@muhaven/mcp 0.2.6 → 0.2.8

package/CHANGELOG.md

@@ -7,6 +7,92 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.8] — 2026-05-23
+
+### Added
+
+- **`pathDBundlerTrace` inline in the `muhaven.position.buy` echo on
+  fallback.** Every Path D attempt now buffers its bundler RPC
+  round-trips in a 20-event ring on the `BundlerClient`; on any
+  fallback return the handler drains the ring and inlines it into
+  the echo:
+
+      pathDBundlerTrace: [
+        {
+          method: 'eth_call',
+          id: 12,
+          requestBody: '{"jsonrpc":"2.0","id":12,"method":"eth_call",...}',
+          responseStatus: 200,
+          responseBody: '{"jsonrpc":"2.0","id":12,"result":"0x..."}',
+          elapsedMs: 87,
+        },
+        {
+          method: 'zd_sponsorUserOperation',
+          id: 14,
+          requestBody: '{"jsonrpc":"2.0","method":"zd_sponsorUserOperation","params":[...]}',
+          responseStatus: 400,
+          responseBody: '{"error":"AA23 reverted ..."}',
+          error: { code: 'http_error', message: '...' },
+          elapsedMs: 412,
+        },
+      ]
+
+  Bodies truncated at 2KB. The LLM (and the operator reading the
+  tool result) sees the EXACT wire payload that the bundler /
+  paymaster rejected — no need for curl repro or Claude Code
+  subprocess log digging. Confirmed 2026-05-23 that Claude Code's
+  MCP client only captures subprocess stderr at handshake (not
+  during tool calls), so the 0.2.7 stderr-verbose path never reached
+  the LLM context during the smoke iterations.
+
+  Ring buffer is always-on (no env-gate, ~80KB worst-case per
+  BundlerClient instance) so the next gate is self-diagnosing
+  immediately without a second `npm i -g` cycle.
+
+  `BundlerClient.drainTrace()` returns + clears the ring; called at
+  the start of `attemptPathD` (clear stale) and again right before
+  the fallback echo (collect + inline).
+
+### Tests
+
+- bundler-client.test.ts: new ring-buffer behaviour cases (drain
+  returns a copy; drain clears; ring is bounded at 20; populates on
+  success + http_error + timeout + rpc_error).
+
+## [0.2.7] — 2026-05-23
+
+### Added
+
+- **Startup banner (always on).** `runMcpStdioCli` writes one stderr
+  line at boot with the running version + verbose mode:
+
+      [muhaven-mcp] starting @muhaven/mcp@0.2.7 (verbose=off)
+
+  Multiple smoke iterations have been ambiguous about whether
+  `npm i -g @muhaven/mcp@<v>` actually updated the global binary
+  picked up by Claude Code (the subprocess only re-spawns on FULL
+  Claude Code restart, not `/mcp reconnect`). One stderr line at boot
+  makes the version mismatch impossible to miss.
+
+- **Verbose paymaster/bundler logging (`MUHAVEN_MCP_VERBOSE=1`).**
+  Gated env var that emits two stderr lines per bundler RPC:
+
+      [muhaven-mcp] [bundler→] zd_sponsorUserOperation id=N body={...}
+      [muhaven-mcp] [bundler←] zd_sponsorUserOperation id=N resp={...}
+
+  Bodies truncated at 2KB; covers happy-path, http_error, timeout,
+  non-JSON, network failures. Add `"MUHAVEN_MCP_VERBOSE": "1"` to the
+  `.mcp.json` env block when triaging a `pathDFallbackReason` —
+  removes the need for curl repro entirely.
+
+### Fixed
+
+- **Stale `pm_sponsorUserOperation` label in the
+  `paymaster_rejected` fallback message** (0.2.4 leftover). The
+  actual method call has been `zd_sponsorUserOperation` since 0.2.4,
+  but the error message label still said `pm_*`. No functional
+  impact — just a confusing log string when the gate fires.
+
 ## [0.2.6] — 2026-05-23
 
