@muhaven/mcp 0.1.2 → 0.1.4

package/dist/index.d.ts

@@ -9,11 +9,14 @@ import { z } from 'zod';
  * (Windows). Each request is a single JSON object; each response is a
  * single JSON object. No request pipelining, no streaming.
  *
- * **Protocol version 0.2.0** — bumped from 0.1.0 in Wave 4 P3 ADR-3
- * to add the `store_jwt` / `get_jwt` / `clear_jwt` triple. The broker
- * is now the single keeper of the device-flow JWT (per ADR-3 D1
- * "polling, not loopback callback") in addition to the session-key
- * private half.
+ * **Protocol version 0.3.0** — additive bump from 0.2.0 in @muhaven/mcp@0.1.3
+ * to add `hello.hasSessionKey` + `hello.effectiveConfig` (so a daemon
+ * booted without `MUHAVEN_BROKER_SESSION_KEY` can serve read paths AND
+ * surface its effective backend/dashboard URLs to `muhaven-broker login
+ * --from-daemon`). The 0.2.0 bump from 0.1.0 (Wave 4 P3 ADR-3) added the
+ * `store_jwt` / `get_jwt` / `clear_jwt` triple — the broker is the single
+ * keeper of the device-flow JWT (per ADR-3 D1 "polling, not loopback
+ * callback") in addition to the session-key private half.
  *
  * Threat-model invariants:
  *  - The broker NEVER reaches out to the network. It only:
@@ -26,7 +29,7 @@ import { z } from 'zod';
  *  - Requests are size-capped (`maxRequestBytes`) — a malformed peer
  *    cannot exhaust broker memory by sending an unbounded JSON blob.
  */
-declare const BROKER_PROTOCOL_VERSION = "0.2.0";
+declare const BROKER_PROTOCOL_VERSION = "0.3.0";
 interface BrokerHelloRequest {
     readonly type: 'hello';
 }
@@ -57,10 +60,40 @@ interface BrokerClearJwtRequest {
 interface BrokerHelloResponse {
     readonly type: 'hello';
     readonly version: string;
-    /** 0x-prefixed checksummed address derived from the session key. */
+    /**
+     * 0x-prefixed checksummed address derived from the session key. When
+     * the daemon was booted without `MUHAVEN_BROKER_SESSION_KEY` (read-only
+     * posture; see `hasSessionKey`), this is the zero address.
+     *
+     * **DO NOT** use address-equality (`sessionKeyAddress !== ZERO_ADDRESS`)
+     * as a proxy for "session key is loaded" — that's a soft signal that
+     * future changes (e.g. allowing custom EOA-bound dev posture) could
+     * break silently. The authoritative aliveness check is `hasSessionKey`.
+     */
     readonly sessionKeyAddress: `0x${string}`;
     /** Whether a JWT is currently in the keystore. Useful for `doctor`. */
     readonly hasJwt: boolean;
+    /**
+     * Whether a session-key private half is loaded into the daemon. False
+     * when the daemon was booted without `MUHAVEN_BROKER_SESSION_KEY` — in
+     * that posture read tools still work (the broker serves JWT verbs), but
+     * any `sign_hash` request returns `session_key_unavailable`. Field added
+     * in protocol 0.3.0; absence implies `true` for back-compat with
+     * 0.2.0 daemons.
+     */
+    readonly hasSessionKey?: boolean;
+    /**
+     * Effective backend + dashboard URLs the daemon resolved from its own
+     * process env at boot. Surfaced so `muhaven-broker login --from-daemon`
+     * can stay in lockstep with the daemon's view rather than re-reading
+     * the CLI's env (which may diverge — e.g. login invoked over ssh inherits
+     * a different shell env than the systemd-launched daemon). Field added
+     * in protocol 0.3.0; absent on older daemons.
+     */
+    readonly effectiveConfig?: {
+        readonly backendBaseUrl: string;
+        readonly dashboardBaseUrl: string;
+    };
 }
 interface BrokerSignHashResponse {
     readonly type: 'sign_hash';
@@ -87,7 +120,7 @@ interface BrokerErrorResponse {
     readonly code: BrokerErrorCode;
     readonly message: string;
 }
-type BrokerErrorCode = 'invalid_request' | 'payload_too_large' | 'unsupported_type' | 'internal' | 'forbidden' | 'keystore_unavailable';
+type BrokerErrorCode = 'invalid_request' | 'payload_too_large' | 'unsupported_type' | 'internal' | 'forbidden' | 'keystore_unavailable' | 'session_key_unavailable';
 type BrokerRequest = BrokerHelloRequest | BrokerSignHashRequest | BrokerStoreJwtRequest | BrokerGetJwtRequest | BrokerClearJwtRequest;
 type BrokerResponse = BrokerHelloResponse | BrokerSignHashResponse | BrokerStoreJwtResponse | BrokerGetJwtResponse | BrokerClearJwtResponse | BrokerErrorResponse;
 /**
@@ -316,6 +349,27 @@ interface AuthRequiredPayload {
     readonly message: string;
     readonly loginCommand: string;
 }
+/**
+ * Sibling to `AUTH_REQUIRED` — used when the broker daemon is reachable
+ * but boots in read-only posture (no `MUHAVEN_BROKER_SESSION_KEY` at
+ * startup). The remediation is NOT `muhaven-broker login` — that mints
+ * a JWT, which is different from minting a session key. The session key
+ * comes from the dashboard's `/agent/policy/transition` ceremony (see
+ * Q1 in the post-§4 queue).
+ *
+ * Surfacing this as a distinct code lets the host LLM disambiguate:
+ *  - `AUTH_REQUIRED` → run a CLI command (deterministic, one-step).
+ *  - `SESSION_KEY_REQUIRED` → open a URL and complete a passkey ceremony
+ *    (operator-mediated, multi-step). The LLM should NOT auto-suggest
+ *    `muhaven-broker login` for this case — that would loop the user
+ *    indefinitely without minting a key.
+ */
+interface SessionKeyRequiredPayload {
+    readonly ok: false;
+    readonly code: 'SESSION_KEY_REQUIRED';
+    readonly message: string;
+    readonly mintUrl: string;
+}
 
