chain-insights 0.3.9 → 0.3.18

package/dist/mcp-proxy.cjs

@@ -1,8 +1,8 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const require_chunk = require("./chunk-DakpK96I.cjs");
 const require_version = require("./version-CO9Or_YV.cjs");
-const require_client = require("./client-Y_zqKqJT.cjs");
-const require_tool_visibility = require("./tool-visibility-Buq7YdUZ.cjs");
+const require_client = require("./client-BY-56ojr.cjs");
+const require_tool_visibility = require("./tool-visibility--QPgrRE5.cjs");
 let node_url = require("node:url");
 let node_path = require("node:path");
 node_path = require_chunk.__toESM(node_path, 1);
@@ -10,33 +10,21 @@ let node_fs = require("node:fs");
 let node_fs_promises = require("node:fs/promises");
 let zod = require("zod");
 zod = require_chunk.__toESM(zod, 1);
+let node_crypto = require("node:crypto");
 let _modelcontextprotocol_sdk_server_mcp_js = require("@modelcontextprotocol/sdk/server/mcp.js");
 let _modelcontextprotocol_sdk_server_stdio_js = require("@modelcontextprotocol/sdk/server/stdio.js");
 let _modelcontextprotocol_sdk_client_index_js = require("@modelcontextprotocol/sdk/client/index.js");
 let _modelcontextprotocol_sdk_client_streamableHttp_js = require("@modelcontextprotocol/sdk/client/streamableHttp.js");
 let _modelcontextprotocol_ext_apps_server = require("@modelcontextprotocol/ext-apps/server");
 //#region src/mcp/proxy.ts
-const LOCAL_TOOL_NAMES = new Set([
-	"balance",
-	"help",
-	"case_open",
-	"case_list",
-	"case_resume",
-	"case_add_evidence",
-	"case_verify_evidence",
-	"case_export",
-	"case_update_dossier",
-	"case_start_session",
-	"case_end_session"
-]);
+const LOCAL_TOOL_NAMES = new Set(["balance", "help"]);
 const PUBLIC_GRAPHRAG_PROMPT_NAMES = new Set(["address-risk", "trace-tools"]);
 const GRAPH_RESOURCE_URI = "ui://chain-insights/graph";
 const GRAPH_APP_TOOL_NAMES = new Set([
-	"address_risk",
-	"stake_insights",
-	"trace_victim_funds",
-	"trace_suspect_funds",
-	"trace_deposit_sources"
+	"aml_address_risk",
+	"aml_trace_victim_funds",
+	"aml_trace_suspect_funds",
+	"aml_trace_deposit_sources"
 ]);
 const GRAPH_ARRAY_KEYS = [
 	"nodes",
@@ -58,21 +46,33 @@ const COMMA_SEPARATED_ADDRESS_FIELDS = new Set([
 	"deposit_addresses"
 ]);
 const KNOWN_PUBLIC_TOOL_REQUIRED_ARGS = {
-	address_risk: ["address", "network"],
-	stake_insights: ["network"],
-	trace_victim_funds: ["victim_addresses", "network"],
-	trace_suspect_funds: ["suspect_addresses", "network"],
-	trace_deposit_sources: ["deposit_addresses", "network"],
+	aml_address_risk: ["address", "network"],
+	exposure_profile: ["network"],
+	exposure_quality: ["network"],
+	exposure_carry: ["network"],
+	exposure_crowding: ["network", "instrument"],
+	exposure_exit_pressure: ["network"],
+	exposure_correlation: ["network"],
+	exposure_explain: ["network"],
+	aml_trace_victim_funds: ["victim_addresses", "network"],
+	aml_trace_suspect_funds: ["suspect_addresses", "network"],
+	aml_trace_deposit_sources: ["deposit_addresses", "network"],
 	graph_query: ["query", "network"],
 	graph_query_batch: ["network", "queries"]
 };
 const KNOWN_PUBLIC_TOOL_DESCRIPTIONS = {
 	network_capabilities: "Return supported Chain Insights networks, capability layers, tool availability, data retention windows, and freshness. Use this before choosing network-specific tools.",
-	address_risk: "Screen one full blockchain address for AML risk, behavior patterns, neighborhood context, exchange exposure, and optional comparison with compare_address. This includes the exchange-behavior analysis formerly covered by money_flows_between_exchanges. Use this as the first tool for a single-address investigation. The tool returns an investigator-ready summary; preserve full addresses exactly.",
-	stake_insights: "Explain Bittensor staking behavior around one full address, coldkey, or hotkey. Requires network plus exactly one of address, coldkey, or hotkey. Returns net staked/unstaked amounts, active coldkey-hotkey-netuid relationships, aggregate stake movement amounts, top counterparties, first/last activity, source backend, query evidence, and optional graph report metadata.",
