Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

JAW CLI

The JAW CLI (@jaw.id/cli) is a command-line interface for interacting with JAW smart accounts from the terminal. It supports developers, shell scripts, and AI agents through both direct commands and an MCP server.

Two Modes

The CLI operates in two modes. Both use the same commands — the difference is how signing happens.

Default Mode (browser + passkey)

Every signing request opens a browser tab for passkey authentication. All messages are end-to-end encrypted (ECDH P-256 + AES-256-GCM).

┌─────────┐      E2E Encrypted       ┌──────────────┐      E2E Encrypted       ┌─────────────┐
│   CLI   │ ◄──────────────────────► │    Relay     │ ◄──────────────────────► │   Browser   │
│  (jaw)  │      via WebSocket       │ relay.jaw.id │      via WebSocket       │ keys.jaw.id │
└─────────┘                          └──────────────┘                          └─────────────┘
                                                                                 Passkey Auth
  1. You run a CLI command (e.g., jaw rpc call wallet_connect)
  2. The CLI connects to the relay and opens a browser tab to keys.jaw.id
  3. The browser authenticates with your passkey and connects to the same relay session
  4. Commands are encrypted end-to-end — the relay never sees your data
  5. The browser executes the request (signing, transactions) and returns the result

Read-only methods like eth_accounts or wallet_getAssets don't require browser approval.

jaw rpc call wallet_sendCalls '{"calls":[...]}'
# Opens browser → passkey signs → result returned

Auto Mode (session key + permissions)

A human approves once during setup. From then on, the CLI signs locally with a scoped session key — no browser needed. On-chain PermissionManager enforces call restrictions, spend limits, and expiry.

┌─────────┐      Load        ┌─────────────┐     Validate      ┌──────────┐
│   CLI   │ ── keystore ───► │ Session key │ ── on-chain ────► │ Response │
└─────────┘                  │ signs       │   PermissionMgr   └──────────┘
                             └─────────────┘
jaw rpc call wallet_sendCalls '{"calls":[...]}' --session
# No browser → local key signs → PermissionManager validates → result returned

Learn more: Auto Mode Overview

Installation

npm
npm install -g @jaw.id/cli

Requirements: Node.js 18+

Quick Start

# 1. Configure (see Configuration page for interactive setup)
jaw config set apiKey=YOUR_KEY defaultChain=8453
 
# 2. Connect your wallet (opens browser for passkey)
jaw rpc call wallet_connect
 
# 3. Check your address
jaw rpc call eth_accounts
 
# 4. Send a transaction
jaw rpc call wallet_sendCalls '{"calls":[{"to":"0xRecipient","value":"0xDE0B6B3A7640000"}]}'

For full config setup including paymasters and permissions, see Configuration.

Self-Hosting the Relay

The relay server is open-source and can be self-hosted. Since it's a blind pipe (all messages are E2E encrypted), self-hosting is mainly about availability and infrastructure control.

Repository: github.com/JustaName-id/jaw-relay

Docker
docker build -t jaw-relay .
docker run -p 8080:8080 jaw-relay

Point the CLI to your relay:

jaw config set relayUrl=wss://your-relay-host.com

Sessions auto-expire after 15 minutes of inactivity. The relay supports reconnection within the session lifetime.