 ### Fixed

package/dist/broker.cjs

@@ -2783,7 +2783,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.2.6";
+    return "0.2.8";
   }
 }
 function printVersion() {

package/dist/broker.js

@@ -2785,7 +2785,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.2.6";
+    return "0.2.8";
   }
 }
 function printVersion() {

package/dist/index.cjs

@@ -999,7 +999,7 @@ var BundlerClientError = class extends Error {
   code;
   detail;
 };
-var BundlerClient = class {
+var BundlerClient = class _BundlerClient {
   constructor(options) {
     this.options = options;
     this.fetchImpl = options.fetchImpl ?? globalThis.fetch.bind(globalThis);
@@ -1007,6 +1007,35 @@ var BundlerClient = class {
   options;
   fetchImpl;
   nextRpcId = 1;
+  /**
+   * Ring buffer of the most recent RPC round-trips. Surfaced via
+   * `drainTrace()` to the caller (attemptPathD) for inline diagnostic
+   * in the position.buy echo. Always populated (no env-gate) — bounded
+   * at 20 events × ~4KB each ≈ 80KB worst-case per client instance.
+   * Cheap enough to keep on for all installs so the next paymaster
+   * gate is self-diagnosing without a second binary spin.
+   */
+  static TRACE_BUFFER_SIZE = 20;
+  recentTrace = [];
+  /**
+   * Return AND CLEAR the in-memory trace ring. attemptPathD calls this
+   * right before constructing a fallback echo so the trace inlined
+   * into the echo corresponds to THAT smoke iteration (subsequent
+   * tool calls start with an empty buffer). Returns a copy so the
+   * caller can safely serialize without races against in-flight
+   * concurrent RPCs.
+   */
+  drainTrace() {
+    const snapshot = this.recentTrace.slice();
+    this.recentTrace = [];
+    return snapshot;
+  }
+  pushTrace(event) {
+    this.recentTrace.push(event);
+    if (this.recentTrace.length > _BundlerClient.TRACE_BUFFER_SIZE) {
+      this.recentTrace.shift();
+    }
+  }
   /**
    * Submit a signed UserOperation. Returns the userOpHash the bundler
    * computed (which must match the hash the broker signed — caller is
@@ -1211,6 +1240,16 @@ var BundlerClient = class {
   async rpc(method, params) {
     const id = this.nextRpcId++;
     const body = JSON.stringify({ jsonrpc: "2.0", id, method, params });
+    const verbose = process.env.MUHAVEN_MCP_VERBOSE === "1";
+    const truncate = (s) => s.length > 2048 ? s.slice(0, 2048) + "\u2026(truncated)" : s;
+    const requestBody = truncate(body);
+    const startMs = Date.now();
+    if (verbose) {
+      process.stderr.write(
+        `[muhaven-mcp] [bundler\u2192] ${method} id=${id} body=${requestBody}
+`
+      );
+    }
     const ctrl = new AbortController();
     const timer = setTimeout(() => ctrl.abort(), this.options.requestTimeoutMs);
     let res;
@@ -1230,12 +1269,38 @@ var BundlerClient = class {
       });
     } catch (err2) {
       clearTimeout(timer);
+      const elapsedMs2 = Date.now() - startMs;
       if (err2.name === "AbortError") {
+        if (verbose) {
+          process.stderr.write(`[muhaven-mcp] [bundler\u2717] ${method} id=${id} timeout
+`);
+        }
+        this.pushTrace({
+          method,
+          id,
+          requestBody,
+          error: { code: "timeout", message: `bundler ${method} timed out` },
+          elapsedMs: elapsedMs2
+        });
         throw new BundlerClientError("timeout", `bundler ${method} timed out`);
       }
+      const netMsg = err2 instanceof Error ? err2.message : String(err2);
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} network err=${netMsg}
+`
+        );
+      }
+      this.pushTrace({
+        method,
+        id,
+        requestBody,
+        error: { code: "network", message: `bundler ${method} network error: ${netMsg}` },
+        elapsedMs: elapsedMs2
+      });
       throw new BundlerClientError(
         "network",
-        `bundler ${method} network error: ${err2 instanceof Error ? err2.message : String(err2)}`,
+        `bundler ${method} network error: ${netMsg}`,
         err2
       );
     } finally {
@@ -1247,6 +1312,24 @@ var BundlerClient = class {
         text = (await res.text()).slice(0, 256);
       } catch {
       }
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} HTTP ${res.status} body=${text}
+`
+        );
+      }
+      this.pushTrace({
+        method,
+        id,
+        requestBody,
+        responseStatus: res.status,
+        responseBody: text,
+        error: {
+          code: "http_error",
+          message: `bundler ${method} \u2192 HTTP ${res.status}: ${text}`
+        },
+        elapsedMs: Date.now() - startMs
+      });
       throw new BundlerClientError(
         "http_error",
         `bundler ${method} \u2192 HTTP ${res.status}: ${text}`
@@ -1256,12 +1339,43 @@ var BundlerClient = class {
     try {
