@muhaven/mcp 0.2.1 → 0.2.3

package/dist/broker.js

@@ -3,8 +3,9 @@ import { fileURLToPath } from 'url';
 import { platform, release, hostname, homedir } from 'os';
 import { exec, spawn } from 'child_process';
 import { connect, createServer } from 'net';
-import { mkdir, chmod, writeFile, readFile, unlink, stat } from 'fs/promises';
+import { mkdir, chmod, writeFile, readFile, unlink, rename, readdir, stat } from 'fs/promises';
 import { privateKeyToAccount, generatePrivateKey } from 'viem/accounts';
+import { randomBytes } from 'crypto';
 
 var getFilename = () => fileURLToPath(import.meta.url);
 var getDirname = () => path.dirname(getFilename());
@@ -15,6 +16,10 @@ var DEFAULT_REQUEST_TIMEOUT_MS = 15e3;
 var DEFAULT_BROKER_TIMEOUT_MS = 5e3;
 var DEFAULT_BROKER_MAX_BYTES = 64 * 1024;
 var DEFAULT_JWT_CACHE_TTL_SEC = 30;
+var DEFAULT_BUNDLER_TIMEOUT_MS = 2e4;
+var DEFAULT_CHAIN_ID = 421614;
+var DEFAULT_ENTRY_POINT_ADDRESS = "0x0000000071727De22E5E9d8BAf0edAc6f37da032";
+var ADDRESS_HEX_RE = /^0x[0-9a-fA-F]{40}$/;
 function defaultBrokerEndpoint() {
   if (platform() === "win32") {
     const user = process.env.USERNAME ?? "default";
@@ -90,6 +95,35 @@ function loadMcpConfig(env = process.env) {
   const requestTimeoutMs = readEnvInt("MUHAVEN_REQUEST_TIMEOUT_MS", DEFAULT_REQUEST_TIMEOUT_MS, env);
   const brokerTimeoutMs = readEnvInt("MUHAVEN_BROKER_TIMEOUT_MS", DEFAULT_BROKER_TIMEOUT_MS, env);
   const jwtCacheTtlSec = readEnvInt("MUHAVEN_JWT_CACHE_TTL_SEC", DEFAULT_JWT_CACHE_TTL_SEC, env);
+  const bundlerUrlRaw = readEnv("MUHAVEN_BUNDLER_URL", env);
+  let bundlerUrl;
+  if (bundlerUrlRaw !== void 0) {
+    const validationErr = validatePublicUrlEnv("MUHAVEN_BUNDLER_URL", bundlerUrlRaw);
+    if (validationErr) throw new Error(validationErr);
+    bundlerUrl = trimTrailingSlash(bundlerUrlRaw);
+  }
+  const bundlerTimeoutMs = readEnvInt("MUHAVEN_BUNDLER_TIMEOUT_MS", DEFAULT_BUNDLER_TIMEOUT_MS, env);
+  const chainId = readEnvInt("MUHAVEN_CHAIN_ID", DEFAULT_CHAIN_ID, env);
+  const subscriptionAddressRaw = readEnv("MUHAVEN_SUBSCRIPTION_ADDRESS", env);
+  let subscriptionAddress;
+  if (subscriptionAddressRaw !== void 0) {
+    if (!ADDRESS_HEX_RE.test(subscriptionAddressRaw)) {
+      throw new Error(
+        `MUHAVEN_SUBSCRIPTION_ADDRESS must be a 0x-prefixed 20-byte hex string (got ${JSON.stringify(subscriptionAddressRaw)})`
+      );
+    }
+    subscriptionAddress = subscriptionAddressRaw.toLowerCase();
+  }
+  const entryPointAddressRaw = readEnv("MUHAVEN_ENTRY_POINT", env);
+  let entryPointAddress = DEFAULT_ENTRY_POINT_ADDRESS;
+  if (entryPointAddressRaw !== void 0) {
+    if (!ADDRESS_HEX_RE.test(entryPointAddressRaw)) {
+      throw new Error(
+        `MUHAVEN_ENTRY_POINT must be a 0x-prefixed 20-byte hex string (got ${JSON.stringify(entryPointAddressRaw)})`
+      );
+    }
+    entryPointAddress = entryPointAddressRaw.toLowerCase();
+  }
   return {
     backendBaseUrl,
     dashboardBaseUrl,
@@ -98,7 +132,12 @@ function loadMcpConfig(env = process.env) {
     requestTimeoutMs,
     brokerTimeoutMs,
     allowedBackendHosts: deriveAllowedHosts(backendBaseUrl),
-    jwtCacheTtlSec
+    jwtCacheTtlSec,
+    bundlerUrl,
+    bundlerTimeoutMs,
+    chainId,
+    subscriptionAddress,
+    entryPointAddress
   };
 }
 var PRIVKEY_HEX_RE = /^0x[0-9a-fA-F]{64}$/;
@@ -133,16 +172,366 @@ function loadBrokerConfig(env = process.env) {
     dashboardBaseUrl
   };
 }
+
+// src/broker/protocol.ts
+var BROKER_PROTOCOL_VERSION = "0.4.0";
+var HASH_HEX_RE = /^0x[0-9a-fA-F]{64}$/;
+var ADDRESS_HEX_RE2 = /^0x[0-9a-fA-F]{40}$/;
+var SELECTOR_HEX_RE = /^0x[0-9a-fA-F]{8}$/;
+var HEX_PREFIXED_RE = /^0x[0-9a-fA-F]*$/;
+var JWT_RE = /^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/;
+var SESSION_ID_RE = /^[A-Za-z0-9_-]{1,128}$/;
+var UINT256_DEC_RE = /^(0|[1-9][0-9]{0,77})$/;
+var MAX_CALLDATA_HEX_LEN = 2e5;
+function isHashHex(value) {
+  return typeof value === "string" && HASH_HEX_RE.test(value);
+}
+function isAddressHex(value) {
+  return typeof value === "string" && ADDRESS_HEX_RE2.test(value);
+}
+function isSelectorHex(value) {
+  return typeof value === "string" && SELECTOR_HEX_RE.test(value);
+}
+function isHexPrefixed(value) {
+  return typeof value === "string" && HEX_PREFIXED_RE.test(value);
+}
+function isJwtShape(value) {
+  return typeof value === "string" && value.length <= 8192 && JWT_RE.test(value);
+}
+function isSessionIdShape(value) {
+  return typeof value === "string" && SESSION_ID_RE.test(value);
+}
+function isUint256DecString(value) {
+  return typeof value === "string" && UINT256_DEC_RE.test(value);
+}
+var UINT256_MAX = (1n << 256n) - 1n;
+function isUint256InRange(value) {
+  if (!isUint256DecString(value)) return false;
+  return BigInt(value) <= UINT256_MAX;
+}
+function parseSelectorCap(raw) {
+  if (typeof raw !== "object" || raw === null) {
+    return { error: "selectorCap must be an object" };
+  }
+  const obj = raw;
+  if (!isSelectorHex(obj.selector)) {
+    return { error: "selectorCap.selector must be a 4-byte 0x-hex" };
+  }
+  const capArgIndex = obj.capArgIndex;
+  const maxAmount = obj.maxAmount;
+  const indexIsNull = capArgIndex === null;
+  const amountIsNull = maxAmount === null;
+  if (indexIsNull !== amountIsNull) {
+    return {
+      error: "selectorCap.capArgIndex and selectorCap.maxAmount must both be null or both non-null"
+    };
+  }
+  if (!indexIsNull) {
+    if (typeof capArgIndex !== "number" || !Number.isInteger(capArgIndex) || capArgIndex < 0 || capArgIndex > 31) {
+      return {
+        error: "selectorCap.capArgIndex must be an integer in [0, 31] (max 32 ABI words)"
+      };
+    }
+    if (typeof maxAmount !== "string" || !isUint256InRange(maxAmount)) {
+      return { error: "selectorCap.maxAmount must be a uint256 decimal string \u2264 2^256-1" };
+    }
+  }
+  return {
+    selector: obj.selector.toLowerCase(),
+    capArgIndex: indexIsNull ? null : capArgIndex,
+    maxAmount: indexIsNull ? null : maxAmount
+  };