-	trace_victim_funds: "Trace victim/source funds forward through intermediaries to exchange deposit candidates. Use only when the input addresses are victims or trusted stolen-source addresses; do not use for suspected deposit addresses because traceback belongs to trace_deposit_sources. Exchange hot wallets are terminal only, never candidate deposits. Returns chain-insights.trace.v1 and preserves full addresses exactly.",
-	trace_suspect_funds: "Trace suspected scammer, mule, operator, or laundering-ring funds forward to cashout topology. Use when the input addresses are suspect-controlled seeds; incident_timestamp_ms is optional. Do not use for victim/source addresses or suspected deposit endpoints. Exchange hot wallets are terminal only, never candidate suspects or intermediates. Returns chain-insights.trace.v1 and preserves full addresses exactly.",
-	trace_deposit_sources: "Trace backward from suspected deposit/cashout addresses to upstream sources, shared funders, and convergence. Use only when the input addresses are suspected non-exchange deposit endpoints; do not treat these seeds as scammers and do not continue forward from discovered suspects here. Exchange hot wallets are excluded as seeds and upstream sources. Returns chain-insights.trace.v1 and preserves full addresses exactly.",
+	aml_address_risk: "Screen one full blockchain address for AML risk, behavior patterns, neighborhood context, exchange exposure, and optional comparison with compare_address. This includes the exchange-behavior analysis formerly covered by money_flows_between_exchanges. Use this as the first AML tool for a single-address investigation. The tool returns an investigator-ready summary; preserve full addresses exactly.",
+	exposure_profile: "Explain exposure around one account, owner, or counterparty. Supports Bittensor staking exposure and Hyperliquid trading exposure through one generic response shape with venues, instruments, position changes, carry/risk fields when available, public support events, and caveats.",
+	exposure_quality: "Score whether exposure behavior looks disciplined, fragile, lucky, or noisy across Bittensor staking, Hyperliquid trading, and future exposure venues. Returns deterministic components, sample-size warnings, evidence, and caveats; it is not trading advice.",
+	exposure_carry: "Explain carry earned or paid by exposure, including funding, fees, emissions, dividends, validator take, or equivalent venue-native carry when indexed. Returns carry breakdowns, evidence, and missing-data caveats.",
+	exposure_crowding: "Measure whether a market, subnet, hotkey, vault, or strategy is crowded. Returns side concentration, top exposure rows, confidence, and caveats from generic exposure rows.",
+	exposure_exit_pressure: "Explain what could force or incentivize exits, including liquidation pressure, slippage/unstake pressure, funding pain, or missing risk coverage. Accepts either an account-style subject or an instrument/market subject.",
+	exposure_correlation: "Compare exposure behavior across accounts to find possible copy, overlap, or strategy-cluster relationships. Correlation is not proof of shared control.",
+	exposure_explain: "Explain the lifecycle of a specific exposure, position, trade, stake, or rotation using public support events, position changes, carry, risk fields, and caveats.",
+	aml_trace_victim_funds: "Trace victim/source funds forward through intermediaries to exchange deposit candidates. Use only when the input addresses are victims or trusted stolen-source addresses; do not use for suspected deposit addresses because traceback belongs to aml_trace_deposit_sources. Exchange hot wallets are terminal only, never candidate deposits. Returns chain-insights.trace.v1 and preserves full addresses exactly.",
