@usenami/signer-mcp 0.1.0

package/CHANGELOG.md

@@ -0,0 +1,36 @@
+# Changelog
+
+All notable changes to `@usenami/signer-mcp` are documented here. Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/); versioning is [SemVer](https://semver.org/).
+
+## [Unreleased]
+
+### Added
+- (placeholder for additions queued after the first publish)
+
+### Changed
+- (placeholder)
+
+### Fixed
+- (placeholder)
+
+## [0.1.0] — TBD (first publish, gated on signer gateway cutover)
+
+Initial release. Five MCP tools backed by the Usenami Signer gateway, with keys that never leave an AWS Nitro Enclave.
+
+### Added
+- `list_venues` — read-only static manifest of supported venues (binance/okx/asterdex).
+- `get_attestation` — Nitro PCR0 + AWS signature proving the running enclave matches the published build.
+- `get_account` — equity / free margin / positions for a venue (Option-A: gateway returns signed read request, MCP submits + parses).
+- `place_order` — single market or limit order on Binance USD-M Futures, OKX v5 perpetual swap, or Asterdex BSC perp. Signed inside the enclave; per-asset signature caps enforced server-side.
+- `cancel_order` — cancel an outstanding order by venue + order_id (+ optional `symbol` for Binance/OKX cancel routes).
+
+### Known limits (deliberate, see README §"What v0 deliberately does NOT do")
+- stdio transport only — no SSE/HTTP.
+- single account per venue per `SIGNER_API_TOKEN`.
+- no withdrawals / transfers / leverage configuration / multi-venue routing / streaming.
+- per-period rate caps (`$X / hour`) NOT enforced — documented gap; deferred to stateful-UPL work.
+
+### Configuration
+- `SIGNER_GATEWAY_URL` (default `https://signer.usenami.io`).
+- `SIGNER_API_TOKEN` (required for everything except `list_venues`).
+- `SIGNER_FETCH_TIMEOUT_MS` (default 30000ms).

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Usenami
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,212 @@
+# @usenami/signer-mcp
+
+> Sign CEX orders from any MCP-aware AI agent — keys never leave an AWS Nitro Enclave.
+
+`signer-mcp` is the public face of [Usenami Signer](https://usenami.io/signer). It gives Claude Desktop, Cursor, ElizaOS, and any other MCP-aware client a five-tool surface for trading real CEX/DEX accounts (Binance, OKX, Asterdex) without ever loading a private key into the agent's process — or yours.
+
+Status: **v0 (alpha)**. List of venues, attestation, account read, and place/cancel order on testnet. See `_hub/DESIGN/signer-mcp-probe.md` in the parent repo for the full scope.
+
+---
+
+## Why this exists
+
+Every agent framework that touches a CEX today loads the API key into the agent process. That puts the secret on disk, in env vars, in npm packages, in prompt-engineered tool calls, and in your shell history. One prompt injection, one supply-chain compromise, one accidental log line, one curious co-worker — and the key leaks.
+
+Signer takes the opposite approach. The signing key is generated **inside** an AWS Nitro Enclave attested by AWS itself. The enclave's measurement (`PCR0`) is published on `https://usenami.io/signer/attestations`. The MCP server you install here can ask the enclave to sign a specific order — bounded by an explicit policy (per-asset cap, per-period cap, allowed venues) — but it cannot read the key. Neither can the agent, your laptop, your IaC, or our own engineers.
+
+If the agent gets compromised, the worst it can do is place orders inside your policy window. The key itself stays attested.
+
+---
+
+## Quick start (Claude Desktop)
+
+1. **Get a token.** Sign in at [usenami.io/signer](https://usenami.io/signer) and create an API token. The token is bound to a single policy — set per-venue caps before generating it.
+2. **Edit `claude_desktop_config.json`.** Path is `~/Library/Application Support/Claude/claude_desktop_config.json` on macOS.
+
+   ```json
+   {
+     "mcpServers": {
+       "signer": {
+         "command": "npx",
+         "args": ["-y", "@usenami/signer-mcp"],
+         "env": {
+           "SIGNER_GATEWAY_URL": "https://signer.usenami.io",
+           "SIGNER_API_TOKEN": "sk_live_..."
+         }
+       }
+     }
+   }
+   ```
+
+3. **Restart Claude Desktop** and look for the 🔌 plug icon. You should see five tools listed under `signer`.
