npm - @muhaven/mcp - Versions diffs - 0.2.9 → 0.3.0 - Mend

@muhaven/mcp 0.2.9 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,78 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [0.3.0] — 2026-05-23
+### Added
+- **Wave 5 Option D Commit 3 — MCP-side MODE.ENABLE UserOp pipeline.**
+  Closes the `paymaster_rejected → AA23 reverted 0x` smoke gap by
+  installing the PermissionValidator atomically with the first Path D
+  buy. On a freshly-minted Scoped session (`enable_status='pending'`
+  on the backend mirror), `position.buy` now:
+  - Fetches install material (`enableData` + `enableSig` +
+    `validatorNonce`) from the backend's
+    `GET /agent/policy/scoped-session/:id/install-material` subroute,
+    gated by `BROKER_CALLBACK_SERVICE_SECRET`.
+  - Calls the broker daemon's NEW `current_nonce` IPC verb to read the
+    kernel's live `currentNonce()` and pre-checks it against the
+    stored `validatorNonce`; mismatch surfaces as fallback
+    `enable_sig_stale` with a re-mint remediation.
+  - Composes the UserOp with `composeKernelV3NonceKey({mode:'enable'})`
+    (byte 0 of the 24-byte composite flips `0x00` → `0x01`) AND
+    wraps the 66-byte session-key signature with NEW
+    `wrapEnableModeSignature(...)` — a byte-exact mirror of
+    `@zerodev/sdk::getEncodedPluginsData`. The byte-equality is
+    pinned by 5 regression fixtures importing the canonical SDK as a
+    `devDep` (test-only — `@zerodev/sdk` is NOT in the runtime
+    bundle).
+  - After receipt, calls the broker daemon's NEW
+    `notify_userop_landed` IPC verb so the broker can POST the
+    backend's `validator-enabled` callback route. The chain indexer
+    is the authoritative source-of-truth; the callback is a fast-path
+    optimization.
+- **Broker protocol bump 0.4.0 → 0.5.0.** Additive surface only —
+  legacy 0.4.0 callers continue to work. New verbs: `current_nonce`,
+  `notify_userop_landed`. New optional `enableData`/`enableSig`/
+  `validatorNonce` on `PolicySnapshotWire` with an all-or-none
+  refinement. New error codes: `chain_rpc_failed`, `callback_unconfigured`.
+- **Broker daemon outbound egress (narrow, operator-approved
+  threat-model relaxation).** Until C3 the broker had ZERO outbound
+  channels; C3 adds exactly TWO via the NEW `BrokerOutbound` module:
+  - Chain RPC `eth_call` to `MUHAVEN_BROKER_RPC_URL` (fallback
+    `MUHAVEN_BUNDLER_URL`) for `kernel.currentNonce()` reads.
+  - HTTPS POST to backend's `validator-enabled` route with
+    `BROKER_CALLBACK_SERVICE_SECRET` bearer, exponential 5s/15s/60s/5m
+    backoff (`MUHAVEN_BROKER_ORIGIN` header per the ZeroDev
+    allowlist gotcha codified in earlier commits).
+  - Per-(sessionId, txHash, accountAddress) in-process dedup folds
+    flood IPC into a single retry loop.
+- New fallback codes on `position.buy` Path D probe:
+  `install_material_unavailable`, `install_material_malformed`,
+  `enable_sig_stale`, `validator_install_failed_re_walk_required`,
+  `broker_chain_rpc_failed`.
+- New broker config knobs: `MUHAVEN_BROKER_RPC_URL`,
+  `BROKER_CALLBACK_SERVICE_SECRET`, `MUHAVEN_BROKER_ORIGIN`.
+### Changed
+- `composeKernelV3NonceKey` now accepts a `mode: 'default'|'enable'`
+  parameter. Default-omitted = `'default'` (backwards-compatible
+  with 0.2.x callers).
+- `BackendClient` gains a `getServiceSecret(path, secret, query?)`
+  method (refactored `exchange` to share `runFetch`). Used only by
+  the install-material subroute.
