@muhaven/mcp 0.2.2 → 0.2.4

package/CHANGELOG.md

@@ -7,6 +7,62 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.4] — 2026-05-23
+
+### Fixed
+
+- **Paymaster RPC method + param shape**:
+  `pm_sponsorUserOperation` → `zd_sponsorUserOperation`. ZeroDev v3
+  endpoints route paymaster RPCs through Alchemy infrastructure, which
+  exposes only ERC-7677 (`pm_getPaymasterStubData` / `pm_getPaymasterData`)
+  and ZeroDev-prefixed (`zd_sponsorUserOperation`) — the legacy
+  `pm_sponsorUserOperation` returns `"Unsupported method"` from
+  Alchemy. The MCP server's `attemptPathD` failed at
+  `pathDFallbackReason: paymaster_rejected` on every Path D autonomous
+  buy. Fix: switch method name + change request shape from positional
+  `[userOp, entryPoint]` to wrapped
+  `[{chainId, userOp, entryPointAddress, shouldOverrideFee, shouldConsume}]`.
+  Matches `@zerodev/sdk@5.5.10`'s `paymaster/sponsorUserOperation.js`
+  byte-for-byte. Verified 2026-05-23 via direct curl reproduction
+  against the prod bundler URL (bare → "Unsupported method"; correct
+  shape → simulation result with AA23 from synthetic UserOp, proving
+  the method works).
+
+  `sponsorUserOp` now requires `expectedChainId` in `BundlerClientOptions`
+  (throws `BundlerClientError(config)` when missing) — the chainId is
+  part of the request envelope. Defaults conservative placeholder gas
+  limits on the userOp when the caller omits them (ZeroDev's Zod
+  validator requires the gas fields in the request even though
+  simulation recomputes them).
+
+  Added 3 regression tests pinning the new method name, the wrapped
+  envelope, the gas-default behaviour + a `config`-error case when
+  expectedChainId is missing.
+
+## [0.2.3] — 2026-05-23
+
+### Fixed
+
+- **`BundlerClient` now sends an `Origin` header on every RPC.** ZeroDev
+  bundler URLs gate access via an IP+domain allowlist; browser requests
+  from `https://muhaven.app` pass because the project's allowlist
+  accepts that domain, but Node `fetch` (the MCP server's transport)
+  sends no `Origin` by default and so hit a `403 "Neither IP nor domain
+  is on the allowlist"` on every `eth_call` / `eth_gasPrice`. The MCP
+  server then surfaced this as `pathDFallbackReason:
+  bundler_setup_failed` and degraded to Path C. Fix: stamp `Origin:
+  <MUHAVEN_DASHBOARD_URL>` on every bundler RPC (defaults to
+  `https://muhaven.app`, threaded through from
+  `buildMcpServer({ dashboardBaseUrl })`). Mirrors how ethers.js + viem
+  stamp default Origins against EVM RPC providers; surfaces a single
+  knob (`MUHAVEN_DASHBOARD_URL`) for operators on a custom domain.
+  Diagnosed 2026-05-23 via direct curl reproduction (bare → 403; with
+  `Origin: https://muhaven.app` → `result: 0x66eee`).
+
+  Added 3 regression tests pinning the contract (Origin sent when set;
+  omitted when undefined; omitted when explicitly empty for test
+  injection).
+
 ## [0.2.2] — 2026-05-23
 
 ### Fixed

package/dist/broker.cjs

@@ -2783,7 +2783,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.2.2";
+    return "0.2.4";
   }
 }
 function printVersion() {

package/dist/broker.js

@@ -2785,7 +2785,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.2.2";
+    return "0.2.4";
   }
 }
 function printVersion() {

