@pnlmarket/mcp-server 0.4.0

package/dist/lib/wallet.js

@@ -0,0 +1,405 @@
+import { Connection, Keypair, LAMPORTS_PER_SOL } from '@solana/web3.js';
+import * as bip39 from 'bip39';
+import { derivePath } from 'ed25519-hd-key';
+import bs58 from 'bs58';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { mkdirSync, writeFileSync, readFileSync, existsSync, chmodSync } from 'node:fs';
+import { randomBytes, scryptSync, createCipheriv, createDecipheriv, timingSafeEqual } from 'node:crypto';
+// ─── PNL local wallet — encrypted at rest, BIP39-recoverable ─────
+//
+// The keypair is stored on disk as an encrypted blob. Decryption
+// requires the user's passphrase, which is delivered to this process
+// either via the PNL_PASSPHRASE env var (set in Claude Code's mcp
+// config) or via an OS-native dialog (osascript on macOS, zenity on
+// Linux). The agent's chat transcript NEVER sees the passphrase.
+//
+// File layout:
+//   ~/.config/pnl/wallet.enc   - encrypted secret + metadata (mode 0600)
+//   ~/.config/pnl/config.json  - autosign cap + RPC URL (mode 0644)
+//   ~/.config/pnl/exports/     - timestamped backup dumps (mode 0700)
+//
+// Recovery model: BIP39 12-word mnemonic, derived at Solana's
+// Phantom-compatible path m/44'/501'/0'/0'. Mnemonic is shown ONCE
+// during pnl_init and never stored on disk — the user is responsible
+// for backing it up. With the mnemonic alone (no passphrase) the user
+// can restore on any new machine via pnl_restore.
+const PNL_DIR = join(homedir(), '.config', 'pnl');
+const WALLET_PATH = join(PNL_DIR, 'wallet.enc');
+const CONFIG_PATH = join(PNL_DIR, 'config.json');
+const EXPORTS_DIR = join(PNL_DIR, 'exports');
+// Default RPC is the hosted MCP proxy on pnl.market, which forwards to
+// our paid Helius endpoint. The public Solana mainnet RPC is heavily
+// rate-limited (429s during autosign send + confirmation polling) and
+// is not a viable default for the autosign create_market / vote flows.
+// Power users override via PNL_RPC_URL.
+const DEFAULT_RPC = 'https://pnl.market/api/mcp/rpc';
+const DEFAULT_AUTOSIGN_CAP_SOL = 0.05;
+/** True iff the currently active RPC URL is our hosted MCP proxy.
+ *  Tools use this to decide whether to surface the BYO-Helius hint. */
+export function isUsingHostedRpc() {
+    return getRpcUrl() === DEFAULT_RPC && !process.env.PNL_RPC_URL?.trim();
+}
+// Solana / Phantom derivation path. Matches what `solana-keygen new`
+// and Phantom's "Add account" flow use, so a mnemonic generated here
+// imports cleanly into Phantom and vice versa.
+const DERIVATION_PATH = "m/44'/501'/0'/0'";
+// scrypt parameters. N=2^17 is the value used by Filecoin / standard
+// "good" client setups — ~250MB memory, ~250ms on a modern CPU. Slow
+// enough to resist brute force, fast enough that interactive unlock
+// feels instant.
+const SCRYPT_N = 1 << 17;
+const SCRYPT_R = 8;
+const SCRYPT_P = 1;
+const SCRYPT_KEY_LEN = 32;
+// AES-256-GCM nonce is 12 bytes per NIST recommendation.
+const GCM_NONCE_LEN = 12;
+const GCM_TAG_LEN = 16;
+let unlocked = null;
+function ensureDir() {
+    if (!existsSync(PNL_DIR)) {
+        mkdirSync(PNL_DIR, { recursive: true, mode: 0o700 });
+    }
+}
+function ensureExportsDir() {
+    ensureDir();
+    if (!existsSync(EXPORTS_DIR)) {
+        mkdirSync(EXPORTS_DIR, { recursive: true, mode: 0o700 });
+    }
+}
+// ─── Crypto primitives ───────────────────────────────────────────
+function deriveKey(passphrase, salt) {
+    return scryptSync(Buffer.from(passphrase, 'utf8'), salt, SCRYPT_KEY_LEN, {
+        N: SCRYPT_N,
+        r: SCRYPT_R,
+        p: SCRYPT_P,
+        // scrypt's default maxmem is 32MB which is too small for N=2^17.
