@oobe-protocol-labs/sap-mcp-server 0.1.0

package/docs/00_README.md

@@ -0,0 +1,45 @@
+# 00. Documentation Index
+
+SAP MCP Server is a production-oriented Model Context Protocol server for OOBE SAP Protocol, Solana, Synapse AgentKit, SNS, and monetized hosted agent workflows.
+
+This documentation set is intentionally numbered. Read it in order for a full system view, or jump directly to the operational area you need.
+
+## 00.1 Document Map
+
+| Document | Purpose |
+| --- | --- |
+| [01. Product Overview](01_PRODUCT_OVERVIEW.md) | What SAP MCP is, who uses it, and which deployment models it supports. |
+| [02. Architecture And Request Flow](02_ARCHITECTURE_AND_REQUEST_FLOW.md) | Runtime modules, MCP flow, signing flow, payment flow, and trust boundaries. |
+| [03. Configuration And Wizard](03_CONFIGURATION_AND_WIZARD.md) | Profile manager, wallet isolation, wizard behavior, client config injection, and config CLI. |
+| [04. Local Stdio Usage](04_LOCAL_STDIO_USAGE.md) | Local MCP setup for Claude, Hermes, Codex, OpenClaw, and development agents. |
+| [05. Remote VPS Deployment](05_REMOTE_VPS_DEPLOYMENT.md) | Hosted Streamable HTTP deployment for `mcp.sap.oobeprotocol.ai`, reverse proxy, PM2, and release packaging. |
+| [06. Payments, x402, And pay.sh](06_PAYMENTS_X402_AND_PAYSH.md) | Monetization model, x402 payment gate, pay.sh provider YAML, facilitator keypair, pricing, and settlement. |
+| [07. Endpoints And Clients](07_ENDPOINTS_AND_CLIENTS.md) | HTTP endpoints, headers, MCP client examples, health checks, smoke tests, and payment endpoints. |
+| [08. Security, Policy, And Signing](08_SECURITY_POLICY_AND_SIGNING.md) | Keypair safety, Bento/local policy, approval rules, signer modes, and operational security. |
+| [09. Tools, Skills, And Agent Guide](09_TOOLS_SKILLS_AND_AGENT_GUIDE.md) | Tool families, agent context, skills installation, SDK docs pointers, and language expectations. |
+| [10. Operations, Release, And PM2](10_OPERATIONS_RELEASE_AND_PM2.md) | Build gates, PM2 ecosystem, logs, monitoring, changelog discipline, public/private repo guidance. |
+| [11. Code Quality Audit](11_CODE_QUALITY_AUDIT.md) | Engineering scorecard, release gates, quality rules, and current residual risks. |
+
+## 00.2 Primary Binaries
+
+| Binary | Purpose |
+| --- | --- |
+| `sap-mcp-server` | Local stdio MCP server and CLI entry point. |
+| `sap-mcp-remote` | Remote MCP Streamable HTTP server. Supports bearerless public mode plus API key/JWT private modes. |
+| `sap-mcp-config` | Config CLI, profile manager, approval workflow, and wizard entry point. |
+| `sap-mcp-wizard` | TUI setup wizard. |
+| `sap-signing-proxy` | Local signing proxy for external signer mode. |
+| `sap-mcp-facilitator` | Self-hosted x402 SVM facilitator. |
+| `sap-mcp-pay-sh-spec` | pay.sh provider YAML generator. |
+
+## 00.3 Golden Rules
+
+1. Generated SAP MCP wallets live under `~/.config/mcp-sap/keypairs/`.
+2. The wizard never modifies `~/.config/solana/id.json`.
+3. Local stdio mode is for a user's own machine.
+4. Remote HTTP mode can be bearerless for hosted agents; paid tools still require x402.
+5. Hosted payment and transaction signing flows still require a wizard-created user SAP profile and a local or external signer.
+6. x402 monetization applies to paid `tools/call` requests, not to the basic MCP handshake.
