@muhaven/mcp 0.4.2 → 0.4.3

package/CHANGELOG.md

@@ -7,6 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.3] — 2026-05-24
+
+### Changed
+
+- **`muhaven-broker setup` no longer silently uses an opaque env key.** When
+  `MUHAVEN_BROKER_SESSION_KEY` is set (its "scriptable" precedence over the
+  interactive prompt), setup now (a) **validates the key's shape up front**
+  — a malformed value fails with a clear error + an unset hint instead of a
+  confusing daemon crash later — and (b) **prints the derived signer
+  address**: `Session key: using MUHAVEN_BROKER_SESSION_KEY from env (signer
+  0x…)`, plus a one-line "unset it to paste a dashboard key instead" hint. So
+  a STALE/unintended lingering env key is obvious rather than silently
+  adopted. The pasted-key and self-mint paths print the signer too, matching
+  `start`/`update`'s `Broker signer: 0x…`. New exported `deriveSignerAddress`
+  helper (display-only; never logs the private key). Operator-found on 0.4.2.
+
 ## [0.4.2] — 2026-05-24
 
 ### Fixed

package/dist/broker.cjs

@@ -2457,6 +2457,13 @@ function applyEnvDefaults(input) {
 function mintSessionKey() {
   return accounts.generatePrivateKey();
 }
+function deriveSignerAddress(privateKeyHex) {
+  try {
+    return accounts.privateKeyToAccount(privateKeyHex).address;
+  } catch {
+    return null;
+  }
+}
 function decideSetupAction(input) {
   if (input.hello === null) return "spawn_and_login";
   if (!input.hello.hasJwt) return "login_only";
@@ -2793,7 +2800,21 @@ async function runSetup(argv, deps) {
   let sessionKey = effectiveEnv.MUHAVEN_BROKER_SESSION_KEY;
   let mintedKey = false;
   if (sessionKey && sessionKey.length > 0) {
-    deps.print("Session key: using MUHAVEN_BROKER_SESSION_KEY from env.");
+    const shapeErr = validateSessionKeyShape(sessionKey);
+    if (shapeErr) {
+      deps.printErr(`error: MUHAVEN_BROKER_SESSION_KEY is set but invalid \u2014 ${shapeErr}`);
+      deps.printErr(
+        "  Unset MUHAVEN_BROKER_SESSION_KEY to paste a dashboard key (or fix the value), then re-run setup."
+      );
+      return 2;
+    }
+    const signer = deriveSignerAddress(sessionKey);
+    deps.print(
+      `Session key: using MUHAVEN_BROKER_SESSION_KEY from env${signer ? ` (signer ${signer})` : ""}.`
+    );
+    deps.print(
+      "  To paste a dashboard-minted key instead, unset MUHAVEN_BROKER_SESSION_KEY first."
+    );
   } else {
     const sessionInput = deps.sessionInput ?? {
       isTty: false,
@@ -2812,11 +2833,17 @@ async function runSetup(argv, deps) {
     }
     if (resolution.kind === "key") {
       sessionKey = resolution.key;
-      deps.print("Session key: using the pasted dashboard key.");
+      const signer = deriveSignerAddress(sessionKey);
+      deps.print(
+        `Session key: using the pasted dashboard key${signer ? ` (signer ${signer})` : ""}.`
+      );
     } else {
       sessionKey = deps.mintSessionKey();
       mintedKey = true;
-      deps.print("Session key: minted fresh (secp256k1, ephemeral to this daemon).");
+      const signer = deriveSignerAddress(sessionKey);
+      deps.print(
+        `Session key: minted fresh (secp256k1, ephemeral to this daemon)${signer ? ` \u2014 signer ${signer}` : ""}.`
+      );
     }
   }
   effectiveEnv.MUHAVEN_BROKER_SESSION_KEY = sessionKey;
@@ -3591,7 +3618,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.4.2";
+    return "0.4.3";
   }
 }
 function printVersion() {