+        maxmem: 256 * 1024 * 1024,
+    });
+}
+function encryptSecret(secret, passphrase) {
+    const salt = randomBytes(16);
+    const nonce = randomBytes(GCM_NONCE_LEN);
+    const key = deriveKey(passphrase, salt);
+    const cipher = createCipheriv('aes-256-gcm', key, nonce);
+    const ciphertext = Buffer.concat([cipher.update(Buffer.from(secret)), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    // Wipe the derived key from memory.
+    key.fill(0);
+    return {
+        salt: salt.toString('base64'),
+        nonce: nonce.toString('base64'),
+        ciphertext: ciphertext.toString('base64'),
+        tag: tag.toString('base64'),
+    };
+}
+function decryptSecret(blob, passphrase) {
+    const salt = Buffer.from(blob.salt, 'base64');
+    const nonce = Buffer.from(blob.nonce, 'base64');
+    const ciphertext = Buffer.from(blob.ciphertext, 'base64');
+    const tag = Buffer.from(blob.tag, 'base64');
+    // Param sanity — defends against a corrupted file that swaps params
+    // to bypass cost (the GCM auth tag would catch it too but bail early).
+    if (blob.scrypt.N !== SCRYPT_N ||
+        blob.scrypt.r !== SCRYPT_R ||
+        blob.scrypt.p !== SCRYPT_P ||
+        blob.scrypt.keyLen !== SCRYPT_KEY_LEN) {
+        throw new Error('wallet file has unexpected scrypt parameters — possibly tampered. Refusing to decrypt.');
+    }
+    const key = deriveKey(passphrase, salt);
+    const decipher = createDecipheriv('aes-256-gcm', key, nonce);
+    decipher.setAuthTag(tag);
+    try {
+        const plain = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+        key.fill(0);
+        return new Uint8Array(plain);
+    }
+    catch (e) {
+        key.fill(0);
+        // GCM auth-tag failure is the common case: wrong passphrase.
+        // Use a generic message so we don't leak whether the failure was
+        // tag mismatch vs something else (timing safety hygiene).
+        throw new Error('passphrase is incorrect (or the wallet file is corrupted)');
+    }
+}
+// ─── Mnemonic / keypair derivation ───────────────────────────────
+export function generateMnemonic() {
+    // bip39 uses crypto.randomBytes under the hood. 128 bits of entropy
+    // → 12 words. Standard.
+    return bip39.generateMnemonic(128);
+}
+export function isValidMnemonic(mnemonic) {
+    return bip39.validateMnemonic(mnemonic);
+}
+/** Returns a Solana Keypair derived from the BIP39 mnemonic at the
+ *  Phantom-compatible path m/44'/501'/0'/0'. */
+export function keypairFromMnemonic(mnemonic) {
+    const cleaned = mnemonic.trim().split(/\s+/).join(' ').toLowerCase();
+    if (!bip39.validateMnemonic(cleaned)) {
+        throw new Error('mnemonic is not a valid BIP39 phrase — check spelling and word count (must be 12 or 24 words)');
+    }
+    const seed = bip39.mnemonicToSeedSync(cleaned); // 64 bytes
+    const { key } = derivePath(DERIVATION_PATH, seed.toString('hex'));
+    // ed25519-hd-key returns a 32-byte seed; Solana wants 64 bytes
+    // (seed || pubkey). Keypair.fromSeed handles that for us.
+    return Keypair.fromSeed(key);
+}
+// ─── State queries ───────────────────────────────────────────────
+export function hasWallet() {
+    return existsSync(WALLET_PATH);
+}
+function readWalletFile() {
+    const raw = readFileSync(WALLET_PATH, 'utf8');
+    const parsed = JSON.parse(raw);
+    if (parsed.version !== 1) {
+        throw new Error(`wallet file version ${parsed.version} is not supported`);
+    }
+    return parsed;
+}
+export function getAddress() {
+    return readWalletFile().address;
+}
+// ─── Lock / unlock ───────────────────────────────────────────────
+export function isUnlocked() {
+    if (!unlocked)
+        return false;
+    if (Date.now() > unlocked.unlockedUntil) {
+        lock();
+        return false;
+    }
+    return true;
+}
+export function unlockWith(passphrase, ttlMinutes = 5) {
+    if (!hasWallet()) {
+        throw new Error('No PNL wallet on this machine. Run pnl_init first.');
+    }
+    const blob = readWalletFile();
+    const secret = decryptSecret(blob, passphrase);
+    unlocked = {
+        secret,
+        unlockedAt: Date.now(),
+        unlockedUntil: Date.now() + ttlMinutes * 60 * 1000,
+    };
+    return { address: blob.address };
+}
+export function lock() {
+    if (unlocked) {
+        // Zero out the cached secret before releasing the reference.