+4. **Try the read-only tools first.** Ask Claude:
+   > "List the venues available through Signer, then return the current attestation document."
+
+   No funds at risk — these don't sign anything.
+
+5. **Once you trust the attestation, place a tiny test order:**
+   > "Get my Binance account, then if I have at least $20 of free margin, place a market buy for 0.001 BTC."
+
+If anything looks wrong, the agent can call `cancel_order` immediately.
+
+---
+
+## Configuration
+
+Environment variables passed via the `env` block of `claude_desktop_config.json` (or your client's equivalent):
+
+| Variable | Required | Default | Notes |
+|---|---|---|---|
+| `SIGNER_GATEWAY_URL` | no | `https://signer.usenami.io` | Override for self-hosted or staging deployments. |
+| `SIGNER_API_TOKEN` | yes (for paid tools) | — | Bearer token issued by usenami.io/signer. `list_venues` works without one; everything else requires it. |
+| `SIGNER_FETCH_TIMEOUT_MS` | no | `30000` | Per-request fetch timeout in ms. Lower for CI / smoke tests; raise on slow links. Must be positive integer. |
+
+The MCP server itself stores nothing on disk. Tokens are read from environment on startup and held in memory for the lifetime of the process — kill the agent, the token goes with it.
+
+---
+
+## Tool reference
+
+### `list_venues`
+
+Returns the static manifest of venues this Signer can sign for. **Read-only**, does not contact the gateway, works without a token. Call this first to discover what's supported.
+
+```json
+{
+  "venues": [
+    {
+      "venue": "binance",
+      "asset_class": "perp",
+      "auth_scheme": "hmac_sha256",
+      "notes": "..."
+    }
+  ],
+  "count": 1
+}
+```
+
+### `get_attestation`
+
+Returns the Nitro attestation document for the currently-running enclave. The PCR0 measurement here is what AWS signed when it booted the enclave; you can verify it matches the published build by hashing the corresponding EIF and comparing.
+
+```json
+{
+  "pcr0": "...sha384 hex...",
+  "pcr1": "...",
+  "pcr2": "...",
+  "signature": "...AWS-issued...",
+  "issued_at": "2026-05-31T18:00:00Z"
+}
+```
+
+Read-only.
+
+### `get_account`
+
+Returns equity, free margin, and open positions for a venue.
+
+```json
+{
+  "venue": "binance",
+  "equity_usd": 145.32,
+  "free_margin_usd": 92.10,
+  "positions": [
+    { "symbol": "BTCUSDT", "qty": 0.002, "entry_price": 67120.5 }
+  ],
+  "updated_at": "2026-05-31T18:01:11Z"
+}
+```
+
+Read-only. Requires `SIGNER_API_TOKEN`.
+
+### `place_order`
+
+Place a single market or limit order. The enclave signs the payload after checking policy caps.
+
+Args:
+- `venue` — one of `binance | okx | asterdex`
+- `symbol` — venue-native symbol (`BTCUSDT`, `BTC-USDT-SWAP`, etc.)
+- `side` — `buy` | `sell`
+- `qty` — base-asset quantity (e.g. 0.001 for 0.001 BTC). Not USD-notional.
+- `type` — `market` | `limit`
+- `price` — required if `type=limit`, ignored if `type=market`
+- `policy_id` — optional override; defaults to the policy bound to your token
+
+```json
+{
+  "venue": "binance",
+  "order_id": "...",
+  "status": "FILLED",
+  "filled_qty": 0.001,
+  "avg_fill_price": 67128.9,
+  "policy_id": "default",
+  "attested_at": "..."
+}
+```
+
+**Destructive.** Requires `SIGNER_API_TOKEN`. v0 routes Binance/OKX to testnet until pilot graduates.
+
+### `cancel_order`
+
+Cancels an outstanding order by its venue order id. Idempotent — cancelling an already-filled or non-existent order returns `ok: false` with a venue reason instead of erroring.
+
+Args:
+- `venue` — same enum as `place_order`
+- `order_id` — the venue id returned by `place_order`
+
+Requires `SIGNER_API_TOKEN`.
+
+---
+
+## Verifying the attestation
+
+A trustworthy Signer is one whose enclave measurement matches a build you can audit. The workflow:
+
+1. Call `get_attestation` and copy the returned `pcr0`.