+- `daemon.ts` JSDoc header rewrites the "zero-egress" invariant to
+  document the C3 narrow outbound channels load-bearingly.
+### Notes
+- 28 files changed, +4029 / -20 LOC.
+- 18 new unit tests (5 byte-equality fixtures + 8 use-case + 6
+  watchdog + 6 indexer + 12 protocol parser + 5 daemon).
+- @muhaven/mcp 0.3.0 publish requires `npm publish` after
+  `pnpm clean && pnpm build && pnpm test`.
 ## [0.2.9] — 2026-05-23
 ### Added

package/dist/broker.cjs CHANGED Viewed

@@ -7,6 +7,7 @@ var net = require('net');
 var promises = require('fs/promises');
 var accounts = require('viem/accounts');
 var crypto = require('crypto');
+var viem = require('viem');
 var DEFAULT_BACKEND_URL = "https://api.muhaven.app";
 var DEFAULT_DASHBOARD_URL = "https://muhaven.app";
@@ -161,22 +162,45 @@ function loadBrokerConfig(env = process.env) {
     env.MUHAVEN_DASHBOARD_URL,
     DEFAULT_DASHBOARD_URL
   );
+  const chainRpcUrlRaw = readEnv("MUHAVEN_BROKER_RPC_URL", env) ?? readEnv("MUHAVEN_BUNDLER_URL", env);
+  const chainRpcUrl = chainRpcUrlRaw === void 0 ? void 0 : resolvePublicUrlEnv(
+    "MUHAVEN_BROKER_RPC_URL",
+    chainRpcUrlRaw,
+    chainRpcUrlRaw
+  );
+  const callbackServiceSecretRaw = readEnv("BROKER_CALLBACK_SERVICE_SECRET", env);
+  let callbackServiceSecret;
+  if (callbackServiceSecretRaw !== void 0) {
+    if (callbackServiceSecretRaw.length < 16) {
+      throw new Error(
+        "BROKER_CALLBACK_SERVICE_SECRET must be at least 16 characters (matches backend with-service-secret middleware floor)"
+      );
+    }
+    callbackServiceSecret = callbackServiceSecretRaw;
+  }
+  const outboundOriginHeader = readEnv("MUHAVEN_BROKER_ORIGIN", env) ?? dashboardBaseUrl;
   return {
     endpoint,
     sessionKeyHex,
     maxRequestBytes,
     requestTimeoutMs,
     backendBaseUrl,
-    dashboardBaseUrl
+    dashboardBaseUrl,
+    chainRpcUrl,
+    callbackServiceSecret,
+    outboundOriginHeader
   };
 }
 // src/broker/protocol.ts
-var BROKER_PROTOCOL_VERSION = "0.4.0";
+var BROKER_PROTOCOL_VERSION = "0.5.0";
 var HASH_HEX_RE = /^0x[0-9a-fA-F]{64}$/;
 var ADDRESS_HEX_RE2 = /^0x[0-9a-fA-F]{40}$/;
 var SELECTOR_HEX_RE = /^0x[0-9a-fA-F]{8}$/;
 var HEX_PREFIXED_RE = /^0x[0-9a-fA-F]*$/;
+var ENABLE_DATA_HEX_RE = /^0x[0-9a-fA-F]{2,65536}$/;
+var ENABLE_SIG_HEX_RE = /^0x[0-9a-fA-F]{256,16384}$/;
+var UINT32_MAX = 4294967295;
 var JWT_RE = /^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/;
 var SESSION_ID_RE = /^[A-Za-z0-9_-]{1,128}$/;
 var UINT256_DEC_RE = /^(0|[1-9][0-9]{0,77})$/;
@@ -296,6 +320,43 @@ function parsePolicySnapshot(raw) {
   if (!isOptionalPermissionId(obj.permissionId)) {
     return { error: "snapshot.permissionId must be a 0x-prefixed 4-byte hex when provided" };
   }
+  const enableData = obj.enableData;
+  const enableSig = obj.enableSig;
+  const validatorNonce = obj.validatorNonce;
+  const installPresent = [enableData, enableSig, validatorNonce].filter(
+    (v) => v !== void 0
+  ).length;
+  if (installPresent !== 0 && installPresent !== 3) {
+    return {
+      error: "snapshot.{enableData,enableSig,validatorNonce} must be all-present or all-absent (Option D Commit 3 install-material trio)"
+    };
+  }
+  if (enableData !== void 0) {
+    if (typeof enableData !== "string" || !ENABLE_DATA_HEX_RE.test(enableData)) {