+        unlocked.secret.fill(0);
+        unlocked = null;
+    }
+}
+/** Returns the in-memory Keypair if the wallet is currently unlocked.
+ *  Throws with a "wallet locked" message otherwise. */
+export function requireUnlockedKeypair() {
+    if (!isUnlocked() || !unlocked) {
+        throw new Error('Wallet is locked. Call pnl_unlock first — passphrase is read from your PNL_PASSPHRASE env var (set in Claude Code mcp config) or via an OS-native dialog. Never type it directly in chat.');
+    }
+    return Keypair.fromSecretKey(unlocked.secret);
+}
+export function unlockStatus() {
+    if (!isUnlocked() || !unlocked)
+        return { unlocked: false, secondsRemaining: 0 };
+    return {
+        unlocked: true,
+        secondsRemaining: Math.max(0, Math.floor((unlocked.unlockedUntil - Date.now()) / 1000)),
+    };
+}
+/** Generate a fresh BIP39 mnemonic + keypair, encrypt the secret with
+ *  the user's passphrase, write to disk. Returns the mnemonic so the
+ *  agent can display it once for the user to write down. */
+export function createWallet(passphrase) {
+    if (hasWallet()) {
+        throw new Error(`A PNL wallet already exists at ${WALLET_PATH}. Use pnl_export_keypair to back it up before deleting and regenerating.`);
+    }
+    if (!passphrase || passphrase.length < 8) {
+        throw new Error('passphrase must be at least 8 characters');
+    }
+    ensureDir();
+    const mnemonic = generateMnemonic();
+    const keypair = keypairFromMnemonic(mnemonic);
+    const enc = encryptSecret(keypair.secretKey, passphrase);
+    const blob = {
+        version: 1,
+        address: keypair.publicKey.toBase58(),
+        kdf: 'scrypt',
+        scrypt: { N: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P, keyLen: SCRYPT_KEY_LEN },
+        ...enc,
+        createdAt: new Date().toISOString(),
+    };
+    writeFileSync(WALLET_PATH, JSON.stringify(blob, null, 2), { mode: 0o600 });
+    try {
+        chmodSync(WALLET_PATH, 0o600);
+    }
+    catch {
+        /* non-fatal */
+    }
+    return { address: blob.address, mnemonic };
+}
+/** Restore a wallet from an existing BIP39 mnemonic. The user's
+ *  passphrase encrypts the derived secret on disk. */
+export function restoreWallet(mnemonic, passphrase, opts = {}) {
+    if (hasWallet() && !opts.allowOverwrite) {
+        throw new Error(`A PNL wallet already exists at ${WALLET_PATH}. Pass allowOverwrite: true if you really mean to replace it (back it up first with pnl_export_keypair).`);
+    }
+    if (!passphrase || passphrase.length < 8) {
+        throw new Error('passphrase must be at least 8 characters');
+    }
+    ensureDir();
+    const keypair = keypairFromMnemonic(mnemonic);
+    const enc = encryptSecret(keypair.secretKey, passphrase);
+    const blob = {
+        version: 1,
+        address: keypair.publicKey.toBase58(),
+        kdf: 'scrypt',
+        scrypt: { N: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P, keyLen: SCRYPT_KEY_LEN },
+        ...enc,
+        createdAt: new Date().toISOString(),
+    };
+    writeFileSync(WALLET_PATH, JSON.stringify(blob, null, 2), { mode: 0o600 });
+    try {
+        chmodSync(WALLET_PATH, 0o600);
+    }
+    catch {
+        /* non-fatal */
+    }
+    lock(); // make user re-unlock with the new passphrase
+    return { address: blob.address };
+}
+// ─── Export to file (never to chat) ──────────────────────────────
+/** Writes the (currently unlocked) secret to a timestamped file under
+ *  ~/.config/pnl/exports/ with mode 0600 and returns the path. The
+ *  caller relays just the path to the agent — the secret never enters
+ *  the conversation transcript. */
+export function exportToFile() {
+    const kp = requireUnlockedKeypair();
+    ensureExportsDir();
+    const ts = new Date().toISOString().replace(/[:.]/g, '-');
+    const path = join(EXPORTS_DIR, `keypair-${ts}.txt`);
+    const base58 = bs58.encode(kp.secretKey);
+    const jsonArray = JSON.stringify(Array.from(kp.secretKey));
+    const body = [
+        '# PNL keypair backup',