package/dist/index.cjs

@@ -1071,7 +1071,28 @@ var BundlerClient = class {
    * `estimateUserOpGas` round-trip on the happy path).
    */
   async sponsorUserOp(userOp, entryPoint) {
-    const result = await this.rpc("pm_sponsorUserOperation", [userOp, entryPoint]);
+    if (this.options.expectedChainId === void 0) {
+      throw new BundlerClientError(
+        "config",
+        "sponsorUserOp requires expectedChainId in BundlerClientOptions \u2014 ZeroDev paymaster needs it in the request envelope"
+      );
+    }
+    const userOpWithGas = {
+      ...userOp,
+      callGasLimit: userOp.callGasLimit ?? "0x100000",
+      // 1_048_576
+      verificationGasLimit: userOp.verificationGasLimit ?? "0x100000",
+      preVerificationGas: userOp.preVerificationGas ?? "0x100000"
+    };
+    const result = await this.rpc("zd_sponsorUserOperation", [
+      {
+        chainId: this.options.expectedChainId,
+        userOp: userOpWithGas,
+        entryPointAddress: entryPoint,
+        shouldOverrideFee: false,
+        shouldConsume: true
+      }
+    ]);
     return parseSponsoredFields(result);
   }
   /**
@@ -1194,9 +1215,16 @@ var BundlerClient = class {
     const timer = setTimeout(() => ctrl.abort(), this.options.requestTimeoutMs);
     let res;
     try {
+      const headers = {
+        "content-type": "application/json",
+        accept: "application/json"
+      };
+      if (this.options.originHeader) {
+        headers["origin"] = this.options.originHeader;
+      }
       res = await this.fetchImpl(this.options.endpoint, {
         method: "POST",
-        headers: { "content-type": "application/json", accept: "application/json" },
+        headers,
         body,
         signal: ctrl.signal
       });
@@ -3025,7 +3053,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.2.2";
+    return "0.2.4";
   }
 }
 function toJsonInputSchema(schema) {
@@ -3166,7 +3194,13 @@ async function runMcpStdioCli(opts = {}) {
   const bundler = config.bundlerUrl ? new BundlerClient({
     endpoint: config.bundlerUrl,
     requestTimeoutMs: config.bundlerTimeoutMs,
-    expectedChainId: config.chainId
+    expectedChainId: config.chainId,
+    // Wave 5 Path D 0.2.3 — Origin defaults to the dashboard URL
+    // so ZeroDev's domain-allowlist accepts the MCP server's RPC
+    // traffic. The dashboard URL is the natural match because it's
+    // also the SIWE / passkey origin the project already trusts
+    // for browser-side traffic.
+    originHeader: config.dashboardBaseUrl
   }) : void 0;
   const baseRegistry = selectRegistry(config.readOnly);
   const registry = opts.filterRegistry ? opts.filterRegistry(baseRegistry) : baseRegistry;

package/dist/index.d.cts

@@ -708,6 +708,17 @@ interface PartialUserOpForSponsorship {
     readonly maxPriorityFeePerGas: `0x${string}`;
     /** Worst-case placeholder so paymaster simulates realistic gas. */
     readonly signature: `0x${string}`;
+    /**
+     * Optional pre-estimated gas fields. ZeroDev's `zd_sponsorUserOperation`
+     * does its own simulation + recomputes these in the response, so
+     * passing placeholders is OK — but the upstream Zod validator
+     * REQUIRES the fields to be present. `sponsorUserOp` defaults them
+     * to safe placeholders when omitted (the response carries the real
+     * values for the caller to use).
+     */
+    readonly callGasLimit?: `0x${string}`;
+    readonly verificationGasLimit?: `0x${string}`;
+    readonly preVerificationGas?: `0x${string}`;
 }
 interface SponsoredUserOpFields {
     readonly paymaster: `0x${string}`;
@@ -753,6 +764,24 @@ interface BundlerClientOptions {
     /** Expected chain id (Arb Sepolia = 421614). When set, `assertChainId()`
      *  refuses to proceed if the bundler reports a different chain. */
     readonly expectedChainId?: number;
+    /**
+     * Wave 5 Path D 0.2.3 — `Origin` header sent on every bundler RPC.
+     *
+     * Why: ZeroDev's bundler URLs gate access via an IP+domain allowlist.
+     * Browser requests from `https://muhaven.app` pass because the
+     * project's allowlist includes that domain; Node `fetch` (the MCP
+     * server's transport) sends no `Origin` header by default and so
+     * hits a 403 "Neither IP nor domain is on the allowlist". Sending
+     * an `Origin` matching the project's allowlisted domain unblocks
+     * the MCP server without requiring an operator-side ZeroDev
+     * dashboard edit. Mirrors how ethers.js + viem's HTTP transports
+     * stamp a default `Origin` against EVM RPC providers.
+     *
+     * Defaults to `https://muhaven.app` at the call site
+     * (`server.ts::buildMcpServer`) — operators on a custom dashboard
+     * URL override via `MUHAVEN_DASHBOARD_URL`.
+     */
+    readonly originHeader?: string;
     /** Inject for tests. */
     readonly fetchImpl?: typeof fetch;
 }

package/dist/index.d.ts

@@ -708,6 +708,17 @@ interface PartialUserOpForSponsorship {
     readonly maxPriorityFeePerGas: `0x${string}`;
     /** Worst-case placeholder so paymaster simulates realistic gas. */
     readonly signature: `0x${string}`;
+    /**
+     * Optional pre-estimated gas fields. ZeroDev's `zd_sponsorUserOperation`
+     * does its own simulation + recomputes these in the response, so
+     * passing placeholders is OK — but the upstream Zod validator
+     * REQUIRES the fields to be present. `sponsorUserOp` defaults them
+     * to safe placeholders when omitted (the response carries the real
+     * values for the caller to use).
+     */
+    readonly callGasLimit?: `0x${string}`;
+    readonly verificationGasLimit?: `0x${string}`;
+    readonly preVerificationGas?: `0x${string}`;
 }
 interface SponsoredUserOpFields {
     readonly paymaster: `0x${string}`;
@@ -753,6 +764,24 @@ interface BundlerClientOptions {
     /** Expected chain id (Arb Sepolia = 421614). When set, `assertChainId()`
      *  refuses to proceed if the bundler reports a different chain. */
     readonly expectedChainId?: number;
+    /**
+     * Wave 5 Path D 0.2.3 — `Origin` header sent on every bundler RPC.
+     *
+     * Why: ZeroDev's bundler URLs gate access via an IP+domain allowlist.
+     * Browser requests from `https://muhaven.app` pass because the
+     * project's allowlist includes that domain; Node `fetch` (the MCP
+     * server's transport) sends no `Origin` header by default and so
+     * hits a 403 "Neither IP nor domain is on the allowlist". Sending
+     * an `Origin` matching the project's allowlisted domain unblocks
+     * the MCP server without requiring an operator-side ZeroDev
+     * dashboard edit. Mirrors how ethers.js + viem's HTTP transports
+     * stamp a default `Origin` against EVM RPC providers.
+     *
+     * Defaults to `https://muhaven.app` at the call site
+     * (`server.ts::buildMcpServer`) — operators on a custom dashboard
+     * URL override via `MUHAVEN_DASHBOARD_URL`.
+     */
+    readonly originHeader?: string;
     /** Inject for tests. */
     readonly fetchImpl?: typeof fetch;
 }