+2. Visit [usenami.io/signer/attestations](https://usenami.io/signer/attestations).
+3. Cross-reference the PCR0 against the published build for the current production version.
+4. Optionally rebuild the EIF from source (instructions on the same page) and verify the SHA384 hash yourself.
+
+If the published PCR0 doesn't match what `get_attestation` returns, **don't trade**. Open an issue.
+
+---
+
+## What v0 deliberately does NOT do
+
+Per scope guard `_hub/DESIGN/signer-mcp-probe.md` §6:
+
+- No multi-tenant: one account per venue per token.
+- No UPL editing UI: policies are set out-of-band on usenami.io/signer.
+- No WebSocket / streaming tools — REST only.
+- No cross-venue routing (`place_order` takes one venue).
+- No leverage configuration (`set_leverage`) — uses account defaults.
+- No withdrawals / transfers (closest is `cancel_order`).
+- No TWAP / iceberg — single-shot orders only.
+- stdio transport only — no SSE or remote HTTP.
+
+If you need any of the above, file an issue describing the use case. v0 keeps the surface tight on purpose.
+
+---
+
+## Development
+
+```bash
+# install deps
+npm install
+
+# typecheck + build
+npm run build
+
+# run from source against staging
+SIGNER_GATEWAY_URL=https://staging.signer.usenami.io \
+SIGNER_API_TOKEN=sk_test_... \
+npm run dev
+```
+
+The transport is stdio; you'll need an MCP-aware client to actually exercise the tools. The Anthropic [`mcp-inspector`](https://github.com/modelcontextprotocol/inspector) is the fastest way to poke at it locally.
+
+---
+
+## License
+
+MIT. See [LICENSE](LICENSE).

package/dist/index.d.ts

@@ -0,0 +1,31 @@
+#!/usr/bin/env node
+/**
+ * @usenami/signer-mcp — v0 (MCP entry point)
+ *
+ * Sign CEX orders from any MCP-aware AI agent (Claude Desktop, Cursor, ElizaOS)
+ * with keys that never leave an AWS Nitro Enclave.
+ *
+ * Per the scoping doc `_hub/DESIGN/signer-mcp-probe.md` (§2), v0 ships five
+ * tools backed by the Usenami Signer gateway. Tool logic lives in `lib.ts`
+ * so unit tests can exercise it without booting the MCP transport.
+ *
+ * Configuration (claude_desktop_config.json):
+ *
+ *   {
+ *     "mcpServers": {
+ *       "signer": {
+ *         "command": "npx",
+ *         "args": ["-y", "@usenami/signer-mcp"],
+ *         "env": {
+ *           "SIGNER_GATEWAY_URL": "https://signer.usenami.io",
+ *           "SIGNER_API_TOKEN": "...issued from signer.usenami.io..."
+ *         }
+ *       }
+ *     }
+ *   }
+ *
+ * Scope-guard §6 of the design doc: stdio only, no multi-tenant, no UPL UI,
+ * no streaming, no cross-venue routing, no withdrawals — the enclave key
+ * NEVER leaves the enclave; this process only proxies intents.
+ */
+export {};

package/dist/index.js

@@ -0,0 +1,197 @@
+#!/usr/bin/env node
+/**
+ * @usenami/signer-mcp — v0 (MCP entry point)
+ *
+ * Sign CEX orders from any MCP-aware AI agent (Claude Desktop, Cursor, ElizaOS)
+ * with keys that never leave an AWS Nitro Enclave.
+ *
+ * Per the scoping doc `_hub/DESIGN/signer-mcp-probe.md` (§2), v0 ships five
+ * tools backed by the Usenami Signer gateway. Tool logic lives in `lib.ts`
+ * so unit tests can exercise it without booting the MCP transport.
+ *
+ * Configuration (claude_desktop_config.json):
+ *
+ *   {
+ *     "mcpServers": {
+ *       "signer": {
+ *         "command": "npx",
+ *         "args": ["-y", "@usenami/signer-mcp"],
+ *         "env": {
+ *           "SIGNER_GATEWAY_URL": "https://signer.usenami.io",
+ *           "SIGNER_API_TOKEN": "...issued from signer.usenami.io..."