+        `# Generated: ${new Date().toISOString()}`,
+        `# Address: ${kp.publicKey.toBase58()}`,
+        '#',
+        '# TREAT THIS LIKE A PASSWORD. Anyone with this key can spend the SOL',
+        '# on this wallet. After moving the contents to a password manager,',
+        '# DELETE THIS FILE: rm "' + path + '"',
+        '',
+        '## Phantom / Solflare / Backpack ("Import Private Key"):',
+        base58,
+        '',
+        '## Solana CLI (save as ~/.config/solana/id.json):',
+        jsonArray,
+        '',
+    ].join('\n');
+    writeFileSync(path, body, { mode: 0o600 });
+    try {
+        chmodSync(path, 0o600);
+    }
+    catch {
+        /* non-fatal */
+    }
+    return { path, address: kp.publicKey.toBase58() };
+}
+/** Writes a freshly-generated BIP39 mnemonic to a 0600 file under
+ *  ~/.config/pnl/exports/ and returns the path. The mnemonic itself
+ *  is intentionally NOT returned in the function result — it never
+ *  enters the agent's reply transcript (which would flow through the
+ *  LLM API). The caller passes the user the path; the user `cat`s
+ *  the file locally and moves it to their password manager.
+ *
+ *  Same security model as exportToFile() for the secret key. */
+export function writeMnemonicToFile(mnemonic, address) {
+    ensureExportsDir();
+    const ts = new Date().toISOString().replace(/[:.]/g, '-');
+    const path = join(EXPORTS_DIR, `mnemonic-${ts}.txt`);
+    const body = [
+        '# PNL wallet recovery phrase',
+        `# Generated: ${new Date().toISOString()}`,
+        `# Address: ${address}`,
+        '#',
+        '# THIS IS THE 12-WORD RECOVERY PHRASE FOR YOUR PNL WALLET.',
+        '# Anyone with these words can spend the SOL on this wallet.',
+        '# Treat it like a password.',
+        '#',
+        '# After moving these words to a password manager / paper backup,',
+        '# DELETE THIS FILE: rm "' + path + '"',
+        '#',
+        '# This phrase imports cleanly into Phantom / Solflare / Backpack',
+        '# (BIP39, Solana derivation path m/44\'/501\'/0\'/0\').',
+        '',
+        mnemonic,
+        '',
+    ].join('\n');
+    writeFileSync(path, body, { mode: 0o600 });
+    try {
+        chmodSync(path, 0o600);
+    }
+    catch {
+        /* non-fatal */
+    }
+    return { path };
+}
+// ─── Config (autosign cap, RPC URL) ──────────────────────────────
+export function loadConfig() {
+    ensureDir();
+    if (!existsSync(CONFIG_PATH)) {
+        return { autosignCapSol: DEFAULT_AUTOSIGN_CAP_SOL, rpcUrl: DEFAULT_RPC };
+    }
+    try {
+        const parsed = JSON.parse(readFileSync(CONFIG_PATH, 'utf8'));
+        return {
+            autosignCapSol: typeof parsed.autosignCapSol === 'number' && parsed.autosignCapSol >= 0
+                ? parsed.autosignCapSol
+                : DEFAULT_AUTOSIGN_CAP_SOL,
+            rpcUrl: typeof parsed.rpcUrl === 'string' && parsed.rpcUrl.length > 0
+                ? parsed.rpcUrl
+                : DEFAULT_RPC,
+        };
+    }
+    catch {
+        return { autosignCapSol: DEFAULT_AUTOSIGN_CAP_SOL, rpcUrl: DEFAULT_RPC };
+    }
+}
+export function saveConfig(updates) {
+    const current = loadConfig();
+    const next = { ...current, ...updates };
+    ensureDir();
+    writeFileSync(CONFIG_PATH, JSON.stringify(next, null, 2));
+    return next;
+}
+export function getRpcUrl() {
+    return process.env.PNL_RPC_URL?.trim() || loadConfig().rpcUrl;
+}
+export function getConnection() {
+    return new Connection(getRpcUrl(), 'confirmed');
+}
+export async function getBalanceSol(pubkey) {
+    const conn = getConnection();
+    const lamports = await conn.getBalance(pubkey, 'confirmed');
+    return lamports / LAMPORTS_PER_SOL;
+}
+// ─── Clear cache on process exit (defense in depth) ──────────────
+process.on('exit', () => {
+    try {
+        lock();
+    }
+    catch {
+        /* ignore */
+    }
+});
+// Best-effort constant-time check exported for tools that need it
+// (signature verification of e.g. challenge responses).