package/dist/broker.js

@@ -2459,6 +2459,13 @@ function applyEnvDefaults(input) {
 function mintSessionKey() {
   return generatePrivateKey();
 }
+function deriveSignerAddress(privateKeyHex) {
+  try {
+    return privateKeyToAccount(privateKeyHex).address;
+  } catch {
+    return null;
+  }
+}
 function decideSetupAction(input) {
   if (input.hello === null) return "spawn_and_login";
   if (!input.hello.hasJwt) return "login_only";
@@ -2795,7 +2802,21 @@ async function runSetup(argv, deps) {
   let sessionKey = effectiveEnv.MUHAVEN_BROKER_SESSION_KEY;
   let mintedKey = false;
   if (sessionKey && sessionKey.length > 0) {
-    deps.print("Session key: using MUHAVEN_BROKER_SESSION_KEY from env.");
+    const shapeErr = validateSessionKeyShape(sessionKey);
+    if (shapeErr) {
+      deps.printErr(`error: MUHAVEN_BROKER_SESSION_KEY is set but invalid \u2014 ${shapeErr}`);
+      deps.printErr(
+        "  Unset MUHAVEN_BROKER_SESSION_KEY to paste a dashboard key (or fix the value), then re-run setup."
+      );
+      return 2;
+    }
+    const signer = deriveSignerAddress(sessionKey);
+    deps.print(
+      `Session key: using MUHAVEN_BROKER_SESSION_KEY from env${signer ? ` (signer ${signer})` : ""}.`
+    );
+    deps.print(
+      "  To paste a dashboard-minted key instead, unset MUHAVEN_BROKER_SESSION_KEY first."
+    );
   } else {
     const sessionInput = deps.sessionInput ?? {
       isTty: false,
@@ -2814,11 +2835,17 @@ async function runSetup(argv, deps) {
     }
     if (resolution.kind === "key") {
       sessionKey = resolution.key;
-      deps.print("Session key: using the pasted dashboard key.");
+      const signer = deriveSignerAddress(sessionKey);
+      deps.print(
+        `Session key: using the pasted dashboard key${signer ? ` (signer ${signer})` : ""}.`
+      );
     } else {
       sessionKey = deps.mintSessionKey();
       mintedKey = true;
-      deps.print("Session key: minted fresh (secp256k1, ephemeral to this daemon).");
+      const signer = deriveSignerAddress(sessionKey);
+      deps.print(
+        `Session key: minted fresh (secp256k1, ephemeral to this daemon)${signer ? ` \u2014 signer ${signer}` : ""}.`
+      );
     }
   }
   effectiveEnv.MUHAVEN_BROKER_SESSION_KEY = sessionKey;
@@ -3593,7 +3620,7 @@ function printUsage() {
 }
 function getBrokerPackageVersion() {
   {
-    return "0.4.2";
+    return "0.4.3";
   }
 }
 function printVersion() {

package/dist/index.cjs

@@ -3695,7 +3695,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.4.2";
+    return "0.4.3";
   }
 }
 function toJsonInputSchema(schema) {

package/dist/index.js

@@ -3691,7 +3691,7 @@ var SERVER_NAME = "@muhaven/mcp";
 var SERVER_VERSION = resolveServerVersion();
 function resolveServerVersion() {
   {
-    return "0.4.2";
+    return "0.4.3";
   }
 }
 function toJsonInputSchema(schema) {

package/manifest.json

@@ -3,7 +3,7 @@
   "manifest_version": "0.2",
   "name": "muhaven-mcp",
   "display_name": "MuHaven (RWA portfolio)",
-  "version": "0.4.2",
+  "version": "0.4.3",
   "description": "Confidential RWA portfolio management on Fhenix CoFHE. Read your encrypted balances, propose yield claims and policy changes — all signing happens in a sibling broker daemon, the LLM never sees your private key.",
   "long_description": "MuHaven MCP exposes 24 tools across read.* / position.* / policy.* / issuer.* / governance.* groups for managing real-world asset (RWA) tokens with FHE-encrypted balances. Authentication uses a one-time device-code ceremony (run `muhaven-broker login`); subsequent tool calls fetch the JWT from the broker over a Unix socket. Position / governance tools deep-link to the dashboard for passkey signing — they NEVER auto-submit to a bundler. The companion `muhaven-broker` daemon must be running before tools can be invoked. See README for setup.",
   "author": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@muhaven/mcp",
-  "version": "0.4.2",
+  "version": "0.4.3",
   "description": "MuHaven MCP server — read/position/policy toolsets bridging Claude Desktop / Cursor / Claude Code to the MuHaven backend, with a sibling muhaven-broker daemon holding the session-key private half over a local IPC socket",
   "type": "module",
   "repository": {