                .option("consume-user-resource-percent", "New percentage (0-100)", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] contractAddress = opts.getAddress("contract");
+                    long percent = opts.getLong("consume-user-resource-percent");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.updateSettingForCli(owner, contractAddress, percent, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "UpdateSetting successful !!", "UpdateSetting failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerUpdateEnergyLimit(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("update-energy-limit")
+                .aliases("updateenergylimit")
+                .description("Update contract origin_energy_limit")
+                .option("contract", "Contract address", true)
+                .option("origin-energy-limit", "New origin energy limit", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] contractAddress = opts.getAddress("contract");
+                    long limit = opts.getLong("origin-energy-limit");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.updateEnergyLimitForCli(owner, contractAddress, limit, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "UpdateEnergyLimit successful !!", "UpdateEnergyLimit failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/commands/ExchangeCommands.java b/src/main/java/org/tron/walletcli/cli/commands/ExchangeCommands.java
new file mode 100644
index 00000000..3cf6d1d7
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/commands/ExchangeCommands.java
@@ -0,0 +1,180 @@
+package org.tron.walletcli.cli.commands;
+
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OptionDef;
+
+public class ExchangeCommands {
+
+    public static void register(CommandRegistry registry) {
+        registerExchangeCreate(registry);
+        registerExchangeInject(registry);
+        registerExchangeWithdraw(registry);
+        registerExchangeTransaction(registry);
+        registerMarketSellAsset(registry);
+        registerMarketCancelOrder(registry);
+    }
+
+    private static void registerExchangeCreate(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("exchange-create")
+                .aliases("exchangecreate")
+                .description("Create a Bancor exchange pair")
+                .option("first-token", "First token ID (use _ for TRX)", true)
+                .option("first-balance", "First token balance", true, OptionDef.Type.LONG)
+                .option("second-token", "Second token ID", true)
+                .option("second-balance", "Second token balance", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] firstToken = opts.getString("first-token").getBytes();
+                    long firstBalance = opts.getLong("first-balance");
+                    byte[] secondToken = opts.getString("second-token").getBytes();
+                    long secondBalance = opts.getLong("second-balance");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.exchangeCreateForCli(owner, firstToken, firstBalance,
+                            secondToken, secondBalance, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "ExchangeCreate successful !!", "ExchangeCreate failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerExchangeInject(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("exchange-inject")
+                .aliases("exchangeinject")
+                .description("Inject tokens into an exchange")
+                .option("exchange-id", "Exchange ID", true, OptionDef.Type.LONG)
+                .option("token-id", "Token ID", true)
+                .option("quant", "Token quantity", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    long exchangeId = opts.getLong("exchange-id");
+                    byte[] tokenId = opts.getString("token-id").getBytes();
+                    long quant = opts.getLong("quant");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.exchangeInjectForCli(owner, exchangeId, tokenId, quant, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "ExchangeInject successful !!", "ExchangeInject failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerExchangeWithdraw(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("exchange-withdraw")
+                .aliases("exchangewithdraw")
+                .description("Withdraw tokens from an exchange")
+                .option("exchange-id", "Exchange ID", true, OptionDef.Type.LONG)
+                .option("token-id", "Token ID", true)
+                .option("quant", "Token quantity", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    long exchangeId = opts.getLong("exchange-id");
+                    byte[] tokenId = opts.getString("token-id").getBytes();
+                    long quant = opts.getLong("quant");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.exchangeWithdrawForCli(owner, exchangeId, tokenId, quant, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "ExchangeWithdraw successful !!", "ExchangeWithdraw failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerExchangeTransaction(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("exchange-transaction")
+                .aliases("exchangetransaction")
+                .description("Trade on a Bancor exchange")
+                .option("exchange-id", "Exchange ID", true, OptionDef.Type.LONG)
+                .option("token-id", "Token ID to sell", true)
+                .option("quant", "Token quantity to sell", true, OptionDef.Type.LONG)
+                .option("expected", "Minimum expected tokens to receive", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    long exchangeId = opts.getLong("exchange-id");
+                    byte[] tokenId = opts.getString("token-id").getBytes();
+                    long quant = opts.getLong("quant");
+                    long expected = opts.getLong("expected");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.exchangeTransactionForCli(owner, exchangeId, tokenId,
+                            quant, expected, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "ExchangeTransaction successful !!",
+                            "ExchangeTransaction failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerMarketSellAsset(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("market-sell-asset")
+                .aliases("marketsellasset")
+                .description("Create a market sell order")
+                .option("sell-token", "Token to sell", true)
+                .option("sell-quantity", "Quantity to sell", true, OptionDef.Type.LONG)
+                .option("buy-token", "Token to buy", true)
+                .option("buy-quantity", "Expected buy quantity", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] sellToken = opts.getString("sell-token").getBytes();
+                    long sellQuantity = opts.getLong("sell-quantity");
+                    byte[] buyToken = opts.getString("buy-token").getBytes();
+                    long buyQuantity = opts.getLong("buy-quantity");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.marketSellAssetForCli(owner, sellToken, sellQuantity,
+                            buyToken, buyQuantity, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "MarketSellAsset successful !!", "MarketSellAsset failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerMarketCancelOrder(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("market-cancel-order")
+                .aliases("marketcancelorder")
+                .description("Cancel a market order")
+                .option("order-id", "Order ID hex", true)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] orderId = org.tron.common.utils.ByteArray.fromHexString(opts.getString("order-id"));
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.marketCancelOrderForCli(owner, orderId, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "MarketCancelOrder successful !!",
+                            "MarketCancelOrder failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/commands/MiscCommands.java b/src/main/java/org/tron/walletcli/cli/commands/MiscCommands.java
new file mode 100644
index 00000000..75ffa5f3
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/commands/MiscCommands.java
@@ -0,0 +1,146 @@
+package org.tron.walletcli.cli.commands;
+
+import org.tron.common.crypto.ECKey;
+import org.tron.common.utils.ByteArray;
+import org.tron.mnemonic.MnemonicUtils;
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletserver.WalletApi;
+
+import java.security.SecureRandom;
+import java.util.Arrays;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+public class MiscCommands {
+
+    private static final String MNEMONIC_ENV = "TRON_MNEMONIC";
+
+    private static CommandDefinition.Builder noAuthCommand() {
+        return CommandDefinition.builder().authPolicy(CommandDefinition.AuthPolicy.NEVER);
+    }
+
+    public static void register(CommandRegistry registry) {
+        registerGenerateAddress(registry);
+        registerGetPrivateKeyByMnemonic(registry);
+        registerEncodingConverter(registry);
+        registerAddressBook(registry);
+        registerViewTransactionHistory(registry);
+        registerViewBackupRecords(registry);
+        registerHelp(registry);
+    }
+
+    private static void registerGenerateAddress(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("generate-address")
+                .aliases("generateaddress")
+                .description("Generate a new address offline (WARNING: output includes plaintext private key)")
+                .handler((ctx, opts, wrapper, out) -> {
+                    ECKey ecKey = new ECKey(new SecureRandom());
+                    byte[] priKey = ecKey.getPrivKeyBytes();
+                    try {
+                        byte[] address = ecKey.getAddress();
+                        String addressStr = WalletApi.encode58Check(address);
+                        String priKeyHex = ByteArray.toHexString(priKey);
+                        out.info("WARNING: The following output contains a plaintext private key. Do not log or share.");
+                        Map<String, Object> json = new LinkedHashMap<String, Object>();
+                        json.put("address", addressStr);
+                        json.put("private_key", priKeyHex);
+                        json.put("warning", "plaintext_private_key");
+                        out.success("Address: " + addressStr + "\nPrivate Key: " + priKeyHex, json);
+                    } finally {
+                        Arrays.fill(priKey, (byte) 0);
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetPrivateKeyByMnemonic(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-private-key-by-mnemonic")
+                .aliases("getprivatekeybymnemonic")
+                .description("Derive private key from mnemonic phrase in " + MNEMONIC_ENV)
+                .handler((ctx, opts, wrapper, out) -> {
+                    String mnemonicStr = System.getenv(MNEMONIC_ENV);
+                    if (mnemonicStr == null || mnemonicStr.trim().isEmpty()) {
+                        out.usageError("get-private-key-by-mnemonic requires " + MNEMONIC_ENV
+                                + " in standard CLI mode.", null);
+                        return;
+                    }
+                    List<String> words = Arrays.asList(mnemonicStr.trim().split("\\s+"));
+                    byte[] priKey = MnemonicUtils.getPrivateKeyFromMnemonic(words);
+                    try {
+                        String priKeyHex = ByteArray.toHexString(priKey);
+                        ECKey ecKey = ECKey.fromPrivate(priKey);
+                        String address = WalletApi.encode58Check(ecKey.getAddress());
+                        Map<String, Object> json = new LinkedHashMap<String, Object>();
+                        json.put("private_key", priKeyHex);
+                        json.put("address", address);
+                        out.success("Private Key: " + priKeyHex + "\nAddress: " + address, json);
+                    } finally {
+                        Arrays.fill(priKey, (byte) 0);
+                    }
+                })
+                .build());
+    }
+
+    private static void registerEncodingConverter(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("encoding-converter")
+                .aliases("encodingconverter")
+                .description("Convert between encoding formats")
+                .handler((ctx, opts, wrapper, out) -> {
+                    CommandSupport.rejectUnsupportedStandardCliCommand(out, "encoding-converter");
+                })
+                .build());
+    }
+
+    private static void registerAddressBook(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("address-book")
+                .aliases("addressbook")
+                .description("Manage address book")
+                .handler((ctx, opts, wrapper, out) -> {
+                    CommandSupport.rejectUnsupportedStandardCliCommand(out, "address-book");
+                })
+                .build());
+    }
+
+    private static void registerViewTransactionHistory(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("view-transaction-history")
+                .aliases("viewtransactionhistory")
+                .description("View transaction history")
+                .handler((ctx, opts, wrapper, out) -> {
+                    CommandSupport.rejectUnsupportedStandardCliCommand(out, "view-transaction-history");
+                })
+                .build());
+    }
+
+    private static void registerViewBackupRecords(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("view-backup-records")
+                .aliases("viewbackuprecords")
+                .description("View backup records")
+                .handler((ctx, opts, wrapper, out) -> {
+                    CommandSupport.rejectUnsupportedStandardCliCommand(out, "view-backup-records");
+                })
+                .build());
+    }
+
+    private static void registerHelp(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("help")
+                .aliases("help")
+                .description("Show help information")
+                .option("command", "Command to show help for", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    // Help is handled by the runner level --help flag
+                    // This registers the command so it appears in the command list
+                    out.successMessage(
+                            "Use 'wallet-cli --help' for global help or 'wallet-cli <command> --help' for command help.");
+                })
+                .build());
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/commands/ProposalCommands.java b/src/main/java/org/tron/walletcli/cli/commands/ProposalCommands.java
new file mode 100644
index 00000000..c471bb7e
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/commands/ProposalCommands.java
@@ -0,0 +1,94 @@
+package org.tron.walletcli.cli.commands;
+
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OptionDef;
+
+import java.util.HashMap;
+
+public class ProposalCommands {
+
+    public static void register(CommandRegistry registry) {
+        registerCreateProposal(registry);
+        registerApproveProposal(registry);
+        registerDeleteProposal(registry);
+    }
+
+    private static void registerCreateProposal(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("create-proposal")
+                .aliases("createproposal")
+                .description("Create a proposal")
+                .option("parameters", "Parameters as 'id1 value1 id2 value2 ...'", true)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    String paramsStr = opts.getString("parameters");
+                    String[] parts = paramsStr.trim().split("\\s+");
+                    if (parts.length % 2 != 0) {
+                        out.usageError("Parameters must be pairs of 'id value'", null);
+                        return;
+                    }
+                    HashMap<Long, Long> parametersMap = new HashMap<Long, Long>();
+                    for (int i = 0; i < parts.length; i += 2) {
+                        parametersMap.put(Long.parseLong(parts[i]), Long.parseLong(parts[i + 1]));
+                    }
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.createProposalForCli(owner, parametersMap, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "CreateProposal successful !!", "CreateProposal failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerApproveProposal(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("approve-proposal")
+                .aliases("approveproposal")
+                .description("Approve or disapprove a proposal")
+                .option("id", "Proposal ID", true, OptionDef.Type.LONG)
+                .option("approve", "true to approve, false to disapprove", true, OptionDef.Type.BOOLEAN)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    long id = opts.getLong("id");
+                    boolean approve = opts.getBoolean("approve");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.approveProposalForCli(owner, id, approve, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "ApproveProposal successful !!",
+                            "ApproveProposal failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerDeleteProposal(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("delete-proposal")
+                .aliases("deleteproposal")
+                .description("Delete a proposal")
+                .option("id", "Proposal ID", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    long id = opts.getLong("id");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.deleteProposalForCli(owner, id, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "DeleteProposal successful !!", "DeleteProposal failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/commands/QueryCommands.java b/src/main/java/org/tron/walletcli/cli/commands/QueryCommands.java
new file mode 100644
index 00000000..3117ded4
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/commands/QueryCommands.java
@@ -0,0 +1,978 @@
+package org.tron.walletcli.cli.commands;
+
+import com.alibaba.fastjson.JSON;
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OptionDef;
+import org.tron.walletserver.WalletApi;
+import org.tron.trident.proto.Chain;
+import org.tron.trident.proto.Common;
+import org.tron.trident.proto.Contract;
+import org.tron.trident.proto.Response;
+import org.tron.common.utils.Utils;
+
+import java.math.BigDecimal;
+import java.math.RoundingMode;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+public class QueryCommands {
+
+    private static CommandDefinition.Builder noAuthCommand() {
+        return CommandDefinition.builder().authPolicy(CommandDefinition.AuthPolicy.NEVER);
+    }
+
+    public static void register(CommandRegistry registry) {
+        registerGetAddress(registry);
+        registerGetBalance(registry);
+        registerGetAccount(registry);
+        registerGetAccountById(registry);
+        registerGetAccountNet(registry);
+        registerGetAccountResource(registry);
+        registerGetUsdtBalance(registry);
+        registerCurrentNetwork(registry);
+        registerGetBlock(registry);
+        registerGetBlockById(registry);
+        registerGetBlockByIdOrNum(registry);
+        registerGetBlockByLatestNum(registry);
+        registerGetBlockByLimitNext(registry);
+        registerGetTransactionById(registry);
+        registerGetTransactionInfoById(registry);
+        registerGetTransactionCountByBlockNum(registry);
+        registerGetAssetIssueByAccount(registry);
+        registerGetAssetIssueById(registry);
+        registerGetAssetIssueByName(registry);
+        registerGetAssetIssueListByName(registry);
+        registerGetChainParameters(registry);
+        registerGetBandwidthPrices(registry);
+        registerGetEnergyPrices(registry);
+        registerGetMemoFee(registry);
+        registerGetNextMaintenanceTime(registry);
+        registerGetContract(registry);
+        registerGetContractInfo(registry);
+        registerGetDelegatedResource(registry);
+        registerGetDelegatedResourceV2(registry);
+        registerGetDelegatedResourceAccountIndex(registry);
+        registerGetDelegatedResourceAccountIndexV2(registry);
+        registerGetCanDelegatedMaxSize(registry);
+        registerGetAvailableUnfreezeCount(registry);
+        registerGetCanWithdrawUnfreezeAmount(registry);
+        registerGetBrokerage(registry);
+        registerGetReward(registry);
+        registerListNodes(registry);
+        registerListWitnesses(registry);
+        registerListAssetIssue(registry);
+        registerListAssetIssuePaginated(registry);
+        registerListProposals(registry);
+        registerListProposalsPaginated(registry);
+        registerGetProposal(registry);
+        registerListExchanges(registry);
+        registerListExchangesPaginated(registry);
+        registerGetExchange(registry);
+        registerGetMarketOrderByAccount(registry);
+        registerGetMarketOrderById(registry);
+        registerGetMarketOrderListByPair(registry);
+        registerGetMarketPairList(registry);
+        registerGetMarketPriceByPair(registry);
+        registerGasFreeInfo(registry);
+        registerGasFreeTrace(registry);
+    }
+
+    private static void registerGetAddress(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("get-address")
+                .aliases("getaddress")
+                .description("Get the address of the current logged-in wallet")
+                .handler((ctx, opts, wrapper, out) -> {
+                    String address = wrapper.getAddress();
+                    if (address != null) {
+                        Map<String, Object> json = new LinkedHashMap<String, Object>();
+                        json.put("address", address);
+                        out.success("GetAddress successful !!\naddress = " + address, json);
+                    } else {
+                        out.error("not_logged_in", "GetAddress failed, please login first");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetBalance(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicyResolver(opts -> opts.has("address")
+                        ? CommandDefinition.AuthPolicy.NEVER
+                        : CommandDefinition.AuthPolicy.REQUIRE)
+                .name("get-balance")
+                .aliases("getbalance")
+                .description("Get the balance of an address")
+                .option("address", "Address to query (default: current wallet)", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.Account account;
+                    if (opts.has("address")) {
+                        byte[] addressBytes = opts.getAddress("address");
+                        account = WalletApi.queryAccount(addressBytes);
+                    } else {
+                        account = wrapper.queryAccount();
+                    }
+                    if (account == null) {
+                        out.error("query_failed", "GetBalance failed");
+                    } else {
+                        long balance = account.getBalance();
+                        BigDecimal trx = BigDecimal.valueOf(balance)
+                                .divide(BigDecimal.valueOf(1_000_000), 6, RoundingMode.DOWN);
+                        Map<String, Object> json = new LinkedHashMap<String, Object>();
+                        json.put("balance_sun", balance);
+                        json.put("balance_trx", trx.toPlainString());
+                        out.success("Balance = " + balance + " SUN = " + trx.toPlainString() + " TRX", json);
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetAccount(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-account")
+                .aliases("getaccount")
+                .description("Get account information by address")
+                .option("address", "Address to query", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    byte[] addressBytes = opts.getAddress("address");
+                    Response.Account account = WalletApi.queryAccount(addressBytes);
+                    if (account == null) {
+                        out.error("query_failed", "GetAccount failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(account), "GetAccount failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetAccountById(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-account-by-id")
+                .aliases("getaccountbyid")
+                .description("Get account information by account ID")
+                .option("id", "Account ID", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.Account account = WalletApi.queryAccountById(opts.getString("id"));
+                    if (account == null) {
+                        out.error("query_failed", "GetAccountById failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(account), "GetAccountById failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetAccountNet(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-account-net")
+                .aliases("getaccountnet")
+                .description("Get account net (bandwidth) information")
+                .option("address", "Address to query", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    byte[] addressBytes = opts.getAddress("address");
+                    Response.AccountNetMessage accountNet = wrapper.getAccountNetForCli(addressBytes);
+                    out.printMessage(Utils.formatMessageString(accountNet), "GetAccountNet failed");
+                })
+                .build());
+    }
+
+    private static void registerGetAccountResource(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-account-resource")
+                .aliases("getaccountresource")
+                .description("Get account resource information")
+                .option("address", "Address to query", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    byte[] addressBytes = opts.getAddress("address");
+                    Response.AccountResourceMessage accountResource = wrapper.getAccountResourceForCli(addressBytes);
+                    out.printMessage(Utils.formatMessageString(accountResource), "GetAccountResource failed");
+                })
+                .build());
+    }
+
+    private static void registerGetUsdtBalance(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicyResolver(opts -> opts.has("address")
+                        ? CommandDefinition.AuthPolicy.NEVER
+                        : CommandDefinition.AuthPolicy.REQUIRE)
+                .name("get-usdt-balance")
+                .aliases("getusdtbalance")
+                .description("Get USDT balance of an address")
+                .option("address", "Address to query (default: current wallet)", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    byte[] ownerAddress = opts.has("address") ? opts.getAddress("address") : null;
+                    String balance = wrapper.getUSDTBalanceExact(ownerAddress);
+                    if (balance != null) {
+                        Map<String, Object> json = new LinkedHashMap<String, Object>();
+                        json.put("usdt_balance", balance);
+                        out.success("USDT balance = " + balance, json);
+                    } else {
+                        out.error("query_failed", "GetUSDTBalance failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerCurrentNetwork(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("current-network")
+                .aliases("currentnetwork")
+                .description("Display the current network")
+                .handler((ctx, opts, wrapper, out) -> {
+                    String network = WalletApi.getCurrentNetwork() != null
+                            ? WalletApi.getCurrentNetwork().name() : "unknown";
+                    Map<String, Object> json = new LinkedHashMap<String, Object>();
+                    json.put("network", network);
+                    out.success("Current network: " + network, json);
+                })
+                .build());
+    }
+
+    private static void registerGetBlock(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-block")
+                .aliases("getblock")
+                .description("Get block by number or latest")
+                .option("number", "Block number (default: latest)", false, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    long blockNum = opts.has("number") ? opts.getLong("number") : -1;
+                    Chain.Block block = WalletApi.getBlock(blockNum);
+                    if (block == null) {
+                        out.error("query_failed", "GetBlock failed");
+                    } else {
+                        out.printMessage(Utils.printBlock(block), "GetBlock failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetBlockById(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-block-by-id")
+                .aliases("getblockbyid")
+                .description("Get block by block ID (hash)")
+                .option("id", "Block ID / hash", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Chain.Block block = WalletApi.getBlockById(opts.getString("id"));
+                    if (block == null) {
+                        out.error("query_failed", "GetBlockById failed");
+                    } else {
+                        out.printMessage(Utils.printBlock(block), "GetBlockById failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetBlockByIdOrNum(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-block-by-id-or-num")
+                .aliases("getblockbyidornum")
+                .description("Get block by ID or number")
+                .option("value", "Block ID or number", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    String value = opts.getString("value");
+                    try {
+                        long blockNum = Long.parseLong(value);
+                        Chain.Block block = WalletApi.getBlock(blockNum);
+                        if (block == null) {
+                            out.error("query_failed", "GetBlock failed");
+                        } else {
+                            out.printMessage(Utils.printBlock(block), "GetBlock failed");
+                        }
+                    } catch (NumberFormatException e) {
+                        Chain.Block block = WalletApi.getBlockById(value);
+                        if (block == null) {
+                            out.error("query_failed", "GetBlockById failed");
+                        } else {
+                            out.printMessage(Utils.printBlock(block), "GetBlockById failed");
+                        }
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetBlockByLatestNum(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-block-by-latest-num")
+                .aliases("getblockbylatestnum")
+                .description("Get the latest N blocks")
+                .option("count", "Number of blocks", true, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    long count = opts.getLong("count");
+                    Response.BlockListExtention blocks = WalletApi.getBlockByLatestNum2(count);
+                    if (blocks == null) {
+                        out.error("query_failed", "GetBlockByLatestNum failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(blocks), "GetBlockByLatestNum failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetBlockByLimitNext(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-block-by-limit-next")
+                .aliases("getblockbylimitnext")
+                .description("Get blocks in range [start, end)")
+                .option("start", "Start block number", true, OptionDef.Type.LONG)
+                .option("end", "End block number", true, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    long start = opts.getLong("start");
+                    long end = opts.getLong("end");
+                    Response.BlockListExtention blocks = WalletApi.getBlockByLimitNext(start, end);
+                    if (blocks == null) {
+                        out.error("query_failed", "GetBlockByLimitNext failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(blocks), "GetBlockByLimitNext failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetTransactionById(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-transaction-by-id")
+                .aliases("gettransactionbyid")
+                .description("Get transaction by ID")
+                .option("id", "Transaction ID", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Chain.Transaction tx = wrapper.getTransactionByIdForCli(opts.getString("id"));
+                    out.printMessage(Utils.formatMessageString(tx), "GetTransactionById failed");
+                })
+                .build());
+    }
+
+    private static void registerGetTransactionInfoById(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-transaction-info-by-id")
+                .aliases("gettransactioninfobyid")
+                .description("Get transaction info by ID")
+                .option("id", "Transaction ID", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.TransactionInfo txInfo = wrapper.getTransactionInfoByIdForCli(opts.getString("id"));
+                    out.printMessage(Utils.formatMessageString(txInfo), "GetTransactionInfoById failed");
+                })
+                .build());
+    }
+
+    private static void registerGetTransactionCountByBlockNum(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-transaction-count-by-block-num")
+                .aliases("gettransactioncountbyblocknum")
+                .description("Get transaction count in a block")
+                .option("number", "Block number", true, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    long count = wrapper.getTransactionCountByBlockNum(opts.getLong("number"));
+                    Map<String, Object> json = new LinkedHashMap<String, Object>();
+                    json.put("count", count);
+                    out.success("The block contains " + count + " transactions", json);
+                })
+                .build());
+    }
+
+    private static void registerGetAssetIssueByAccount(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-asset-issue-by-account")
+                .aliases("getassetissuebyaccount")
+                .description("Get asset issues by account address")
+                .option("address", "Account address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.AssetIssueList result = WalletApi.getAssetIssueByAccount(opts.getAddress("address"));
+                    if (result == null) {
+                        out.error("query_failed", "GetAssetIssueByAccount failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "GetAssetIssueByAccount failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetAssetIssueById(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-asset-issue-by-id")
+                .aliases("getassetissuebyid")
+                .description("Get asset issue by ID")
+                .option("id", "Asset ID", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Contract.AssetIssueContract result = WalletApi.getAssetIssueById(opts.getString("id"));
+                    out.protobuf(result, "GetAssetIssueById failed");
+                })
+                .build());
+    }
+
+    private static void registerGetAssetIssueByName(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-asset-issue-by-name")
+                .aliases("getassetissuebyname")
+                .description("Get asset issue by name")
+                .option("name", "Asset name", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Contract.AssetIssueContract result = WalletApi.getAssetIssueByName(opts.getString("name"));
+                    out.protobuf(result, "GetAssetIssueByName failed");
+                })
+                .build());
+    }
+
+    private static void registerGetAssetIssueListByName(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-asset-issue-list-by-name")
+                .aliases("getassetissuelistbyname")
+                .description("Get asset issue list by name")
+                .option("name", "Asset name", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.AssetIssueList result = WalletApi.getAssetIssueListByName(opts.getString("name"));
+                    if (result == null) {
+                        out.error("query_failed", "GetAssetIssueListByName failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "GetAssetIssueListByName failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetChainParameters(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-chain-parameters")
+                .aliases("getchainparameters")
+                .description("Get chain parameters")
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.ChainParameters result = wrapper.getChainParametersForCli();
+                    out.printMessage(Utils.formatMessageString(result), "GetChainParameters failed");
+                })
+                .build());
+    }
+
+    private static void registerGetBandwidthPrices(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-bandwidth-prices")
+                .aliases("getbandwidthprices")
+                .description("Get bandwidth prices history")
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.PricesResponseMessage result = WalletApi.getBandwidthPrices();
+                    out.protobuf(result, "GetBandwidthPrices failed");
+                })
+                .build());
+    }
+
+    private static void registerGetEnergyPrices(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-energy-prices")
+                .aliases("getenergyprices")
+                .description("Get energy prices history")
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.PricesResponseMessage result = WalletApi.getEnergyPrices();
+                    out.protobuf(result, "GetEnergyPrices failed");
+                })
+                .build());
+    }
+
+    private static void registerGetMemoFee(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-memo-fee")
+                .aliases("getmemofee")
+                .description("Get memo fee")
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.PricesResponseMessage result = WalletApi.getMemoFee();
+                    out.protobuf(result, "GetMemoFee failed");
+                })
+                .build());
+    }
+
+    private static void registerGetNextMaintenanceTime(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-next-maintenance-time")
+                .aliases("getnextmaintenancetime")
+                .description("Get next maintenance time")
+                .handler((ctx, opts, wrapper, out) -> {
+                    long time = wrapper.getNextMaintenanceTime();
+                    Map<String, Object> json = new LinkedHashMap<String, Object>();
+                    json.put("next_maintenance_time", time);
+                    out.success("Next maintenance time: " + time, json);
+                })
+                .build());
+    }
+
+    private static void registerGetContract(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-contract")
+                .aliases("getcontract")
+                .description("Get smart contract by address")
+                .option("address", "Contract address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Common.SmartContract contract = WalletApi.getContract(opts.getAddress("address"));
+                    if (contract == null) {
+                        out.error("query_failed", "GetContract failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(contract), "GetContract failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetContractInfo(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-contract-info")
+                .aliases("getcontractinfo")
+                .description("Get smart contract info by address")
+                .option("address", "Contract address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.SmartContractDataWrapper contractInfo = WalletApi.getContractInfo(opts.getAddress("address"));
+                    if (contractInfo == null) {
+                        out.error("query_failed", "GetContractInfo failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(contractInfo), "GetContractInfo failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetDelegatedResource(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-delegated-resource")
+                .aliases("getdelegatedresource")
+                .description("Get delegated resource between two addresses")
+                .option("from", "From address", true)
+                .option("to", "To address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.DelegatedResourceList result = WalletApi.getDelegatedResource(
+                            opts.getString("from"), opts.getString("to"));
+                    if (result == null) {
+                        out.error("query_failed", "GetDelegatedResource failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "GetDelegatedResource failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetDelegatedResourceV2(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-delegated-resource-v2")
+                .aliases("getdelegatedresourcev2")
+                .description("Get delegated resource V2 between two addresses")
+                .option("from", "From address", true)
+                .option("to", "To address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.DelegatedResourceList result = WalletApi.getDelegatedResourceV2(
+                            opts.getString("from"), opts.getString("to"));
+                    if (result == null) {
+                        out.error("query_failed", "GetDelegatedResourceV2 failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "GetDelegatedResourceV2 failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetDelegatedResourceAccountIndex(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-delegated-resource-account-index")
+                .aliases("getdelegatedresourceaccountindex")
+                .description("Get delegated resource account index")
+                .option("address", "Address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.DelegatedResourceAccountIndex result =
+                            WalletApi.getDelegatedResourceAccountIndex(opts.getString("address"));
+                    if (result == null) {
+                        out.error("query_failed", "GetDelegatedResourceAccountIndex failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result),
+                                "GetDelegatedResourceAccountIndex failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetDelegatedResourceAccountIndexV2(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-delegated-resource-account-index-v2")
+                .aliases("getdelegatedresourceaccountindexv2")
+                .description("Get delegated resource account index V2")
+                .option("address", "Address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.DelegatedResourceAccountIndex result =
+                            WalletApi.getDelegatedResourceAccountIndexV2(opts.getString("address"));
+                    if (result == null) {
+                        out.error("query_failed", "GetDelegatedResourceAccountIndexV2 failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result),
+                                "GetDelegatedResourceAccountIndexV2 failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetCanDelegatedMaxSize(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-can-delegated-max-size")
+                .aliases("getcandelegatedmaxsize")
+                .description("Get max delegatable size for a resource type")
+                .option("owner", "Owner address", true)
+                .option("type", "Resource type (0=BANDWIDTH, 1=ENERGY)", true, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    long maxSize = WalletApi.getCanDelegatedMaxSize(
+                            opts.getAddress("owner"), (int) opts.getLong("type"));
+                    Map<String, Object> json = new LinkedHashMap<String, Object>();
+                    json.put("max_size", maxSize);
+                    out.success("Max delegatable size: " + maxSize, json);
+                })
+                .build());
+    }
+
+    private static void registerGetAvailableUnfreezeCount(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-available-unfreeze-count")
+                .aliases("getavailableunfreezecount")
+                .description("Get available unfreeze count")
+                .option("address", "Address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    long count = WalletApi.getAvailableUnfreezeCount(opts.getAddress("address"));
+                    Map<String, Object> json = new LinkedHashMap<String, Object>();
+                    json.put("count", count);
+                    out.success("Available unfreeze count: " + count, json);
+                })
+                .build());
+    }
+
+    private static void registerGetCanWithdrawUnfreezeAmount(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-can-withdraw-unfreeze-amount")
+                .aliases("getcanwithdrawunfreezeamount")
+                .description("Get withdrawable unfreeze amount")
+                .option("address", "Address", true)
+                .option("timestamp", "Timestamp in milliseconds (default: now)", false, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    long ts = opts.has("timestamp") ? opts.getLong("timestamp") : System.currentTimeMillis();
+                    long amount = WalletApi.getCanWithdrawUnfreezeAmount(opts.getAddress("address"), ts);
+                    Map<String, Object> json = new LinkedHashMap<String, Object>();
+                    json.put("amount", amount);
+                    out.success("Can withdraw unfreeze amount: " + amount, json);
+                })
+                .build());
+    }
+
+    private static void registerGetBrokerage(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-brokerage")
+                .aliases("getbrokerage")
+                .description("Get witness brokerage ratio")
+                .option("address", "Witness address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    long brokerage = wrapper.getBrokerage(opts.getAddress("address"));
+                    Map<String, Object> json = new LinkedHashMap<String, Object>();
+                    json.put("brokerage", brokerage);
+                    out.success("Brokerage: " + brokerage, json);
+                })
+                .build());
+    }
+
+    private static void registerGetReward(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-reward")
+                .aliases("getreward")
+                .description("Get unclaimed reward")
+                .option("address", "Address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    org.tron.trident.api.GrpcAPI.NumberMessage result =
+                            wrapper.getReward(opts.getAddress("address"));
+                    if (result == null) {
+                        out.error("query_failed", "GetReward failed");
+                    } else {
+                        long reward = result.getNum();
+                        Map<String, Object> json = new LinkedHashMap<String, Object>();
+                        json.put("reward", reward);
+                        out.success("Reward: " + reward, json);
+                    }
+                })
+                .build());
+    }
+
+    private static void registerListNodes(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("list-nodes")
+                .aliases("listnodes")
+                .description("List connected nodes")
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.NodeList nodeList = WalletApi.listNodes();
+                    if (nodeList == null) {
+                        out.error("query_failed", "ListNodes failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(nodeList), "ListNodes failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerListWitnesses(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("list-witnesses")
+                .aliases("listwitnesses")
+                .description("List all witnesses")
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.WitnessList witnessList = wrapper.listWitnessesForCli();
+                    out.printMessage(Utils.formatMessageString(witnessList), "ListWitnesses failed");
+                })
+                .build());
+    }
+
+    private static void registerListAssetIssue(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("list-asset-issue")
+                .aliases("listassetissue")
+                .description("List all asset issues")
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.AssetIssueList result = WalletApi.getAssetIssueList();
+                    out.protobuf(result, "ListAssetIssue failed");
+                })
+                .build());
+    }
+
+    private static void registerListAssetIssuePaginated(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("list-asset-issue-paginated")
+                .aliases("listassetissuepaginated")
+                .description("List asset issues with pagination")
+                .option("offset", "Start offset", true, OptionDef.Type.LONG)
+                .option("limit", "Page size", true, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.AssetIssueList result = WalletApi.getPaginatedAssetIssueList(
+                            opts.getLong("offset"), opts.getLong("limit"));
+                    if (result == null) {
+                        out.error("query_failed", "ListAssetIssuePaginated failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "ListAssetIssuePaginated failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerListProposals(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("list-proposals")
+                .aliases("listproposals")
+                .description("List all proposals")
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.ProposalList result = WalletApi.getProposalListPaginated(-1, -1);
+                    if (result == null) {
+                        out.error("query_failed", "ListProposals failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "ListProposals failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerListProposalsPaginated(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("list-proposals-paginated")
+                .aliases("listproposalspaginated")
+                .description("List proposals with pagination")
+                .option("offset", "Start offset", true, OptionDef.Type.LONG)
+                .option("limit", "Page size", true, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.ProposalList result = WalletApi.getProposalListPaginated(
+                            opts.getLong("offset"), opts.getLong("limit"));
+                    if (result == null) {
+                        out.error("query_failed", "ListProposalsPaginated failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "ListProposalsPaginated failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetProposal(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-proposal")
+                .aliases("getproposal")
+                .description("Get proposal by ID")
+                .option("id", "Proposal ID", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.Proposal result = WalletApi.getProposal(opts.getString("id"));
+                    if (result == null) {
+                        out.error("query_failed", "GetProposal failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "GetProposal failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerListExchanges(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("list-exchanges")
+                .aliases("listexchanges")
+                .description("List all exchanges")
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.ExchangeList result = WalletApi.getExchangeListPaginated(-1, -1);
+                    if (result == null) {
+                        out.error("query_failed", "ListExchanges failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "ListExchanges failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerListExchangesPaginated(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("list-exchanges-paginated")
+                .aliases("listexchangespaginated")
+                .description("List exchanges with pagination")
+                .option("offset", "Start offset", true, OptionDef.Type.LONG)
+                .option("limit", "Page size", true, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.ExchangeList result = WalletApi.getExchangeListPaginated(
+                            opts.getLong("offset"), opts.getLong("limit"));
+                    if (result == null) {
+                        out.error("query_failed", "ListExchangesPaginated failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "ListExchangesPaginated failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetExchange(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-exchange")
+                .aliases("getexchange")
+                .description("Get exchange by ID")
+                .option("id", "Exchange ID", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.Exchange result = WalletApi.getExchange(opts.getString("id"));
+                    if (result == null) {
+                        out.error("query_failed", "GetExchange failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "GetExchange failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetMarketOrderByAccount(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-market-order-by-account")
+                .aliases("getmarketorderbyaccount")
+                .description("Get market orders by account")
+                .option("address", "Account address", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.MarketOrderList result = WalletApi.getMarketOrderByAccount(opts.getAddress("address"));
+                    if (result == null) {
+                        out.error("query_failed", "GetMarketOrderByAccount failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "GetMarketOrderByAccount failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetMarketOrderById(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-market-order-by-id")
+                .aliases("getmarketorderbyid")
+                .description("Get market order by ID")
+                .option("id", "Order ID hex", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    byte[] orderId = org.tron.common.utils.ByteArray.fromHexString(opts.getString("id"));
+                    Response.MarketOrder result;
+                    try {
+                        result = WalletApi.getMarketOrderById(orderId);
+                    } catch (Exception e) {
+                        out.error("query_failed",
+                                e.getMessage() != null ? e.getMessage() : "GetMarketOrderById failed");
+                        return;
+                    }
+                    if (result == null) {
+                        out.error("query_failed", "GetMarketOrderById failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "GetMarketOrderById failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetMarketOrderListByPair(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-market-order-list-by-pair")
+                .aliases("getmarketorderlistbypair")
+                .description("Get market order list by token pair")
+                .option("sell-token", "Sell token name", true)
+                .option("buy-token", "Buy token name", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.MarketOrderList result = WalletApi.getMarketOrderListByPair(
+                            opts.getString("sell-token").getBytes(),
+                            opts.getString("buy-token").getBytes());
+                    if (result == null) {
+                        out.error("query_failed", "GetMarketOrderListByPair failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "GetMarketOrderListByPair failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGetMarketPairList(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-market-pair-list")
+                .aliases("getmarketpairlist")
+                .description("Get all market trading pairs")
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.MarketOrderPairList result = wrapper.getMarketPairListForCli();
+                    out.printMessage(Utils.formatMessageString(result), "GetMarketPairList failed");
+                })
+                .build());
+    }
+
+    private static void registerGetMarketPriceByPair(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-market-price-by-pair")
+                .aliases("getmarketpricebypair")
+                .description("Get market price by token pair")
+                .option("sell-token", "Sell token name", true)
+                .option("buy-token", "Buy token name", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    Response.MarketPriceList result = WalletApi.getMarketPriceByPair(
+                            opts.getString("sell-token").getBytes(),
+                            opts.getString("buy-token").getBytes());
+                    if (result == null) {
+                        out.error("query_failed", "GetMarketPriceByPair failed");
+                    } else {
+                        out.printMessage(Utils.formatMessageString(result), "GetMarketPriceByPair failed");
+                    }
+                })
+                .build());
+    }
+
+    private static void registerGasFreeInfo(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicyResolver(opts -> opts.has("address")
+                        ? CommandDefinition.AuthPolicy.NEVER
+                        : CommandDefinition.AuthPolicy.REQUIRE)
+                .name("gas-free-info")
+                .aliases("gasfreeinfo")
+                .description("Get GasFree service info")
+                .option("address", "Address to query (default: current wallet)", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    String address = opts.has("address") ? opts.getString("address") : null;
+                    String rendered = JSON.toJSONString(wrapper.getGasFreeInfoData(address), true);
+                    out.printMessage(rendered, "GetGasFreeInfo failed");
+                })
+                .build());
+    }
+
+    private static void registerGasFreeTrace(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("gas-free-trace")
+                .aliases("gasfreetrace")
+                .description("Trace a GasFree transaction")
+                .option("id", "Transaction ID", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    String rendered = JSON.toJSONString(wrapper.gasFreeTraceData(opts.getString("id")), true);
+                    out.printMessage(rendered, "GasFreeTrace failed");
+                })
+                .build());
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/commands/StakingCommands.java b/src/main/java/org/tron/walletcli/cli/commands/StakingCommands.java
new file mode 100644
index 00000000..fcb38cf9
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/commands/StakingCommands.java
@@ -0,0 +1,276 @@
+package org.tron.walletcli.cli.commands;
+
+import org.tron.common.utils.TransactionUtils;
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OptionDef;
+
+public class StakingCommands {
+
+    public static void register(CommandRegistry registry) {
+        registerFreezeBalance(registry);
+        registerFreezeBalanceV2(registry);
+        registerUnfreezeBalance(registry);
+        registerUnfreezeBalanceV2(registry);
+        registerWithdrawExpireUnfreeze(registry);
+        registerDelegateResource(registry);
+        registerUndelegateResource(registry);
+        registerCancelAllUnfreezeV2(registry);
+        registerWithdrawBalance(registry);
+        registerUnfreezeAsset(registry);
+    }
+
+    private static void registerFreezeBalance(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("freeze-balance")
+                .aliases("freezebalance")
+                .description("Freeze TRX for bandwidth/energy (v1, deprecated)")
+                .option("amount", "Amount to freeze in SUN", true, OptionDef.Type.LONG)
+                .option("duration", "Freeze duration in days", true, OptionDef.Type.LONG)
+                .option("resource", "Resource type (0=BANDWIDTH, 1=ENERGY)", false, OptionDef.Type.LONG)
+                .option("receiver", "Receiver address (for delegated freeze)", false)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    long amount = opts.getLong("amount");
+                    long duration = opts.getLong("duration");