+	aml_trace_suspect_funds: "Trace suspected scammer, mule, operator, or laundering-ring funds forward to cashout topology. Use when the input addresses are suspect-controlled seeds; incident_timestamp_ms is optional. Do not use for victim/source addresses or suspected deposit endpoints. Exchange hot wallets are terminal only, never candidate suspects or intermediates. Returns chain-insights.trace.v1 and preserves full addresses exactly.",
+	aml_trace_deposit_sources: "Trace backward from suspected deposit/cashout addresses to upstream sources, shared funders, and convergence. Use only when the input addresses are suspected non-exchange deposit endpoints; do not treat these seeds as scammers and do not continue forward from discovered suspects here. Exchange hot wallets are excluded as seeds and upstream sources. Returns chain-insights.trace.v1 and preserves full addresses exactly.",
 	graph_query: "Run a read-only GQL/Cypher query through the Chain Insights graph endpoint. Use USE live_topology for recent topology, USE archive_topology for historical topology, and USE facts for labels, features, risk scores, assets, and enrichment. Cross-layer correlated joins may be limited by the active graph endpoint; preserve full addresses exactly.",
 	graph_query_batch: "Run multiple read-only GQL/Cypher queries through the Chain Insights graph endpoint in one paid batch. Prefer this for related topology/facts reads."
 };
@@ -83,14 +83,22 @@ const FALLBACK_GRAPH_PRIMITIVE_TOOL_NAMES = [
 ];
 const NETWORK_DESCRIPTION = "Required network to query. Do not guess; use network_capabilities or ask the user if missing.";
 const REMOTE_GRAPH_TOOL_REQUEST_TIMEOUT_MS = 900 * 1e3;
+const EXPOSURE_TABLE_ROW_KEYS = [
+	"exposures",
+	"venues",
+	"top_exposures",
+	"pressure_bands",
+	"relationships",
+	"evidence",
+	"sides"
+];
 const CHAIN_INSIGHTS_WORKFLOW = [
 	"Workflow:",
-	"1. Chain Insights workspaces are Obsidian-compatible vaults. If the user is starting or continuing an investigation, use case_open or case_list/case_resume first.",
+	"1. Chain Insights workspaces are append-only local working directories. Bootstrap with cia init before workflows that persist artifacts.",
 	"2. Do not call investigation tools until required arguments are known. Network is required; use network_capabilities to check supported networks, data layers, retention, and freshness, or ask the user if missing.",
-	"3. Use address_risk for single-address enrichment. Use trace_victim_funds for victim/source forward tracing, trace_deposit_sources for reverse traceback from suspected deposit endpoints, and trace_suspect_funds for suspect-controlled outbound laundering/cashout topology. Use stake_insights for Bittensor staking behavior. Use graph_query(_batch) only when the high-level trace tools do not answer the exact question.",
-	"4. After a material result, preserve it with case_add_evidence when a case is active or ask whether to create/select a case.",
-	"5. Use case_update_dossier for durable address/entity findings and case_start_session/case_end_session for session notes.",
-	"6. For local review, use live vault notes refreshed with cia case vault refresh. When a case reaches a sharing or archive checkpoint, use case_verify_evidence and case_export to produce Obsidian, LLM Wiki, Codex, Claude Code, and ChatGPT-ready handoff bundles."
+	"3. Use aml_address_risk for single-address enrichment. Use exposure_profile, exposure_quality, exposure_carry, exposure_crowding, exposure_exit_pressure, exposure_correlation, and exposure_explain for exposure analysis. Use aml_trace_victim_funds for victim/source forward tracing, aml_trace_deposit_sources for reverse traceback from suspected deposit endpoints, and aml_trace_suspect_funds for suspect-controlled outbound laundering/cashout topology. Use graph_query(_batch) only when the high-level tools do not answer the exact question.",
+	"4. Persisted outputs belong in the initialized workspace under reports/, reports/graphs/, reports/tables/, artifacts/, entities/, sessions/, and published/.",
+	"5. For local review, inspect the generated Markdown and graph/table artifacts directly in the workspace."