+export function constantTimeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    return timingSafeEqual(Buffer.from(a), Buffer.from(b));
+}
+export const WALLET_PATHS = {
+    dir: PNL_DIR,
+    wallet: WALLET_PATH,
+    config: CONFIG_PATH,
+    exports: EXPORTS_DIR,
+};

package/dist/tools/browse-markets.d.ts

@@ -0,0 +1,12 @@
+import { z } from 'zod';
+export declare const browseMarketsInputSchema: {
+    readonly status: z.ZodOptional<z.ZodEnum<["active", "yesWins", "noWins", "expired", "refund", "all"]>>;
+    readonly limit: z.ZodOptional<z.ZodNumber>;
+    readonly page: z.ZodOptional<z.ZodNumber>;
+};
+export declare function callBrowseMarkets(rawInput: unknown): Promise<{
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+}>;

package/dist/tools/browse-markets.js

@@ -0,0 +1,91 @@
+import { z } from 'zod';
+import { browseMarkets, marketUrl } from '../lib/pnl-api.js';
+import { Badge, headline, table, next, reply } from '../lib/output.js';
+// ─── pnl_browse_markets ──────────────────────────────────────────
+export const browseMarketsInputSchema = {
+    status: z
+        .enum(['active', 'yesWins', 'noWins', 'expired', 'refund', 'all'])
+        .optional()
+        .describe("Which markets to include. 'active' = currently open for voting (default). 'yesWins'/'noWins' = resolved markets. 'expired' = past their deadline but not yet resolved. 'refund' = full-refund outcomes. 'all' = no filter."),
+    limit: z
+        .number()
+        .int()
+        .min(1)
+        .max(50)
+        .optional()
+        .describe('How many markets to return. Default 10. Max 50.'),
+    page: z
+        .number()
+        .int()
+        .min(1)
+        .optional()
+        .describe('1-indexed page number for pagination. Default 1.'),
+};
+const BrowseMarketsInput = z.object(browseMarketsInputSchema);
+function fmtPool(m) {
+    const yes = m.totalYesStake ?? m.yesPool ?? null;
+    const no = m.totalNoStake ?? m.noPool ?? null;
+    let total = null;
+    if (yes != null || no != null) {
+        total = (yes ?? 0) + (no ?? 0);
+    }
+    else if (m.poolBalance != null) {
+        const n = typeof m.poolBalance === 'string' ? Number(m.poolBalance) : m.poolBalance;
+        if (Number.isFinite(n))
+            total = n;
+    }
+    if (total == null)
+        return '—';
+    const sol = total / 1e9;
+    if (sol < 0.001)
+        return '< 0.001';
+    if (sol < 1)
+        return sol.toFixed(3);
+    return sol.toFixed(2);
+}
+function fmtYes(m) {
+    return m.yesPercentage != null ? `${Math.round(m.yesPercentage)}%` : '—';
+}
+function fmtStatus(m) {
+    const s = (m.displayStatus || m.status || '').toLowerCase();
+    if (s.includes('active'))
+        return Badge.live;
+    if (s.includes('yes'))
+        return 'YES';
+    if (s.includes('no'))
+        return 'NO';
+    if (s.includes('refund'))
+        return 'refund';
+    if (s.includes('expired') || s.includes('awaiting'))
+        return Badge.pending;
+    return s || '—';
+}
+export async function callBrowseMarkets(rawInput) {
+    const input = BrowseMarketsInput.parse(rawInput ?? {});
+    const status = input.status ?? 'active';
+    const limit = input.limit ?? 10;
+    const page = input.page ?? 1;
+    const data = await browseMarkets({ status, limit, page });
+    const markets = data.markets ?? [];
+    if (markets.length === 0) {
