@abstract-foundation/agw-mcp 0.1.0-beta.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Abstract Foundation
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,159 @@
+# @abstract-foundation/agw-mcp
+
+[![npm version](https://img.shields.io/npm/v/@abstract-foundation/agw-mcp.svg)](https://www.npmjs.com/package/@abstract-foundation/agw-mcp)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![CI](https://github.com/Abstract-Foundation/agw-mcp/actions/workflows/ci.yml/badge.svg)](https://github.com/Abstract-Foundation/agw-mcp/actions/workflows/ci.yml)
+
+MCP server for [Abstract Global Wallet](https://abs.xyz) session-key workflows — scoped wallet actions without custodial signing.
+
+## Quick Start
+
+```bash
+npx -y @abstract-foundation/agw-mcp serve --chain-id 11124
+```
+
+Or add it to Claude Code directly:
+
+```bash
+claude mcp add agw -- npx -y @abstract-foundation/agw-mcp serve --chain-id 11124
+```
+
+## Setup
+
+### 1. Bootstrap a session
+
+```bash
+npx -y @abstract-foundation/agw-mcp init --chain-id 11124
+```
+
+This opens the companion app where you:
+
+1. Choose a policy preset (or provide custom policy JSON)
+2. Connect your Abstract Global Wallet
+3. Approve the session key
+
+Session data is saved to `~/.agw-mcp/session.json` with `0o600` file permissions. The session signer key is stored separately in `~/.agw-mcp/session-signer.key`.
+
+### 2. Start the MCP server
+
+```bash
+npx -y @abstract-foundation/agw-mcp serve --chain-id 11124
+```
+
+## Client Configuration
+
+### Claude Code
+
+```bash
+claude mcp add agw -- npx -y @abstract-foundation/agw-mcp serve --chain-id 11124
+```
+
+### Claude Desktop
+
+Add to your `claude_desktop_config.json`:
+
+<details>
+<summary>macOS: ~/Library/Application Support/Claude/claude_desktop_config.json</summary>
+
+```json
+{
+  "mcpServers": {
+    "agw-mcp": {
+      "command": "npx",
+      "args": ["-y", "@abstract-foundation/agw-mcp", "serve", "--chain-id", "11124"]
+    }
+  }
+}
+```
+
+</details>
+
+<details>
+<summary>Windows: %APPDATA%\Claude\claude_desktop_config.json</summary>
+
+```json
+{
+  "mcpServers": {
+    "agw-mcp": {
+      "command": "npx",
+      "args": ["-y", "@abstract-foundation/agw-mcp", "serve", "--chain-id", "11124"]
+    }
+  }
+}
+```
+
+</details>
+
+### Cursor / Windsurf
+
+Use the same JSON block as Claude Desktop in your editor's MCP configuration file.
+
+### Generate config snippet
+
+```bash
+npx -y @abstract-foundation/agw-mcp config --npx --chain-id 11124
+```
+
+## Tools
+
+| Tool | Description |
+|------|-------------|
+| `get_wallet_address` | Returns AGW account address from local session |
+| `get_balances` | Native + ERC-20 balances with formatted amounts |
+| `get_token_list` | Wallet ERC-20 holdings via network discovery |
+| `get_session_status` | On-chain session state + local expiry metadata |
+| `sign_message` | Signs UTF-8 message via session signer |
+| `sign_transaction` | Signs EVM transaction, returns signed payload (no broadcast) |
+| `preview_transaction` | Impact/risk preview without signing |
+| `send_transaction` | Preview by default, broadcast on `execute: true` |
+| `send_calls` | EIP-5792 batch call execution |
+| `transfer_token` | Native/ERC-20 transfer with policy checks |
+| `swap_tokens` | 0x quote + execute via session key |
+| `write_contract` | Contract write with target/selector policy validation |
+| `deploy_contract` | Contract deployment with ABI/bytecode validation |
+| `revoke_session` | Revoke session key, invalidate local session |
+
+## Network Configuration
+
+Defaults to Abstract testnet (chain ID `11124`). Switch to mainnet or override RPC:
+
+```bash
+# Mainnet
+npx -y @abstract-foundation/agw-mcp serve --chain-id 2741
+
+# Custom RPC
+npx -y @abstract-foundation/agw-mcp serve --chain-id 2741 --rpc-url https://api.mainnet.abs.xyz
+```
+
+Environment variables are also supported:
+
+```bash
+AGW_MCP_CHAIN_ID=2741 npx -y @abstract-foundation/agw-mcp serve
+AGW_MCP_RPC_URL=https://api.mainnet.abs.xyz npx -y @abstract-foundation/agw-mcp serve
+```
+
+## Security Model
+
+- **Non-custodial**: Session keys are scoped and time-limited. No full wallet access.
+- **Default-deny policies**: Write tools fail unless a matching policy explicitly allows the target address, function selector, or transfer amount.
+- **Local-only transport**: stdio MCP — no network exposure. Session signer keys never leave the machine.
+- **Restrictive file permissions**: Session storage directory `0o700`, files `0o600`.
+- **Stderr-only logging**: stdout is reserved for MCP stdio transport. All operational logs go to stderr.
+
+## Development
+
+```bash
+git clone https://github.com/Abstract-Foundation/agw-mcp.git
+cd agw-mcp
+pnpm install
+pnpm build
+
+pnpm dev               # tsx dev mode
+pnpm test              # jest
+pnpm check-types       # tsc --noEmit
+pnpm lint              # eslint
+```
+
+## License
+
+[MIT](LICENSE)