+      return {
+        error: "snapshot.enableData must be a 0x-prefixed hex string of 2..65536 chars when provided"
+      };
+    }
+  }
+  if (enableSig !== void 0) {
+    if (typeof enableSig !== "string" || !ENABLE_SIG_HEX_RE.test(enableSig)) {
+      return {
+        error: "snapshot.enableSig must be a 0x-prefixed hex string of 256..16384 chars (WebAuthn envelope) when provided"
+      };
+    }
+  }
+  if (validatorNonce !== void 0) {
+    if (typeof validatorNonce !== "number" || !Number.isInteger(validatorNonce) || validatorNonce < 0 || validatorNonce > UINT32_MAX) {
+      return {
+        error: "snapshot.validatorNonce must be an integer in [0, 2^32-1] when provided"
+      };
+    }
+  }
+  if (installPresent === 3 && obj.permissionId === void 0) {
+    return {
+      error: "snapshot install material requires permissionId in the same snapshot"
+    };
+  }
   return {
     sessionId: obj.sessionId,
     mode: "scoped",
@@ -308,7 +369,10 @@ function parsePolicySnapshot(raw) {
     mintedAtSec: obj.mintedAtSec,
     ...obj.consentActionHash === void 0 ? {} : { consentActionHash: obj.consentActionHash.toLowerCase() },
     ...obj.consentTextSha256 === void 0 ? {} : { consentTextSha256: obj.consentTextSha256.toLowerCase() },
-    ...obj.permissionId === void 0 ? {} : { permissionId: obj.permissionId.toLowerCase() }
+    ...obj.permissionId === void 0 ? {} : { permissionId: obj.permissionId.toLowerCase() },
+    ...enableData === void 0 ? {} : { enableData: enableData.toLowerCase() },
+    ...enableSig === void 0 ? {} : { enableSig: enableSig.toLowerCase() },
+    ...validatorNonce === void 0 ? {} : { validatorNonce }
   };
 }
 function parseBrokerRequest(line) {
@@ -487,6 +551,72 @@ function parseBrokerRequest(line) {
     }
     case "get_active_session_id":
       return { type: "get_active_session_id" };
+    case "current_nonce": {
+      if (!isAddressHex(obj.accountAddress)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "current_nonce.accountAddress must be a 0x-prefixed 20-byte hex"
+        };
+      }
+      return {
+        type: "current_nonce",
+        accountAddress: obj.accountAddress.toLowerCase()
+      };
+    }
+    case "notify_userop_landed": {
+      if (!isSessionIdShape(obj.sessionId)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "notify_userop_landed.sessionId must be 1-128 chars [A-Za-z0-9_-]"
+        };
+      }
+      if (!isAddressHex(obj.accountAddress)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "notify_userop_landed.accountAddress must be a 0x-prefixed 20-byte hex"
+        };
+      }
+      if (!isSelectorHex(obj.permissionId)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "notify_userop_landed.permissionId must be a 0x-prefixed 4-byte hex"
+        };
+      }
+      if (!isHashHex(obj.txHash)) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "notify_userop_landed.txHash must be a 0x-prefixed 32-byte hex"
+        };
+      }
+      if (typeof obj.blockNumber !== "number" || !Number.isFinite(obj.blockNumber) || !Number.isInteger(obj.blockNumber) || obj.blockNumber < 0) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "notify_userop_landed.blockNumber must be a non-negative integer"
+        };
+      }
