@muhaven/mcp 0.1.7 → 0.2.1

package/dist/index.cjs

@@ -11,7 +11,6 @@ var zod = require('zod');
 var os = require('os');
 var net = require('net');
 var crypto = require('crypto');
-require('viem');
 var accounts = require('viem/accounts');
 
 // ../../node_modules/.pnpm/tsup@8.5.1_postcss@8.5.14_tsx@4.21.0_typescript@5.9.3/node_modules/tsup/assets/cjs_shims.js
@@ -61,9 +60,38 @@ function deriveAllowedHosts(baseUrl) {
 function trimTrailingSlash(s) {
   return s.endsWith("/") ? s.slice(0, -1) : s;
 }
+function validatePublicUrlEnv(name, value) {
+  let parsed;
+  try {
+    parsed = new URL(value);
+  } catch {
+    return `${name} is not a valid URL: ${value}`;
+  }
+  if (parsed.protocol === "https:") return null;
+  if (parsed.protocol === "http:") {
+    const host = parsed.hostname;
+    if (host === "localhost" || host === "127.0.0.1" || host === "[::1]") return null;
+    return `${name} must use https:// (got http:// to ${host} \u2014 refusing to route MCP deep-links over cleartext to a non-loopback host)`;
+  }
+  return `${name} must use https:// (got ${parsed.protocol})`;
+}
+function resolvePublicUrlEnv(name, rawValue, defaultValue) {
+  const value = rawValue ?? defaultValue;
+  const err2 = validatePublicUrlEnv(name, value);
+  if (err2) throw new Error(err2);
+  return trimTrailingSlash(value);
+}
 function loadMcpConfig(env = process.env) {
-  const backendBaseUrl = trimTrailingSlash(env.MUHAVEN_BACKEND_URL ?? DEFAULT_BACKEND_URL);
-  const dashboardBaseUrl = trimTrailingSlash(env.MUHAVEN_DASHBOARD_URL ?? DEFAULT_DASHBOARD_URL);
+  const backendBaseUrl = resolvePublicUrlEnv(
+    "MUHAVEN_BACKEND_URL",
+    env.MUHAVEN_BACKEND_URL,
+    DEFAULT_BACKEND_URL
+  );
+  const dashboardBaseUrl = resolvePublicUrlEnv(
+    "MUHAVEN_DASHBOARD_URL",
+    env.MUHAVEN_DASHBOARD_URL,
+    DEFAULT_DASHBOARD_URL
+  );
   const brokerEndpoint = env.MUHAVEN_BROKER_ENDPOINT ?? defaultBrokerEndpoint();
   const readOnly = readEnvBool("MUHAVEN_READ_ONLY", false, env);
   const requestTimeoutMs = readEnvInt("MUHAVEN_REQUEST_TIMEOUT_MS", DEFAULT_REQUEST_TIMEOUT_MS, env);
@@ -93,8 +121,16 @@ function loadBrokerConfig(env = process.env) {
   const endpoint = env.MUHAVEN_BROKER_ENDPOINT ?? defaultBrokerEndpoint();
   const maxRequestBytes = readEnvInt("MUHAVEN_BROKER_MAX_BYTES", DEFAULT_BROKER_MAX_BYTES, env);
   const requestTimeoutMs = readEnvInt("MUHAVEN_BROKER_TIMEOUT_MS", DEFAULT_BROKER_TIMEOUT_MS, env);
-  const backendBaseUrl = trimTrailingSlash(env.MUHAVEN_BACKEND_URL ?? DEFAULT_BACKEND_URL);
-  const dashboardBaseUrl = trimTrailingSlash(env.MUHAVEN_DASHBOARD_URL ?? DEFAULT_DASHBOARD_URL);
+  const backendBaseUrl = resolvePublicUrlEnv(
+    "MUHAVEN_BACKEND_URL",
+    env.MUHAVEN_BACKEND_URL,
+    DEFAULT_BACKEND_URL
+  );
+  const dashboardBaseUrl = resolvePublicUrlEnv(
+    "MUHAVEN_DASHBOARD_URL",
+    env.MUHAVEN_DASHBOARD_URL,
+    DEFAULT_DASHBOARD_URL
+  );
   return {
     endpoint,
     sessionKeyHex,
@@ -341,6 +377,23 @@ var BackendClient = class {
       false
     );
   }
+  /**
+   * GET variant that sends no Authorization header. Use for backend
+   * endpoints that are intentionally public (e.g. `/api/v1/tokens`
+   * which the marketplace + the 0.2.1 `positionBuy` NAV-conversion
+   * both read). Avoids triggering the AUTH_REQUIRED branch for the
+   * "not yet logged in" case on read paths that don't need auth.