+                    int resource = opts.has("resource") ? (int) opts.getLong("resource") : 0;
+                    byte[] receiver = opts.has("receiver") ? opts.getAddress("receiver") : null;
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.freezeBalanceForCli(owner, amount, duration, resource, receiver, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "FreezeBalance successful !!", "FreezeBalance failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerFreezeBalanceV2(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("freeze-balance-v2")
+                .aliases("freezebalancev2")
+                .description("Freeze TRX for bandwidth/energy (Stake 2.0)")
+                .option("amount", "Amount to freeze in SUN", true, OptionDef.Type.LONG)
+                .option("resource", "Resource type (0=BANDWIDTH, 1=ENERGY)", false, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("permission-id", "Permission ID for signing (default: 0)", false, OptionDef.Type.LONG)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    long amount = opts.getLong("amount");
+                    int resource = opts.has("resource") ? (int) opts.getLong("resource") : 0;
+                    int permissionId = opts.has("permission-id") ? (int) opts.getLong("permission-id") : 0;
+                    boolean multi = opts.getBoolean("multi");
+                    TransactionUtils.setPermissionIdOverride(permissionId);
+                    try {
+                        wrapper.freezeBalanceV2ForCli(owner, amount, resource, multi);
+                    } finally {
+                        TransactionUtils.clearPermissionIdOverride();
+                    }
+                    CommandSupport.emitBooleanResult(out, true,
+                            "FreezeBalanceV2 successful !!", "FreezeBalanceV2 failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerUnfreezeBalance(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("unfreeze-balance")
+                .aliases("unfreezebalance")
+                .description("Unfreeze TRX (v1, deprecated)")
+                .option("resource", "Resource type (0=BANDWIDTH, 1=ENERGY)", false, OptionDef.Type.LONG)
+                .option("receiver", "Receiver address", false)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    int resource = opts.has("resource") ? (int) opts.getLong("resource") : 0;
+                    byte[] receiver = opts.has("receiver") ? opts.getAddress("receiver") : null;
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.unfreezeBalanceForCli(owner, resource, receiver, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "UnfreezeBalance successful !!", "UnfreezeBalance failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerUnfreezeBalanceV2(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("unfreeze-balance-v2")
+                .aliases("unfreezebalancev2")
+                .description("Unfreeze TRX (Stake 2.0)")
+                .option("amount", "Amount to unfreeze in SUN", true, OptionDef.Type.LONG)
+                .option("resource", "Resource type (0=BANDWIDTH, 1=ENERGY)", false, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("permission-id", "Permission ID for signing (default: 0)", false, OptionDef.Type.LONG)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    long amount = opts.getLong("amount");
+                    int resource = opts.has("resource") ? (int) opts.getLong("resource") : 0;
+                    int permissionId = opts.has("permission-id") ? (int) opts.getLong("permission-id") : 0;
+                    boolean multi = opts.getBoolean("multi");
+                    TransactionUtils.setPermissionIdOverride(permissionId);
+                    try {
+                        wrapper.unfreezeBalanceV2ForCli(owner, amount, resource, multi);
+                    } finally {
+                        TransactionUtils.clearPermissionIdOverride();
+                    }
+                    CommandSupport.emitBooleanResult(out, true,
+                            "UnfreezeBalanceV2 successful !!", "UnfreezeBalanceV2 failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerWithdrawExpireUnfreeze(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("withdraw-expire-unfreeze")
+                .aliases("withdrawexpireunfreeze")
+                .description("Withdraw expired unfrozen TRX")
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.withdrawExpireUnfreezeForCli(owner, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "WithdrawExpireUnfreeze successful !!",
+                            "WithdrawExpireUnfreeze failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerDelegateResource(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("delegate-resource")
+                .aliases("delegateresource")
+                .description("Delegate bandwidth/energy to another address")
+                .option("amount", "Amount in SUN", true, OptionDef.Type.LONG)
+                .option("resource", "Resource type (0=BANDWIDTH, 1=ENERGY)", true, OptionDef.Type.LONG)
+                .option("receiver", "Receiver address", true)
+                .option("lock", "Lock delegation", false, OptionDef.Type.BOOLEAN)
+                .option("lock-period", "Lock period in blocks", false, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    long amount = opts.getLong("amount");
+                    int resource = (int) opts.getLong("resource");
+                    byte[] receiver = opts.getAddress("receiver");
+                    boolean lock = opts.getBoolean("lock");
+                    long lockPeriod = opts.has("lock-period") ? opts.getLong("lock-period") : 0;
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.delegateResourceForCli(owner, amount, resource, receiver,
+                            lock, lockPeriod, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "DelegateResource successful !!", "DelegateResource failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerUndelegateResource(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("undelegate-resource")
+                .aliases("undelegateresource")
+                .description("Undelegate bandwidth/energy")
+                .option("amount", "Amount in SUN", true, OptionDef.Type.LONG)
+                .option("resource", "Resource type (0=BANDWIDTH, 1=ENERGY)", true, OptionDef.Type.LONG)
+                .option("receiver", "Receiver address", true)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    long amount = opts.getLong("amount");
+                    int resource = (int) opts.getLong("resource");
+                    byte[] receiver = opts.getAddress("receiver");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.undelegateResourceForCli(owner, amount, resource, receiver, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "UndelegateResource successful !!",
+                            "UndelegateResource failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerCancelAllUnfreezeV2(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("cancel-all-unfreeze-v2")
+                .aliases("cancelallunfreezev2")
+                .description("Cancel all pending unfreeze V2 operations")
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.cancelAllUnfreezeV2ForCli(owner, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "CancelAllUnfreezeV2 successful !!",
+                            "CancelAllUnfreezeV2 failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerWithdrawBalance(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("withdraw-balance")
+                .aliases("withdrawbalance")
+                .description("Withdraw witness balance")
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.withdrawBalanceForCli(owner, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "WithdrawBalance successful !!", "WithdrawBalance failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerUnfreezeAsset(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("unfreeze-asset")
+                .aliases("unfreezeasset")
+                .description("Unfreeze TRC10 asset")
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.unfreezeAssetForCli(owner, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "UnfreezeAsset successful !!", "UnfreezeAsset failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/commands/TransactionCommands.java b/src/main/java/org/tron/walletcli/cli/commands/TransactionCommands.java
new file mode 100644
index 00000000..dcc53e48
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/commands/TransactionCommands.java
@@ -0,0 +1,442 @@
+package org.tron.walletcli.cli.commands;
+
+import org.apache.commons.lang3.tuple.Triple;
+import org.bouncycastle.util.encoders.Hex;
+import org.tron.common.enums.NetType;
+import org.tron.common.utils.AbiUtil;
+import org.tron.common.utils.TransactionUtils;
+import org.tron.walletcli.WalletApiWrapper;
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OptionDef;
+import org.tron.walletserver.WalletApi;
+
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+public class TransactionCommands {
+
+    public static void register(CommandRegistry registry) {
+        registerSendCoin(registry);
+        registerTransferAsset(registry);
+        registerTransferUsdt(registry);
+        registerParticipateAssetIssue(registry);
+        registerAssetIssue(registry);
+        registerCreateAccount(registry);
+        registerUpdateAccount(registry);
+        registerSetAccountId(registry);
+        registerUpdateAsset(registry);
+        registerBroadcastTransaction(registry);
+        registerAddTransactionSign(registry);
+        registerUpdateAccountPermission(registry);
+        registerTronlinkMultiSign(registry);
+        registerGasFreeTransfer(registry);
+    }
+
+    private static void registerSendCoin(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("send-coin")
+                .aliases("sendcoin")
+                .description("Send TRX to an address")
+                .option("to", "Recipient address", true)
+                .option("amount", "Amount in SUN", true, OptionDef.Type.LONG)
+                .option("owner", "Sender address (default: current wallet)", false)
+                .option("permission-id", "Permission ID for signing (default: 0)", false, OptionDef.Type.LONG)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] to = opts.getAddress("to");
+                    long amount = opts.getLong("amount");
+                    int permissionId = opts.has("permission-id") ? (int) opts.getLong("permission-id") : 0;
+                    boolean multi = opts.getBoolean("multi");
+                    TransactionUtils.setPermissionIdOverride(permissionId);
+                    try {
+                        wrapper.sendCoinForCli(owner, to, amount, multi);
+                    } finally {
+                        TransactionUtils.clearPermissionIdOverride();
+                    }
+                    String toStr = opts.getString("to");
+                    if (multi) {
+                        CommandSupport.emitBooleanResult(out, true,
+                                "create multi-sign transaction successful !!",
+                                "create multi-sign transaction failed !!",
+                                CommandSupport.lastBroadcastTxResultData());
+                    } else {
+                        String successMessage = "SendCoin successful !!";
+                        Map<String, Object> json = new LinkedHashMap<String, Object>();
+                        json.put("message", successMessage);
+                        json.put("to", toStr);
+                        json.put("amount", amount);
+                        String txid = WalletApi.consumeLastBroadcastTxId();
+                        if (txid != null && !txid.isEmpty()) {
+                            json.put("txid", txid);
+                        }
+                        out.success(successMessage, json);
+                    }
+                })
+                .build());
+    }
+
+    private static void registerTransferAsset(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("transfer-asset")
+                .aliases("transferasset")
+                .description("Transfer a TRC10 asset")
+                .option("to", "Recipient address", true)
+                .option("asset", "Asset name", true)
+                .option("amount", "Amount", true, OptionDef.Type.LONG)
+                .option("owner", "Sender address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] to = opts.getAddress("to");
+                    String asset = opts.getString("asset");
+                    long amount = opts.getLong("amount");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.transferAssetForCli(owner, to, asset, amount, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "TransferAsset successful !!", "TransferAsset failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerTransferUsdt(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("transfer-usdt")
+                .aliases("transferusdt")
+                .description("Transfer USDT (TRC20)")
+                .option("to", "Recipient address", true)
+                .option("amount", "Amount in smallest unit", true, OptionDef.Type.LONG)
+                .option("owner", "Sender address", false)
+                .option("permission-id", "Permission ID for signing (default: 0)", false, OptionDef.Type.LONG)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    NetType netType = WalletApi.getCurrentNetwork();
+                    if (netType.getUsdtAddress() == null) {
+                        out.error("unsupported_network",
+                                "transfer-usdt does not support the current network.");
+                        return;
+                    }
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] toAddress = opts.getAddress("to");
+                    long amount = opts.getLong("amount");
+                    int permissionId = opts.has("permission-id") ? (int) opts.getLong("permission-id") : 0;
+                    boolean multi = opts.getBoolean("multi");
+
+                    String toBase58 = WalletApi.encode58Check(toAddress);
+                    String inputStr = String.format("\"%s\",%d", toBase58, amount);
+                    String methodStr = "transfer(address,uint256)";
+                    byte[] data = Hex.decode(AbiUtil.parseMethod(methodStr, inputStr, false));
+                    byte[] contractAddress = WalletApi.decodeFromBase58Check(netType.getUsdtAddress());
+
+                    // Estimate energy to calculate fee limit
+                    TransactionUtils.setPermissionIdOverride(permissionId);
+                    Triple<Boolean, Long, Long> estimate;
+                    try {
+                        estimate = wrapper.callContractForCli(
+                                owner, contractAddress, 0, data, 0, 0, "", true, true, false);
+                    } finally {
+                        TransactionUtils.clearPermissionIdOverride();
+                    }
+                    if (!Boolean.TRUE.equals(estimate.getLeft())) {
+                        out.error("execution_error", "TransferUSDT failed: energy estimation failed.");
+                        return;
+                    }
+                    long energyUsed = estimate.getMiddle();
+                    // Get energy price from chain parameters and add 20% buffer
+                    long energyFee = wrapper.getChainParametersForCli().getChainParameterList().stream()
+                            .filter(p -> "getEnergyFee".equals(p.getKey()))
+                            .mapToLong(org.tron.trident.proto.Response.ChainParameters.ChainParameter::getValue)
+                            .findFirst()
+                            .orElse(420L);
+                    long feeLimit;
+                    try {
+                        feeLimit = WalletApiWrapper.computeBufferedFeeLimit(energyFee, energyUsed);
+                    } catch (ArithmeticException e) {
+                        out.error("fee_limit_overflow",
+                                "Estimated fee limit exceeds supported range.");
+                        return;
+                    }
+
+                    TransactionUtils.setPermissionIdOverride(permissionId);
+                    boolean result;
+                    try {
+                        result = wrapper.callContractForCli(
+                                owner, contractAddress, 0, data, feeLimit, 0, "", false, false, multi)
+                                .getLeft();
+                    } finally {
+                        TransactionUtils.clearPermissionIdOverride();
+                    }
+                    CommandSupport.emitBooleanResult(out, result,
+                            "TransferUSDT successful !!",
+                            "TransferUSDT failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerParticipateAssetIssue(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("participate-asset-issue")
+                .aliases("participateassetissue")
+                .description("Participate in an asset issue")
+                .option("to", "Asset issuer address", true)
+                .option("asset", "Asset name", true)
+                .option("amount", "Amount", true, OptionDef.Type.LONG)
+                .option("owner", "Participant address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] to = opts.getAddress("to");
+                    String asset = opts.getString("asset");
+                    long amount = opts.getLong("amount");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.participateAssetIssueForCli(owner, to, asset, amount, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "ParticipateAssetIssue successful !!",
+                            "ParticipateAssetIssue failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerAssetIssue(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("asset-issue")
+                .aliases("assetissue")
+                .description("Create a TRC10 asset")
+                .option("name", "Asset name", true)
+                .option("abbr", "Asset abbreviation", true)
+                .option("total-supply", "Total supply", true, OptionDef.Type.LONG)
+                .option("trx-num", "TRX number", true, OptionDef.Type.LONG)
+                .option("ico-num", "ICO number", true, OptionDef.Type.LONG)
+                .option("start-time", "ICO start time (ms)", true, OptionDef.Type.LONG)
+                .option("end-time", "ICO end time (ms)", true, OptionDef.Type.LONG)
+                .option("precision", "Precision (default: 0)", false, OptionDef.Type.LONG)
+                .option("description", "Description", false)
+                .option("url", "URL", true)
+                .option("free-net-limit", "Free net limit per account", true, OptionDef.Type.LONG)
+                .option("public-free-net-limit", "Public free net limit", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    String name = opts.getString("name");
+                    String abbr = opts.getString("abbr");
+                    long totalSupply = opts.getLong("total-supply");
+                    int trxNum = (int) opts.getLong("trx-num");
+                    int icoNum = (int) opts.getLong("ico-num");
+                    int precision = opts.has("precision") ? (int) opts.getLong("precision") : 0;
+                    long startTime = opts.getLong("start-time");
+                    long endTime = opts.getLong("end-time");
+                    String desc = opts.has("description") ? opts.getString("description") : "";
+                    String url = opts.getString("url");
+                    long freeNetLimit = opts.getLong("free-net-limit");
+                    long publicFreeNetLimit = opts.getLong("public-free-net-limit");
+                    boolean multi = opts.getBoolean("multi");
+                    HashMap<String, String> frozenSupply = new HashMap<String, String>();
+                    boolean result = wrapper.assetIssue(owner, name, abbr, totalSupply,
+                            trxNum, icoNum, precision, startTime, endTime, 0, desc, url,
+                            freeNetLimit, publicFreeNetLimit, frozenSupply, multi);
+                    CommandSupport.emitBooleanResult(out, result,
+                            "AssetIssue successful !!", "AssetIssue failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerCreateAccount(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("create-account")
+                .aliases("createaccount")
+                .description("Create a new account on chain")
+                .option("address", "New account address", true)
+                .option("owner", "Creator address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] address = opts.getAddress("address");
+                    boolean multi = opts.getBoolean("multi");
+                    boolean result = wrapper.createAccount(owner, address, multi);
+                    CommandSupport.emitBooleanResult(out, result,
+                            "CreateAccount successful !!", "CreateAccount failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerUpdateAccount(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("update-account")
+                .aliases("updateaccount")
+                .description("Update account name")
+                .option("name", "Account name", true)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] nameBytes = opts.getString("name").getBytes();
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.updateAccountForCli(owner, nameBytes, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "Update Account successful !!", "Update Account failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerSetAccountId(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("set-account-id")
+                .aliases("setaccountid")
+                .description("Set account ID")
+                .option("id", "Account ID", true)
+                .option("owner", "Owner address", false)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] id = opts.getString("id").getBytes();
+                    wrapper.setAccountIdForCli(owner, id);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "Set AccountId successful !!", "Set AccountId failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerUpdateAsset(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("update-asset")
+                .aliases("updateasset")
+                .description("Update asset parameters")
+                .option("description", "New description", true)
+                .option("url", "New URL", true)
+                .option("new-limit", "New free net limit", true, OptionDef.Type.LONG)
+                .option("new-public-limit", "New public free net limit", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    byte[] desc = opts.getString("description").getBytes();
+                    byte[] url = opts.getString("url").getBytes();
+                    long newLimit = opts.getLong("new-limit");
+                    long newPublicLimit = opts.getLong("new-public-limit");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.updateAssetForCli(owner, desc, url, newLimit, newPublicLimit, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "UpdateAsset successful !!", "UpdateAsset failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerBroadcastTransaction(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+                .name("broadcast-transaction")
+                .aliases("broadcasttransaction")
+                .description("Broadcast a signed transaction")
+                .option("transaction", "Transaction hex string", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    byte[] txBytes = org.tron.common.utils.ByteArray.fromHexString(opts.getString("transaction"));
+                    boolean result = org.tron.walletserver.WalletApi.broadcastTransaction(txBytes);
+                    CommandSupport.emitBooleanResult(out, result,
+                            "BroadcastTransaction successful !!",
+                            "BroadcastTransaction failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerAddTransactionSign(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+                .name("add-transaction-sign")
+                .aliases("addtransactionsign")
+                .description("Add a signature to a transaction")
+                .option("transaction", "Transaction hex string", true)
+                .handler((ctx, opts, wrapper, out) -> {
+                    // addTransactionSign requires interactive password prompt
+                    // Delegates to the wrapper which handles signing
+                    out.error("not_implemented",
+                            "add-transaction-sign via standard CLI is not yet implemented. Use --interactive mode.");
+                })
+                .build());
+    }
+
+    private static void registerUpdateAccountPermission(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("update-account-permission")
+                .aliases("updateaccountpermission")
+                .description("Update account permissions (multi-sign setup)")
+                .option("owner", "Owner address", true)
+                .option("permissions", "Permissions JSON string", true)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.getAddress("owner");
+                    String permissions = opts.getString("permissions");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.accountPermissionUpdateForCli(owner, permissions, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "UpdateAccountPermission successful !!",
+                            "UpdateAccountPermission failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerTronlinkMultiSign(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+                .name("tronlink-multi-sign")
+                .aliases("tronlinkmultisign")
+                .description("TronLink multi-sign transaction")
+                .handler((ctx, opts, wrapper, out) -> {
+                    CommandSupport.rejectUnsupportedStandardCliCommand(out, "tronlink-multi-sign");
+                })
+                .build());
+    }
+
+    private static void registerGasFreeTransfer(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("gas-free-transfer")
+                .aliases("gasfreetransfer")
+                .description("Transfer tokens via GasFree service")
+                .option("to", "Recipient address", true)
+                .option("amount", "Amount", true, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    String to = opts.getString("to");
+                    long amount = opts.getLong("amount");
+                    String gasFreeId = wrapper.gasFreeTransferOrThrow(to, amount);
+                    Map<String, Object> data = new LinkedHashMap<String, Object>();
+                    data.put("message", "GasFreeTransfer successful !!");
+                    if (gasFreeId != null && !"-".equals(gasFreeId)) {
+                        data.put("gas_free_id", gasFreeId);
+                    }
+                    out.success("GasFreeTransfer successful !!", data);
+                })
+                .build());
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/commands/WalletCommands.java b/src/main/java/org/tron/walletcli/cli/commands/WalletCommands.java
new file mode 100644
index 00000000..d52d9355
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/commands/WalletCommands.java
@@ -0,0 +1,577 @@
+package org.tron.walletcli.cli.commands;
+
+import org.tron.common.crypto.ECKey;
+import org.tron.common.utils.ByteArray;
+import org.tron.keystore.Wallet;
+import org.tron.keystore.WalletFile;
+import org.tron.keystore.WalletUtils;
+import org.tron.mnemonic.MnemonicUtils;
+import org.tron.walletcli.cli.ActiveWalletConfig;
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OptionDef;
+import org.tron.walletserver.WalletApi;
+
+import lombok.extern.slf4j.Slf4j;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+@Slf4j
+public class WalletCommands {
+
+    private static final String PRIVATE_KEY_ENV = "TRON_PRIVATE_KEY";
+    private static final String MNEMONIC_ENV = "TRON_MNEMONIC";
+
+    private static CommandDefinition.Builder noAuthCommand() {
+        return CommandDefinition.builder().authPolicy(CommandDefinition.AuthPolicy.NEVER);
+    }
+
+    public static void register(CommandRegistry registry) {
+        registerRegisterWallet(registry);
+        registerImportWallet(registry);
+        registerImportWalletByMnemonic(registry);
+        registerListWallet(registry);
+        registerSetActiveWallet(registry);
+        registerGetActiveWallet(registry);
+        registerChangePassword(registry);
+        registerClearWalletKeystore(registry);
+        registerResetWallet(registry);
+        registerModifyWalletName(registry);
+        registerSwitchNetwork(registry);
+        registerLock(registry);
+        registerUnlock(registry);
+        registerGenerateSubAccount(registry);
+    }
+
+    private static void registerRegisterWallet(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("register-wallet")
+                .aliases("registerwallet")
+                .description("Create a new wallet")
+                .option("words", "Mnemonic word count (12 or 24, default: 12)", false, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    int wordCount = opts.has("words") ? (int) opts.getLong("words") : 12;
+                    String envPassword = System.getenv("MASTER_PASSWORD");
+                    if (envPassword == null || envPassword.isEmpty()) {
+                        out.error("missing_env",
+                                "Set MASTER_PASSWORD environment variable for non-interactive wallet creation");
+                        return;
+                    }
+                    char[] password = envPassword.toCharArray();
+                    try {
+                        String keystoreName = wrapper.registerWallet(password, wordCount);
+                        if (keystoreName != null) {
+                            // Auto-set as active wallet
+                            String address = keystoreName.replace(".json", "");
+                            ActiveWalletConfig.setActiveAddress(address);
+                            Map<String, Object> json = new LinkedHashMap<String, Object>();
+                            json.put("keystore", keystoreName);
+                            json.put("address", address);
+                            out.success("Register a wallet successful, keystore file name is " + keystoreName, json);
+                        } else {
+                            out.error("register_failed", "Register wallet failed");
+                        }
+                    } finally {
+                        org.tron.keystore.StringUtils.clear(password);
+                    }
+                })
+                .build());
+    }
+
+    private static void registerImportWallet(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("import-wallet")
+                .aliases("importwallet")
+                .description("Import a wallet by private key from " + PRIVATE_KEY_ENV
+                        + " (uses MASTER_PASSWORD env for encryption)")
+                .option("name", "Wallet name (default: mywallet)", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    String envPassword = System.getenv("MASTER_PASSWORD");
+                    if (envPassword == null || envPassword.isEmpty()) {
+                        out.error("missing_env",
+                                "Set MASTER_PASSWORD environment variable");
+                        return;
+                    }
+                    String privateKeyHex = System.getenv(PRIVATE_KEY_ENV);
+                    if (privateKeyHex == null || privateKeyHex.isEmpty()) {
+                        out.usageError("import-wallet requires " + PRIVATE_KEY_ENV + " in standard CLI mode.", null);
+                        return;
+                    }
+                    byte[] passwd = org.tron.keystore.StringUtils.char2Byte(
+                            envPassword.toCharArray());
+                    byte[] priKey = ByteArray.fromHexString(privateKeyHex);
+                    try {
+                        String walletName = opts.has("name") ? opts.getString("name") : "mywallet";
+
+                        ECKey ecKey = ECKey.fromPrivate(priKey);
+                        WalletFile walletFile = Wallet.createStandard(passwd, ecKey);
+                        walletFile.setName(walletName);
+                        String keystoreName = WalletApi.store2Keystore(walletFile);
+                        String address = WalletApi.encode58Check(ecKey.getAddress());
+
+                        // Auto-set as active wallet
+                        ActiveWalletConfig.setActiveAddress(walletFile.getAddress());
+
+                        Map<String, Object> json = new LinkedHashMap<String, Object>();
+                        json.put("keystore", keystoreName);
+                        json.put("address", address);
+                        out.success("Import wallet successful, keystore: " + keystoreName, json);
+                    } finally {
+                        Arrays.fill(priKey, (byte) 0);
+                        Arrays.fill(passwd, (byte) 0);
+                    }
+                })
+                .build());
+    }
+
+    private static void registerImportWalletByMnemonic(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("import-wallet-by-mnemonic")
+                .aliases("importwalletbymnemonic")
+                .description("Import a wallet by mnemonic phrase from " + MNEMONIC_ENV
+                        + " (uses MASTER_PASSWORD env for encryption)")
+                .option("name", "Wallet name (default: mywallet)", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    String envPassword = System.getenv("MASTER_PASSWORD");
+                    if (envPassword == null || envPassword.isEmpty()) {
+                        out.error("missing_env",
+                                "Set MASTER_PASSWORD environment variable");
+                        return;
+                    }
+                    String mnemonic = System.getenv(MNEMONIC_ENV);
+                    if (mnemonic == null || mnemonic.trim().isEmpty()) {
+                        out.usageError("import-wallet-by-mnemonic requires " + MNEMONIC_ENV
+                                + " in standard CLI mode.", null);
+                        return;
+                    }
+                    byte[] passwd = org.tron.keystore.StringUtils.char2Byte(
+                            envPassword.toCharArray());
+                    List<String> words = Arrays.asList(
+                            mnemonic.trim().split("\\s+"));
+                    String walletName = opts.has("name") ? opts.getString("name") : "mywallet";
+                    byte[] priKey = null;
+                    try {
+                        priKey = MnemonicUtils.getPrivateKeyFromMnemonic(words);
+                        ECKey ecKey = ECKey.fromPrivate(priKey);
+                        WalletFile walletFile = Wallet.createStandard(passwd, ecKey);
+                        walletFile.setName(walletName);
+                        String keystoreName = WalletApi.store2Keystore(walletFile);
+                        String address = WalletApi.encode58Check(ecKey.getAddress());
+
+                        // Auto-set as active wallet
+                        ActiveWalletConfig.setActiveAddress(walletFile.getAddress());
+
+                        Map<String, Object> json = new LinkedHashMap<String, Object>();
+                        json.put("keystore", keystoreName);
+                        json.put("address", address);
+                        out.success("Import wallet by mnemonic successful, keystore: " + keystoreName, json);
+                    } finally {
+                        if (priKey != null) {
+                            Arrays.fill(priKey, (byte) 0);
+                        }
+                        Arrays.fill(passwd, (byte) 0);
+                    }
+                })
+                .build());
+    }
+
+    private static void registerListWallet(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("list-wallet")
+                .aliases("listwallet")
+                .description("List all wallets with active status")
+                .handler((ctx, opts, wrapper, out) -> {
+                    File dir = ActiveWalletConfig.getWalletDir();
+                    if (!dir.exists() || !dir.isDirectory()) {
+                        out.error("no_wallets", "No wallet directory found");
+                        return;
+                    }
+                    File[] files = dir.listFiles((d, name) -> name.endsWith(".json"));
+                    if (files == null || files.length == 0) {
+                        out.error("no_wallets", "No wallet files found");
+                        return;
+                    }
+
+                    String activeAddress = ActiveWalletConfig.getActiveAddressLenient();
+                    List<Map<String, Object>> wallets = new ArrayList<Map<String, Object>>();
+
+                    for (File f : files) {
+                        WalletFile wf = WalletUtils.loadWalletFile(f);
+                        String walletName = wf.getName();
+                        if (walletName == null || walletName.isEmpty()) {
+                            walletName = f.getName();
+                        }
+                        String address = wf.getAddress();
+                        boolean isActive = address != null && address.equals(activeAddress);
+
+                        Map<String, Object> entry = new LinkedHashMap<String, Object>();
+                        entry.put("wallet-name", walletName);
+                        entry.put("wallet-address", address);
+                        entry.put("is-active", isActive);
+                        wallets.add(entry);
+                    }
+
+                    // Text output
+                    StringBuilder text = new StringBuilder();
+                    text.append(String.format("%-30s %-42s %-8s", "Name", "Address", "Active"));
+                    text.append("\n");
+                    for (Map<String, Object> w : wallets) {
+                        text.append(String.format("%-30s %-42s %-8s",
+                                w.get("wallet-name"),
+                                w.get("wallet-address"),
+                                (Boolean) w.get("is-active") ? "*" : ""));
+                        text.append("\n");
+                    }
+
+                    Map<String, Object> json = new LinkedHashMap<String, Object>();
+                    json.put("wallets", wallets);
+                    out.success(text.toString().trim(), json);
+                })
+                .build());
+    }
+
+    private static void registerSetActiveWallet(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("set-active-wallet")
+                .aliases("setactivewallet")
+                .description("Set the active wallet by address or name")
+                .option("address", "Wallet address (Base58Check)", false)
+                .option("name", "Wallet name", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    boolean hasAddress = opts.has("address");
+                    boolean hasName = opts.has("name");
+
+                    if (!hasAddress && !hasName) {
+                        out.usageError(
+                                "Provide --address or --name to identify the wallet", null);
+                        return;
+                    }
+                    if (hasAddress && hasName) {
+                        out.usageError(
+                                "Provide either --address or --name, not both", null);
+                        return;
+                    }
+
+                    File walletFile;
+                    if (hasAddress) {
+                        walletFile = ActiveWalletConfig.findWalletFileByAddress(
+                                opts.getString("address"));
+                        if (walletFile == null) {
+                            out.error("not_found",
+                                    "No wallet found with address: " + opts.getString("address"));
+                            return;
+                        }
+                    } else {
+                        try {
+                            walletFile = ActiveWalletConfig.findWalletFileByName(
+                                    opts.getString("name"));
+                        } catch (IllegalArgumentException e) {
+                            out.error("ambiguous_name", e.getMessage());
+                            return;
+                        }
+                        if (walletFile == null) {
+                            out.error("not_found",
+                                    "No wallet found with name: " + opts.getString("name"));
+                            return;
+                        }
+                    }
+
+                    WalletFile wf = WalletUtils.loadWalletFile(walletFile);
+                    ActiveWalletConfig.setActiveAddress(wf.getAddress());
+
+                    Map<String, Object> json = new LinkedHashMap<String, Object>();
+                    json.put("wallet-address", wf.getAddress());
+                    out.success("Active wallet set to: " + wf.getAddress(), json);
+                })
+                .build());
+    }
+
+    private static void registerGetActiveWallet(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("get-active-wallet")
+                .aliases("getactivewallet")
+                .description("Get the current active wallet")
+                .handler((ctx, opts, wrapper, out) -> {
+                    String activeAddress = ActiveWalletConfig.getActiveAddressStrict();
+                    if (activeAddress == null) {
+                        out.error("no_active_wallet", "No active wallet set");
+                        return;
+                    }
+
+                    File walletFile = ActiveWalletConfig.findWalletFileByAddress(activeAddress);
+                    if (walletFile == null) {
+                        out.error("wallet_not_found",
+                                "Active wallet keystore not found for address: " + activeAddress);
+                        return;
+                    }
+
+                    WalletFile wf = WalletUtils.loadWalletFile(walletFile);
+                    String walletName = wf.getName();
+                    if (walletName == null || walletName.isEmpty()) {
+                        walletName = walletFile.getName();
+                    }
+
+                    Map<String, Object> json = new LinkedHashMap<String, Object>();
+                    json.put("wallet-name", walletName);
+                    json.put("wallet-address", wf.getAddress());
+                    out.success("Active wallet: " + walletName + " (" + wf.getAddress() + ")", json);
+                })
+                .build());
+    }
+
+    private static final String OLD_PASSWORD_ENV = "TRON_OLD_PASSWORD";
+    private static final String NEW_PASSWORD_ENV = "TRON_NEW_PASSWORD";
+
+    private static void registerChangePassword(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("change-password")
+                .aliases("changepassword")
+                .description("Change the password of a wallet keystore"
+                        + " (uses " + OLD_PASSWORD_ENV + " and " + NEW_PASSWORD_ENV + " env vars)")
+                .option("address", "Wallet address (Base58Check)", false)
+                .option("name", "Wallet name", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    String oldPwd = System.getenv(OLD_PASSWORD_ENV);
+                    if (oldPwd == null || oldPwd.isEmpty()) {
+                        out.error("missing_env",
+                                "Set " + OLD_PASSWORD_ENV + " environment variable");
+                        return;
+                    }
+                    String newPwd = System.getenv(NEW_PASSWORD_ENV);
+                    if (newPwd == null || newPwd.isEmpty()) {
+                        out.error("missing_env",
+                                "Set " + NEW_PASSWORD_ENV + " environment variable");
+                        return;
+                    }
+
+                    String walletOverride = ctx.getWalletOverride();
+                    boolean hasAddress = opts.has("address");
+                    boolean hasName = opts.has("name");
+                    if (walletOverride != null && (hasAddress || hasName)) {
+                        out.usageError(
+                                "Provide either global --wallet or command-local --address/--name, not both", null);
+                        return;
+                    }
+                    if (hasAddress && hasName) {
+                        out.usageError(
+                                "Provide either --address or --name, not both", null);
+                        return;
+                    }
+
+                    File targetWalletFile;
+                    try {
+                        targetWalletFile = resolveWalletFileForNonInteractiveCommand(
+                                walletOverride,
+                                hasAddress ? opts.getString("address") : null,
+                                hasName ? opts.getString("name") : null);
+                    } catch (IllegalArgumentException e) {
+                        out.error("ambiguous_name", e.getMessage());
+                        return;
+                    }
+
+                    if (targetWalletFile == null) {
+                        out.error("not_found", "No wallet found to change password");
+                        return;
+                    }
+
+                    boolean result = wrapper.changePassword(
+                            oldPwd.toCharArray(),
+                            newPwd.toCharArray(),
+                            targetWalletFile);
+                    CommandSupport.emitBooleanResult(out, result,
+                            "ChangePassword successful !!",
+                            "ChangePassword failed !!");
+                })
+                .build());
+    }
+
+    private static void registerClearWalletKeystore(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("clear-wallet-keystore")
+                .aliases("clearwalletkeystore")
+                .description("Clear wallet keystore files")
+                .option("force", "Skip interactive confirmation", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+                    boolean force = opts.getBoolean("force");
+                    CommandSupport.requireForce(out, "clear-wallet-keystore", force);
+
+                    File targetWalletFile = ctx.getResolvedAuthWalletFile();
+                    boolean clearActive = shouldClearActiveWalletForDeletedTarget(targetWalletFile);
+                    wrapper.clearWalletKeystoreForCli(force, targetWalletFile);
+                    if (clearActive) {
+                        ActiveWalletConfig.clear();
+                    }
+                    CommandSupport.emitBooleanResult(out, true,
+                            "ClearWalletKeystore successful !!",
+                            "ClearWalletKeystore failed !!");
+                })
+                .build());
+    }
+
+    private static final String RESET_CONFIRM_TOKEN = "delete-all-wallets";
+
+    private static void registerResetWallet(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("reset-wallet")
+                .aliases("resetwallet")
+                .description("Reset wallet to initial state (requires --confirm " + RESET_CONFIRM_TOKEN + ")")
+                .option("confirm", "Confirmation token: " + RESET_CONFIRM_TOKEN, false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    String confirm = opts.has("confirm") ? opts.getString("confirm") : null;
+                    if (confirm == null) {
+                        // Dry-run: list files that would be deleted
+                        List<String> walletFiles = WalletUtils.getStoreFileNames("", "Wallet");
+                        List<String> mnemonicFiles = WalletUtils.getStoreFileNames("", "Mnemonic");
+                        List<String> allFiles = new ArrayList<>(walletFiles);
+                        if (mnemonicFiles != null && !mnemonicFiles.isEmpty()) {
+                            allFiles.addAll(mnemonicFiles);
+                        }
+                        Map<String, Object> json = new LinkedHashMap<String, Object>();
+                        json.put("mode", "dry-run");
+                        json.put("required_confirm", RESET_CONFIRM_TOKEN);
+                        json.put("files", allFiles);
+                        out.success("Dry-run: " + allFiles.size() + " file(s) would be deleted."
+                                + " Re-run with --confirm " + RESET_CONFIRM_TOKEN + " to proceed.", json);
+                        return;
+                    }
+                    if (!RESET_CONFIRM_TOKEN.equals(confirm)) {
+                        out.usageError("reset-wallet --confirm value must be exactly: "
+                                + RESET_CONFIRM_TOKEN, null);
+                        return;
+                    }
+                    wrapper.resetWalletForCli(true);
+                    ActiveWalletConfig.clear();
+                    CommandSupport.emitBooleanResult(out, true,
+                            "ResetWallet successful !!", "ResetWallet failed !!");
+                })
+                .build());
+    }
+
+    private static void registerModifyWalletName(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("modify-wallet-name")
+                .aliases("modifywalletname")
+                .description("Modify wallet display name")
+                .option("name", "New wallet name", true)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    boolean result = wrapper.modifyWalletName(opts.getString("name"));
+                    CommandSupport.emitBooleanResult(out, result,
+                            "ModifyWalletName successful !!",
+                            "ModifyWalletName failed !!");
+                })
+                .build());
+    }
+
+    private static void registerSwitchNetwork(CommandRegistry registry) {
+        registry.add(noAuthCommand()
+                .name("switch-network")
+                .aliases("switchnetwork")
+                .description("Switch to a different network")
+                .option("network", "Network (main/nile/shasta/custom)", true)
+                .option("full-node", "Custom full node endpoint", false)
+                .option("solidity-node", "Custom solidity node endpoint", false)
+                .handler((ctx, opts, wrapper, out) -> {
+                    String network = opts.getString("network");
+                    String fullNode = opts.has("full-node") ? opts.getString("full-node") : null;
+                    String solidityNode = opts.has("solidity-node") ? opts.getString("solidity-node") : null;
+                    wrapper.switchNetworkForCli(network, fullNode, solidityNode);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "SwitchNetwork successful !!",
+                            "SwitchNetwork failed !!");
+                })
+                .build());
+    }
+
+    private static void registerLock(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("lock")
+                .aliases("lock")
+                .description("Lock the wallet")
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    boolean result = wrapper.lock();
+                    CommandSupport.emitBooleanResult(out, result,
+                            "Lock successful !!", "Lock failed !!");
+                })
+                .build());
+    }
+
+    private static void registerUnlock(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("unlock")
+                .aliases("unlock")
+                .description("Unlock the wallet for a duration")
+                .option("duration", "Duration in seconds", true, OptionDef.Type.LONG)
+                .handler((ctx, opts, wrapper, out) -> {
+                    long duration = opts.getLong("duration");
+                    wrapper.unlockOrThrow(duration);
+                    out.successMessage("Unlock successful !!");
+                })
+                .build());
+    }
+
+    private static void registerGenerateSubAccount(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("generate-sub-account")
+                .aliases("generatesubaccount")
+                .description("Generate a sub-account from mnemonic")
+                .handler((ctx, opts, wrapper, out) -> {
+                    wrapper.generateSubAccountOrThrow();
+                    out.successMessage("GenerateSubAccount successful !!");
+                })
+                .build());
+    }
+
+    private static File resolveWalletFileForNonInteractiveCommand(
+            String walletOverride, String address, String name)
+            throws Exception {
+        if (walletOverride != null) {
+            return ActiveWalletConfig.resolveWalletOverrideStrict(walletOverride);
+        }
+        if (address != null) {
+            return ActiveWalletConfig.findWalletFileByAddress(address);
+        }
+        if (name != null) {
+            return ActiveWalletConfig.findWalletFileByName(name);
+        }
+
+        String activeAddress = ActiveWalletConfig.getActiveAddressStrict();
+        if (activeAddress != null) {
+            File activeFile = ActiveWalletConfig.findWalletFileByAddress(activeAddress);
+            if (activeFile != null) {
+                return activeFile;
+            }
+            throw new IllegalStateException(
+                    "Active wallet keystore not found for address: " + activeAddress
+                            + ". Use --address, --name, or set-active-wallet.");
+        }
+        return null;
+    }
+
+    private static boolean shouldClearActiveWalletForDeletedTarget(File targetWalletFile) {
+        if (targetWalletFile == null) {
+            return false;
+        }
+        try {
+            File activeWalletFile = ActiveWalletConfig.resolveActiveWalletFileStrict();
+            if (activeWalletFile == null) {
+                return false;
+            }
+            return activeWalletFile.getCanonicalFile().equals(targetWalletFile.getCanonicalFile());
+        } catch (Exception e) {
+            logger.warn("Could not read active wallet config after wallet deletion: {}", e.getMessage());
+            return false;
+        }
+    }
+}
diff --git a/src/main/java/org/tron/walletcli/cli/commands/WitnessCommands.java b/src/main/java/org/tron/walletcli/cli/commands/WitnessCommands.java
new file mode 100644
index 00000000..9c8b3040
--- /dev/null
+++ b/src/main/java/org/tron/walletcli/cli/commands/WitnessCommands.java
@@ -0,0 +1,134 @@
+package org.tron.walletcli.cli.commands;
+
+import org.tron.common.utils.TransactionUtils;
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OptionDef;
+
+import java.util.HashMap;
+
+public class WitnessCommands {
+
+    public static void register(CommandRegistry registry) {
+        registerCreateWitness(registry);
+        registerUpdateWitness(registry);
+        registerVoteWitness(registry);
+        registerUpdateBrokerage(registry);
+    }
+
+    private static void registerCreateWitness(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("create-witness")
+                .aliases("createwitness")
+                .description("Create a witness (super representative)")
+                .option("url", "Witness URL", true)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    String url = opts.getString("url");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.createWitnessForCli(owner, url, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "CreateWitness successful !!", "CreateWitness failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerUpdateWitness(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("update-witness")
+                .aliases("updatewitness")
+                .description("Update witness URL")
+                .option("url", "New witness URL", true)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    String url = opts.getString("url");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.updateWitnessForCli(owner, url, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "UpdateWitness successful !!", "UpdateWitness failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerVoteWitness(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("vote-witness")
+                .aliases("votewitness")
+                .description("Vote for witnesses (format: address1 count1 address2 count2 ...)")
+                .option("votes", "Votes as 'address1 count1 address2 count2 ...'", true)
+                .option("owner", "Voter address", false)
+                .option("permission-id", "Permission ID for signing (default: 0)", false, OptionDef.Type.LONG)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    String votesStr = opts.getString("votes");
+                    int permissionId = opts.has("permission-id") ? (int) opts.getLong("permission-id") : 0;
+                    String[] parts = votesStr.trim().split("\\s+");
+                    if (parts.length % 2 != 0) {
+                        out.usageError("Votes must be pairs of 'address count'", null);
+                        return;
+                    }
+                    HashMap<String, String> witness = new HashMap<String, String>();
+                    for (int i = 0; i < parts.length; i += 2) {
+                        String countToken = parts[i + 1];
+                        try {
+                            long count = Long.parseLong(countToken);
+                            if (count <= 0) {
+                                out.usageError("Vote count must be a positive integer: " + countToken, null);
+                                return;
+                            }
+                        } catch (NumberFormatException e) {
+                            out.usageError("Vote count must be a positive integer: " + countToken, null);
+                            return;
+                        }
+                        witness.put(parts[i], countToken);
+                    }
+                    boolean multi = opts.getBoolean("multi");
+                    TransactionUtils.setPermissionIdOverride(permissionId);
+                    boolean result;
+                    try {
+                        result = wrapper.voteWitness(owner, witness, multi);
+                    } finally {
+                        TransactionUtils.clearPermissionIdOverride();
+                    }
+                    CommandSupport.emitBooleanResult(out, result,
+                            "VoteWitness successful !!", "VoteWitness failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+
+    private static void registerUpdateBrokerage(CommandRegistry registry) {
+        registry.add(CommandDefinition.builder()
+                .authPolicy(CommandDefinition.AuthPolicy.REQUIRE)
+                .name("update-brokerage")
+                .aliases("updatebrokerage")
+                .description("Update witness brokerage ratio")
+                .option("brokerage", "Brokerage ratio (0-100)", true, OptionDef.Type.LONG)
+                .option("owner", "Owner address", false)
+                .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+                .handler((ctx, opts, wrapper, out) -> {
+
+                    byte[] owner = opts.has("owner") ? opts.getAddress("owner") : null;
+                    int brokerage = (int) opts.getLong("brokerage");
+                    boolean multi = opts.getBoolean("multi");
+                    wrapper.updateBrokerageForCli(owner, brokerage, multi);
+                    CommandSupport.emitBooleanResult(out, true,
+                            "UpdateBrokerage successful !!", "UpdateBrokerage failed !!",
+                            CommandSupport.lastBroadcastTxResultData());
+                })
+                .build());
+    }
+}
diff --git a/src/main/java/org/tron/walletserver/ApiClient.java b/src/main/java/org/tron/walletserver/ApiClient.java
index f4a24287..671dd527 100644
--- a/src/main/java/org/tron/walletserver/ApiClient.java
+++ b/src/main/java/org/tron/walletserver/ApiClient.java
@@ -113,6 +113,15 @@ public boolean broadcastTransaction(Chain.Transaction signaturedTransaction) {//
     return true;
   }
 