+      if (typeof obj.logIndex !== "number" || !Number.isFinite(obj.logIndex) || !Number.isInteger(obj.logIndex) || obj.logIndex < 0) {
+        return {
+          type: "error",
+          code: "invalid_request",
+          message: "notify_userop_landed.logIndex must be a non-negative integer"
+        };
+      }
+      return {
+        type: "notify_userop_landed",
+        sessionId: obj.sessionId,
+        accountAddress: obj.accountAddress.toLowerCase(),
+        permissionId: obj.permissionId.toLowerCase(),
+        txHash: obj.txHash.toLowerCase(),
+        blockNumber: obj.blockNumber,
+        logIndex: obj.logIndex
+      };
+    }
     default:
       return {
         type: "error",
@@ -646,6 +776,33 @@ var BrokerClient = class {
     }
     return res;
   }
+  // ── Wave 5 Option D Commit 3 — install-mode pre-check + callback notify ──
+  async currentNonce(accountAddress) {
+    const res = await this.exchange({ type: "current_nonce", accountAddress });
+    if (res.type !== "current_nonce") {
+      throw new BrokerClientError(
+        "protocol_error",
+        `expected current_nonce response, got ${res.type}`
+      );
+    }
+    if (res.accountAddress.toLowerCase() !== accountAddress.toLowerCase()) {
+      throw new BrokerClientError(
+        "protocol_error",
+        `current_nonce echo mismatch (requested ${accountAddress}, got ${res.accountAddress})`
+      );
+    }
+    return res;
+  }
+  async notifyUseropLanded(args) {
+    const res = await this.exchange({ type: "notify_userop_landed", ...args });
+    if (res.type !== "notify_userop_landed") {
+      throw new BrokerClientError(
+        "protocol_error",
+        `expected notify_userop_landed response, got ${res.type}`
+      );
+    }
+    return res;
+  }
   /**
    * Detect whether the running daemon speaks Path D (protocol 0.4.0+).
    * Wraps `hello()` with a semver-gte comparison so the MCP tool layer
@@ -1436,11 +1593,285 @@ function checkPolicy(input) {
   }
   return { ok: true };
 }
+var KERNEL_V3_CURRENT_NONCE_ABI = viem.parseAbi([
+  "function currentNonce() view returns (uint32)"
+]);
+var ChainRpcError = class extends Error {
+  constructor(message, cause) {
+    super(message);
+    this.cause = cause;
+    this.name = "ChainRpcError";
+  }
+  cause;
+};
+var CallbackError = class extends Error {
+  constructor(message, cause) {
+    super(message);
+    this.cause = cause;
+    this.name = "CallbackError";
+  }
+  cause;
+};
+var CALLBACK_RETRY_SCHEDULE_MS = [
+  5e3,
+  15e3,
+  6e4,
+  5 * 6e4
+];
+var CALLBACK_MAX_ELAPSED_MS = 60 * 6e4;
+var DEFAULT_FETCH_TIMEOUT_MS = 15e3;
+var BrokerOutbound = class {
+  constructor(config, log = () => {
+  }) {
+    this.config = config;
+    this.log = log;
+    this.fetchImpl = config.fetchImpl ?? fetch;
+    this.fetchTimeoutMs = config.fetchTimeoutMs ?? DEFAULT_FETCH_TIMEOUT_MS;
+    this.setTimeoutImpl = config.setTimeout ?? setTimeout;
+    this.clearTimeoutImpl = config.clearTimeout ?? clearTimeout;
+  }
+  config;
+  log;
+  fetchImpl;
+  fetchTimeoutMs;
+  setTimeoutImpl;
+  clearTimeoutImpl;
+  /**
+   * Wave 5 Option D Commit 3 (multi-agent review SecEng-MED-3) —
+   * in-process dedup of `notify_userop_landed` callbacks. Map of
+   * `<sessionId>:<txHash>` → the in-flight retry loop's Promise.