 /**
  * Tool handlers — pure functions of `(input, deps)` returning a structured
@@ -343,6 +397,13 @@ interface ToolDeps {
     /** Surface this MCP server is configured for. Always 'mcp' here, but
      *  carried as a dep so the audit tool can filter to the local surface. */
     surface: 'mcp';
+    /**
+     * Dashboard base URL — used to build the mint-URL surfaced in the
+     * `SESSION_KEY_REQUIRED` payload when the broker is in read-only
+     * posture. Optional for back-compat; the payload falls back to the
+     * production default when absent.
+     */
+    dashboardBaseUrl?: string;
 }
 type ToolResult<T> = {
     ok: true;
@@ -351,7 +412,7 @@ type ToolResult<T> = {
     ok: false;
     code: string;
     message: string;
-} | AuthRequiredPayload;
+} | AuthRequiredPayload | SessionKeyRequiredPayload;
 
 /**
  * Static registry binding each tool descriptor to its zod schema and
@@ -393,10 +454,17 @@ declare function selectRegistry(readOnly: boolean): readonly ToolEntry[];
  *    instructs the user to run `muhaven-broker login`.
  */
 
+declare const SERVER_VERSION: string;
 interface BuildServerOptions {
     registry: readonly ToolEntry[];
     backend: BackendClient;
     broker: BrokerClient | undefined;
+    /**
+     * Threaded into `ToolDeps` so the `SESSION_KEY_REQUIRED` payload's
+     * `mintUrl` points at the operator's actual dashboard, not a hardcoded
+     * production URL.
+     */
+    dashboardBaseUrl?: string;
 }
 declare function buildMcpServer(opts: BuildServerOptions): Server;
 /**
@@ -456,12 +524,26 @@ interface McpRuntimeConfig {
 interface BrokerRuntimeConfig {
     /** Endpoint to bind: socket path on POSIX, named pipe name on Windows. */
     endpoint: string;
-    /** 0x-prefixed 32-byte private key. Sensitive — keychain-backed. */
-    sessionKeyHex: `0x${string}`;
+    /**
+     * 0x-prefixed 32-byte private key, OR undefined for read-only posture.
+     * When undefined, the daemon still serves `hello` + the JWT verbs
+     * (so MCP read tools work), but any `sign_hash` request returns
+     * `session_key_unavailable`. Sensitive when present — keychain-backed.
+     */
+    sessionKeyHex: `0x${string}` | undefined;
     /** Maximum payload bytes accepted from the IPC peer. */
     maxRequestBytes: number;
     /** Per-request hard timeout (ms). */
     requestTimeoutMs: number;
+    /**
+     * Effective backend URL the daemon read from its own env at boot. Used
+     * to populate `hello.effectiveConfig` so a `muhaven-broker login
+     * --from-daemon` call uses the same URL as the daemon, even when the
+     * login CLI was launched from a different shell env.
+     */
+    backendBaseUrl: string;
+    /** Effective dashboard URL paired with backendBaseUrl. */
+    dashboardBaseUrl: string;
 }
 /**
  * Compute the default IPC endpoint for the broker. POSIX: a socket file
@@ -587,6 +669,29 @@ interface ISigner {
     readonly address: `0x${string}`;
     signHash(hash: `0x${string}`): Promise<`0x${string}`>;
