@agent-shield/mcp 0.2.2 → 0.4.0

package/README.md

@@ -16,7 +16,7 @@ npx @agent-shield/mcp
 
 | Variable | Required | Default | Description |
 |----------|----------|---------|-------------|
-| `AGENTSHIELD_WALLET_PATH` | Yes | — | Path to Solana keypair JSON (vault owner) |
+| `AGENTSHIELD_WALLET_PATH` | No | — | Path to Solana keypair JSON (vault owner). Not required — server starts in setup mode without it. |
 | `AGENTSHIELD_RPC_URL` | No | devnet | Solana RPC endpoint URL |
 | `AGENTSHIELD_AGENT_KEYPAIR_PATH` | No | — | Path to agent keypair JSON (needed for swap/position tools) |
 
@@ -57,7 +57,16 @@ Add to `.cursor/mcp.json` in your project:
 }
 ```
 
-## Tools (12)
+## Tools (22)
+
+### Setup & Onboarding (always available — no wallet required)
+
+| Tool | Description |
+|------|-------------|
+| `shield_setup_status` | Check current setup status — which security tiers are active |
+| `shield_configure` | Set up AgentShield with any tier (1=Shield, 2=TEE, 3=Vault) |
+| `shield_fund_wallet` | Generate funding links (Blink URL, Solana Pay, raw address) |
+| `shield_upgrade_tier` | Upgrade from current tier to a higher one |
 
 ### Read-Only
 
@@ -65,6 +74,7 @@ Add to `.cursor/mcp.json` in your project:
 |------|-------------|
 | `shield_check_vault` | Check vault status, owner, agent, and policy configuration |
 | `shield_check_spending` | Check rolling 24h spending and recent transaction history |
+| `shield_check_pending_policy` | Check pending timelocked policy update status |
 
 ### Owner-Signed (Write)
 
@@ -75,8 +85,12 @@ Add to `.cursor/mcp.json` in your project:
 | `shield_withdraw` | Withdraw tokens from a vault |
 | `shield_register_agent` | Register an agent signing key |
 | `shield_update_policy` | Update spending caps, token/protocol allowlists, leverage limits |
+| `shield_queue_policy_update` | Queue a timelocked policy change |
+| `shield_apply_pending_policy` | Apply a queued policy change after timelock expires |
+| `shield_cancel_pending_policy` | Cancel a queued policy change |
 | `shield_revoke_agent` | Emergency kill switch — freezes vault immediately |
 | `shield_reactivate_vault` | Unfreeze a vault, optionally with a new agent |
+| `shield_provision` | Provision a vault via Solana Actions |
 
 ### Agent-Signed (Requires `AGENTSHIELD_AGENT_KEYPAIR_PATH`)
 
@@ -85,6 +99,7 @@ Add to `.cursor/mcp.json` in your project:
 | `shield_execute_swap` | Execute a Jupiter token swap through the vault |
 | `shield_open_position` | Open a Flash Trade leveraged perpetual position |
 | `shield_close_position` | Close a Flash Trade perpetual position |
+| `shield_agent_transfer` | Transfer tokens to an allowlisted destination |
 
 ## Resources (3)
 
@@ -105,7 +120,7 @@ pnpm install
 # Build
 pnpm build
 
-# Run tests (82 tests)
+# Run tests (107 tests)
 pnpm test
 
 # Smoke test
@@ -117,7 +132,8 @@ AGENTSHIELD_WALLET_PATH=~/.config/solana/id.json node dist/index.js
 - **Transport**: stdio only (local subprocess of the AI tool)
 - **Credentials**: Environment variables (keypair file paths)
 - **SDK**: Wraps `AgentShieldClient` from `@agent-shield/sdk` — every tool delegates to a client method
-- **Error handling**: All 37 Anchor error codes mapped to human-readable messages with actionable suggestions
+- **Setup mode**: Starts without a wallet — only setup/onboarding tools available until configured
+- **Error handling**: All 40 Anchor error codes (6000–6039) mapped to human-readable messages with actionable suggestions
 
 ## Support
 

package/dist/config.d.ts

@@ -2,6 +2,61 @@ import { Keypair } from "@solana/web3.js";
 import { AgentShieldClient } from "@agent-shield/sdk";
 /** Supported custody providers for MCP server. */
 export type McpCustodyProvider = "crossmint" | "turnkey" | "privy";
+export interface ShieldLayerConfig {
+    shield: {
+        enabled: boolean;
+        dailyCapUsd: number;
+        allowedProtocols: string[];
+        maxLeverageBps: number;
+        rateLimit: number;
+    };
+    tee: {
+        enabled: boolean;
+        locator: string | null;
+        publicKey: string | null;
+    };
+    vault: {
+        enabled: boolean;
+        address: string | null;
+        owner: string | null;
+        vaultId: string | null;
+    };
+}
+export interface ShieldLocalConfig {
+    version: 1;
+    layers: ShieldLayerConfig;
+    wallet: {
+        type: "keypair" | "crossmint";
+        path: string | null;
+        publicKey: string;
+    };
+    network: "devnet" | "mainnet-beta";
+    template: "conservative" | "moderate" | "aggressive";
+    configuredAt: string;
+}
+/** Canonical config directory. */
+export declare function getConfigDir(): string;
+/** Canonical config file path. */
+export declare function getConfigPath(): string;
+/**
+ * Load local shield config from ~/.agentshield/config.json.