+}
+function isOptionalHash32(value) {
+  return value === void 0 || isHashHex(value);
+}
+function isOptionalPermissionId(value) {
+  return value === void 0 || isSelectorHex(value);
+}
+function parsePolicySnapshot(raw) {
+  if (typeof raw !== "object" || raw === null) {
+    return { error: "snapshot must be a JSON object" };
+  }
+  const obj = raw;
+  if (!isSessionIdShape(obj.sessionId)) {
+    return { error: "snapshot.sessionId must be 1-128 chars [A-Za-z0-9_-]" };
+  }
+  if (obj.mode !== "scoped") {
+    return { error: "snapshot.mode must be 'scoped' (wildcard ships in Slice 4)" };
+  }
+  if (!isAddressHex(obj.signerAddress)) {
+    return { error: "snapshot.signerAddress must be a 0x-prefixed 20-byte hex" };
+  }
+  const targetContracts = obj.targetContracts;
+  if (!Array.isArray(targetContracts) || targetContracts.length === 0 || targetContracts.length > 32 || !targetContracts.every(isAddressHex)) {
+    return {
+      error: "snapshot.targetContracts must be a 1..32-element array of 0x-addresses"
+    };
+  }
+  const rawCaps = obj.selectorCaps;
+  if (!Array.isArray(rawCaps) || rawCaps.length === 0 || rawCaps.length > 32) {
+    return { error: "snapshot.selectorCaps must be a 1..32-element array" };
+  }
+  const parsedCaps = [];
+  const seenSelectors = /* @__PURE__ */ new Set();
+  for (const c of rawCaps) {
+    const parsed = parseSelectorCap(c);
+    if ("error" in parsed) return { error: `selectorCaps: ${parsed.error}` };
+    if (seenSelectors.has(parsed.selector)) {
+      return { error: `selectorCaps: duplicate selector ${parsed.selector}` };
+    }
+    seenSelectors.add(parsed.selector);
+    parsedCaps.push(parsed);
+  }
+  if (typeof obj.validUntilSec !== "number" || !Number.isFinite(obj.validUntilSec) || obj.validUntilSec <= 0) {
+    return { error: "snapshot.validUntilSec must be a positive number" };
+  }
+  if (typeof obj.mintedAtSec !== "number" || !Number.isFinite(obj.mintedAtSec) || obj.mintedAtSec <= 0) {
+    return { error: "snapshot.mintedAtSec must be a positive number" };
+  }
+  if (!isOptionalHash32(obj.consentActionHash)) {
+    return { error: "snapshot.consentActionHash must be a 0x-prefixed 32-byte hex when provided" };
+  }
+  if (!isOptionalHash32(obj.consentTextSha256)) {
+    return { error: "snapshot.consentTextSha256 must be a 0x-prefixed 32-byte hex when provided" };
+  }
+  if (!isOptionalPermissionId(obj.permissionId)) {
+    return { error: "snapshot.permissionId must be a 0x-prefixed 4-byte hex when provided" };
+  }
+  return {
+    sessionId: obj.sessionId,
+    mode: "scoped",
+    signerAddress: obj.signerAddress.toLowerCase(),
+    targetContracts: targetContracts.map(
+      (a) => a.toLowerCase()
+    ),
+    selectorCaps: parsedCaps,
+    validUntilSec: obj.validUntilSec,
+    mintedAtSec: obj.mintedAtSec,
+    ...obj.consentActionHash === void 0 ? {} : { consentActionHash: obj.consentActionHash.toLowerCase() },
+    ...obj.consentTextSha256 === void 0 ? {} : { consentTextSha256: obj.consentTextSha256.toLowerCase() },
+    ...obj.permissionId === void 0 ? {} : { permissionId: obj.permissionId.toLowerCase() }
+  };
+}
+function parseBrokerRequest(line) {
+  let parsed;
+  try {
+    parsed = JSON.parse(line);
+  } catch {
+    return { type: "error", code: "invalid_request", message: "request is not valid JSON" };
+  }
+  if (typeof parsed !== "object" || parsed === null) {
+    return { type: "error", code: "invalid_request", message: "request must be a JSON object" };
+  }
+  const obj = parsed;
+  switch (obj.type) {
+    case "hello":
+      return { type: "hello" };
+    case "sign_hash": {
+      const hash = obj.hash;
+      if (!isHashHex(hash)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "sign_hash.hash must be a 0x-prefixed 32-byte hex string"
+        };
+      }
+      const intent = obj.intent;
+      const intentValid = intent === void 0 || typeof intent === "object" && intent !== null && typeof intent.tool === "string";
+      if (!intentValid) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "sign_hash.intent.tool must be a string when provided"
+        };
+      }
+      return {
+        type: "sign_hash",
+        hash,
+        ...intent === void 0 ? {} : { intent }
+      };
+    }
+    case "store_jwt": {
+      const jwt = obj.jwt;
+      if (!isJwtShape(jwt)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "store_jwt.jwt must be a JWT-shaped string \u22648192 chars"
+        };
+      }
+      const expiresAtSec = obj.expiresAtSec;
+      const expiresValid = expiresAtSec === void 0 || typeof expiresAtSec === "number" && Number.isFinite(expiresAtSec) && expiresAtSec > 0;
+      if (!expiresValid) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "store_jwt.expiresAtSec must be a positive number when provided"
+        };
+      }
+      return {
+        type: "store_jwt",
+        jwt,
+        ...expiresAtSec === void 0 ? {} : { expiresAtSec }
+      };
+    }
+    case "get_jwt":
+      return { type: "get_jwt" };
+    case "clear_jwt":
+      return { type: "clear_jwt" };
+    case "sign_userop": {
+      const sessionId = obj.sessionId;
+      if (!isSessionIdShape(sessionId)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "sign_userop.sessionId must be 1-128 chars [A-Za-z0-9_-]"
+        };
+      }
+      const userOpHash = obj.userOpHash;
+      if (!isHashHex(userOpHash)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "sign_userop.userOpHash must be a 0x-prefixed 32-byte hex string"
+        };
+      }
+      const innerCall = obj.innerCall;
+      if (typeof innerCall !== "object" || innerCall === null) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "sign_userop.innerCall must be an object with { target, callData }"
+        };
+      }
+      const ic = innerCall;
+      if (!isAddressHex(ic.target)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "sign_userop.innerCall.target must be a 0x-prefixed 20-byte hex"
+        };
+      }