+ *         }
+ *       }
+ *     }
+ *   }
+ *
+ * Scope-guard §6 of the design doc: stdio only, no multi-tenant, no UPL UI,
+ * no streaming, no cross-venue routing, no withdrawals — the enclave key
+ * NEVER leaves the enclave; this process only proxies intents.
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import { PACKAGE_VERSION, STATIC_VENUES, handleCancelOrder, handleGetAccount, handleGetAttestation, handleListVenues, handlePlaceOrder, } from "./lib.js";
+import { getAccountParser } from "./parsers/index.js";
+// ── Environment ──
+const GATEWAY_URL = (process.env.SIGNER_GATEWAY_URL || "https://signer.usenami.io").replace(/\/+$/, "");
+const API_TOKEN = (process.env.SIGNER_API_TOKEN || "").trim();
+// Optional override for fetch timeout — useful when running the smoke test
+// against an unreachable host or in CI where 30s is too slow. Validated to
+// be a positive integer; falls back to lib's DEFAULT_FETCH_TIMEOUT_MS otherwise.
+const TIMEOUT_RAW = (process.env.SIGNER_FETCH_TIMEOUT_MS || "").trim();
+const TIMEOUT_MS = (() => {
+    if (TIMEOUT_RAW.length === 0)
+        return undefined;
+    const n = parseInt(TIMEOUT_RAW, 10);
+    return Number.isFinite(n) && n > 0 ? n : undefined;
+})();
+const cfg = {
+    gatewayUrl: GATEWAY_URL,
+    apiToken: API_TOKEN || undefined,
+    fetchTimeoutMs: TIMEOUT_MS,
+};
+const HAS_TOKEN = API_TOKEN.length > 0;
+// ── MCP tool annotations ──
+const READ_ONLY_ANNOTATIONS = {
+    readOnlyHint: true,
+    destructiveHint: false,
+    idempotentHint: true,
+    openWorldHint: true,
+};
+const WRITE_DESTRUCTIVE_ANNOTATIONS = {
+    readOnlyHint: false,
+    destructiveHint: true,
+    idempotentHint: false,
+    openWorldHint: true,
+};
+// ── Tool descriptions (read by agents) ──
+const DESC_LIST_VENUES = "List the venues this Signer can sign trades for. Returns the venue id, " +
+    "asset class (perp / spot / margin), and auth scheme (hmac / eip712 / " +
+    "ed25519). Read-only static manifest — does NOT need the Signer gateway " +
+    "to be reachable. Call this first to discover what's signable.";
+const DESC_GET_ATTESTATION = "Return the Signer enclave's AWS Nitro attestation document (PCR0, " +
+    "PCR1, PCR2 measurements + AWS-issued signature). This proves the code " +
+    "currently signing your orders matches the published source. The enclave's " +
+    "signing key NEVER leaves attested code. Verify the PCR0 against " +
+    "https://usenami.io/signer/attestations before trusting any place_order.";
+const DESC_GET_ACCOUNT = "Return equity, free margin, and open positions for a venue. Read-only " +
+    "(does not sign anything that mutates state). Use BEFORE place_order to " +
+    "confirm the account has margin. Requires SIGNER_API_TOKEN.";
+const DESC_PLACE_ORDER = "Place a single order on the named venue. The Signer enclave will sign " +
+    "the venue-native payload using a key that has never been exported. " +
+    "Policy enforced server-side: orders that exceed per-asset caps are " +
+    "rejected by the enclave before signing. Returns the venue's order_id on " +
+    "success. Side effect: real or testnet trade depending on venue env.";
+const DESC_CANCEL_ORDER = "Cancel an outstanding order by its venue order_id. Signed inside the " +