+ * Falls back to env vars for backwards compatibility with existing MCP installs.
+ * Returns null if neither config file nor env vars exist.
+ */
+export declare function loadShieldConfig(): ShieldLocalConfig | null;
+/**
+ * Save local shield config to ~/.agentshield/config.json.
+ * Creates the directory if needed. Sets file permissions to 0600.
+ */
+export declare function saveShieldConfig(config: ShieldLocalConfig): void;
+/**
+ * Returns true if AgentShield is configured (config file exists or env vars set).
+ */
+export declare function isConfigured(): boolean;
+/**
+ * Returns the current tier number based on enabled layers.
+ */
+export declare function getCurrentTier(config: ShieldLocalConfig): 1 | 2 | 3;
 export interface McpConfig {
     /** Path to owner wallet keypair JSON. Not needed when using custody. */
     walletPath?: string;

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,OAAO,EAAiB,MAAM,iBAAiB,CAAC;AAErE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAGtD,kDAAkD;AAClD,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,SAAS,GAAG,OAAO,CAAC;AAEnE,MAAM,WAAW,SAAS;IACxB,wEAAwE;IACxE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mEAAmE;IACnE,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,8DAA8D;IAC9D,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,2EAA2E;IAC3E,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,wBAAgB,UAAU,IAAI,SAAS,CAgCtC;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAOjD;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,SAAS,GAAG,iBAAiB,CAWjE;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC;IACpE,SAAS,EAAE,OAAO,iBAAiB,EAAE,SAAS,CAAC;IAC/C,eAAe,EAAE,QAAQ,CAAC;CAC3B,CAAC,CAuCD;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAQ3D"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,OAAO,EAAiB,MAAM,iBAAiB,CAAC;AAErE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAKtD,kDAAkD;AAClD,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,SAAS,GAAG,OAAO,CAAC;AAInE,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE;QACN,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,GAAG,EAAE;QACH,OAAO,EAAE,OAAO,CAAC;QACjB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;KAC1B,CAAC;IACF,KAAK,EAAE;QACL,OAAO,EAAE,OAAO,CAAC;QACjB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;QACvB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,CAAC;CACH;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,CAAC,CAAC;IACX,MAAM,EAAE,iBAAiB,CAAC;IAC1B,MAAM,EAAE;QACN,IAAI,EAAE,SAAS,GAAG,WAAW,CAAC;QAC9B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,OAAO,EAAE,QAAQ,GAAG,cAAc,CAAC;IACnC,QAAQ,EAAE,cAAc,GAAG,UAAU,GAAG,YAAY,CAAC;IACrD,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,kCAAkC;AAClC,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED,kCAAkC;AAClC,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,iBAAiB,GAAG,IAAI,CAgD3D;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAShE;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAEtC;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,iBAAiB,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAInE;AAED,MAAM,WAAW,SAAS;IACxB,wEAAwE;IACxE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mEAAmE;IACnE,eAAe,CAAC,EAAE,kBAAkB,CAAC;IACrC,8DAA8D;IAC9D,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,2EAA2E;IAC3E,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,wBAAgB,UAAU,IAAI,SAAS,CAgCtC;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAOjD;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,SAAS,GAAG,iBAAiB,CAWjE;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC;IACpE,SAAS,EAAE,OAAO,iBAAiB,EAAE,SAAS,CAAC;IAC/C,eAAe,EAAE,QAAQ,CAAC;CAC3B,CAAC,CAuCD;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAQ3D"}

package/dist/config.js

@@ -33,6 +33,12 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.getConfigDir = getConfigDir;
+exports.getConfigPath = getConfigPath;
+exports.loadShieldConfig = loadShieldConfig;
+exports.saveShieldConfig = saveShieldConfig;
+exports.isConfigured = isConfigured;
+exports.getCurrentTier = getCurrentTier;
 exports.loadConfig = loadConfig;
 exports.loadKeypair = loadKeypair;
 exports.createClient = createClient;
@@ -42,6 +48,99 @@ const web3_js_1 = require("@solana/web3.js");
 const anchor_1 = require("@coral-xyz/anchor");
 const sdk_1 = require("@agent-shield/sdk");
 const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+/** Canonical config directory. */
+function getConfigDir() {
+    return path.join(os.homedir(), ".agentshield");
+}
+/** Canonical config file path. */
+function getConfigPath() {
+    return path.join(getConfigDir(), "config.json");
+}
+/**
+ * Load local shield config from ~/.agentshield/config.json.