 }
+/**
+ * Sentinel signer for the read-only daemon posture (no
+ * `MUHAVEN_BROKER_SESSION_KEY` at boot). `address` returns the zero
+ * address; `signHash` throws `MissingSessionKeyError`, which the daemon
+ * maps to a structured `session_key_unavailable` broker error response.
+ *
+ * Closes §3e⁶ F-broker-session-key-required-for-reads — the daemon can
+ * serve `hello` + JWT verbs for read paths without an on-chain signer.
+ */
+declare class MissingSessionKeyError extends Error {
+    constructor();
+}
+declare const ZERO_ADDRESS: "0x0000000000000000000000000000000000000000";
+declare class NullSigner implements ISigner {
+    readonly address: "0x0000000000000000000000000000000000000000";
+    signHash(_hash: `0x${string}`): Promise<`0x${string}`>;
+}
+declare class ViemSigner implements ISigner {
+    private readonly account;
+    constructor(privateKey: `0x${string}`);
+    get address(): `0x${string}`;
+    signHash(hash: `0x${string}`): Promise<`0x${string}`>;
+}
 
 /**
  * Cross-platform JWT keystore for the broker daemon.
@@ -681,13 +786,38 @@ interface BrokerLogEvent {
  * keystore, returns the response object. Easy to unit-test without
  * spawning a socket.
  */
-declare function handleBrokerRequest(req: BrokerRequest, signer: ISigner, keystore: IKeystore, nowSec?: () => number): Promise<BrokerResponse>;
+interface HandleBrokerRequestOptions {
+    /**
+     * Whether the daemon was booted with a session-key private half. Drives
+     * the `hello.hasSessionKey` field + the `session_key_unavailable` error
+     * mapping. Defaults to `true` when omitted (current-runtime back-compat
+     * — older callers that don't know about the read-only posture still
+     * get the pre-0.3.0 behaviour).
+     */
+    hasSessionKey?: boolean;
+    /**
+     * Effective backend + dashboard URLs the daemon resolved from its env
+     * at boot. Surfaced via `hello.effectiveConfig` so the `--from-daemon`
+     * login path can use the daemon's view of these URLs (not the CLI's).
+     */
+    effectiveConfig?: {
+        readonly backendBaseUrl: string;
+        readonly dashboardBaseUrl: string;
+    };
+}
+declare function handleBrokerRequest(req: BrokerRequest, signer: ISigner, keystore: IKeystore, nowSec?: () => number, options?: HandleBrokerRequestOptions): Promise<BrokerResponse>;
 declare class BrokerDaemon {
     private readonly server;
     private readonly signer;
     private readonly log;
     private readonly config;
     private keystore;
+    /**
+     * Whether a session-key private half is actually loaded. `false` =
+     * daemon booted in read-only posture (no `MUHAVEN_BROKER_SESSION_KEY`
+     * at env-load time) and uses a `NullSigner` whose `signHash` throws.
+     */
+    private readonly hasSessionKey;
     constructor(options: BrokerDaemonOptions);
     start(): Promise<string>;
     stop(): Promise<void>;
@@ -695,4 +825,4 @@ declare class BrokerDaemon {
     private runAndRespond;
 }
 