+      if (!isHexPrefixed(ic.callData) || ic.callData.length < 74 || ic.callData.length % 2 !== 0 || ic.callData.length > MAX_CALLDATA_HEX_LEN) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "sign_userop.innerCall.callData must be 0x-prefixed even-length hex \u226574 chars (selector + first uint256 arg) and \u2264200000 chars"
+        };
+      }
+      const intent = obj.intent;
+      let safeIntent;
+      if (intent !== void 0) {
+        if (typeof intent !== "object" || intent === null) {
+          return {
+            type: "error",
+            code: "invalid_request",
+            message: "sign_userop.intent must be an object when provided"
+          };
+        }
+        const intentObj = intent;
+        if (typeof intentObj.tool !== "string" || intentObj.tool.length > 64) {
+          return {
+            type: "error",
+            code: "invalid_request",
+            message: "sign_userop.intent.tool must be a string \u226464 chars"
+          };
+        }
+        if (intentObj.summary !== void 0 && (typeof intentObj.summary !== "string" || intentObj.summary.length > 256)) {
+          return {
+            type: "error",
+            code: "invalid_request",
+            message: "sign_userop.intent.summary must be a string \u2264256 chars when provided"
+          };
+        }
+        safeIntent = {
+          tool: intentObj.tool,
+          ...typeof intentObj.summary === "string" ? { summary: intentObj.summary } : {}
+        };
+      }
+      return {
+        type: "sign_userop",
+        sessionId,
+        userOpHash,
+        innerCall: {
+          target: ic.target.toLowerCase(),
+          callData: ic.callData.toLowerCase()
+        },
+        ...safeIntent === void 0 ? {} : { intent: safeIntent }
+      };
+    }
+    case "store_policy_snapshot": {
+      const parsed2 = parsePolicySnapshot(obj.snapshot);
+      if ("error" in parsed2) {
+        return { type: "error", code: "invalid_request", message: parsed2.error };
+      }
+      return { type: "store_policy_snapshot", snapshot: parsed2 };
+    }
+    case "get_policy_snapshot": {
+      if (!isSessionIdShape(obj.sessionId)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "get_policy_snapshot.sessionId must be 1-128 chars [A-Za-z0-9_-]"
+        };
+      }
+      return { type: "get_policy_snapshot", sessionId: obj.sessionId };
+    }
+    case "clear_policy_snapshot": {
+      if (!isSessionIdShape(obj.sessionId)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "clear_policy_snapshot.sessionId must be 1-128 chars [A-Za-z0-9_-]"
+        };
+      }
+      return { type: "clear_policy_snapshot", sessionId: obj.sessionId };
+    }
+    case "get_active_session_id":
+      return { type: "get_active_session_id" };
+    default:
+      return {
+        type: "error",
+        code: "unsupported_type",
+        message: `unsupported request type: ${String(obj.type)}`
+      };
+  }
+}
+function serializeResponse(res) {
+  return JSON.stringify(res) + "\n";
+}
+
+// src/clients/broker-client.ts
 var BrokerClientError = class extends Error {
-  constructor(code, message, cause) {
+  constructor(code, message, cause, brokerCode) {
     super(message);
     this.code = code;
     this.cause = cause;
+    this.brokerCode = brokerCode;
     this.name = "BrokerClientError";
   }
   code;
   cause;
+  brokerCode;
 };
+function semverGte(a, b) {
+  const re = /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)$/;
+  const ma = re.exec(a);
+  const mb = re.exec(b);
+  if (!ma || !mb) {
+    throw new BrokerClientError(
+      "protocol_error",
+      `semverGte: malformed version (got ${JSON.stringify(a)} vs ${JSON.stringify(b)})`
+    );
+  }
+  for (let i = 1; i <= 3; i++) {
+    const ai = Number(ma[i]);
+    const bi = Number(mb[i]);
+    if (ai > bi) return true;
+    if (ai < bi) return false;
+  }
+  return true;
+}
 var BrokerClient = class {
   constructor(options) {
     this.options = options;
@@ -202,6 +591,109 @@ var BrokerClient = class {
       );
     }
   }
+  // ── Wave 5 Path D Slice 1 (Commit 3) — policy snapshot CRUD + sign_userop ──
+  async signUserOp(args) {
+    const res = await this.exchange({
+      type: "sign_userop",
+      sessionId: args.sessionId,
+      userOpHash: args.userOpHash,
+      innerCall: args.innerCall,
+      ...args.intent ? { intent: args.intent } : {}
+    });
+    if (res.type !== "sign_userop") {
+      throw new BrokerClientError(
+        "protocol_error",
+        `expected sign_userop response, got ${res.type}`
+      );
+    }
+    return res;
+  }
+  async storePolicySnapshot(snapshot) {
+    const res = await this.exchange({ type: "store_policy_snapshot", snapshot });
+    if (res.type !== "store_policy_snapshot") {
+      throw new BrokerClientError(
+        "protocol_error",
+        `expected store_policy_snapshot response, got ${res.type}`
+      );
+    }
+    return res;
+  }
+  async getPolicySnapshot(sessionId) {
+    const res = await this.exchange({ type: "get_policy_snapshot", sessionId });
+    if (res.type !== "get_policy_snapshot") {
+      throw new BrokerClientError(
+        "protocol_error",
+        `expected get_policy_snapshot response, got ${res.type}`
+      );
+    }
+    return res;
+  }
+  async clearPolicySnapshot(sessionId) {
+    const res = await this.exchange({ type: "clear_policy_snapshot", sessionId });
+    if (res.type !== "clear_policy_snapshot") {
+      throw new BrokerClientError(
+        "protocol_error",
+        `expected clear_policy_snapshot response, got ${res.type}`
+      );
+    }
+    return res;
+  }
+  async getActiveSessionId() {
+    const res = await this.exchange({ type: "get_active_session_id" });
+    if (res.type !== "get_active_session_id") {
+      throw new BrokerClientError(
+        "protocol_error",
+        `expected get_active_session_id response, got ${res.type}`
+      );
+    }
+    return res;
+  }
+  /**
+   * Detect whether the running daemon speaks Path D (protocol 0.4.0+).