package/dist/ccip-BoY3djaA.mjs

@@ -0,0 +1,155 @@
+import { a as HttpRequestError, c as decodeErrorResult, d as isHex, f as BaseError, i as isAddressEqual, l as encodeAbiParameters, n as localBatchGatewayUrl, o as getUrl, r as call, s as stringify, t as localBatchGatewayRequest, u as concat } from "./index.mjs";
+
+//#region node_modules/viem/_esm/errors/ccip.js
+var OffchainLookupError = class extends BaseError {
+	constructor({ callbackSelector, cause, data, extraData, sender, urls }) {
+		super(cause.shortMessage || "An error occurred while fetching for an offchain result.", {
+			cause,
+			metaMessages: [
+				...cause.metaMessages || [],
+				cause.metaMessages?.length ? "" : [],
+				"Offchain Gateway Call:",
+				urls && ["  Gateway URL(s):", ...urls.map((url) => `    ${getUrl(url)}`)],
+				`  Sender: ${sender}`,
+				`  Data: ${data}`,
+				`  Callback selector: ${callbackSelector}`,
+				`  Extra data: ${extraData}`
+			].flat(),
+			name: "OffchainLookupError"
+		});
+	}
+};
+var OffchainLookupResponseMalformedError = class extends BaseError {
+	constructor({ result, url }) {
+		super("Offchain gateway response is malformed. Response data must be a hex value.", {
+			metaMessages: [`Gateway URL: ${getUrl(url)}`, `Response: ${stringify(result)}`],
+			name: "OffchainLookupResponseMalformedError"
+		});
+	}
+};
+var OffchainLookupSenderMismatchError = class extends BaseError {
+	constructor({ sender, to }) {
+		super("Reverted sender address does not match target contract address (`to`).", {
+			metaMessages: [`Contract address: ${to}`, `OffchainLookup sender address: ${sender}`],
+			name: "OffchainLookupSenderMismatchError"
+		});
+	}
+};
+
+//#endregion
+//#region node_modules/viem/_esm/utils/ccip.js
+const offchainLookupSignature = "0x556f1830";
+const offchainLookupAbiItem = {
+	name: "OffchainLookup",
+	type: "error",
+	inputs: [
+		{
+			name: "sender",
+			type: "address"
+		},
+		{
+			name: "urls",
+			type: "string[]"
+		},
+		{
+			name: "callData",
+			type: "bytes"
+		},
+		{
+			name: "callbackFunction",
+			type: "bytes4"
+		},
+		{
+			name: "extraData",
+			type: "bytes"
+		}
+	]
+};
+async function offchainLookup(client, { blockNumber, blockTag, data, to }) {
+	const { args } = decodeErrorResult({
+		data,
+		abi: [offchainLookupAbiItem]
+	});
+	const [sender, urls, callData, callbackSelector, extraData] = args;
+	const { ccipRead } = client;
+	const ccipRequest_ = ccipRead && typeof ccipRead?.request === "function" ? ccipRead.request : ccipRequest;
+	try {
+		if (!isAddressEqual(to, sender)) throw new OffchainLookupSenderMismatchError({
+			sender,
+			to
+		});
+		const { data: data_ } = await call(client, {
+			blockNumber,
+			blockTag,
+			data: concat([callbackSelector, encodeAbiParameters([{ type: "bytes" }, { type: "bytes" }], [urls.includes(localBatchGatewayUrl) ? await localBatchGatewayRequest({
+				data: callData,
+				ccipRequest: ccipRequest_
+			}) : await ccipRequest_({
+				data: callData,
+				sender,
+				urls
+			}), extraData])]),
+			to
+		});
+		return data_;
+	} catch (err) {
+		throw new OffchainLookupError({
+			callbackSelector,
+			cause: err,
+			data,
+			extraData,
+			sender,
+			urls
+		});
+	}
+}
+async function ccipRequest({ data, sender, urls }) {
+	let error = /* @__PURE__ */ new Error("An unknown error occurred.");
+	for (let i = 0; i < urls.length; i++) {
+		const url = urls[i];
+		const method = url.includes("{data}") ? "GET" : "POST";
+		const body = method === "POST" ? {
+			data,
+			sender
+		} : void 0;
+		const headers = method === "POST" ? { "Content-Type": "application/json" } : {};
+		try {
+			const response = await fetch(url.replace("{sender}", sender.toLowerCase()).replace("{data}", data), {
+				body: JSON.stringify(body),
+				headers,
+				method
+			});
+			let result;
+			if (response.headers.get("Content-Type")?.startsWith("application/json")) result = (await response.json()).data;
+			else result = await response.text();
+			if (!response.ok) {
+				error = new HttpRequestError({
+					body,
+					details: result?.error ? stringify(result.error) : response.statusText,
+					headers: response.headers,
+					status: response.status,
+					url
+				});
+				continue;
+			}
+			if (!isHex(result)) {
+				error = new OffchainLookupResponseMalformedError({
+					result,
+					url
+				});
+				continue;
+			}
+			return result;
+		} catch (err) {
+			error = new HttpRequestError({
+				body,
+				details: err.message,
+				url
+			});
+		}
+	}
+	throw error;
+}
+
+//#endregion
+export { offchainLookup, offchainLookupSignature };

package/dist/index.d.mts

@@ -0,0 +1 @@
+export { };