@fhestate/mcp-server 1.0.0

package/data/agents.json

@@ -0,0 +1,81 @@
+{
+  "demoOrders": [
+    "Sentinel Secret Vote (2 min, best for CT)",
+    "Sentinel → Auditor Compliance Scan → Auditor Seal Record",
+    "Sentinel Market Signal → Coordinator Route Intent"
+  ],
+  "agents": [
+    {
+      "id": "sentinel",
+      "sdkId": "fhestate-sentinel-v1",
+      "name": "Sentinel",
+      "role": "Confidential operations",
+      "strategy": "Signal · Vote · Policy",
+      "prerequisites": "None — run any Sentinel mission first",
+      "missions": [
+        {
+          "id": "signal",
+          "label": "Market Signal",
+          "inputKind": "signal",
+          "valueHint": "uint32 signal level",
+          "prerequisites": null
+        },
+        {
+          "id": "vote",
+          "label": "Secret Vote",
+          "inputKind": "vote",
+          "valueHint": "1 = YES, 0 = NO",
+          "prerequisites": null
+        },
+        {
+          "id": "threshold",
+          "label": "Policy Gate",
+          "inputKind": "threshold",
+          "valueHint": "uint32 policy threshold",
+          "prerequisites": null
+        }
+      ]
+    },
+    {
+      "id": "auditor",
+      "sdkId": "fhestate-auditor-v1",
+      "name": "Auditor",
+      "role": "Compliance attestation",
+      "strategy": "Verify · Attest · Log",
+      "prerequisites": "Seal Record requires prior Auditor memory",
+      "missions": [
+        {
+          "id": "audit-scan",
+          "label": "Compliance Scan",
+          "inputKind": "checkpoint",
+          "valueHint": "checkpoint code 1–255",
+          "prerequisites": null
+        },
+        {
+          "id": "audit-seal",
+          "label": "Seal Record",
+          "inputKind": "seal",
+          "valueHint": "seal nonce 1–9999",
+          "prerequisites": "Run Compliance Scan first"
+        }
+      ]
+    },
+    {
+      "id": "coordinator",
+      "sdkId": "fhestate-coordinator-v1",
+      "name": "Coordinator",
+      "role": "Multi-party routing",
+      "strategy": "Route · Sync · Commit",
+      "prerequisites": "Route Intent requires at least one Sentinel memory slot",
+      "missions": [
+        {
+          "id": "route-intent",
+          "label": "Route Intent",
+          "inputKind": "route",
+          "valueHint": "route channel id 1–100",
+          "prerequisites": "Run any Sentinel mission first"
+        }
+      ]
+    }
+  ]
+}

package/dist/blind-step.d.ts

@@ -0,0 +1,43 @@
+export type MemorySlot = {
+    slot: number;
+    intentHash: string;
+    stepHash: string;
+    commitmentUri: string;
+    recordedAt: string;
+};
+export type StepResult = {
+    agentId: string;
+    missionId: string;
+    stepIndex: number;
+    intentHash: string;
+    stepHash: string;
+    commitmentUri: string;
+    previousStepHash: string | null;
+};
+/**
+ * Zero-Knowledge Volatile Memory.
+ * An ephemeral memory class that exclusively stores SHA-256 state commitments.
+ * At no point does this class hold plaintext values or private keys.
+ * It functions as a local, localized blockchain to track the agent's workflow state.
+ */
+export declare class LocalMemory {
+    private slots;
+    list(): MemorySlot[];
+    latestStepHash(): string | null;
+    record(slot: MemorySlot): void;
+}
+/**
+ * Executes a "Blind State" transition.
+ * Takes a newly generated FHE ciphertext hash (intentHash) and cryptographically links it
+ * to the agent's historical hash chain (`previousStepHash`). This creates an immutable
+ * local execution trail that can be audited homomorphically without ever revealing the
+ * underlying plaintext operations to the host memory.
+ *
+ * @param agentId The identifier of the active agent (e.g. sentinel, auditor).
+ * @param missionId The specific registered workflow mission.
+ * @param intentHash The SHA-256 hash of the generated `ciphertext.bin`.
+ * @param memory The agent's Zero-Knowledge volatile memory instance.
+ * @returns The resulting cryptographic step commitment.
+ */
+export declare function runBlindStep(agentId: string, missionId: string, intentHash: string, memory: LocalMemory): StepResult;
+//# sourceMappingURL=blind-step.d.ts.map

package/dist/blind-step.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"blind-step.d.ts","sourceRoot":"","sources":["../src/blind-step.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACjC,CAAC;AAMF;;;;;GAKG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,KAAK,CAAoB;IAEjC,IAAI,IAAI,UAAU,EAAE;IAIpB,cAAc,IAAI,MAAM,GAAG,IAAI;IAI/B,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;CAG/B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,WAAW,GAClB,UAAU,CAwBZ"}