+   * Wraps `hello()` with a semver-gte comparison so the MCP tool layer
+   * can short-circuit to Path C with a clear `version_too_old` reason
+   * instead of surfacing the opaque `unsupported_type` error a stale
+   * 0.3.0 daemon would emit on `sign_userop` / `get_active_session_id`
+   * (Backend Architect H-2, round 2).
+   *
+   * Returns `{ supported: false }` on broker connect failure too — the
+   * caller treats "daemon down" identically to "version too old": Path D
+   * not available, fall through to Path C.
+   */
+  async preflight() {
+    let hello;
+    try {
+      hello = await this.hello();
+    } catch (err) {
+      return {
+        supported: false,
+        reason: "broker_unreachable",
+        message: err instanceof BrokerClientError ? `broker.${err.code}: ${err.message}` : err instanceof Error ? err.message : "broker unreachable",
+        requiredVersion: BROKER_PROTOCOL_VERSION
+      };
+    }
+    if (!semverGte(hello.version, BROKER_PROTOCOL_VERSION)) {
+      return {
+        supported: false,
+        reason: "version_too_old",
+        daemonVersion: hello.version,
+        requiredVersion: BROKER_PROTOCOL_VERSION
+      };
+    }
+    if (hello.hasSessionKey === false) {
+      return {
+        supported: false,
+        reason: "session_key_unavailable",
+        daemonVersion: hello.version,
+        requiredVersion: BROKER_PROTOCOL_VERSION
+      };
+    }
+    return {
+      supported: true,
+      daemonVersion: hello.version,
+      signerAddress: hello.sessionKeyAddress
+    };
+  }
   exchange(request) {
     return new Promise((resolve, reject) => {
       let socket;
@@ -242,7 +734,12 @@ var BrokerClient = class {
           const parsed = JSON.parse(line);
           if (parsed.type === "error") {
             settleErr(
-              new BrokerClientError("broker_error", `${parsed.code}: ${parsed.message}`)
+              new BrokerClientError(
+                "broker_error",
+                `${parsed.code}: ${parsed.message}`,
+                void 0,
+                parsed.code
+              )
             );
             return;
           }
@@ -406,6 +903,71 @@ async function safeJson(res) {
     return null;
   }
 }
+
+// src/auth/jwt-decode.ts
+var JwtDecodeError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "JwtDecodeError";
+    this.code = code;
+  }
+};
+function decodeJwtPayload(jwt) {
+  const segments = jwt.split(".");
+  if (segments.length !== 3) {
+    throw new JwtDecodeError(
+      "malformed_segments",
+      `expected 3 dot-separated segments, got ${segments.length}`
+    );
+  }
+  const payloadSegment = segments[1];
+  if (payloadSegment === void 0) {
+    throw new JwtDecodeError("malformed_segments", "payload segment missing");
+  }
+  let payloadJson;
+  try {
+    payloadJson = Buffer.from(payloadSegment, "base64url").toString("utf8");
+  } catch (err) {
+    throw new JwtDecodeError(
+      "malformed_base64",
+      `payload segment is not valid base64url: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(payloadJson);
+  } catch (err) {
+    throw new JwtDecodeError(
+      "malformed_json",
+      `payload is not valid JSON: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  if (parsed === null || typeof parsed !== "object") {
+    throw new JwtDecodeError(
+      "malformed_json",
+      `payload is not a JSON object (got ${parsed === null ? "null" : typeof parsed})`
+    );
+  }
+  const obj = parsed;
+  return {
+    sub: typeof obj.sub === "string" ? obj.sub : null,
+    scope: Array.isArray(obj.scope) ? obj.scope.filter((s) => typeof s === "string") : [],
+    expSec: typeof obj.exp === "number" ? obj.exp : null,
+    iss: typeof obj.iss === "string" ? obj.iss : null
+  };
+}
+function sanitizeClaimForTerminal(value, maxLen = 120) {
+  if (!value) return "";
+  const stripped = value.replace(/[^\x20-\x7e]/g, "?");
+  return stripped.length > maxLen ? `${stripped.slice(0, maxLen)}\u2026(truncated)` : stripped;
+}
+function truncateSubject(sub) {
+  if (!sub) return "(missing)";
+  const sanitized = sub.replace(/[^\x20-\x7e]/g, "?");
+  if (sanitized.length <= 12) return sanitized;
+  return `${sanitized.slice(0, 8)}\u2026${sanitized.slice(-4)}`;
+}
 var KEYRING_SERVICE = "muhaven.mcp";
 var KEYRING_ACCOUNT = "jwt";
 async function loadKeyringModule() {
@@ -500,154 +1062,66 @@ var KeystoreError = class extends Error {
     this.name = "KeystoreError";
   }
   code;
-  cause;
-};
-function parseRecord(raw) {
-  try {
-    const parsed = JSON.parse(raw);
-    if (!parsed || typeof parsed.jwt !== "string") return null;
-    return {
-      jwt: parsed.jwt,
-      expiresAtSec: typeof parsed.expiresAtSec === "number" ? parsed.expiresAtSec : null,
-      storedAtSec: typeof parsed.storedAtSec === "number" ? parsed.storedAtSec : 0
-    };
-  } catch {
-    throw new KeystoreError("malformed_record", "keystore record is not valid JSON");
-  }
-}
-function asMessage(err) {
-  return err instanceof Error ? err.message : String(err);
-}
-async function openKeystore(options = {}) {
-  const envPref = process.env.MUHAVEN_KEYRING?.toLowerCase();
-  const wantFile = options.preferred === "file" || envPref === "file";
-  const filePath = options.filePath ?? FileKeystore.defaultPath();
-  if (wantFile) {
-    return { keystore: new FileKeystore(filePath), fallbackReason: null };
-  }
-  const mod = await loadKeyringModule();
-  if (!mod) {
-    return {
-      keystore: new FileKeystore(filePath),
-      fallbackReason: "@napi-rs/keyring not installed for this platform"
-    };
-  }
-  const Entry = mod.Entry;
-  if (!Entry) {
-    return {
-      keystore: new FileKeystore(filePath),
-      fallbackReason: "@napi-rs/keyring loaded but Entry constructor missing"
-    };
-  }
-  let entry;
-  try {
-    entry = new Entry(KEYRING_SERVICE, KEYRING_ACCOUNT);
-    const raw = entry.getPassword();
-    if (raw && typeof raw === "string") {
-      const parsed = parseRecord(raw);
-      if (parsed === null) {
-        return {
-          keystore: new FileKeystore(filePath),
-          fallbackReason: "OS keychain held a record that did not contain a recognizable JWT \u2014 falling back to file. Run `muhaven-broker logout` if you want to clean it up."