+    "enclave just like place_order. Returns the cancellation receipt from " +
+    "the venue. Idempotent: cancelling a non-existent / already-filled " +
+    "order returns ok=false with a reason from the venue.";
+// ── Schemas ──
+const VenueIdSchema = z
+    .enum(STATIC_VENUES.map((v) => v.venue))
+    .describe("Venue identifier. Must match an entry returned by list_venues — " +
+    "any other value will be rejected by the gateway.");
+const TickerSchema = z
+    .string()
+    .min(1)
+    .max(32)
+    .regex(/^[A-Z0-9_-]+$/, "Use venue-native symbol format (no slash)")
+    .describe("Venue-native trading symbol. Examples: BTCUSDT (binance), " +
+    "BTC-USDT-SWAP (okx), BTC-USD (asterdex). Case-sensitive.");
+const OrderSideSchema = z
+    .enum(["buy", "sell"])
+    .describe("buy = long open / short close; sell = short open / long close.");
+const OrderTypeSchema = z
+    .enum(["market", "limit"])
+    .describe("market = immediate fill at venue best; limit = resting order at `price`.");
+const QuantitySchema = z
+    .number()
+    .positive()
+    .describe("Order quantity in base asset (e.g. BTC), NOT in USD-notional. Some " +
+    "venues require a minimum (Binance: 0.001 BTC). Refer to venue docs.");
+const PriceSchema = z
+    .number()
+    .positive()
+    .optional()
+    .describe("Limit price in quote asset. Required for type=limit, ignored for " +
+    "type=market.");
+const PolicyIdSchema = z
+    .string()
+    .optional()
+    .describe("Optional policy id override. If omitted, the gateway uses the default " +
+    "policy bound to the provided SIGNER_API_TOKEN.");
+// ── Server setup ──
+const server = new McpServer({
+    name: "@usenami/signer-mcp",
+    version: PACKAGE_VERSION,
+});
+server.registerTool("list_venues", {
+    description: DESC_LIST_VENUES,
+    inputSchema: {},
+    annotations: { ...READ_ONLY_ANNOTATIONS, title: "List supported venues" },
+}, async () => handleListVenues());
+server.registerTool("get_attestation", {
+    description: DESC_GET_ATTESTATION,
+    inputSchema: {},
+    annotations: {
+        ...READ_ONLY_ANNOTATIONS,
+        title: "Get Nitro attestation document",
+    },
+}, async () => handleGetAttestation(cfg));
+server.registerTool("get_account", {
+    description: DESC_GET_ACCOUNT,
+    inputSchema: { venue: VenueIdSchema },
+    annotations: {
+        ...READ_ONLY_ANNOTATIONS,
+        title: "Get venue account snapshot",
+    },
+}, async (args) => handleGetAccount(cfg, args, getAccountParser));
+server.registerTool("place_order", {
+    description: DESC_PLACE_ORDER,
+    inputSchema: {
+        venue: VenueIdSchema,
+        symbol: TickerSchema,
+        side: OrderSideSchema,
+        qty: QuantitySchema,
+        type: OrderTypeSchema,
+        price: PriceSchema,
+        policy_id: PolicyIdSchema,
+    },
+    annotations: {
+        ...WRITE_DESTRUCTIVE_ANNOTATIONS,
+        title: "Place a single order via Signer enclave",
+    },
+}, async (args) => handlePlaceOrder(cfg, args));
+server.registerTool("cancel_order", {
+    description: DESC_CANCEL_ORDER,
+    inputSchema: {
+        venue: VenueIdSchema,
+        order_id: z
+            .string()
+            .min(1)
+            .describe("Venue-native order identifier returned by place_order."),