+7. pay.sh is an outer provider/catalog/proxy integration; SAP MCP remains the source of truth for per-tool pricing.
+8. Facilitator signer, revenue recipient, user SAP wallet, agent PDA, and Solana CLI wallet are separate identities.
+9. Keypair bytes must never be logged, shown to agents, injected into client config, or documented in examples.

package/docs/01_PRODUCT_OVERVIEW.md

@@ -0,0 +1,69 @@
+# 01. Product Overview
+
+## 01.1 What SAP MCP Is
+
+SAP MCP Server exposes OOBE Synapse Agent Protocol functionality through the Model Context Protocol. Agents connect through MCP and receive a structured tool surface for Solana, SAP Protocol, Synapse AgentKit, SNS, profiles, skills, payments, and transaction signing.
+
+The server supports two first-class modes:
+
+| Mode | Transport | Primary use case |
+| --- | --- | --- |
+| Local | stdio | Claude Desktop, Hermes, Codex, OpenClaw, Cursor, and local agent development. |
+| Remote | Streamable HTTP at `/mcp` | Hosted access at a public domain such as `mcp.sap.oobeprotocol.ai`. |
+
+## 01.2 What It Exposes
+
+The runtime tool registry includes:
+
+1. SAP SDK tools from `@oobe-protocol-labs/synapse-sap-sdk`.
+2. SAP SNS tools for domain and identity workflows.
+3. Synapse AgentKit tools from `@oobe-protocol-labs/synapse-client-sdk`.
+4. Solana RPC, DAS, token, NFT, DeFi, Jupiter, transaction, and profile tools.
+5. SAP MCP profile and skill-pack management tools.
+6. x402 payment helper tools for paid hosted workflows.
+
+Tool count changes as upstream SDKs evolve. Verify the current runtime count with `tools/list` or the smoke test in [07. Endpoints And Clients](07_ENDPOINTS_AND_CLIENTS.md).
+
+## 01.3 Who Uses It
+
+| Actor | What they need |
+| --- | --- |
+| Local agent operator | A profile under `~/.config/mcp-sap`, a dedicated SAP MCP keypair or external signer, and a local MCP client config. |
+| Hosted MCP customer | A remote MCP URL and payment headers only for paid tool calls. |
+| OOBE operator | A VPS deployment, reverse proxy, PM2 services, API keys or JWT auth, facilitator service, payment recipient wallet, and monitoring. |
+| Developer | The repo, SDK dependencies, typecheck/build/test gates, and the docs in this directory. |
+
+## 01.4 Public Or Private Repository
+
+The recommended model is:
+
+1. Keep the source repo public once secrets, private config files, keypairs, deployment tokens, and customer credentials are excluded.
+2. Keep production `.env`, PM2 ecosystem files with secrets, facilitator signer files, and customer API keys private.
+3. Publish signed GitHub releases and npm packages so users can install the wizard and local server without cloning private infrastructure.
+
+Public source helps agent developers audit the tool surface, transport behavior, and signing model. Private deployment state protects the business.
+
+## 01.5 Do Remote Customers Need The Wizard?
+
+Yes for signing and paid agent operation.
+
+1. Customers can connect read-only agents to hosted `https://mcp.sap.oobeprotocol.ai/mcp` with only a client config entry.
+2. Hosted users who sign x402/pay.sh payments or tool transactions must run `sap-mcp-config wizard` to create the user SAP profile, policy limits, and local or external signer.
+3. Developers who want to run SAP MCP locally should use the wizard.
+4. Hosted customers should not receive server keypairs, facilitator keypairs, or OOBE deployment secrets.
+
+The wizard is distributed through the npm package and release artifacts. It is the standard onboarding path for hosted users who need user-controlled signing.