package/dist/blind-step.js

@@ -0,0 +1,59 @@
+import { createHash } from "node:crypto";
+function sha256Hex(text) {
+    return createHash("sha256").update(text, "utf8").digest("hex");
+}
+/**
+ * Zero-Knowledge Volatile Memory.
+ * An ephemeral memory class that exclusively stores SHA-256 state commitments.
+ * At no point does this class hold plaintext values or private keys.
+ * It functions as a local, localized blockchain to track the agent's workflow state.
+ */
+export class LocalMemory {
+    slots = [];
+    list() {
+        return [...this.slots];
+    }
+    latestStepHash() {
+        return this.slots[this.slots.length - 1]?.stepHash ?? null;
+    }
+    record(slot) {
+        this.slots.push(slot);
+    }
+}
+/**
+ * Executes a "Blind State" transition.
+ * Takes a newly generated FHE ciphertext hash (intentHash) and cryptographically links it
+ * to the agent's historical hash chain (`previousStepHash`). This creates an immutable
+ * local execution trail that can be audited homomorphically without ever revealing the
+ * underlying plaintext operations to the host memory.
+ *
+ * @param agentId The identifier of the active agent (e.g. sentinel, auditor).
+ * @param missionId The specific registered workflow mission.
+ * @param intentHash The SHA-256 hash of the generated `ciphertext.bin`.
+ * @param memory The agent's Zero-Knowledge volatile memory instance.
+ * @returns The resulting cryptographic step commitment.
+ */
+export function runBlindStep(agentId, missionId, intentHash, memory) {
+    const previousStepHash = memory.latestStepHash();
+    const stepIndex = memory.list().length + 1;
+    const payload = `${agentId}|${missionId}|${intentHash}|${stepIndex}|${previousStepHash ?? "genesis"}`;
+    const stepHash = sha256Hex(payload);
+    const commitmentUri = `local://${missionId}/${intentHash}`;
+    memory.record({
+        slot: stepIndex,
+        intentHash,
+        stepHash,
+        commitmentUri,
+        recordedAt: new Date().toISOString(),
+    });
+    return {
+        agentId,
+        missionId,
+        stepIndex,
+        intentHash,
+        stepHash,
+        commitmentUri,
+        previousStepHash,
+    };
+}
+//# sourceMappingURL=blind-step.js.map

package/dist/blind-step.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"blind-step.js","sourceRoot":"","sources":["../src/blind-step.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAoBzC,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACjE,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,WAAW;IACd,KAAK,GAAiB,EAAE,CAAC;IAEjC,IAAI;QACF,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED,cAAc;QACZ,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,QAAQ,IAAI,IAAI,CAAC;IAC7D,CAAC;IAED,MAAM,CAAC,IAAgB;QACrB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;CACF;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAe,EACf,SAAiB,EACjB,UAAkB,EAClB,MAAmB;IAEnB,MAAM,gBAAgB,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;IACjD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,GAAG,OAAO,IAAI,SAAS,IAAI,UAAU,IAAI,SAAS,IAAI,gBAAgB,IAAI,SAAS,EAAE,CAAC;IACtG,MAAM,QAAQ,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,aAAa,GAAG,WAAW,SAAS,IAAI,UAAU,EAAE,CAAC;IAE3D,MAAM,CAAC,MAAM,CAAC;QACZ,IAAI,EAAE,SAAS;QACf,UAAU;QACV,QAAQ;QACR,aAAa;QACb,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC,CAAC;IAEH,OAAO;QACL,OAAO;QACP,SAAS;QACT,SAAS;QACT,UAAU;QACV,QAAQ;QACR,aAAa;QACb,gBAAgB;KACjB,CAAC;AACJ,CAAC"}

