athena-mcp 1.0.3 → 1.0.5

package/README.md

@@ -198,7 +198,7 @@ This will:
 2. Install Python dependencies (slither, web3, chromadb, etc.)
 3. Install system tools (Slither, Aderyn, Foundry)
 4. Copy the audit skill to `~/.claude/skills/athena-audit-skill/`
-5. Configure 13 MCP servers in Claude Code
+5. Configure 14 MCP servers in Claude Code
 
 ### Option B: curl install script
 
@@ -255,23 +255,48 @@ claude mcp add athena-gev-analyzer -- python3 ~/.athena/mcp/tools/gev_analyzer.p
 ### Quick Start (after install)
 
 ```bash
-# Audit a Solidity contract
-claude "audit contracts/test-cases/Reentrancy.sol"
+# 1. Configure environment for on-chain attestation + NFT minting
+export SEPOLIA_PRIVATE_KEY="0x你的测试网私钥"
+export SEPOLIA_RPC_URL="https://rpc.sepolia.org"
 
-# Full protocol audit with the agent workflow
-claude "read ~/.athena/AGENT-WORKFLOW-FINAL.md and audit this project"
+# 2. Full audit flow (scan → PoC → EAS attestation → NFT mint)
+claude "audit contracts/test-cases/Reentrancy.sol and mint NFT certificate"
 
-# Run Slither directly
-python3 ~/.athena/mcp/tools/slither_runner.py
+# Or just scan without on-chain steps
+claude "scan contracts/test-cases/Reentrancy.sol with slither and aderyn"
 ```
 
+**What happens:**
+- Slither + Aderyn static analysis
+- PoC generation + Foundry fuzz testing
+- EAS attestation on Sepolia (on-chain audit record)
+- NFT certificate minting (ERC-1155, S/A/B/C tiers)
+- Verification links to Etherscan + EAS explorer
+
 ---
 
 ## 快速开始（中文）
 
-Athena 的审计流程由 AI Agent（GLM-5.1）驱动，不是简单的脚本调用。Agent 读取 `AGENT-WORKFLOW-FINAL.md`，自主执行 8 步闭环。
+### 方式一：Claude Code（推荐）
+
+```bash
+# 1. 安装
+npx athena-mcp install
+
+# 2. 配置环境变量（用于 EAS 上链 + NFT 铸造）
+export SEPOLIA_PRIVATE_KEY="0x你的测试网私钥"
+export SEPOLIA_RPC_URL="https://rpc.sepolia.org"
+
+# 3. 完整审计流程（扫描 → PoC → EAS 上链 → NFT 铸造）
+claude "审计 contracts/test-cases/Reentrancy.sol 并铸造 NFT 证书"
+
+# 或只做漏洞扫描
+claude "用 slither 和 aderyn 扫描 contracts/test-cases/Reentrancy.sol"
+```
+
+Claude Code 会自动发现并调用 14 个 MCP 工具，完成从漏洞发现到链上认证的完整闭环。
 
-### 方式一：用 GLM-5.1 Agent 驱动（推荐）
+### 方式二：GLM-5.1 Agent
 
 ```bash
 # 1. 克隆项目
@@ -284,14 +309,13 @@ curl -L https://foundry.paradigm.xyz | bash  # Foundry
 
 # 3. 配置环境变量
 export SEPOLIA_PRIVATE_KEY="0x你的测试网私钥"
-export SEPOLIA_RPC_URL="https://rpc.sepolia.org"  # 或 Alchemy/Infura
+export SEPOLIA_RPC_URL="https://rpc.sepolia.org"
 
-# 4. 用 GLM-5.1 Agent 执行审计
+# 4. 用 GLM-5.1 执行
 # 将 AGENT-WORKFLOW-FINAL.md 的内容作为 prompt 发送给 GLM-5.1
-# Agent 会自主执行：扫描 → PoC → Fuzz → EAS 上链 → NFT 铸造
 ```
 
-Agent 会读取 `AGENT-WORKFLOW-FINAL.md`，按照 6 个 Phase 逐步执行，每一步验证通过后才继续下一步，最终输出链上验证链接和本地审计文件。
+GLM-5.1 需要读取 `AGENT-WORKFLOW-FINAL.md` 作为 step-by-step 指南，Claude Code 不需要。
 
 ### 方式二：手动逐步执行
 
@@ -375,7 +399,7 @@ cast send 0x3247d57d37bd1878479f03a077aba807649dbaf5 \
 
 详见 [smart-contract-audit-agents-comparison.md](./smart-contract-audit-agents-comparison.md)
 