       parsed = await res.json();
     } catch (err2) {
+      const jsonErr = err2 instanceof Error ? err2.message : String(err2);
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} non-JSON err=${jsonErr}
+`
+        );
+      }
+      this.pushTrace({
+        method,
+        id,
+        requestBody,
+        responseStatus: res.status,
+        error: { code: "invalid_response", message: `bundler ${method} returned non-JSON: ${jsonErr}` },
+        elapsedMs: Date.now() - startMs
+      });
       throw new BundlerClientError(
         "invalid_response",
-        `bundler ${method} returned non-JSON: ${err2 instanceof Error ? err2.message : String(err2)}`
+        `bundler ${method} returned non-JSON: ${jsonErr}`
       );
     }
+    const respDump = JSON.stringify(parsed);
+    const respBody = truncate(respDump);
+    if (verbose) {
+      process.stderr.write(`[muhaven-mcp] [bundler\u2190] ${method} id=${id} resp=${respBody}
+`);
+    }
+    const elapsedMs = Date.now() - startMs;
     if (typeof parsed !== "object" || parsed === null) {
+      this.pushTrace({
+        method,
+        id,
+        requestBody,
+        responseStatus: res.status,
+        responseBody: respBody,
+        error: { code: "invalid_response", message: `bundler ${method} returned non-object` },
+        elapsedMs
+      });
       throw new BundlerClientError(
         "invalid_response",
         `bundler ${method} returned non-object`
@@ -1270,12 +1384,30 @@ var BundlerClient = class {
     const obj = parsed;
     if (obj.error !== void 0 && obj.error !== null) {
       const err2 = obj.error;
+      const errMsg = typeof err2.message === "string" ? err2.message : "<no message>";
+      this.pushTrace({
+        method,
+        id,
+        requestBody,
+        responseStatus: res.status,
+        responseBody: respBody,
+        error: { code: "rpc_error", message: `bundler ${method} rpc error: ${errMsg}` },
+        elapsedMs
+      });
       throw new BundlerClientError(
         "rpc_error",
-        `bundler ${method} rpc error: ${typeof err2.message === "string" ? err2.message : "<no message>"}`,
+        `bundler ${method} rpc error: ${errMsg}`,
         { code: err2.code, message: err2.message, data: err2.data }
       );
     }
+    this.pushTrace({
+      method,
+      id,
+      requestBody,
+      responseStatus: res.status,
+      responseBody: respBody,
+      elapsedMs
+    });
     return obj.result;
   }
 };
@@ -2230,6 +2362,7 @@ async function attemptPathD(args, deps) {
   if (!deps.broker || !deps.bundler) {
     return { kind: "unconfigured" };
   }
+  deps.bundler.drainTrace();
   if (!deps.subscriptionAddress) {
     return {
       kind: "fallback",
@@ -2462,7 +2595,7 @@ async function attemptPathD(args, deps) {
     return {
       kind: "fallback",
       reason: "paymaster_rejected",
-      message: `pm_sponsorUserOperation rejected${detail}: ${safeMsg}`
+      message: `zd_sponsorUserOperation rejected${detail}: ${safeMsg}`
     };
   }
   const userOpForHash = {
@@ -2670,6 +2803,7 @@ async function positionBuy(input, deps) {
   let pathDFallbackReason;
   let pathDFallbackDetail;
   let pathDSubmittedUserOpHash;
+  let pathDBundlerTrace;
   const pathD = await attemptPathD(
     { shares, tokenAddress: token.address, tokenSymbol: token.symbol },
     deps
@@ -2683,6 +2817,12 @@ async function positionBuy(input, deps) {
     if (pathD.submittedUserOpHash) {
       pathDSubmittedUserOpHash = pathD.submittedUserOpHash;
     }
+    if (deps.bundler) {
+      const trace = deps.bundler.drainTrace();
+      if (trace.length > 0) {
+        pathDBundlerTrace = trace;
+      }
+    }
   }
   const dashboardUrl = buildPositionDeeplink(resolveDashboardBaseUrl(deps), "buy", {
     token: token.symbol,
@@ -2706,7 +2846,8 @@ ${dashboardUrl}`,
       navUsd6: navUsd6.toString(),
       ...pathDFallbackReason ? { pathDFallbackReason } : {},
       ...pathDFallbackDetail ? { pathDFallbackDetail } : {},
-      ...pathDSubmittedUserOpHash ? { pathDSubmittedUserOpHash } : {}
+      ...pathDSubmittedUserOpHash ? { pathDSubmittedUserOpHash } : {},
+      ...pathDBundlerTrace ? { pathDBundlerTrace } : {}
     }
   });
 }
@@ -3057,7 +3198,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.2.6";
+    return "0.2.8";
   }
 }
 function toJsonInputSchema(schema) {
@@ -3176,6 +3317,10 @@ function toolJsonResponse(payload) {
 }
 async function runMcpStdioCli(opts = {}) {
   const config = loadMcpConfig();
+  process.stderr.write(
+    `[muhaven-mcp] starting @muhaven/mcp@${SERVER_VERSION} (verbose=${process.env.MUHAVEN_MCP_VERBOSE === "1" ? "on" : "off"})
+`
+  );
   const pinned = await loadPinnedToolHashes();
   const verify = verifyToolHashes(pinned);
   if (!verify.ok) {