package/dist/cli-bridge.d.ts

@@ -0,0 +1,62 @@
+/**
+ * Cryptographic boundary constraint: Enforces rigorous parameter type checking.
+ * Rejects floating point approximations or negative bounds hallucinogenically generated by LLMs.
+ * @param value The raw numeric input to validate.
+ * @throws {RangeError} If the value exceeds the 32-bit unsigned integer mathematical bound.
+ */
+export declare function assertUint32(value: number): void;
+/**
+ * IPC Argument Sanitization Layer.
+ * Intercepts LLM-generated arguments before they hit the child_process.spawn boundary.
+ * Strictly prevents path traversal (e.g. `../`) and memory exhaustion via massive array spamming.
+ * @param subcommand The target execution command for the Rust binary.
+ * @param args The parameter array generated by the AI agent.
+ * @returns A safe, normalized string array or a strict rejection error.
+ */
+export declare function sanitizeCliArgs(subcommand: string, args: string[]): {
+    ok: true;
+    args: string[];
+} | {
+    ok: false;
+    error: string;
+};
+export type CliRunResult = {
+    ok: boolean;
+    exitCode: number | null;
+    stdout: string;
+    stderr: string;
+    parsed?: Record<string, string>;
+    sha256?: string;
+};
+export declare function getCliPath(): string;
+export declare function cliInstallHint(): string;
+export declare function parseCliKvOutput(stdout: string): Record<string, string>;
+export declare function extractSha256(stdout: string): string | undefined;
+/**
+ * Core Coprocessor Execution Bridge (Zero-Trust).
+ * Spawns the deterministic `fhe-cli` Rust binary using `shell: false` to fundamentally
+ * prevent Remote Code Execution (RCE) via shell interpolation. Includes rigid 60-second
+ * buffer timeouts and 512KB memory capping to prevent LLM-induced host exhaustion.
+ * @param subcommand The pre-approved FHE operation to execute.
+ * @param args The sanitized argument vector.
+ * @returns The fully redacted, standardized CLI result object containing stdout/stderr streams.
+ */
+export declare function runFheCli(subcommand: string, args?: string[]): Promise<CliRunResult>;
+/**
+ * Temporal Encryption Orchestrator.
+ * Spawns a highly volatile, ephemeral temporal directory in the host OS to securely store
+ * the intermediate `ciphertext.bin`. Executes the Rust lattice encryption, extracts the
+ * final `SHA-256` commitment hash, and immolates the temporal directory to guarantee
+ * zero plaintext leakage.
+ * @param value The strictly validated unsigned 32-bit integer to encrypt.
+ * @returns The resulting cryptographic hash and Solana commitment URI.
+ */
+export declare function encryptValueViaCli(value: number): Promise<{
+    ok: boolean;
+    sha256?: string;
+    commitmentUri?: string;
+    stdout: string;
+    stderr: string;
+    error?: string;
+}>;
+//# sourceMappingURL=cli-bridge.d.ts.map

package/dist/cli-bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-bridge.d.ts","sourceRoot":"","sources":["../src/cli-bridge.ts"],"names":[],"mappings":"AAkCA;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAIhD;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAC7B,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EAAE,GACb;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAmB7D;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED,wBAAgB,cAAc,IAAI,MAAM,CAKvC;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAOvE;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAMhE;AAeD;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAC7B,UAAU,EAAE,MAAM,EAClB,IAAI,GAAE,MAAM,EAAO,GAClB,OAAO,CAAC,YAAY,CAAC,CA8DvB;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IAC/D,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC,CAyBD"}