+
+Agent owners need the wizard when they want their own SAP identity, local profile, dedicated wallet, signing policy, or external signer connection. In that case the wallet lives on the user's machine under `~/.config/mcp-sap/keypairs/` or behind an external signer, not inside the hosted OOBE remote MCP process.
+
+| Customer mode | Wizard required | Wallet or signer location |
+| --- | --- | --- |
+| Read-only hosted discovery | Optional | None required for read-only calls. |
+| Hosted user paying x402/pay.sh charges | Yes | User machine under `~/.config/mcp-sap/keypairs/` or external signer. |
+| Hosted user signing SAP/Solana tool transactions | Yes | User-controlled signer, never uploaded to `mcp.sap.oobeprotocol.ai`. |
+| Local stdio or self-hosted developer | Yes | User machine under `~/.config/mcp-sap/keypairs/` or external signer. |
+| OOBE custodial hosted agent | No for end user | OOBE-controlled secret manager; separate product and risk model. |
+
+## 01.6 Monetization Model In One Sentence
+
+Agents do not pay merely because they connect. Free protocol and base profile calls remain free; paid tools are priced per `tools/call` and authorized through x402 before execution.

package/docs/02_ARCHITECTURE_AND_REQUEST_FLOW.md

@@ -0,0 +1,120 @@
+# 02. Architecture And Request Flow
+
+## 02.1 High-Level Architecture
+
+```text
+MCP Client
+  | stdio or Streamable HTTP
+  v
+SAP MCP Server
+  |-- config/profile manager
+  |-- policy engine
+  |-- tool registry
+  |-- signer resolver
+  |-- optional x402 payment gate
+  v
+OOBE SDKs and Solana RPC
+  |-- synapse-sap-sdk
+  |-- synapse-client-sdk
+  |-- Solana RPC
+  v
+Solana / SAP Protocol / SNS / AgentKit
+```
+
+## 02.2 Runtime Modules
+
+| Directory | Responsibility |
+| --- | --- |
+| `src/server/` | MCP server factory and capability registration. |
+| `src/transports/` | stdio and local HTTP transport helpers. |
+| `src/remote/` | Streamable HTTP MCP server. Supports bearerless public mode plus API key/JWT private modes. |
+| `src/tools/` | SAP, Solana, AgentKit, SNS, transaction, profile, skill, and payment tool registration. |
+| `src/config/` | Runtime config, secure config manager, profile manager, wizard pipeline, and client injection. |
+| `src/policy/` | Local policy, Bento policy, hybrid policy, spending limits, and risk evaluation. |
+| `src/security/` | Private-key guard, unsafe action guard, approval requirements, and tool permission maps. |
+| `src/signer/` | Local keypair signer, external signer, delegated signer, and signing proxy. |
+| `src/payments/` | x402 monetization gate, facilitator server, usage ledger, pricing, and pay.sh spec generator. |
+| `src/resources/` | MCP resources for current config, registry, reputation, memory, stats, and tool schemas. |
+| `src/prompts/` | MCP prompts that teach agents how to use SAP MCP safely. |
+
+## 02.3 Local Stdio Flow
+
+1. Agent client starts `sap-mcp-server` as a child process.
+2. Server loads the active profile from `~/.config/mcp-sap`.
+3. MCP handshake runs over stdio.
+4. Client calls tools through JSON-RPC.
+5. Policy and security guards run before tool execution.
+6. If a tool needs signing, the signer resolver uses local keypair or external signer mode.
+7. Results are returned through MCP content blocks.
+
+Local stdio is not monetized by default. It is the user's own local runtime.
+
+## 02.4 Remote HTTP Flow
+
+1. Client connects to `POST /mcp`, `GET /mcp`, or `DELETE /mcp`.
+2. Reverse proxy terminates TLS.
+3. Public mode accepts the MCP request without Bearer auth; private modes validate Bearer auth.
+4. x402 gate inspects `tools/call` requests when monetization is enabled.
+5. Free requests pass through immediately.