+ * Falls back to env vars for backwards compatibility with existing MCP installs.
+ * Returns null if neither config file nor env vars exist.
+ */
+function loadShieldConfig() {
+    const configPath = getConfigPath();
+    // Config file takes precedence
+    if (fs.existsSync(configPath)) {
+        try {
+            const raw = fs.readFileSync(configPath, "utf-8");
+            return JSON.parse(raw);
+        }
+        catch {
+            return null;
+        }
+    }
+    // Fall back to env vars (backwards compatible with existing installs)
+    const walletPath = process.env.AGENTSHIELD_WALLET_PATH;
+    if (walletPath) {
+        try {
+            const kp = loadKeypair(walletPath);
+            return {
+                version: 1,
+                layers: {
+                    shield: {
+                        enabled: true,
+                        dailyCapUsd: 500,
+                        allowedProtocols: [],
+                        maxLeverageBps: 0,
+                        rateLimit: 60,
+                    },
+                    tee: { enabled: false, locator: null, publicKey: null },
+                    vault: { enabled: false, address: null, owner: null, vaultId: null },
+                },
+                wallet: {
+                    type: "keypair",
+                    path: walletPath,
+                    publicKey: kp.publicKey.toBase58(),
+                },
+                network: (process.env.AGENTSHIELD_RPC_URL?.includes("mainnet")
+                    ? "mainnet-beta"
+                    : "devnet"),
+                template: "conservative",
+                configuredAt: new Date().toISOString(),
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    return null;
+}
+/**
+ * Save local shield config to ~/.agentshield/config.json.
+ * Creates the directory if needed. Sets file permissions to 0600.
+ */
+function saveShieldConfig(config) {
+    const dir = getConfigDir();
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+    const configPath = getConfigPath();
+    fs.writeFileSync(configPath, JSON.stringify(config, null, 2), {
+        mode: 0o600,
+    });
+}
+/**
+ * Returns true if AgentShield is configured (config file exists or env vars set).
+ */
+function isConfigured() {
+    return loadShieldConfig() !== null;
+}
+/**
+ * Returns the current tier number based on enabled layers.
+ */
+function getCurrentTier(config) {
+    if (config.layers.vault.enabled)
+        return 3;
+    if (config.layers.tee.enabled)
+        return 2;
+    return 1;
+}
 function loadConfig() {
     const rpcUrl = process.env.AGENTSHIELD_RPC_URL || (0, web3_js_1.clusterApiUrl)("devnet");
     const agentKeypairPath = process.env.AGENTSHIELD_AGENT_KEYPAIR_PATH || undefined;

package/dist/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqBA,gCAgCC;AAED,kCAOC;AAED,oCAWC;AAMD,kDA0CC;AAED,4CAQC;AArID,6CAAqE;AACrE,8CAA2C;AAC3C,2CAAsD;AACtD,uCAAyB;AAkBzB,SAAgB,UAAU;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,IAAA,uBAAa,EAAC,QAAQ,CAAC,CAAC;IAE1E,MAAM,gBAAgB,GACpB,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,SAAS,CAAC;IAE1D,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAEvB,CAAC;IAEd,IAAI,eAAe,EAAE,CAAC;QACpB,2CAA2C;QAC3C,OAAO;YACL,MAAM;YACN,gBAAgB;YAChB,eAAe;YACf,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,SAAS;YAC3D,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,SAAS;SACpE,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACvD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,kEAAkE;YAChE,qDAAqD;YACrD,2EAA2E,CAC9E,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;AAClD,CAAC;AAED,SAAgB,WAAW,CAAC,IAAY;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3C,CAAC,CAAC,IAAI,CAAC;IACT,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;IACnD,OAAO,iBAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