package/dist/index.js

@@ -1067,7 +1067,28 @@ var BundlerClient = class {
    * `estimateUserOpGas` round-trip on the happy path).
    */
   async sponsorUserOp(userOp, entryPoint) {
-    const result = await this.rpc("pm_sponsorUserOperation", [userOp, entryPoint]);
+    if (this.options.expectedChainId === void 0) {
+      throw new BundlerClientError(
+        "config",
+        "sponsorUserOp requires expectedChainId in BundlerClientOptions \u2014 ZeroDev paymaster needs it in the request envelope"
+      );
+    }
+    const userOpWithGas = {
+      ...userOp,
+      callGasLimit: userOp.callGasLimit ?? "0x100000",
+      // 1_048_576
+      verificationGasLimit: userOp.verificationGasLimit ?? "0x100000",
+      preVerificationGas: userOp.preVerificationGas ?? "0x100000"
+    };
+    const result = await this.rpc("zd_sponsorUserOperation", [
+      {
+        chainId: this.options.expectedChainId,
+        userOp: userOpWithGas,
+        entryPointAddress: entryPoint,
+        shouldOverrideFee: false,
+        shouldConsume: true
+      }
+    ]);
     return parseSponsoredFields(result);
   }
   /**
@@ -1190,9 +1211,16 @@ var BundlerClient = class {
     const timer = setTimeout(() => ctrl.abort(), this.options.requestTimeoutMs);
     let res;
     try {
+      const headers = {
+        "content-type": "application/json",
+        accept: "application/json"
+      };
+      if (this.options.originHeader) {
+        headers["origin"] = this.options.originHeader;
+      }
       res = await this.fetchImpl(this.options.endpoint, {
         method: "POST",
-        headers: { "content-type": "application/json", accept: "application/json" },
+        headers,
         body,
         signal: ctrl.signal
       });
@@ -3021,7 +3049,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.2.2";
+    return "0.2.4";
   }
 }
 function toJsonInputSchema(schema) {
@@ -3162,7 +3190,13 @@ async function runMcpStdioCli(opts = {}) {
   const bundler = config.bundlerUrl ? new BundlerClient({
     endpoint: config.bundlerUrl,
     requestTimeoutMs: config.bundlerTimeoutMs,
-    expectedChainId: config.chainId
+    expectedChainId: config.chainId,
+    // Wave 5 Path D 0.2.3 — Origin defaults to the dashboard URL
+    // so ZeroDev's domain-allowlist accepts the MCP server's RPC
+    // traffic. The dashboard URL is the natural match because it's
+    // also the SIWE / passkey origin the project already trusts
+    // for browser-side traffic.
+    originHeader: config.dashboardBaseUrl
   }) : void 0;
   const baseRegistry = selectRegistry(config.readOnly);
   const registry = opts.filterRegistry ? opts.filterRegistry(baseRegistry) : baseRegistry;

package/manifest.json

@@ -3,7 +3,7 @@
   "manifest_version": "0.2",
   "name": "muhaven-mcp",
   "display_name": "MuHaven (RWA portfolio)",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "description": "Confidential RWA portfolio management on Fhenix CoFHE. Read your encrypted balances, propose yield claims and policy changes — all signing happens in a sibling broker daemon, the LLM never sees your private key.",
   "long_description": "MuHaven MCP exposes 24 tools across read.* / position.* / policy.* / issuer.* / governance.* groups for managing real-world asset (RWA) tokens with FHE-encrypted balances. Authentication uses a one-time device-code ceremony (run `muhaven-broker login`); subsequent tool calls fetch the JWT from the broker over a Unix socket. Position / governance tools deep-link to the dashboard for passkey signing — they NEVER auto-submit to a bundler. The companion `muhaven-broker` daemon must be running before tools can be invoked. See README for setup.",
   "author": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@muhaven/mcp",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "description": "MuHaven MCP server — read/position/policy toolsets bridging Claude Desktop / Cursor / Claude Code to the MuHaven backend, with a sibling muhaven-broker daemon holding the session-key private half over a local IPC socket",
   "type": "module",
   "repository": {