+   * Repeated IPC calls with the same key fold into the existing
+   * loop instead of spawning a parallel POST. Defends against a
+   * local-socket peer flooding the broker with replay attempts +
+   * caps the retry-budget waste at one loop per real install.
+   */
+  inflightCallbacks = /* @__PURE__ */ new Map();
+  /**
+   * Read the kernel's `currentNonce()` view via `eth_call` against the
+   * configured chain RPC. Returns a uint32. Throws `ChainRpcError` when
+   * unconfigured / network failed / RPC returned non-decodable bytes.
+   */
+  async currentNonce(accountAddress) {
+    if (!this.config.chainRpcUrl) {
+      throw new ChainRpcError(
+        "broker chain RPC unconfigured \u2014 set MUHAVEN_BROKER_RPC_URL or MUHAVEN_BUNDLER_URL"
+      );
+    }
+    const data = viem.encodeFunctionData({
+      abi: KERNEL_V3_CURRENT_NONCE_ABI,
+      functionName: "currentNonce"
+    });
+    const body = JSON.stringify({
+      jsonrpc: "2.0",
+      id: 1,
+      method: "eth_call",
+      params: [{ to: accountAddress, data }, "latest"]
+    });
+    let res;
+    const ac = new AbortController();
+    const timer = this.setTimeoutImpl(() => ac.abort(), this.fetchTimeoutMs);
+    try {
+      res = await this.fetchImpl(this.config.chainRpcUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Accept: "application/json",
+          Origin: this.config.outboundOriginHeader
+        },
+        body,
+        signal: ac.signal
+      });
+    } catch (err) {
+      throw new ChainRpcError(
+        `chain RPC fetch failed: ${err instanceof Error ? err.message : String(err)}`,
+        err
+      );
+    } finally {
+      this.clearTimeoutImpl(timer);
+    }
+    if (!res.ok) {
+      throw new ChainRpcError(
+        `chain RPC returned HTTP ${res.status}`
+      );
+    }
+    let parsed;
+    try {
+      parsed = await res.json();
+    } catch (err) {
+      throw new ChainRpcError(
+        `chain RPC returned non-JSON: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    if (parsed.error) {
+      throw new ChainRpcError(
+        `chain RPC error: ${parsed.error.message ?? "unknown"}`
+      );
+    }
+    if (typeof parsed.result !== "string" || !/^0x[0-9a-fA-F]*$/.test(parsed.result)) {
+      throw new ChainRpcError(
+        `chain RPC returned non-hex result: ${JSON.stringify(parsed.result).slice(0, 80)}`
+      );
+    }
+    let nonce;
+    try {
+      const decoded = viem.decodeAbiParameters(
+        [{ type: "uint32" }],
+        parsed.result
+      );
+      nonce = Number(decoded[0]);
+    } catch (err) {
+      throw new ChainRpcError(
+        `failed to decode currentNonce result: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    if (!Number.isFinite(nonce) || nonce < 0 || nonce > 4294967295) {
+      throw new ChainRpcError(`currentNonce out of uint32 range: ${nonce}`);
+    }
+    return nonce;
+  }
+  /**
+   * Whether the callback path is wired (both secret + backend URL set).
+   * The `notify_userop_landed` daemon handler checks this and returns
+   * `callback_unconfigured` when false so the operator sees the gap.
+   */
+  isCallbackConfigured() {
+    return Boolean(this.config.callbackServiceSecret) && Boolean(this.config.backendBaseUrl);
+  }
+  /**
+   * Queue a `validator-enabled` callback POST to the backend. Returns
+   * immediately; the retry loop runs in the background (5s / 15s / 60s
+   * / 5m, max 1h elapsed). Failures are logged but do NOT propagate to
+   * the IPC caller — the chain indexer is the authoritative safety
+   * net.
+   *
+   * Idempotency: every POST carries an `Idempotency-Key` header
+   * `<sessionId>:validator-enabled`. The backend route is no-op if the
+   * mirror row's `enable_status` is already `'enabled'` (because the
+   * chain indexer raced ahead).