package/dist/cli-bridge.js

@@ -0,0 +1,224 @@
+import { spawn } from "node:child_process";
+import { mkdtemp, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { redact } from "./redact.js";
+const ALLOWED = new Set([
+    "doctor",
+    "status",
+    "config-init",
+    "setup",
+    "submit",
+    "submit-input",
+    "submit-file",
+    "init-state",
+    "reveal",
+    "encrypt",
+    "keygen",
+    "wallet",
+    "balance",
+    "airdrop",
+    "history",
+    "cache",
+    "watch",
+    "flow",
+]);
+const TIMEOUT_MS = 60_000;
+const MAX_OUTPUT = 512 * 1024;
+const MAX_CLI_ARGS = 32;
+const MAX_ARG_LEN = 4096;
+const UINT32_MAX = 0xffffffff;
+/**
+ * Cryptographic boundary constraint: Enforces rigorous parameter type checking.
+ * Rejects floating point approximations or negative bounds hallucinogenically generated by LLMs.
+ * @param value The raw numeric input to validate.
+ * @throws {RangeError} If the value exceeds the 32-bit unsigned integer mathematical bound.
+ */
+export function assertUint32(value) {
+    if (!Number.isInteger(value) || value < 0 || value > UINT32_MAX) {
+        throw new RangeError("value must be an integer from 0 to 4294967295 (uint32)");
+    }
+}
+/**
+ * IPC Argument Sanitization Layer.
+ * Intercepts LLM-generated arguments before they hit the child_process.spawn boundary.
+ * Strictly prevents path traversal (e.g. `../`) and memory exhaustion via massive array spamming.
+ * @param subcommand The target execution command for the Rust binary.
+ * @param args The parameter array generated by the AI agent.
+ * @returns A safe, normalized string array or a strict rejection error.
+ */
+export function sanitizeCliArgs(subcommand, args) {
+    const cmd = subcommand.split(/\s+/)[0].toLowerCase();
+    if (args.length > MAX_CLI_ARGS) {
+        return { ok: false, error: `Too many CLI arguments (max ${MAX_CLI_ARGS})` };
+    }
+    for (const arg of args) {
+        if (arg.length > MAX_ARG_LEN)
+            return { ok: false, error: "CLI argument too long" };
+        if (/[\0\r\n]/.test(arg))
+            return { ok: false, error: "Invalid CLI argument" };
+        if (cmd === "encrypt" && (arg === "--out" || arg.startsWith("--out="))) {
+            return {
+                ok: false,
+                error: "Use fhe_encrypt for encrypt; --out is not allowed via fhe_cli_run",
+            };
+        }
+        if (/\.\.(\/|\\)/.test(arg)) {
+            return { ok: false, error: "Path traversal in CLI argument is not allowed" };
+        }
+    }
+    return { ok: true, args };
+}
+export function getCliPath() {
+    return process.env.FHESTATE_CLI_PATH ?? "fhe-cli";
+}
+export function cliInstallHint() {
+    return ("fhe-cli not found. Build from fhestate-rs: cargo build --release -p fhe-cli, " +
+        "then set FHESTATE_CLI_PATH or add target/release to PATH.");
+}
+export function parseCliKvOutput(stdout) {
+    const parsed = {};
+    for (const line of stdout.split(/\r?\n/)) {
+        const m = line.match(/^\s*([^:]+):\s*(.+)\s*$/);
+        if (m)
+            parsed[m[1].trim().toLowerCase()] = m[2].trim();
+    }
+    return parsed;
+}
+export function extractSha256(stdout) {
+    const parsed = parseCliKvOutput(stdout);
+    const fromKv = parsed["sha-256"] ?? parsed["sha256"];
+    if (fromKv && /^[a-f0-9]{64}$/i.test(fromKv))
+        return fromKv.toLowerCase();
+    const m = stdout.match(/SHA-256:\s*([a-f0-9]{64})/i);
+    return m?.[1]?.toLowerCase();
+}
+function toClapArgs(subcommand, args) {
+    const base = subcommand.toLowerCase();
+    if (base === "config-init")
+        return ["config-init", ...args];
+    if (base === "submit-input")
+        return ["submit-input", ...args];
+    if (base === "submit-file")
+        return ["submit-file", ...args];
+    if (base === "init-state")
+        return ["init-state", ...args];
+    if (base === "cache" && args[0] === "list")
+        return ["cache", "list"];
+    if (base === "cache" && args[0] === "show")
+        return ["cache", "show", ...args.slice(1)];
+    if (base === "wallet" && args[0] === "new")
+        return ["wallet", "new", ...args.slice(1)];
+    if (base === "flow" && args[0] === "counter")
+        return ["flow", "counter", ...args.slice(1)];
+    return [base, ...args];
+}
+/**
+ * Core Coprocessor Execution Bridge (Zero-Trust).
+ * Spawns the deterministic `fhe-cli` Rust binary using `shell: false` to fundamentally