-export { BROKER_PROTOCOL_VERSION, BackendClient, BackendError, type BackendErrorCode, BrokerClient, BrokerClientError, type BrokerClientErrorCode, BrokerDaemon, type BrokerDaemonOptions, type BrokerRequest, type BrokerResponse, type BrokerRuntimeConfig, DeviceFlowAbortedError, DeviceFlowClient, type DeviceFlowEvent, type IKeystore, JwtSource, type KeystoreBackend, KeystoreError, type McpRuntimeConfig, NoJwtAvailableError, type RunMcpStdioCliOptions, TOOL_DESCRIPTORS, type ToolDescriptor, type ToolEntry, type ToolHashEntry, buildMcpServer, buildToolHashTable, defaultBrokerEndpoint, fullToolRegistry, handleBrokerRequest, hashToolDescriptor, loadBrokerConfig, loadMcpConfig, openKeystore, parseBrokerRequest, registryForReadOnly, runMcpStdioCli, selectRegistry, serializeResponse, verifyDescriptorAgainstPin };
+export { BROKER_PROTOCOL_VERSION, BackendClient, BackendError, type BackendErrorCode, BrokerClient, BrokerClientError, type BrokerClientErrorCode, BrokerDaemon, type BrokerDaemonOptions, type BrokerRequest, type BrokerResponse, type BrokerRuntimeConfig, DeviceFlowAbortedError, DeviceFlowClient, type DeviceFlowEvent, type HandleBrokerRequestOptions, type IKeystore, type ISigner, JwtSource, type KeystoreBackend, KeystoreError, type McpRuntimeConfig, MissingSessionKeyError, NoJwtAvailableError, NullSigner, type RunMcpStdioCliOptions, SERVER_VERSION, TOOL_DESCRIPTORS, type ToolDescriptor, type ToolEntry, type ToolHashEntry, ViemSigner, ZERO_ADDRESS, buildMcpServer, buildToolHashTable, defaultBrokerEndpoint, fullToolRegistry, handleBrokerRequest, hashToolDescriptor, loadBrokerConfig, loadMcpConfig, openKeystore, parseBrokerRequest, registryForReadOnly, runMcpStdioCli, selectRegistry, serializeResponse, verifyDescriptorAgainstPin };

package/dist/index.js

@@ -1,4 +1,5 @@
 import { unlink, readFile, mkdir, chmod, writeFile, stat } from 'fs/promises';
+import 'fs';
 import { join, dirname } from 'path';
 import { fileURLToPath } from 'url';
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
@@ -77,23 +78,26 @@ function loadMcpConfig(env = process.env) {
 }
 var PRIVKEY_HEX_RE = /^0x[0-9a-fA-F]{64}$/;
 function loadBrokerConfig(env = process.env) {
-  const sessionKeyHex = env.MUHAVEN_BROKER_SESSION_KEY;
-  if (!sessionKeyHex) {
-    throw new Error(
-      "MUHAVEN_BROKER_SESSION_KEY is required (0x-prefixed 32-byte hex). Mint a session key via the dashboard policy-template install flow."
-    );
-  }
-  if (!PRIVKEY_HEX_RE.test(sessionKeyHex)) {
-    throw new Error("MUHAVEN_BROKER_SESSION_KEY must be a 0x-prefixed 32-byte hex string");
+  const sessionKeyHexRaw = env.MUHAVEN_BROKER_SESSION_KEY;
+  let sessionKeyHex;
+  if (sessionKeyHexRaw && sessionKeyHexRaw.length > 0) {
+    if (!PRIVKEY_HEX_RE.test(sessionKeyHexRaw)) {
+      throw new Error("MUHAVEN_BROKER_SESSION_KEY must be a 0x-prefixed 32-byte hex string");
+    }
+    sessionKeyHex = sessionKeyHexRaw;
   }
   const endpoint = env.MUHAVEN_BROKER_ENDPOINT ?? defaultBrokerEndpoint();
   const maxRequestBytes = readEnvInt("MUHAVEN_BROKER_MAX_BYTES", DEFAULT_BROKER_MAX_BYTES, env);
   const requestTimeoutMs = readEnvInt("MUHAVEN_BROKER_TIMEOUT_MS", DEFAULT_BROKER_TIMEOUT_MS, env);
+  const backendBaseUrl = trimTrailingSlash(env.MUHAVEN_BACKEND_URL ?? DEFAULT_BACKEND_URL);
+  const dashboardBaseUrl = trimTrailingSlash(env.MUHAVEN_DASHBOARD_URL ?? DEFAULT_DASHBOARD_URL);
   return {
     endpoint,
     sessionKeyHex,
     maxRequestBytes,
-    requestTimeoutMs
+    requestTimeoutMs,
+    backendBaseUrl,
+    dashboardBaseUrl
   };
 }
 var BrokerClientError = class extends Error {
@@ -732,6 +736,15 @@ function authRequiredPayload() {
     loginCommand: "muhaven-broker login"
   };
 }
+function sessionKeyRequiredPayload(dashboardBaseUrl = "https://muhaven.app") {
+  const mintUrl = `${trimTrailingSlash(dashboardBaseUrl)}/agent/policy/transition`;
+  return {
+    ok: false,
+    code: "SESSION_KEY_REQUIRED",
+    message: `No session key loaded in broker (read-only posture). Mint one via the dashboard at ${mintUrl}, copy the 0x-prefixed hex into MUHAVEN_BROKER_SESSION_KEY, and restart the daemon. Do NOT run \`muhaven-broker login\` for this \u2014 that mints a JWT, not a session key.`,
+    mintUrl
+  };
+}
 