+        symbol: TickerSchema.optional().describe("Venue-native symbol — REQUIRED for binance + okx cancels (their " +
+            "REST APIs need the symbol on the cancel route). Optional for " +
+            "venues that derive it from order_id alone."),
+    },
+    annotations: {
+        readOnlyHint: false,
+        destructiveHint: false,
+        idempotentHint: true,
+        openWorldHint: true,
+        title: "Cancel an outstanding order",
+    },
+}, async (args) => handleCancelOrder(cfg, args));
+// ── Boot ──
+async function main() {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    process.stderr.write(`[signer-mcp v${PACKAGE_VERSION}] connected — gateway=${GATEWAY_URL} ` +
+        `auth=${HAS_TOKEN ? "yes" : "no"}\n`);
+}
+main().catch((err) => {
+    process.stderr.write(`[signer-mcp] fatal: ${err.stack ?? err}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAEL,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,oBAAoB;AACpB,MAAM,WAAW,GAAG,CAClB,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,2BAA2B,CAC9D,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACtB,MAAM,SAAS,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;AAC9D,2EAA2E;AAC3E,2EAA2E;AAC3E,iFAAiF;AACjF,MAAM,WAAW,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;AACvE,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE;IACvB,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC/C,MAAM,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACpC,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AACrD,CAAC,CAAC,EAAE,CAAC;AACL,MAAM,GAAG,GAAkB;IACzB,UAAU,EAAE,WAAW;IACvB,QAAQ,EAAE,SAAS,IAAI,SAAS;IAChC,cAAc,EAAE,UAAU;CAC3B,CAAC;AACF,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;AAEvC,6BAA6B;AAC7B,MAAM,qBAAqB,GAAG;IAC5B,YAAY,EAAE,IAAa;IAC3B,eAAe,EAAE,KAAc;IAC/B,cAAc,EAAE,IAAa;IAC7B,aAAa,EAAE,IAAa;CAC7B,CAAC;AAEF,MAAM,6BAA6B,GAAG;IACpC,YAAY,EAAE,KAAc;IAC5B,eAAe,EAAE,IAAa;IAC9B,cAAc,EAAE,KAAc;IAC9B,aAAa,EAAE,IAAa;CAC7B,CAAC;AAEF,2CAA2C;AAC3C,MAAM,gBAAgB,GACpB,yEAAyE;IACzE,uEAAuE;IACvE,yEAAyE;IACzE,+DAA+D,CAAC;AAElE,MAAM,oBAAoB,GACxB,oEAAoE;IACpE,wEAAwE;IACxE,4EAA4E;IAC5E,kEAAkE;IAClE,yEAAyE,CAAC;AAE5E,MAAM,gBAAgB,GACpB,wEAAwE;IACxE,yEAAyE;IACzE,4DAA4D,CAAC;AAE/D,MAAM,gBAAgB,GACpB,wEAAwE;IACxE,qEAAqE;IACrE,qEAAqE;IACrE,0EAA0E;IAC1E,qEAAqE,CAAC;AAExE,MAAM,iBAAiB,GACrB,uEAAuE;IACvE,uEAAuE;IACvE,oEAAoE;IACpE,sDAAsD,CAAC;AAEzD,gBAAgB;AAChB,MAAM,aAAa,GAAG,CAAC;KACpB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAA0B,CAAC;KAChE,QAAQ,CACP,kEAAkE;IAChE,kDAAkD,CACrD,CAAC;AAEJ,MAAM,YAAY,GAAG,CAAC;KACnB,MAAM,EAAE;KACR,GAAG,CAAC,CAAC,CAAC;KACN,GAAG,CAAC,EAAE,CAAC;KACP,KAAK,CAAC,eAAe,EAAE,2CAA2C,CAAC;KACnE,QAAQ,CACP,4DAA4D;IAC1D,0DAA0D,CAC7D,CAAC;AAEJ,MAAM,eAAe,GAAG,CAAC;KACtB,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;KACrB,QAAQ,CAAC,gEAAgE,CAAC,CAAC;AAE9E,MAAM,eAAe,GAAG,CAAC;KACtB,IAAI,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;KACzB,QAAQ,CACP,0EAA0E,CAC3E,CAAC;AAEJ,MAAM,cAAc,GAAG,CAAC;KACrB,MAAM,EAAE;KACR,QAAQ,EAAE;KACV,QAAQ,CACP,qEAAqE;IACnE,qEAAqE,CACxE,CAAC;AAEJ,MAAM,WAAW,GAAG,CAAC;KAClB,MAAM,EAAE;KACR,QAAQ,EAAE;KACV,QAAQ,EAAE;KACV,QAAQ,CACP,mEAAmE;IACjE,cAAc,CACjB,CAAC;AAEJ,MAAM,cAAc,GAAG,CAAC;KACrB,MAAM,EAAE;KACR,QAAQ,EAAE;KACV,QAAQ,CACP,wEAAwE;IACtE,gDAAgD,CACnD,CAAC;AAEJ,