package/dist/index.d.cts

@@ -755,6 +755,43 @@ interface UserOperationReceipt {
         readonly blockHash: `0x${string}`;
     };
 }
+/**
+ * Wave 5 Path D 0.2.8 — single bundler RPC round-trip captured for
+ * downstream diagnostic. Stored in a ring buffer on the client; the
+ * caller (attemptPathD) drains the buffer at each fallback return and
+ * inlines it into the `position.buy` echo's `pathDFallbackDetail`
+ * field. Claude Code's MCP client only captures subprocess stderr at
+ * connection handshake (NOT during tool calls — verified 2026-05-23
+ * via Claude Code's `mcp-logs-muhaven` JSONL files), so the previous
+ * stderr-only verbose path was invisible to operators. Returning the
+ * trace IN the tool response is the diagnostic surface that actually
+ * reaches the LLM context.
+ *
+ * Bodies truncated at 2KB each to keep the echo small + bounded.
+ * Sensitive fields (signatures) are kept since the LLM already sees
+ * the unsigned UserOp shape elsewhere — there's no incremental
+ * disclosure beyond what `pathDFallbackDetail`'s sanitized message
+ * already carries.
+ */
+interface BundlerTraceEvent {
+    /** RPC method (e.g. `eth_call`, `eth_gasPrice`, `zd_sponsorUserOperation`). */
+    readonly method: string;
+    /** Monotonically-incrementing per-client RPC id. */
+    readonly id: number;
+    /** Request body (JSON), truncated. */
+    readonly requestBody: string;
+    /** HTTP status of the response. Undefined for transport-layer failures. */
+    readonly responseStatus?: number;
+    /** Response body (text), truncated. Undefined on transport-layer failures. */
+    readonly responseBody?: string;
+    /** Set when the rpc threw — captures the BundlerClientError code+message. */
+    readonly error?: {
+        code: string;
+        message: string;
+    };
+    /** Wall-clock ms elapsed (request start → response received / failure). */
+    readonly elapsedMs: number;
+}
 interface BundlerClientOptions {
     /** Bundler RPC endpoint — MUHAVEN_BUNDLER_URL. https-or-loopback validated
      *  at config-load time (see `config.ts::validatePublicUrlEnv`). */
@@ -789,7 +826,27 @@ declare class BundlerClient {
     private readonly options;
     private readonly fetchImpl;
     private nextRpcId;
+    /**
+     * Ring buffer of the most recent RPC round-trips. Surfaced via
+     * `drainTrace()` to the caller (attemptPathD) for inline diagnostic
+     * in the position.buy echo. Always populated (no env-gate) — bounded
+     * at 20 events × ~4KB each ≈ 80KB worst-case per client instance.
+     * Cheap enough to keep on for all installs so the next paymaster
+     * gate is self-diagnosing without a second binary spin.
+     */
+    private static readonly TRACE_BUFFER_SIZE;
+    private recentTrace;
     constructor(options: BundlerClientOptions);
+    /**
+     * Return AND CLEAR the in-memory trace ring. attemptPathD calls this
+     * right before constructing a fallback echo so the trace inlined
+     * into the echo corresponds to THAT smoke iteration (subsequent
+     * tool calls start with an empty buffer). Returns a copy so the
+     * caller can safely serialize without races against in-flight
+     * concurrent RPCs.
+     */
+    drainTrace(): readonly BundlerTraceEvent[];
+    private pushTrace;
     /**
      * Submit a signed UserOperation. Returns the userOpHash the bundler
      * computed (which must match the hash the broker signed — caller is