+   *
+   * Returns a Promise resolved when the loop terminates (success or
+   * max-elapsed). Callers don't need to await; tests use it for
+   * deterministic assertions.
+   */
+  enqueueValidatorEnabledCallback(args) {
+    if (!this.isCallbackConfigured()) {
+      return Promise.resolve({
+        ok: false,
+        attempts: 0,
+        lastError: "callback_unconfigured"
+      });
+    }
+    const dedupKey = `${args.sessionId}:${args.txHash.toLowerCase()}:${args.accountAddress.toLowerCase()}`;
+    const existing = this.inflightCallbacks.get(dedupKey);
+    if (existing) {
+      this.log("info", "validator-enabled callback already in flight \u2014 folded", {
+        sessionId: args.sessionId
+      });
+      return existing;
+    }
+    const promise = this.runCallbackLoop(args).finally(() => {
+      this.inflightCallbacks.delete(dedupKey);
+    });
+    this.inflightCallbacks.set(dedupKey, promise);
+    return promise;
+  }
+  async runCallbackLoop(args) {
+    const url = `${this.config.backendBaseUrl.replace(/\/+$/, "")}/api/v1/agent/policy/scoped-session/${encodeURIComponent(args.sessionId)}/validator-enabled`;
+    const body = JSON.stringify({
+      userId: args.userId,
+      accountAddress: args.accountAddress,
+      permissionId: args.permissionId,
+      txHash: args.txHash,
+      blockNumber: args.blockNumber,
+      logIndex: args.logIndex
+    });
+    const startedAt = Date.now();
+    let attempts = 0;
+    let lastError;
+    for (let i = 0; i <= CALLBACK_RETRY_SCHEDULE_MS.length; i++) {
+      if (i > 0) {
+        const delay = CALLBACK_RETRY_SCHEDULE_MS[i - 1] ?? 0;
+        const elapsed = Date.now() - startedAt;
+        if (elapsed + delay > CALLBACK_MAX_ELAPSED_MS) {
+          lastError = `retry budget exhausted after ${attempts} attempts (last error: ${lastError ?? "unknown"})`;
+          this.log("error", "validator-enabled callback abandoned", {
+            sessionId: args.sessionId,
+            attempts,
+            lastError
+          });
+          return { ok: false, attempts, lastError };
+        }
+        await this.sleep(delay);
+      }
+      attempts++;
+      try {
+        const ok = await this.postCallback(url, body, args.sessionId);
+        if (ok) {
+          this.log("info", "validator-enabled callback succeeded", {
+            sessionId: args.sessionId,
+            attempts
+          });
+          return { ok: true, attempts };
+        }
+        lastError = "non-2xx response";
+      } catch (err) {
+        lastError = err instanceof Error ? err.message : String(err);
+        this.log("warn", "validator-enabled callback attempt failed", {
+          sessionId: args.sessionId,
+          attempt: attempts,
+          err: lastError
+        });
+      }
+    }
+    this.log("error", "validator-enabled callback retry budget exhausted", {
+      sessionId: args.sessionId,
+      attempts,
+      lastError
+    });
+    return { ok: false, attempts, lastError };
+  }
+  async postCallback(url, body, sessionId) {
+    const ac = new AbortController();
+    const timer = this.setTimeoutImpl(() => ac.abort(), this.fetchTimeoutMs);
+    let res;
+    try {
+      res = await this.fetchImpl(url, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Accept: "application/json",
+          Authorization: `Bearer ${this.config.callbackServiceSecret}`,
+          "Idempotency-Key": `${sessionId}:validator-enabled`,
+          Origin: this.config.outboundOriginHeader
+        },
+        body,
+        signal: ac.signal
+      });
+    } finally {
+      this.clearTimeoutImpl(timer);
+    }
+    if (res.status === 409) {
+      this.log("info", "callback returned 409 (row already enabled \u2014 idempotent)", {
+        sessionId
+      });
+      return true;
+    }
+    if (res.ok) return true;
+    throw new CallbackError(