-        };
-      }
-    }
-  } catch (err) {
-    const isMalformed = err instanceof KeystoreError && err.code === "malformed_record";
-    return {
-      keystore: new FileKeystore(filePath),
-      fallbackReason: isMalformed ? `OS keychain held a malformed JWT record \u2014 falling back to file. ${asMessage(err)}` : `OS keychain probe failed: ${asMessage(err)}`
-    };
-  }
-  return { keystore: new OsKeystore(entry), fallbackReason: null };
-}
-
-// src/broker/protocol.ts
-var BROKER_PROTOCOL_VERSION = "0.3.0";
-var HASH_HEX_RE = /^0x[0-9a-fA-F]{64}$/;
-var JWT_RE = /^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/;
-function isHashHex(value) {
-  return typeof value === "string" && HASH_HEX_RE.test(value);
-}
-function isJwtShape(value) {
-  return typeof value === "string" && value.length <= 8192 && JWT_RE.test(value);
-}
-function parseBrokerRequest(line) {
-  let parsed;
-  try {
-    parsed = JSON.parse(line);
-  } catch {
-    return { type: "error", code: "invalid_request", message: "request is not valid JSON" };
-  }
-  if (typeof parsed !== "object" || parsed === null) {
-    return { type: "error", code: "invalid_request", message: "request must be a JSON object" };
-  }
-  const obj = parsed;
-  switch (obj.type) {
-    case "hello":
-      return { type: "hello" };
-    case "sign_hash": {
-      const hash = obj.hash;
-      if (!isHashHex(hash)) {
-        return {
-          type: "error",
-          code: "invalid_request",
-          message: "sign_hash.hash must be a 0x-prefixed 32-byte hex string"
-        };
-      }
-      const intent = obj.intent;
-      const intentValid = intent === void 0 || typeof intent === "object" && intent !== null && typeof intent.tool === "string";
-      if (!intentValid) {
-        return {
-          type: "error",
-          code: "invalid_request",
-          message: "sign_hash.intent.tool must be a string when provided"
-        };
-      }
-      return {
-        type: "sign_hash",
-        hash,
-        ...intent === void 0 ? {} : { intent }
-      };
-    }
-    case "store_jwt": {
-      const jwt = obj.jwt;
-      if (!isJwtShape(jwt)) {
-        return {
-          type: "error",
-          code: "invalid_request",
-          message: "store_jwt.jwt must be a JWT-shaped string \u22648192 chars"
-        };
-      }
-      const expiresAtSec = obj.expiresAtSec;
-      const expiresValid = expiresAtSec === void 0 || typeof expiresAtSec === "number" && Number.isFinite(expiresAtSec) && expiresAtSec > 0;
-      if (!expiresValid) {
+  cause;
+};
+function parseRecord(raw) {
+  try {
+    const parsed = JSON.parse(raw);
+    if (!parsed || typeof parsed.jwt !== "string") return null;
+    return {
+      jwt: parsed.jwt,
+      expiresAtSec: typeof parsed.expiresAtSec === "number" ? parsed.expiresAtSec : null,
+      storedAtSec: typeof parsed.storedAtSec === "number" ? parsed.storedAtSec : 0
+    };
+  } catch {
+    throw new KeystoreError("malformed_record", "keystore record is not valid JSON");
+  }
+}
+function asMessage(err) {
+  return err instanceof Error ? err.message : String(err);
+}
+async function openKeystore(options = {}) {
+  const envPref = process.env.MUHAVEN_KEYRING?.toLowerCase();
+  const wantFile = options.preferred === "file" || envPref === "file";
+  const filePath = options.filePath ?? FileKeystore.defaultPath();
+  if (wantFile) {
+    return { keystore: new FileKeystore(filePath), fallbackReason: null };
+  }
+  const mod = await loadKeyringModule();
+  if (!mod) {
+    return {
+      keystore: new FileKeystore(filePath),
+      fallbackReason: "@napi-rs/keyring not installed for this platform"
+    };
+  }
+  const Entry = mod.Entry;
+  if (!Entry) {
+    return {
+      keystore: new FileKeystore(filePath),
+      fallbackReason: "@napi-rs/keyring loaded but Entry constructor missing"
+    };
+  }
+  let entry;
+  try {
+    entry = new Entry(KEYRING_SERVICE, KEYRING_ACCOUNT);
+    const raw = entry.getPassword();
+    if (raw && typeof raw === "string") {
+      const parsed = parseRecord(raw);
+      if (parsed === null) {
         return {
-          type: "error",
-          code: "invalid_request",
-          message: "store_jwt.expiresAtSec must be a positive number when provided"
+          keystore: new FileKeystore(filePath),
+          fallbackReason: "OS keychain held a record that did not contain a recognizable JWT \u2014 falling back to file. Run `muhaven-broker logout` if you want to clean it up."