qBAAqB;AACrB,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,qBAAqB;IAC3B,OAAO,EAAE,eAAe;CACzB,CAAC,CAAC;AAEH,MAAM,CAAC,YAAY,CACjB,aAAa,EACb;IACE,WAAW,EAAE,gBAAgB;IAC7B,WAAW,EAAE,EAAE;IACf,WAAW,EAAE,EAAE,GAAG,qBAAqB,EAAE,KAAK,EAAE,uBAAuB,EAAE;CAC1E,EACD,KAAK,IAAI,EAAE,CAAC,gBAAgB,EAAE,CAC/B,CAAC;AAEF,MAAM,CAAC,YAAY,CACjB,iBAAiB,EACjB;IACE,WAAW,EAAE,oBAAoB;IACjC,WAAW,EAAE,EAAE;IACf,WAAW,EAAE;QACX,GAAG,qBAAqB;QACxB,KAAK,EAAE,gCAAgC;KACxC;CACF,EACD,KAAK,IAAI,EAAE,CAAC,oBAAoB,CAAC,GAAG,CAAC,CACtC,CAAC;AAEF,MAAM,CAAC,YAAY,CACjB,aAAa,EACb;IACE,WAAW,EAAE,gBAAgB;IAC7B,WAAW,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE;IACrC,WAAW,EAAE;QACX,GAAG,qBAAqB;QACxB,KAAK,EAAE,4BAA4B;KACpC;CACF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAyB,EAAE,gBAAgB,CAAC,CACnF,CAAC;AAEF,MAAM,CAAC,YAAY,CACjB,aAAa,EACb;IACE,WAAW,EAAE,gBAAgB;IAC7B,WAAW,EAAE;QACX,KAAK,EAAE,aAAa;QACpB,MAAM,EAAE,YAAY;QACpB,IAAI,EAAE,eAAe;QACrB,GAAG,EAAE,cAAc;QACnB,IAAI,EAAE,eAAe;QACrB,KAAK,EAAE,WAAW;QAClB,SAAS,EAAE,cAAc;KAC1B;IACD,WAAW,EAAE;QACX,GAAG,6BAA6B;QAChC,KAAK,EAAE,yCAAyC;KACjD;CACF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CACb,gBAAgB,CAAC,GAAG,EAAE,IAA8C,CAAC,CACxE,CAAC;AAEF,MAAM,CAAC,YAAY,CACjB,cAAc,EACd;IACE,WAAW,EAAE,iBAAiB;IAC9B,WAAW,EAAE;QACX,KAAK,EAAE,aAAa;QACpB,QAAQ,EAAE,CAAC;aACR,MAAM,EAAE;aACR,GAAG,CAAC,CAAC,CAAC;aACN,QAAQ,CAAC,wDAAwD,CAAC;QACrE,MAAM,EAAE,YAAY,CAAC,QAAQ,EAAE,CAAC,QAAQ,CACtC,kEAAkE;YAChE,+DAA+D;YAC/D,4CAA4C,CAC/C;KACF;IACD,WAAW,EAAE;QACX,YAAY,EAAE,KAAc;QAC5B,eAAe,EAAE,KAAc;QAC/B,cAAc,EAAE,IAAa;QAC7B,aAAa,EAAE,IAAa;QAC5B,KAAK,EAAE,6BAA6B;KACrC;CACF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CACb,iBAAiB,CAAC,GAAG,EAAE,IAA2C,CAAC,CACtE,CAAC;AAEF,aAAa;AACb,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,gBAAgB,eAAe,yBAAyB,WAAW,GAAG;QACpE,QAAQ,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CACvC,CAAC;AACJ,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAwB,GAAa,CAAC,KAAK,IAAI,GAAG,IAAI,CAAC,CAAC;IAC7E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/lib.d.ts

@@ -0,0 +1,129 @@
+/**
+ * Core handlers and helpers for @usenami/signer-mcp.
+ *
+ * Extracted from index.ts so unit tests can exercise the gateway-call paths
+ * without booting a real MCP transport. index.ts wires these into MCP tools.
+ */
+export declare const PACKAGE_VERSION = "0.1.0";
+export declare const DEFAULT_FETCH_TIMEOUT_MS = 30000;
+export interface VenueEntry {
+    venue: string;
+    asset_class: string;
+    auth_scheme: "hmac_sha256" | "eip712" | "ed25519";
+    network?: string;
+    notes?: string;
+}
+export declare const STATIC_VENUES: VenueEntry[];
+export declare class GatewayError extends Error {
+    readonly status: number;
+    readonly body: string;
+    readonly endpoint: string;
+    constructor(status: number, body: string, endpoint: string);
+}
+export interface GatewayConfig {
+    gatewayUrl: string;
+    apiToken?: string;
+    fetchTimeoutMs?: number;
+    /** Injected for tests; defaults to global fetch. */
+    fetchImpl?: typeof fetch;
+}
+export interface GatewayCallOpts {
+    method?: "GET" | "POST" | "DELETE";
+    body?: unknown;
+    authRequired?: boolean;
+}
+/**
+ * Single chokepoint for all gateway HTTP. Tests inject a `fetchImpl` and
+ * assert against the dispatched request.