+      `backend callback returned HTTP ${res.status}`
+    );
+  }
+  sleep(ms) {
+    return new Promise((resolve) => {
+      this.setTimeoutImpl(() => resolve(), ms);
+    });
+  }
+};
 // src/broker/daemon.ts
 var noopLogger = (_e) => {
 };
-async function handleBrokerRequest(req, signer, keystore, nowSec = () => Math.floor(Date.now() / 1e3), options = {}, policyStore) {
+async function handleBrokerRequest(req, signer, keystore, nowSec = () => Math.floor(Date.now() / 1e3), options = {}, policyStore, outbound) {
   switch (req.type) {
     case "hello": {
       let hasJwt = false;
@@ -1648,6 +2079,57 @@ async function handleBrokerRequest(req, signer, keystore, nowSec = () => Math.fl
         );
       }
     }
+    case "current_nonce": {
+      if (!outbound) {
+        return errorResponse(
+          "chain_rpc_failed",
+          "broker daemon was not configured with a chain RPC URL"
+        );
+      }
+      try {
+        const nonce = await outbound.currentNonce(req.accountAddress);
+        return {
+          type: "current_nonce",
+          nonce,
+          accountAddress: req.accountAddress
+        };
+      } catch (err) {
+        if (err instanceof ChainRpcError) {
+          return errorResponse("chain_rpc_failed", err.message);
+        }
+        return errorResponse(
+          "chain_rpc_failed",
+          err instanceof Error ? err.message : "chain RPC eth_call failed"
+        );
+      }
+    }
+    case "notify_userop_landed": {
+      if (!outbound) {
+        return errorResponse(
+          "callback_unconfigured",
+          "broker daemon was not configured with the callback service secret"
+        );
+      }
+      if (!outbound.isCallbackConfigured()) {
+        return errorResponse(
+          "callback_unconfigured",
+          "BROKER_CALLBACK_SERVICE_SECRET or backend URL is unset \u2014 validator-enabled callback skipped (chain indexer is the safety net)"
+        );
+      }
+      void outbound.enqueueValidatorEnabledCallback({
+        sessionId: req.sessionId,
+        accountAddress: req.accountAddress,
+        permissionId: req.permissionId,
+        txHash: req.txHash,
+        blockNumber: req.blockNumber,
+        logIndex: req.logIndex
+      });
+      return {
+        type: "notify_userop_landed",
+        queued: true,
+        sessionId: req.sessionId
+      };
+    }
   }
 }
 function errorResponse(code, message) {
@@ -1678,6 +2160,7 @@ var BrokerDaemon = class {
   config;
   keystore;
   policyStore;
+  outbound;
   /**
    * Whether a session-key private half is actually loaded. `false` =
    * daemon booted in read-only posture (no `MUHAVEN_BROKER_SESSION_KEY`
@@ -1698,6 +2181,15 @@ var BrokerDaemon = class {
     }
     this.keystore = options.keystore ?? null;
     this.policyStore = options.policyStore ?? new FilePolicyStore(FilePolicyStore.defaultDir());
+    this.outbound = options.outbound ?? new BrokerOutbound(
+      {
+        chainRpcUrl: options.config.chainRpcUrl,
+        backendBaseUrl: options.config.backendBaseUrl,
+        callbackServiceSecret: options.config.callbackServiceSecret,
+        outboundOriginHeader: options.config.outboundOriginHeader ?? options.config.dashboardBaseUrl
+      },
+      (level, msg, meta) => (options.logger ?? noopLogger)({ level, msg, meta })
+    );
     this.log = options.logger ?? noopLogger;
     this.server = net.createServer((socket) => this.onConnection(socket));
   }
@@ -1830,7 +2322,8 @@ var BrokerDaemon = class {
           },
           pid: process.pid
         },
-        this.policyStore
+        this.policyStore,
+        this.outbound
       );
       socket.end(serializeResponse(res));
     } catch (err) {
@@ -2783,7 +3276,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.2.9";
+    return "0.3.0";
   }
 }
 function printVersion() {