+6. Paid requests return payment requirements until the client supplies a payment signed by the user's wallet or external signer.
+7. Paid requests require a valid `PAYMENT-SIGNATURE` or `X-PAYMENT` header.
+8. Tool call executes only after verification.
+9. Settlement is attempted after successful handler completion.
+10. Usage ledger records the decision, verification, settlement, or cancellation state.
+
+## 02.5 Signing Flow
+
+```text
+Tool call
+  |
+  v
+Policy and permission checks
+  |
+  v
+Signer resolver
+  |-- readonly: no signing
+  |-- local-dev-keypair: dedicated SAP MCP keypair
+  |-- external-signer: signer service or signing proxy
+  |-- hosted-api: no raw customer keypair in process
+  v
+Signed transaction or explicit refusal
+```
+
+The agent sees public keys, profile names, network, and policy limits. It must never see secret key bytes.
+
+In hosted mode, `mcp.sap.oobeprotocol.ai` is the remote MCP transport and payment verifier, not a custodial signer for customer wallets. Any hosted workflow that needs a user signature must use the wizard-created local profile, a local signing proxy, or an external signer.
+
+## 02.6 Payment Flow
+
+```text
+MCP tools/call
+  |
+  v
+Pricing resolver
+  |-- free: execute
+  |-- paid: build x402 payment requirements
+  v
+x402 resource server
+  |
+  v
+OOBE facilitator verify
+  |
+  v
+Tool execution
+  |
+  v
+OOBE facilitator settle
+```
+
+The facilitator signer pays or sponsors the settlement path when configured. It is not the revenue recipient and not an agent wallet.
+
+## 02.7 Trust Boundaries
+
+| Boundary | Rule |
+| --- | --- |
+| MCP client to remote server | Public hosted mode can be bearerless; private/enterprise mode can require Bearer auth. Paid tools still require x402. |
+| Remote server to facilitator | Use a private facilitator auth token. |
+| Server to local keypair | Never print or expose keypair bytes. |
+| Agent profile to Solana CLI | Keep SAP MCP keypairs separate from Solana CLI keypairs. |
+| pay.sh to SAP MCP | pay.sh can proxy/catalog the HTTP endpoint; SAP MCP still enforces per-tool pricing. |
+| Policy to tool handler | Policy must run before sensitive or value-moving calls. |

package/docs/03_CONFIGURATION_AND_WIZARD.md

@@ -0,0 +1,143 @@
+# 03. Configuration And Wizard
+
+## 03.1 Config Directory
+
+SAP MCP uses one canonical local config namespace:
+
+```text
+~/.config/mcp-sap/
+  .active-profile
+  config.json
+  config-<profile>.json
+  keypairs/
+    <profile>-keypair.json
+  logs/
+```
+
+Legacy paths such as `~/.config/sap-mcp` should not be used by new installs. Client config entries should point to the SAP MCP profile manager, not hard-code legacy wallet paths.
+
+## 03.2 Profile Resolution
+
+Runtime config is resolved in this order:
+
+1. Safe built-in defaults.
+2. `SAP_MCP_CONFIG_PATH`, when explicitly set.
+3. `SAP_MCP_PROFILE`, when explicitly set.
+4. `~/.config/mcp-sap/.active-profile`.
+5. `~/.config/mcp-sap/config.json`.
+6. Deployment environment variables.
+7. Explicit runtime overrides from code.
+
+Profile-owned fields remain authoritative unless `SAP_MCP_ALLOW_ENV_CONFIG_OVERRIDE=true`.