+  public String broadcastTransactionForCli(Chain.Transaction signaturedTransaction) {
+    try {
+      client.broadcastTransaction(signaturedTransaction);
+      return null;
+    } catch (RuntimeException e) {
+      return e.getMessage();
+    }
+  }
+
   public Response.TransactionSignWeight getTransactionSignWeight(Chain.Transaction transaction) {// pass
     return client.getTransactionSignWeight(transaction);
   }
diff --git a/src/main/java/org/tron/walletserver/WalletApi.java b/src/main/java/org/tron/walletserver/WalletApi.java
index addc7e7f..edcb49af 100644
--- a/src/main/java/org/tron/walletserver/WalletApi.java
+++ b/src/main/java/org/tron/walletserver/WalletApi.java
@@ -87,6 +87,7 @@
 import org.tron.common.utils.Base58;
 import org.tron.common.utils.ByteArray;
 import org.tron.common.utils.DecodeUtil;
+import org.tron.common.utils.FilePermissionUtils;
 import org.tron.common.utils.MultiTxWebSocketClient;
 import org.tron.common.utils.TransactionUtils;
 import org.tron.common.utils.Utils;
@@ -152,6 +153,8 @@
 
 @Slf4j
 public class WalletApi {
+  private static final ThreadLocal<String> LAST_BROADCAST_TX_ID = new ThreadLocal<String>();
+  private static final ThreadLocal<String> LAST_CLI_OPERATION_ERROR = new ThreadLocal<String>();
   public static final long TRX_PRECISION = 1000_000L;
   private static final String FilePath = "Wallet";
   private static final String MnemonicFilePath = "Mnemonic";
@@ -240,14 +243,12 @@ public static ApiClient initApiCli() {
     if (isEmpty(fullNode) && isEmpty(solidityNode)) {
       fullNode = MAIN.getGrpc().getFullNode();
       solidityNode = MAIN.getGrpc().getSolidityNode();
-      System.out.println("Detected that both the " + greenBoldHighlight("fullnode.ip.list") + " and " + greenBoldHighlight("soliditynode.ip.list") + " configured in the config.conf are empty, and the default " + blueBoldHighlight("MAIN") + " network connection will be used.");
     }
     boolean isFullnodeEmpty = false;
     boolean isSoliditynodeEmpty = false;
     if (isEmpty(fullNode) && !isEmpty(solidityNode)) {
       fullNode = solidityNode;
       isFullnodeEmpty = true;
-      System.out.println(yellowBoldHighlight("If only soliditynode.ip.list is configured, transactions and other operations will not be available."));
     } else if (!isEmpty(fullNode) && isEmpty(solidityNode)) {
       solidityNode = fullNode;
       isSoliditynodeEmpty = true;
@@ -259,11 +260,9 @@ public static ApiClient initApiCli() {
     }
     if (config.hasPath("crypto.engine")) {
       isEckey = config.getString("crypto.engine").equalsIgnoreCase("eckey");
-      System.out.println("WalletApi getConfig isEckey: " + isEckey);
     }
     if (config.hasPath("lockAccount")) {
       lockAccount = config.getBoolean("lockAccount");
-      System.out.println("WalletApi lockAccount : " + lockAccount);
     }
     if (StringUtils.isNotEmpty(fullNode) || StringUtils.isNotEmpty(solidityNode)) {
       if (fullNode.equals(NILE.getGrpc().getFullNode()) && solidityNode.equals(NILE.getGrpc().getSolidityNode())) {
@@ -276,7 +275,10 @@ public static ApiClient initApiCli() {
         currentNetwork = CUSTOM;
       }
     } else {
-      System.out.println("The config.conf configuration is invalid. " + greenBoldHighlight("fullnode.ip.lit") + " and " + greenBoldHighlight("fullnode.ip.lit") + " cannot both be empty at the same time.");
+      throw new IllegalStateException("The config.conf configuration is invalid. "
+          + greenBoldHighlight("fullnode.ip.lit") + " and "
+          + greenBoldHighlight("fullnode.ip.lit")
+          + " cannot both be empty at the same time.");
     }
     WalletApi.setCustomNodes(Pair.of(Pair.of(fullNode, isFullnodeEmpty), Pair.of(solidityNode, isSoliditynodeEmpty)));
     return new ApiClient(fullNode, solidityNode, isFullnodeEmpty, isSoliditynodeEmpty);
@@ -391,10 +393,16 @@ public boolean isLoginState() {
   public void logout() {
     loginState = false;
     walletFile.clear();
-    this.walletFile = null;
     setLedgerUser(false);
     setCredentials(null);
+    if (unifiedPassword != null) {
+      Arrays.fill(unifiedPassword, (byte) 0);
+    }
     setUnifiedPassword(null);
+    if (pwdForDeploy != null) {
+      Arrays.fill(pwdForDeploy, (byte) 0);
+    }
+    pwdForDeploy = null;
   }
 
   public void setLogin(LineReader lineReader) {
@@ -430,7 +438,7 @@ public void setLogin(LineReader lineReader) {
   }
 
   public boolean checkPassword(byte[] passwd) throws CipherException {
-    return Wallet.validPassword(passwd, this.walletFile.get(0));
+    return Wallet.validPassword(passwd, requireLoadedWalletFile());
   }
 
   /**
@@ -446,6 +454,13 @@ public WalletApi(WalletFile walletFile) {
   }
 
   public WalletFile getWalletFile() {
+    return requireLoadedWalletFile();
+  }
+
+  private WalletFile requireLoadedWalletFile() {
+    if (walletFile == null || walletFile.isEmpty() || walletFile.get(0) == null) {
+      throw new IllegalStateException("Wallet not loaded.");
+    }
     return walletFile.get(0);
   }
 
@@ -515,6 +530,7 @@ public static String store2Keystore(WalletFile walletFile) throws IOException {
         }
       }
     }
+    FilePermissionUtils.setOwnerOnlyDirectory(file.toPath());
     return WalletUtils.generateWalletFile(walletFile, file);
   }
 
@@ -539,6 +555,7 @@ public static String store2KeystoreLedger(WalletFile walletFile) throws IOExcept
         }
       }
     }
+    FilePermissionUtils.setOwnerOnlyDirectory(file.toPath());
     return WalletUtils.generateLegerWalletFile(walletFile, file);
   }
 
@@ -600,7 +617,7 @@ public static File selcetWalletFile() throws IOException {
       return null;
     }
 
-    File[] wallets = file.listFiles();
+    File[] wallets = file.listFiles((dir, name) -> !name.equals(".active-wallet"));
     if (ArrayUtils.isEmpty(wallets)) {
       return null;
     }
@@ -659,7 +676,7 @@ public static File[] getAllWalletFile() {
       return new File[0];
     }
 
-    File[] wallets = file.listFiles();
+    File[] wallets = file.listFiles((dir, name) -> !name.equals(".active-wallet"));
     if (ArrayUtils.isEmpty(wallets)) {
       return new File[0];
     }
@@ -741,6 +758,15 @@ public static boolean changeKeystorePassword(byte[] oldPassword, byte[] newPasso
       throw new IOException(
           "No keystore file found, please use " + greenBoldHighlight("RegisterWallet") + " or " + greenBoldHighlight("ImportWallet") + " first!");
     }
+    return changeKeystorePassword(oldPassword, newPassowrd, wallet);
+  }
+
+  public static boolean changeKeystorePassword(byte[] oldPassword, byte[] newPassowrd, File wallet)
+      throws IOException, CipherException {
+    if (wallet == null) {
+      throw new IOException(
+          "No keystore file found, please use " + greenBoldHighlight("RegisterWallet") + " or " + greenBoldHighlight("ImportWallet") + " first!");
+    }
     Credentials credentials = WalletUtils.loadCredentials(oldPassword, wallet);
     WalletUtils.updateWalletFile(newPassowrd, credentials.getPair(), wallet, true);
 
@@ -806,6 +832,25 @@ private boolean confirm() {
     }
   }
 
+  private WalletFile resolveSigningWalletFile() throws IOException {
+    if (isUnifiedExist()) {
+      return getWalletFile();
+    }
+    System.out.println("Please choose your key for sign.");
+    return selectWalletFileE();
+  }
+
+  private byte[] resolveSigningPassword(WalletFile wf) throws IOException {
+    if (isUnifiedExist()) {
+      return getUnifiedPassword();
+    }
+    if (lockAccount && Arrays.equals(decodeFromBase58Check(wf.getAddress()), getAddress())) {
+      return getUnifiedPassword();
+    }
+    System.out.println("Please input your password.");
+    return char2Byte(inputPassword(false));
+  }
+
   public boolean isUnifiedExist() {
     return isLoginState() && ArrayUtils.isNotEmpty(getUnifiedPassword());
   }
@@ -814,16 +859,9 @@ public Chain.Transaction signTransaction(Chain.Transaction transaction) throws I
     if (!isUnlocked()) {
       throw new IllegalStateException(LOCK_WARNING);
     }
-    System.out.println("Please choose your key for sign.");
-    WalletFile wf = selectWalletFileE();
+    WalletFile wf = resolveSigningWalletFile();
     boolean isLedgerFile = wf.getName().contains("Ledger");
-    byte[] passwd;
-    if (lockAccount && isUnifiedExist() && Arrays.equals(decodeFromBase58Check(wf.getAddress()), getAddress())) {
-      passwd = getUnifiedPassword();
-    } else {
-      System.out.println("Please input your password.");
-      passwd = char2Byte(inputPassword(false));
-    }
+    byte[] passwd = resolveSigningPassword(wf);
     String ledgerPath = getLedgerPath(passwd, wf);
     if (isLedgerFile) {
       boolean result = LedgerSignUtil.requestLedgerSignLogic(transaction, ledgerPath, wf.getAddress(), false);
@@ -877,16 +915,9 @@ private Chain.Transaction signTransaction(Chain.Transaction transaction, boolean
         + "default 0, other non-numeric characters will cancel transaction.";
     transaction = TransactionUtils.setPermissionId(transaction, tipsString);
     while (true) {
-      System.out.println("Please choose your key for sign.");
-      WalletFile wf = selectWalletFileE();
+      WalletFile wf = resolveSigningWalletFile();
       boolean isLedgerFile = wf.getName().contains("Ledger");
-      byte[] passwd;
-      if (lockAccount && isUnifiedExist() && Arrays.equals(decodeFromBase58Check(wf.getAddress()), getAddress())) {
-        passwd = getUnifiedPassword();
-      } else {
-        System.out.println("Please input your password.");
-        passwd = char2Byte(inputPassword(false));
-      }
+      byte[] passwd = resolveSigningPassword(wf);
       String ledgerPath = getLedgerPath(passwd, wf);
       if (isLedgerFile) {
         boolean result = LedgerSignUtil.requestLedgerSignLogic(transaction, ledgerPath, wf.getAddress(), false);
@@ -954,8 +985,68 @@ private Chain.Transaction signTransaction(Chain.Transaction transaction, boolean
     return transaction;
   }
 