+   */
+  async getUnauth(path, query) {
+    const url = this.buildUrl(path, query);
+    return this.exchange(
+      "GET",
+      url,
+      void 0,
+      /* withAuth */
+      false
+    );
+  }
   buildUrl(path, query) {
     if (!path.startsWith("/")) {
       throw new BackendError("bad_request", `path must start with "/": ${path}`);
@@ -464,16 +517,22 @@ var TOOL_DESCRIPTORS = [
     description: `Return the authenticated user's tiered-autonomy audit log entries. Cursor-paginated. Useful for forensic review ("why was I paused?") and grant-reviewer demos. Read-only \u2014 never exposes other users' data.`,
     sensitive: false
   },
+  {
+    name: "muhaven.read.activity",
+    group: "read",
+    description: "Return the authenticated investor's on-chain activity feed (buys / sells / wraps / unwraps / yield claims / transfers). Each row carries token address, tx hash, block timestamp, and event type \u2014 but NEVER cleartext amounts (encrypted handles only, decryptable client-side via permit). USE THIS to verify a Path C dashboard action settled: after position.buy / position.sell / cash.wrap, the user opens the deep-link, taps Authorize, the on-chain tx lands \u2192 a new row appears here. Far more reliable than re-calling read.portfolio (which only changes shape when a NEW token enters the catalog).",
+    sensitive: false
+  },
   {
     name: "muhaven.position.buy",
     group: "position",
-    description: `Prepare a Subscription buy. Returns a dashboard deep-link URL (muhaven.app/trade?mode=buy&...) the user opens to review the pre-filled form, then taps Authorize. The user's passkey + ZeroDev kernel sign on the dashboard \u2014 this MCP tool never holds or submits a signing key. Use after the user names a clear amount + token (e.g. "Buy 5 mhUSDC of TBILL1"). Token accepts either a symbol ("TBILL1") or 0x-address. Settlement is NOT observable from MCP \u2014 verify by calling muhaven.read.portfolio after the user confirms done.`,
+    description: 'Prepare a Subscription buy. Returns a dashboard deep-link URL (muhaven.app/trade?mode=buy&...) the user opens to review the pre-filled form, then taps Authorize. The user\'s passkey + ZeroDev kernel sign on the dashboard \u2014 this MCP tool never holds or submits a signing key. Use after the user names a clear amount + token (e.g. "Buy 5 mhUSDC of TBILL1" \u2192 `amountUsdc: "5"`). Token accepts either a symbol ("TBILL1") or 0x-address. The `amountUsdc` field is HUMAN-DECIMAL mhUSDC ("5" = 5 mhUSDC, "0.5" = half a mhUSDC) \u2014 NOT base-6 integer. Max 6 fractional digits. The tool fetches the current on-chain NAV for the token and converts the notional to integer shares (floor) before building the URL \u2014 so "Buy 3 mhUSDC of GOLD1" at NAV $0.01 becomes "Buy 300 GOLD1 shares (~3 mhUSDC)". Refuses with `amount_too_small_for_share` when the notional won\'t buy at least 1 share at current NAV; the error message tells the user the minimum mhUSDC needed. Settlement is NOT observable from MCP \u2014 verify by calling muhaven.read.activity after the user confirms done (a new "buy" row with the tx hash will appear).',
     sensitive: true
   },
   {
     name: "muhaven.position.sell",
     group: "position",
-    description: "Prepare a Subscription sell. Returns a dashboard deep-link URL (muhaven.app/trade?mode=sell&...) with the form pre-filled. Same passkey + verify-after pattern as muhaven.position.buy. Input is amountShares (raw share count), NOT mhUSDC notional.",
