diff --git a/crates/keyfork/src/cli/shard.rs b/crates/keyfork/src/cli/shard.rs
index 51948b4..0869003 100644
--- a/crates/keyfork/src/cli/shard.rs
+++ b/crates/keyfork/src/cli/shard.rs
@@ -176,6 +176,13 @@ pub enum ShardSubcommands {
         key_discovery: Option<PathBuf>,
     },
 
+    /// Combine multiple transport-encrypted shares into a hex-encoded secret, printed to stdout.
+    ///
+    /// This command is format-agnostic and relies on transport encryption of remote-decrypted
+    /// shards to determine the threshold to reconstitute the secret. Operators decrypting shards
+    /// should run `keyfork shard transport`.
+    RemoteCombine,
+
     /// Decrypt metadata for a shardfile, including the threshold and the public keys. Public keys
     /// are serialized to a file.
     Metadata {
@@ -257,6 +264,12 @@ impl ShardSubcommands {
                     None => panic!("{COULD_NOT_DETERMINE_FORMAT}"),
                 }
             }
+            ShardSubcommands::RemoteCombine => {
+                let mut output = vec![];
+                keyfork_shard::remote_decrypt(&mut output)?;
+                println!("{}", smex::encode(output));
+                Ok(())
+            }
             ShardSubcommands::Metadata {
                 shardfile,
                 output_pubkeys,