+  private Chain.Transaction signTransactionForCli(Chain.Transaction transaction, boolean multi)
+      throws CipherException, IOException, CancelException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (transaction.getRawData().getTimestamp() == 0) {
+      transaction = TransactionUtils.setTimestamp(transaction);
+    }
+    transaction = TransactionUtils.setExpirationTime(transaction, multi);
+    transaction = TransactionUtils.setPermissionId(transaction, null);
+    while (true) {
+      WalletFile wf = resolveSigningWalletFile();
+      boolean isLedgerFile = wf.getName().contains("Ledger");
+      byte[] passwd = resolveSigningPassword(wf);
+      String ledgerPath = getLedgerPath(passwd, wf);
+      if (isLedgerFile) {
+        boolean result = LedgerSignUtil.requestLedgerSignLogic(transaction, ledgerPath, wf.getAddress(), false);
+        if (!result) {
+          return null;
+        }
+        transaction = TransactionSignManager.getInstance().getTransaction();
+        Response.TransactionSignWeight weight = getTransactionSignWeight(transaction);
+        if (weight.getResult().getCode() == Response.TransactionSignWeight.Result.response_code.ENOUGH_PERMISSION) {
+          TransactionSignManager.getInstance().setTransaction(null);
+          return transaction;
+        }
+        HidDevice hidDevice = HidServicesWrapper.getInstance().getHidDevice(wf.getAddress(), getPath());
+        if (hidDevice == null) {
+          TransactionSignManager.getInstance().setTransaction(null);
+          return null;
+        }
+        Optional<String> state = LedgerSignResult.getLastTransactionState(hidDevice.getPath());
+        boolean confirmed = state.isPresent() && LedgerSignResult.SIGN_RESULT_SUCCESS.equals(state.get());
+        if (weight.getResult().getCode() == Response.TransactionSignWeight.Result.response_code.NOT_ENOUGH_PERMISSION
+            && confirmed && multi) {
+          TransactionSignManager.getInstance().setTransaction(null);
+          return transaction;
+        }
+        TransactionSignManager.getInstance().setTransaction(null);
+        throw new CancelException(weight.getResult().getMessage());
+      }
+      if (isEckey) {
+        transaction = TransactionUtils.sign(transaction, this.getEcKey(wf, passwd));
+      } else {
+        transaction = TransactionUtils.sign(transaction, this.getSM2(wf, passwd));
+      }
+      Response.TransactionSignWeight weight = getTransactionSignWeight(transaction);
+      if (weight.getResult().getCode() == Response.TransactionSignWeight.Result.response_code.ENOUGH_PERMISSION) {
+        break;
+      }
+      if (weight.getResult().getCode() == Response.TransactionSignWeight.Result.response_code.NOT_ENOUGH_PERMISSION
+          && multi) {
+        return transaction;
+      }
+      throw new CancelException(weight.getResult().getMessage());
+    }
+    return transaction;
+  }
+
   private boolean processTransactionExtention(Response.TransactionExtention transactionExtention, boolean multi)
       throws IOException, CipherException, CancelException {
+    LAST_BROADCAST_TX_ID.remove();
     if (transactionExtention == null) {
       return false;
     }
@@ -994,6 +1085,103 @@ private boolean processTransactionExtention(Response.TransactionExtention transa
     if (success) {
       TxHistoryManager txHistoryManager = new TxHistoryManager(encode58Check(getAddress()));
       String id = ByteArray.toHexString(Sha256Sm3Hash.hash(transaction.getRawData().toByteArray()));
+      LAST_BROADCAST_TX_ID.set(id);
+      Tx tx = getTx(transaction);
+      tx.setId(id);
+      tx.setTimestamp(LocalDateTime.now());
+      tx.setStatus("success");
+      if (getCurrentNetwork() == CUSTOM && getCustomNodes() != null) {
+        tx.setFullNodeEndpoint(getCustomNodes().getLeft().getLeft());
+      }
+      txHistoryManager.addTransaction(getCurrentNetwork(), tx);
+    }
+    return success;
+  }
+
+  private boolean processTransactionExtentionForCli(
+      Response.TransactionExtention transactionExtention, boolean multi)
+      throws IOException, CipherException, CancelException {
+    LAST_BROADCAST_TX_ID.remove();
+    clearLastCliOperationError();
+    if (transactionExtention == null) {
+      return false;
+    }
+    Response.TransactionReturn ret = transactionExtention.getResult();
+    if (!ret.getResult()) {
+      recordLastCliOperationError(extractTransactionReturnMessage(ret));
+      return false;
+    }
+    Chain.Transaction transaction = transactionExtention.getTransaction();
+    if (transaction.getRawData().getContractCount() == 0) {
+      return false;
+    }
+    if (transaction.getRawData().getContract(0).getType()
+        == Chain.Transaction.Contract.ContractType.ShieldedTransferContract) {
+      return false;
+    }
+    Chain.Transaction.Contract.ContractType type = transaction.getRawData().getContract(0).getType();
+    if (multi && !CONTRACT_TYPE_SET.contains(type)) {
+      return false;
+    }
+    transaction = signTransactionForCli(transaction, multi);
+    if (transaction == null) {
+      return false;
+    }
+    if (multi) {
+      return isMultiSignSuccess(transaction);
+    }
+    String broadcastError = apiCli.broadcastTransactionForCli(transaction);
+    boolean success = broadcastError == null;
+    if (!success) {
+      recordLastCliOperationError(broadcastError);
+    }
+    if (success) {
+      TxHistoryManager txHistoryManager = new TxHistoryManager(encode58Check(getAddress()));
+      String id = ByteArray.toHexString(Sha256Sm3Hash.hash(transaction.getRawData().toByteArray()));
+      LAST_BROADCAST_TX_ID.set(id);
+      Tx tx = getTx(transaction);
+      tx.setId(id);
+      tx.setTimestamp(LocalDateTime.now());
+      tx.setStatus("success");
+      if (getCurrentNetwork() == CUSTOM && getCustomNodes() != null) {
+        tx.setFullNodeEndpoint(getCustomNodes().getLeft().getLeft());
+      }
+      txHistoryManager.addTransaction(getCurrentNetwork(), tx);
+    }
+    return success;
+  }
+
+  private boolean processTransactionForCli(Chain.Transaction transaction, boolean multi)
+      throws IOException, CipherException, CancelException {
+    LAST_BROADCAST_TX_ID.remove();
+    clearLastCliOperationError();
+    if (transaction == null || transaction.getRawData().getContractCount() == 0) {
+      return false;
+    }
+    if (transaction.getRawData().getContract(0).getType()
+        == Chain.Transaction.Contract.ContractType.ShieldedTransferContract) {
+      return false;
+    }
+    Chain.Transaction.Contract.ContractType type = transaction.getRawData().getContract(0).getType();
+    if (multi && !CONTRACT_TYPE_SET.contains(type)) {
+      return false;
+    }
+    transaction = signTransactionForCli(transaction, multi);
+    if (transaction == null) {
+      return false;
+    }
+    if (multi) {
+      return isMultiSignSuccess(transaction);
+    }
+    String broadcastError = apiCli.broadcastTransactionForCli(transaction);
+    boolean success = broadcastError == null;
+    if (!success) {
+      recordLastCliOperationError(broadcastError);
+    }
+    if (success) {
+      TxHistoryManager txHistoryManager = new TxHistoryManager(encode58Check(getAddress()));
+      String id = ByteArray.toHexString(Sha256Sm3Hash.hash(transaction.getRawData().toByteArray()));
+      LAST_BROADCAST_TX_ID.set(id);
       Tx tx = getTx(transaction);
       tx.setId(id);
       tx.setTimestamp(LocalDateTime.now());
@@ -1025,6 +1213,7 @@ private void showTransactionAfterSign(Chain.Transaction transaction)
 
   private boolean processTransaction(Chain.Transaction transaction)
       throws IOException, CipherException, CancelException {
+    LAST_BROADCAST_TX_ID.remove();
     if (transaction == null || transaction.getRawData().getContractCount() == 0) {
       return false;
     }
@@ -1043,6 +1232,7 @@ private boolean processTransaction(Chain.Transaction transaction)
     if (success) {
       TxHistoryManager txHistoryManager = new TxHistoryManager(encode58Check(getAddress()));
       String id = ByteArray.toHexString(Sha256Sm3Hash.hash(transaction.getRawData().toByteArray()));
+      LAST_BROADCAST_TX_ID.set(id);
       Tx tx = getTx(transaction);
       tx.setId(id);
       tx.setTimestamp(LocalDateTime.now());
@@ -1055,6 +1245,16 @@ private boolean processTransaction(Chain.Transaction transaction)
     return success;
   }
 
+  public static String getLastBroadcastTxId() {
+    return LAST_BROADCAST_TX_ID.get();
+  }
+
+  public static String consumeLastBroadcastTxId() {
+    String txid = LAST_BROADCAST_TX_ID.get();
+    LAST_BROADCAST_TX_ID.remove();
+    return txid;
+  }
+
   public static TransactionSignWeight getTransactionSignWeight(Transaction transaction)
       throws InvalidProtocolBufferException {
     return TransactionSignWeight.parseFrom(
@@ -1120,6 +1320,14 @@ private boolean isControlled(byte[] owner) {
     }
   }
 
+  private boolean isControlledForCli(byte[] owner) {
+    List<AuthInfo> authInfoList = multiSignService.queryMultiAuth(encode58Check(getAddress()));
+    List<String> ownerAddressList = authInfoList.stream()
+        .map(AuthInfo::getOwnerAddress)
+        .collect(Collectors.toList());
+    return ownerAddressList.contains(encode58Check(owner));
+  }
+
   private boolean isMultiSignSuccess(Chain.Transaction transaction) throws IOException {
     String printTransaction = Utils.printTransaction(transaction);
     JSONObject transactionJO = JSON.parseObject(printTransaction);
@@ -1151,6 +1359,18 @@ public boolean updateAccount(byte[] owner, byte[] accountNameBytes, boolean mult
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean updateAccountForCli(byte[] owner, byte[] accountNameBytes, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+    Response.TransactionExtention transactionExtention = apiCli.updateAccount(owner, accountNameBytes);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean setAccountId(byte[] owner, byte[] accountIdBytes)
       throws CipherException, IOException, CancelException, IllegalException {
     if (!isUnlocked()) {
@@ -1168,6 +1388,19 @@ public boolean setAccountId(byte[] owner, byte[] accountIdBytes)
     return processTransaction(transaction);
   }
 
+  public boolean setAccountIdForCli(byte[] owner, byte[] accountIdBytes)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Chain.Transaction transaction = apiCli.setAccountId(accountIdBytes, owner);
+    return processTransactionForCli(transaction, false);
+  }
+
   public boolean updateAsset(
       byte[] owner, byte[] description, byte[] url, long newLimit, long newPublicLimit, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1182,6 +1415,20 @@ public boolean updateAsset(
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean updateAssetForCli(
+      byte[] owner, byte[] description, byte[] url, long newLimit, long newPublicLimit,
+      boolean multi) throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+    Response.TransactionExtention transactionExtention =
+        apiCli.updateAsset(owner, description, url, newLimit, newPublicLimit);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean transferAsset(byte[] owner, byte[] to, byte[] assertName, long amount, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (!isUnlocked()) {
@@ -1194,6 +1441,64 @@ public boolean transferAsset(byte[] owner, byte[] to, byte[] assertName, long am
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean sendCoinForCli(byte[] owner, byte[] to, long amount, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    clearLastCliOperationError();
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+    if (multi) {
+      if (!DecodeUtil.addressValid(owner) || !DecodeUtil.addressValid(to)) {
+        recordLastCliOperationError("Invalid owner or recipient address");
+        return false;
+      }
+      if (Arrays.equals(to, owner)) {
+        recordLastCliOperationError("Cannot send to self");
+        return false;
+      }
+      if (amount <= 0) {
+        recordLastCliOperationError("Amount must be positive");
+        return false;
+      }
+      Response.Account account = queryAccount(owner);
+      if (account == null) {
+        recordLastCliOperationError("Failed to query account.");
+        return false;
+      }
+      long balance = account.getBalance();
+      if (balance < amount) {
+        recordLastCliOperationError("Insufficient balance: " + balance + " < " + amount);
+        return false;
+      }
+      if (balance - amount < 200_0000L) {
+        recordLastCliOperationError("Remaining balance would be below minimum (2 TRX)");
+        return false;
+      }
+      if (!isControlledForCli(owner)) {
+        recordLastCliOperationError("Owner address is not controlled by this wallet");
+        return false;
+      }
+    }
+    Response.TransactionExtention transactionExtention = apiCli.transfer(owner, to, amount);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
+  public boolean transferAssetForCli(byte[] owner, byte[] to, byte[] assertName, long amount,
+      boolean multi) throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+    Response.TransactionExtention transactionExtention =
+        apiCli.transferTrc10(owner, to, assertName, amount);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean participateAssetIssue(byte[] owner, byte[] to, byte[] assertName, long amount, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (!isUnlocked()) {
@@ -1207,18 +1512,69 @@ public boolean participateAssetIssue(byte[] owner, byte[] to, byte[] assertName,
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean participateAssetIssueForCli(byte[] owner, byte[] to, byte[] assertName, long amount,
+      boolean multi) throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+    Response.TransactionExtention transactionExtention =
+        apiCli.participateAssetIssueTransaction(owner, to, assertName, amount);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public static boolean broadcastTransaction(byte[] transactionBytes)
       throws InvalidProtocolBufferException {
     Chain.Transaction transaction = Chain.Transaction.parseFrom(transactionBytes);
-    return apiCli.broadcastTransaction(transaction);
+    return broadcastTransaction(transaction);
   }
 
   public static boolean broadcastTransaction(Transaction transaction) throws InvalidProtocolBufferException {
-    return apiCli.broadcastTransaction(Chain.Transaction.parseFrom(transaction.toByteArray()));
+    return broadcastTransaction(Chain.Transaction.parseFrom(transaction.toByteArray()));
   }
 
   public static boolean broadcastTransaction(Chain.Transaction transaction) {
-    return apiCli.broadcastTransaction(transaction);
+    LAST_BROADCAST_TX_ID.remove();
+    boolean success = apiCli.broadcastTransaction(transaction);
+    if (success) {
+      LAST_BROADCAST_TX_ID.set(ByteArray.toHexString(
+          Sha256Sm3Hash.hash(transaction.getRawData().toByteArray())));
+    }
+    return success;
+  }
+
+  public static String consumeLastCliOperationError() {
+    String error = LAST_CLI_OPERATION_ERROR.get();
+    LAST_CLI_OPERATION_ERROR.remove();
+    return error;
+  }
+
+  private static void clearLastCliOperationError() {
+    LAST_CLI_OPERATION_ERROR.remove();
+  }
+
+  private static void recordLastCliOperationError(String error) {
+    if (StringUtils.isBlank(error)) {
+      LAST_CLI_OPERATION_ERROR.remove();
+      return;
+    }
+    LAST_CLI_OPERATION_ERROR.set(error);
+  }
+
+  private static String extractTransactionReturnMessage(Response.TransactionReturn ret) {
+    if (ret == null) {
+      return null;
+    }
+    String message = ret.getMessage().toStringUtf8();
+    if (StringUtils.isNotBlank(message)) {
+      if (ret.getCode() == null) {
+        return message;
+      }
+      return ret.getCode() + ", " + message;
+    }
+    return ret.getCode() == null ? null : ret.getCode().name();
   }
 
   public boolean createAssetIssue(byte[] ownerAddress, String name, String abbrName,
@@ -1260,7 +1616,7 @@ public boolean createWitness(byte[] owner, byte[] url, boolean multi)
     return processTransactionExtention(transactionExtention, multi);
   }
 
-  public boolean updateWitness(byte[] owner, byte[] url, boolean multi)
+  public boolean createWitnessForCli(byte[] owner, byte[] url, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (!isUnlocked()) {
       throw new IllegalStateException(LOCK_WARNING);
@@ -1268,8 +1624,32 @@ public boolean updateWitness(byte[] owner, byte[] url, boolean multi)
     if (owner == null) {
       owner = getAddress();
     }
-    Response.TransactionExtention transactionExtention = apiCli.updateWitness(owner, url);
-    return processTransactionExtention(transactionExtention, multi);
+    Response.TransactionExtention transactionExtention = apiCli.createWitness(owner, url);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
+  public boolean updateWitness(byte[] owner, byte[] url, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+    Response.TransactionExtention transactionExtention = apiCli.updateWitness(owner, url);
+    return processTransactionExtention(transactionExtention, multi);
+  }
+
+  public boolean updateWitnessForCli(byte[] owner, byte[] url, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+    Response.TransactionExtention transactionExtention = apiCli.updateWitness(owner, url);
+    return processTransactionExtentionForCli(transactionExtention, multi);
   }
 
   public static Chain.Block getBlock(long blockNum) throws IllegalException {
@@ -1690,6 +2070,24 @@ public boolean freezeBalance(
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean freezeBalanceForCli(
+      byte[] ownerAddress,
+      long frozenBalance,
+      long frozenDuration,
+      int resourceCode,
+      byte[] receiverAddress, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (ownerAddress == null) {
+      ownerAddress = getAddress();
+    }
+    Response.TransactionExtention transactionExtention =
+        apiCli.freezeBalance(ownerAddress, frozenBalance, (int) frozenDuration, resourceCode, receiverAddress);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean freezeBalanceV2(
       byte[] ownerAddress,
       long frozenBalance,
@@ -1723,6 +2121,45 @@ public boolean freezeBalanceV2(
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean freezeBalanceV2ForCli(
+      byte[] ownerAddress,
+      long frozenBalance,
+      int resourceCode, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (ownerAddress == null) {
+      ownerAddress = getAddress();
+    }
+    if (multi) {
+      if (!DecodeUtil.addressValid(ownerAddress)) {
+        recordLastCliOperationError("Invalid ownerAddress!");
+        return false;
+      }
+      if (frozenBalance < TRX_PRECISION) {
+        recordLastCliOperationError("frozenBalance must be greater than or equal to 1 TRX");
+        return false;
+      }
+      Response.Account account = queryAccount(ownerAddress);
+      if (account == null) {
+        recordLastCliOperationError("Account not found: " + WalletApi.encode58Check(ownerAddress));
+        return false;
+      }
+      if (frozenBalance > account.getBalance()) {
+        recordLastCliOperationError("frozenBalance must be less than or equal to accountBalance");
+        return false;
+      }
+      if (!isControlledForCli(ownerAddress)) {
+        recordLastCliOperationError("Owner address is not controlled by this wallet");
+        return false;
+      }
+    }
+    Response.TransactionExtention transactionExtention =
+        apiCli.freezeBalanceV2(ownerAddress, frozenBalance, resourceCode);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean unfreezeBalance(byte[] ownerAddress, int resourceCode, byte[] receiverAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (!isUnlocked()) {
@@ -1735,6 +2172,20 @@ public boolean unfreezeBalance(byte[] ownerAddress, int resourceCode, byte[] rec
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean unfreezeBalanceForCli(
+      byte[] ownerAddress, int resourceCode, byte[] receiverAddress, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (ownerAddress == null) {
+      ownerAddress = getAddress();
+    }
+    Response.TransactionExtention transactionExtention =
+        apiCli.unfreezeBalance(ownerAddress, resourceCode, receiverAddress);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean unfreezeBalanceV2(byte[] ownerAddress, long unfreezeBalance
       , int resourceCode, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1771,6 +2222,43 @@ public boolean unfreezeBalanceV2(byte[] ownerAddress, long unfreezeBalance
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean unfreezeBalanceV2ForCli(byte[] ownerAddress, long unfreezeBalance,
+      int resourceCode, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (ownerAddress == null) {
+      ownerAddress = getAddress();
+    }
+    if (multi) {
+      if (!DecodeUtil.addressValid(ownerAddress)) {
+        recordLastCliOperationError("Invalid ownerAddress!");
+        return false;
+      }
+      Response.Account account = queryAccount(ownerAddress);
+      long frozenAmount = account.getFrozenV2List().stream()
+          .filter(f -> f.getType().getNumber() == resourceCode)
+          .mapToLong(Response.Account.FreezeV2::getAmount)
+          .findFirst()
+          .orElse(0L);
+      if (frozenAmount <= 0) {
+        recordLastCliOperationError("No amount can be unfrozen.");
+        return false;
+      }
+      if (unfreezeBalance > frozenAmount) {
+        recordLastCliOperationError("Exceeds the current maximum unfreeze amount");
+        return false;
+      }
+      if (!isControlled(ownerAddress)) {
+        return false;
+      }
+    }
+    Response.TransactionExtention transactionExtention =
+        apiCli.unfreezeBalanceV2(ownerAddress, unfreezeBalance, resourceCode);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean withdrawExpireUnfreeze(byte[] ownerAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
     if (!isUnlocked()) {
@@ -1797,6 +2285,18 @@ public boolean withdrawExpireUnfreeze(byte[] ownerAddress, boolean multi)
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean withdrawExpireUnfreezeForCli(byte[] ownerAddress, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (ownerAddress == null) {
+      ownerAddress = getAddress();
+    }
+    Response.TransactionExtention transactionExtention = apiCli.withdrawExpireUnfreeze(ownerAddress);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean delegateResource(byte[] ownerAddress, long balance
       , int resourceCode, byte[] receiverAddress, boolean lock, long lockPeriod, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1848,6 +2348,20 @@ public boolean delegateResource(byte[] ownerAddress, long balance
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean delegateResourceForCli(byte[] ownerAddress, long balance
+      , int resourceCode, byte[] receiverAddress, boolean lock, long lockPeriod, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (ownerAddress == null) {
+      ownerAddress = getAddress();
+    }
+    Response.TransactionExtention transactionExtention =
+        apiCli.delegateResource(ownerAddress, balance, resourceCode, receiverAddress, lock, lockPeriod);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean unDelegateResource(byte[] ownerAddress, long balance
       , int resourceCode, byte[] receiverAddress, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
@@ -1923,6 +2437,20 @@ public boolean unDelegateResource(byte[] ownerAddress, long balance
     Response.TransactionExtention transactionExtention = apiCli.unDelegateResource(ownerAddress, balance, resourceCode, receiverAddress);
     return processTransactionExtention(transactionExtention, multi);
   }
+
+  public boolean unDelegateResourceForCli(byte[] ownerAddress, long balance
+      , int resourceCode, byte[] receiverAddress, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (ownerAddress == null) {
+      ownerAddress = getAddress();
+    }
+    Response.TransactionExtention transactionExtention =
+        apiCli.unDelegateResource(ownerAddress, balance, resourceCode, receiverAddress);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
   private boolean emptyResource(Response.DelegatedResource resource) {
     return Objects.isNull(resource) || (resource.getExpireTimeForBandwidth() == 0
         && resource.getExpireTimeForEnergy() == 0
@@ -1951,6 +2479,18 @@ public boolean cancelAllUnfreezeV2(byte[] ownerAddress, boolean multi)
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean cancelAllUnfreezeV2ForCli(byte[] ownerAddress, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (ownerAddress == null) {
+      ownerAddress = getAddress();
+    }
+    Response.TransactionExtention transactionExtention = apiCli.cancelAllUnfreezeV2(ownerAddress);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   private UnfreezeBalanceContract createUnfreezeBalanceContract(
       byte[] address, int resourceCode, byte[] receiverAddress) {
     if (address == null) {
@@ -2057,6 +2597,18 @@ public boolean unfreezeAsset(byte[] ownerAddress, boolean multi)
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean unfreezeAssetForCli(byte[] ownerAddress, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (ownerAddress == null) {
+      ownerAddress = getAddress();
+    }
+    Response.TransactionExtention transactionExtention = apiCli.unfreezeAsset(ownerAddress);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   private UnfreezeAssetContract createUnfreezeAssetContract(byte[] address) {
     if (address == null) {
       address = getAddress();
@@ -2096,6 +2648,18 @@ public boolean withdrawBalance(byte[] ownerAddress, boolean multi)
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean withdrawBalanceForCli(byte[] ownerAddress, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (ownerAddress == null) {
+      ownerAddress = getAddress();
+    }
+    Response.TransactionExtention transactionExtention = apiCli.withdrawBalance(ownerAddress);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   private WithdrawBalanceContract createWithdrawBalanceContract(byte[] address) {
     if (address == null) {
       address = getAddress();
@@ -2136,6 +2700,9 @@ public static Response.BlockListExtention getBlockByLatestNum2(long num) throws
 
   public boolean createProposal(byte[] owner, HashMap<Long, Long> parametersMap, boolean multi)
       throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
     if (owner == null) {
       owner = getAddress();
     }
@@ -2144,6 +2711,19 @@ public boolean createProposal(byte[] owner, HashMap<Long, Long> parametersMap, b
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean createProposalForCli(byte[] owner, HashMap<Long, Long> parametersMap, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.proposalCreate(owner, parametersMap);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public static Response.ProposalList listProposals() {
     return apiCli.listProposals();
   }
@@ -2219,6 +2799,20 @@ public boolean approveProposal(byte[] owner, long id,
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean approveProposalForCli(byte[] owner, long id,
+                                       boolean isAddApproval, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.approveProposal(owner, id, isAddApproval);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public static ProposalApproveContract createProposalApproveContract(
       byte[] owner, long id, boolean is_add_approval) {
     ProposalApproveContract.Builder builder =
@@ -2242,6 +2836,19 @@ public boolean deleteProposal(byte[] owner, long id, boolean multi)
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean deleteProposalForCli(byte[] owner, long id, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.deleteProposal(owner, id);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public static ProposalDeleteContract createProposalDeleteContract(byte[] owner, long id) {
     ProposalDeleteContract.Builder builder = ProposalDeleteContract
         .newBuilder();
@@ -2268,6 +2875,25 @@ public boolean exchangeCreate(
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean exchangeCreateForCli(
+      byte[] owner,
+      byte[] firstTokenId,
+      long firstTokenBalance,
+      byte[] secondTokenId,
+      long secondTokenBalance, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention =
+        apiCli.exchangeCreate(owner, firstTokenId, firstTokenBalance, secondTokenId, secondTokenBalance);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
 
   public static ExchangeCreateContract createExchangeCreateContract(
       byte[] owner,
@@ -2300,6 +2926,20 @@ public boolean exchangeInject(byte[] owner, long exchangeId,
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean exchangeInjectForCli(byte[] owner, long exchangeId,
+                                byte[] tokenId, long quant, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.exchangeInject(owner, exchangeId, tokenId, quant);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public static ExchangeInjectContract createExchangeInjectContract(
       byte[] owner, long exchangeId, byte[] tokenId, long quant) {
     ExchangeInjectContract.Builder builder = ExchangeInjectContract
@@ -2326,6 +2966,20 @@ public boolean exchangeWithdraw(byte[] owner, long exchangeId,
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean exchangeWithdrawForCli(byte[] owner, long exchangeId,
+                                  byte[] tokenId, long quant, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.exchangeWithdraw(owner, exchangeId, tokenId, quant);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
 
   public static ExchangeWithdrawContract createExchangeWithdrawContract(
       byte[] owner, long exchangeId, byte[] tokenId, long quant) {
@@ -2352,6 +3006,20 @@ public boolean exchangeTransaction(byte[] owner, long exchangeId, byte[] tokenId
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean exchangeTransactionForCli(byte[] owner, long exchangeId, byte[] tokenId, long quant,
+                                     long expected, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.exchangeTransaction(owner, exchangeId, tokenId, quant, expected);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public static ExchangeTransactionContract createExchangeTransactionContract(
       byte[] owner, long exchangeId, byte[] tokenId, long quant, long expected) {
     ExchangeTransactionContract.Builder builder = ExchangeTransactionContract.newBuilder();
@@ -2713,7 +3381,8 @@ public boolean updateSetting(byte[] owner, byte[] contractAddress,
         transactionExtention, multi);
   }
 
-  public boolean updateEnergyLimit(byte[] owner, byte[] contractAddress, long originEnergyLimit, boolean multi)
+  public boolean updateSettingForCli(byte[] owner, byte[] contractAddress,
+      long consumeUserResourcePercent, boolean multi)
       throws IOException, CipherException, CancelException, IllegalException {
     if (!isUnlocked()) {
       throw new IllegalStateException(LOCK_WARNING);
@@ -2722,11 +3391,25 @@ public boolean updateEnergyLimit(byte[] owner, byte[] contractAddress, long orig
       owner = getAddress();
     }
 
-    Response.TransactionExtention transactionExtention = apiCli.updateEnergyLimit(owner, contractAddress, originEnergyLimit);
-    if (transactionExtention == null || !transactionExtention.getResult().getResult()) {
-      System.out.println("RPC create trx " + failedHighlight() + "!");
-      if (transactionExtention != null) {
-        System.out.println("Code = " + transactionExtention.getResult().getCode());
+    Response.TransactionExtention transactionExtention =
+        apiCli.updateSetting(owner, contractAddress, consumeUserResourcePercent);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
+  public boolean updateEnergyLimit(byte[] owner, byte[] contractAddress, long originEnergyLimit, boolean multi)
+      throws IOException, CipherException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.updateEnergyLimit(owner, contractAddress, originEnergyLimit);
+    if (transactionExtention == null || !transactionExtention.getResult().getResult()) {
+      System.out.println("RPC create trx " + failedHighlight() + "!");
+      if (transactionExtention != null) {
+        System.out.println("Code = " + transactionExtention.getResult().getCode());
         System.out.println("Message = " + transactionExtention.getResult().getMessage()
             .toStringUtf8());
       }
@@ -2735,6 +3418,21 @@ public boolean updateEnergyLimit(byte[] owner, byte[] contractAddress, long orig
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean updateEnergyLimitForCli(byte[] owner, byte[] contractAddress,
+      long originEnergyLimit, boolean multi)
+      throws IOException, CipherException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention =
+        apiCli.updateEnergyLimit(owner, contractAddress, originEnergyLimit);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean clearContractABI(byte[] owner, byte[] contractAddress, boolean multi)
       throws IOException, CipherException, CancelException, IllegalException {
     if (!isUnlocked()) {
@@ -2758,7 +3456,24 @@ public boolean clearContractABI(byte[] owner, byte[] contractAddress, boolean mu
     return processTransactionExtention(transactionExtention, multi);
   }
 
-  public boolean clearWalletKeystore() {
+  public boolean clearContractAbiForCli(byte[] owner, byte[] contractAddress, boolean multi)
+      throws IOException, CipherException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.clearContractABI(owner, contractAddress);
+    if (transactionExtention == null || !transactionExtention.getResult().getResult()) {
+      return false;
+    }
+
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
+  public boolean clearWalletKeystore(boolean force) {
     String ownerAddress = WalletApi.encode58Check(getAddress());
 