+    description: 'Prepare a Subscription sell. Returns a dashboard deep-link URL (muhaven.app/trade?mode=sell&...) with the form pre-filled. Same passkey + verify-after pattern as muhaven.position.buy. Input is amountShares (raw POSITIVE INTEGER share count, NOT mhUSDC notional) \u2014 fhERC-20 shares have no decimals so fractional inputs are rejected. Verify settlement by calling muhaven.read.activity (look for a "sell" or "sell-queued" row with the tx hash).',
     sensitive: true
   },
   {
@@ -492,7 +551,7 @@ var TOOL_DESCRIPTORS = [
   {
     name: "muhaven.cash.wrap",
     group: "cash",
-    description: 'Prepare a USDC \u2192 mhUSDC wrap (the encrypted-balance conversion that funds buys). Returns a dashboard deep-link URL (muhaven.app/cash?action=wrap&...) with the amount pre-filled. Input amountUsdc is human-readable USDC ("100" = $100). Common LLM chain: read.portfolio \u2192 notice 0 mhUSDC \u2192 cash.wrap \u2192 then position.buy (each is its own user-confirmed deep-link). Settlement not observable from MCP \u2014 re-call read.portfolio to verify.',
+    description: 'Prepare a USDC \u2192 mhUSDC wrap (the encrypted-balance conversion that funds buys). Returns a dashboard deep-link URL (muhaven.app/cash?action=wrap&...) with the amount pre-filled. Input amountUsdc is human-readable USDC ("100" = $100). Common LLM chain: read.portfolio \u2192 notice 0 mhUSDC \u2192 cash.wrap \u2192 then position.buy (each is its own user-confirmed deep-link). Verify settlement by calling muhaven.read.activity (a new "wrap" row will appear with the tx hash).',
     sensitive: true
   },
   {
@@ -660,16 +719,34 @@ var ReadAuditInputSchema = zod.z.object({
   cursor: zod.z.string().min(1).max(512).optional(),
   limit: zod.z.number().int().min(1).max(200).optional()
 }).strict();
+var ReadActivityInputSchema = zod.z.object({
+  limit: zod.z.number().int().min(1).max(50).optional(),
+  offset: zod.z.number().int().min(0).max(1e3).optional()
+}).strict();
+var decimalUsdcAmountSchema = zod.z.string().regex(
+  /^(0|[1-9]\d*)(\.\d{1,6})?$/,
+  'must be a positive decimal mhUSDC amount with at most 6 fractional digits (e.g. "5", "0.5", "1234.567")'
+).max(48, "must be at most 48 characters");
 var PositionBuyInputSchema = zod.z.object({
   /** Symbol (e.g. "TBILL1") or 0x-address. Path C dashboard resolves either. */
   token: tokenIdentifierSchema,
-  /** Investor candidate spend, denominated in USDC base units (uint64). */
-  amountUsdc6: zod.z.string().regex(/^\d+$/, "must be a base-10 integer string")
+  /**
+   * mhUSDC amount in human-decimal units ("5" = 5 mhUSDC, "0.5" =
+   * half a mhUSDC). Forwarded verbatim to the dashboard form via
+   * `/trade?amount=`. Replaces the prior `amountUsdc6` base-6 integer
+   * field — see schema doc above for rationale (LLM-footgun fix).
+   */
+  amountUsdc: decimalUsdcAmountSchema
 }).strict();
 var PositionSellInputSchema = zod.z.object({
   token: tokenIdentifierSchema,
-  /** Encrypted-balance share count to redeem, denominated in fhERC-20 base units. */
-  amountShares: zod.z.string().regex(/^\d+$/, "must be a base-10 integer string")
+  /**
+   * Share count to redeem. fhERC-20 shares are integer base units
+   * (no decimals — see memory `project_decimals_lie_wave4_p0`).
+   * Regex rejects any fractional input so a deep-link can't pre-fill
+   * "2.5 shares" that would silently floor on the on-chain submit.
+   */
+  amountShares: zod.z.string().regex(/^[1-9]\d*$/, "must be a positive integer share count")
 }).strict();
 var PositionClaimInputSchema = zod.z.object({
   token: tokenIdentifierSchema,
@@ -687,11 +764,13 @@ var PositionRebalanceInputSchema = zod.z.object({
 }).strict();
 var CashWrapInputSchema = zod.z.object({
   /**
-   * USDC amount in human-readable units ("100" for $100, "1.5" for
-   * $1.50). Forwarded verbatim to `/cash?amount=`. Decimal optional
-   * — CashPage parses both `\d+` and `\d+\.\d+`.
