@muhaven/mcp 0.2.6 → 0.2.7

package/CHANGELOG.md

@@ -7,6 +7,40 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.7] — 2026-05-23
+
+### Added
+
+- **Startup banner (always on).** `runMcpStdioCli` writes one stderr
+  line at boot with the running version + verbose mode:
+
+      [muhaven-mcp] starting @muhaven/mcp@0.2.7 (verbose=off)
+
+  Multiple smoke iterations have been ambiguous about whether
+  `npm i -g @muhaven/mcp@<v>` actually updated the global binary
+  picked up by Claude Code (the subprocess only re-spawns on FULL
+  Claude Code restart, not `/mcp reconnect`). One stderr line at boot
+  makes the version mismatch impossible to miss.
+
+- **Verbose paymaster/bundler logging (`MUHAVEN_MCP_VERBOSE=1`).**
+  Gated env var that emits two stderr lines per bundler RPC:
+
+      [muhaven-mcp] [bundler→] zd_sponsorUserOperation id=N body={...}
+      [muhaven-mcp] [bundler←] zd_sponsorUserOperation id=N resp={...}
+
+  Bodies truncated at 2KB; covers happy-path, http_error, timeout,
+  non-JSON, network failures. Add `"MUHAVEN_MCP_VERBOSE": "1"` to the
+  `.mcp.json` env block when triaging a `pathDFallbackReason` —
+  removes the need for curl repro entirely.
+
+### Fixed
+
+- **Stale `pm_sponsorUserOperation` label in the
+  `paymaster_rejected` fallback message** (0.2.4 leftover). The
+  actual method call has been `zd_sponsorUserOperation` since 0.2.4,
+  but the error message label still said `pm_*`. No functional
+  impact — just a confusing log string when the gate fires.
+
 ## [0.2.6] — 2026-05-23
 
 ### Fixed

package/dist/broker.cjs

@@ -2783,7 +2783,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.2.6";
+    return "0.2.7";
   }
 }
 function printVersion() {

package/dist/broker.js

@@ -2785,7 +2785,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.2.6";
+    return "0.2.7";
   }
 }
 function printVersion() {

package/dist/index.cjs

@@ -1211,6 +1211,14 @@ var BundlerClient = class {
   async rpc(method, params) {
     const id = this.nextRpcId++;
     const body = JSON.stringify({ jsonrpc: "2.0", id, method, params });
+    const verbose = process.env.MUHAVEN_MCP_VERBOSE === "1";
+    if (verbose) {
+      const bodyDump = body.length > 2048 ? body.slice(0, 2048) + "\u2026(truncated)" : body;
+      process.stderr.write(
+        `[muhaven-mcp] [bundler\u2192] ${method} id=${id} body=${bodyDump}
+`
+      );
+    }
     const ctrl = new AbortController();
     const timer = setTimeout(() => ctrl.abort(), this.options.requestTimeoutMs);
     let res;
@@ -1231,8 +1239,18 @@ var BundlerClient = class {
     } catch (err2) {
       clearTimeout(timer);
       if (err2.name === "AbortError") {
+        if (verbose) {
+          process.stderr.write(`[muhaven-mcp] [bundler\u2717] ${method} id=${id} timeout
+`);
+        }
         throw new BundlerClientError("timeout", `bundler ${method} timed out`);
       }
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} network err=${err2 instanceof Error ? err2.message : String(err2)}
+`
+        );
+      }
       throw new BundlerClientError(
         "network",
         `bundler ${method} network error: ${err2 instanceof Error ? err2.message : String(err2)}`,
@@ -1247,6 +1265,12 @@ var BundlerClient = class {
         text = (await res.text()).slice(0, 256);
       } catch {
       }
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} HTTP ${res.status} body=${text}
+`
+        );
+      }
       throw new BundlerClientError(
         "http_error",
         `bundler ${method} \u2192 HTTP ${res.status}: ${text}`
@@ -1256,11 +1280,23 @@ var BundlerClient = class {
     try {
       parsed = await res.json();
     } catch (err2) {
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} non-JSON err=${err2 instanceof Error ? err2.message : String(err2)}
+`
+        );
+      }
       throw new BundlerClientError(
         "invalid_response",
         `bundler ${method} returned non-JSON: ${err2 instanceof Error ? err2.message : String(err2)}`
       );
     }
+    if (verbose) {
+      const respDump = JSON.stringify(parsed);
+      const trunc = respDump.length > 2048 ? respDump.slice(0, 2048) + "\u2026(truncated)" : respDump;
+      process.stderr.write(`[muhaven-mcp] [bundler\u2190] ${method} id=${id} resp=${trunc}
+`);
+    }
     if (typeof parsed !== "object" || parsed === null) {
       throw new BundlerClientError(
         "invalid_response",
@@ -2462,7 +2498,7 @@ async function attemptPathD(args, deps) {
     return {
       kind: "fallback",
       reason: "paymaster_rejected",
-      message: `pm_sponsorUserOperation rejected${detail}: ${safeMsg}`
+      message: `zd_sponsorUserOperation rejected${detail}: ${safeMsg}`
     };
   }
   const userOpForHash = {
@@ -3057,7 +3093,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.2.6";
+    return "0.2.7";
   }
 }
 function toJsonInputSchema(schema) {
@@ -3176,6 +3212,10 @@ function toolJsonResponse(payload) {
 }
 async function runMcpStdioCli(opts = {}) {
   const config = loadMcpConfig();
+  process.stderr.write(
+    `[muhaven-mcp] starting @muhaven/mcp@${SERVER_VERSION} (verbose=${process.env.MUHAVEN_MCP_VERBOSE === "1" ? "on" : "off"})
+`
+  );
   const pinned = await loadPinnedToolHashes();
   const verify = verifyToolHashes(pinned);
   if (!verify.ok) {