     List<String> walletPath;
@@ -2786,7 +3501,9 @@ public boolean clearWalletKeystore() {
     }
 
     try {
-      return ClearWalletUtils.confirmAndDeleteWallet(ownerAddress, filePaths);
+      return force
+          ? ClearWalletUtils.forceDeleteWallet(ownerAddress, filePaths)
+          : ClearWalletUtils.confirmAndDeleteWallet(ownerAddress, filePaths);
     } catch (Exception e) {
       System.err.println("Error confirming and deleting wallet: " + e.getMessage());
       return false;
@@ -2827,10 +3544,14 @@ public boolean deployContract(
     } else {
       tmpApiCli = new ApiClient(netType, privateKey);
     }
-    Response.TransactionExtention transactionExtention = tmpApiCli.deployContract(contractName, ABI,
-        code, Collections.emptyList(), feeLimit, consumeUserResourcePercent, originEnergyLimit,
-        value, tokenId, tokenValue);
-    tmpApiCli.close();
+    Response.TransactionExtention transactionExtention;
+    try {
+      transactionExtention = tmpApiCli.deployContract(contractName, ABI,
+          code, Collections.emptyList(), feeLimit, consumeUserResourcePercent, originEnergyLimit,
+          value, tokenId, tokenValue);
+    } finally {
+      tmpApiCli.close();
+    }
     if (transactionExtention == null || !transactionExtention.getResult().getResult()) {
       System.out.println("RPC create trx " + failedHighlight() + "!");
       if (transactionExtention != null) {
@@ -2863,6 +3584,79 @@ public boolean deployContract(
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean deployContractForCli(
+      byte[] owner,
+      String contractName,
+      String ABI,
+      String code,
+      long feeLimit,
+      long value,
+      long consumeUserResourcePercent,
+      long originEnergyLimit,
+      long tokenValue,
+      String tokenId,
+      String libraryAddressPair,
+      String compilerVersion,
+      boolean multi)
+      throws Exception {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    if (null != libraryAddressPair) {
+      code = Hex.toHexString(replaceLibraryAddress(code, libraryAddressPair, compilerVersion));
+    }
+    ApiClient tmpApiCli;
+    NetType netType = getCurrentNetwork();
+    byte[] bytes = isUnifiedExist() ? getUnifiedPassword() : getPwdForDeploy();
+    String privateKey = ByteArray.toHexString(credentials == null
+        ? decrypt2PrivateBytes(bytes, getWalletFile())
+        : credentials.getPair().getPrivateKey());
+    if (netType == CUSTOM) {
+      tmpApiCli = new ApiClient(customNodes.getLeft().getLeft(), customNodes.getRight().getLeft(),
+          customNodes.getLeft().getRight(), customNodes.getRight().getRight(), privateKey);
+    } else {
+      tmpApiCli = new ApiClient(netType, privateKey);
+    }
+    Response.TransactionExtention transactionExtention;
+    try {
+      transactionExtention = tmpApiCli.deployContract(contractName, ABI,
+          code, Collections.emptyList(), feeLimit, consumeUserResourcePercent, originEnergyLimit,
+          value, tokenId, tokenValue);
+    } finally {
+      tmpApiCli.close();
+    }
+    if (transactionExtention == null || !transactionExtention.getResult().getResult()) {
+      recordLastCliOperationError(extractTransactionReturnMessage(
+          transactionExtention == null ? null : transactionExtention.getResult()));
+      return false;
+    }
+
+    Response.TransactionExtention.Builder texBuilder = Response.TransactionExtention.newBuilder();
+    Chain.Transaction.Builder transBuilder = Chain.Transaction.newBuilder();
+    Chain.Transaction.raw.Builder rawBuilder = transactionExtention.getTransaction().getRawData()
+        .toBuilder();
+    rawBuilder.setFeeLimit(feeLimit);
+    transBuilder.setRawData(rawBuilder);
+    for (int i = 0; i < transactionExtention.getTransaction().getSignatureCount(); i++) {
+      ByteString s = transactionExtention.getTransaction().getSignature(i);
+      transBuilder.setSignature(i, s);
+    }
+    for (int i = 0; i < transactionExtention.getTransaction().getRetCount(); i++) {
+      Chain.Transaction.Result r = transactionExtention.getTransaction().getRet(i);
+      transBuilder.setRet(i, r);
+    }
+    texBuilder.setTransaction(transBuilder);
+    texBuilder.setResult(transactionExtention.getResult());
+    texBuilder.setTxid(transactionExtention.getTxid());
+    transactionExtention = texBuilder.build();
+
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public Triple<Boolean, Long, Long> triggerContract(
       byte[] owner,
       byte[] contractAddress,
@@ -2909,30 +3703,30 @@ public Triple<Boolean, Long, Long> triggerContract(
         .getTransaction();
     // for constant
     if (transaction.getRetCount() != 0) {
-      Response.TransactionExtention.Builder builder =
-          transactionExtention.toBuilder().clearTransaction().clearTxid();
-      if (transaction.getRet(0).getRet() == Chain.Transaction.Result.code.FAILED) {
-        builder.setResult(builder.getResult().toBuilder().setResult(false));
-      }
-      long energyUsed = builder.build().getEnergyUsed();
+      Response.TransactionExtention normalized = normalizeConstantContractExtention(transactionExtention);
+      long energyUsed = normalized.getEnergyUsed();
       if (!noExe) {
         if (display) {
           long calculateBandwidth = calculateBandwidth(transaction);
-          String s = new String(builder.build().getResult().getMessage().toByteArray(), StandardCharsets.UTF_8);
+          String s = new String(normalized.getResult().getMessage().toByteArray(), StandardCharsets.UTF_8);
           if ("REVERT opcode executed".equals(s)) {
             System.out.println(redBoldHighlight("The transaction may be reverted."));
           }
           System.out.println("It is estimated that " + greenBoldHighlight(calculateBandwidth) + " bandwidth and " + greenBoldHighlight(energyUsed) + " energy will be consumed.");
         } else {
-          System.out.println("Execution result = " + Utils.formatMessageString(builder.build()));
+          System.out.println("Execution result = " + Utils.formatMessageString(normalized));
         }
       }
       BigInteger bigInteger = BigInteger.valueOf(0L);
-      if (builder.getConstantResultCount() == 1) {
-        ByteString constantResult = builder.getConstantResult(0);
+      if (normalized.getConstantResultCount() == 1) {
+        ByteString constantResult = normalized.getConstantResult(0);
         bigInteger = new BigInteger(1, constantResult.toByteArray());
       }
-      return Triple.of(true, energyUsed, bigInteger.longValue());
+      try {
+        return Triple.of(true, energyUsed, bigInteger.longValueExact());
+      } catch (ArithmeticException e) {
+        return Triple.of(false, energyUsed, 0L);
+      }
     }
 
     Response.TransactionExtention.Builder texBuilder = Response.TransactionExtention.newBuilder();
@@ -2957,6 +3751,130 @@ public Triple<Boolean, Long, Long> triggerContract(
     return Triple.of(processTransactionExtention(transactionExtention, multi), 0L, 0L);
   }
 
+  public Triple<Boolean, Long, Long> triggerContractForCli(
+      byte[] owner,
+      byte[] contractAddress,
+      long callValue,
+      byte[] data,
+      long feeLimit,
+      long tokenValue,
+      String tokenId,
+      boolean isConstant,
+      boolean noExe,
+      boolean display,
+      boolean multi)
+      throws Exception {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+    if (multi) {
+      if (!DecodeUtil.addressValid(owner)) {
+        return Triple.of(false, 0L, 0L);
+      }
+      if (!isControlledForCli(owner)) {
+        return Triple.of(false, 0L, 0L);
+      }
+    }
+    Response.TransactionExtention transactionExtention;
+    if (isConstant) {
+      transactionExtention = apiCli.triggerConstantContract(owner, contractAddress, data, callValue,
+          tokenValue, tokenId);
+    } else {
+      transactionExtention = apiCli.triggerContract(owner, contractAddress, data, callValue,
+          tokenValue, tokenId, feeLimit);
+    }
+
+    if (transactionExtention == null || !transactionExtention.getResult().getResult()) {
+      return Triple.of(false, 0L, 0L);
+    }
+
+    Chain.Transaction transaction = transactionExtention.getTransaction();
+    if (transaction.getRetCount() != 0) {
+      Response.TransactionExtention normalized = normalizeConstantContractExtention(transactionExtention);
+      long energyUsed = normalized.getEnergyUsed();
+      BigInteger bigInteger = BigInteger.valueOf(0L);
+      if (normalized.getConstantResultCount() == 1) {
+        ByteString constantResult = normalized.getConstantResult(0);
+        bigInteger = new BigInteger(1, constantResult.toByteArray());
+      }
+      try {
+        return Triple.of(true, energyUsed, bigInteger.longValueExact());
+      } catch (ArithmeticException e) {
+        recordLastCliOperationError("Constant result exceeds long range: " + bigInteger.toString());
+        return Triple.of(false, energyUsed, 0L);
+      }
+    }
+
+    Response.TransactionExtention.Builder texBuilder = Response.TransactionExtention.newBuilder();
+    Chain.Transaction.Builder transBuilder = Chain.Transaction.newBuilder();
+    Chain.Transaction.raw.Builder rawBuilder = transactionExtention.getTransaction().getRawData()
+        .toBuilder();
+    rawBuilder.setFeeLimit(feeLimit);
+    transBuilder.setRawData(rawBuilder);
+    for (int i = 0; i < transactionExtention.getTransaction().getSignatureCount(); i++) {
+      ByteString s = transactionExtention.getTransaction().getSignature(i);
+      transBuilder.setSignature(i, s);
+    }
+    for (int i = 0; i < transactionExtention.getTransaction().getRetCount(); i++) {
+      Chain.Transaction.Result r = transactionExtention.getTransaction().getRet(i);
+      transBuilder.setRet(i, r);
+    }
+    texBuilder.setTransaction(transBuilder);
+    texBuilder.setResult(transactionExtention.getResult());
+    texBuilder.setTxid(transactionExtention.getTxid());
+    transactionExtention = texBuilder.build();
+
+    return Triple.of(processTransactionExtentionForCli(transactionExtention, multi), 0L, 0L);
+  }
+
+  public Response.TransactionExtention triggerConstantContractExtention(
+      byte[] owner,
+      byte[] contractAddress,
+      long callValue,
+      byte[] data,
+      long tokenValue,
+      String tokenId) {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+    return triggerConstantContractExtentionDirect(
+        owner, contractAddress, callValue, data, tokenValue, tokenId);
+  }
+
+  public static Response.TransactionExtention triggerConstantContractExtentionDirect(
+      byte[] owner,
+      byte[] contractAddress,
+      long callValue,
+      byte[] data,
+      long tokenValue,
+      String tokenId) {
+    return normalizeConstantContractExtention(
+        apiCli.triggerConstantContract(owner, contractAddress, data, callValue, tokenValue, tokenId));
+  }
+
+  private static Response.TransactionExtention normalizeConstantContractExtention(
+      Response.TransactionExtention transactionExtention) {
+    if (transactionExtention == null) {
+      return null;
+    }
+    Chain.Transaction transaction = transactionExtention.getTransaction();
+    if (transaction.getRetCount() == 0) {
+      return transactionExtention;
+    }
+    Response.TransactionExtention.Builder builder =
+        transactionExtention.toBuilder().clearTransaction().clearTxid();
+    if (transaction.getRet(0).getRet() == Chain.Transaction.Result.code.FAILED) {
+      builder.setResult(builder.getResult().toBuilder().setResult(false));
+    }
+    return builder.build();
+  }
+
   public static long calculateBandwidth(Chain.Transaction transaction) {
     String hexString = Hex.toHexString(transaction.getRawData().toByteArray());
     final long DATA_HEX_PROTOBUF_EXTRA = 9;
@@ -3001,6 +3919,30 @@ public boolean estimateEnergy(
     return true;
   }
 
+  public Response.EstimateEnergyMessage estimateEnergyMessage(
+      byte[] owner,
+      byte[] contractAddress,
+      long callValue,
+      byte[] data,
+      long tokenValue,
+      String tokenId)
+      throws IOException {
+    if (owner == null) {
+      owner = getAddress();
+    }
+    return estimateEnergyMessageDirect(owner, contractAddress, callValue, data, tokenValue, tokenId);
+  }
+
+  public static Response.EstimateEnergyMessage estimateEnergyMessageDirect(
+      byte[] owner,
+      byte[] contractAddress,
+      long callValue,
+      byte[] data,
+      long tokenValue,
+      String tokenId) {
+    return apiCli.estimateEnergy(owner, contractAddress, callValue, data, tokenValue, tokenId);
+  }
+
   public static Common.SmartContract getContract(byte[] address) {
     return apiCli.getContract(address);
   }
@@ -3074,6 +4016,17 @@ public boolean accountPermissionUpdate(byte[] owner, String permissionJson, bool
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean accountPermissionUpdateForCli(byte[] owner, String permissionJson, boolean multi)
+      throws CipherException, IOException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException(LOCK_WARNING);
+    }
+    Contract.AccountPermissionUpdateContract contract =
+        createAccountPermissionContract(owner, permissionJson);
+    Response.TransactionExtention transactionExtention = apiCli.accountPermissionUpdate(contract);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   private boolean checkPermission(Common.Permission permission) {
     if (permission.getKeysCount() > 5) {
       System.out.println("number of keys in permission should not be greater than 5");
@@ -3230,15 +4183,8 @@ public Chain.Transaction addTransactionSign(Chain.Transaction transaction)
     String tipsString = "Please input permission id.";
     transaction = TransactionUtils.setPermissionId(transaction, tipsString);
 
-    System.out.println("Please choose your key for sign.");
-    WalletFile wf = selectWalletFileE();
-    byte[] passwd;
-    if (lockAccount && isUnifiedExist() && Arrays.equals(decodeFromBase58Check(wf.getAddress()), getAddress())) {
-      passwd = getUnifiedPassword();
-    } else {
-      System.out.println("Please input your password.");
-      passwd = char2Byte(inputPassword(false));
-    }
+    WalletFile wf = resolveSigningWalletFile();
+    byte[] passwd = resolveSigningPassword(wf);
     if (isEckey) {
       transaction = TransactionUtils.sign(transaction, this.getEcKey(wf, passwd));
     } else {
@@ -3270,6 +4216,23 @@ public boolean updateBrokerage(byte[] owner, int brokerage, boolean multi)
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean updateBrokerageForCli(byte[] owner, int brokerage, boolean multi)
+      throws IOException, CipherException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException("Wallet is locked. Cannot sign or send transaction.");
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.updateBrokerage(owner, brokerage);
+    if (transactionExtention == null || !transactionExtention.getResult().getResult()) {
+      return false;
+    }
+
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public static org.tron.trident.api.GrpcAPI.NumberMessage getReward(byte[] owner) {
     return apiCli.getReward(owner);
   }
@@ -3313,6 +4276,25 @@ public boolean marketSellAsset(
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean marketSellAssetForCli(
+      byte[] owner,
+      byte[] sellTokenId,
+      long sellTokenQuantity,
+      byte[] buyTokenId,
+      long buyTokenQuantity, boolean multi)
+      throws IOException, CipherException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException("Wallet is locked. Cannot sign or send transaction.");
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.marketSellAsset(owner, sellTokenId,
+        sellTokenQuantity, buyTokenId, buyTokenQuantity);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public boolean marketCancelOrder(byte[] owner, byte[] orderId, boolean multi)
       throws IOException, CipherException, CancelException, IllegalException {
     if (!isUnlocked()) {
@@ -3326,6 +4308,19 @@ public boolean marketCancelOrder(byte[] owner, byte[] orderId, boolean multi)
     return processTransactionExtention(transactionExtention, multi);
   }
 