 // src/tools/handlers.ts
 function ok(data) {
@@ -821,6 +834,7 @@ function sortKeys(value) {
   }
   return value;
 }
+var cachedHasSessionKeyProbe = null;
 async function signEnvelope(intent, toolName, summary, deps) {
   const intentHash = computeIntentHash(intent);
   if (!deps.broker) {
@@ -829,8 +843,29 @@ async function signEnvelope(intent, toolName, summary, deps) {
       "position tools require a running muhaven-broker daemon \u2014 see README \xA7Broker setup"
     );
   }
+  const broker = deps.broker;
+  if (cachedHasSessionKeyProbe === null) {
+    cachedHasSessionKeyProbe = (async () => {
+      try {
+        const hello = await broker.hello();
+        return hello.hasSessionKey ?? true;
+      } catch (err2) {
+        cachedHasSessionKeyProbe = null;
+        throw err2;
+      }
+    })();
+  }
+  let hasSessionKey;
   try {
-    const sig = await deps.broker.signHash(intentHash, { tool: toolName, summary });
+    hasSessionKey = await cachedHasSessionKeyProbe;
+  } catch (e) {
+    return mapBrokerError(e);
+  }
+  if (hasSessionKey === false) {
+    return sessionKeyRequiredPayload(deps.dashboardBaseUrl);
+  }
+  try {
+    const sig = await broker.signHash(intentHash, { tool: toolName, summary });
     return ok({
       intentHash,
       unsignedUserOp: {
@@ -842,6 +877,10 @@ async function signEnvelope(intent, toolName, summary, deps) {
       signerAddress: sig.signerAddress
     });
   } catch (e) {
+    if (e instanceof BrokerClientError && e.code === "broker_error" && /session_key_unavailable/.test(e.message)) {
+      cachedHasSessionKeyProbe = Promise.resolve(false);
+      return sessionKeyRequiredPayload(deps.dashboardBaseUrl);
+    }
     return mapBrokerError(e);
   }
 }
@@ -1164,7 +1203,12 @@ function selectRegistry(readOnly) {
 
 // src/server.ts
 var SERVER_NAME = "@muhaven/mcp";
-var SERVER_VERSION = "0.1.0";
+var SERVER_VERSION = resolveServerVersion();
+function resolveServerVersion() {
+  {
+    return "0.1.4";
+  }
+}
 function toJsonInputSchema(schema) {
   return {
     type: "object",
@@ -1238,7 +1282,8 @@ function buildMcpServer(opts) {
       const result = await entry.handler(parsed, {
         backend: opts.backend,
         broker: opts.broker,
-        surface: "mcp"
+        surface: "mcp",
+        dashboardBaseUrl: opts.dashboardBaseUrl
       });
       return toolJsonResponse(result);
     } catch (err2) {
@@ -1300,7 +1345,8 @@ async function runMcpStdioCli(opts = {}) {
   const server = buildMcpServer({
     registry,
     backend,
-    broker: config.readOnly ? void 0 : broker
+    broker: config.readOnly ? void 0 : broker,
+    dashboardBaseUrl: config.dashboardBaseUrl
   });
   const transport = new StdioServerTransport();
   await server.connect(transport);
@@ -1455,7 +1501,7 @@ async function safeJson(res) {
 }
 