package/dist/index.d.ts

@@ -755,6 +755,43 @@ interface UserOperationReceipt {
         readonly blockHash: `0x${string}`;
     };
 }
+/**
+ * Wave 5 Path D 0.2.8 — single bundler RPC round-trip captured for
+ * downstream diagnostic. Stored in a ring buffer on the client; the
+ * caller (attemptPathD) drains the buffer at each fallback return and
+ * inlines it into the `position.buy` echo's `pathDFallbackDetail`
+ * field. Claude Code's MCP client only captures subprocess stderr at
+ * connection handshake (NOT during tool calls — verified 2026-05-23
+ * via Claude Code's `mcp-logs-muhaven` JSONL files), so the previous
+ * stderr-only verbose path was invisible to operators. Returning the
+ * trace IN the tool response is the diagnostic surface that actually
+ * reaches the LLM context.
+ *
+ * Bodies truncated at 2KB each to keep the echo small + bounded.
+ * Sensitive fields (signatures) are kept since the LLM already sees
+ * the unsigned UserOp shape elsewhere — there's no incremental
+ * disclosure beyond what `pathDFallbackDetail`'s sanitized message
+ * already carries.
+ */
+interface BundlerTraceEvent {
+    /** RPC method (e.g. `eth_call`, `eth_gasPrice`, `zd_sponsorUserOperation`). */
+    readonly method: string;
+    /** Monotonically-incrementing per-client RPC id. */
+    readonly id: number;
+    /** Request body (JSON), truncated. */
+    readonly requestBody: string;
+    /** HTTP status of the response. Undefined for transport-layer failures. */
+    readonly responseStatus?: number;
+    /** Response body (text), truncated. Undefined on transport-layer failures. */
+    readonly responseBody?: string;
+    /** Set when the rpc threw — captures the BundlerClientError code+message. */
+    readonly error?: {
+        code: string;
+        message: string;
+    };
+    /** Wall-clock ms elapsed (request start → response received / failure). */
+    readonly elapsedMs: number;
+}
 interface BundlerClientOptions {
     /** Bundler RPC endpoint — MUHAVEN_BUNDLER_URL. https-or-loopback validated
      *  at config-load time (see `config.ts::validatePublicUrlEnv`). */
@@ -789,7 +826,27 @@ declare class BundlerClient {
     private readonly options;
     private readonly fetchImpl;
     private nextRpcId;
+    /**
+     * Ring buffer of the most recent RPC round-trips. Surfaced via
+     * `drainTrace()` to the caller (attemptPathD) for inline diagnostic
+     * in the position.buy echo. Always populated (no env-gate) — bounded
+     * at 20 events × ~4KB each ≈ 80KB worst-case per client instance.
+     * Cheap enough to keep on for all installs so the next paymaster
+     * gate is self-diagnosing without a second binary spin.
+     */
+    private static readonly TRACE_BUFFER_SIZE;
+    private recentTrace;
     constructor(options: BundlerClientOptions);
+    /**
+     * Return AND CLEAR the in-memory trace ring. attemptPathD calls this
+     * right before constructing a fallback echo so the trace inlined
+     * into the echo corresponds to THAT smoke iteration (subsequent
+     * tool calls start with an empty buffer). Returns a copy so the
+     * caller can safely serialize without races against in-flight
+     * concurrent RPCs.
+     */
+    drainTrace(): readonly BundlerTraceEvent[];
+    private pushTrace;
     /**
      * Submit a signed UserOperation. Returns the userOpHash the bundler
      * computed (which must match the hash the broker signed — caller is