 ].join("\n");
 const GRAPH_SCHEMA_HINTS = [
 	"Graph query hints for network=bittensor:",
@@ -117,16 +125,16 @@ const GRAPH_REPORT_HINTS = [
 	"- If an iframe reports that a graph report fetch failed, retry the graph-backed tool call so Chain Insights can recreate the report URL and ensure the local report server is running."
 ].join("\n");
 const SERVER_INSTRUCTIONS = [
-	"Chain Insights is a local AML investigation workspace for AI agents.",
+	"Chain Insights is a local graph-analysis workspace for AI agents.",
 	CHAIN_INSIGHTS_WORKFLOW,
 	GRAPH_REPORT_HINTS,
 	GRAPH_SCHEMA_HINTS,
-	"Presentation rules: preserve tool summaries as returned; never truncate blockchain addresses; use case tools to preserve evidence when a case exists."
+	"Presentation rules: preserve tool summaries as returned; never truncate blockchain addresses."
 ].join("\n\n");
 const STATELESS_SERVER_INSTRUCTIONS = [
 	"Chain Insights is running as a stateless AML proxy for a host application.",
-	"Do not use local case, evidence, dossier, session, wallet, or graph report workflows in this mode.",
-	"Use network_capabilities first when network support is unknown, then call address_risk, stake_insights, trace_victim_funds, trace_suspect_funds, trace_deposit_sources, graph_query, or graph_query_batch as needed.",
+	"Do not use local workspace persistence, wallet, or graph report workflows in this mode.",
+	"Use network_capabilities first when network support is unknown, then call aml_address_risk, exposure_profile, exposure_quality, exposure_carry, exposure_crowding, exposure_exit_pressure, exposure_correlation, exposure_explain, aml_trace_victim_funds, aml_trace_suspect_funds, aml_trace_deposit_sources, graph_query, or graph_query_batch as needed.",
 	GRAPH_SCHEMA_HINTS,
 	"Presentation rules: preserve tool summaries as returned; never truncate blockchain addresses."
 ].join("\n\n");
@@ -166,45 +174,105 @@ function graphToolMeta(tool) {
 }
 function knownPublicToolInputSchema(toolName) {
 	switch (toolName) {
-		case "address_risk": return {
+		case "aml_address_risk": return {
 			address: zod.string().min(1).describe("Full blockchain address to screen"),
 			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
 			compare_address: zod.string().optional().describe("Optional second full address for comparison"),
 			include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
 		};
-		case "trace_victim_funds": return {
+		case "aml_trace_victim_funds": return {
 			victim_addresses: zod.string().min(1).describe("Comma-separated full victim/source addresses. Min 1, max 5."),
 			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
 			known_suspect_addresses: zod.string().optional().describe("Optional known suspect addresses for context only. They are not reverse-traced by this tool. Max 5."),
 			incident_timestamp_ms: zod.number().min(0).optional().describe("Optional incident timestamp in milliseconds."),
 			include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
 		};
-		case "trace_suspect_funds": return {
+		case "aml_trace_suspect_funds": return {
 			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
 			suspect_addresses: zod.string().min(1).describe("Comma-separated full suspected scammer, mule, operator, or laundering-ring addresses. Min 1, max 5."),
 			incident_timestamp_ms: zod.number().min(0).optional().describe("Optional incident timestamp in milliseconds. This tool also works without a timestamp."),
-			max_hops: zod.number().int().min(1).max(5).optional().describe("Maximum forward trace hops. Default 3."),
-			case_id: zod.string().optional().describe("Optional Chain Insights case ID. When provided, compact evidence is appended to the case manifest.")
+			max_hops: zod.number().int().min(1).max(5).optional().describe("Maximum forward trace hops. Default 3.")