+   * USDC amount in human-decimal units ("100" for $100, "1.5" for
+   * $1.50). Same shape + same regex as `PositionBuyInputSchema.amountUsdc`
+   * so the LLM doesn't have to learn two different unit conventions
+   * across the Path C surface. Max 6 fractional digits (USDC's base
+   * unit floor); 48-char length cap is URL-bloat defense.
    */
-  amountUsdc: zod.z.string().regex(/^\d+(\.\d+)?$/, "must be a positive decimal number string")
+  amountUsdc: decimalUsdcAmountSchema
 }).strict();
 var PolicySetTierInputSchema = zod.z.object({
   targetTier: tierSchema,
@@ -764,6 +843,37 @@ function authRequiredPayload() {
   };
 }
 
+// src/tools/decimal.ts
+function parseDecimalToUsd6(decimal) {
+  const m = /^(\d+)(?:\.(\d+))?$/.exec(decimal);
+  if (!m) {
+    throw new Error(`Invalid decimal price: ${JSON.stringify(decimal)}`);
+  }
+  const intPart = m[1];
+  const fracPart = m[2] ?? "";
+  const fracPadded = (fracPart + "000000").slice(0, 6);
+  return BigInt(intPart + fracPadded);
+}
+function computeSharesFromUsd6(notionalUsd6, navUsd6) {
+  if (navUsd6 <= 0n) {
+    throw new Error("navUsd6 must be positive");
+  }
+  if (notionalUsd6 < 0n) {
+    throw new Error("notionalUsd6 must be non-negative");
+  }
+  return notionalUsd6 / navUsd6;
+}
+function formatUsd6AsDecimal(usd6) {
+  if (usd6 < 0n) {
+    throw new Error("usd6 must be non-negative");
+  }
+  const whole = usd6 / 1000000n;
+  const frac = usd6 % 1000000n;
+  if (frac === 0n) return whole.toString();
+  const fracStr = frac.toString().padStart(6, "0").replace(/0+$/, "");
+  return `${whole.toString()}.${fracStr}`;
+}
+
 // src/tools/handlers.ts
 function ok(data) {
   return { ok: true, data };
@@ -832,6 +942,17 @@ async function readAudit(input, deps) {
     return mapBackendError(e);
   }
 }
+async function readActivity(input, deps) {
+  try {
+    const data = await deps.backend.get("/api/v1/activity", {
+      limit: input.limit,
+      offset: input.offset
+    });
+    return ok(data);
+  } catch (e) {
+    return mapBackendError(e);
+  }
+}
 function buildPositionDeeplink(dashboardBaseUrl, action, params) {
   const base = dashboardBaseUrl.replace(/\/+$/, "");
   const path = action === "buy" || action === "sell" ? "/trade" : action === "claim" ? "/yields" : "/cash";
@@ -841,39 +962,106 @@ function buildPositionDeeplink(dashboardBaseUrl, action, params) {
   search.set("from", "mcp");
   return `${base}${path}?${search.toString()}`;
 }
-function formatUsdc6ToDecimal(amountUsdc6) {
-  if (!/^\d+$/.test(amountUsdc6)) {
-    throw new Error(`amountUsdc6 must be a non-negative integer string: ${amountUsdc6}`);
-  }
-  const padded = amountUsdc6.padStart(7, "0");
-  const intPart = padded.slice(0, -6).replace(/^0+(?=\d)/, "");
-  const fracPart = padded.slice(-6).replace(/0+$/, "");
-  return fracPart === "" ? intPart : `${intPart}.${fracPart}`;
-}
 function resolveDashboardBaseUrl(deps) {
   return deps.dashboardBaseUrl ?? "https://muhaven.app";
 }
+function resolveTokenInCatalog(identifier, catalog) {
+  const needle = identifier.toLowerCase();
+  return catalog.find(
+    (t) => t.address.toLowerCase() === needle || t.symbol.toLowerCase() === needle
+  ) ?? null;
+}
+function sanitizeSymbolForLlmContext(raw) {
+  const cleaned = raw.replace(/[^A-Za-z0-9_-]/g, "?");
+  return cleaned.length > 16 ? cleaned.slice(0, 16) : cleaned;
+}
 async function positionBuy(input, deps) {
-  const amount = formatUsdc6ToDecimal(input.amountUsdc6);
+  let catalog;
+  try {
+    catalog = await deps.backend.getUnauth("/api/v1/tokens");
+  } catch (e) {
+    return mapBackendError(e);
+  }
+  const token = resolveTokenInCatalog(input.token, catalog.tokens ?? []);
+  if (!token) {
+    return err(
+      "token_not_found",
+      `Token "${sanitizeSymbolForLlmContext(input.token)}" is not in the MuHaven catalog. Call muhaven.read.tokens for the canonical symbol list.`