+  public boolean marketCancelOrderForCli(byte[] owner, byte[] orderId, boolean multi)
+      throws IOException, CipherException, CancelException, IllegalException {
+    if (!isUnlocked()) {
+      throw new IllegalStateException("Wallet is locked. Cannot sign or send transaction.");
+    }
+    if (owner == null) {
+      owner = getAddress();
+    }
+
+    Response.TransactionExtention transactionExtention = apiCli.marketCancelOrder(owner, orderId);
+    return processTransactionExtentionForCli(transactionExtention, multi);
+  }
+
   public static Response.MarketOrderList getMarketOrderByAccount(byte[] address) {
     return apiCli.getMarketOrderByAccount(address);
   }
diff --git a/src/test/java/org/tron/common/utils/TransactionUtilsTest.java b/src/test/java/org/tron/common/utils/TransactionUtilsTest.java
new file mode 100644
index 00000000..6466e036
--- /dev/null
+++ b/src/test/java/org/tron/common/utils/TransactionUtilsTest.java
@@ -0,0 +1,37 @@
+package org.tron.common.utils;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.protos.Protocol.Transaction;
+
+public class TransactionUtilsTest {
+
+  @Test
+  public void setPermissionIdWithNullTipDoesNotPrompt() throws Exception {
+    PrintStream originalOut = System.out;
+    java.io.InputStream originalIn = System.in;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    System.setOut(new PrintStream(stdout));
+    System.setIn(new ByteArrayInputStream("unexpected\n".getBytes(StandardCharsets.UTF_8)));
+    try {
+      Transaction transaction = Transaction.newBuilder()
+          .setRawData(Transaction.raw.newBuilder()
+              .addContract(Transaction.Contract.newBuilder().build())
+              .build())
+          .build();
+
+      Transaction result = TransactionUtils.setPermissionId(transaction, null);
+
+      Assert.assertEquals(0, result.getRawData().getContract(0).getPermissionId());
+      Assert.assertEquals("", stdout.toString(StandardCharsets.UTF_8.name()));
+    } finally {
+      System.setOut(originalOut);
+      System.setIn(originalIn);
+      TransactionUtils.clearPermissionIdOverride();
+    }
+  }
+}
diff --git a/src/test/java/org/tron/common/utils/UtilsPasswordTest.java b/src/test/java/org/tron/common/utils/UtilsPasswordTest.java
new file mode 100644
index 00000000..f947a835
--- /dev/null
+++ b/src/test/java/org/tron/common/utils/UtilsPasswordTest.java
@@ -0,0 +1,53 @@
+package org.tron.common.utils;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.keystore.StringUtils;
+
+public class UtilsPasswordTest {
+
+  @Test
+  public void resolveEnvPasswordRejectsWeakPasswordWhenStrengthCheckIsRequired() {
+    try {
+      Utils.resolveEnvPassword("a", true);
+      Assert.fail("Expected weak MASTER_PASSWORD to be rejected");
+    } catch (IllegalArgumentException e) {
+      Assert.assertEquals("MASTER_PASSWORD does not meet password strength requirements",
+          e.getMessage());
+    }
+  }
+
+  @Test
+  public void resolveEnvPasswordAcceptsWeakPasswordWhenStrengthCheckIsDisabled() {
+    char[] password = Utils.resolveEnvPassword("a", false);
+    try {
+      Assert.assertArrayEquals(new char[]{'a'}, password);
+    } finally {
+      StringUtils.clear(password);
+    }
+  }
+
+  @Test
+  public void resolveEnvPasswordAcceptsStrongPasswordWhenStrengthCheckIsRequired() {
+    char[] password = Utils.resolveEnvPassword("Abc12345!@", true);
+    try {
+      Assert.assertArrayEquals("Abc12345!@".toCharArray(), password);
+    } finally {
+      StringUtils.clear(password);
+    }
+  }
+
+  @Test
+  public void envPasswordInputIsDisabledByDefault() {
+    Utils.setEnvPasswordInputEnabled(false);
+    Assert.assertFalse(Utils.isEnvPasswordInputEnabled());
+  }
+
+  @Test
+  public void envPasswordInputFlagCanBeEnabledAndReset() {
+    Utils.setEnvPasswordInputEnabled(true);
+    Assert.assertTrue(Utils.isEnvPasswordInputEnabled());
+    Utils.setEnvPasswordInputEnabled(false);
+    Assert.assertFalse(Utils.isEnvPasswordInputEnabled());
+  }
+}
diff --git a/src/test/java/org/tron/keystore/ClearWalletUtilsTest.java b/src/test/java/org/tron/keystore/ClearWalletUtilsTest.java
new file mode 100644
index 00000000..8b126b7e
--- /dev/null
+++ b/src/test/java/org/tron/keystore/ClearWalletUtilsTest.java
@@ -0,0 +1,39 @@
+package org.tron.keystore;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Collections;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ClearWalletUtilsTest {
+
+  @Test
+  public void deleteFilesQuietDeletesWithoutTerminalNoise() throws Exception {
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    Path dir = Files.createTempDirectory("clear-wallet-utils");
+    Path walletFile = dir.resolve("wallet.json");
+    Files.write(walletFile, Collections.singletonList("{}"), StandardCharsets.UTF_8);
+    try {
+      Assert.assertTrue(ClearWalletUtils.deleteFilesQuiet(
+          Collections.singletonList(walletFile.toString())));
+      Assert.assertFalse(Files.exists(walletFile));
+      Assert.assertEquals("", stdout.toString(StandardCharsets.UTF_8.name()));
+      Assert.assertEquals("", stderr.toString(StandardCharsets.UTF_8.name()));
+    } finally {
+      Files.deleteIfExists(dir.resolve("wallet.json.bak"));
+      Files.deleteIfExists(walletFile);
+      Files.deleteIfExists(dir);
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+    }
+  }
+}
diff --git a/src/test/java/org/tron/walletcli/ClientMainTest.java b/src/test/java/org/tron/walletcli/ClientMainTest.java
new file mode 100644
index 00000000..53130c04
--- /dev/null
+++ b/src/test/java/org/tron/walletcli/ClientMainTest.java
@@ -0,0 +1,128 @@
+package org.tron.walletcli;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.walletcli.cli.GlobalOptions;
+
+public class ClientMainTest {
+
+  @Test
+  public void runMainPrintsGlobalHelpForHelpFlagBeforeCommand() throws Exception {
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    PrintStream originalOut = System.out;
+    System.setOut(new PrintStream(stdout));
+    try {
+      int exitCode = Client.runMain(new String[]{"--help", "get-balance"});
+
+      Assert.assertEquals(0, exitCode);
+      String output = stdout.toString(StandardCharsets.UTF_8.name());
+      Assert.assertTrue(output.contains("TRON Wallet CLI"));
+      Assert.assertTrue(output.contains("Usage:"));
+      Assert.assertFalse(output.contains("Error:"));
+    } finally {
+      System.setOut(originalOut);
+    }
+  }
+
+  @Test
+  public void runMainPrintsVersionForVersionFlag() throws Exception {
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    PrintStream originalOut = System.out;
+    System.setOut(new PrintStream(stdout));
+    try {
+      int exitCode = Client.runMain(new String[]{"--version"});
+
+      Assert.assertEquals(0, exitCode);
+      Assert.assertTrue(stdout.toString(StandardCharsets.UTF_8.name()).contains("wallet-cli"));
+    } finally {
+      System.setOut(originalOut);
+    }
+  }
+
+  @Test
+  public void runMainEmitsCleanJsonForGlobalHelp() throws Exception {
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    PrintStream originalOut = System.out;
+    System.setOut(new PrintStream(stdout));
+    try {
+      int exitCode = Client.runMain(new String[]{"--output", "json", "--help"});
+
+      Assert.assertEquals(0, exitCode);
+      String output = stdout.toString(StandardCharsets.UTF_8.name()).trim();
+      Assert.assertTrue(output.startsWith("{"));
+      Assert.assertTrue(output.contains("\"success\": true"));
+      Assert.assertTrue(output.contains("\"help\":"));
+      Assert.assertFalse(output.contains("User defined config file"));
+    } finally {
+      System.setOut(originalOut);
+    }
+  }
+
+  @Test
+  public void runMainReturnsUsageErrorForMissingCommand() throws Exception {
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    PrintStream originalOut = System.out;
+    System.setOut(new PrintStream(stdout));
+    try {
+      int exitCode = Client.runMain(new String[]{"--output", "json"});
+
+      Assert.assertEquals(2, exitCode);
+      String output = stdout.toString(StandardCharsets.UTF_8.name());
+      Assert.assertTrue(output.contains("\"success\": false"));
+      Assert.assertTrue(output.contains("\"error\": \"usage_error\""));
+      Assert.assertTrue(output.contains("Missing command."));
+    } finally {
+      System.setOut(originalOut);
+    }
+  }
+
+  @Test
+  public void noArgsDefaultsToInteractiveTextMode() {
+    GlobalOptions opts = GlobalOptions.parse(new String[0]);
+
+    Assert.assertTrue(Client.shouldLaunchInteractiveByDefault(new String[0], opts));
+  }
+
+  @Test
+  public void runMainMapsGlobalParseFailuresToExitCodeTwo() throws Exception {
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      int exitCode = Client.runMain(new String[]{"--outputt", "json", "get-balance"});
+
+      Assert.assertEquals(2, exitCode);
+      String output = stderr.toString(StandardCharsets.UTF_8.name());
+      Assert.assertTrue(output.contains("Error: Unknown global option: --outputt"));
+      Assert.assertFalse(output.contains("Unknown command"));
+      Assert.assertEquals("", stdout.toString(StandardCharsets.UTF_8.name()));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+    }
+  }
+
+  @Test
+  public void runMainEmitsJsonForGlobalParseFailureWhenJsonWasRequested() throws Exception {
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    PrintStream originalOut = System.out;
+    System.setOut(new PrintStream(stdout));
+    try {
+      int exitCode = Client.runMain(new String[]{"--output", "json", "--outputt", "json", "get-balance"});
+
+      Assert.assertEquals(2, exitCode);
+      String output = stdout.toString(StandardCharsets.UTF_8.name());
+      Assert.assertTrue(output.contains("\"success\": false"));
+      Assert.assertTrue(output.contains("\"error\": \"usage_error\""));
+      Assert.assertTrue(output.contains("Unknown global option: --outputt"));
+    } finally {
+      System.setOut(originalOut);
+    }
+  }
+}
diff --git a/src/test/java/org/tron/walletcli/CryptoVectorTest.java b/src/test/java/org/tron/walletcli/CryptoVectorTest.java
new file mode 100644
index 00000000..4735decf
--- /dev/null
+++ b/src/test/java/org/tron/walletcli/CryptoVectorTest.java
@@ -0,0 +1,40 @@
+package org.tron.walletcli;
+
+import java.util.Arrays;
+import java.util.List;
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.common.crypto.ECKey;
+import org.tron.common.utils.ByteArray;
+import org.tron.mnemonic.MnemonicUtils;
+import org.tron.walletserver.WalletApi;
+
+/**
+ * Deterministic crypto test vectors for core wallet operations.
+ * Expected values are pre-computed and hardcoded — do not derive them dynamically.
+ */
+public class CryptoVectorTest {
+
+    @Test
+    public void privateKeyToTronAddress() {
+        byte[] privKey = ByteArray.fromHexString(
+            "afdfd9c3d2095ef696594f6cedcae59e72dcd697e2a7521b1578140422a4f890");
+        ECKey ecKey = ECKey.fromPrivate(privKey);
+        String address = WalletApi.encode58Check(ecKey.getAddress());
+        Assert.assertEquals("TAaQhg316jEzoL9JojWFMUhoguXrSd7Fqd", address);
+    }
+
+    @Test
+    public void mnemonicToTronAddress() {
+        List<String> mnemonic = Arrays.asList(
+            "abandon", "abandon", "abandon", "abandon", "abandon", "abandon",
+            "abandon", "abandon", "abandon", "abandon", "abandon", "about");
+        byte[] privKey = MnemonicUtils.getPrivateKeyFromMnemonic(mnemonic);
+        Assert.assertEquals(
+            "b5a4cea271ff424d7c31dc12a3e43e401df7a40d7412a15750f3f0b6b5449a28",
+            ByteArray.toHexString(privKey));
+        ECKey ecKey = ECKey.fromPrivate(privKey);
+        String address = WalletApi.encode58Check(ecKey.getAddress());
+        Assert.assertEquals("TUEZSdKsoDHQMeZwihtdoBiN46zxhGWYdH", address);
+    }
+}
diff --git a/src/test/java/org/tron/walletcli/WalletApiWrapperTest.java b/src/test/java/org/tron/walletcli/WalletApiWrapperTest.java
new file mode 100644
index 00000000..eb17b362
--- /dev/null
+++ b/src/test/java/org/tron/walletcli/WalletApiWrapperTest.java
@@ -0,0 +1,213 @@
+package org.tron.walletcli;
+
+import com.google.protobuf.ByteString;
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.common.enums.NetType;
+import org.tron.keystore.WalletFile;
+import org.tron.trident.proto.Response;
+import org.tron.walletcli.cli.CommandErrorException;
+import org.tron.walletserver.ApiClient;
+import org.tron.walletserver.WalletApi;
+
+public class WalletApiWrapperTest {
+
+  private static final byte[] OWNER =
+      WalletApi.decodeFromBase58Check("TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL");
+  private static final byte[] CONTRACT =
+      WalletApi.decodeFromBase58Check("TXYZopYRdj2D9XRtbG411XZZ3kM5VkAeBf");
+
+  private static class StubApiClient extends ApiClient {
+    private Response.TransactionExtention constantContractResult;
+    private Response.EstimateEnergyMessage estimateEnergyResult;
+    private Response.Account queryAccountResult;
+    private byte[] lastOwner;
+    private byte[] lastContract;
+    private byte[] lastData;
+    private byte[] lastQueryAddress;
+
+    StubApiClient() {
+      super(NetType.NILE);
+    }
+
+    @Override
+    public Response.TransactionExtention triggerConstantContract(
+        byte[] owner,
+        byte[] contractAddress,
+        byte[] data,
+        long callValue,
+        long tokenValue,
+        String tokenId) {
+      lastOwner = owner;
+      lastContract = contractAddress;
+      lastData = data;
+      return constantContractResult;
+    }
+
+    @Override
+    public Response.EstimateEnergyMessage estimateEnergy(
+        byte[] owner,
+        byte[] contractAddress,
+        long callValue,
+        byte[] data,
+        long tokenValue,
+        String tokenId) {
+      lastOwner = owner;
+      lastContract = contractAddress;
+      lastData = data;
+      return estimateEnergyResult;
+    }
+
+    @Override
+    public Response.Account queryAccount(byte[] address) {
+      lastQueryAddress = address;
+      return queryAccountResult;
+    }
+  }
+
+  @Test
+  public void computeBufferedFeeLimitAddsTwentyPercentBuffer() {
+    Assert.assertEquals(120L, WalletApiWrapper.computeBufferedFeeLimit(10L, 10L));
+  }
+
+  @Test(expected = ArithmeticException.class)
+  public void computeBufferedFeeLimitFailsOnOverflow() {
+    WalletApiWrapper.computeBufferedFeeLimit(Long.MAX_VALUE, 2L);
+  }
+
+  @Test
+  public void getUsdtBalanceAllowsNoAuthWhenAddressProvided() throws Exception {
+    ApiClient originalApiCli = WalletApi.getApiCli();
+    NetType originalNetwork = WalletApi.getCurrentNetwork();
+    StubApiClient stub = new StubApiClient();
+    Response.TransactionExtention.Builder constantBuilder = Response.TransactionExtention.newBuilder();
+    constantBuilder.getResultBuilder().setResult(true);
+    constantBuilder.addConstantResult(ByteString.copyFrom(new byte[]{0x7b}));
+    stub.constantContractResult = constantBuilder.build();
+    WalletApi.setApiCli(stub);
+    WalletApi.setCurrentNetwork(NetType.NILE);
+
+    try {
+      WalletApiWrapper wrapper = new WalletApiWrapper();
+      org.apache.commons.lang3.tuple.Triple<Boolean, Long, Long> result = wrapper.getUSDTBalance(OWNER);
+
+      Assert.assertTrue(result.getLeft());
+      Assert.assertEquals(123L, result.getRight().longValue());
+      Assert.assertArrayEquals(OWNER, stub.lastOwner);
+      Assert.assertArrayEquals(CONTRACT, stub.lastContract);
+      Assert.assertNotNull(stub.lastData);
+    } finally {
+      WalletApi.setApiCli(originalApiCli);
+      WalletApi.setCurrentNetwork(originalNetwork);
+    }
+  }
+
+  @Test
+  public void triggerConstantContractExtentionAllowsNoAuthWhenOwnerProvided() {
+    ApiClient originalApiCli = WalletApi.getApiCli();
+    StubApiClient stub = new StubApiClient();
+    Response.TransactionExtention.Builder constantBuilder = Response.TransactionExtention.newBuilder();
+    constantBuilder.getResultBuilder().setResult(true);
+    stub.constantContractResult = constantBuilder.build();
+    WalletApi.setApiCli(stub);
+
+    try {
+      WalletApiWrapper wrapper = new WalletApiWrapper();
+      Response.TransactionExtention result =
+          wrapper.triggerConstantContractExtention(OWNER, CONTRACT, 0L, new byte[]{0x01}, 0L, "");
+
+      Assert.assertNotNull(result);
+      Assert.assertArrayEquals(OWNER, stub.lastOwner);
+      Assert.assertArrayEquals(CONTRACT, stub.lastContract);
+    } finally {
+      WalletApi.setApiCli(originalApiCli);
+    }
+  }
+
+  @Test
+  public void estimateEnergyMessageAllowsNoAuthWhenOwnerProvided() {
+    ApiClient originalApiCli = WalletApi.getApiCli();
+    StubApiClient stub = new StubApiClient();
+    Response.EstimateEnergyMessage.Builder estimateBuilder = Response.EstimateEnergyMessage.newBuilder();
+    estimateBuilder.getResultBuilder().setResult(true);
+    estimateBuilder.setEnergyRequired(321L);
+    stub.estimateEnergyResult = estimateBuilder.build();
+    WalletApi.setApiCli(stub);
+
+    try {
+      WalletApiWrapper wrapper = new WalletApiWrapper();
+      Response.EstimateEnergyMessage result =
+          wrapper.estimateEnergyMessage(OWNER, CONTRACT, 0L, new byte[]{0x02}, 0L, "");
+
+      Assert.assertNotNull(result);
+      Assert.assertEquals(321L, result.getEnergyRequired());
+      Assert.assertArrayEquals(OWNER, stub.lastOwner);
+      Assert.assertArrayEquals(CONTRACT, stub.lastContract);
+    } finally {
+      WalletApi.setApiCli(originalApiCli);
+    }
+  }
+
+  @Test
+  public void queryAccountUsesProvidedAddressWhenLoggedIn() {
+    ApiClient originalApiCli = WalletApi.getApiCli();
+    StubApiClient stub = new StubApiClient();
+    stub.queryAccountResult = Response.Account.newBuilder().build();
+    WalletApi.setApiCli(stub);
+
+    try {
+      WalletFile walletFile = new WalletFile();
+      walletFile.setAddress("TQsVqVAnvbFdLcbk29N4npwjW6VG84KS2A");
+      WalletApi walletApi = new WalletApi(walletFile);
+      walletApi.setLogin(null);
+
+      WalletApiWrapper wrapper = new WalletApiWrapper();
+      wrapper.setWallet(walletApi);
+
+      Response.Account result = wrapper.queryAccount(OWNER);
+
+      Assert.assertNotNull(result);
+      Assert.assertArrayEquals(OWNER, stub.lastQueryAddress);
+    } finally {
+      WalletApi.setApiCli(originalApiCli);
+    }
+  }
+
+  @Test
+  public void throwIfCliOperationFailedUsesCapturedCliErrorDetail() {
+    WalletApiWrapper wrapper = new WalletApiWrapper() {
+      @Override
+      protected String consumeLastCliOperationError() {
+        return "CONTRACT_VALIDATE_ERROR, Contract validate error : Proposal[1] expired";
+      }
+    };
+
+    try {
+      wrapper.throwIfCliOperationFailed(false, "ApproveProposal failed !!");
+      Assert.fail("Expected CLI failure");
+    } catch (CommandErrorException e) {
+      Assert.assertEquals("execution_error", e.getCode());
+      Assert.assertEquals(
+          "CONTRACT_VALIDATE_ERROR, Contract validate error : Proposal[1] expired",
+          e.getMessage());
+    }
+  }
+
+  @Test
+  public void throwIfCliOperationFailedFallsBackWhenNoCliErrorDetailExists() {
+    WalletApiWrapper wrapper = new WalletApiWrapper() {
+      @Override
+      protected String consumeLastCliOperationError() {
+        return null;
+      }
+    };
+
+    try {
+      wrapper.throwIfCliOperationFailed(false, "ApproveProposal failed !!");
+      Assert.fail("Expected CLI failure");
+    } catch (CommandErrorException e) {
+      Assert.assertEquals("execution_error", e.getCode());
+      Assert.assertEquals("ApproveProposal failed !!", e.getMessage());
+    }
+  }
+}
diff --git a/src/test/java/org/tron/walletcli/cli/ActiveWalletConfigTest.java b/src/test/java/org/tron/walletcli/cli/ActiveWalletConfigTest.java
new file mode 100644
index 00000000..afd853bb
--- /dev/null
+++ b/src/test/java/org/tron/walletcli/cli/ActiveWalletConfigTest.java
@@ -0,0 +1,203 @@
+package org.tron.walletcli.cli;
+
+import org.bouncycastle.util.encoders.Hex;
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.keystore.WalletFile;
+import org.tron.keystore.WalletUtils;
+import org.tron.walletserver.WalletApi;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.util.Arrays;
+
+public class ActiveWalletConfigTest {
+
+  @Test
+  public void readActiveAddressFromFileReturnsAddressWhenConfigIsValid() throws Exception {
+    File configFile = writeConfig("{\"address\":\"TXYZ\"}");
+
+    Assert.assertEquals("TXYZ", ActiveWalletConfig.readActiveAddressFromFile(configFile));
+  }
+
+  @Test
+  public void readActiveAddressFromFileRejectsInvalidAddressType() throws Exception {
+    File configFile = writeConfig("{\"address\":123}");
+
+    try {
+      ActiveWalletConfig.readActiveAddressFromFile(configFile);
+      Assert.fail("Expected invalid address value to fail");
+    } catch (IOException e) {
+      Assert.assertEquals("Active wallet config contains an invalid address value", e.getMessage());
+    }
+  }
+
+  @Test
+  public void readActiveAddressFromFileRejectsMissingAddressField() throws Exception {
+    File configFile = writeConfig("{\"name\":\"wallet\"}");
+
+    try {
+      ActiveWalletConfig.readActiveAddressFromFile(configFile);
+      Assert.fail("Expected missing address field to fail");
+    } catch (IOException e) {
+      Assert.assertEquals("Active wallet config is missing the address field", e.getMessage());
+    }
+  }
+
+  @Test
+  public void getActiveAddressLenientTreatsMalformedConfigAsUnset() throws Exception {
+    String originalUserDir = System.getProperty("user.dir");
+    File tempDir = Files.createTempDirectory("active-wallet-lenient").toFile();
+    File walletDir = new File(tempDir, "Wallet");
+    File configFile = new File(walletDir, ".active-wallet");
+
+    Assert.assertTrue(walletDir.mkdirs());
+    Files.write(configFile.toPath(), "{\"address\":123}".getBytes(StandardCharsets.UTF_8));
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    try {
+      Assert.assertNull(ActiveWalletConfig.getActiveAddressLenient());
+    } finally {
+      System.setProperty("user.dir", originalUserDir);
+    }
+  }
+
+  @Test
+  public void clearWarnsWhenDeleteFails() throws Exception {
+    PrintStream originalErr = System.err;
+    File tempDir = Files.createTempDirectory("active-wallet-clear-test").toFile();
+    File configDir = new File(tempDir, ".active-wallet");
+    File nestedFile = new File(configDir, "stale");
+    ByteArrayOutputStream errBuffer = new ByteArrayOutputStream();
+
+    Assert.assertTrue(configDir.mkdirs());
+    Assert.assertTrue(nestedFile.createNewFile());
+
+    System.setErr(new PrintStream(errBuffer));
+    try {
+      ActiveWalletConfig.clearConfigFile(configDir);
+    } finally {
+      System.setErr(originalErr);
+      nestedFile.delete();
+      configDir.delete();
+      tempDir.delete();
+    }
+
+    String warning = errBuffer.toString("UTF-8");
+    Assert.assertTrue(warning.contains("Warning: Failed to delete active wallet config"));
+    Assert.assertTrue(warning.contains(".active-wallet"));
+  }
+
+  @Test
+  public void resolveWalletOverrideStrictAllowsExplicitPathWithoutWalletDirectory() throws Exception {
+    File tempDir = Files.createTempDirectory("active-wallet-explicit").toFile();
+    File walletFile = createWalletFile(tempDir, "alpha",
+        "0000000000000000000000000000000000000000000000000000000000000001");
+    File missingWalletDir = new File(tempDir, "MissingWallet");
+
+    Assert.assertEquals(walletFile.getAbsolutePath(),
+        ActiveWalletConfig.resolveWalletOverrideStrict(missingWalletDir, walletFile.getAbsolutePath())
+            .getAbsolutePath());
+  }
+
+  @Test
+  public void resolveWalletOverrideStrictFailsWithPathErrorForMissingExplicitPath() throws Exception {
+    File tempDir = Files.createTempDirectory("active-wallet-missing-path").toFile();
+    File missingWalletDir = new File(tempDir, "MissingWallet");
+    String missingPath = new File(tempDir, "nonexistent/wallet.json").getAbsolutePath();
+
+    try {
+      ActiveWalletConfig.resolveWalletOverrideStrict(missingWalletDir, missingPath);
+      Assert.fail("Expected IOException for missing explicit path");
+    } catch (IOException e) {
+      Assert.assertTrue(e.getMessage().contains("Wallet file not found"));
+      Assert.assertFalse(e.getMessage().contains("Wallet directory not found"));
+    }
+  }
+
+  @Test
+  public void resolveWalletOverrideStrictRejectsAmbiguousWalletName() throws Exception {
+    File walletDir = Files.createTempDirectory("active-wallet-ambiguous").toFile();
+    createWalletFile(walletDir, "duplicate",
+        "0000000000000000000000000000000000000000000000000000000000000001");
+    createWalletFile(walletDir, "duplicate",
+        "0000000000000000000000000000000000000000000000000000000000000002");
+
+    try {
+      ActiveWalletConfig.resolveWalletOverrideStrict(walletDir, "duplicate");
+      Assert.fail("Expected ambiguous wallet name to fail");
+    } catch (IllegalArgumentException e) {
+      Assert.assertTrue(e.getMessage().contains("Multiple wallets found with name 'duplicate'"));
+    }
+  }
+
+  @Test
+  public void resolveActiveWalletFileStrictRejectsMalformedConfig() throws Exception {
+    String originalUserDir = System.getProperty("user.dir");
+    File tempDir = Files.createTempDirectory("active-wallet-malformed").toFile();
+    File walletDir = new File(tempDir, "Wallet");
+    File configFile = new File(walletDir, ".active-wallet");
+
+    Assert.assertTrue(walletDir.mkdirs());
+    Files.write(configFile.toPath(), "{\"address\":123}".getBytes(StandardCharsets.UTF_8));
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    try {
+      ActiveWalletConfig.resolveActiveWalletFileStrict(walletDir);
+      Assert.fail("Expected malformed active wallet config to fail");
+    } catch (IOException e) {
+      Assert.assertEquals("Active wallet config contains an invalid address value", e.getMessage());
+    } finally {
+      System.setProperty("user.dir", originalUserDir);
+    }
+  }
+
+  @Test
+  public void resolveActiveWalletFileStrictRejectsMissingKeystore() throws Exception {
+    String originalUserDir = System.getProperty("user.dir");
+    File tempDir = Files.createTempDirectory("active-wallet-missing-keystore").toFile();
+    File walletDir = new File(tempDir, "Wallet");
+
+    Assert.assertTrue(walletDir.mkdirs());
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    try {
+      ActiveWalletConfig.setActiveAddress("TMissingWalletAddress");
+      try {
+        ActiveWalletConfig.resolveActiveWalletFileStrict(walletDir);
+        Assert.fail("Expected missing keystore to fail");
+      } catch (IOException e) {
+        Assert.assertTrue(e.getMessage().contains("Active wallet keystore not found"));
+      }
+    } finally {
+      System.setProperty("user.dir", originalUserDir);
+    }
+  }
+
+  private File writeConfig(String json) throws Exception {
+    File dir = Files.createTempDirectory("active-wallet-config-test").toFile();
+    File configFile = new File(dir, ".active-wallet");
+    try (FileWriter writer = new FileWriter(configFile)) {
+      writer.write(json);
+    }
+    configFile.deleteOnExit();
+    dir.deleteOnExit();
+    return configFile;
+  }
+
+  private File createWalletFile(File walletDir, String walletName, String privateKeyHex) throws Exception {
+    byte[] password = "TempPass123!A".getBytes(StandardCharsets.UTF_8);
+    byte[] privateKey = Hex.decode(privateKeyHex);
+    try {
+      WalletFile walletFile = WalletApi.CreateWalletFile(password, privateKey, null);
+      walletFile.setName(walletName);
+      WalletUtils.generateWalletFile(walletFile, walletDir);
+      return walletFile.getSourceFile();
+    } finally {
+      Arrays.fill(password, (byte) 0);
+      Arrays.fill(privateKey, (byte) 0);
+    }
+  }
+}
diff --git a/src/test/java/org/tron/walletcli/cli/CommandDefinitionTest.java b/src/test/java/org/tron/walletcli/cli/CommandDefinitionTest.java
new file mode 100644
index 00000000..1a948121
--- /dev/null
+++ b/src/test/java/org/tron/walletcli/cli/CommandDefinitionTest.java
@@ -0,0 +1,292 @@
+package org.tron.walletcli.cli;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class CommandDefinitionTest {
+
+  private CommandDefinition buildBooleanCommand() {
+    return CommandDefinition.builder()
+        .name("bool-cmd")
+        .description("Boolean parsing test")
+        .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build();
+  }
+
+  private CommandDefinition buildValueCommand() {
+    return CommandDefinition.builder()
+        .name("value-cmd")
+        .description("Value parsing test")
+        .option("amount", "Amount", true, OptionDef.Type.LONG)
+        .option("offset", "Offset", false, OptionDef.Type.LONG)
+        .option("note", "Note", false)
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build();
+  }
+
+  private CommandDefinition buildRequiredBooleanCommand() {
+    return CommandDefinition.builder()
+        .name("approve-cmd")
+        .description("Required boolean parsing test")
+        .option("approve", "Approve", true, OptionDef.Type.BOOLEAN)
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build();
+  }
+
+  @Test
+  public void booleanFlagWithoutValueParsesAsTrue() {
+    ParsedOptions opts = buildBooleanCommand().parseArgs(new String[]{"--multi"});
+    Assert.assertTrue(opts.getBoolean("multi"));
+    Assert.assertEquals("true", opts.getString("multi"));
+  }
+
+  @Test
+  public void booleanFlagAcceptsExplicitFalseInline() {
+    ParsedOptions opts = buildBooleanCommand().parseArgs(new String[]{"--multi=false"});
+    Assert.assertFalse(opts.getBoolean("multi"));
+    Assert.assertEquals("false", opts.getString("multi"));
+  }
+
+  @Test
+  public void booleanFlagAcceptsExplicitTrueInline() {
+    ParsedOptions opts = buildBooleanCommand().parseArgs(new String[]{"--multi=true"});
+    Assert.assertTrue(opts.getBoolean("multi"));
+  }
+
+  @Test
+  public void booleanFlagAcceptsInlineValueAndCanonicalizesStorage() {
+    ParsedOptions opts = buildBooleanCommand().parseArgs(new String[]{"--multi=yes"});
+
+    Assert.assertTrue(opts.getBoolean("multi"));
+    Assert.assertEquals("true", opts.getString("multi"));
+  }
+
+  @Test
+  public void requiredBooleanOptionMayBeProvidedAsBareFlag() {
+    ParsedOptions opts = buildRequiredBooleanCommand().parseArgs(new String[]{"--approve"});
+
+    Assert.assertTrue(opts.getBoolean("approve"));
+    Assert.assertEquals("true", opts.getString("approve"));
+  }
+
+  @Test
+  public void parseSupportsLongOptionInlineValueSyntax() {
+    ParsedOptions opts = buildValueCommand().parseArgs(new String[]{"--amount=1", "--note=hello"});
+
+    Assert.assertEquals(1L, opts.getLong("amount"));
+    Assert.assertEquals("hello", opts.getString("note"));
+  }
+
+  @Test
+  public void parseAllowsNegativeNumericValueTokensForValuedOptions() {
+    ParsedOptions opts = buildValueCommand().parseArgs(new String[]{"--amount", "1", "--offset", "-1"});
+
+    Assert.assertEquals(-1L, opts.getLong("offset"));
+  }
+
+  @Test
+  public void shortMultiFlagOnlyWorksWhenMultiIsDeclared() {
+    ParsedOptions opts = buildBooleanCommand().parseArgs(new String[]{"-m"});
+
+    Assert.assertTrue(opts.getBoolean("multi"));
+    Assert.assertEquals("true", opts.getString("multi"));
+  }
+
+  @Test
+  public void parseRejectsUnknownLongOption() {
+    assertUsageError(buildValueCommand(), new String[]{"--unknown", "1"},
+        "Unknown option: --unknown");
+  }
+
+  @Test
+  public void parseRejectsUnknownShortOption() {
+    assertUsageError(buildValueCommand(), new String[]{"-x"},
+        "Unknown option: -x");
+  }
+
+  @Test
+  public void parseRejectsBarePositionalTokens() {
+    assertUsageError(buildValueCommand(), new String[]{"literal"},
+        "Unexpected argument: literal");
+  }
+
+  @Test
+  public void parseRejectsEmptyOptionName() {
+    assertUsageError(buildValueCommand(), new String[]{"--"},
+        "Empty option name: --");
+  }
+
+  @Test
+  public void parseRejectsMissingNonBooleanValue() {
+    assertUsageError(buildValueCommand(), new String[]{"--amount"},
+        "Missing value for --amount");
+    assertUsageError(buildValueCommand(), new String[]{"--amount", "--note", "x"},
+        "Missing value for --amount");
+  }
+
+  @Test
+  public void parseRejectsEmptyInlineAndSplitNonBooleanValues() {
+    assertUsageError(buildValueCommand(), new String[]{"--amount="},
+        "Missing or empty value for --amount");
+    assertUsageError(buildValueCommand(), new String[]{"--amount", ""},
+        "Missing or empty value for --amount");
+  }
+
+  @Test
+  public void parseRejectsInvalidBooleanValues() {
+    assertUsageError(buildBooleanCommand(), new String[]{"--multi=maybe"},
+        "Option --multi requires a boolean value (true/false/1/0/yes/no), got: maybe");
+  }
+
+  @Test
+  public void booleanFlagDoesNotConsumeFollowingBareToken() {
+    assertUsageError(buildBooleanCommand(), new String[]{"--multi", "maybe"},
+        "Unexpected argument: maybe");
+  }
+
+  @Test
+  public void booleanFlagDoesNotConsumeFollowingShortOptionLikeToken() {
+    assertUsageError(buildBooleanCommand(), new String[]{"--multi", "-1"},
+        "Unknown option: -1");
+  }
+
+  @Test
+  public void parseRejectsShortMultiWhenCommandDoesNotDeclareIt() {
+    assertUsageError(buildValueCommand(), new String[]{"-m"},
+        "Option -m is only supported for commands with --multi");
+  }
+
+  @Test
+  public void parseRejectsRepeatedValuedOption() {
+    assertUsageError(buildValueCommand(), new String[]{"--amount", "1", "--amount", "2"},
+        "Repeated option: --amount");
+  }
+
+  @Test
+  public void parseAllowsRepeatedBooleanWithSameEffectiveMeaning() {
+    ParsedOptions opts = buildBooleanCommand().parseArgs(new String[]{"--multi", "--multi=true", "--multi=yes"});
+
+    Assert.assertTrue(opts.getBoolean("multi"));
+    Assert.assertEquals("true", opts.getString("multi"));
+  }
+
+  @Test
+  public void parseRejectsRepeatedBooleanWithConflictingMeaning() {
+    assertUsageError(buildBooleanCommand(), new String[]{"--multi", "--multi=false"},
+        "Conflicting values for option: --multi");
+  }
+
+  @Test
+  public void parseRejectsMalformedContractStyleMissingValueEarly() {
+    CommandDefinition command = CommandDefinition.builder()
+        .name("contract-cmd")
+        .description("Contract parsing test")
+        .option("contract", "Contract", true)
+        .option("method", "Method", true)
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build();
+
+    assertUsageError(command, new String[]{"--contract", "--method", "balanceOf(address)"},
+        "Missing value for --contract");
+    assertUsageError(command, new String[]{"--contract=", "--method", "balanceOf(address)"},
+        "Missing or empty value for --contract");
+  }
+
+  @Test
+  public void parseRejectsMissingRequiredOptionsAfterSyntaxParsing() {
+    assertUsageError(buildRequiredBooleanCommand(), new String[0],
+        "Missing required option(s): --approve");
+  }
+
+  @Test
+  public void authPolicyDefaultsToRequire() {
+    CommandDefinition command = buildValueCommand();
+
+    Assert.assertEquals(CommandDefinition.AuthPolicy.REQUIRE,
+        command.resolveAuthPolicy(command.parseArgs(new String[]{"--amount", "1"})));
+  }
+
+  @Test
+  public void authPolicyResolverMayDependOnParsedOptions() {
+    CommandDefinition command = CommandDefinition.builder()
+        .name("conditional-auth")
+        .description("Conditional auth")
+        .option("address", "Address", false)
+        .authPolicyResolver(opts -> opts.has("address")
+            ? CommandDefinition.AuthPolicy.NEVER
+            : CommandDefinition.AuthPolicy.REQUIRE)
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build();
+
+    Assert.assertEquals(CommandDefinition.AuthPolicy.NEVER,
+        command.resolveAuthPolicy(command.parseArgs(new String[]{"--address", "TXYZ"})));
+    Assert.assertEquals(CommandDefinition.AuthPolicy.REQUIRE,
+        command.resolveAuthPolicy(command.parseArgs(new String[0])));
+  }
+
+  @Test
+  public void registryRejectsCommandNameConflict() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(buildBooleanCommand());
+    try {
+      registry.add(buildBooleanCommand());
+      Assert.fail("Expected IllegalStateException for duplicate command name");
+    } catch (IllegalStateException e) {
+      Assert.assertTrue(e.getMessage().contains("bool-cmd"));
+    }
+  }
+
+  @Test
+  public void registryRejectsAliasConflictWithExistingCommandName() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .name("first-cmd")
+        .description("First")
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build());
+    try {
+      registry.add(CommandDefinition.builder()
+          .name("second-cmd")
+          .aliases("first-cmd")
+          .description("Second")
+          .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+          .build());
+      Assert.fail("Expected IllegalStateException for alias conflicting with existing command name");
+    } catch (IllegalStateException e) {
+      Assert.assertTrue(e.getMessage().contains("first-cmd"));
+      Assert.assertTrue(e.getMessage().contains("second-cmd"));
+    }
+  }
+
+  @Test
+  public void registryRejectsAliasConflictWithExistingAlias() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .name("first-cmd")
+        .aliases("shared-alias")
+        .description("First")
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build());
+    try {
+      registry.add(CommandDefinition.builder()
+          .name("second-cmd")
+          .aliases("shared-alias")
+          .description("Second")
+          .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+          .build());
+      Assert.fail("Expected IllegalStateException for alias conflicting with existing alias");
+    } catch (IllegalStateException e) {
+      Assert.assertTrue(e.getMessage().contains("shared-alias"));
+    }
+  }
+
+  private void assertUsageError(CommandDefinition command, String[] args, String expectedMessage) {
+    try {
+      command.parseArgs(args);
+      Assert.fail("Expected usage error: " + expectedMessage);
+    } catch (CliUsageException e) {
+      Assert.assertEquals(expectedMessage, e.getMessage());
+    }
+  }
+}
diff --git a/src/test/java/org/tron/walletcli/cli/GlobalOptionsTest.java b/src/test/java/org/tron/walletcli/cli/GlobalOptionsTest.java
new file mode 100644
index 00000000..f7caf51d
--- /dev/null
+++ b/src/test/java/org/tron/walletcli/cli/GlobalOptionsTest.java
@@ -0,0 +1,179 @@
+package org.tron.walletcli.cli;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class GlobalOptionsTest {
+
+  @Test
+  public void parseThrowsWhenGlobalOptionValueIsMissing() {
+    assertMissingValue("--output");
+    assertMissingValue("--network");
+    assertMissingValue("--wallet");
+    assertMissingValue("--grpc-endpoint");
+  }
+
+  @Test
+  public void parseFailsFastWhenNetworkValueIsMissingBeforeAnotherFlag() {
+    try {
+      GlobalOptions.parse(new String[]{"--network", "--output", "json", "send-coin"});
+      Assert.fail("Expected missing value error for --network");
+    } catch (CliUsageException e) {
+      Assert.assertEquals("Missing value for --network", e.getMessage());
+    }
+  }
+
+  @Test
+  public void parseSupportsInlineValuedGlobalOptions() {
+    GlobalOptions opts = GlobalOptions.parse(new String[]{
+        "--output=json",
+        "--network=nile",
+        "--wallet=alpha",
+        "--grpc-endpoint=127.0.0.1:50051",
+        "get-balance",
+        "--address",
+        "TXYZ"
+    });
+
+    Assert.assertEquals("json", opts.getOutput());
+    Assert.assertEquals("nile", opts.getNetwork());
+    Assert.assertEquals("alpha", opts.getWallet());
+    Assert.assertEquals("127.0.0.1:50051", opts.getGrpcEndpoint());
+    Assert.assertEquals("get-balance", opts.getCommand());
+    Assert.assertArrayEquals(new String[]{"--address", "TXYZ"}, opts.getCommandArgs());
+  }
+
+  @Test
+  public void parseRejectsInvalidEnumeratedGlobalOptionValues() {
+    assertInvalidValue("--output", "yaml");
+    assertInvalidValue("--network", "beta");
+  }
+
+  @Test
+  public void parseDoesNotTreatCommandTokenAsNetworkValue() {
+    try {
+      GlobalOptions.parse(new String[]{"--network", "send-coin", "--to", "TXYZ"});
+      Assert.fail("Expected invalid value error for --network");