;AAC1C,CAAC;AAED,SAAgB,YAAY,CAAC,MAAiB;IAC5C,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,oCAAoC;YAClC,+DAA+D,CAClE,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,eAAM,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,IAAI,oBAAU,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC9D,OAAO,IAAI,uBAAiB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,mBAAmB,CAAC,MAAiB;IAIzD,QAAQ,MAAM,CAAC,eAAe,EAAE,CAAC;QAC/B,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;YACJ,CAAC;YACD,+DAA+D;YAC/D,IAAI,GAAQ,CAAC;YACb,IAAI,CAAC;gBACH,GAAG,GAAG,OAAO,CAAC,iCAAiC,CAAC,CAAC;YACnD,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,KAAK,CACb,oDAAoD;oBAClD,kDAAkD,CACrD,CAAC;YACJ,CAAC;YACD,OAAO,GAAG,CAAC,SAAS,CAAC;gBACnB,MAAM,EAAE,MAAM,CAAC,eAAe;gBAC9B,OAAO,EAAE,MAAM,CAAC,gBAAgB;aACjC,CAAC,CAAC;QACL,CAAC;QACD,KAAK,SAAS;YACZ,MAAM,IAAI,KAAK,CACb,gDAAgD;gBAC9C,sDAAsD,CACzD,CAAC;QACJ,KAAK,OAAO;YACV,MAAM,IAAI,KAAK,CACb,8CAA8C;gBAC5C,oDAAoD,CACvD,CAAC;QACJ;YACE,MAAM,IAAI,KAAK,CACb,6BAA6B,MAAM,CAAC,eAAe,KAAK;gBACtD,uCAAuC,CAC1C,CAAC;IACN,CAAC;AACH,CAAC;AAED,SAAgB,gBAAgB,CAAC,MAAiB;IAChD,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACb,0EAA0E;YACxE,6DAA6D,CAChE,CAAC;IACJ,CAAC;IACD,OAAO,WAAW,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;AAC9C,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CA,oCAEC;AAGD,sCAEC;AAOD,4CAgDC;AAMD,4CASC;AAKD,oCAEC;AAKD,wCAIC;AAeD,gCAgCC;AAED,kCAOC;AAED,oCAWC;AAMD,kDA0CC;AAED,4CAQC;AA3QD,6CAAqE;AACrE,8CAA2C;AAC3C,2CAAsD;AACtD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAyCzB,kCAAkC;AAClC,SAAgB,YAAY;IAC1B,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,cAAc,CAAC,CAAC;AACjD,CAAC;AAED,kCAAkC;AAClC,SAAgB,aAAa;IAC3B,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,aAAa,CAAC,CAAC;AAClD,CAAC;AAED;;;;GAIG;AACH,SAAgB,gBAAgB;IAC9B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,+BAA+B;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACjD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAsB,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACvD,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;YACnC,OAAO;gBACL,OAAO,EAAE,CAAC;gBACV,MAAM,EAAE;oBACN,MAAM,EAAE;wBACN,OAAO,EAAE,IAAI;wBACb,WAAW,EAAE,GAAG;wBAChB,gBAAgB,EAAE,EAAE;wBACpB,cAAc,EAAE,CAAC;wBACjB,SAAS,EAAE,EAAE;qBACd;oBACD,GAAG,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;oBACvD,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;iBACrE;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,UAAU;oBAChB,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE;iBACnC;gBACD,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,QAAQ,CAAC,SAAS,CAAC;oBAC5D,CAAC,CAAC,cAAc;oBAChB,CAAC,CAAC,QAAQ,CAA8B;gBAC1C,QAAQ,EAAE,cAAc;gBACxB,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACvC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,MAAyB;IACxD,MAAM,GAAG,GAAG,YAAY,EAAE,CAAC;IAC3B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QAC5D,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY;IAC1B,OAAO,gBAAgB,EAAE,KAAK,IAAI,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,MAAyB;IACtD,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO;QAAE,OAAO,CAAC,CAAC;IAC1C,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO;QAAE,OAAO,CAAC,CAAC;IACxC,OAAO,CAAC,CAAC;AACX,CAAC;AAeD,SAAgB,UAAU;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,IAAA,uBAAa,EAAC,QAAQ,CAAC,CAAC;IAE1E,MAAM,gBAAgB,GACpB,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,SAAS,CAAC;IAE1D,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAEvB,CAAC;IAEd,IAAI,eAAe,EAAE,CAAC;QACpB,2CAA2C;QAC3C,OAAO;YACL,MAAM;YACN,gBAAgB;YAChB,eAAe;YACf,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,SAAS;YAC3D,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,SAAS;SACpE,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACvD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