 		};
-		case "trace_deposit_sources": return {
+		case "aml_trace_deposit_sources": return {
 			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
 			deposit_addresses: zod.string().min(1).describe("Comma-separated full suspected deposit/cashout addresses. Min 1, max 5."),
 			max_hops: zod.number().int().min(1).max(5).optional().describe("Maximum reverse traceback hops. Default 2."),
-			case_id: zod.string().optional().describe("Optional Chain Insights case ID. When provided, compact evidence is appended to the case manifest."),
 			include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
 		};
-		case "stake_insights": return {
+		case "exposure_profile": return {
 			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
-			address: zod.string().optional().describe("Full Bittensor address to inspect as either coldkey or hotkey. Provide exactly one of address, coldkey, or hotkey."),
-			coldkey: zod.string().optional().describe("Full Bittensor coldkey address to inspect. Provide exactly one of address, coldkey, or hotkey."),
-			hotkey: zod.string().optional().describe("Full Bittensor hotkey address to inspect. Provide exactly one of address, coldkey, or hotkey."),
-			netuid: zod.number().int().min(0).optional().describe("Optional subnet netuid filter."),
+			account: zod.string().optional().describe("Full account address to inspect. Provide exactly one of account, owner, or counterparty."),
+			owner: zod.string().optional().describe("Full owner address to inspect. Provide exactly one of account, owner, or counterparty."),
+			counterparty: zod.string().optional().describe("Full counterparty address to inspect. Provide exactly one of account, owner, or counterparty."),
+			venue: zod.string().optional().describe("Optional venue filter, such as Bittensor or Hyperliquid."),
+			instrument: zod.string().optional().describe("Optional instrument display or durable identifier filter, such as Subnet 19 or BTC-PERP."),
+			instrument_type: zod.string().optional().describe("Optional instrument type filter, such as subnet, perp, spot, vault, staking, or other."),
 			start_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive lower activity timestamp bound in milliseconds."),
 			end_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive upper activity timestamp bound in milliseconds."),
-			start_block: zod.number().int().min(0).optional().describe("Optional start block. Current stake graph parity may require timestamp windows instead."),
-			end_block: zod.number().int().min(0).optional().describe("Optional end block. Current stake graph parity may require timestamp windows instead."),
-			depth: zod.number().int().min(1).max(3).optional().describe("Optional expansion depth limit. First release returns direct STAKES_IN relationships; default 1, max 3."),
-			include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
+			limit: zod.number().int().min(1).max(500).optional().describe("Maximum exposure rows to inspect. Default 100, max 500.")
+		};
+		case "exposure_quality":
+		case "exposure_carry": return {
+			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
+			account: zod.string().optional().describe("Full account address to inspect. Provide exactly one of account, owner, or counterparty."),
+			owner: zod.string().optional().describe("Full owner address to inspect. Provide exactly one of account, owner, or counterparty."),
+			counterparty: zod.string().optional().describe("Full counterparty address to inspect. Provide exactly one of account, owner, or counterparty."),
+			venue: zod.string().optional().describe("Optional venue filter, such as Bittensor or Hyperliquid."),
+			instrument: zod.string().optional().describe("Optional instrument display or durable identifier filter, such as Subnet 19 or BTC-PERP."),
+			instrument_type: zod.string().optional().describe("Optional instrument type filter, such as subnet, perp, spot, vault, staking, or other."),
+			start_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive lower activity timestamp bound in milliseconds."),
+			end_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive upper activity timestamp bound in milliseconds."),
+			limit: zod.number().int().min(1).max(500).optional().describe("Maximum exposure rows to inspect. Default 100, max 500.")
+		};
+		case "exposure_crowding": return {
+			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
+			instrument: zod.string().min(1).describe("Instrument, market, subnet, hotkey, vault, or durable exposure target identifier to inspect."),
+			market: zod.string().optional().describe("Alias for instrument when using market language."),
+			venue: zod.string().optional().describe("Optional venue filter, such as Bittensor or Hyperliquid."),
+			instrument_type: zod.string().optional().describe("Optional instrument type filter, such as subnet, perp, spot, vault, staking, or other."),
+			start_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive lower activity timestamp bound in milliseconds."),
+			end_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive upper activity timestamp bound in milliseconds."),
+			limit: zod.number().int().min(1).max(500).optional().describe("Maximum exposure rows to inspect. Default 100, max 500.")