+    } catch (CliUsageException e) {
+      Assert.assertEquals("Invalid value for --network: send-coin", e.getMessage());
+    }
+  }
+
+  @Test
+  public void parseNormalizesCommandAndPreservesPostCommandTokens() {
+    GlobalOptions opts = GlobalOptions.parse(new String[]{
+        "--output", "json",
+        "Get-Balance",
+        "--network=nile",
+        "-h",
+        "value"
+    });
+
+    Assert.assertEquals("get-balance", opts.getCommand());
+    Assert.assertArrayEquals(new String[]{"--network=nile", "-h", "value"}, opts.getCommandArgs());
+  }
+
+  @Test
+  public void parseTreatsPreCommandHelpAsGlobalHelpOnly() {
+    GlobalOptions opts = GlobalOptions.parse(new String[]{"-h", "Get-Balance"});
+
+    Assert.assertTrue(opts.isHelp());
+    Assert.assertEquals("get-balance", opts.getCommand());
+    Assert.assertArrayEquals(new String[0], opts.getCommandArgs());
+  }
+
+  @Test
+  public void parseRejectsUnknownPreCommandGlobalOption() {
+    assertUsageError(new String[]{"--outputt", "json", "get-balance"},
+        "Unknown global option: --outputt");
+  }
+
+  @Test
+  public void parseRejectsUnsupportedShortOption() {
+    assertUsageError(new String[]{"-v", "get-balance"},
+        "Unknown global option: -v");
+  }
+
+  @Test
+  public void parseRejectsEmptyInlineGlobalValues() {
+    assertUsageError(new String[]{"--output="}, "Missing or empty value for --output");
+    assertUsageError(new String[]{"--wallet="}, "Missing or empty value for --wallet");
+  }
+
+  @Test
+  public void parseRejectsInlineValuesForFlags() {
+    assertUsageError(new String[]{"--quiet=true"}, "Option --quiet does not take a value");
+    assertUsageError(new String[]{"--help=yes"}, "Option --help does not take a value");
+    assertUsageError(new String[]{"-h=yes"}, "Option -h does not take a value");
+  }
+
+  @Test
+  public void parseRejectsRepeatedValuedGlobalOptions() {
+    assertUsageError(new String[]{"--network", "nile", "--network", "main", "get-balance"},
+        "Repeated global option: --network");
+    assertUsageError(new String[]{"--output", "json", "--output=text", "get-balance"},
+        "Repeated global option: --output");
+  }
+
+  @Test
+  public void parseAllowsRepeatedIdempotentBooleanFlags() {
+    GlobalOptions opts = GlobalOptions.parse(new String[]{
+        "--verbose",
+        "--verbose",
+        "--help",
+        "-h",
+        "get-balance"
+    });
+
+    Assert.assertTrue(opts.isVerbose());
+    Assert.assertTrue(opts.isHelp());
+    Assert.assertEquals("get-balance", opts.getCommand());
+  }
+
+  @Test
+  public void parseRejectsConflictingQuietAndVerboseFlags() {
+    assertUsageError(new String[]{"--quiet", "--verbose", "get-balance"},
+        "Conflicting global options: --quiet and --verbose");
+    assertUsageError(new String[]{"--verbose", "--quiet", "get-balance"},
+        "Conflicting global options: --quiet and --verbose");
+  }
+
+  @Test
+  public void getCommandArgsReturnsDefensiveCopy() {
+    GlobalOptions opts = GlobalOptions.parse(new String[]{"send-coin", "--to", "TXYZ"});
+
+    String[] first = opts.getCommandArgs();
+    first[0] = "mutated";
+
+    String[] second = opts.getCommandArgs();
+    Assert.assertEquals("--to", second[0]);
+    Assert.assertEquals("TXYZ", second[1]);
+  }
+
+  private void assertMissingValue(String option) {
+    try {
+      GlobalOptions.parse(new String[]{option});
+      Assert.fail("Expected missing value error for " + option);
+    } catch (CliUsageException e) {
+      Assert.assertEquals("Missing value for " + option, e.getMessage());
+    }
+  }
+
+  private void assertInvalidValue(String option, String value) {
+    try {
+      GlobalOptions.parse(new String[]{option, value});
+      Assert.fail("Expected invalid value error for " + option);
+    } catch (CliUsageException e) {
+      Assert.assertEquals("Invalid value for " + option + ": " + value, e.getMessage());
+    }
+  }
+
+  private void assertUsageError(String[] args, String expectedMessage) {
+    try {
+      GlobalOptions.parse(args);
+      Assert.fail("Expected usage error: " + expectedMessage);
+    } catch (CliUsageException e) {
+      Assert.assertEquals(expectedMessage, e.getMessage());
+    }
+  }
+}
diff --git a/src/test/java/org/tron/walletcli/cli/OutputFormatterTest.java b/src/test/java/org/tron/walletcli/cli/OutputFormatterTest.java
new file mode 100644
index 00000000..22e13f0d
--- /dev/null
+++ b/src/test/java/org/tron/walletcli/cli/OutputFormatterTest.java
@@ -0,0 +1,68 @@
+package org.tron.walletcli.cli;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class OutputFormatterTest {
+
+  @Test
+  public void rawMessageUsesStableJsonEnvelope() {
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    try {
+      OutputFormatter formatter = new OutputFormatter(
+          OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+      formatter.raw("hello");
+      formatter.flush();
+
+      String json = stdout.toString(StandardCharsets.UTF_8.name());
+      JsonObject root = JsonParser.parseString(json).getAsJsonObject();
+      Assert.assertTrue(root.get("success").getAsBoolean());
+      Assert.assertTrue(root.has("data") && root.get("data").isJsonObject());
+      Assert.assertEquals("hello", root.getAsJsonObject("data").get("message").getAsString());
+    } catch (Exception e) {
+      Assert.fail("Unexpected exception: " + e.getMessage());
+    }
+  }
+
+  @Test
+  public void jsonArraysAreWrappedUnderResultField() throws Exception {
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+    formatter.printMessage("[1,2,3]", "failed");
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    JsonObject root = JsonParser.parseString(json).getAsJsonObject();
+    Assert.assertTrue(root.get("success").getAsBoolean());
+    Assert.assertTrue(root.has("data") && root.get("data").isJsonObject());
+    Assert.assertTrue(root.getAsJsonObject("data").has("result"));
+    Assert.assertTrue(root.getAsJsonObject("data").get("result").isJsonArray());
+  }
+
+  @Test
+  public void duplicateOutcomeCollapsesToSingleExecutionError() throws Exception {
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+    formatter.successMessage("ok");
+    try {
+      formatter.successMessage("again");
+      Assert.fail("Expected duplicate outcome to abort execution");
+    } catch (CliAbortException e) {
+      Assert.assertEquals(CliAbortException.Kind.EXECUTION, e.getKind());
+    }
+
+    formatter.flush();
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    JsonObject root = JsonParser.parseString(json).getAsJsonObject();
+    Assert.assertFalse(root.get("success").getAsBoolean());
+    Assert.assertEquals("execution_error", root.get("error").getAsString());
+    Assert.assertTrue(json.contains("Multiple terminal outcomes emitted"));
+  }
+}
diff --git a/src/test/java/org/tron/walletcli/cli/StandardCliRunnerTest.java b/src/test/java/org/tron/walletcli/cli/StandardCliRunnerTest.java
new file mode 100644
index 00000000..77f2af51
--- /dev/null
+++ b/src/test/java/org/tron/walletcli/cli/StandardCliRunnerTest.java
@@ -0,0 +1,1026 @@
+package org.tron.walletcli.cli;
+
+import org.bouncycastle.util.encoders.Hex;
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.common.utils.Utils;
+import org.tron.keystore.WalletFile;
+import org.tron.keystore.WalletUtils;
+import org.tron.trident.proto.Response;
+import org.tron.walletcli.WalletApiWrapper;
+import org.tron.walletcli.cli.commands.ContractCommands;
+import org.tron.walletcli.cli.commands.MiscCommands;
+import org.tron.walletcli.cli.commands.QueryCommands;
+import org.tron.walletcli.cli.commands.TransactionCommands;
+import org.tron.walletcli.cli.commands.WalletCommands;
+import org.tron.walletcli.cli.commands.WitnessCommands;
+import org.tron.walletserver.ApiClient;
+import org.tron.walletserver.WalletApi;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.InputStream;
+import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+public class StandardCliRunnerTest {
+
+  @Test
+  public void usageErrorDoesNotTerminateJvmAndRestoresStreams() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("needs-arg")
+        .description("Command with a required option")
+        .option("value", "Required value", true)
+        .handler((ctx, opts, wrapper, out) -> {
+          Map<String, Object> json = new LinkedHashMap<String, Object>();
+          json.put("value", opts.getString("value"));
+          out.success("ok", json);
+        })
+        .build());
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("ok")
+        .description("Simple success command")
+        .handler((ctx, opts, wrapper, out) -> {
+          Map<String, Object> json = Collections.<String, Object>singletonMap("status", "ok");
+          out.success("ok", json);
+        })
+        .build());
+
+    ByteArrayOutputStream firstStdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream firstStderr = new ByteArrayOutputStream();
+    PrintStream firstOut = new PrintStream(firstStdout);
+    PrintStream firstErr = new PrintStream(firstStderr);
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    InputStream originalIn = System.in;
+    GlobalOptions badOpts = GlobalOptions.parse(new String[]{"--output", "json", "needs-arg"});
+    int exitCode = new StandardCliRunner(registry, badOpts, firstOut, firstErr).execute();
+
+    Assert.assertEquals(2, exitCode);
+    String json = new String(firstStdout.toByteArray(), StandardCharsets.UTF_8);
+    Assert.assertTrue(json.contains("\"success\": false"));
+    Assert.assertTrue(json.contains("\"error\": \"usage_error\""));
+    Assert.assertSame(originalOut, System.out);
+    Assert.assertSame(originalErr, System.err);
+    Assert.assertSame(originalIn, System.in);
+
+    ByteArrayOutputStream secondStdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream secondStderr = new ByteArrayOutputStream();
+    PrintStream secondOut = new PrintStream(secondStdout);
+    PrintStream secondErr = new PrintStream(secondStderr);
+    GlobalOptions okOpts = GlobalOptions.parse(new String[]{"--output", "json", "ok"});
+    exitCode = new StandardCliRunner(registry, okOpts, secondOut, secondErr).execute();
+
+    Assert.assertEquals(0, exitCode);
+    json = new String(secondStdout.toByteArray(), StandardCharsets.UTF_8);
+    Assert.assertTrue(json.contains("\"success\": true"));
+    Assert.assertTrue(json.contains("\"status\": \"ok\""));
+    Assert.assertEquals("", new String(secondStderr.toByteArray(), StandardCharsets.UTF_8));
+    Assert.assertSame(originalOut, System.out);
+    Assert.assertSame(originalErr, System.err);
+    Assert.assertSame(originalIn, System.in);
+  }
+
+  @Test
+  public void executionErrorDoesNotTerminateJvmAndReturnsExitCodeOne() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("boom")
+        .description("Command that fails")
+        .handler((ctx, opts, wrapper, out) -> out.error("boom", "simulated failure"))
+        .build());
+
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+    PrintStream testOut = new PrintStream(stdout);
+    PrintStream testErr = new PrintStream(stderr);
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    InputStream originalIn = System.in;
+    GlobalOptions opts = GlobalOptions.parse(new String[]{"--output", "json", "boom"});
+    int exitCode = new StandardCliRunner(registry, opts, testOut, testErr).execute();
+
+    Assert.assertEquals(1, exitCode);
+    String json = new String(stdout.toByteArray(), StandardCharsets.UTF_8);
+    Assert.assertTrue(json.contains("\"success\": false"));
+    Assert.assertTrue(json.contains("\"error\": \"boom\""));
+    Assert.assertEquals("", new String(stderr.toByteArray(), StandardCharsets.UTF_8));
+    Assert.assertSame(originalOut, System.out);
+    Assert.assertSame(originalErr, System.err);
+    Assert.assertSame(originalIn, System.in);
+  }
+
+  @Test
+  public void commandErrorExceptionIsRenderedByRunnerAsExecutionError() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("structured-boom")
+        .description("Command that throws structured errors")
+        .handler((ctx, opts, wrapper, out) -> {
+          throw new CommandErrorException("query_failed", "structured failure");
+        })
+        .build());
+
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"--output", "json", "structured-boom"});
+      int exitCode = new StandardCliRunner(
+          registry, opts, new PrintStream(stdout), new PrintStream(stderr)).execute();
+
+      Assert.assertEquals(1, exitCode);
+      String json = stdout.toString(StandardCharsets.UTF_8.name());
+      Assert.assertTrue(json.contains("\"success\": false"));
+      Assert.assertTrue(json.contains("\"error\": \"query_failed\""));
+      Assert.assertTrue(json.contains("structured failure"));
+      Assert.assertEquals("", stderr.toString(StandardCharsets.UTF_8.name()));
+    } catch (Exception e) {
+      Assert.fail("Unexpected exception: " + e.getMessage());
+    } finally {
+      Assert.assertSame(originalOut, System.out);
+      Assert.assertSame(originalErr, System.err);
+    }
+  }
+
+  @Test
+  public void missingOutcomeBecomesExecutionError() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("silent")
+        .description("Command that does not emit an outcome")
+        .handler((ctx, opts, wrapper, out) -> {
+        })
+        .build());
+
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"--output", "json", "silent"});
+      int exitCode = new StandardCliRunner(
+          registry, opts, new PrintStream(stdout), new PrintStream(stderr)).execute();
+
+      Assert.assertEquals(1, exitCode);
+      String json = stdout.toString(StandardCharsets.UTF_8.name());
+      Assert.assertTrue(json.contains("\"success\": false"));
+      Assert.assertTrue(json.contains("\"error\": \"execution_error\""));
+      Assert.assertTrue(json.contains("Command completed without emitting an outcome"));
+      Assert.assertEquals("", stderr.toString(StandardCharsets.UTF_8.name()));
+    } catch (Exception e) {
+      Assert.fail("Unexpected exception: " + e.getMessage());
+    } finally {
+      Assert.assertSame(originalOut, System.out);
+      Assert.assertSame(originalErr, System.err);
+    }
+  }
+
+  @Test
+  public void commandParserSyntaxFailuresMapToUsageErrorExitCodeTwo() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("value")
+        .description("Command with required value")
+        .option("amount", "Amount", true, OptionDef.Type.LONG)
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build());
+
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+    PrintStream testOut = new PrintStream(stdout);
+    PrintStream testErr = new PrintStream(stderr);
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    InputStream originalIn = System.in;
+    GlobalOptions opts = GlobalOptions.parse(new String[]{"--output", "json", "value", "--amount="});
+    int exitCode = new StandardCliRunner(registry, opts, testOut, testErr).execute();
+
+    Assert.assertEquals(2, exitCode);
+    String json = new String(stdout.toByteArray(), StandardCharsets.UTF_8);
+    Assert.assertTrue(json.contains("\"success\": false"));
+    Assert.assertTrue(json.contains("\"error\": \"usage_error\""));
+    Assert.assertTrue(json.contains("Missing or empty value for --amount"));
+    Assert.assertEquals("", new String(stderr.toByteArray(), StandardCharsets.UTF_8));
+    Assert.assertSame(originalOut, System.out);
+    Assert.assertSame(originalErr, System.err);
+    Assert.assertSame(originalIn, System.in);
+  }
+
+  @Test
+  public void sequentialJsonRunsUseProvidedStreamsWithoutGlobalMutation() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("ok")
+        .description("Simple success command")
+        .handler((ctx, opts, wrapper, out) -> out.success("ok",
+            Collections.<String, Object>singletonMap("status", "ok")))
+        .build());
+
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+
+    ByteArrayOutputStream firstStdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream firstStderr = new ByteArrayOutputStream();
+    GlobalOptions firstOpts = GlobalOptions.parse(new String[]{"--output", "json", "ok"});
+    int firstExitCode = new StandardCliRunner(
+        registry, firstOpts, new PrintStream(firstStdout), new PrintStream(firstStderr)).execute();
+
+    ByteArrayOutputStream secondStdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream secondStderr = new ByteArrayOutputStream();
+    GlobalOptions secondOpts = GlobalOptions.parse(new String[]{"--output", "json", "ok"});
+    int secondExitCode = new StandardCliRunner(
+        registry, secondOpts, new PrintStream(secondStdout), new PrintStream(secondStderr)).execute();
+
+    Assert.assertEquals(0, firstExitCode);
+    Assert.assertEquals(0, secondExitCode);
+    Assert.assertTrue(firstStdout.toString().contains("\"success\": true"));
+    Assert.assertTrue(secondStdout.toString().contains("\"success\": true"));
+    Assert.assertEquals("", firstStderr.toString());
+    Assert.assertEquals("", secondStderr.toString());
+    Assert.assertSame(originalOut, System.out);
+    Assert.assertSame(originalErr, System.err);
+  }
+
+  @Test
+  public void standardCliDoesNotEnableEnvPasswordInputFallback() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("check-env-password-input")
+        .description("Checks env-password input scope")
+        .handler((ctx, opts, wrapper, out) -> {
+          Assert.assertFalse(Utils.isEnvPasswordInputEnabled());
+          out.raw("ok");
+        })
+        .build());
+
+    Utils.setEnvPasswordInputEnabled(false);
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"check-env-password-input"});
+      int exitCode = new StandardCliRunner(registry, opts).execute();
+
+      Assert.assertEquals(0, exitCode);
+      Assert.assertFalse(Utils.isEnvPasswordInputEnabled());
+    } finally {
+      Utils.setEnvPasswordInputEnabled(false);
+    }
+  }
+
+  @Test
+  public void requireCommandFailsWhenWalletDirectoryIsMissing() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    boolean[] handlerCalled = {false};
+    registry.add(CommandDefinition.builder()
+        .name("needs-wallet")
+        .description("Command requiring auth")
+        .handler((ctx, opts, wrapper, out) -> {
+          handlerCalled[0] = true;
+          out.raw("ok");
+        })
+        .build());
+
+    String originalUserDir = System.getProperty("user.dir");
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    File tempDir = Files.createTempDirectory("runner-no-wallet").toFile();
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"needs-wallet"});
+      int exitCode = new StandardCliRunner(registry, opts, () -> "TempPass123!A").execute();
+
+      Assert.assertEquals(1, exitCode);
+      Assert.assertFalse(handlerCalled[0]);
+      Assert.assertEquals("", stdout.toString("UTF-8"));
+      Assert.assertTrue(stderr.toString("UTF-8").contains("Wallet directory not found"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+      System.setProperty("user.dir", originalUserDir);
+      tempDir.delete();
+    }
+  }
+
+  @Test
+  public void neverAuthCommandIgnoresMissingWalletDirectory() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("ok")
+        .description("Simple success command")
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build());
+
+    String originalUserDir = System.getProperty("user.dir");
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    File tempDir = Files.createTempDirectory("runner-no-wallet-never").toFile();
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"ok"});
+      int exitCode = new StandardCliRunner(registry, opts).execute();
+
+      Assert.assertEquals(0, exitCode);
+      Assert.assertEquals("ok\n", stdout.toString("UTF-8"));
+      Assert.assertEquals("", stderr.toString("UTF-8"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+      System.setProperty("user.dir", originalUserDir);
+      tempDir.delete();
+    }
+  }
+
+  @Test
+  public void walletOverrideResolvesPathFileNameAndWalletName() throws Exception {
+    File walletDir = Files.createTempDirectory("runner-wallet-override").toFile();
+    File walletFile = createWalletFile(walletDir, "alpha", "0000000000000000000000000000000000000000000000000000000000000001");
+
+    Assert.assertEquals(walletFile.getAbsolutePath(),
+        StandardCliRunner.resolveWalletOverride(walletDir, walletFile.getAbsolutePath()).getAbsolutePath());
+    Assert.assertEquals(walletFile.getAbsolutePath(),
+        StandardCliRunner.resolveWalletOverride(walletDir, walletFile.getName()).getAbsolutePath());
+    Assert.assertEquals(walletFile.getAbsolutePath(),
+        StandardCliRunner.resolveWalletOverride(walletDir, "alpha").getAbsolutePath());
+  }
+
+  @Test
+  public void globalWalletOverrideIsExposedViaCommandContext() {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("inspect")
+        .description("Expose command context to the handler")
+        .handler((ctx, opts, wrapper, out) -> {
+          Assert.assertEquals("/tmp/example-wallet.json", ctx.getWalletOverride());
+          out.raw("ok");
+        })
+        .build());
+
+    GlobalOptions opts = GlobalOptions.parse(
+        new String[]{"--wallet", "/tmp/example-wallet.json", "inspect"});
+    int exitCode = new StandardCliRunner(registry, opts).execute();
+
+    Assert.assertEquals(0, exitCode);
+  }
+
+  @Test
+  public void walletOverrideRejectsAmbiguousWalletNames() throws Exception {
+    File walletDir = Files.createTempDirectory("runner-wallet-ambiguous").toFile();
+    createWalletFile(walletDir, "duplicate", "0000000000000000000000000000000000000000000000000000000000000001");
+    createWalletFile(walletDir, "duplicate", "0000000000000000000000000000000000000000000000000000000000000002");
+
+    try {
+      StandardCliRunner.resolveWalletOverride(walletDir, "duplicate");
+      Assert.fail("Expected ambiguous wallet name to be rejected");
+    } catch (IllegalArgumentException e) {
+      Assert.assertTrue(e.getMessage().contains("Multiple wallets found with name 'duplicate'"));
+    }
+  }
+
+  @Test
+  public void requireCommandUsesExplicitWalletPathWithoutWalletDirectory() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .name("needs-wallet")
+        .description("Command requiring auth")
+        .handler((ctx, opts, wrapper, out) -> {
+          Assert.assertTrue(wrapper.isLoginState());
+          Assert.assertNotNull(ctx.getResolvedAuthWalletFile());
+          Assert.assertTrue(ctx.getResolvedAuthWalletFile().isFile());
+          out.raw("ok");
+        })
+        .build());
+
+    String originalUserDir = System.getProperty("user.dir");
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    File tempDir = Files.createTempDirectory("runner-wallet-explicit").toFile();
+    File externalDir = Files.createTempDirectory("runner-wallet-explicit-file").toFile();
+    File walletFile = createWalletFile(externalDir, "alpha", "0000000000000000000000000000000000000000000000000000000000000001");
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{
+          "--wallet", walletFile.getAbsolutePath(), "needs-wallet"
+      });
+      int exitCode = new StandardCliRunner(registry, opts, () -> "TempPass123!A").execute();
+
+      Assert.assertEquals(0, exitCode);
+      Assert.assertTrue(stdout.toString("UTF-8").contains("ok"));
+      Assert.assertTrue(stderr.toString("UTF-8").contains("Authenticated with wallet"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+      System.setProperty("user.dir", originalUserDir);
+    }
+  }
+
+  @Test
+  public void requireCommandFailsWhenMasterPasswordIsMissing() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    boolean[] handlerCalled = {false};
+    registry.add(CommandDefinition.builder()
+        .name("needs-wallet")
+        .description("Command requiring auth")
+        .handler((ctx, opts, wrapper, out) -> {
+          handlerCalled[0] = true;
+          out.raw("ok");
+        })
+        .build());
+
+    String originalUserDir = System.getProperty("user.dir");
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    File tempDir = Files.createTempDirectory("runner-wallet-missing-password").toFile();
+    File walletDir = new File(tempDir, "Wallet");
+    Assert.assertTrue(walletDir.mkdirs());
+    File walletFile = createWalletFile(walletDir, "alpha", "0000000000000000000000000000000000000000000000000000000000000001");
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      ActiveWalletConfig.setActiveAddress(readWalletAddress(walletFile));
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"needs-wallet"});
+      int exitCode = new StandardCliRunner(registry, opts, () -> null).execute();
+
+      Assert.assertEquals(1, exitCode);
+      Assert.assertFalse(handlerCalled[0]);
+      Assert.assertEquals("", stdout.toString("UTF-8"));
+      Assert.assertTrue(stderr.toString("UTF-8").contains("MASTER_PASSWORD is required"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+      System.setProperty("user.dir", originalUserDir);
+    }
+  }
+
+  @Test
+  public void requireCommandFailsWhenMasterPasswordIsInvalid() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    boolean[] handlerCalled = {false};
+    registry.add(CommandDefinition.builder()
+        .name("needs-wallet")
+        .description("Command requiring auth")
+        .handler((ctx, opts, wrapper, out) -> {
+          handlerCalled[0] = true;
+          out.raw("ok");
+        })
+        .build());
+
+    String originalUserDir = System.getProperty("user.dir");
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    File tempDir = Files.createTempDirectory("runner-wallet-invalid-password").toFile();
+    File walletDir = new File(tempDir, "Wallet");
+    Assert.assertTrue(walletDir.mkdirs());
+    File walletFile = createWalletFile(walletDir, "alpha", "0000000000000000000000000000000000000000000000000000000000000001");
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      ActiveWalletConfig.setActiveAddress(readWalletAddress(walletFile));
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"needs-wallet"});
+      int exitCode = new StandardCliRunner(registry, opts, () -> "WrongPass123!B").execute();
+
+      Assert.assertEquals(1, exitCode);
+      Assert.assertFalse(handlerCalled[0]);
+      Assert.assertEquals("", stdout.toString("UTF-8"));
+      Assert.assertTrue(stderr.toString("UTF-8").contains("Invalid MASTER_PASSWORD"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+      System.setProperty("user.dir", originalUserDir);
+    }
+  }
+
+  @Test
+  public void grpcEndpointOverrideReplacesApiClientForCurrentRun() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("ok")
+        .description("Simple success command")
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build());
+
+    ApiClient originalApiCli = WalletApi.getApiCli();
+    String originalUserDir = System.getProperty("user.dir");
+    File tempDir = Files.createTempDirectory("runner-grpc-override").toFile();
+
+    try {
+      System.setProperty("user.dir", tempDir.getAbsolutePath());
+      GlobalOptions opts = GlobalOptions.parse(
+          new String[]{"--grpc-endpoint", "127.0.0.1:50051", "ok"});
+      int exitCode = new StandardCliRunner(registry, opts).execute();
+
+      Assert.assertEquals(0, exitCode);
+      Assert.assertNotSame(originalApiCli, WalletApi.getApiCli());
+    } finally {
+      WalletApi.setApiCli(originalApiCli);
+      System.setProperty("user.dir", originalUserDir);
+      tempDir.delete();
+    }
+  }
+
+  @Test
+  public void neverAuthCommandIgnoresBrokenActiveWalletConfig() throws Exception {
+    String originalUserDir = System.getProperty("user.dir");
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    File tempDir = Files.createTempDirectory("runner-broken-active-wallet").toFile();
+    File walletDir = new File(tempDir, "Wallet");
+    File activeConfig = new File(walletDir, ".active-wallet");
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    Assert.assertTrue(walletDir.mkdirs());
+    Files.write(activeConfig.toPath(), "{\"address\":\"TBrokenWalletAddress\"}".getBytes(StandardCharsets.UTF_8));
+
+    CommandRegistry registry = new CommandRegistry();
+    QueryCommands.register(registry);
+
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"--output", "json", "current-network"});
+      int exitCode = new StandardCliRunner(registry, opts, () -> "ShouldNotBeUsed").execute();
+
+      Assert.assertEquals(0, exitCode);
+      String json = stdout.toString("UTF-8");
+      Assert.assertTrue(json.contains("\"success\": true"));
+      Assert.assertFalse(json.contains("wallet_not_found"));
+      Assert.assertEquals("", stderr.toString("UTF-8"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+      System.setProperty("user.dir", originalUserDir);
+    }
+  }
+
+  @Test
+  public void autoAuthPolicyFollowsRegisteredCommandMetadata() {
+    CommandRegistry queryRegistry = new CommandRegistry();
+    QueryCommands.register(queryRegistry);
+
+    CommandDefinition getBalance = queryRegistry.lookup("get-balance");
+    Assert.assertFalse(StandardCliRunner.requiresAutoAuth(getBalance, getBalance.parseArgs(new String[]{
+        "--address", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL"
+    })));
+    Assert.assertTrue(StandardCliRunner.requiresAutoAuth(getBalance, getBalance.parseArgs(new String[0])));
+
+    CommandDefinition getUsdtBalance = queryRegistry.lookup("get-usdt-balance");
+    Assert.assertFalse(StandardCliRunner.requiresAutoAuth(getUsdtBalance, getUsdtBalance.parseArgs(new String[]{
+        "--address", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL"
+    })));
+    Assert.assertTrue(StandardCliRunner.requiresAutoAuth(getUsdtBalance, getUsdtBalance.parseArgs(new String[0])));
+
+    CommandDefinition gasFreeInfo = queryRegistry.lookup("gas-free-info");
+    Assert.assertFalse(StandardCliRunner.requiresAutoAuth(gasFreeInfo, gasFreeInfo.parseArgs(new String[]{
+        "--address", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL"
+    })));
+    Assert.assertTrue(StandardCliRunner.requiresAutoAuth(gasFreeInfo, gasFreeInfo.parseArgs(new String[0])));
+
+    CommandRegistry contractRegistry = new CommandRegistry();
+    ContractCommands.register(contractRegistry);
+
+    CommandDefinition triggerConstant = contractRegistry.lookup("trigger-constant-contract");
+    Assert.assertFalse(StandardCliRunner.requiresAutoAuth(triggerConstant, triggerConstant.parseArgs(new String[]{
+        "--owner", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+        "--contract", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+        "--method", "balanceOf(address)"
+    })));
+    Assert.assertTrue(StandardCliRunner.requiresAutoAuth(triggerConstant, triggerConstant.parseArgs(new String[]{
+        "--contract", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+        "--method", "balanceOf(address)"
+    })));
+
+    CommandDefinition estimateEnergy = contractRegistry.lookup("estimate-energy");
+    Assert.assertFalse(StandardCliRunner.requiresAutoAuth(estimateEnergy, estimateEnergy.parseArgs(new String[]{
+        "--owner", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+        "--contract", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+        "--method", "balanceOf(address)"
+    })));
+    Assert.assertTrue(StandardCliRunner.requiresAutoAuth(estimateEnergy, estimateEnergy.parseArgs(new String[]{
+        "--contract", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+        "--method", "balanceOf(address)"
+    })));
+
+    CommandRegistry walletRegistry = new CommandRegistry();
+    WalletCommands.register(walletRegistry);
+
+    CommandDefinition changePassword = walletRegistry.lookup("change-password");
+    Assert.assertFalse(StandardCliRunner.requiresAutoAuth(changePassword, changePassword.parseArgs(new String[0])));
+
+    CommandDefinition resetWallet = walletRegistry.lookup("reset-wallet");
+    Assert.assertFalse(StandardCliRunner.requiresAutoAuth(resetWallet, resetWallet.parseArgs(new String[0])));
+
+    CommandRegistry miscRegistry = new CommandRegistry();
+    MiscCommands.register(miscRegistry);
+    CommandDefinition transactionHistory = miscRegistry.lookup("view-transaction-history");
+    Assert.assertFalse(StandardCliRunner.requiresAutoAuth(transactionHistory, transactionHistory.parseArgs(new String[0])));
+  }
+
+  @Test
+  public void estimateEnergyEmitsStructuredJsonPayload() throws Exception {
+    PrintStream originalOut = System.out;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    System.setOut(new PrintStream(stdout));
+    try {
+      CommandRegistry registry = new CommandRegistry();
+      ContractCommands.register(registry);
+      CommandDefinition command = registry.lookup("estimate-energy");
+      ParsedOptions opts = command.parseArgs(new String[]{
+          "--owner", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+          "--contract", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+          "--method", "balanceOf(address)"
+      });
+      OutputFormatter formatter = new OutputFormatter(OutputFormatter.OutputMode.JSON, false);
+
+      command.getHandler().execute(CommandContext.empty(), opts, new WalletApiWrapper() {
+        @Override
+        public Response.EstimateEnergyMessage estimateEnergyMessage(
+            byte[] ownerAddress,
+            byte[] contractAddress,
+            long callValue,
+            byte[] data,
+            long tokenValue,
+            String tokenId) {
+          Response.EstimateEnergyMessage.Builder builder = Response.EstimateEnergyMessage.newBuilder();
+          builder.getResultBuilder().setResult(true);
+          builder.setEnergyRequired(321L);
+          return builder.build();
+        }
+      }, formatter);
+      formatter.flush();
+
+      String json = stdout.toString(StandardCharsets.UTF_8.name());
+      Assert.assertTrue(json.contains("\"success\": true"));
+      Assert.assertTrue(json.contains("\"data\": {"));
+      Assert.assertTrue(json.contains("\"result\": {"));
+      Assert.assertFalse(json.contains("\"message\": \"Estimate energy result ="));
+    } finally {
+      System.setOut(originalOut);
+    }
+  }
+
+  @Test
+  public void commandHelpUsesJsonEnvelopeInJsonMode() throws Exception {
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    CommandRegistry registry = new CommandRegistry();
+    QueryCommands.register(registry);
+
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"--output", "json", "get-balance", "--help"});
+      int exitCode = new StandardCliRunner(registry, opts).execute();
+
+      Assert.assertEquals(0, exitCode);
+      String json = stdout.toString("UTF-8");
+      Assert.assertTrue(json.contains("\"success\": true"));
+      Assert.assertTrue(json.contains("\"data\": {"));
+      Assert.assertTrue(json.contains("\"help\":"));
+      Assert.assertTrue(json.contains("Get the balance of an address"));
+      Assert.assertEquals("", stderr.toString("UTF-8"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+    }
+  }
+
+  @Test
+  public void commandHelpRemainsPlainTextInTextMode() throws Exception {
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    CommandRegistry registry = new CommandRegistry();
+    QueryCommands.register(registry);
+
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"get-balance", "--help"});
+      int exitCode = new StandardCliRunner(registry, opts).execute();
+
+      Assert.assertEquals(0, exitCode);
+      String text = stdout.toString("UTF-8");
+      Assert.assertTrue(text.contains("Get the balance of an address"));
+      Assert.assertFalse(text.contains("\"success\""));
+      Assert.assertEquals("", stderr.toString("UTF-8"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+    }
+  }
+
+  @Test
+  public void booleanFlagBeforeHelpDoesNotConsumeHelpToken() throws Exception {
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("bool-help")
+        .description("Boolean help command")
+        .option("multi", "Multi-signature mode", false, OptionDef.Type.BOOLEAN)
+        .handler((ctx, opts, wrapper, out) -> out.raw("ok"))
+        .build());
+
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"bool-help", "--multi", "-h"});
+      int exitCode = new StandardCliRunner(registry, opts).execute();
+
+      Assert.assertEquals(0, exitCode);
+      String text = stdout.toString("UTF-8");
+      Assert.assertTrue(text.contains("Boolean help command"));
+      Assert.assertFalse(text.contains("Unexpected argument"));
+      Assert.assertEquals("", stderr.toString("UTF-8"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+    }
+  }
+
+  @Test
+  public void helpTokenUsedAsOptionValueDoesNotTriggerCommandHelp() throws Exception {
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    CommandRegistry registry = new CommandRegistry();
+    registry.add(CommandDefinition.builder()
+        .authPolicy(CommandDefinition.AuthPolicy.NEVER)
+        .name("value-help")
+        .description("Value help command")
+        .option("note", "Note text", true)
+        .handler((ctx, opts, wrapper, out) -> out.raw(opts.getString("note")))
+        .build());
+
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"value-help", "--note", "-h"});
+      int exitCode = new StandardCliRunner(registry, opts).execute();
+
+      Assert.assertEquals(0, exitCode);
+      String text = stdout.toString("UTF-8");
+      Assert.assertEquals("-h\n", text);
+      Assert.assertFalse(text.contains("Value help command"));
+      Assert.assertEquals("", stderr.toString("UTF-8"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+    }
+  }
+
+  @Test
+  public void legacyInteractiveCommandsAreRejectedInJsonMode() throws Exception {
+    assertUnsupportedStandardCliJson("encoding-converter", true);
+    assertUnsupportedStandardCliJson("address-book", true);
+    assertUnsupportedStandardCliJson("view-transaction-history", true);
+    assertUnsupportedStandardCliJson("view-backup-records", true);
+    assertUnsupportedStandardCliJson("tronlink-multi-sign", false);
+  }
+
+  @Test
+  public void legacyInteractiveCommandsAreRejectedInTextMode() throws Exception {
+    assertUnsupportedStandardCliText("encoding-converter", true);
+    assertUnsupportedStandardCliText("address-book", true);
+    assertUnsupportedStandardCliText("view-transaction-history", true);
+    assertUnsupportedStandardCliText("view-backup-records", true);
+    assertUnsupportedStandardCliText("tronlink-multi-sign", false);
+  }
+
+  @Test
+  public void listWalletIgnoresMalformedActiveWalletConfig() throws Exception {
+    String originalUserDir = System.getProperty("user.dir");
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    File tempDir = Files.createTempDirectory("runner-list-wallet").toFile();
+    File walletDir = new File(tempDir, "Wallet");
+    File activeConfig = new File(walletDir, ".active-wallet");
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+
+    Assert.assertTrue(walletDir.mkdirs());
+    createWalletFile(walletDir, "alpha", "0000000000000000000000000000000000000000000000000000000000000001");
+    Files.write(activeConfig.toPath(), "{\"address\":123}".getBytes(StandardCharsets.UTF_8));
+
+    CommandRegistry registry = new CommandRegistry();
+    WalletCommands.register(registry);
+
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"--output", "json", "list-wallet"});
+      int exitCode = new StandardCliRunner(registry, opts).execute();
+
+      Assert.assertEquals(0, exitCode);
+      String json = stdout.toString("UTF-8");
+      Assert.assertTrue(json.contains("\"success\": true"));
+      Assert.assertTrue(json.contains("\"wallets\": ["));
+      Assert.assertTrue(json.contains("\"is-active\""));
+      Assert.assertEquals("", stderr.toString("UTF-8"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+      System.setProperty("user.dir", originalUserDir);
+    }
+  }
+
+  @Test
+  public void voteWitnessRejectsNonNumericVoteCountAsUsageError() throws Exception {
+    PrintStream originalOut = System.out;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    System.setOut(new PrintStream(stdout));
+    try {
+      CommandRegistry registry = new CommandRegistry();
+      WitnessCommands.register(registry);
+      CommandDefinition command = registry.lookup("vote-witness");
+      ParsedOptions opts = command.parseArgs(new String[]{