-核心优势：**自建 13 个 MCP 工具 + 12 agent 并行审计方法论 + RAG 知识库 + PoC 生成 + Foundry fuzz + 攻击模拟 + 形式化验证 + EAS 链上认证 + Generative NFT，配合 GLM-5.1 的长程能力驱动从漏洞发现到链上证书的完整闭环。**
+核心优势：**自建 14 个 MCP 工具 + 12 agent 并行审计方法论 + RAG 知识库 + PoC 生成 + Foundry fuzz + 攻击模拟 + 形式化验证 + EAS 链上认证 + Generative NFT，配合 GLM-5.1 的长程能力驱动从漏洞发现到链上证书的完整闭环。**
 
 ## 开发工作流
 

package/mcp/servers.json

@@ -3,35 +3,45 @@
     {
       "name": "slither",
       "command": "python3",
-      "args": ["mcp/tools/slither_runner.py"],
+      "args": [
+        "mcp/tools/slither_runner.py"
+      ],
       "description": "Slither static analysis for Solidity contracts",
       "env": {}
     },
     {
       "name": "aderyn",
       "command": "python3",
-      "args": ["mcp/tools/aderyn_runner.py"],
+      "args": [
+        "mcp/tools/aderyn_runner.py"
+      ],
       "description": "Aderyn static analysis (Rust-based) for Solidity projects",
       "env": {}
     },
     {
       "name": "poc-generator",
       "command": "python3",
-      "args": ["mcp/tools/poc_generator.py"],
+      "args": [
+        "mcp/tools/poc_generator.py"
+      ],
       "description": "Generate Foundry PoC exploit tests for vulnerabilities",
       "env": {}
     },
     {
       "name": "fuzz-runner",
       "command": "python3",
-      "args": ["mcp/tools/fuzz_runner.py"],
+      "args": [
+        "mcp/tools/fuzz_runner.py"
+      ],
       "description": "Run Foundry fuzz and invariant tests",
       "env": {}
     },
     {
       "name": "knowledge-base",
       "command": "python3",
-      "args": ["mcp/tools/knowledge_base.py"],
+      "args": [
+        "mcp/tools/knowledge_base.py"
+      ],
       "description": "Query vulnerability knowledge base (ChromaDB RAG)",
       "env": {
         "KNOWLEDGE_PATH": "data/knowledge"
@@ -40,7 +50,9 @@
     {
       "name": "eas-attest",
       "command": "python3",
-      "args": ["mcp/tools/eas_attest.py"],
+      "args": [
+        "mcp/tools/eas_attest.py"
+      ],
       "description": "Submit EAS attestation on Sepolia testnet",
       "env": {
         "SEPOLIA_RPC_URL": "https://sepolia.drpc.org",
@@ -50,51 +62,74 @@
     {
       "name": "exploit-simulator",
       "command": "python3",
-      "args": ["mcp/tools/exploit_simulator.py"],
+      "args": [
+        "mcp/tools/exploit_simulator.py"
+      ],
       "description": "Simulate attack scenarios against smart contracts",
       "env": {}
     },
     {
       "name": "evidence-chain",
       "command": "python3",
-      "args": ["mcp/tools/evidence_chain.py"],
+      "args": [
+        "mcp/tools/evidence_chain.py"
+      ],
       "description": "Merkle-based audit evidence chain for verifiable audit trails",
       "env": {}
     },
     {
       "name": "halmos-runner",
       "command": "python3",
-      "args": ["mcp/tools/halmos_runner.py"],
+      "args": [
+        "mcp/tools/halmos_runner.py"
+      ],
       "description": "Symbolic execution and formal verification via Halmos",
       "env": {}
     },
     {
       "name": "protocol-scanner",
       "command": "python3",
-      "args": ["mcp/tools/protocol_scanner.py"],
+      "args": [
+        "mcp/tools/protocol_scanner.py"
+      ],
       "description": "Protocol-level dependency and interaction scanning",
       "env": {}
     },
     {
       "name": "repair-validator",
       "command": "python3",
-      "args": ["mcp/tools/repair_validator.py"],
+      "args": [
+        "mcp/tools/repair_validator.py"
+      ],
       "description": "Validate that vulnerability fixes are correct and complete",
       "env": {}
     },
     {
       "name": "incremental-auditor",
       "command": "python3",
-      "args": ["mcp/tools/incremental_auditor.py"],
+      "args": [
+        "mcp/tools/incremental_auditor.py"
+      ],
       "description": "Incremental audit for contract updates and diffs",
       "env": {}
     },
     {
       "name": "gev-analyzer",
       "command": "python3",
-      "args": ["mcp/tools/gev_analyzer.py"],
+      "args": [
+        "mcp/tools/gev_analyzer.py"
+      ],
       "description": "Governance, Economic, and Value analysis for DeFi protocols",
       "env": {}
+    },
+    {
+      "name": "nft-minter",
+      "command": "python3",
+      "args": [
+        "mcp/tools/nft_minter.py"
+      ],
+      "description": "Mint ERC-1155 audit certificate NFTs on Sepolia/Base Sepolia",
+      "env": {}
     }
   ]
-}
+}