,kEAAkE;YAChE,qDAAqD;YACrD,2EAA2E,CAC9E,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;AAClD,CAAC;AAED,SAAgB,WAAW,CAAC,IAAY;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3C,CAAC,CAAC,IAAI,CAAC;IACT,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;IACnD,OAAO,iBAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;AAC1C,CAAC;AAED,SAAgB,YAAY,CAAC,MAAiB;IAC5C,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,oCAAoC;YAClC,+DAA+D,CAClE,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,eAAM,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,IAAI,oBAAU,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC9D,OAAO,IAAI,uBAAiB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,mBAAmB,CAAC,MAAiB;IAIzD,QAAQ,MAAM,CAAC,eAAe,EAAE,CAAC;QAC/B,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;YACJ,CAAC;YACD,+DAA+D;YAC/D,IAAI,GAAQ,CAAC;YACb,IAAI,CAAC;gBACH,GAAG,GAAG,OAAO,CAAC,iCAAiC,CAAC,CAAC;YACnD,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,KAAK,CACb,oDAAoD;oBAClD,kDAAkD,CACrD,CAAC;YACJ,CAAC;YACD,OAAO,GAAG,CAAC,SAAS,CAAC;gBACnB,MAAM,EAAE,MAAM,CAAC,eAAe;gBAC9B,OAAO,EAAE,MAAM,CAAC,gBAAgB;aACjC,CAAC,CAAC;QACL,CAAC;QACD,KAAK,SAAS;YACZ,MAAM,IAAI,KAAK,CACb,gDAAgD;gBAC9C,sDAAsD,CACzD,CAAC;QACJ,KAAK,OAAO;YACV,MAAM,IAAI,KAAK,CACb,8CAA8C;gBAC5C,oDAAoD,CACvD,CAAC;QACJ;YACE,MAAM,IAAI,KAAK,CACb,6BAA6B,MAAM,CAAC,eAAe,KAAK;gBACtD,uCAAuC,CAC1C,CAAC;IACN,CAAC;AACH,CAAC;AAED,SAAgB,gBAAgB,CAAC,MAAiB;IAChD,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CACb,0EAA0E;YACxE,6DAA6D,CAChE,CAAC;IACJ,CAAC;IACD,OAAO,WAAW,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;AAC9C,CAAC"}

package/dist/index.js

@@ -24,10 +24,17 @@ const apply_pending_policy_1 = require("./tools/apply-pending-policy");
 const cancel_pending_policy_1 = require("./tools/cancel-pending-policy");
 const check_pending_policy_1 = require("./tools/check-pending-policy");
 const agent_transfer_1 = require("./tools/agent-transfer");
+// Setup & onboarding tools (work without SDK client)
+const setup_status_1 = require("./tools/setup-status");
+const configure_1 = require("./tools/configure");
+const fund_wallet_1 = require("./tools/fund-wallet");
+const upgrade_tier_1 = require("./tools/upgrade-tier");
 // Resources
 const policy_1 = require("./resources/policy");
 const spending_1 = require("./resources/spending");
 const activity_1 = require("./resources/activity");
+const NOT_CONFIGURED_MSG = "AgentShield is not configured yet. " +
+    'Use shield_setup_status to check status, or ask me to "Set up AgentShield".';
 /**
  * Helper to register a tool with the MCP server.
  * Uses `any` cast to work around zod version mismatch between
@@ -40,28 +47,98 @@ function registerTool(server, name, description, schema, handler) {
 async function main() {
     // All logging to stderr — stdout is reserved for JSON-RPC
     console.error("[agent-shield-mcp] Starting...");
-    let config;
+    // Try to load config, but don't exit if it fails — run in setup mode
+    let config = null;
+    let client = null;
     try {
         config = (0, config_1.loadConfig)();
-    }
-    catch (error) {
-        console.error(`[agent-shield-mcp] Configuration error: ${error}`);
-        process.exit(1);
-    }
-    let client;
-    try {
         client = (0, config_1.createClient)(config);
+        console.error(`[agent-shield-mcp] Connected to ${config.rpcUrl}, ` +
+            `wallet: ${client.provider.wallet.publicKey.toBase58()}`);
+    }
+    catch {
+        console.error("[agent-shield-mcp] No wallet configured — running in setup mode. " +
+            "Use shield_setup_status or shield_configure to get started.");
     }
-    catch (error) {
-        console.error(`[agent-shield-mcp] Client creation failed: ${error}`);
-        process.exit(1);
+    /**
+     * Guard for tools that require a configured SDK client.
