@muhaven/mcp 0.2.4 → 0.2.6

package/CHANGELOG.md

@@ -7,6 +7,88 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.6] — 2026-05-23
+
+### Fixed
+
+- **`PLACEHOLDER_SIGNATURE` uses exact `@zerodev/sdk::DUMMY_ECDSA_SIG`
+  bytes** — NOT random `0xfe`-filled high-entropy bytes (the 0.2.5
+  regression). Per `@zerodev/permissions::toPermissionValidator.js`,
+  the canonical stub signature for paymaster simulation is:
+
+      concat(["0xff", signer.getDummySignature()])
+            ↓                ↓
+      "use root permission"  DUMMY_ECDSA_SIG = "0xfffffff...7aa...aaa...1c"
+
+  The DUMMY_ECDSA_SIG is a CRAFTED 65-byte pattern (r is high-end of
+  secp256k1's field, s is `7aa...aaa`, v is `0x1c`) that the
+  PermissionValidator's `validateUserOp` simulation path recognizes
+  as a stub and skips real ecrecover. 0.2.5 had the right length (66
+  bytes) and the right `0xff` prefix, but filled the trailing 65
+  bytes with random `0xfe` — the validator ecrecovers them as if
+  real, gets a garbage address that doesn't match the bound session-
+  key, reverts with `AA23` → paymaster returns rpc_error → MCP maps
+  to `paymaster_rejected`.
+
+  The new `pathDFallbackDetail` echo (0.2.5) made this trivially
+  diagnosable on the very next smoke iteration — the surfaced
+  message was `zd_sponsorUserOperation → HTTP 400 → AA23 reverted`
+  which pinned the validator-revert layer.
+
+  Verified 2026-05-23 against `@zerodev/sdk@5.5.10`'s
+  `_cjs/constants.js::DUMMY_ECDSA_SIG` and
+  `@zerodev/permissions/_cjs/toPermissionValidator.js::getStubSignature`.
+
+  Regression tests pin: byte length (66), `0xff` prefix, trailing
+  65-byte byte-for-byte match against DUMMY_ECDSA_SIG, v=0x1c,
+  s-component magic pattern (rejecting the 0.2.5 `0xfe`-filled
+  shape).
+
+## [0.2.5] — 2026-05-23
+
+### Fixed
+
+- **`PLACEHOLDER_SIGNATURE` size 86 bytes → 66 bytes** to match the
+  real Kernel v3.1 PermissionValidator signature shape that
+  `buildKernelSessionKeySignature` produces:
+
+      byte 0       — 0xff (PermissionValidator "use root permission" sentinel)
+      bytes 1..65  — 65-byte ECDSA
+      = 66 bytes total
+
+  Pre-0.2.5 the placeholder was 86 bytes — the OLD enable-mode shape
+  (1 byte prefix + 20 bytes validator + 65 bytes ECDSA). The paymaster
+  simulated the validator with the wrong-length signature, the
+  validator reverted with `AA23 reverted`, and
+  `zd_sponsorUserOperation` returned rpc_error → MCP mapped to
+  `paymaster_rejected`. This is the load-bearing piece that 0.2.4 did
+  NOT close.
+
+### Added
+
+- **`pathDFallbackDetail` in the `muhaven.position.buy` echo.** Every
+  Path D fallback (`bundler_setup_failed`, `paymaster_rejected`,
+  `encrypt_shares_server_error`, etc.) now carries the underlying
+  error message in addition to the structured reason code. Pre-0.2.5
+  the message was dropped → every new gate required curl repro to
+  find the actual error class (cost ~2 publish cycles during the
+  2026-05-23 smoke). Future fallback iterations are self-diagnosing.
+  Untrusted-network input (bundler RPC error messages) is sanitized
+  server-side before crossing into the echo (existing
+  `sanitizeRpcMessageForLlmContext` boundary).
+
+### Changed
+
+- **`DEFAULT_REQUEST_TIMEOUT_MS` 15s → 75s.** The cold-start FHE
+  encrypt at `/api/v1/agent/path-d/encrypt-shares` costs ~25s on
+  first call after fhe-worker container boot (CoFHE verifier-
+  signature handshake). The 15s default cut the MCP-side fetch
+  before the backend's reply arrived → spurious
+  `encrypt_shares_server_error`. Operators on warm setups can
+  tighten via `MUHAVEN_REQUEST_TIMEOUT_MS`. Subsequent encrypts
+  after warm-up are sub-second; the 75s ceiling is defensive
+  headroom, not steady-state latency.
+
 ## [0.2.4] — 2026-05-23
 