         };
       }
-      return {
-        type: "store_jwt",
-        jwt,
-        ...expiresAtSec === void 0 ? {} : { expiresAtSec }
-      };
     }
-    case "get_jwt":
-      return { type: "get_jwt" };
-    case "clear_jwt":
-      return { type: "clear_jwt" };
-    default:
-      return {
-        type: "error",
-        code: "unsupported_type",
-        message: `unsupported request type: ${String(obj.type)}`
-      };
+  } catch (err) {
+    const isMalformed = err instanceof KeystoreError && err.code === "malformed_record";
+    return {
+      keystore: new FileKeystore(filePath),
+      fallbackReason: isMalformed ? `OS keychain held a malformed JWT record \u2014 falling back to file. ${asMessage(err)}` : `OS keychain probe failed: ${asMessage(err)}`
+    };
   }
-}
-function serializeResponse(res) {
-  return JSON.stringify(res) + "\n";
+  return { keystore: new OsKeystore(entry), fallbackReason: null };
 }
 var MissingSessionKeyError = class extends Error {
   constructor() {
@@ -663,6 +1137,9 @@ var NullSigner = class {
   async signHash(_hash) {
     throw new MissingSessionKeyError();
   }
+  async signRawMessage(_hash) {
+    throw new MissingSessionKeyError();
+  }
 };
 var ViemSigner = class {
   account;
@@ -675,12 +1152,297 @@ var ViemSigner = class {
   async signHash(hash) {
     return this.account.sign({ hash });
   }
+  async signRawMessage(hash) {
+    return this.account.signMessage({ message: { raw: hash } });
+  }
+};
+var PolicyStoreError = class extends Error {
+  constructor(code, message, cause) {
+    super(message);
+    this.code = code;
+    this.cause = cause;
+    this.name = "PolicyStoreError";
+  }
+  code;
+  cause;
+};
+var SESSION_ID_RE2 = /^[A-Za-z0-9_-]{1,128}$/;
+var UINT256_MAX_LOCAL = (1n << 256n) - 1n;
+function validateSessionId(sessionId) {
+  if (!SESSION_ID_RE2.test(sessionId)) {
+    throw new PolicyStoreError(
+      "invalid_session_id",
+      `sessionId "${sessionId}" must be 1-128 chars [A-Za-z0-9_-] (path-traversal guard)`
+    );
+  }
+}
+var FilePolicyStore = class {
+  constructor(dir) {
+    this.dir = dir;
+  }
+  dir;
+  static defaultDir() {
+    return join(homedir(), ".muhaven", "policy-snapshots");
+  }
+  snapshotPath(sessionId) {
+    return join(this.dir, `${sessionId}.json`);
+  }
+  async get(sessionId, nowSec) {
+    validateSessionId(sessionId);
+    let raw;
+    try {
+      raw = await readFile(this.snapshotPath(sessionId), "utf8");
+    } catch (err) {
+      if (err.code === "ENOENT") return null;
+      throw new PolicyStoreError(
+        "read_failed",
+        `failed to read snapshot ${sessionId}: ${asMessage2(err)}`,
+        err
+      );
+    }
+    let parsed;
+    try {
+      const obj = JSON.parse(raw);
+      parsed = coerceFromDisk(obj);
+    } catch (err) {
+      throw new PolicyStoreError(
+        "malformed_record",
+        `snapshot ${sessionId} is not valid JSON: ${asMessage2(err)}`,
+        err
+      );
+    }
+    if (parsed.validUntilSec <= nowSec) return null;
+    return parsed;
+  }
+  async put(snapshot) {
+    validateSessionId(snapshot.sessionId);
+    const dest = this.snapshotPath(snapshot.sessionId);
+    const tmp = `${dest}.tmp-${randomBytes(6).toString("hex")}`;
+    try {
+      await mkdir(this.dir, { recursive: true, mode: 448 });
+      await chmod(this.dir, 448).catch(() => void 0);
+      await writeFile(tmp, JSON.stringify(snapshot), { mode: 384 });
+      await chmod(tmp, 384).catch(() => void 0);
+      await rename(tmp, dest);
+    } catch (err) {
+      await unlink(tmp).catch(() => void 0);
+      throw new PolicyStoreError(
+        "write_failed",
+        `failed to write snapshot ${snapshot.sessionId}: ${asMessage2(err)}`,
+        err
+      );
+    }
+  }
+  async delete(sessionId) {
+    validateSessionId(sessionId);
+    try {
+      await unlink(this.snapshotPath(sessionId));
+    } catch (err) {
+      if (err.code === "ENOENT") return;
+      throw new PolicyStoreError(
+        "delete_failed",
+        `failed to delete snapshot ${sessionId}: ${asMessage2(err)}`,
+        err
+      );
+    }
+  }
+  async list() {
+    let entries;
+    try {
+      entries = await readdir(this.dir);
+    } catch (err) {
+      if (err.code === "ENOENT") return [];
+      throw new PolicyStoreError(
+        "read_failed",
+        `failed to enumerate snapshot dir: ${asMessage2(err)}`,
+        err
+      );
+    }
+    const out = [];
+    for (const entry of entries) {
+      if (!entry.endsWith(".json")) continue;
+      const sessionId = entry.slice(0, -".json".length);
+      if (!SESSION_ID_RE2.test(sessionId)) continue;
+      try {
+        const raw = await readFile(join(this.dir, entry), "utf8");
+        out.push(coerceFromDisk(JSON.parse(raw)));
+      } catch {
+        continue;
+      }
+    }
+    return out;
+  }
+  async activeSessionId(activeSignerAddress, nowSec) {
+    const all = await this.list();
+    const needle = activeSignerAddress.toLowerCase();
+    const matches = all.filter(
+      (s) => s.validUntilSec > nowSec && s.signerAddress.toLowerCase() === needle
+    );
+    return matches.length === 1 ? matches[0].sessionId : null;
+  }
 };
+function coerceFromDisk(obj) {
+  if (typeof obj !== "object" || obj === null) throw new Error("snapshot not an object");
+  const o = obj;
+  if (typeof o.sessionId !== "string" || !SESSION_ID_RE2.test(o.sessionId)) {
+    throw new Error("snapshot.sessionId malformed");
+  }
+  if (o.mode !== "scoped") throw new Error('snapshot.mode must be "scoped"');
+  if (typeof o.signerAddress !== "string" || !/^0x[0-9a-fA-F]{40}$/.test(o.signerAddress)) {
+    throw new Error("snapshot.signerAddress malformed");
+  }
+  if (!Array.isArray(o.targetContracts) || !o.targetContracts.every((t) => typeof t === "string" && /^0x[0-9a-fA-F]{40}$/.test(t))) {
+    throw new Error("snapshot.targetContracts malformed");
+  }
+  if (!Array.isArray(o.selectorCaps) || o.selectorCaps.length === 0) {
+    throw new Error("snapshot.selectorCaps malformed");
+  }
+  const caps = [];
+  for (const c of o.selectorCaps) {
+    if (typeof c !== "object" || c === null) throw new Error("selectorCap not an object");
+    const cap = c;
+    if (typeof cap.selector !== "string" || !/^0x[0-9a-fA-F]{8}$/.test(cap.selector)) {
+      throw new Error("selectorCap.selector malformed");
+    }
+    const indexNull = cap.capArgIndex === null;
+    const amountNull = cap.maxAmount === null;
+    if (indexNull !== amountNull) {
+      throw new Error("selectorCap.capArgIndex/maxAmount must both be null or both non-null");
+    }
+    if (!indexNull) {
+      if (typeof cap.capArgIndex !== "number" || !Number.isInteger(cap.capArgIndex) || cap.capArgIndex < 0 || cap.capArgIndex > 31) {
