@muhaven/mcp 0.4.1 → 0.4.2

package/CHANGELOG.md

@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.2] — 2026-05-24
+
+### Fixed
+
+- **Revoke kill-switch — MCP-side gate (defense-in-depth).** A revoked
+  Scoped session let an already-running broker keep buying autonomously
+  (the broker signs from a local snapshot with no "revoked" concept and the
+  on-chain validator stays installed). `position.buy` Path D now hard-gates
+  on the backend mirror: when the broker hands over an active snapshot but
+  `GET /agent/policy/scoped-session` reports NO active session (= revoked or
+  expired on the dashboard), the buy refuses with the new
+  `pathDFallbackReason: 'session_revoked'`, best-effort calls the broker's
+  `clear_policy_snapshot` to purge the dormant key-backed snapshot, and
+  falls back to the Path C deep-link. A transient mirror-fetch ERROR is
+  still treated as best-effort (not "revoked") so a backend blip doesn't
+  break Path D. The authoritative enforcement is the server-side
+  `encrypt-shares` gate (backend change, same release window); this MCP
+  check is the fast, clear fail before the encrypt round-trip. SecEng
+  investigation 2026-05-24.
+
 ## [0.4.1] — 2026-05-24
 
 ### Added

package/dist/broker.cjs

@@ -3591,7 +3591,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.4.1";
+    return "0.4.2";
   }
 }
 function printVersion() {

package/dist/broker.js

@@ -3593,7 +3593,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.4.1";
+    return "0.4.2";
   }
 }
 function printVersion() {

package/dist/index.cjs

@@ -2799,18 +2799,33 @@ async function attemptPathD(args, deps) {
       message: `backend /agent/policy/state lookup failed: ${err2 instanceof Error ? err2.message : String(err2)}`
     };
   }
+  let mirrorFetchOk = false;
+  let mirrorHadActiveSession = false;
   try {
     const mirror = await deps.backend.get(
       "/api/v1/agent/policy/scoped-session",
       { surface: "mcp" }
     );
+    mirrorFetchOk = true;
     if (mirror?.session) {
+      mirrorHadActiveSession = true;
       mirrorSessionRow = mirror.session;
       mirrorEnableStatus = mirror.session.enableStatus ?? null;
       mirrorValidatorNonce = mirror.session.validatorNonce ?? null;
     }
   } catch (err2) {
   }
+  if (mirrorFetchOk && !mirrorHadActiveSession) {
+    try {
+      await deps.broker.clearPolicySnapshot(activeId);
+    } catch {
+    }
+    return {
+      kind: "fallback",
+      reason: "session_revoked",
+      message: "the Scoped session was revoked (or expired) on the dashboard \u2014 the broker snapshot is stale; purged it and falling back to Path C. Re-mint a Scoped session to resume autonomous buys."
+    };
+  }
   if (!snapshot.permissionId) {
     return {
       kind: "fallback",
@@ -3680,7 +3695,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.4.1";
+    return "0.4.2";
   }
 }
 function toJsonInputSchema(schema) {

package/dist/index.js

@@ -2795,18 +2795,33 @@ async function attemptPathD(args, deps) {
       message: `backend /agent/policy/state lookup failed: ${err2 instanceof Error ? err2.message : String(err2)}`
     };
   }
+  let mirrorFetchOk = false;
+  let mirrorHadActiveSession = false;
   try {
     const mirror = await deps.backend.get(
       "/api/v1/agent/policy/scoped-session",
       { surface: "mcp" }
     );
+    mirrorFetchOk = true;
     if (mirror?.session) {
+      mirrorHadActiveSession = true;
       mirrorSessionRow = mirror.session;
       mirrorEnableStatus = mirror.session.enableStatus ?? null;
       mirrorValidatorNonce = mirror.session.validatorNonce ?? null;
     }
   } catch (err2) {
   }
+  if (mirrorFetchOk && !mirrorHadActiveSession) {
+    try {
+      await deps.broker.clearPolicySnapshot(activeId);
+    } catch {
+    }
+    return {
+      kind: "fallback",
+      reason: "session_revoked",
+      message: "the Scoped session was revoked (or expired) on the dashboard \u2014 the broker snapshot is stale; purged it and falling back to Path C. Re-mint a Scoped session to resume autonomous buys."
+    };
+  }
   if (!snapshot.permissionId) {
     return {
       kind: "fallback",
@@ -3676,7 +3691,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.4.1";
+    return "0.4.2";
   }
 }
 function toJsonInputSchema(schema) {

package/manifest.json

@@ -3,7 +3,7 @@
   "manifest_version": "0.2",
   "name": "muhaven-mcp",
   "display_name": "MuHaven (RWA portfolio)",
-  "version": "0.4.1",
+  "version": "0.4.2",
   "description": "Confidential RWA portfolio management on Fhenix CoFHE. Read your encrypted balances, propose yield claims and policy changes — all signing happens in a sibling broker daemon, the LLM never sees your private key.",
   "long_description": "MuHaven MCP exposes 24 tools across read.* / position.* / policy.* / issuer.* / governance.* groups for managing real-world asset (RWA) tokens with FHE-encrypted balances. Authentication uses a one-time device-code ceremony (run `muhaven-broker login`); subsequent tool calls fetch the JWT from the broker over a Unix socket. Position / governance tools deep-link to the dashboard for passkey signing — they NEVER auto-submit to a bundler. The companion `muhaven-broker` daemon must be running before tools can be invoked. See README for setup.",
   "author": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@muhaven/mcp",
-  "version": "0.4.1",
+  "version": "0.4.2",
   "description": "MuHaven MCP server — read/position/policy toolsets bridging Claude Desktop / Cursor / Claude Code to the MuHaven backend, with a sibling muhaven-broker daemon holding the session-key private half over a local IPC socket",
   "type": "module",
   "repository": {