 ### Fixed

package/dist/broker.cjs

@@ -10,7 +10,7 @@ var crypto = require('crypto');
 
 var DEFAULT_BACKEND_URL = "https://api.muhaven.app";
 var DEFAULT_DASHBOARD_URL = "https://muhaven.app";
-var DEFAULT_REQUEST_TIMEOUT_MS = 15e3;
+var DEFAULT_REQUEST_TIMEOUT_MS = 75e3;
 var DEFAULT_BROKER_TIMEOUT_MS = 5e3;
 var DEFAULT_BROKER_MAX_BYTES = 64 * 1024;
 var DEFAULT_JWT_CACHE_TTL_SEC = 30;
@@ -2783,7 +2783,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.2.4";
+    return "0.2.6";
   }
 }
 function printVersion() {

package/dist/broker.js

@@ -12,7 +12,7 @@ var getDirname = () => path.dirname(getFilename());
 var __dirname$1 = /* @__PURE__ */ getDirname();
 var DEFAULT_BACKEND_URL = "https://api.muhaven.app";
 var DEFAULT_DASHBOARD_URL = "https://muhaven.app";
-var DEFAULT_REQUEST_TIMEOUT_MS = 15e3;
+var DEFAULT_REQUEST_TIMEOUT_MS = 75e3;
 var DEFAULT_BROKER_TIMEOUT_MS = 5e3;
 var DEFAULT_BROKER_MAX_BYTES = 64 * 1024;
 var DEFAULT_JWT_CACHE_TTL_SEC = 30;
@@ -2785,7 +2785,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.2.4";
+    return "0.2.6";
   }
 }
 function printVersion() {

package/dist/index.cjs

@@ -22,7 +22,7 @@ var getImportMetaUrl = () => typeof document === "undefined" ? new URL(`file:${_
 var importMetaUrl = /* @__PURE__ */ getImportMetaUrl();
 var DEFAULT_BACKEND_URL = "https://api.muhaven.app";
 var DEFAULT_DASHBOARD_URL = "https://muhaven.app";
-var DEFAULT_REQUEST_TIMEOUT_MS = 15e3;
+var DEFAULT_REQUEST_TIMEOUT_MS = 75e3;
 var DEFAULT_BROKER_TIMEOUT_MS = 5e3;
 var DEFAULT_BROKER_MAX_BYTES = 64 * 1024;
 var DEFAULT_JWT_CACHE_TTL_SEC = 30;
@@ -1923,7 +1923,8 @@ var SUBSCRIPTION_PURCHASE_SELECTOR = viem.toFunctionSelector(
 var SUBSCRIPTION_PURCHASE_ABI = viem.parseAbi([
   "function purchase(address token, (uint256 ctHash, uint8 securityZone, uint8 utype, bytes signature) encShares, uint128 maxSharesHint, address ephemeralEOA)"
 ]);
-var PLACEHOLDER_SIGNATURE = "0x" + "fe".repeat(86);
+var ZERODEV_DUMMY_ECDSA_SIG = "0xfffffffffffffffffffffffffffffff0000000000000000000000000000000007aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa1c";
+var PLACEHOLDER_SIGNATURE = `0xff${ZERODEV_DUMMY_ECDSA_SIG.slice(2)}`;
 function ok(data) {
   return { ok: true, data };
 }
@@ -2667,6 +2668,7 @@ async function positionBuy(input, deps) {
   const navDisplay = formatUsd6AsDecimal(navUsd6);
   const sharesStr = shares.toString();
   let pathDFallbackReason;
+  let pathDFallbackDetail;
   let pathDSubmittedUserOpHash;
   const pathD = await attemptPathD(
     { shares, tokenAddress: token.address, tokenSymbol: token.symbol },
@@ -2677,6 +2679,7 @@ async function positionBuy(input, deps) {
   }
   if (pathD.kind === "fallback") {
     pathDFallbackReason = pathD.reason;
+    pathDFallbackDetail = pathD.message;
     if (pathD.submittedUserOpHash) {
       pathDSubmittedUserOpHash = pathD.submittedUserOpHash;
     }
@@ -2702,6 +2705,7 @@ ${dashboardUrl}`,
       effectiveNotionalUsd6: effectiveNotionalUsd6.toString(),
       navUsd6: navUsd6.toString(),
       ...pathDFallbackReason ? { pathDFallbackReason } : {},
+      ...pathDFallbackDetail ? { pathDFallbackDetail } : {},
       ...pathDSubmittedUserOpHash ? { pathDSubmittedUserOpHash } : {}
     }
   });
@@ -3053,7 +3057,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.2.4";
+    return "0.2.6";
   }
 }
 function toJsonInputSchema(schema) {