+ * prevent Remote Code Execution (RCE) via shell interpolation. Includes rigid 60-second
+ * buffer timeouts and 512KB memory capping to prevent LLM-induced host exhaustion.
+ * @param subcommand The pre-approved FHE operation to execute.
+ * @param args The sanitized argument vector.
+ * @returns The fully redacted, standardized CLI result object containing stdout/stderr streams.
+ */
+export async function runFheCli(subcommand, args = []) {
+    const cmd = subcommand.split(/\s+/)[0].toLowerCase();
+    if (!ALLOWED.has(cmd)) {
+        return {
+            ok: false,
+            exitCode: 1,
+            stdout: "",
+            stderr: `Subcommand not allowed: ${subcommand}. Allowed: ${[...ALLOWED].join(", ")}`,
+        };
+    }
+    const cli = getCliPath();
+    const argv = toClapArgs(subcommand, args);
+    const env = { ...process.env };
+    if (process.env.FHESTATE_RPC)
+        env.FHESTATE_RPC = process.env.FHESTATE_RPC;
+    if (process.env.FHESTATE_WALLET_PATH)
+        env.FHESTATE_WALLET_PATH = process.env.FHESTATE_WALLET_PATH;
+    if (process.env.FHESTATE_PROGRAM_ID)
+        env.FHESTATE_PROGRAM_ID = process.env.FHESTATE_PROGRAM_ID;
+    return new Promise((resolvePromise) => {
+        let stdout = "";
+        let stderr = "";
+        // Important: do not use `shell:true` for native binaries.
+        // Under MCP/Node, `shell:true` can cause hangs on Windows when stdout is piped.
+        const child = spawn(cli, argv, { env, shell: false, windowsHide: true });
+        const timer = setTimeout(() => {
+            child.kill("SIGTERM");
+            stderr += "\n[timeout after 60s]";
+        }, TIMEOUT_MS);
+        child.stdout?.on("data", (chunk) => {
+            stdout += chunk.toString();
+            if (stdout.length > MAX_OUTPUT)
+                stdout = stdout.slice(0, MAX_OUTPUT) + "\n[truncated]";
+        });
+        child.stderr?.on("data", (chunk) => {
+            stderr += chunk.toString();
+            if (stderr.length > MAX_OUTPUT)
+                stderr = stderr.slice(0, MAX_OUTPUT) + "\n[truncated]";
+        });
+        child.on("error", (err) => {
+            clearTimeout(timer);
+            resolvePromise({
+                ok: false,
+                exitCode: null,
+                stdout: redact(stdout),
+                stderr: redact(err.message.includes("ENOENT") ? cliInstallHint() : err.message),
+            });
+        });
+        child.on("close", (code) => {
+            clearTimeout(timer);
+            const parsed = parseCliKvOutput(stdout);
+            const sha256 = extractSha256(stdout);
+            resolvePromise({
+                ok: code === 0,
+                exitCode: code,
+                stdout: redact(stdout),
+                stderr: redact(stderr),
+                parsed,
+                sha256,
+            });
+        });
+    });
+}
+/**
+ * Temporal Encryption Orchestrator.
+ * Spawns a highly volatile, ephemeral temporal directory in the host OS to securely store
+ * the intermediate `ciphertext.bin`. Executes the Rust lattice encryption, extracts the
+ * final `SHA-256` commitment hash, and immolates the temporal directory to guarantee
+ * zero plaintext leakage.
+ * @param value The strictly validated unsigned 32-bit integer to encrypt.
+ * @returns The resulting cryptographic hash and Solana commitment URI.
+ */
+export async function encryptValueViaCli(value) {
+    assertUint32(value);
+    const dir = await mkdtemp(join(tmpdir(), "fhestate-mcp-"));
+    const outFile = join(dir, "ciphertext.bin");
+    try {
+        const result = await runFheCli("encrypt", ["--value", String(value), "--out", outFile]);
+        if (!result.ok || !result.sha256) {
+            return {
+                ok: false,
+                stdout: result.stdout,
+                stderr: result.stderr,
+                error: result.stderr || cliInstallHint(),
+            };
+        }
+        const uri = result.parsed?.["cache uri"];
+        return {
+            ok: true,
+            sha256: result.sha256,
+            commitmentUri: uri ? `local://${result.sha256}` : `local://${result.sha256}`,
+            stdout: result.stdout,
+            stderr: result.stderr,
+        };
+    }
+    finally {
+        await rm(dir, { recursive: true, force: true });
+    }
+}
+//# sourceMappingURL=cli-bridge.js.map