package/mcp/tools/nft_minter.py

@@ -0,0 +1,224 @@
+#!/usr/bin/env python3
+"""
+Athena NFT Certificate Minter — MCP Tool
+Mints ERC-1155 audit certificate NFTs on Sepolia/Base Sepolia.
+"""
+
+import json
+import os
+import subprocess
+import sys
+from typing import Optional
+
+# Contract addresses
+CONTRACTS = {
+    "sepolia": "0x3247d57d37bd1878479f03a077aba807649dbaf5",
+    "base-sepolia": "0xb8f167a84816b5b9373997337119a2186c6e3708",
+}
+
+# Severity tiers: 1=S, 2=A, 3=B, 4=C
+TIER_MAP = {"S": 1, "A": 2, "B": 3, "C": 4}
+
+
+def build_tool_definitions() -> list:
+    return [
+        {
+            "name": "mint_audit_nft",
+            "description": "Mint an ERC-1155 audit certificate NFT. Requires a valid EAS attestation UID from a prior eas_attest step. The NFT tier (S/A/B/C) is determined by the audit severity.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "eas_uid": {
+                        "type": "string",
+                        "description": "The EAS attestation UID (0x..., 66 chars) from the eas_attest step"
+                    },
+                    "tier": {
+                        "type": "string",
+                        "enum": ["S", "A", "B", "C"],
+                        "description": "Audit certificate tier: S=critical findings, A=high, B=medium, C=low",
+                        "default": "S"
+                    },
+                    "chain": {
+                        "type": "string",
+                        "enum": ["sepolia", "base-sepolia"],
+                        "description": "Target chain (default: sepolia)",
+                        "default": "sepolia"
+                    },
+                    "recipient": {
+                        "type": "string",
+                        "description": "Recipient address (0x...). Defaults to the deployer wallet."
+                    }
+                },
+                "required": ["eas_uid"]
+            }
+        }
+    ]
+
+
+def mint_nft(eas_uid: str, tier: str = "S", chain: str = "sepolia", recipient: Optional[str] = None) -> dict:
+    """Mint an audit certificate NFT."""
+    private_key = os.environ.get("SEPOLIA_PRIVATE_KEY") or os.environ.get("PRIVATE_KEY")
+    rpc_url = os.environ.get("SEPOLIA_RPC_URL") or os.environ.get("RPC_URL")
+
+    if not private_key:
+        return {"error": "SEPOLIA_PRIVATE_KEY not set"}
+    if not rpc_url:
+        return {"error": "SEPOLIA_RPC_URL not set"}
+
+    contract = CONTRACTS.get(chain)
+    if not contract:
+        return {"error": f"Unsupported chain: {chain}"}
+
+    # Validate UID format
+    if not eas_uid.startswith("0x") or len(eas_uid) != 66:
+        return {"error": f"Invalid EAS UID format: {eas_uid} (expected 0x + 64 hex chars)"}
+
+    tier_num = TIER_MAP.get(tier.upper(), 1)
+
+    # Get recipient address
+    if not recipient:
+        try:
+            result = subprocess.run(
+                ["cast", "wallet", "address", private_key],
+                capture_output=True, text=True, timeout=10
+            )
+            recipient = result.stdout.strip()
+        except Exception as e:
+            return {"error": f"Failed to get wallet address: {e}"}
+
+    # Build cast command
+    # mintCertificate(address to, bytes32 uid, uint8 tier)
+    cmd = [
+        "cast", "send", contract,
+        "mintCertificate(address,bytes32,uint8)",
+        recipient, eas_uid, str(tier_num),
+        "--rpc-url", rpc_url,
+        "--private-key", private_key
+    ]
+
+    try:
+        result = subprocess.run(cmd, capture_output=True, text=True, timeout=120)
+
+        if result.returncode != 0:
+            return {"error": f"cast send failed: {result.stderr}"}
+
+        # Extract tx hash from output
+        output = result.stdout + result.stderr
+        tx_hash = None
+        for line in output.split("\n"):
+            if "transactionHash" in line or "0x" in line:
+                import re
+                match = re.search(r'0x[0-9a-fA-F]{64}', line)
+                if match:
+                    tx_hash = match.group(0)
