npm - @muhaven/mcp - Versions diffs - 0.4.1 → 0.4.3 - Mend

@muhaven/mcp 0.4.1 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,42 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [0.4.3] — 2026-05-24
+### Changed
+- **`muhaven-broker setup` no longer silently uses an opaque env key.** When
+  `MUHAVEN_BROKER_SESSION_KEY` is set (its "scriptable" precedence over the
+  interactive prompt), setup now (a) **validates the key's shape up front**
+  — a malformed value fails with a clear error + an unset hint instead of a
+  confusing daemon crash later — and (b) **prints the derived signer
+  address**: `Session key: using MUHAVEN_BROKER_SESSION_KEY from env (signer
+  0x…)`, plus a one-line "unset it to paste a dashboard key instead" hint. So
+  a STALE/unintended lingering env key is obvious rather than silently
+  adopted. The pasted-key and self-mint paths print the signer too, matching
+  `start`/`update`'s `Broker signer: 0x…`. New exported `deriveSignerAddress`
+  helper (display-only; never logs the private key). Operator-found on 0.4.2.
+## [0.4.2] — 2026-05-24
+### Fixed
+- **Revoke kill-switch — MCP-side gate (defense-in-depth).** A revoked
+  Scoped session let an already-running broker keep buying autonomously
+  (the broker signs from a local snapshot with no "revoked" concept and the
+  on-chain validator stays installed). `position.buy` Path D now hard-gates
+  on the backend mirror: when the broker hands over an active snapshot but
+  `GET /agent/policy/scoped-session` reports NO active session (= revoked or
+  expired on the dashboard), the buy refuses with the new
+  `pathDFallbackReason: 'session_revoked'`, best-effort calls the broker's
+  `clear_policy_snapshot` to purge the dormant key-backed snapshot, and
+  falls back to the Path C deep-link. A transient mirror-fetch ERROR is
+  still treated as best-effort (not "revoked") so a backend blip doesn't
+  break Path D. The authoritative enforcement is the server-side
+  `encrypt-shares` gate (backend change, same release window); this MCP
+  check is the fast, clear fail before the encrypt round-trip. SecEng
+  investigation 2026-05-24.
 ## [0.4.1] — 2026-05-24
 ### Added

package/dist/broker.cjs CHANGED Viewed

@@ -2457,6 +2457,13 @@ function applyEnvDefaults(input) {
 function mintSessionKey() {
   return accounts.generatePrivateKey();
 }
+function deriveSignerAddress(privateKeyHex) {
+  try {
+    return accounts.privateKeyToAccount(privateKeyHex).address;
+  } catch {
+    return null;
+  }
+}
 function decideSetupAction(input) {
   if (input.hello === null) return "spawn_and_login";
   if (!input.hello.hasJwt) return "login_only";
@@ -2793,7 +2800,21 @@ async function runSetup(argv, deps) {
   let sessionKey = effectiveEnv.MUHAVEN_BROKER_SESSION_KEY;
   let mintedKey = false;
   if (sessionKey && sessionKey.length > 0) {
-    deps.print("Session key: using MUHAVEN_BROKER_SESSION_KEY from env.");
+    const shapeErr = validateSessionKeyShape(sessionKey);
+    if (shapeErr) {
+      deps.printErr(`error: MUHAVEN_BROKER_SESSION_KEY is set but invalid \u2014 ${shapeErr}`);
+      deps.printErr(
+        "  Unset MUHAVEN_BROKER_SESSION_KEY to paste a dashboard key (or fix the value), then re-run setup."
+      );
+      return 2;
+    }
+    const signer = deriveSignerAddress(sessionKey);
+    deps.print(
+      `Session key: using MUHAVEN_BROKER_SESSION_KEY from env${signer ? ` (signer ${signer})` : ""}.`
+    );
+    deps.print(
+      "  To paste a dashboard-minted key instead, unset MUHAVEN_BROKER_SESSION_KEY first."
+    );
   } else {
     const sessionInput = deps.sessionInput ?? {
       isTty: false,
@@ -2812,11 +2833,17 @@ async function runSetup(argv, deps) {
     }
     if (resolution.kind === "key") {
       sessionKey = resolution.key;
-      deps.print("Session key: using the pasted dashboard key.");
+      const signer = deriveSignerAddress(sessionKey);
+      deps.print(
+        `Session key: using the pasted dashboard key${signer ? ` (signer ${signer})` : ""}.`
+      );
     } else {
       sessionKey = deps.mintSessionKey();
       mintedKey = true;
-      deps.print("Session key: minted fresh (secp256k1, ephemeral to this daemon).");
+      const signer = deriveSignerAddress(sessionKey);
+      deps.print(
+        `Session key: minted fresh (secp256k1, ephemeral to this daemon)${signer ? ` \u2014 signer ${signer}` : ""}.`
+      );
     }
   }
   effectiveEnv.MUHAVEN_BROKER_SESSION_KEY = sessionKey;
@@ -3591,7 +3618,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.4.1";
+    return "0.4.3";
   }
 }
 function printVersion() {