package/dist/cli-bridge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-bridge.js","sourceRoot":"","sources":["../src/cli-bridge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC;IAEtB,QAAQ;IACR,QAAQ;IACR,aAAa;IACb,OAAO;IACP,QAAQ;IACR,cAAc;IACd,aAAa;IACb,YAAY;IACZ,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,SAAS;IACT,SAAS;IACT,OAAO;IACP,OAAO;IACP,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,MAAM,CAAC;AAC1B,MAAM,UAAU,GAAG,GAAG,GAAG,IAAI,CAAC;AAC9B,MAAM,YAAY,GAAG,EAAE,CAAC;AACxB,MAAM,WAAW,GAAG,IAAI,CAAC;AACzB,MAAM,UAAU,GAAG,UAAU,CAAC;AAE9B;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,UAAU,EAAE,CAAC;QAChE,MAAM,IAAI,UAAU,CAAC,wDAAwD,CAAC,CAAC;IACjF,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAC7B,UAAkB,EAClB,IAAc;IAEd,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;IACtD,IAAI,IAAI,CAAC,MAAM,GAAG,YAAY,EAAE,CAAC;QAC/B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,YAAY,GAAG,EAAE,CAAC;IAC9E,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,CAAC,MAAM,GAAG,WAAW;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;QACnF,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;QAC9E,IAAI,GAAG,KAAK,SAAS,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACvE,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,mEAAmE;aAC3E,CAAC;QACJ,CAAC;QACD,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+CAA+C,EAAE,CAAC;QAC/E,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAWD,MAAM,UAAU,UAAU;IACxB,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,SAAS,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,CACL,+EAA+E;QAC/E,2DAA2D,CAC5D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAChD,IAAI,CAAC;YAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC;IAC3D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAc;IAC1C,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrD,IAAI,MAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC,WAAW,EAAE,CAAC;IAC1E,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACrD,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;AAC/B,CAAC;AAED,SAAS,UAAU,CAAC,UAAkB,EAAE,IAAc;IACpD,MAAM,IAAI,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACtC,IAAI,IAAI,KAAK,aAAa;QAAE,OAAO,CAAC,aAAa,EAAE,GAAG,IAAI,CAAC,CAAC;IAC5D,IAAI,IAAI,KAAK,cAAc;QAAE,OAAO,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC,CAAC;IAC9D,IAAI,IAAI,KAAK,aAAa;QAAE,OAAO,CAAC,aAAa,EAAE,GAAG,IAAI,CAAC,CAAC;IAC5D,IAAI,IAAI,KAAK,YAAY;QAAE,OAAO,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1D,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM;QAAE,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACrE,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM;QAAE,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACvF,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,KAAK;QAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACvF,IAAI,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS;QAAE,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3F,OAAO,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;AACzB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,UAAkB,EAClB,OAAiB,EAAE;IAEnB,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;IACtD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,QAAQ,EAAE,CAAC;YACX,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,2BAA2B,UAAU,cAAc,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SACrF,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY;QAAE,GAAG,CAAC,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IAC1E,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAAE,GAAG,CAAC,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAClG,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAAE,GAAG,CAAC,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IAE/F,OAAO,IAAI,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;QACpC,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,0DAA0D;QAC1D,gFAAgF;QAChF,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACzE,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtB,MAAM,IAAI,uBAAuB,CAAC;QACpC,CAAC,EAAE,UAAU,CAAC,CAAC;QAEf,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,IAAI,MAAM,CAAC,MAAM,GAAG,UAAU;gBAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,eAAe,CAAC;QACzF,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,IAAI,MAAM,CAAC,MAAM,GAAG,UAAU;gBAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,eAAe,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,cAAc,CAAC;gBACb,EAAE,EAAE,KAAK;gBACT,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC;gBACtB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC;aAChF,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YACrC,cAAc,CAAC;gBACb,EAAE,EAAE,IAAI,KAAK,CAAC;gBACd,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC;gBACtB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC;gBACtB,MAAM;gBACN,MAAM;aACP,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAAa;IAQpD,YAAY,CAAC,KAAK,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,eAAe,CAAC,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACxF,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACjC,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,KAAK,EAAE,MAAM,CAAC,MAAM,IAAI,cAAc,EAAE;aACzC,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,CAAC;QACzC,OAAO;YACL,EAAE,EAAE,IAAI;YACR,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,aAAa,EAAE,GAAG,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,WAAW,MAAM,CAAC,MAAM,EAAE;YAC5E,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;AACH,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,13 @@
+export declare function getPackageRoot(): string;
+export declare function getRpcUrl(): string;
+export declare function getWalletPath(): string | undefined;
+export declare function isReadOnly(): boolean;
+export declare function getAgentsJsonPath(): string;
+export declare function getMcpConfigState(): {
+    FHESTATE_CLI_PATH: string;
+    FHESTATE_WALLET_PATH: string;
+    FHESTATE_MCP_READ_ONLY: string;
+    FHESTATE_RPC: string;
+    AGENTS_REGISTRY_PATH: string;
+};
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAYA,wBAAgB,cAAc,IAAI,MAAM,CAEvC;AAED,wBAAgB,SAAS,IAAI,MAAM,CAElC;AAED,wBAAgB,aAAa,IAAI,MAAM,GAAG,SAAS,CAElD;AAED,wBAAgB,UAAU,IAAI,OAAO,CAEpC;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAI1C;AAED,wBAAgB,iBAAiB;;;;;;EAQhC"}