 // src/broker/protocol.ts
-var BROKER_PROTOCOL_VERSION = "0.2.0";
+var BROKER_PROTOCOL_VERSION = "0.3.0";
 var HASH_HEX_RE = /^0x[0-9a-fA-F]{64}$/;
 var JWT_RE = /^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/;
 function isHashHex(value) {
@@ -1541,6 +1587,21 @@ function parseBrokerRequest(line) {
 function serializeResponse(res) {
   return JSON.stringify(res) + "\n";
 }
+var MissingSessionKeyError = class extends Error {
+  constructor() {
+    super(
+      "session_key_unavailable: daemon booted in read-only posture (no MUHAVEN_BROKER_SESSION_KEY at env-load time). Mint a session key via the dashboard /agent/policy/transition flow, set MUHAVEN_BROKER_SESSION_KEY, and restart the daemon. (Note: `muhaven-broker login` mints a JWT, NOT a session key \u2014 do not loop on that command for this error.)"
+    );
+    this.name = "MissingSessionKeyError";
+  }
+};
+var ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
+var NullSigner = class {
+  address = ZERO_ADDRESS;
+  async signHash(_hash) {
+    throw new MissingSessionKeyError();
+  }
+};
 var ViemSigner = class {
   account;
   constructor(privateKey) {
@@ -1712,7 +1773,7 @@ async function openKeystore(options = {}) {
 // src/broker/daemon.ts
 var noopLogger = (_e) => {
 };
-async function handleBrokerRequest(req, signer, keystore, nowSec = () => Math.floor(Date.now() / 1e3)) {
+async function handleBrokerRequest(req, signer, keystore, nowSec = () => Math.floor(Date.now() / 1e3), options = {}) {
   switch (req.type) {
     case "hello": {
       let hasJwt = false;
@@ -1722,16 +1783,26 @@ async function handleBrokerRequest(req, signer, keystore, nowSec = () => Math.fl
       } catch {
         hasJwt = false;
       }
+      const hasSessionKey = options.hasSessionKey ?? true;
       return {
         type: "hello",
         version: BROKER_PROTOCOL_VERSION,
         sessionKeyAddress: signer.address,
-        hasJwt
+        hasJwt,
+        hasSessionKey,
+        ...options.effectiveConfig ? { effectiveConfig: options.effectiveConfig } : {}
       };
     }
     case "sign_hash": {
-      const signature = await signer.signHash(req.hash);
-      return { type: "sign_hash", signature, signerAddress: signer.address };
+      try {
+        const signature = await signer.signHash(req.hash);
+        return { type: "sign_hash", signature, signerAddress: signer.address };
+      } catch (err2) {
+        if (err2 instanceof MissingSessionKeyError) {
+          return errorResponse("session_key_unavailable", err2.message);
+        }
+        throw err2;
+      }
     }
     case "store_jwt": {
       try {
@@ -1803,9 +1874,24 @@ var BrokerDaemon = class {
   log;
   config;
   keystore;
+  /**
+   * Whether a session-key private half is actually loaded. `false` =
+   * daemon booted in read-only posture (no `MUHAVEN_BROKER_SESSION_KEY`
+   * at env-load time) and uses a `NullSigner` whose `signHash` throws.
+   */
+  hasSessionKey;
   constructor(options) {
     this.config = options.config;
-    this.signer = options.signer ?? new ViemSigner(options.config.sessionKeyHex);
+    if (options.signer) {
+      this.signer = options.signer;
+      this.hasSessionKey = true;
+    } else if (options.config.sessionKeyHex) {
+      this.signer = new ViemSigner(options.config.sessionKeyHex);
+      this.hasSessionKey = true;
+    } else {
+      this.signer = new NullSigner();
+      this.hasSessionKey = false;
+    }
     this.keystore = options.keystore ?? null;
     this.log = options.logger ?? noopLogger;
     this.server = createServer((socket) => this.onConnection(socket));
@@ -1843,6 +1929,7 @@ var BrokerDaemon = class {
       meta: {
         endpoint: this.config.endpoint,
         signer: this.signer.address,
+        hasSessionKey: this.hasSessionKey,
         keystore: this.keystore.backend,
         version: BROKER_PROTOCOL_VERSION
       }
@@ -1924,7 +2011,19 @@ var BrokerDaemon = class {
       return;
     }
     try {
-      const res = await handleBrokerRequest(parsed, this.signer, this.keystore);
+      const res = await handleBrokerRequest(
+        parsed,
+        this.signer,
+        this.keystore,
+        void 0,
+        {
+          hasSessionKey: this.hasSessionKey,
+          effectiveConfig: {
+            backendBaseUrl: this.config.backendBaseUrl,
+            dashboardBaseUrl: this.config.dashboardBaseUrl
+          }
+        }
+      );
       socket.end(serializeResponse(res));
     } catch (err2) {
       this.log({
@@ -1939,4 +2038,4 @@ var BrokerDaemon = class {
   }
 };
 