+        throw new Error("selectorCap.capArgIndex must be an integer in [0, 31]");
+      }
+      if (typeof cap.maxAmount !== "string" || !/^(0|[1-9][0-9]{0,77})$/.test(cap.maxAmount)) {
+        throw new Error("selectorCap.maxAmount malformed (length)");
+      }
+      if (BigInt(cap.maxAmount) > UINT256_MAX_LOCAL) {
+        throw new Error("selectorCap.maxAmount exceeds uint256 max");
+      }
+    }
+    caps.push({
+      selector: cap.selector.toLowerCase(),
+      capArgIndex: indexNull ? null : cap.capArgIndex,
+      maxAmount: indexNull ? null : cap.maxAmount
+    });
+  }
+  if (typeof o.validUntilSec !== "number" || o.validUntilSec <= 0) {
+    throw new Error("snapshot.validUntilSec malformed");
+  }
+  if (typeof o.mintedAtSec !== "number" || o.mintedAtSec <= 0) {
+    throw new Error("snapshot.mintedAtSec malformed");
+  }
+  if (o.consentActionHash !== void 0) {
+    if (typeof o.consentActionHash !== "string" || !/^0x[0-9a-fA-F]{64}$/.test(o.consentActionHash)) {
+      throw new Error("snapshot.consentActionHash malformed");
+    }
+  }
+  if (o.consentTextSha256 !== void 0) {
+    if (typeof o.consentTextSha256 !== "string" || !/^0x[0-9a-fA-F]{64}$/.test(o.consentTextSha256)) {
+      throw new Error("snapshot.consentTextSha256 malformed");
+    }
+  }
+  if (o.permissionId !== void 0) {
+    if (typeof o.permissionId !== "string" || !/^0x[0-9a-fA-F]{8}$/.test(o.permissionId)) {
+      throw new Error("snapshot.permissionId malformed (must be 0x-prefixed 4-byte hex)");
+    }
+  }
+  return {
+    sessionId: o.sessionId,
+    mode: "scoped",
+    signerAddress: o.signerAddress.toLowerCase(),
+    targetContracts: o.targetContracts.map(
+      (t) => t.toLowerCase()
+    ),
+    selectorCaps: caps,
+    validUntilSec: o.validUntilSec,
+    mintedAtSec: o.mintedAtSec,
+    ...o.consentActionHash === void 0 ? {} : { consentActionHash: o.consentActionHash.toLowerCase() },
+    ...o.consentTextSha256 === void 0 ? {} : { consentTextSha256: o.consentTextSha256.toLowerCase() },
+    ...o.permissionId === void 0 ? {} : { permissionId: o.permissionId.toLowerCase() }
+  };
+}
+function asMessage2(err) {
+  return err instanceof Error ? err.message : String(err);
+}
+function decodeUint256ArgAt(callDataHex, wordIndex) {
+  if (!Number.isInteger(wordIndex) || wordIndex < 0) {
+    throw new Error(`wordIndex must be a non-negative integer (got ${wordIndex})`);
+  }
+  const requiredLen = 2 + 8 + (wordIndex + 1) * 64;
+  if (callDataHex.length < requiredLen) {
+    throw new Error(
+      `callData length ${callDataHex.length} too short to carry word ${wordIndex} (need \u2265${requiredLen} chars)`
+    );
+  }
+  const wordStart = 2 + 8 + wordIndex * 64;
+  const argHex = callDataHex.slice(wordStart, wordStart + 64);
+  return BigInt(`0x${argHex}`);
+}
+function selectorOf(callDataHex) {
+  return callDataHex.slice(0, 10).toLowerCase();
+}
+function checkPolicy(input) {
+  const { snapshot, innerCall, activeSigner, nowSec } = input;
+  if (snapshot.validUntilSec <= nowSec) {
+    return {
+      ok: false,
+      code: "scope_violation",
+      message: `snapshot ${snapshot.sessionId} expired at ${snapshot.validUntilSec} (now ${nowSec})`
+    };
+  }
+  if (snapshot.signerAddress.toLowerCase() !== activeSigner.toLowerCase()) {
+    return {
+      ok: false,
+      code: "policy_violation",
+      message: `snapshot ${snapshot.sessionId} bound to signer ${snapshot.signerAddress}, broker active signer is ${activeSigner}`
+    };
+  }
+  const targetLower = innerCall.target.toLowerCase();
+  const targetMatch = snapshot.targetContracts.some((t) => t === targetLower);
+  if (!targetMatch) {
+    return {
+      ok: false,
+      code: "policy_violation",
+      message: `target ${innerCall.target} not in allowlist for session ${snapshot.sessionId}`
+    };
+  }
+  const selector = selectorOf(innerCall.callData);
+  const rule = snapshot.selectorCaps.find((c) => c.selector === selector);
+  if (!rule) {
+    return {
+      ok: false,
+      code: "policy_violation",
+      message: `selector ${selector} not in selectorCaps for session ${snapshot.sessionId}`
+    };
+  }
+  if (rule.capArgIndex !== null && rule.maxAmount !== null) {
+    let argValue;
+    try {
+      argValue = decodeUint256ArgAt(innerCall.callData, rule.capArgIndex);
+    } catch (err) {
+      return {
+        ok: false,
+        code: "policy_violation",
+        message: `callData decode failed at wordIndex ${rule.capArgIndex}: ${asMessage2(err)}`
+      };
+    }
+    const cap = BigInt(rule.maxAmount);
+    if (argValue > cap) {
+      return {
+        ok: false,
+        code: "max_spend_exceeded",
+        message: `arg word[${rule.capArgIndex}] = ${argValue} exceeds maxAmount ${cap} for selector ${selector} (session ${snapshot.sessionId})`
+      };
+    }
+  }
+  return { ok: true };
+}
 
 // src/broker/daemon.ts
 var noopLogger = (_e) => {
 };
-async function handleBrokerRequest(req, signer, keystore, nowSec = () => Math.floor(Date.now() / 1e3), options = {}) {
+async function handleBrokerRequest(req, signer, keystore, nowSec = () => Math.floor(Date.now() / 1e3), options = {}, policyStore) {
   switch (req.type) {
     case "hello": {
       let hasJwt = false;
@@ -753,6 +1515,141 @@ async function handleBrokerRequest(req, signer, keystore, nowSec = () => Math.fl
         );
       }
     }
+    case "sign_userop": {
+      if (!policyStore) {
+        return errorResponse(
+          "internal",
+          "broker daemon is not configured with a policy store"
+        );
+      }
+      const now = nowSec();
+      let snapshot;
+      try {
+        snapshot = await policyStore.get(req.sessionId, now);
+      } catch (err) {
+        return errorResponse(
+          "internal",
+          err instanceof Error ? err.message : "policy store read failed"
+        );
+      }
+      if (!snapshot) {
+        return errorResponse(
+          "no_active_snapshot",
+          `no active snapshot for session ${req.sessionId}`
+        );
+      }
+      const check = checkPolicy({
+        snapshot,
+        innerCall: req.innerCall,
+        activeSigner: signer.address,
+        nowSec: now
+      });
+      if (!check.ok) {
+        return errorResponse(check.code, check.message);
+      }
+      try {
+        const signature = await signer.signRawMessage(req.userOpHash);
+        return {
+          type: "sign_userop",
+          signature,
+          signerAddress: signer.address,
+          sessionId: req.sessionId
+        };
+      } catch (err) {
+        if (err instanceof MissingSessionKeyError) {
+          return errorResponse("session_key_unavailable", err.message);
+        }
+        throw err;
+      }
+    }