package/dist/index.js

@@ -995,7 +995,7 @@ var BundlerClientError = class extends Error {
   code;
   detail;
 };
-var BundlerClient = class {
+var BundlerClient = class _BundlerClient {
   constructor(options) {
     this.options = options;
     this.fetchImpl = options.fetchImpl ?? globalThis.fetch.bind(globalThis);
@@ -1003,6 +1003,35 @@ var BundlerClient = class {
   options;
   fetchImpl;
   nextRpcId = 1;
+  /**
+   * Ring buffer of the most recent RPC round-trips. Surfaced via
+   * `drainTrace()` to the caller (attemptPathD) for inline diagnostic
+   * in the position.buy echo. Always populated (no env-gate) — bounded
+   * at 20 events × ~4KB each ≈ 80KB worst-case per client instance.
+   * Cheap enough to keep on for all installs so the next paymaster
+   * gate is self-diagnosing without a second binary spin.
+   */
+  static TRACE_BUFFER_SIZE = 20;
+  recentTrace = [];
+  /**
+   * Return AND CLEAR the in-memory trace ring. attemptPathD calls this
+   * right before constructing a fallback echo so the trace inlined
+   * into the echo corresponds to THAT smoke iteration (subsequent
+   * tool calls start with an empty buffer). Returns a copy so the
+   * caller can safely serialize without races against in-flight
+   * concurrent RPCs.
+   */
+  drainTrace() {
+    const snapshot = this.recentTrace.slice();
+    this.recentTrace = [];
+    return snapshot;
+  }
+  pushTrace(event) {
+    this.recentTrace.push(event);
+    if (this.recentTrace.length > _BundlerClient.TRACE_BUFFER_SIZE) {
+      this.recentTrace.shift();
+    }
+  }
   /**
    * Submit a signed UserOperation. Returns the userOpHash the bundler
    * computed (which must match the hash the broker signed — caller is
@@ -1207,6 +1236,16 @@ var BundlerClient = class {
   async rpc(method, params) {
     const id = this.nextRpcId++;
     const body = JSON.stringify({ jsonrpc: "2.0", id, method, params });
+    const verbose = process.env.MUHAVEN_MCP_VERBOSE === "1";
+    const truncate = (s) => s.length > 2048 ? s.slice(0, 2048) + "\u2026(truncated)" : s;
+    const requestBody = truncate(body);
+    const startMs = Date.now();
+    if (verbose) {
+      process.stderr.write(
+        `[muhaven-mcp] [bundler\u2192] ${method} id=${id} body=${requestBody}
+`
+      );
+    }
     const ctrl = new AbortController();
     const timer = setTimeout(() => ctrl.abort(), this.options.requestTimeoutMs);
     let res;
@@ -1226,12 +1265,38 @@ var BundlerClient = class {
       });
     } catch (err2) {
       clearTimeout(timer);
+      const elapsedMs2 = Date.now() - startMs;
       if (err2.name === "AbortError") {
+        if (verbose) {
+          process.stderr.write(`[muhaven-mcp] [bundler\u2717] ${method} id=${id} timeout
+`);
+        }
+        this.pushTrace({
+          method,
+          id,
+          requestBody,
+          error: { code: "timeout", message: `bundler ${method} timed out` },
+          elapsedMs: elapsedMs2
+        });
         throw new BundlerClientError("timeout", `bundler ${method} timed out`);
       }
+      const netMsg = err2 instanceof Error ? err2.message : String(err2);
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} network err=${netMsg}
+`
+        );
+      }
+      this.pushTrace({
+        method,
+        id,
+        requestBody,
+        error: { code: "network", message: `bundler ${method} network error: ${netMsg}` },
+        elapsedMs: elapsedMs2
+      });
       throw new BundlerClientError(
         "network",
-        `bundler ${method} network error: ${err2 instanceof Error ? err2.message : String(err2)}`,
+        `bundler ${method} network error: ${netMsg}`,
         err2
       );
     } finally {
@@ -1243,6 +1308,24 @@ var BundlerClient = class {
         text = (await res.text()).slice(0, 256);
       } catch {
       }
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} HTTP ${res.status} body=${text}
+`
+        );
+      }
+      this.pushTrace({
+        method,
+        id,
+        requestBody,
+        responseStatus: res.status,
+        responseBody: text,
+        error: {
+          code: "http_error",
+          message: `bundler ${method} \u2192 HTTP ${res.status}: ${text}`
+        },
+        elapsedMs: Date.now() - startMs
+      });
       throw new BundlerClientError(
         "http_error",
         `bundler ${method} \u2192 HTTP ${res.status}: ${text}`
@@ -1252,12 +1335,43 @@ var BundlerClient = class {
     try {
       parsed = await res.json();
     } catch (err2) {
+      const jsonErr = err2 instanceof Error ? err2.message : String(err2);
+      if (verbose) {
+        process.stderr.write(