package/dist/index.js

@@ -1207,6 +1207,14 @@ var BundlerClient = class {
   async rpc(method, params) {
     const id = this.nextRpcId++;
     const body = JSON.stringify({ jsonrpc: "2.0", id, method, params });
+    const verbose = process.env.MUHAVEN_MCP_VERBOSE === "1";
+    if (verbose) {
+      const bodyDump = body.length > 2048 ? body.slice(0, 2048) + "\u2026(truncated)" : body;
+      process.stderr.write(
+        `[muhaven-mcp] [bundler\u2192] ${method} id=${id} body=${bodyDump}
+`
+      );
+    }
     const ctrl = new AbortController();
     const timer = setTimeout(() => ctrl.abort(), this.options.requestTimeoutMs);
     let res;
@@ -1227,8 +1235,18 @@ var BundlerClient = class {
     } catch (err2) {
       clearTimeout(timer);
       if (err2.name === "AbortError") {
+        if (verbose) {
+          process.stderr.write(`[muhaven-mcp] [bundler\u2717] ${method} id=${id} timeout
+`);
+        }
         throw new BundlerClientError("timeout", `bundler ${method} timed out`);
       }
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} network err=${err2 instanceof Error ? err2.message : String(err2)}
+`
+        );
+      }
       throw new BundlerClientError(
         "network",
         `bundler ${method} network error: ${err2 instanceof Error ? err2.message : String(err2)}`,
@@ -1243,6 +1261,12 @@ var BundlerClient = class {
         text = (await res.text()).slice(0, 256);
       } catch {
       }
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} HTTP ${res.status} body=${text}
+`
+        );
+      }
       throw new BundlerClientError(
         "http_error",
         `bundler ${method} \u2192 HTTP ${res.status}: ${text}`
@@ -1252,11 +1276,23 @@ var BundlerClient = class {
     try {
       parsed = await res.json();
     } catch (err2) {
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} non-JSON err=${err2 instanceof Error ? err2.message : String(err2)}
+`
+        );
+      }
       throw new BundlerClientError(
         "invalid_response",
         `bundler ${method} returned non-JSON: ${err2 instanceof Error ? err2.message : String(err2)}`
       );
     }
+    if (verbose) {
+      const respDump = JSON.stringify(parsed);
+      const trunc = respDump.length > 2048 ? respDump.slice(0, 2048) + "\u2026(truncated)" : respDump;
+      process.stderr.write(`[muhaven-mcp] [bundler\u2190] ${method} id=${id} resp=${trunc}
+`);
+    }
     if (typeof parsed !== "object" || parsed === null) {
       throw new BundlerClientError(
         "invalid_response",
@@ -2458,7 +2494,7 @@ async function attemptPathD(args, deps) {
     return {
       kind: "fallback",
       reason: "paymaster_rejected",
-      message: `pm_sponsorUserOperation rejected${detail}: ${safeMsg}`
+      message: `zd_sponsorUserOperation rejected${detail}: ${safeMsg}`
     };
   }
   const userOpForHash = {
@@ -3053,7 +3089,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.2.6";
+    return "0.2.7";
   }
 }
 function toJsonInputSchema(schema) {
@@ -3172,6 +3208,10 @@ function toolJsonResponse(payload) {
 }
 async function runMcpStdioCli(opts = {}) {
   const config = loadMcpConfig();
+  process.stderr.write(
+    `[muhaven-mcp] starting @muhaven/mcp@${SERVER_VERSION} (verbose=${process.env.MUHAVEN_MCP_VERBOSE === "1" ? "on" : "off"})
+`
+  );
   const pinned = await loadPinnedToolHashes();
   const verify = verifyToolHashes(pinned);
   if (!verify.ok) {

package/manifest.json

@@ -3,7 +3,7 @@
   "manifest_version": "0.2",
   "name": "muhaven-mcp",
   "display_name": "MuHaven (RWA portfolio)",
-  "version": "0.2.6",
+  "version": "0.2.7",
   "description": "Confidential RWA portfolio management on Fhenix CoFHE. Read your encrypted balances, propose yield claims and policy changes — all signing happens in a sibling broker daemon, the LLM never sees your private key.",
   "long_description": "MuHaven MCP exposes 24 tools across read.* / position.* / policy.* / issuer.* / governance.* groups for managing real-world asset (RWA) tokens with FHE-encrypted balances. Authentication uses a one-time device-code ceremony (run `muhaven-broker login`); subsequent tool calls fetch the JWT from the broker over a Unix socket. Position / governance tools deep-link to the dashboard for passkey signing — they NEVER auto-submit to a bundler. The companion `muhaven-broker` daemon must be running before tools can be invoked. See README for setup.",
   "author": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@muhaven/mcp",
-  "version": "0.2.6",
+  "version": "0.2.7",
   "description": "MuHaven MCP server — read/position/policy toolsets bridging Claude Desktop / Cursor / Claude Code to the MuHaven backend, with a sibling muhaven-broker daemon holding the session-key private half over a local IPC socket",
   "type": "module",
   "repository": {