+
+## 03.3 Profile-Owned Fields
+
+These fields normally belong to the active profile:
+
+| Field | Meaning |
+| --- | --- |
+| `mode` | `readonly`, `local-dev-keypair`, `hosted-api`, or external signer mode. |
+| `rpcUrl` | Solana RPC endpoint. |
+| `programId` | SAP program ID. |
+| `commitment` | Solana commitment level. |
+| `agentPubkey` | Agent public key or PDA exposed to agents. |
+| `walletPath` | Dedicated SAP MCP keypair path when local signing is enabled. |
+| `walletEncrypted` | Whether the wallet file is encrypted. |
+| `policy` | Local, Bento, or hybrid policy configuration. |
+| `bento` | Optional Bento integration settings. |
+| `monetization` | Hosted payment settings when remote monetization is enabled. |
+
+## 03.4 Wizard Responsibilities
+
+The wizard should:
+
+1. Create `~/.config/mcp-sap` when missing.
+2. Ask for a profile name instead of silently creating ambiguous `default` state.
+3. Create or import a dedicated SAP MCP wallet.
+4. Store the wallet under `~/.config/mcp-sap/keypairs/` by default.
+5. Never write to `~/.config/solana/id.json`.
+6. Ask whether Bento policy should be enabled.
+7. Validate RPC URL, program ID, keypair path, mode, limits, and profile names.
+8. Show a final preview before writing files.
+9. Offer optional MCP client config injection.
+10. Warn before merge or override when an existing `sap` MCP entry is found.
+
+## 03.5 Client Config Injection
+
+The injection step is optional. It targets known local MCP clients such as Claude Desktop, Hermes, Codex, and OpenClaw.
+
+The injected config should follow the profile manager:
+
+```json
+{
+  "mcpServers": {
+    "sap": {
+      "command": "node",
+      "args": ["/path/to/sap-mcp-server/dist/cli.js"],
+      "cwd": "/path/to/sap-mcp-server",
+      "env": {
+        "SAP_MCP_ALLOW_ENV_CONFIG_OVERRIDE": "false",
+        "SAP_LOG_LEVEL": "info"
+      }
+    }
+  }
+}
+```
+
+Do not inject keypair bytes, hard-coded legacy wallet paths, or stale RPC overrides into agent client files.
+
+## 03.6 Config CLI
+
+Use `sap-mcp-config` for profile and policy operations:
+
+```bash
+npx sap-mcp-config wizard
+npx sap-mcp-config show
+npx sap-mcp-config profiles
+npx sap-mcp-config profile <name>
+npx sap-mcp-config create-profile <name> [copy-from]
+npx sap-mcp-config delete-profile <name>
+npx sap-mcp-config profile-info
+npx sap-mcp-config pubkey
+npx sap-mcp-config info
+npx sap-mcp-config wallet
+npx sap-mcp-config set mode readonly
+npx sap-mcp-config pending
+npx sap-mcp-config approve <id>
+npx sap-mcp-config deny <id>
+npx sap-mcp-config audit
+npx sap-mcp-config hash
+```
+
+## 03.7 Approval Workflow
+
+Sensitive config changes can require approval. Typical protected fields are:
+
+1. `mode`
+2. `walletPath`
+3. `externalSignerUrl`
+4. `maxTxValueSol`
+5. `dailyLimitSol`
+
+Pending changes are listed with `sap-mcp-config pending`, approved with `sap-mcp-config approve <id>`, and denied with `sap-mcp-config deny <id>`.
+
+## 03.8 Network Consistency
+
+The active profile is the source of truth for network behavior. If a profile is on devnet, SAP tools must return devnet data. If a profile is on mainnet, SAP tools must return mainnet data.
+
+Avoid this anti-pattern:
+
+```yaml
+env:
+  SAP_MCP_RPC_URL: https://api.devnet.solana.com
+  SAP_WALLET_PATH: /legacy/path/keypair.json
+```
+
+Use profile-managed config instead:
+
+```yaml
+env:
+  SAP_MCP_ALLOW_ENV_CONFIG_OVERRIDE: "false"
+  SAP_LOG_LEVEL: info
+```
+

package/docs/04_LOCAL_STDIO_USAGE.md

@@ -0,0 +1,118 @@
+# 04. Local Stdio Usage
+
+## 04.1 When To Use Local Mode
+
+Use local stdio when the MCP server runs on the same machine as the agent client:
+
+1. Claude Desktop.