+          `[muhaven-mcp] [bundler\u2717] ${method} id=${id} non-JSON err=${jsonErr}
+`
+        );
+      }
+      this.pushTrace({
+        method,
+        id,
+        requestBody,
+        responseStatus: res.status,
+        error: { code: "invalid_response", message: `bundler ${method} returned non-JSON: ${jsonErr}` },
+        elapsedMs: Date.now() - startMs
+      });
       throw new BundlerClientError(
         "invalid_response",
-        `bundler ${method} returned non-JSON: ${err2 instanceof Error ? err2.message : String(err2)}`
+        `bundler ${method} returned non-JSON: ${jsonErr}`
       );
     }
+    const respDump = JSON.stringify(parsed);
+    const respBody = truncate(respDump);
+    if (verbose) {
+      process.stderr.write(`[muhaven-mcp] [bundler\u2190] ${method} id=${id} resp=${respBody}
+`);
+    }
+    const elapsedMs = Date.now() - startMs;
     if (typeof parsed !== "object" || parsed === null) {
+      this.pushTrace({
+        method,
+        id,
+        requestBody,
+        responseStatus: res.status,
+        responseBody: respBody,
+        error: { code: "invalid_response", message: `bundler ${method} returned non-object` },
+        elapsedMs
+      });
       throw new BundlerClientError(
         "invalid_response",
         `bundler ${method} returned non-object`
@@ -1266,12 +1380,30 @@ var BundlerClient = class {
     const obj = parsed;
     if (obj.error !== void 0 && obj.error !== null) {
       const err2 = obj.error;
+      const errMsg = typeof err2.message === "string" ? err2.message : "<no message>";
+      this.pushTrace({
+        method,
+        id,
+        requestBody,
+        responseStatus: res.status,
+        responseBody: respBody,
+        error: { code: "rpc_error", message: `bundler ${method} rpc error: ${errMsg}` },
+        elapsedMs
+      });
       throw new BundlerClientError(
         "rpc_error",
-        `bundler ${method} rpc error: ${typeof err2.message === "string" ? err2.message : "<no message>"}`,
+        `bundler ${method} rpc error: ${errMsg}`,
         { code: err2.code, message: err2.message, data: err2.data }
       );
     }
+    this.pushTrace({
+      method,
+      id,
+      requestBody,
+      responseStatus: res.status,
+      responseBody: respBody,
+      elapsedMs
+    });
     return obj.result;
   }
 };
@@ -2226,6 +2358,7 @@ async function attemptPathD(args, deps) {
   if (!deps.broker || !deps.bundler) {
     return { kind: "unconfigured" };
   }
+  deps.bundler.drainTrace();
   if (!deps.subscriptionAddress) {
     return {
       kind: "fallback",
@@ -2458,7 +2591,7 @@ async function attemptPathD(args, deps) {
     return {
       kind: "fallback",
       reason: "paymaster_rejected",
-      message: `pm_sponsorUserOperation rejected${detail}: ${safeMsg}`
+      message: `zd_sponsorUserOperation rejected${detail}: ${safeMsg}`
     };
   }
   const userOpForHash = {
@@ -2666,6 +2799,7 @@ async function positionBuy(input, deps) {
   let pathDFallbackReason;
   let pathDFallbackDetail;
   let pathDSubmittedUserOpHash;
+  let pathDBundlerTrace;
   const pathD = await attemptPathD(
     { shares, tokenAddress: token.address, tokenSymbol: token.symbol },
     deps
@@ -2679,6 +2813,12 @@ async function positionBuy(input, deps) {
     if (pathD.submittedUserOpHash) {
       pathDSubmittedUserOpHash = pathD.submittedUserOpHash;
     }
+    if (deps.bundler) {
+      const trace = deps.bundler.drainTrace();
+      if (trace.length > 0) {
+        pathDBundlerTrace = trace;
+      }
+    }
   }
   const dashboardUrl = buildPositionDeeplink(resolveDashboardBaseUrl(deps), "buy", {
     token: token.symbol,
@@ -2702,7 +2842,8 @@ ${dashboardUrl}`,
       navUsd6: navUsd6.toString(),
       ...pathDFallbackReason ? { pathDFallbackReason } : {},
       ...pathDFallbackDetail ? { pathDFallbackDetail } : {},
-      ...pathDSubmittedUserOpHash ? { pathDSubmittedUserOpHash } : {}
+      ...pathDSubmittedUserOpHash ? { pathDSubmittedUserOpHash } : {},
+      ...pathDBundlerTrace ? { pathDBundlerTrace } : {}
     }
   });
 }
@@ -3053,7 +3194,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.2.6";
+    return "0.2.8";
   }
 }
 function toJsonInputSchema(schema) {
@@ -3172,6 +3313,10 @@ function toolJsonResponse(payload) {
 }
 async function runMcpStdioCli(opts = {}) {
   const config = loadMcpConfig();
+  process.stderr.write(
+    `[muhaven-mcp] starting @muhaven/mcp@${SERVER_VERSION} (verbose=${process.env.MUHAVEN_MCP_VERBOSE === "1" ? "on" : "off"})
+`
+  );
   const pinned = await loadPinnedToolHashes();
   const verify = verifyToolHashes(pinned);
   if (!verify.ok) {