+        return reply(headline(`No ${status === 'all' ? '' : status + ' '}markets on page ${page}.`), next(status !== 'all' ? 'Try `status: "all"` to include resolved + expired.' : 'No markets on PNL yet — be the first to plant one with `/pnl-pitch`.'));
+    }
+    const tableRows = markets.map((m) => {
+        const symbol = m.tokenSymbol ? `$${m.tokenSymbol}` : '—';
+        const founder = m.founderDisplayName || m.founderUsername || '—';
+        return [
+            `**${m.name}**${m.name.length > 28 ? '' : ''}`,
+            symbol,
+            fmtStatus(m),
+            fmtYes(m),
+            fmtPool(m) + ' SOL',
+            String(m.totalParticipants ?? 0),
+            founder,
+        ];
+    });
+    const urls = markets
+        .map((m) => `- \`${m.name}\` → ${marketUrl(m.id)}`)
+        .join('\n');
+    const headerLine = `${markets.length} ${status === 'all' ? '' : status + ' '}market${markets.length === 1 ? '' : 's'}${data.total ? ` of ${data.total}` : ''} · page ${page}`;
+    return reply(headline(headerLine), table(['Market', 'Ticker', 'Status', 'YES', 'Pool', 'Votes', 'Founder'], tableRows), urls, data.hasMore ? `_More available — call again with \`page: ${page + 1}\`._` : null, next('`/pnl-get <id>` (or ask) for full detail, `/pnl-pitch` to post your own.'));
+}

package/dist/tools/claim-now.d.ts

@@ -0,0 +1,10 @@
+import { z } from 'zod';
+export declare const claimNowInputSchema: {
+    readonly marketId: z.ZodString;
+};
+export declare function callClaimNow(rawInput: unknown): Promise<{
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+}>;

package/dist/tools/claim-now.js

@@ -0,0 +1,113 @@
+import { z } from 'zod';
+import { PublicKey } from '@solana/web3.js';
+import { requireUnlockedKeypair, getConnection } from '../lib/wallet.js';
+import { sendAndConfirm, freshNonce, signChallenge, challenge, signedRequestHash, } from '../lib/sign.js';
+import { getMarket } from '../lib/pnl-api.js';
+import { Badge, headline, code, kvTable, inline, next, reply, hr } from '../lib/output.js';
+// ─── pnl_claim_now ───────────────────────────────────────────────
+//
+// Autosign claim_rewards. Resolves marketId → on-chain market
+// address, asks the backend to build the unsigned claim tx, signs
+// locally, sends, and posts the result via /api/mcp/markets/complete-claim.
+//
+// Unlike pitch_now and vote_now, there is NO autosign cap on claims:
+// claiming is a withdrawal of funds the user is already owed by the
+// program — it doesn't spend anything besides the ~0.000005 SOL tx
+// fee. Capping it would gate the user from their own money.
+export const claimNowInputSchema = {
+    marketId: z
+        .string()
+        .min(1)
+        .describe("Market id (Mongo id from pnl_browse_markets, or the on-chain market address). The market must be resolved and the wallet must hold an unclaimed position."),
+};
+const ClaimNowInput = z.object(claimNowInputSchema);
+function getApiBase() {
+    const raw = process.env.PNL_API_BASE_URL?.trim();
+    if (!raw)
+        return 'https://pnl.market';
+    return raw.endsWith('/') ? raw.slice(0, -1) : raw;
+}
+export async function callClaimNow(rawInput) {
+    const { marketId } = ClaimNowInput.parse(rawInput ?? {});
+    const keypair = requireUnlockedKeypair();
+    const walletAddress = keypair.publicKey.toBase58();
+    const base = getApiBase();
+    // Resolve marketId → on-chain marketAddress + Mongo id.