+     * Returns the "not configured" message if no client is available.
+     */
+    function requireClient(fn) {
+        return async (input) => {
+            // Re-check at call time (config may have been created since startup)
+            if (!client) {
+                try {
+                    const freshConfig = (0, config_1.loadConfig)();
+                    client = (0, config_1.createClient)(freshConfig);
+                    config = freshConfig;
+                }
+                catch {
+                    return {
+                        content: [{ type: "text", text: NOT_CONFIGURED_MSG }],
+                    };
+                }
+            }
+            return {
+                content: [{ type: "text", text: await fn(input) }],
+            };
+        };
     }
-    console.error(`[agent-shield-mcp] Connected to ${config.rpcUrl}, ` +
-        `wallet: ${client.provider.wallet.publicKey.toBase58()}`);
     const server = new mcp_js_1.McpServer({
         name: "agent-shield",
         version: "0.1.0",
     });
+    // ── Setup & Onboarding Tools (always available) ───────────────
+    registerTool(server, "shield_setup_status", "Check the current AgentShield setup status — shows which security tiers are active, wallet, policy, and network. Works even when not configured.", {}, async (input) => ({
+        content: [{ type: "text", text: await (0, setup_status_1.setupStatus)(null, input) }],
+    }));
+    registerTool(server, "shield_configure", "Set up AgentShield with any security tier (1=Shield, 2=Shield+TEE, 3=Shield+TEE+Vault). Generates keypair, provisions TEE, and/or creates vault.", {
+        tier: zod_1.z
+            .union([zod_1.z.literal(1), zod_1.z.literal(2), zod_1.z.literal(3)])
+            .describe("Security tier: 1=Shield, 2=Shield+TEE, 3=Shield+TEE+Vault"),
+        template: zod_1.z
+            .enum(["conservative", "moderate", "aggressive"])
+            .optional()
+            .default("conservative")
+            .describe("Policy template"),
+        dailyCapUsd: zod_1.z.number().optional().describe("Custom daily cap in USD"),
+        allowedProtocols: zod_1.z
+            .array(zod_1.z.string())
+            .optional()
+            .describe("Custom protocol IDs (base58)"),
+        maxLeverageBps: zod_1.z
+            .number()
+            .optional()
+            .describe("Custom max leverage in BPS"),
+        rateLimit: zod_1.z.number().optional().describe("Custom rate limit (tx/min)"),
+        network: zod_1.z
+            .enum(["devnet", "mainnet-beta"])
+            .optional()
+            .default("devnet")
+            .describe("Solana network"),
+        walletPath: zod_1.z
+            .string()
+            .optional()
+            .describe("Path to existing keypair JSON"),
+    }, async (input) => ({
+        content: [{ type: "text", text: await (0, configure_1.configure)(null, input) }],
+    }));
+    registerTool(server, "shield_fund_wallet", "Generate funding links (Blink URL, Solana Pay, raw address) for the configured AgentShield wallet.", {
+        mint: zod_1.z
+            .string()
+            .optional()
+            .describe("Token mint (base58). Omit for SOL."),
+        amount: zod_1.z.string().optional().describe("Amount in human-readable units"),
+    }, async (input) => ({
+        content: [{ type: "text", text: await (0, fund_wallet_1.fundWallet)(null, input) }],
+    }));
+    registerTool(server, "shield_upgrade_tier", "Upgrade AgentShield from current tier to a higher one (2=add TEE, 3=add Vault). Preserves existing policy.", {
+        targetTier: zod_1.z
+            .union([zod_1.z.literal(2), zod_1.z.literal(3)])
+            .describe("Target tier: 2=add TEE, 3=add Vault"),
+    }, async (input) => ({
+        content: [{ type: "text", text: await (0, upgrade_tier_1.upgradeTier)(null, input) }],
+    }));
     // ── Read-Only Tools ──────────────────────────────────────────
     registerTool(server, "shield_check_vault", "Check the status and policy configuration of an AgentShield vault", {
         vault: zod_1.z
@@ -75,21 +152,13 @@ async function main() {
             .string()
             .optional()
             .describe("Vault ID number. Used with owner."),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, check_vault_1.checkVault)(client, input) }],
-    }));
+    }, requireClient((input) => (0, check_vault_1.checkVault)(client, input)));
     registerTool(server, "shield_check_spending", "Check the rolling 24h spending and recent transactions for a vault", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, check_spending_1.checkSpending)(client, input) }],
-    }));
+    }, requireClient((input) => (0, check_spending_1.checkSpending)(client, input)));
     registerTool(server, "shield_check_pending_policy", "Check if a pending timelocked policy update exists for a vault", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
-    }, async (input) => ({
-        content: [
-            { type: "text", text: await (0, check_pending_policy_1.checkPendingPolicy)(client, input) },