package/manifest.json

@@ -3,7 +3,7 @@
   "manifest_version": "0.2",
   "name": "muhaven-mcp",
   "display_name": "MuHaven (RWA portfolio)",
-  "version": "0.2.6",
+  "version": "0.2.8",
   "description": "Confidential RWA portfolio management on Fhenix CoFHE. Read your encrypted balances, propose yield claims and policy changes — all signing happens in a sibling broker daemon, the LLM never sees your private key.",
   "long_description": "MuHaven MCP exposes 24 tools across read.* / position.* / policy.* / issuer.* / governance.* groups for managing real-world asset (RWA) tokens with FHE-encrypted balances. Authentication uses a one-time device-code ceremony (run `muhaven-broker login`); subsequent tool calls fetch the JWT from the broker over a Unix socket. Position / governance tools deep-link to the dashboard for passkey signing — they NEVER auto-submit to a bundler. The companion `muhaven-broker` daemon must be running before tools can be invoked. See README for setup.",
   "author": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@muhaven/mcp",
-  "version": "0.2.6",
+  "version": "0.2.8",
   "description": "MuHaven MCP server — read/position/policy toolsets bridging Claude Desktop / Cursor / Claude Code to the MuHaven backend, with a sibling muhaven-broker daemon holding the session-key private half over a local IPC socket",
   "type": "module",
   "repository": {