package/dist/config.js

@@ -0,0 +1,37 @@
+/**
+ * Environment Configuration Manager.
+ * Handles strict resolution of environmental variables required for the MCP Server.
+ * Enforces the isolation between local file systems, Solana RPC nodes, and
+ * read-only operation modes.
+ */
+import { existsSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+const packageRoot = join(dirname(fileURLToPath(import.meta.url)), "..");
+export function getPackageRoot() {
+    return packageRoot;
+}
+export function getRpcUrl() {
+    return process.env.FHESTATE_RPC ?? "https://api.devnet.solana.com";
+}
+export function getWalletPath() {
+    return process.env.FHESTATE_WALLET_PATH;
+}
+export function isReadOnly() {
+    return process.env.FHESTATE_MCP_READ_ONLY === "1";
+}
+export function getAgentsJsonPath() {
+    const distPath = join(packageRoot, "dist", "data", "agents.json");
+    const dataPath = join(packageRoot, "data", "agents.json");
+    return existsSync(distPath) ? distPath : dataPath;
+}
+export function getMcpConfigState() {
+    return {
+        FHESTATE_CLI_PATH: process.env.FHESTATE_CLI_PATH ? "[CONFIGURED]" : "[MISSING]",
+        FHESTATE_WALLET_PATH: process.env.FHESTATE_WALLET_PATH ? "[CONFIGURED]" : "[MISSING]",
+        FHESTATE_MCP_READ_ONLY: isReadOnly() ? "ENABLED" : "DISABLED",
+        FHESTATE_RPC: getRpcUrl(),
+        AGENTS_REGISTRY_PATH: getAgentsJsonPath()
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAW,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;AAExE,MAAM,UAAU,cAAc;IAC5B,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,SAAS;IACvB,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,+BAA+B,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,GAAG,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;IAClE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;IAC1D,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO;QACL,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,WAAW;QAC/E,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,WAAW;QACrF,sBAAsB,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU;QAC7D,YAAY,EAAE,SAAS,EAAE;QACzB,oBAAoB,EAAE,iBAAiB,EAAE;KAC1C,CAAC;AACJ,CAAC"}

package/dist/content/overview.d.ts

@@ -0,0 +1,3 @@
+export declare const EXECUTION_PROTOCOL_SCRIPT = "Execution Protocol \u2014 Sentinel Secret Vote (MCP Lifecycle):\n\n1. INITIALIZE IPC BRIDGE: Ensure the Rust Coprocessor is compiled and accessible via FHESTATE_CLI_PATH.\n2. AUTHENTICATE COPROCESSOR: Invoke `devnet_wallet_status` to verify Solana Devnet RPC and keypair linkage.\n3. INJECT PAYLOAD: Dispatch primitive value (e.g., 1) to `agent_run_blind_step` with agentId: \"sentinel\", missionId: \"vote\".\n4. HOMOMORPHIC EVALUATION: Coprocessor executes TFHE-rs lattice encryption. Plaintext is immediately destroyed from host memory.\n5. BLIND STATE COMMIT: The resulting SHA-256 hash commitment is pushed to the local Zero-Knowledge Hash Chain.\n6. PUBLIC SETTLEMENT: Invoke `devnet_submit_memo` to permanently anchor the ciphertext hash to the Solana ledger.\n7. VERIFICATION: Retrieve the Solscan signature via `devnet_history` and verify that the blockchain payload strictly contains the `local://<hash>` URI.\n\nRouting Directive: Once anchored, the Sentinel's state commitment can be independently evaluated by the Auditor Agent.";
+export declare const LIVE_PROOF_CHECKLIST = "Architectural Proof Checklist:\n\nPre-Flight Verification:\n- Devnet RPC Endpoint is responding.\n- Host machine has a funded, isolated Devnet wallet.\n- fhe-cli Coprocessor is compiled via --release for maximum polynomial multiplication efficiency.\n\nLifecycle Verification:\n1. Sentinel Agent executes Secret Vote payload.\n2. Verify local lattice ciphertext generation completes without memory exhaustion.\n3. Validate Proof state \u2014 verify hash-chain generation without revealing plaintext.\n4. Solscan Verification \u2014 confirm transaction memo contains strictly local:// hash commitments.\n5. Blind Step Memory Verification \u2014 confirm slot assignment strictly matches execution sequence.\n\nArchitectural Guarantees:\n- Execution is strictly bounded to the Solana Devnet.\n- Security relies on deterministic TFHE-rs Coprocessor Hash Commitments.\n- AI Agents operate exclusively as permissionless logic routers bounded by strict Zod schemas.";
+//# sourceMappingURL=overview.d.ts.map

package/dist/content/overview.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"overview.d.ts","sourceRoot":"","sources":["../../src/content/overview.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,yBAAyB,shCAUiF,CAAC;AAExH,eAAO,MAAM,oBAAoB,m8BAiB8D,CAAC"}