-        ],
-    }));
+    }, requireClient((input) => (0, check_pending_policy_1.checkPendingPolicy)(client, input)));
     // ── Owner-Signed Write Tools ────────────────────────────────
     registerTool(server, "shield_create_vault", "Create a new AgentShield vault with policy configuration", {
         vaultId: zod_1.z.string().describe("Unique vault ID number"),
@@ -128,29 +197,21 @@ async function main() {
             .optional()
             .default(0)
             .describe("Timelock duration in seconds (0 = immediate policy updates)"),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, create_vault_1.createVault)(client, input) }],
-    }));
+    }, requireClient((input) => (0, create_vault_1.createVault)(client, input)));
     registerTool(server, "shield_deposit", "Deposit tokens into an AgentShield vault", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
         mint: zod_1.z.string().describe("Token mint address (base58)"),
         amount: zod_1.z.string().describe("Amount in token base units"),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, deposit_1.deposit)(client, input) }],
-    }));
+    }, requireClient((input) => (0, deposit_1.deposit)(client, input)));
     registerTool(server, "shield_withdraw", "Withdraw tokens from an AgentShield vault (owner-only)", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
         mint: zod_1.z.string().describe("Token mint address (base58)"),
         amount: zod_1.z.string().describe("Amount in token base units"),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, withdraw_1.withdraw)(client, input) }],
-    }));
+    }, requireClient((input) => (0, withdraw_1.withdraw)(client, input)));
     registerTool(server, "shield_register_agent", "Register an agent signing key to a vault", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
         agent: zod_1.z.string().describe("Agent public key to register (base58)"),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, register_agent_1.registerAgent)(client, input) }],
-    }));
+    }, requireClient((input) => (0, register_agent_1.registerAgent)(client, input)));
     registerTool(server, "shield_update_policy", "Update the policy configuration for a vault (owner-only)", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
         dailySpendingCapUsd: zod_1.z
@@ -190,9 +251,7 @@ async function main() {
             .number()
             .optional()
             .describe("New timelock duration in seconds"),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, update_policy_1.updatePolicy)(client, input) }],
-    }));
+    }, requireClient((input) => (0, update_policy_1.updatePolicy)(client, input)));
     registerTool(server, "shield_queue_policy_update", "Queue a timelocked policy change (required when timelock_duration > 0)", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
         dailySpendingCapUsd: zod_1.z
@@ -232,37 +291,23 @@ async function main() {
             .number()
             .optional()
             .describe("New developer fee rate (max 50)"),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, queue_policy_update_1.queuePolicyUpdate)(client, input) }],
-    }));
+    }, requireClient((input) => (0, queue_policy_update_1.queuePolicyUpdate)(client, input)));
     registerTool(server, "shield_apply_pending_policy", "Apply a pending timelocked policy update after timelock expires", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
-    }, async (input) => ({
-        content: [
-            { type: "text", text: await (0, apply_pending_policy_1.applyPendingPolicy)(client, input) },
-        ],
-    }));
+    }, requireClient((input) => (0, apply_pending_policy_1.applyPendingPolicy)(client, input)));
     registerTool(server, "shield_cancel_pending_policy", "Cancel a pending timelocked policy update before it takes effect", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
-    }, async (input) => ({
-        content: [
-            { type: "text", text: await (0, cancel_pending_policy_1.cancelPendingPolicy)(client, input) },
-        ],
-    }));
+    }, requireClient((input) => (0, cancel_pending_policy_1.cancelPendingPolicy)(client, input)));
     registerTool(server, "shield_revoke_agent", "Emergency kill switch — revokes agent and freezes vault immediately", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, revoke_agent_1.revokeAgent)(client, input) }],
-    }));
+    }, requireClient((input) => (0, revoke_agent_1.revokeAgent)(client, input)));
     registerTool(server, "shield_reactivate_vault", "Reactivate a frozen vault, optionally with a new agent", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
         newAgent: zod_1.z
             .string()
             .optional()
             .describe("Optional new agent public key (base58)"),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, reactivate_vault_1.reactivateVault)(client, input) }],
-    }));
+    }, requireClient((input) => (0, reactivate_vault_1.reactivateVault)(client, input)));