package/dist/broker.js CHANGED Viewed

@@ -2459,6 +2459,13 @@ function applyEnvDefaults(input) {
 function mintSessionKey() {
   return generatePrivateKey();
 }
+function deriveSignerAddress(privateKeyHex) {
+  try {
+    return privateKeyToAccount(privateKeyHex).address;
+  } catch {
+    return null;
+  }
+}
 function decideSetupAction(input) {
   if (input.hello === null) return "spawn_and_login";
   if (!input.hello.hasJwt) return "login_only";
@@ -2795,7 +2802,21 @@ async function runSetup(argv, deps) {
   let sessionKey = effectiveEnv.MUHAVEN_BROKER_SESSION_KEY;
   let mintedKey = false;
   if (sessionKey && sessionKey.length > 0) {
-    deps.print("Session key: using MUHAVEN_BROKER_SESSION_KEY from env.");
+    const shapeErr = validateSessionKeyShape(sessionKey);
+    if (shapeErr) {
+      deps.printErr(`error: MUHAVEN_BROKER_SESSION_KEY is set but invalid \u2014 ${shapeErr}`);
+      deps.printErr(
+        "  Unset MUHAVEN_BROKER_SESSION_KEY to paste a dashboard key (or fix the value), then re-run setup."
+      );
+      return 2;
+    }
+    const signer = deriveSignerAddress(sessionKey);
+    deps.print(
+      `Session key: using MUHAVEN_BROKER_SESSION_KEY from env${signer ? ` (signer ${signer})` : ""}.`
+    );
+    deps.print(
+      "  To paste a dashboard-minted key instead, unset MUHAVEN_BROKER_SESSION_KEY first."
+    );
   } else {
     const sessionInput = deps.sessionInput ?? {
       isTty: false,
@@ -2814,11 +2835,17 @@ async function runSetup(argv, deps) {
     }
     if (resolution.kind === "key") {
       sessionKey = resolution.key;
-      deps.print("Session key: using the pasted dashboard key.");
+      const signer = deriveSignerAddress(sessionKey);
+      deps.print(
+        `Session key: using the pasted dashboard key${signer ? ` (signer ${signer})` : ""}.`
+      );
     } else {
       sessionKey = deps.mintSessionKey();
       mintedKey = true;
-      deps.print("Session key: minted fresh (secp256k1, ephemeral to this daemon).");
+      const signer = deriveSignerAddress(sessionKey);
+      deps.print(
+        `Session key: minted fresh (secp256k1, ephemeral to this daemon)${signer ? ` \u2014 signer ${signer}` : ""}.`
+      );
     }
   }
   effectiveEnv.MUHAVEN_BROKER_SESSION_KEY = sessionKey;
@@ -3593,7 +3620,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.4.1";
+    return "0.4.3";
   }
 }
 function printVersion() {