+ *
+ * Edge cases handled:
+ *  - Missing token when authRequired → thrown with actionable message.
+ *  - Empty 200 OK body → returned as undefined (rare but possible on some
+ *    venues' cancel-already-filled paths).
+ *  - Non-2xx → GatewayError carries status + body for the agent to inspect.
+ *  - Timeout → AbortController + clearTimeout via try/finally.
+ */
+export declare function callGateway<T>(path: string, opts: GatewayCallOpts, cfg: GatewayConfig): Promise<T>;
+export interface ToolResult {
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+    isError?: true;
+    [x: string]: unknown;
+}
+export declare function toolJson<T>(value: T): ToolResult;
+export declare function toolError(message: string, hint?: string): ToolResult;
+export interface PlaceOrderInput {
+    venue: string;
+    symbol: string;
+    side: "buy" | "sell";
+    qty: number;
+    type: "market" | "limit";
+    price?: number;
+    policy_id?: string;
+}
+export interface CancelOrderInput {
+    venue: string;
+    order_id: string;
+    /**
+     * Required for binance + okx (their REST APIs need symbol on the cancel
+     * route). Optional for venues that derive it from order_id alone.
+     */
+    symbol?: string;
+}
+export interface SignedRequest {
+    venue: string;
+    method: "GET" | "POST" | "DELETE";
+    url: string;
+    headers: Record<string, string>;
+    body?: string;
+}
+/**
+ * Submit a single signed request to a venue and return parsed JSON (or text
+ * if the response isn't JSON). Errors include the venue endpoint + status so
+ * the agent can reason about which side failed.
+ */
+export declare function submitSignedRequest(req: SignedRequest, fetchImpl?: typeof fetch, timeoutMs?: number): Promise<unknown>;
+/**
+ * Submit a "bundle" — either a single SignedRequest or a map of named
+ * SignedRequests (`{balance: ..., positions: ...}`). Parallel for composite,
+ * returns the same shape with raw venue responses in place of each request.
+ */
+export declare function submitSignedBundle(bundle: unknown, fetchImpl?: typeof fetch, timeoutMs?: number): Promise<unknown>;
+export declare function handleListVenues(): Promise<ToolResult>;
+export declare function handleGetAttestation(cfg: GatewayConfig): Promise<ToolResult>;
+/**
+ * Option-A flow for /account:
+ *   1. POST gateway /account/<venue> → returns SignedRequest bundle
+ *   2. submitSignedBundle → fetch venue with signed headers
+ *   3. dispatch raw response to venue-specific parser
+ *   4. return NormalizedAccount
+ *
+ * If the gateway response is NOT a SignedRequest (e.g. asterdex indexer
+ * returns parsed data directly), we feed the raw payload to the parser
+ * unchanged — parser is tolerant of both shapes.
+ */
+export declare function handleGetAccount(cfg: GatewayConfig, args: {
+    venue: string;
+}, getParser: (venue: string) => AccountParser | undefined): Promise<ToolResult>;
+/**
+ * Option-A flow for /sign/order:
+ *   1. POST gateway /sign/order with intent body → returns SignedRequest
+ *   2. submitSignedRequest → fetch venue, return raw venue receipt
+ *   3. agent sees venue's native response (order_id format etc)
+ *
+ * No parser layer here — order receipts are per-venue and we don't normalize
+ * them in v0. Agent inspects raw response to decide next action.
+ */
+export declare function handlePlaceOrder(cfg: GatewayConfig, args: PlaceOrderInput): Promise<ToolResult>;
+/**
+ * Option-A flow for /sign/cancel — same as place_order.
+ *
+ * Note: Binance + OKX cancel routes require `symbol` on top of `order_id`.
+ * The MCP tool exposes optional `symbol` to support these (and ignores it
+ * for venues that don't need it).
+ */
+export declare function handleCancelOrder(cfg: GatewayConfig, args: CancelOrderInput): Promise<ToolResult>;
+import type { AccountParser } from "./parsers/types.js";
+export type { AccountParser };