     // ── Agent-Signed Tools ──────────────────────────────────────
     registerTool(server, "shield_agent_transfer", "Transfer tokens from a vault to an allowed destination (agent-signed)", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
@@ -271,9 +316,7 @@ async function main() {
             .describe("Destination wallet address (base58). Must be in allowed_destinations if configured."),
         mint: zod_1.z.string().describe("Token mint address (base58)"),
         amount: zod_1.z.string().describe("Amount in token base units"),
-    }, async (input) => ({
-        content: [{ type: "text", text: await (0, agent_transfer_1.agentTransfer)(client, input) }],
-    }));
+    }, requireClient((input) => (0, agent_transfer_1.agentTransfer)(client, input)));
     registerTool(server, "shield_execute_swap", "Execute a Jupiter token swap through an AgentShield vault", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
         inputMint: zod_1.z.string().describe("Input token mint address (base58)"),
@@ -284,11 +327,7 @@ async function main() {
             .optional()
             .default(50)
             .describe("Slippage tolerance in BPS (default: 50)"),
-    }, async (input) => ({
-        content: [
-            { type: "text", text: await (0, execute_swap_1.executeSwap)(client, config, input) },
-        ],
-    }));
+    }, requireClient((input) => (0, execute_swap_1.executeSwap)(client, config, input)));
     registerTool(server, "shield_open_position", "Open a leveraged perpetual position via Flash Trade through a vault", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
         market: zod_1.z.string().describe("Market/pool name (e.g. 'SOL', 'ETH')"),
@@ -303,11 +342,7 @@ async function main() {
         leverageBps: zod_1.z
             .number()
             .describe("Leverage in basis points (e.g. 20000 = 2x)"),
-    }, async (input) => ({
-        content: [
-            { type: "text", text: await (0, open_position_1.openPosition)(client, config, input) },
-        ],
-    }));
+    }, requireClient((input) => (0, open_position_1.openPosition)(client, config, input)));
     registerTool(server, "shield_close_position", "Close a leveraged perpetual position via Flash Trade through a vault", {
         vault: zod_1.z.string().describe("Vault PDA address (base58)"),
         market: zod_1.z.string().describe("Market/pool name (e.g. 'SOL', 'ETH')"),
@@ -318,11 +353,7 @@ async function main() {
             .optional()
             .default(0)
             .describe("Price exponent (default: 0)"),
-    }, async (input) => ({
-        content: [
-            { type: "text", text: await (0, close_position_1.closePosition)(client, config, input) },
-        ],
-    }));
+    }, requireClient((input) => (0, close_position_1.closePosition)(client, config, input)));
     // ── Platform Tools ─────────────────────────────────────────
     registerTool(server, "shield_provision", "Generate a Solana Action URL (Blink) for one-click vault provisioning. The user clicks the link to approve — no agent signing needed.", {
         platformUrl: zod_1.z
@@ -356,6 +387,17 @@ async function main() {
     }));
     // ── MCP Resources ───────────────────────────────────────────
     server.resource("vault-policy", "shield://vault/{address}/policy", { description: "Current policy configuration for a vault" }, async (uri) => {
+        if (!client) {
+            return {
+                contents: [
+                    {
+                        uri: uri.href,
+                        mimeType: "text/plain",
+                        text: NOT_CONFIGURED_MSG,
+                    },
+                ],
+            };
+        }
         const address = uri.pathname.split("/")[2];
         return {
             contents: [
@@ -368,6 +410,17 @@ async function main() {
         };
     });
     server.resource("vault-spending", "shield://vault/{address}/spending", { description: "Rolling 24h spending state for a vault" }, async (uri) => {
+        if (!client) {
+            return {
+                contents: [
+                    {
+                        uri: uri.href,
+                        mimeType: "text/plain",
+                        text: NOT_CONFIGURED_MSG,
+                    },
+                ],
+            };
+        }
         const address = uri.pathname.split("/")[2];
         return {
             contents: [
@@ -380,6 +433,17 @@ async function main() {
         };
     });
     server.resource("vault-activity", "shield://vault/{address}/activity", { description: "Recent transaction history for a vault" }, async (uri) => {
+        if (!client) {
+            return {
+                contents: [
+                    {
+                        uri: uri.href,
+                        mimeType: "text/plain",
+                        text: NOT_CONFIGURED_MSG,
+                    },
+                ],
+            };
+        }
         const address = uri.pathname.split("/")[2];
         return {
             contents: [