package/dist/content/overview.js

@@ -0,0 +1,30 @@
+export const EXECUTION_PROTOCOL_SCRIPT = `Execution Protocol — Sentinel Secret Vote (MCP Lifecycle):
+
+1. INITIALIZE IPC BRIDGE: Ensure the Rust Coprocessor is compiled and accessible via FHESTATE_CLI_PATH.
+2. AUTHENTICATE COPROCESSOR: Invoke \`devnet_wallet_status\` to verify Solana Devnet RPC and keypair linkage.
+3. INJECT PAYLOAD: Dispatch primitive value (e.g., 1) to \`agent_run_blind_step\` with agentId: "sentinel", missionId: "vote".
+4. HOMOMORPHIC EVALUATION: Coprocessor executes TFHE-rs lattice encryption. Plaintext is immediately destroyed from host memory.
+5. BLIND STATE COMMIT: The resulting SHA-256 hash commitment is pushed to the local Zero-Knowledge Hash Chain.
+6. PUBLIC SETTLEMENT: Invoke \`devnet_submit_memo\` to permanently anchor the ciphertext hash to the Solana ledger.
+7. VERIFICATION: Retrieve the Solscan signature via \`devnet_history\` and verify that the blockchain payload strictly contains the \`local://<hash>\` URI.
+
+Routing Directive: Once anchored, the Sentinel's state commitment can be independently evaluated by the Auditor Agent.`;
+export const LIVE_PROOF_CHECKLIST = `Architectural Proof Checklist:
+
+Pre-Flight Verification:
+- Devnet RPC Endpoint is responding.
+- Host machine has a funded, isolated Devnet wallet.
+- fhe-cli Coprocessor is compiled via --release for maximum polynomial multiplication efficiency.
+
+Lifecycle Verification:
+1. Sentinel Agent executes Secret Vote payload.
+2. Verify local lattice ciphertext generation completes without memory exhaustion.
+3. Validate Proof state — verify hash-chain generation without revealing plaintext.
+4. Solscan Verification — confirm transaction memo contains strictly local:// hash commitments.
+5. Blind Step Memory Verification — confirm slot assignment strictly matches execution sequence.
+
+Architectural Guarantees:
+- Execution is strictly bounded to the Solana Devnet.
+- Security relies on deterministic TFHE-rs Coprocessor Hash Commitments.
+- AI Agents operate exclusively as permissionless logic routers bounded by strict Zod schemas.`;
+//# sourceMappingURL=overview.js.map

package/dist/content/overview.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"overview.js","sourceRoot":"","sources":["../../src/content/overview.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,yBAAyB,GAAG;;;;;;;;;;uHAU8E,CAAC;AAExH,MAAM,CAAC,MAAM,oBAAoB,GAAG;;;;;;;;;;;;;;;;;+FAiB2D,CAAC"}

package/dist/content/tweets.d.ts

@@ -0,0 +1,3 @@
+export type TweetKind = "phase3" | "phase4" | "mission";
+export declare function draftTweet(kind: TweetKind, mission?: string): string;
+//# sourceMappingURL=tweets.d.ts.map

package/dist/content/tweets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tweets.d.ts","sourceRoot":"","sources":["../../src/content/tweets.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;AAExD,wBAAgB,UAAU,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CA+BpE"}

package/dist/content/tweets.js

@@ -0,0 +1,23 @@
+export function draftTweet(kind, mission) {
+    if (kind === "phase3") {
+        return ("Phase 3 shipped on FHESTATE: fhestate-sdk on npm — real TFHE in the browser, " +
+            "Solana devnet commits, confidential agent runtime for builders. " +
+            "https://www.npmjs.com/package/fhestate-sdk");
+    }
+    if (kind === "phase4") {
+        return ("Phase 4 is live: confidential agents on Solana devnet — encrypt in your browser, " +
+            "blind step, proof on Solscan. Not a mock. https://app.fhestate.org");
+    }
+    const m = (mission ?? "vote").toLowerCase();
+    if (m.includes("vote")) {
+        return ("Ran Sentinel Secret Vote on @FHESTATE — YES stays encrypted, Solscan shows the hash not my ballot. " +
+            "Try it: https://app.fhestate.org");
+    }
+    if (m.includes("signal")) {
+        return ("Encrypted market signal on Solana devnet with FHESTATE Sentinel — proof on chain, level stays private. " +
+            "https://app.fhestate.org");
+    }
+    return ("FHESTATE confidential agents on Solana devnet — FHE in the browser, blind steps, verifiable hashes. " +
+        "https://app.fhestate.org");
+}
+//# sourceMappingURL=tweets.js.map

package/dist/content/tweets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tweets.js","sourceRoot":"","sources":["../../src/content/tweets.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,UAAU,CAAC,IAAe,EAAE,OAAgB;IAC1D,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,OAAO,CACL,+EAA+E;YAC/E,kEAAkE;YAClE,4CAA4C,CAC7C,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,OAAO,CACL,mFAAmF;YACnF,oEAAoE,CACrE,CAAC;IACJ,CAAC;IACD,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACvB,OAAO,CACL,qGAAqG;YACrG,kCAAkC,CACnC,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,OAAO,CACL,yGAAyG;YACzG,0BAA0B,CAC3B,CAAC;IACJ,CAAC;IACD,OAAO,CACL,sGAAsG;QACtG,0BAA0B,CAC3B,CAAC;AACJ,CAAC"}