+          "--votes", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL abc"
+      });
+      OutputFormatter formatter = new OutputFormatter(OutputFormatter.OutputMode.JSON, false);
+
+      try {
+        command.getHandler().execute(CommandContext.empty(), opts, new WalletApiWrapper(), formatter);
+        Assert.fail("Expected vote validation to abort with usage error");
+      } catch (CliAbortException e) {
+        Assert.assertEquals(CliAbortException.Kind.USAGE, e.getKind());
+      }
+      formatter.flush();
+
+      String json = stdout.toString(StandardCharsets.UTF_8.name());
+      Assert.assertTrue(json.contains("\"success\": false"));
+      Assert.assertTrue(json.contains("\"error\": \"usage_error\""));
+      Assert.assertTrue(json.contains("Vote count must be a positive integer: abc"));
+    } finally {
+      System.setOut(originalOut);
+    }
+  }
+
+  @Test
+  public void voteWitnessRejectsNonPositiveVoteCountAsUsageError() throws Exception {
+    PrintStream originalOut = System.out;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    System.setOut(new PrintStream(stdout));
+    try {
+      CommandRegistry registry = new CommandRegistry();
+      WitnessCommands.register(registry);
+      CommandDefinition command = registry.lookup("vote-witness");
+      ParsedOptions opts = command.parseArgs(new String[]{
+          "--votes", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL 0"
+      });
+      OutputFormatter formatter = new OutputFormatter(OutputFormatter.OutputMode.JSON, false);
+
+      try {
+        command.getHandler().execute(CommandContext.empty(), opts, new WalletApiWrapper(), formatter);
+        Assert.fail("Expected vote validation to abort with usage error");
+      } catch (CliAbortException e) {
+        Assert.assertEquals(CliAbortException.Kind.USAGE, e.getKind());
+      }
+      formatter.flush();
+
+      String json = stdout.toString(StandardCharsets.UTF_8.name());
+      Assert.assertTrue(json.contains("\"success\": false"));
+      Assert.assertTrue(json.contains("\"error\": \"usage_error\""));
+      Assert.assertTrue(json.contains("Vote count must be a positive integer: 0"));
+    } finally {
+      System.setOut(originalOut);
+    }
+  }
+
+  @Test
+  public void commandErrorExceptionDoesNotCaptureStackTrace() {
+    CommandErrorException exception = new CommandErrorException("boom", "simulated failure");
+
+    Assert.assertEquals("boom", exception.getCode());
+    Assert.assertEquals("simulated failure", exception.getMessage());
+    Assert.assertEquals(0, exception.getStackTrace().length);
+  }
+
+  private File createWalletFile(File walletDir, String walletName, String privateKeyHex) throws Exception {
+    byte[] password = "TempPass123!A".getBytes(StandardCharsets.UTF_8);
+    byte[] privateKey = Hex.decode(privateKeyHex);
+    try {
+      WalletFile walletFile = WalletApi.CreateWalletFile(password, privateKey, null);
+      walletFile.setName(walletName);
+      WalletUtils.generateWalletFile(walletFile, walletDir);
+      return walletFile.getSourceFile();
+    } finally {
+      Arrays.fill(password, (byte) 0);
+      Arrays.fill(privateKey, (byte) 0);
+    }
+  }
+
+  private String readWalletAddress(File walletFile) throws Exception {
+    return WalletUtils.loadWalletFile(walletFile).getAddress();
+  }
+
+  private void assertUnsupportedStandardCliJson(String commandName, boolean miscCommand) throws Exception {
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+    CommandRegistry registry = new CommandRegistry();
+    if (miscCommand) {
+      MiscCommands.register(registry);
+    } else {
+      TransactionCommands.register(registry);
+    }
+
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{"--output", "json", commandName});
+      int exitCode = new StandardCliRunner(registry, opts).execute();
+
+      Assert.assertEquals(1, exitCode);
+      String json = stdout.toString("UTF-8");
+      Assert.assertTrue(json.contains("\"success\": false"));
+      Assert.assertTrue(json.contains("\"error\": \"unsupported_in_standard_cli\""));
+      Assert.assertTrue(json.contains(commandName + " is not available in standard CLI mode"));
+      Assert.assertEquals("", stderr.toString("UTF-8"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+    }
+  }
+
+  private void assertUnsupportedStandardCliText(String commandName, boolean miscCommand) throws Exception {
+    PrintStream originalOut = System.out;
+    PrintStream originalErr = System.err;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    ByteArrayOutputStream stderr = new ByteArrayOutputStream();
+    CommandRegistry registry = new CommandRegistry();
+    if (miscCommand) {
+      MiscCommands.register(registry);
+    } else {
+      TransactionCommands.register(registry);
+    }
+
+    System.setOut(new PrintStream(stdout));
+    System.setErr(new PrintStream(stderr));
+    try {
+      GlobalOptions opts = GlobalOptions.parse(new String[]{commandName});
+      int exitCode = new StandardCliRunner(registry, opts).execute();
+
+      Assert.assertEquals(1, exitCode);
+      Assert.assertEquals("", stdout.toString("UTF-8"));
+      String text = stderr.toString("UTF-8");
+      Assert.assertTrue(text.contains("Error: " + commandName + " is not available in standard CLI mode"));
+    } finally {
+      System.setOut(originalOut);
+      System.setErr(originalErr);
+    }
+  }
+}
diff --git a/src/test/java/org/tron/walletcli/cli/commands/StandardCliCommandRoutingTest.java b/src/test/java/org/tron/walletcli/cli/commands/StandardCliCommandRoutingTest.java
new file mode 100644
index 00000000..f34fe952
--- /dev/null
+++ b/src/test/java/org/tron/walletcli/cli/commands/StandardCliCommandRoutingTest.java
@@ -0,0 +1,717 @@
+package org.tron.walletcli.cli.commands;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.concurrent.atomic.AtomicBoolean;
+import org.junit.After;
+import org.apache.commons.lang3.tuple.Triple;
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.trident.proto.Response;
+import org.tron.walletcli.WalletApiWrapper;
+import org.tron.walletcli.cli.ActiveWalletConfig;
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OutputFormatter;
+import org.tron.walletcli.cli.ParsedOptions;
+
+public class StandardCliCommandRoutingTest {
+  private static JsonObject parseJson(String raw) {
+    return JsonParser.parseString(raw).getAsJsonObject();
+  }
+
+  private final String originalUserDir = System.getProperty("user.dir");
+
+  @After
+  public void restoreUserDir() {
+    System.setProperty("user.dir", originalUserDir);
+  }
+
+  @Test
+  public void triggerContractUsesCliSafeAdapter() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    ContractCommands.register(registry);
+    CommandDefinition command = registry.lookup("trigger-contract");
+    ParsedOptions opts = command.parseArgs(new String[]{
+        "--contract", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+        "--method", "transfer(address,uint256)",
+        "--params", "\"TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL\",1",
+        "--fee-limit", "1000000"
+    });
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    AtomicBoolean cliSafeCalled = new AtomicBoolean(false);
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public Triple<Boolean, Long, Long> callContractForCli(
+          byte[] ownerAddress,
+          byte[] contractAddress,
+          long callValue,
+          byte[] data,
+          long feeLimit,
+          long tokenValue,
+          String tokenId,
+          boolean isConstant,
+          boolean display,
+          boolean multi) {
+        cliSafeCalled.set(true);
+        return Triple.of(true, 0L, 0L);
+      }
+
+      @Override
+      public Triple<Boolean, Long, Long> callContract(
+          byte[] ownerAddress,
+          byte[] contractAddress,
+          long callValue,
+          byte[] data,
+          long feeLimit,
+          long tokenValue,
+          String tokenId,
+          boolean isConstant,
+          boolean display,
+          boolean multi) {
+        Assert.fail("legacy callContract() should not be used by standard CLI trigger-contract");
+        return Triple.of(false, 0L, 0L);
+      }
+    }, formatter);
+    formatter.flush();
+
+    Assert.assertTrue("callContractForCli should be invoked", cliSafeCalled.get());
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("TriggerContract successful !!"));
+  }
+
+  @Test
+  public void getChainParametersUsesCliSafeAdapter() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    QueryCommands.register(registry);
+    CommandDefinition command = registry.lookup("get-chain-parameters");
+    ParsedOptions opts = command.parseArgs(new String[0]);
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    AtomicBoolean cliSafeCalled = new AtomicBoolean(false);
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public Response.ChainParameters getChainParametersForCli() {
+        cliSafeCalled.set(true);
+        return Response.ChainParameters.newBuilder()
+            .addChainParameter(Response.ChainParameters.ChainParameter.newBuilder()
+                .setKey("getEnergyFee")
+                .setValue(420L)
+                .build())
+            .build();
+      }
+
+      @Override
+      public Response.ChainParameters getChainParameters() {
+        Assert.fail("legacy getChainParameters() should not be used by standard CLI queries");
+        return null;
+      }
+    }, formatter);
+    formatter.flush();
+
+    Assert.assertTrue("getChainParametersForCli should be invoked", cliSafeCalled.get());
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("getEnergyFee"));
+  }
+
+  @Test
+  public void getUsdtBalanceUsesExactStringPayload() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    QueryCommands.register(registry);
+    CommandDefinition command = registry.lookup("get-usdt-balance");
+    ParsedOptions opts = command.parseArgs(new String[]{
+        "--address", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL"
+    });
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public String getUSDTBalanceExact(byte[] ownerAddress) {
+        return "9223372036854775808";
+      }
+    }, formatter);
+    formatter.flush();
+
+    JsonObject data = parseJson(stdout.toString(StandardCharsets.UTF_8.name())).getAsJsonObject("data");
+    Assert.assertEquals("9223372036854775808", data.get("usdt_balance").getAsString());
+  }
+
+  @Test
+  public void clearWalletKeystoreUsesCliSafeAdapter() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    WalletCommands.register(registry);
+    CommandDefinition command = registry.lookup("clear-wallet-keystore");
+    ParsedOptions opts = command.parseArgs(new String[]{"--force"});
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+    File walletFile = File.createTempFile("clear-wallet-routing", ".json");
+
+    command.getHandler().execute(
+        new org.tron.walletcli.cli.CommandContext(null, walletFile),
+        opts,
+        new WalletApiWrapper() {
+      @Override
+      public void clearWalletKeystoreForCli(boolean force, File targetWalletFile) {
+        Assert.assertTrue(force);
+        Assert.assertEquals(walletFile.getAbsolutePath(), targetWalletFile.getAbsolutePath());
+      }
+
+      @Override
+      public boolean clearWalletKeystore(boolean force) {
+        Assert.fail("legacy clearWalletKeystore() should not be used by standard CLI");
+        return false;
+      }
+    }, formatter);
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("ClearWalletKeystore successful !!"));
+    walletFile.delete();
+  }
+
+  @Test
+  public void changePasswordUsesGlobalWalletOverrideAsExplicitTarget() throws Exception {
+    // change-password now reads passwords from TRON_OLD_PASSWORD / TRON_NEW_PASSWORD env vars
+    // (not command-line args). Without env vars, it should return a missing_env error.
+    File tempDir = Files.createTempDirectory("change-password-global-wallet").toFile();
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+
+    CommandRegistry registry = new CommandRegistry();
+    WalletCommands.register(registry);
+    CommandDefinition command = registry.lookup("change-password");
+    ParsedOptions opts = command.parseArgs(new String[0]);
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    try {
+      command.getHandler().execute(
+          org.tron.walletcli.cli.CommandContext.empty(),
+          opts,
+          new WalletApiWrapper(),
+          formatter);
+    } catch (RuntimeException e) {
+      Assert.assertEquals("CliAbortException", e.getClass().getSimpleName());
+    }
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertFalse(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("missing_env"));
+    Assert.assertTrue(json.contains("TRON_OLD_PASSWORD"));
+  }
+
+  @Test
+  public void changePasswordRejectsMixingGlobalWalletWithAddressOrName() throws Exception {
+    // change-password now reads passwords from TRON_OLD_PASSWORD / TRON_NEW_PASSWORD env vars.
+    // Without env vars, it returns missing_env before reaching the wallet mixing check.
+    // Verify that --old-password / --new-password are no longer accepted as command options.
+    CommandRegistry registry = new CommandRegistry();
+    WalletCommands.register(registry);
+    CommandDefinition command = registry.lookup("change-password");
+    try {
+      command.parseArgs(new String[]{
+          "--old-password", "OldPass123!A",
+          "--new-password", "NewPass123!B",
+          "--address", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL"
+      });
+      Assert.fail("Expected parser error for removed --old-password option");
+    } catch (RuntimeException e) {
+      // Expected: --old-password is no longer a valid option
+      Assert.assertTrue(e.getMessage().contains("old-password"));
+    }
+  }
+
+  @Test
+  public void clearWalletKeystorePreservesActiveWalletOnFailure() throws Exception {
+    File tempDir = java.nio.file.Files.createTempDirectory("clear-wallet-routing").toFile();
+    File walletDir = new File(tempDir, "Wallet");
+    Assert.assertTrue(walletDir.mkdirs());
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    ActiveWalletConfig.setActiveAddress("TNmoJ3Be59WFEq5dsW6eCkZjveiL3G8HVB");
+
+    CommandRegistry registry = new CommandRegistry();
+    WalletCommands.register(registry);
+    CommandDefinition command = registry.lookup("clear-wallet-keystore");
+    ParsedOptions opts = command.parseArgs(new String[]{"--force"});
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(new ByteArrayOutputStream()), System.err);
+
+    try {
+      command.getHandler().execute(
+          new org.tron.walletcli.cli.CommandContext(null, new File(tempDir, "Wallet/active.json")),
+          opts,
+          new WalletApiWrapper() {
+        @Override
+        public void clearWalletKeystoreForCli(boolean force, File targetWalletFile) {
+          throw new RuntimeException("boom");
+        }
+      }, formatter);
+      Assert.fail("Expected clear-wallet-keystore failure");
+    } catch (RuntimeException expected) {
+      Assert.assertEquals("boom", expected.getMessage());
+    }
+
+    Assert.assertNotNull(ActiveWalletConfig.getActiveAddressLenient());
+  }
+
+  @Test
+  public void clearWalletKeystoreDoesNotClearActiveWalletWhenDeletingExternalTarget() throws Exception {
+    File tempDir = java.nio.file.Files.createTempDirectory("clear-wallet-external-routing").toFile();
+    File walletDir = new File(tempDir, "Wallet");
+    File activeWalletFile = new File(walletDir, "active.json");
+    File externalDir = java.nio.file.Files.createTempDirectory("clear-wallet-external-file").toFile();
+    File externalWalletFile = new File(externalDir, "external.json");
+    Assert.assertTrue(walletDir.mkdirs());
+    Assert.assertTrue(activeWalletFile.createNewFile());
+    Assert.assertTrue(externalWalletFile.createNewFile());
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    Files.write(new File(walletDir, ".active-wallet").toPath(),
+        "{\"address\":\"TActiveWalletAddress\"}".getBytes(StandardCharsets.UTF_8));
+
+    CommandRegistry registry = new CommandRegistry();
+    WalletCommands.register(registry);
+    CommandDefinition command = registry.lookup("clear-wallet-keystore");
+    ParsedOptions opts = command.parseArgs(new String[]{"--force"});
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    command.getHandler().execute(
+        new org.tron.walletcli.cli.CommandContext(null, externalWalletFile),
+        opts,
+        new WalletApiWrapper() {
+          @Override
+          public void clearWalletKeystoreForCli(boolean force, File targetWalletFile) {
+            Assert.assertEquals(externalWalletFile.getAbsolutePath(), targetWalletFile.getAbsolutePath());
+          }
+        },
+        formatter);
+    formatter.flush();
+
+    Assert.assertNotNull(ActiveWalletConfig.getActiveAddressLenient());
+  }
+
+  @Test
+  public void resetWalletClearsActiveWalletAfterSuccess() throws Exception {
+    File tempDir = java.nio.file.Files.createTempDirectory("reset-wallet-routing").toFile();
+    File walletDir = new File(tempDir, "Wallet");
+    Assert.assertTrue(walletDir.mkdirs());
+    System.setProperty("user.dir", tempDir.getAbsolutePath());
+    ActiveWalletConfig.setActiveAddress("TNmoJ3Be59WFEq5dsW6eCkZjveiL3G8HVB");
+
+    CommandRegistry registry = new CommandRegistry();
+    WalletCommands.register(registry);
+    CommandDefinition command = registry.lookup("reset-wallet");
+    ParsedOptions opts = command.parseArgs(new String[]{"--confirm", "delete-all-wallets"});
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public void resetWalletForCli(boolean force) {
+        Assert.assertTrue(force);
+      }
+    }, formatter);
+    formatter.flush();
+
+    Assert.assertNull(ActiveWalletConfig.getActiveAddressLenient());
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("ResetWallet successful !!"));
+  }
+
+  @Test
+  public void updateAccountUsesCliSafeAdapter() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    TransactionCommands.register(registry);
+    CommandDefinition command = registry.lookup("update-account");
+    ParsedOptions opts = command.parseArgs(new String[]{"--name", "qa-test"});
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public void updateAccountForCli(byte[] ownerAddress, byte[] accountNameBytes, boolean multi) {
+        Assert.assertEquals("qa-test", new String(accountNameBytes, StandardCharsets.UTF_8));
+        Assert.assertFalse(multi);
+      }
+
+      @Override
+      public boolean updateAccount(byte[] ownerAddress, byte[] accountNameBytes, boolean multi) {
+        Assert.fail("legacy updateAccount() should not be used by standard CLI");
+        return false;
+      }
+    }, formatter);
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("Update Account successful !!"));
+  }
+
+  @Test
+  public void updateSettingUsesCliSafeAdapter() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    ContractCommands.register(registry);
+    CommandDefinition command = registry.lookup("update-setting");
+    ParsedOptions opts = command.parseArgs(new String[]{
+        "--contract", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+        "--consume-user-resource-percent", "0"
+    });
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public void updateSettingForCli(byte[] ownerAddress, byte[] contractAddress,
+          long consumeUserResourcePercent, boolean multi) {
+        Assert.assertEquals(0L, consumeUserResourcePercent);
+        Assert.assertFalse(multi);
+      }
+
+      @Override
+      public boolean updateSetting(byte[] ownerAddress, byte[] contractAddress,
+          long consumeUserResourcePercent, boolean multi) {
+        Assert.fail("legacy updateSetting() should not be used by standard CLI");
+        return false;
+      }
+    }, formatter);
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("UpdateSetting successful !!"));
+  }
+
+  @Test
+  public void deployContractUsesCliSafeAdapter() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    ContractCommands.register(registry);
+    CommandDefinition command = registry.lookup("deploy-contract");
+    ParsedOptions opts = command.parseArgs(new String[]{
+        "--name", "TestContract",
+        "--abi", "[]",
+        "--bytecode", "6080",
+        "--fee-limit", "1000000"
+    });
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public void deployContractForCli(byte[] ownerAddress, String name, String abiStr,
+          String codeStr, long feeLimit, long value, long consumeUserResourcePercent,
+          long originEnergyLimit, long tokenValue, String tokenId, String libraryAddressPair,
+          String compilerVersion, boolean multi) {
+        Assert.assertEquals("TestContract", name);
+        Assert.assertEquals("[]", abiStr);
+        Assert.assertEquals("6080", codeStr);
+        Assert.assertEquals(1000000L, feeLimit);
+        Assert.assertFalse(multi);
+      }
+
+      @Override
+      public boolean deployContract(byte[] ownerAddress, String name, String abiStr, String codeStr,
+          long feeLimit, long value, long consumeUserResourcePercent, long originEnergyLimit,
+          long tokenValue, String tokenId, String libraryAddressPair, String compilerVersion,
+          boolean multi) {
+        Assert.fail("legacy deployContract() should not be used by standard CLI");
+        return false;
+      }
+    }, formatter);
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("DeployContract successful !!"));
+  }
+
+  @Test
+  public void deployContractRejectsInvalidUsageBeforeExecution() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    ContractCommands.register(registry);
+    CommandDefinition command = registry.lookup("deploy-contract");
+    ParsedOptions opts = command.parseArgs(new String[]{
+        "--name", "TestContract",
+        "--abi", "[]",
+        "--bytecode", "6080",
+        "--fee-limit", "1000000",
+        "--consume-user-resource-percent", "101"
+    });
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    try {
+      command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+        @Override
+        public void deployContractForCli(byte[] ownerAddress, String name, String abiStr,
+            String codeStr, long feeLimit, long value, long consumeUserResourcePercent,
+            long originEnergyLimit, long tokenValue, String tokenId, String libraryAddressPair,
+            String compilerVersion, boolean multi) {
+          Assert.fail("deployContractForCli should not run for invalid usage");
+        }
+      }, formatter);
+      Assert.fail("Expected usage failure");
+    } catch (RuntimeException e) {
+      Assert.assertTrue(formatter.hasOutcome());
+    }
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertFalse(parseJson(json).get("success").getAsBoolean());
+    Assert.assertEquals("usage_error", parseJson(json).get("error").getAsString());
+    Assert.assertTrue(json.contains("consume-user-resource-percent should be between 0 and 100"));
+  }
+
+  @Test
+  public void freezeBalanceUsesCliSafeAdapter() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    StakingCommands.register(registry);
+    CommandDefinition command = registry.lookup("freeze-balance");
+    ParsedOptions opts = command.parseArgs(new String[]{
+        "--amount", "1000000",
+        "--duration", "3"
+    });
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public void freezeBalanceForCli(byte[] ownerAddress, long frozenBalance, long frozenDuration,
+          int resourceCode, byte[] receiverAddress, boolean multi) {
+        Assert.assertEquals(1000000L, frozenBalance);
+        Assert.assertEquals(3L, frozenDuration);
+        Assert.assertEquals(0, resourceCode);
+        Assert.assertNull(receiverAddress);
+        Assert.assertFalse(multi);
+      }
+
+      @Override
+      public boolean freezeBalance(byte[] ownerAddress, long frozenBalance, long frozenDuration,
+          int resourceCode, byte[] receiverAddress, boolean multi) {
+        Assert.fail("legacy freezeBalance() should not be used by standard CLI");
+        return false;
+      }
+    }, formatter);
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("FreezeBalance successful !!"));
+  }
+
+  @Test
+  public void estimateEnergyFailureUsesStructuredErrorEnvelope() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    ContractCommands.register(registry);
+    CommandDefinition command = registry.lookup("estimate-energy");
+    ParsedOptions opts = command.parseArgs(new String[]{
+        "--owner", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+        "--contract", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+        "--method", "balanceOf(address)"
+    });
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    try {
+      command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+        @Override
+        public Response.EstimateEnergyMessage estimateEnergyMessage(
+            byte[] ownerAddress,
+            byte[] contractAddress,
+            long callValue,
+            byte[] data,
+            long tokenValue,
+            String tokenId) {
+          Response.EstimateEnergyMessage.Builder builder = Response.EstimateEnergyMessage.newBuilder();
+          builder.getResultBuilder()
+              .setResult(false)
+              .setMessage(com.google.protobuf.ByteString.copyFromUtf8("estimate failed"));
+          return builder.build();
+        }
+      }, formatter);
+      Assert.fail("Expected formatter to abort after structured error emission");
+    } catch (RuntimeException e) {
+      Assert.assertTrue(formatter.hasOutcome());
+    }
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertFalse(parseJson(json).get("success").getAsBoolean());
+    Assert.assertEquals("query_failed", parseJson(json).get("error").getAsString());
+    Assert.assertTrue(json.contains("estimate failed"));
+  }
+
+  @Test
+  public void switchNetworkUsesCliSafeAdapter() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    WalletCommands.register(registry);
+    CommandDefinition command = registry.lookup("switch-network");
+    ParsedOptions opts = command.parseArgs(new String[]{"--network", "nile"});
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public void switchNetworkForCli(String netWorkSymbol, String fullNode, String solidityNode) {
+        Assert.assertEquals("nile", netWorkSymbol);
+        Assert.assertNull(fullNode);
+        Assert.assertNull(solidityNode);
+      }
+
+      @Override
+      public boolean switchNetwork(String netWorkSymbol, String fulNode, String solidityNode) {
+        Assert.fail("legacy switchNetwork() should not be used by standard CLI");
+        return false;
+      }
+    }, formatter);
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("SwitchNetwork successful !!"));
+  }
+
+  @Test
+  public void freezeBalanceV2UsesCliSafeAdapter() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    StakingCommands.register(registry);
+    CommandDefinition command = registry.lookup("freeze-balance-v2");
+    ParsedOptions opts = command.parseArgs(new String[]{
+        "--amount", "1000000",
+        "--resource", "1"
+    });
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public void freezeBalanceV2ForCli(byte[] ownerAddress, long frozenBalance,
+          int resourceCode, boolean multi) {
+        Assert.assertNull(ownerAddress);
+        Assert.assertEquals(1000000L, frozenBalance);
+        Assert.assertEquals(1, resourceCode);
+        Assert.assertFalse(multi);
+      }
+
+      @Override
+      public boolean freezeBalanceV2(byte[] ownerAddress, long frozenBalance,
+          int resourceCode, boolean multi) {
+        Assert.fail("legacy freezeBalanceV2() should not be used by standard CLI");
+        return false;
+      }
+    }, formatter);
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("FreezeBalanceV2 successful !!"));
+  }
+
+  @Test
+  public void unfreezeBalanceV2UsesCliSafeAdapter() throws Exception {
+    CommandRegistry registry = new CommandRegistry();
+    StakingCommands.register(registry);
+    CommandDefinition command = registry.lookup("unfreeze-balance-v2");
+    ParsedOptions opts = command.parseArgs(new String[]{
+        "--amount", "1000000",
+        "--resource", "1"
+    });
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    OutputFormatter formatter = new OutputFormatter(
+        OutputFormatter.OutputMode.JSON, false, new PrintStream(stdout), System.err);
+
+    command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+      @Override
+      public void unfreezeBalanceV2ForCli(byte[] ownerAddress, long unfreezeBalance,
+          int resourceCode, boolean multi) {
+        Assert.assertNull(ownerAddress);
+        Assert.assertEquals(1000000L, unfreezeBalance);
+        Assert.assertEquals(1, resourceCode);
+        Assert.assertFalse(multi);
+      }
+
+      @Override
+      public boolean unfreezeBalanceV2(byte[] ownerAddress, long unfreezeBalance,
+          int resourceCode, boolean multi) {
+        Assert.fail("legacy unfreezeBalanceV2() should not be used by standard CLI");
+        return false;
+      }
+    }, formatter);
+    formatter.flush();
+
+    String json = stdout.toString(StandardCharsets.UTF_8.name());
+    Assert.assertTrue(parseJson(json).get("success").getAsBoolean());
+    Assert.assertTrue(json.contains("UnfreezeBalanceV2 successful !!"));
+  }
+
+  @Test
+  public void importWalletRejectsLegacyPrivateKeyArgvOption() {
+    CommandRegistry registry = new CommandRegistry();
+    WalletCommands.register(registry);
+    CommandDefinition command = registry.lookup("import-wallet");
+
+    try {
+      command.parseArgs(new String[]{"--private-key", "abcd"});
+      Assert.fail("Expected usage error for legacy argv secret option");
+    } catch (IllegalArgumentException e) {
+      Assert.assertEquals("Unknown option: --private-key", e.getMessage());
+    }
+  }
+
+  @Test
+  public void importWalletByMnemonicRejectsLegacyMnemonicArgvOption() {
+    CommandRegistry registry = new CommandRegistry();
+    WalletCommands.register(registry);
+    CommandDefinition command = registry.lookup("import-wallet-by-mnemonic");
+
+    try {
+      command.parseArgs(new String[]{"--mnemonic", "word1 word2"});
+      Assert.fail("Expected usage error for legacy argv secret option");
+    } catch (IllegalArgumentException e) {
+      Assert.assertEquals("Unknown option: --mnemonic", e.getMessage());
+    }
+  }
+
+  @Test
+  public void getPrivateKeyByMnemonicRejectsLegacyMnemonicArgvOption() {
+    CommandRegistry registry = new CommandRegistry();
+    MiscCommands.register(registry);
+    CommandDefinition command = registry.lookup("get-private-key-by-mnemonic");
+
+    try {
+      command.parseArgs(new String[]{"--mnemonic", "word1 word2"});
+      Assert.fail("Expected usage error for legacy argv secret option");
+    } catch (IllegalArgumentException e) {
+      Assert.assertEquals("Unknown option: --mnemonic", e.getMessage());
+    }
+  }
+}
diff --git a/src/test/java/org/tron/walletcli/cli/commands/TransactionCommandsTest.java b/src/test/java/org/tron/walletcli/cli/commands/TransactionCommandsTest.java
new file mode 100644
index 00000000..d8e9ec0b
--- /dev/null
+++ b/src/test/java/org/tron/walletcli/cli/commands/TransactionCommandsTest.java
@@ -0,0 +1,172 @@
+package org.tron.walletcli.cli.commands;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
+import org.apache.commons.lang3.tuple.Triple;
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.common.crypto.Sha256Sm3Hash;
+import org.tron.common.enums.NetType;
+import org.tron.common.utils.ByteArray;
+import org.tron.trident.proto.Chain;
+import org.tron.trident.proto.Response;
+import org.tron.walletcli.WalletApiWrapper;
+import org.tron.walletcli.cli.CommandDefinition;
+import org.tron.walletcli.cli.CommandRegistry;
+import org.tron.walletcli.cli.OutputFormatter;
+import org.tron.walletcli.cli.ParsedOptions;
+import org.tron.walletserver.ApiClient;
+import org.tron.walletserver.WalletApi;
+
+public class TransactionCommandsTest {
+
+  private static class StubApiClient extends ApiClient {
+    private boolean broadcastResult;
+
+    StubApiClient() {
+      super(NetType.NILE);
+    }
+
+    @Override
+    public boolean broadcastTransaction(Chain.Transaction signaturedTransaction) {
+      return broadcastResult;
+    }
+  }
+
+  @Test
+  public void transferUsdtFailsFastWhenEnergyEstimationFails() throws Exception {
+    NetType originalNetwork = WalletApi.getCurrentNetwork();
+    PrintStream originalOut = System.out;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    WalletApi.setCurrentNetwork(NetType.NILE);
+    System.setOut(new PrintStream(stdout));
+
+    try {
+      CommandRegistry registry = new CommandRegistry();
+      TransactionCommands.register(registry);
+      CommandDefinition command = registry.lookup("transfer-usdt");
+      ParsedOptions opts = command.parseArgs(new String[]{
+          "--to", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+          "--amount", "1"
+      });
+      OutputFormatter formatter = new OutputFormatter(OutputFormatter.OutputMode.JSON, false);
+
+      try {
+        command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+          @Override
+          public Triple<Boolean, Long, Long> callContractForCli(
+              byte[] ownerAddress,
+              byte[] contractAddress,
+              long callValue,
+              byte[] data,
+              long feeLimit,
+              long tokenValue,
+              String tokenId,
+              boolean isConstant,
+              boolean display,
+              boolean multi) {
+            if (!isConstant) {
+              Assert.fail("broadcast path should not run after estimation failure");
+            }
+            return Triple.of(false, 0L, 0L);
+          }
+  
+          @Override
+          public Response.ChainParameters getChainParametersForCli() {
+            Assert.fail("fee calculation should not run after estimation failure");
+            return null;
+          }
+        }, formatter);
+      } catch (RuntimeException e) {
+        Assert.assertTrue(formatter.hasOutcome());
+      }
+      formatter.flush();
+
+      String json = stdout.toString(StandardCharsets.UTF_8.name());
+      JsonObject root = JsonParser.parseString(json).getAsJsonObject();
+      Assert.assertFalse(root.get("success").getAsBoolean());
+      Assert.assertEquals("execution_error", root.get("error").getAsString());
+      Assert.assertTrue(json.contains("TransferUSDT failed: energy estimation failed."));
+    } finally {
+      WalletApi.setCurrentNetwork(originalNetwork);
+      System.setOut(originalOut);
+    }
+  }
+
+  @Test
+  public void broadcastTransactionIncludesTxidInJsonOutput() throws Exception {
+    ApiClient originalApiCli = WalletApi.getApiCli();
+    PrintStream originalOut = System.out;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    StubApiClient stub = new StubApiClient();
+    stub.broadcastResult = true;
+    WalletApi.setApiCli(stub);
+    System.setOut(new PrintStream(stdout));
+
+    try {
+      CommandRegistry registry = new CommandRegistry();
+      TransactionCommands.register(registry);
+      CommandDefinition command = registry.lookup("broadcast-transaction");
+      Chain.Transaction tx = Chain.Transaction.newBuilder()
+          .setRawData(Chain.Transaction.raw.newBuilder().setFeeLimit(1L).build())
+          .build();
+      String expectedTxid = ByteArray.toHexString(Sha256Sm3Hash.hash(tx.getRawData().toByteArray()));
+      ParsedOptions opts = command.parseArgs(new String[]{
+          "--transaction", ByteArray.toHexString(tx.toByteArray())
+      });
+      OutputFormatter formatter = new OutputFormatter(OutputFormatter.OutputMode.JSON, false);
+
+      command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper(), formatter);
+      formatter.flush();
+
+      String json = stdout.toString(StandardCharsets.UTF_8.name());
+      JsonObject root = JsonParser.parseString(json).getAsJsonObject();
+      Assert.assertTrue(root.get("success").getAsBoolean());
+      Assert.assertEquals(expectedTxid, root.getAsJsonObject("data").get("txid").getAsString());
+    } finally {
+      WalletApi.setApiCli(originalApiCli);
+      System.setOut(originalOut);
+    }
+  }
+
+  @Test
+  public void sendCoinUsesStableSuccessMessageInJsonOutput() throws Exception {
+    PrintStream originalOut = System.out;
+    ByteArrayOutputStream stdout = new ByteArrayOutputStream();
+    System.setOut(new PrintStream(stdout));
+
+    try {
+      CommandRegistry registry = new CommandRegistry();
+      TransactionCommands.register(registry);
+      CommandDefinition command = registry.lookup("send-coin");
+      ParsedOptions opts = command.parseArgs(new String[]{
+          "--to", "TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL",
+          "--amount", "1"
+      });
+      OutputFormatter formatter = new OutputFormatter(OutputFormatter.OutputMode.JSON, false);
+
+      command.getHandler().execute(org.tron.walletcli.cli.CommandContext.empty(), opts, new WalletApiWrapper() {
+        @Override
+        public void sendCoinForCli(byte[] ownerAddress, byte[] toAddress, long amount, boolean multi) {
+          Assert.assertNull(ownerAddress);
+          Assert.assertEquals(1L, amount);
+          Assert.assertFalse(multi);
+        }
+      }, formatter);
+      formatter.flush();
+
+      String json = stdout.toString(StandardCharsets.UTF_8.name());
+      JsonObject root = JsonParser.parseString(json).getAsJsonObject();
+      Assert.assertTrue(root.get("success").getAsBoolean());
+      JsonObject data = root.getAsJsonObject("data");
+      Assert.assertEquals("SendCoin successful !!", data.get("message").getAsString());
+      Assert.assertEquals(1L, data.get("amount").getAsLong());
+      Assert.assertTrue(json.contains("TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL"));
+    } finally {
+      System.setOut(originalOut);
+    }
+  }
+}
diff --git a/src/test/java/org/tron/walletserver/WalletApiTest.java b/src/test/java/org/tron/walletserver/WalletApiTest.java
new file mode 100644
index 00000000..467b0eb1
--- /dev/null
+++ b/src/test/java/org/tron/walletserver/WalletApiTest.java
@@ -0,0 +1,66 @@
+package org.tron.walletserver;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.tron.common.enums.NetType;
+import org.tron.keystore.WalletFile;
+import org.tron.trident.proto.Response;
+
+public class WalletApiTest {
+
+  private static final byte[] OWNER =
+      WalletApi.decodeFromBase58Check("TNPeeaaFB7K9cmo4uQpcU32zGK8G1NYqeL");
+  private static final byte[] TO =
+      WalletApi.decodeFromBase58Check("TXYZopYRdj2D9XRtbG411XZZ3kM5VkAeBf");
+
+  private static class StubApiClient extends ApiClient {
+    private Response.Account queryAccountResult;
+
+    StubApiClient() {
+      super(NetType.NILE);
+    }
+
+    @Override
+    public Response.Account queryAccount(byte[] address) {
+      return queryAccountResult;
+    }
+  }
+
+  @Test
+  public void getWalletFileFailsExplicitlyAfterLogout() {
+    WalletFile walletFile = new WalletFile();
+    walletFile.setAddress("TQsVqVAnvbFdLcbk29N4npwjW6VG84KS2A");
+    WalletApi walletApi = new WalletApi(walletFile);
+
+    walletApi.logout();
+
+    try {
+      walletApi.getWalletFile();
+      Assert.fail("Expected explicit wallet-not-loaded failure");
+    } catch (IllegalStateException e) {
+      Assert.assertEquals("Wallet not loaded.", e.getMessage());
+    }
+  }
+
+  @Test
+  public void sendCoinForCliReturnsFalseWhenAccountQueryFails() throws Exception {
+    ApiClient originalApiCli = WalletApi.getApiCli();
+    StubApiClient stub = new StubApiClient();
+    stub.queryAccountResult = null;
+    WalletApi.setApiCli(stub);
+
+    try {
+      WalletFile walletFile = new WalletFile();
+      walletFile.setAddress("TQsVqVAnvbFdLcbk29N4npwjW6VG84KS2A");
+      WalletApi walletApi = new WalletApi(walletFile);
+      walletApi.setLogin(null);
+
+      boolean result = walletApi.sendCoinForCli(OWNER, TO, 1L, true);
+
+      Assert.assertFalse(result);
+      Assert.assertEquals("Failed to query account.", WalletApi.consumeLastCliOperationError());
+    } finally {
+      WalletApi.setApiCli(originalApiCli);
+    }
+  }
+}