+		};
+		case "exposure_exit_pressure": return {
+			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
+			account: zod.string().optional().describe("Optional account address to inspect. Provide an account-style subject or an instrument/market."),
+			owner: zod.string().optional().describe("Optional owner address to inspect. Provide an account-style subject or an instrument/market."),
+			counterparty: zod.string().optional().describe("Optional counterparty address to inspect. Provide an account-style subject or an instrument/market."),
+			instrument: zod.string().optional().describe("Instrument, market, subnet, hotkey, vault, or durable exposure target identifier to inspect."),
+			market: zod.string().optional().describe("Alias for instrument when using market language."),
+			venue: zod.string().optional().describe("Optional venue filter, such as Bittensor or Hyperliquid."),
+			instrument_type: zod.string().optional().describe("Optional instrument type filter, such as subnet, perp, spot, vault, staking, or other."),
+			start_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive lower activity timestamp bound in milliseconds."),
+			end_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive upper activity timestamp bound in milliseconds."),
+			limit: zod.number().int().min(1).max(500).optional().describe("Maximum exposure rows to inspect. Default 100, max 500.")
+		};
+		case "exposure_correlation": return {
+			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
+			account: zod.string().optional().describe("Full account address to inspect. Provide exactly one of account, owner, or counterparty."),
+			owner: zod.string().optional().describe("Full owner address to inspect. Provide exactly one of account, owner, or counterparty."),
+			counterparty: zod.string().optional().describe("Full counterparty address to inspect. Provide exactly one of account, owner, or counterparty."),
+			candidate_accounts: zod.union([zod.string(), zod.array(zod.string())]).optional().describe("Optional comma-separated or array candidate accounts to compare against."),
+			venue: zod.string().optional().describe("Optional venue filter, such as Bittensor or Hyperliquid."),
+			instrument: zod.string().optional().describe("Optional instrument display or durable identifier filter."),
+			instrument_type: zod.string().optional().describe("Optional instrument type filter, such as subnet, perp, spot, vault, staking, or other."),
+			start_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive lower activity timestamp bound in milliseconds."),
+			end_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive upper activity timestamp bound in milliseconds."),
+			limit: zod.number().int().min(1).max(500).optional().describe("Maximum exposure rows to inspect. Default 100, max 500.")
+		};
+		case "exposure_explain": return {
+			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
+			account: zod.string().optional().describe("Full account address to inspect. Provide exactly one of account, owner, or counterparty."),
+			owner: zod.string().optional().describe("Full owner address to inspect. Provide exactly one of account, owner, or counterparty."),
+			counterparty: zod.string().optional().describe("Full counterparty address to inspect. Provide exactly one of account, owner, or counterparty."),
+			instrument: zod.string().optional().describe("Optional instrument display or durable identifier filter."),
+			market: zod.string().optional().describe("Alias for instrument when using market language."),
+			position_id: zod.string().optional().describe("Optional venue-native position, trade, stake, rotation, or lifecycle identifier when available."),
+			venue: zod.string().optional().describe("Optional venue filter, such as Bittensor or Hyperliquid."),
+			instrument_type: zod.string().optional().describe("Optional instrument type filter, such as subnet, perp, spot, vault, staking, or other."),
+			start_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive lower activity timestamp bound in milliseconds."),
+			end_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive upper activity timestamp bound in milliseconds."),
+			limit: zod.number().int().min(1).max(500).optional().describe("Maximum exposure rows to inspect. Default 25, max 500.")