+2. Hermes.
+3. Codex.
+4. OpenClaw.
+5. Cursor or another local MCP client.
+6. Local development and smoke testing.
+
+## 04.2 Install And Build
+
+From the repo:
+
+```bash
+pnpm install
+pnpm run build
+```
+
+From a published package:
+
+```bash
+npm install -g @oobe-protocol-labs/sap-mcp-server
+```
+
+## 04.3 Create A Profile
+
+```bash
+npx sap-mcp-config wizard
+```
+
+Then inspect it:
+
+```bash
+npx sap-mcp-config show
+npx sap-mcp-config pubkey
+npx sap-mcp-config profiles
+```
+
+## 04.4 Start Local MCP
+
+From source:
+
+```bash
+node dist/cli.js
+```
+
+From an installed package:
+
+```bash
+sap-mcp-server
+```
+
+## 04.5 Client Config Examples
+
+### Claude Desktop
+
+```json
+{
+  "mcpServers": {
+    "sap": {
+      "command": "sap-mcp-server",
+      "env": {
+        "SAP_MCP_ALLOW_ENV_CONFIG_OVERRIDE": "false",
+        "SAP_LOG_LEVEL": "info"
+      }
+    }
+  }
+}
+```
+
+### Hermes
+
+```yaml
+mcp_servers:
+  sap:
+    command: sap-mcp-server
+    env:
+      SAP_MCP_ALLOW_ENV_CONFIG_OVERRIDE: "false"
+      SAP_LOG_LEVEL: info
+```
+
+### Source Checkout
+
+```yaml
+mcp_servers:
+  sap:
+    command: node
+    args:
+      - /path/to/sap-mcp-server/dist/cli.js
+    cwd: /path/to/sap-mcp-server
+    env:
+      SAP_MCP_ALLOW_ENV_CONFIG_OVERRIDE: "false"
+      SAP_LOG_LEVEL: info
+```
+
+## 04.6 What The Agent Should See
+
+The agent may see:
+
+1. Loaded profile name.
+2. Network and RPC URL.
+3. Program ID.
+4. Signer public key.
+5. Agent public key or PDA.
+6. Config path.
+7. A statement that secret material is never exposed.
+
+The agent must not read, print, summarize, or reveal keypair byte arrays.
+
+## 04.7 Local Signing
+
+Local signing requires a profile in `local-dev-keypair` mode or a configured external signer.
+
+Use local signing only when the machine operator controls the wallet and understands the risk. Remote hosted production should prefer `readonly`, `hosted-api`, or `external-signer` boundaries.

package/docs/05_REMOTE_VPS_DEPLOYMENT.md

@@ -0,0 +1,136 @@
+# 05. Remote Hosted Deployment
+
+## 05.1 Public Documentation Boundary
+
+This document is intentionally public-safe. It describes the supported hosted deployment shape without exposing OOBE's live VPS layout, private ports, private process names, secret names, signer paths, production RPC providers, or infrastructure topology.
+
+Keep the real deployment runbook, PM2 ecosystem file, reverse-proxy config, firewall rules, signer paths, payment recipient addresses, facilitator auth tokens, and RPC credentials in a private infrastructure repository or secret manager.
+
+## 05.2 Deployment Goal
+
+Remote mode exposes SAP MCP over Streamable HTTP at a hosted `/mcp` endpoint. Public hosted deployments should run behind:
+
+1. TLS termination.
+2. Reverse proxy access control.
+3. Rate limiting.
+4. Policy checks.
+5. x402 monetization for paid `tools/call` requests.
+6. Private server-to-server authentication for facilitator traffic when applicable.
+7. Centralized logs and monitoring that do not expose secrets.