+    let marketAddress;
+    let onchainId;
+    let marketName = marketId;
+    try {
+        new PublicKey(marketId);
+        // Caller gave us the on-chain address. We still need the Mongo id
+        // for the complete-claim payload, so resolve via the public API.
+        const m = await getMarket(marketId);
+        marketAddress = marketId;
+        onchainId = m.id ?? marketId;
+        marketName = m.name ?? marketId;
+    }
+    catch {
+        const m = await getMarket(marketId);
+        if (!m.marketAddress)
+            throw new Error(`market ${marketId} has no marketAddress`);
+        marketAddress = m.marketAddress;
+        onchainId = m.id ?? marketId;
+        marketName = m.name ?? marketId;
+    }
+    // 1. build-claim-tx
+    const buildRes = await fetch(`${base}/api/mcp/markets/build-claim-tx`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+        body: JSON.stringify({ walletAddress, marketAddress }),
+    });
+    const buildJson = (await buildRes.json());
+    if (!buildRes.ok || !buildJson.success || !buildJson.data) {
+        throw new Error(`build-claim-tx failed (${buildRes.status}): ${buildJson.error || 'unknown error'}`);
+    }
+    const built = buildJson.data;
+    // 2. sign locally — claim returns a VersionedTransaction, so we
+    // can't reuse signSerializedTx (which uses legacy Transaction.from).
+    // Decode v0, sign with keypair, send raw.
+    const { VersionedTransaction } = await import('@solana/web3.js');
+    const txBuf = Buffer.from(built.tx, 'base64');
+    const tx = VersionedTransaction.deserialize(txBuf);
+    tx.sign([keypair]);
+    const rawTx = tx.serialize();
+    // 3. send + confirm
+    const { signature: txSignature } = await sendAndConfirm(Buffer.from(rawTx), getConnection(), { confirmTimeoutMs: 90_000 });
+    // 4. sig-auth complete-claim — challenge binds the body so an
+    //    attacker can't rewrite marketId on the persisted claim row.
+    const nonce = freshNonce();
+    const completeBodyCore = {
+        txSignature,
+        marketId: onchainId,
+    };
+    const payloadHash = signedRequestHash(completeBodyCore);
+    const sig = signChallenge(challenge('complete-claim', txSignature, nonce, payloadHash), keypair);
+    const completeRes = await fetch(`${base}/api/mcp/markets/complete-claim`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+        body: JSON.stringify({
+            walletAddress,
+            nonce,
+            signature: sig,
+            ...completeBodyCore,
+        }),
+    });
+    const completeJson = (await completeRes.json());
+    if (!completeRes.ok || !completeJson.success || !completeJson.data) {
+        throw new Error(`Tx confirmed on-chain (${txSignature}) but complete-claim failed (${completeRes.status}): ${completeJson.error || 'unknown error'}. Your rewards are already in your wallet — only the off-chain "claimed" flag failed to update. Safe to re-run pnl_claim_now (idempotent on tx signature).`);
+    }
+    const done = completeJson.data;
+    const resHint = built.resolutionType === 'YesWins'
+        ? 'YES won — your tokens were minted into your wallet (Token2022 ATA created if needed).'
+        : built.resolutionType === 'NoWins'
+            ? "NO won — you've been paid your share of the pool in SOL."
+            : 'Refund — pool returned to voters proportionally.';
+    return reply(headline(`${Badge.live} Claimed · ${marketName}`), kvTable([
+        ['Market', `${base}/market/${onchainId}`],
+        ['Resolution', built.resolutionType],
+        ['Wallet', inline(walletAddress)],
+        ['Tx', `[${txSignature.slice(0, 8)}…${txSignature.slice(-6)}](${done.solscan})`],
+        ['Profile', `${base}/profile/${walletAddress}`],
+    ]), hr, resHint, code(`Tx: ${txSignature}`), next(`See your updated position at ${inline(`${base}/profile/${walletAddress}`)}.`));
+}

package/dist/tools/claim.d.ts

@@ -0,0 +1,10 @@
+import { z } from 'zod';
+export declare const claimInputSchema: {
+    readonly marketId: z.ZodString;
+};
+export declare function callClaim(rawInput: unknown): Promise<{
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+}>;