 		};
 		case "graph_query": return {
 			query: zod.string().min(1).describe("Read-only GQL/Cypher query. Use USE live_topology for recent topology, USE archive_topology for historical topology, and USE facts for labels, features, risk scores, assets, and enrichment."),
@@ -442,7 +510,7 @@ function registerLocalPrompts(server, remotePromptNames) {
 			network: zod.string().describe(NETWORK_DESCRIPTION)
 		}
 	}, async ({ address, network }) => promptResult([
-		`Use Chain Insights address_risk on ${network} for:`,
+		`Use Chain Insights aml_address_risk on ${network} for:`,
 		"",
 		`\`${address}\``,
 		"",
@@ -450,7 +518,7 @@ function registerLocalPrompts(server, remotePromptNames) {
 	].join("\n"), "Address risk screening"));
 	if (!remotePromptNames.has("trace-tools")) server.registerPrompt("trace-tools", {
 		title: "Trace Tools",
-		description: "Choose trace_victim_funds, trace_deposit_sources, or trace_suspect_funds based on the evidence role.",
+		description: "Choose aml_trace_victim_funds, aml_trace_deposit_sources, or aml_trace_suspect_funds based on the evidence role.",
 		argsSchema: {
 			addresses: zod.string().describe("Input addresses, comma-separated full addresses"),
 			role: zod.enum([
@@ -462,12 +530,12 @@ function registerLocalPrompts(server, remotePromptNames) {
 		}
 	}, async ({ addresses, role, network }) => {
 		return promptResult([
-			`Use Chain Insights ${role === "deposit" ? "trace_deposit_sources" : `trace_${role}_funds`} on ${network}.`,
+			`Use Chain Insights ${role === "deposit" ? "aml_trace_deposit_sources" : `aml_trace_${role}_funds`} on ${network}.`,
 			"",
 			"Full addresses:",
 			addresses,
 			"",
-			role === "deposit" ? "For deposit role, use trace_deposit_sources rather than trace_deposit_funds." : "Present the summary as-is and use continuation.recommended_next_tools for follow-up."
+			role === "deposit" ? "For deposit role, use aml_trace_deposit_sources rather than aml_trace_deposit_funds." : "Present the summary as-is and use continuation.recommended_next_tools for follow-up."
 		].join("\n"), "Trace role-specific funds");
 	});
 	server.registerPrompt("graph-query", {
@@ -511,49 +579,42 @@ function registerLocalPrompts(server, remotePromptNames) {
 	}, async () => promptResult("Use Chain Insights balance. Show the wallet address, network, token, and balance exactly as returned.", "Wallet balance"));
 	server.registerPrompt("help", {
 		title: "Chain Insights Help",
-		description: "Show available Chain Insights tools and investigation case workflow.",
+		description: "Show available Chain Insights tools and workspace workflow.",
 		argsSchema: {}
-	}, async () => promptResult("Use Chain Insights help. Summarize the available tools and investigation case workflow without inventing capabilities.", "Chain Insights help"));
-	server.registerPrompt("open-investigation-case", {
-		title: "Open Investigation Case",
-		description: "Create a local Chain Insights case for an investigation.",
-		argsSchema: {
-			name: zod.string().describe("Case name"),
-			tags: zod.string().optional().describe("Comma-separated tags"),
-			description: zod.string().optional().describe("Brief investigation description")
-		}
-	}, async ({ name, tags, description }) => promptResult([
-		"Use Chain Insights case_open to create a local investigation case.",
-		"",
-		`name: \`${name}\``,
-		tags ? `tags: \`${tags}\`` : "",
-		description ? `description: ${description}` : ""
-	].filter(Boolean).join("\n"), "Open investigation case"));
-	server.registerPrompt("resume-investigation-case", {
-		title: "Resume Investigation Case",
-		description: "Load local Chain Insights case context, evidence count, dossiers, and latest session.",
-		argsSchema: { case_id: zod.string().describe("Chain Insights case ID") }
-	}, async ({ case_id }) => promptResult(`Use Chain Insights case_resume for case_id: \`${case_id}\`. Continue from the returned context.`, "Resume investigation case"));
-	server.registerPrompt("save-investigation-evidence", {
-		title: "Save Investigation Evidence",
-		description: "Append a tool result or analyst note to a local Chain Insights case evidence manifest.",
-		argsSchema: {
-			case_id: zod.string().describe("Chain Insights case ID"),
-			source: zod.string().describe("Tool or source name")
-		}
-	}, async ({ case_id, source }) => promptResult([
-		"Use Chain Insights case_add_evidence after the next relevant tool result.",
-		"",
-		`case_id: \`${case_id}\``,
-		`source: \`${source}\``,
-		"content: use the exact report or note that should become evidence."