+                    break
+
+        # Get receipt
+        if tx_hash:
+            receipt_cmd = ["cast", "receipt", tx_hash, "--rpc-url", rpc_url]
+            receipt_result = subprocess.run(receipt_cmd, capture_output=True, text=True, timeout=30)
+            status = "success" if "status: 1" in receipt_result.stdout or "status: 0x1" in receipt_result.stdout else "failed"
+
+            explorer_base = "https://sepolia.etherscan.io" if chain == "sepolia" else "https://sepolia.basescan.org"
+
+            return {
+                "success": True,
+                "tx_hash": tx_hash,
+                "tx_url": f"{explorer_base}/tx/{tx_hash}",
+                "contract": contract,
+                "contract_url": f"{explorer_base}/address/{contract}",
+                "recipient": recipient,
+                "eas_uid": eas_uid,
+                "tier": tier.upper(),
+                "chain": chain,
+                "status": status,
+                "verify_command": f"cast call {contract} \"balanceOf(address,uint256)\" {recipient} 1 --rpc-url {rpc_url}"
+            }
+        else:
+            return {"error": f"Could not extract tx hash from output: {output}"}
+
+    except subprocess.TimeoutExpired:
+        return {"error": "Transaction timed out (120s)"}
+    except Exception as e:
+        return {"error": str(e)}
+
+
+def handle_request(request: dict) -> dict:
+    """Handle JSON-RPC request."""
+    method = request.get("method")
+    params = request.get("params", {})
+    req_id = request.get("id", 1)
+
+    if method == "initialize":
+        return {
+            "jsonrpc": "2.0",
+            "id": req_id,
+            "result": {
+                "protocolVersion": "2024-11-05",
+                "capabilities": {"tools": {"listChanged": False}},
+                "serverInfo": {"name": "athena-nft-minter", "version": "1.0.0"}
+            }
+        }
+
+    elif method == "tools/list":
+        return {
+            "jsonrpc": "2.0",
+            "id": req_id,
+            "result": {"tools": build_tool_definitions()}
+        }
+
+    elif method == "tools/call":
+        tool_name = params.get("name")
+        args = params.get("arguments", {})
+
+        if tool_name == "mint_audit_nft":
+            result = mint_nft(**args)
+            return {
+                "jsonrpc": "2.0",
+                "id": req_id,
+                "result": {
+                    "content": [{"type": "text", "text": json.dumps(result, indent=2)}],
+                    "isError": not result.get("success", False)
+                }
+            }
+        else:
+            return {
+                "jsonrpc": "2.0",
+                "id": req_id,
+                "error": {"code": -32601, "message": f"Unknown tool: {tool_name}"}
+            }
+
+    elif method == "notifications/initialized":
+        return None  # No response needed for notifications
+
+    else:
+        return {
+            "jsonrpc": "2.0",
+            "id": req_id,
+            "error": {"code": -32601, "message": f"Unknown method: {method}"}
+        }
+
+
+def main():
+    """Main entry point — reads JSON-RPC from stdin, writes to stdout."""
+    for line in sys.stdin:
+        line = line.strip()
+        if not line:
+            continue
+
+        try:
+            request = json.loads(line)
+            response = handle_request(request)
+            if response is not None:
+                print(json.dumps(response), flush=True)
+        except json.JSONDecodeError:
+            error_response = {
+                "jsonrpc": "2.0",
+                "id": None,
+                "error": {"code": -32700, "message": "Parse error"}
+            }
+            print(json.dumps(error_response), flush=True)
+
+
+if __name__ == "__main__":
+    main()

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "athena-mcp",
-  "version": "1.0.3",
+  "version": "1.0.5",
   "description": "Athena — Web3 smart contract security audit MCP tools + Skills for Claude Code",
   "main": "install.js",
   "bin": {