-export { BROKER_PROTOCOL_VERSION, BackendClient, BackendError, BrokerClient, BrokerClientError, BrokerDaemon, DeviceFlowAbortedError, DeviceFlowClient, JwtSource, KeystoreError, NoJwtAvailableError, TOOL_DESCRIPTORS, buildMcpServer, buildToolHashTable, defaultBrokerEndpoint, fullToolRegistry, handleBrokerRequest, hashToolDescriptor, loadBrokerConfig, loadMcpConfig, openKeystore, parseBrokerRequest, registryForReadOnly, runMcpStdioCli, selectRegistry, serializeResponse, verifyDescriptorAgainstPin };
+export { BROKER_PROTOCOL_VERSION, BackendClient, BackendError, BrokerClient, BrokerClientError, BrokerDaemon, DeviceFlowAbortedError, DeviceFlowClient, JwtSource, KeystoreError, MissingSessionKeyError, NoJwtAvailableError, NullSigner, SERVER_VERSION, TOOL_DESCRIPTORS, ViemSigner, ZERO_ADDRESS, buildMcpServer, buildToolHashTable, defaultBrokerEndpoint, fullToolRegistry, handleBrokerRequest, hashToolDescriptor, loadBrokerConfig, loadMcpConfig, openKeystore, parseBrokerRequest, registryForReadOnly, runMcpStdioCli, selectRegistry, serializeResponse, verifyDescriptorAgainstPin };

package/manifest.json

@@ -3,7 +3,7 @@
   "manifest_version": "0.2",
   "name": "muhaven-mcp",
   "display_name": "MuHaven (RWA portfolio)",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "Confidential RWA portfolio management on Fhenix CoFHE. Read your encrypted balances, propose yield claims and policy changes — all signing happens in a sibling broker daemon, the LLM never sees your private key.",
   "long_description": "MuHaven MCP exposes 22 tools across read.* / position.* / policy.* / issuer.* / governance.* groups for managing real-world asset (RWA) tokens with FHE-encrypted balances. Authentication uses a one-time device-code ceremony (run `muhaven-broker login`); subsequent tool calls fetch the JWT from the broker over a Unix socket. Position / governance tools return unsigned UserOps + broker signatures — they NEVER auto-submit to a bundler. The companion `muhaven-broker` daemon must be running before tools can be invoked. See README for setup.",
   "author": {
@@ -94,5 +94,5 @@
       "sensitive": false
     }
   ],
-  "$comment_setup": "First-run instructions: (1) install this package via your MCPB host (Claude Desktop / Cursor / Claude Code). (2) Start the broker daemon: `muhaven-broker` (running in the background; see README for systemd / launchd / Windows-Service recipes). (3) Authenticate: `muhaven-broker login` — opens browser to https://muhaven.app/link?code=XXXX-XXXX, complete passkey ceremony. (4) Use any tool in this MCP package."
+  "$comment_setup": "First-run instructions: (1) install this package via your MCPB host (Claude Desktop / Cursor / Claude Code) or globally via `npm install -g @muhaven/mcp`. (2) Run `muhaven-broker setup` — one-shot: applies env defaults, mints an ephemeral session key, spawns the broker daemon detached, then walks you through the passkey-bound device-code login (opens browser to https://muhaven.app/link?code=XXXX-XXXX). The daemon stays running after `setup` returns. Use `muhaven-broker setup --foreground` if systemd / launchd / a Windows service will own the daemon's lifecycle instead. (3) Use any tool in this MCP package."
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@muhaven/mcp",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "MuHaven MCP server — read/position/policy toolsets bridging Claude Desktop / Cursor / Claude Code to the MuHaven backend, with a sibling muhaven-broker daemon holding the session-key private half over a local IPC socket",
   "type": "module",
   "repository": {