+
+## 05.3 Build Gates
+
+Run release gates before publishing or deploying:
+
+```bash
+pnpm run typecheck
+pnpm run lint
+pnpm test -- --run
+pnpm run build
+npm pack --dry-run
+```
+
+The aggregate release command is:
+
+```bash
+pnpm run verify:release
+```
+
+## 05.4 Runtime Configuration
+
+Production runtime values must be injected from a private environment store, not hard-coded in public docs.
+
+Required categories:
+
+1. Hosted profile name.
+2. Bind host and port for the private Node listener.
+3. Public base URL used in discovery responses.
+4. Remote auth mode for public or private deployments.
+5. Solana RPC provider.
+6. Monetization settings.
+7. Facilitator URL and facilitator auth token when x402 is enabled.
+8. Logging format and retention settings.
+
+Public agent-facing deployments can run without Bearer auth when x402, rate limits, and policy are enabled. Private beta, enterprise, admin, and non-public deployments should use API key or JWT auth.
+
+## 05.5 Public Routes
+
+Expose only the required public routes through the reverse proxy:
+
+```text
+GET     /health
+GET     /.well-known/agent-card.json
+GET     /.well-known/sap-mcp-wizard.json
+GET     /wizard/install.sh
+POST    /mcp
+GET     /mcp
+DELETE  /mcp
+```
+
+Facilitator routes should be exposed only when required by the selected x402 architecture and protected with private facilitator authentication:
+
+```text
+GET     /facilitator/health
+GET     /facilitator/supported
+POST    /facilitator/verify
+POST    /facilitator/settle
+```
+
+Do not publish the private reverse-proxy file, internal listener ports, private upstream names, or live facilitator auth values.
+
+## 05.6 Process Management
+
+Run the remote MCP server and facilitator under a process manager such as PM2, systemd, or a container supervisor.
+
+Recommended rules:
+
+1. Keep the production process file outside the public repository.
+2. Store secrets in the host secret manager or private environment file.
+3. Use structured logs.
+4. Rotate logs.
+5. Restart on crash.
+6. Alert on health-check failures, payment verification failures, and unexpected auth failures.
+7. Never commit production PM2 ecosystem files containing real environment values.
+
+The public `ecosystem.config.example.cjs` is a shape reference only. Copy it into private infrastructure and replace every placeholder from your secret store before deployment.
+
+## 05.7 Hosted Customer Onboarding
+
+Hosted user signing/payment onboarding:
+
+1. Install the npm package or release artifact that includes `sap-mcp-config` and `sap-mcp-wizard`.
+2. Run `npx sap-mcp-config wizard`.
+3. Create or import a dedicated SAP MCP wallet under `~/.config/mcp-sap/keypairs/`, or configure an external signer.
+4. Configure the agent client with the hosted MCP URL.
+5. Paid x402/pay.sh flows and value-moving tools sign with the user-controlled signer, not with the hosted OOBE server keypair.
+6. No Bearer token is required in public agent-facing mode.
+
+Agents that cannot see local OS config should direct the user to the hosted wizard endpoint:
+
+```bash
+curl -fsSL https://mcp.sap.oobeprotocol.ai/wizard/install.sh | sh
+```
+
+They can inspect machine-readable wizard metadata at:
+
+```text
+https://mcp.sap.oobeprotocol.ai/.well-known/sap-mcp-wizard.json
+```
+
+Read-only hosted discovery:
+
+1. Use the hosted MCP URL.
+2. No local signer is required for free read-only calls.
+3. Optional skills/docs pack improves agent behavior.
+
+## 05.8 Production Profile Mode
+
+For public hosting, avoid loading customer private keypairs into the remote process.
+
+Recommended modes:
+
+1. `readonly` for read-only hosted discovery.
+2. `hosted-api` for server-side hosted operations governed by explicit product policy.
+3. `external-signer` when customer signing must happen outside the MCP server process.
+
+The hosted server is transport, policy, discovery, and payment verification infrastructure. It is not a custodial wallet service for customer keypairs.