+    );
+  }
+  const safeSymbol = sanitizeSymbolForLlmContext(token.symbol);
+  if (!token.latest_nav || !token.latest_nav.nav) {
+    return err(
+      "nav_unavailable",
+      `No NAV snapshot available for ${safeSymbol} yet. The nav-worker may not have written one \u2014 retry shortly, or use the dashboard /trade page directly.`
+    );
+  }
+  let navUsd6;
+  try {
+    navUsd6 = parseDecimalToUsd6(token.latest_nav.nav);
+  } catch (e) {
+    return err(
+      "nav_malformed",
+      `NAV for ${safeSymbol} is not a valid decimal price. Open the dashboard /trade page directly.`
+    );
+  }
+  if (navUsd6 <= 0n) {
+    return err(
+      "nav_non_positive",
+      `NAV for ${safeSymbol} is non-positive. Cannot quote a buy.`
+    );
+  }
+  let notionalUsd6;
+  try {
+    notionalUsd6 = parseDecimalToUsd6(input.amountUsdc);
+  } catch (e) {
+    return err(
+      "invalid_amount",
+      `amountUsdc "${input.amountUsdc}" is not a valid decimal mhUSDC amount.`
+    );
+  }
+  if (notionalUsd6 <= 0n) {
+    return err(
+      "invalid_amount",
+      "amountUsdc must be greater than zero."
+    );
+  }
+  const shares = computeSharesFromUsd6(notionalUsd6, navUsd6);
+  if (shares <= 0n) {
+    const navDisplay2 = formatUsd6AsDecimal(navUsd6);
+    return err(
+      "amount_too_small_for_share",
+      `${input.amountUsdc} mhUSDC isn't enough to buy 1 share of ${safeSymbol} at the current NAV of $${navDisplay2}/share. Need at least ${navDisplay2} mhUSDC to buy 1 share. Ask the user for a larger amount, or chain muhaven.cash.wrap first if they're short on mhUSDC.`
+    );
+  }
+  const effectiveNotionalUsd6 = shares * navUsd6;
+  const effectiveNotionalDisplay = formatUsd6AsDecimal(effectiveNotionalUsd6);
+  const navDisplay = formatUsd6AsDecimal(navUsd6);
+  const sharesStr = shares.toString();
   const dashboardUrl = buildPositionDeeplink(resolveDashboardBaseUrl(deps), "buy", {
-    token: input.token,
-    amount
+    token: token.symbol,
+    amount: sharesStr
   });
   return ok({
     dashboardUrl,
     action: "buy",
-    instructions: `Open this link to review and authorize the buy of ${amount} mhUSDC of ${input.token}:
+    instructions: `Open this link to review and authorize the buy of ${sharesStr} ${safeSymbol} shares (~${effectiveNotionalDisplay} mhUSDC at current NAV $${navDisplay}/share):
 ${dashboardUrl}`,
-    echo: { action: "buy", token: input.token, amount }
+    echo: {
+      action: "buy",
+      token: token.symbol,
+      amount: sharesStr,
+      shares: sharesStr,
+      // Carry the original request + the conversion math so the LLM
+      // (and a human auditor reading the trace) can see why the URL
+      // shows the share count instead of the user-stated notional.
+      amountUsdc: input.amountUsdc,
+      effectiveNotionalUsd6: effectiveNotionalUsd6.toString(),
+      navUsd6: navUsd6.toString()
+    }
   });
 }
 async function positionSell(input, deps) {
-  if (!/^\d+(\.\d+)?$/.test(input.amountShares)) {
-    return err(
-      "invalid_input",
-      `amountShares must be a non-negative number string: ${JSON.stringify(input.amountShares)}`
-    );
-  }
   const dashboardUrl = buildPositionDeeplink(resolveDashboardBaseUrl(deps), "sell", {
     token: input.token,
     shares: input.amountShares
@@ -1112,6 +1300,10 @@ var HANDLERS = {
     schema: ReadAuditInputSchema,
     handler: readAudit
   },
+  "muhaven.read.activity": {
+    schema: ReadActivityInputSchema,
+    handler: readActivity
+  },
   "muhaven.position.buy": {
     schema: PositionBuyInputSchema,
     handler: positionBuy
@@ -1216,7 +1408,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.1.7";
+    return "0.2.1";
   }
 }
 function toJsonInputSchema(schema) {

package/dist/index.d.cts

@@ -263,6 +263,14 @@ declare class BackendClient {
      * Authorization header.