+    case "store_policy_snapshot": {
+      if (!policyStore) {
+        return errorResponse(
+          "internal",
+          "broker daemon is not configured with a policy store"
+        );
+      }
+      try {
+        await policyStore.put(req.snapshot);
+        return {
+          type: "store_policy_snapshot",
+          stored: true,
+          sessionId: req.snapshot.sessionId
+        };
+      } catch (err) {
+        if (err instanceof PolicyStoreError) {
+          return errorResponse("internal", err.message);
+        }
+        return errorResponse(
+          "internal",
+          err instanceof Error ? err.message : "policy store write failed"
+        );
+      }
+    }
+    case "get_policy_snapshot": {
+      if (!policyStore) {
+        return errorResponse(
+          "internal",
+          "broker daemon is not configured with a policy store"
+        );
+      }
+      try {
+        const snapshot = await policyStore.get(req.sessionId, nowSec());
+        return { type: "get_policy_snapshot", snapshot };
+      } catch (err) {
+        if (err instanceof PolicyStoreError) {
+          return errorResponse("internal", err.message);
+        }
+        return errorResponse(
+          "internal",
+          err instanceof Error ? err.message : "policy store read failed"
+        );
+      }
+    }
+    case "clear_policy_snapshot": {
+      if (!policyStore) {
+        return errorResponse(
+          "internal",
+          "broker daemon is not configured with a policy store"
+        );
+      }
+      try {
+        await policyStore.delete(req.sessionId);
+        return {
+          type: "clear_policy_snapshot",
+          cleared: true,
+          sessionId: req.sessionId
+        };
+      } catch (err) {
+        if (err instanceof PolicyStoreError) {
+          return errorResponse("internal", err.message);
+        }
+        return errorResponse(
+          "internal",
+          err instanceof Error ? err.message : "policy store clear failed"
+        );
+      }
+    }
+    case "get_active_session_id": {
+      if (!policyStore) {
+        return errorResponse(
+          "internal",
+          "broker daemon is not configured with a policy store"
+        );
+      }
+      try {
+        const sessionId = await policyStore.activeSessionId(signer.address, nowSec());
+        return { type: "get_active_session_id", sessionId };
+      } catch (err) {
+        if (err instanceof PolicyStoreError) {
+          return errorResponse("internal", err.message);
+        }
+        return errorResponse(
+          "internal",
+          err instanceof Error ? err.message : "policy store enumerate failed"
+        );
+      }
+    }
   }
 }
 function errorResponse(code, message) {
@@ -782,6 +1679,7 @@ var BrokerDaemon = class {
   log;
   config;
   keystore;
+  policyStore;
   /**
    * Whether a session-key private half is actually loaded. `false` =
    * daemon booted in read-only posture (no `MUHAVEN_BROKER_SESSION_KEY`
@@ -801,6 +1699,7 @@ var BrokerDaemon = class {
       this.hasSessionKey = false;
     }
     this.keystore = options.keystore ?? null;
+    this.policyStore = options.policyStore ?? new FilePolicyStore(FilePolicyStore.defaultDir());
     this.log = options.logger ?? noopLogger;
     this.server = createServer((socket) => this.onConnection(socket));
   }
@@ -816,6 +1715,7 @@ var BrokerDaemon = class {
         });
       }
     }
+    if (this.policyStore.init) await this.policyStore.init();
     await prepareEndpoint(this.config.endpoint);
     await new Promise((resolve, reject) => {
       const onError = (err) => {
@@ -931,7 +1831,8 @@ var BrokerDaemon = class {
             dashboardBaseUrl: this.config.dashboardBaseUrl
           },
           pid: process.pid
-        }
+        },
+        this.policyStore
       );
       socket.end(serializeResponse(res));
     } catch (err) {
@@ -1812,6 +2713,48 @@ async function runDoctor() {
       print(`Daemon backend URL: ${h.effectiveConfig.backendBaseUrl}`);
       print(`Daemon dashboard  : ${h.effectiveConfig.dashboardBaseUrl}`);
     }
+    if (h.hasJwt) {
+      try {
+        const jwtRes = await broker.getJwt();
+        if (!jwtRes.jwt) {
+          print(`JWT inspection    : daemon protocol violation \u2014 hello.hasJwt=true but get_jwt returned null; run \`muhaven-broker logout && muhaven-broker login\` to reset keystore`);
+        } else {
+          const decoded = decodeJwtPayload(jwtRes.jwt);
+          print(`JWT subject       : ${truncateSubject(decoded.sub)}  (unverified \u2014 backend re-validates on every API call)`);
+          if (decoded.scope.length === 0) {
+            print(`JWT scope         : (none \u2014 legacy SIWE token; all-scopes for back-compat)`);
+          } else {
+            const SCOPE_CAP = 20;
+            const displayed = decoded.scope.slice(0, SCOPE_CAP).map((s) => sanitizeClaimForTerminal(s, 80));
+            const overflow = decoded.scope.length > SCOPE_CAP ? ` (+${decoded.scope.length - SCOPE_CAP} more, suppressed)` : "";
+            print(`JWT scope         : ${displayed.join(", ")}${overflow}`);
+          }
+          if (decoded.iss !== null) {
+            print(`JWT issuer        : ${sanitizeClaimForTerminal(decoded.iss, 80)}`);
+          }
+          if (decoded.expSec !== null) {
+            const nowSec = Math.floor(Date.now() / 1e3);
+            const remainingSec = decoded.expSec - nowSec;
+            const expiresAt = new Date(decoded.expSec * 1e3).toISOString();
+            if (remainingSec <= 0) {
+              print(`JWT expires       : ${expiresAt} (EXPIRED \u2014 run \`muhaven-broker login\` to refresh)`);
+            } else {
+              const remainingHr = Math.floor(remainingSec / 3600);
+              const remainingMin = Math.floor(remainingSec % 3600 / 60);
+              print(`JWT expires       : ${expiresAt} (in ${remainingHr}h${remainingMin}m)`);
+            }
+          }
+        }
+      } catch (err) {
+        if (err instanceof JwtDecodeError) {
+          print(`JWT inspection    : FAILED (${err.code}: ${err.message}) \u2014 JWT is in keystore but malformed; run \`muhaven-broker logout && login\` to refresh`);
+        } else {
+          const errName = err instanceof Error ? err.constructor?.name ?? "Error" : "unknown";
+          const errMsg = err instanceof Error ? err.message : String(err);
+          print(`JWT inspection    : FAILED (${errName}: ${errMsg})`);
+        }
+      }
+    }
     return 0;
   } catch (err) {
     print(`Broker daemon     : NOT reachable (${err.message})`);
@@ -1842,7 +2785,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.2.1";
+    return "0.2.3";
   }
 }
 function printVersion() {