package/dist/index.cjs CHANGED Viewed

@@ -2799,18 +2799,33 @@ async function attemptPathD(args, deps) {
       message: `backend /agent/policy/state lookup failed: ${err2 instanceof Error ? err2.message : String(err2)}`
     };
   }
+  let mirrorFetchOk = false;
+  let mirrorHadActiveSession = false;
   try {
     const mirror = await deps.backend.get(
       "/api/v1/agent/policy/scoped-session",
       { surface: "mcp" }
     );
+    mirrorFetchOk = true;
     if (mirror?.session) {
+      mirrorHadActiveSession = true;
       mirrorSessionRow = mirror.session;
       mirrorEnableStatus = mirror.session.enableStatus ?? null;
       mirrorValidatorNonce = mirror.session.validatorNonce ?? null;
     }
   } catch (err2) {
   }
+  if (mirrorFetchOk && !mirrorHadActiveSession) {
+    try {
+      await deps.broker.clearPolicySnapshot(activeId);
+    } catch {
+    }
+    return {
+      kind: "fallback",
+      reason: "session_revoked",
+      message: "the Scoped session was revoked (or expired) on the dashboard \u2014 the broker snapshot is stale; purged it and falling back to Path C. Re-mint a Scoped session to resume autonomous buys."
+    };
+  }
   if (!snapshot.permissionId) {
     return {
       kind: "fallback",
@@ -3680,7 +3695,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.4.1";
+    return "0.4.3";
   }
 }
 function toJsonInputSchema(schema) {

package/dist/index.js CHANGED Viewed

@@ -2795,18 +2795,33 @@ async function attemptPathD(args, deps) {
       message: `backend /agent/policy/state lookup failed: ${err2 instanceof Error ? err2.message : String(err2)}`
     };
   }
+  let mirrorFetchOk = false;
+  let mirrorHadActiveSession = false;
   try {
     const mirror = await deps.backend.get(
       "/api/v1/agent/policy/scoped-session",
       { surface: "mcp" }
     );
+    mirrorFetchOk = true;
     if (mirror?.session) {
+      mirrorHadActiveSession = true;
       mirrorSessionRow = mirror.session;
       mirrorEnableStatus = mirror.session.enableStatus ?? null;
       mirrorValidatorNonce = mirror.session.validatorNonce ?? null;
     }
   } catch (err2) {
   }
+  if (mirrorFetchOk && !mirrorHadActiveSession) {
+    try {
+      await deps.broker.clearPolicySnapshot(activeId);
+    } catch {
+    }
+    return {
+      kind: "fallback",
+      reason: "session_revoked",
+      message: "the Scoped session was revoked (or expired) on the dashboard \u2014 the broker snapshot is stale; purged it and falling back to Path C. Re-mint a Scoped session to resume autonomous buys."
+    };
+  }
   if (!snapshot.permissionId) {
     return {
       kind: "fallback",
@@ -3676,7 +3691,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.4.1";
+    return "0.4.3";
   }
 }
 function toJsonInputSchema(schema) {

package/manifest.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "manifest_version": "0.2",
   "name": "muhaven-mcp",
   "display_name": "MuHaven (RWA portfolio)",
-  "version": "0.4.1",
+  "version": "0.4.3",
   "description": "Confidential RWA portfolio management on Fhenix CoFHE. Read your encrypted balances, propose yield claims and policy changes — all signing happens in a sibling broker daemon, the LLM never sees your private key.",
   "long_description": "MuHaven MCP exposes 24 tools across read.* / position.* / policy.* / issuer.* / governance.* groups for managing real-world asset (RWA) tokens with FHE-encrypted balances. Authentication uses a one-time device-code ceremony (run `muhaven-broker login`); subsequent tool calls fetch the JWT from the broker over a Unix socket. Position / governance tools deep-link to the dashboard for passkey signing — they NEVER auto-submit to a bundler. The companion `muhaven-broker` daemon must be running before tools can be invoked. See README for setup.",
   "author": {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@muhaven/mcp",
-  "version": "0.4.1",
+  "version": "0.4.3",
   "description": "MuHaven MCP server — read/position/policy toolsets bridging Claude Desktop / Cursor / Claude Code to the MuHaven backend, with a sibling muhaven-broker daemon holding the session-key private half over a local IPC socket",
   "type": "module",
   "repository": {