      */
     postUnauth<T>(path: string, body: unknown): Promise<T>;
+    /**
+     * GET variant that sends no Authorization header. Use for backend
+     * endpoints that are intentionally public (e.g. `/api/v1/tokens`
+     * which the marketplace + the 0.2.1 `positionBuy` NAV-conversion
+     * both read). Avoids triggering the AUTH_REQUIRED branch for the
+     * "not yet logged in" case on read paths that don't need auth.
+     */
+    getUnauth<T>(path: string, query?: Record<string, string | number | undefined>): Promise<T>;
     private buildUrl;
     private exchangeWithRetry;
     private exchange;
@@ -305,14 +313,15 @@ interface ToolDescriptor {
     readonly sensitive: boolean;
 }
 /**
- * The 22 Wave 4 MCP tools across five groups:
- *   muhaven.read.*       (7 — incl. P11 protection_coverage + kyc_attestation)
+ * The 23 MCP tools across five groups:
+ *   muhaven.read.*       (8 — incl. P11 protection_coverage + kyc_attestation
+ *                            + 0.2.1 read.activity for Path C settle verify)
  *   muhaven.position.*   (4)
  *   muhaven.policy.*     (4)
  *   muhaven.issuer.*     (5 — P7)
  *   muhaven.governance.* (2 — P11; cast_vote frontend runner deferred to Wave 5)
  *
- * `MUHAVEN_READ_ONLY=true` exposes only the 7 `muhaven.read.*` tools.
+ * `MUHAVEN_READ_ONLY=true` exposes only the 8 `muhaven.read.*` tools.
  * P5's `muhaven.checkout.*` namespace was retired before Wave 4 close — the
  * hosted checkout surface ships as a separate Vite SPA (apps/checkout-pay/),
  * not as an MCP tool group.

package/dist/index.d.ts

@@ -263,6 +263,14 @@ declare class BackendClient {
      * Authorization header.
      */
     postUnauth<T>(path: string, body: unknown): Promise<T>;
+    /**
+     * GET variant that sends no Authorization header. Use for backend
+     * endpoints that are intentionally public (e.g. `/api/v1/tokens`
+     * which the marketplace + the 0.2.1 `positionBuy` NAV-conversion
+     * both read). Avoids triggering the AUTH_REQUIRED branch for the
+     * "not yet logged in" case on read paths that don't need auth.
+     */
+    getUnauth<T>(path: string, query?: Record<string, string | number | undefined>): Promise<T>;
     private buildUrl;
     private exchangeWithRetry;
     private exchange;
@@ -305,14 +313,15 @@ interface ToolDescriptor {
     readonly sensitive: boolean;
 }
 /**
- * The 22 Wave 4 MCP tools across five groups:
- *   muhaven.read.*       (7 — incl. P11 protection_coverage + kyc_attestation)
+ * The 23 MCP tools across five groups:
+ *   muhaven.read.*       (8 — incl. P11 protection_coverage + kyc_attestation
+ *                            + 0.2.1 read.activity for Path C settle verify)
  *   muhaven.position.*   (4)
  *   muhaven.policy.*     (4)
  *   muhaven.issuer.*     (5 — P7)
  *   muhaven.governance.* (2 — P11; cast_vote frontend runner deferred to Wave 5)
  *
- * `MUHAVEN_READ_ONLY=true` exposes only the 7 `muhaven.read.*` tools.
+ * `MUHAVEN_READ_ONLY=true` exposes only the 8 `muhaven.read.*` tools.
  * P5's `muhaven.checkout.*` namespace was retired before Wave 4 close — the
  * hosted checkout surface ships as a separate Vite SPA (apps/checkout-pay/),
  * not as an MCP tool group.