package/dist/index.js

@@ -18,7 +18,7 @@ import { privateKeyToAccount } from 'viem/accounts';
 // src/server.ts
 var DEFAULT_BACKEND_URL = "https://api.muhaven.app";
 var DEFAULT_DASHBOARD_URL = "https://muhaven.app";
-var DEFAULT_REQUEST_TIMEOUT_MS = 15e3;
+var DEFAULT_REQUEST_TIMEOUT_MS = 75e3;
 var DEFAULT_BROKER_TIMEOUT_MS = 5e3;
 var DEFAULT_BROKER_MAX_BYTES = 64 * 1024;
 var DEFAULT_JWT_CACHE_TTL_SEC = 30;
@@ -1919,7 +1919,8 @@ var SUBSCRIPTION_PURCHASE_SELECTOR = toFunctionSelector(
 var SUBSCRIPTION_PURCHASE_ABI = parseAbi([
   "function purchase(address token, (uint256 ctHash, uint8 securityZone, uint8 utype, bytes signature) encShares, uint128 maxSharesHint, address ephemeralEOA)"
 ]);
-var PLACEHOLDER_SIGNATURE = "0x" + "fe".repeat(86);
+var ZERODEV_DUMMY_ECDSA_SIG = "0xfffffffffffffffffffffffffffffff0000000000000000000000000000000007aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa1c";
+var PLACEHOLDER_SIGNATURE = `0xff${ZERODEV_DUMMY_ECDSA_SIG.slice(2)}`;
 function ok(data) {
   return { ok: true, data };
 }
@@ -2663,6 +2664,7 @@ async function positionBuy(input, deps) {
   const navDisplay = formatUsd6AsDecimal(navUsd6);
   const sharesStr = shares.toString();
   let pathDFallbackReason;
+  let pathDFallbackDetail;
   let pathDSubmittedUserOpHash;
   const pathD = await attemptPathD(
     { shares, tokenAddress: token.address, tokenSymbol: token.symbol },
@@ -2673,6 +2675,7 @@ async function positionBuy(input, deps) {
   }
   if (pathD.kind === "fallback") {
     pathDFallbackReason = pathD.reason;
+    pathDFallbackDetail = pathD.message;
     if (pathD.submittedUserOpHash) {
       pathDSubmittedUserOpHash = pathD.submittedUserOpHash;
     }
@@ -2698,6 +2701,7 @@ ${dashboardUrl}`,
       effectiveNotionalUsd6: effectiveNotionalUsd6.toString(),
       navUsd6: navUsd6.toString(),
       ...pathDFallbackReason ? { pathDFallbackReason } : {},
+      ...pathDFallbackDetail ? { pathDFallbackDetail } : {},
       ...pathDSubmittedUserOpHash ? { pathDSubmittedUserOpHash } : {}
     }
   });
@@ -3049,7 +3053,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.2.4";
+    return "0.2.6";
   }
 }
 function toJsonInputSchema(schema) {

package/manifest.json

@@ -3,7 +3,7 @@
   "manifest_version": "0.2",
   "name": "muhaven-mcp",
   "display_name": "MuHaven (RWA portfolio)",
-  "version": "0.2.4",
+  "version": "0.2.6",
   "description": "Confidential RWA portfolio management on Fhenix CoFHE. Read your encrypted balances, propose yield claims and policy changes — all signing happens in a sibling broker daemon, the LLM never sees your private key.",
   "long_description": "MuHaven MCP exposes 24 tools across read.* / position.* / policy.* / issuer.* / governance.* groups for managing real-world asset (RWA) tokens with FHE-encrypted balances. Authentication uses a one-time device-code ceremony (run `muhaven-broker login`); subsequent tool calls fetch the JWT from the broker over a Unix socket. Position / governance tools deep-link to the dashboard for passkey signing — they NEVER auto-submit to a bundler. The companion `muhaven-broker` daemon must be running before tools can be invoked. See README for setup.",
   "author": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@muhaven/mcp",
-  "version": "0.2.4",
+  "version": "0.2.6",
   "description": "MuHaven MCP server — read/position/policy toolsets bridging Claude Desktop / Cursor / Claude Code to the MuHaven backend, with a sibling muhaven-broker daemon holding the session-key private half over a local IPC socket",
   "type": "module",
   "repository": {