-	].join("\n"), "Save investigation evidence"));
+	}, async () => promptResult("Use Chain Insights help. Summarize the available tools and workspace workflow without inventing capabilities.", "Chain Insights help"));
 }
 function hasGraphArrayFields(value) {
 	if (!value || typeof value !== "object" || Array.isArray(value)) return false;
 	const record = value;
 	return GRAPH_ARRAY_KEYS.some((key) => Array.isArray(record[key]));
 }
+function sanitizeSlug(value) {
+	return value.toLowerCase().replace(/[^a-z0-9._-]+/g, "-").replace(/-+/g, "-").replace(/^[._-]+|[._-]+$/g, "") || "exposure";
+}
+function exposureArtifactTimestamp(date = /* @__PURE__ */ new Date()) {
+	return date.toISOString().replace(/[-:.]/g, "").replace(/\.[0-9]{3}Z$/, "Z");
+}
+function csvEscape(value) {
+	if (value === void 0 || value === null) return "\"\"";
+	if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") return JSON.stringify(String(value));
+	return JSON.stringify(value);
+}
+function tableRowsFromExposureContent(structuredContent) {
+	for (const key of EXPOSURE_TABLE_ROW_KEYS) {
+		const value = structuredContent[key];
+		if (!Array.isArray(value) || value.length === 0) continue;
+		if (!value.every((row) => isRecord(row))) continue;
+		return value;
+	}
+}
+function exposureRowsToCsv(rows) {
+	const headers = /* @__PURE__ */ new Set();
+	for (const row of rows) for (const key of Object.keys(row)) headers.add(key);
+	const headerList = [...headers];
+	const lines = [headerList.map(csvEscape).join(",")];
+	for (const row of rows) lines.push(headerList.map((header) => csvEscape(row[header])).join(","));
+	return lines.join("\n") + "\n";
+}
 function sanitizeStructuredContentForGraphPayload(structuredContent) {
 	if (!structuredContent) return void 0;
 	return sanitizeStructuredValue(structuredContent);
@@ -587,8 +648,8 @@ async function normalizeRemoteToolResult(result, config, toolName = "remote-grap
 	const graphPayload = getRemoteGraphPayload(result);
 	const meta = { ...result._meta ?? {} };
 	if (graphPayload && includeAttachments) {
-		const { writeGraphReport } = await Promise.resolve().then(() => require("./graph-reports-B3mkLP8Z.cjs"));
-		const { ensureArtifactServer } = await Promise.resolve().then(() => require("./artifact-server-XbN16DwU.cjs"));
+		const { writeGraphReport } = await Promise.resolve().then(() => require("./graph-reports-CkglRtg4.cjs"));
+		const { ensureArtifactServer } = await Promise.resolve().then(() => require("./artifact-server-v0WgTPFT.cjs"));
 		const report = await writeGraphReport(graphPayload, {
 			serverPort: config.serverPort,
 			slug: toolName || "remote-graph"
@@ -614,8 +675,8 @@ function shouldIncludeAttachments(args, workspaceArtifactsEnabled) {
 }
 async function writeLocalGraphMeta(graphData, config, slug, includeAttachments) {
 	if (!includeAttachments) return void 0;
-	const { writeGraphReport } = await Promise.resolve().then(() => require("./graph-reports-B3mkLP8Z.cjs"));
-	const { ensureArtifactServer } = await Promise.resolve().then(() => require("./artifact-server-XbN16DwU.cjs"));
+	const { writeGraphReport } = await Promise.resolve().then(() => require("./graph-reports-CkglRtg4.cjs"));
+	const { ensureArtifactServer } = await Promise.resolve().then(() => require("./artifact-server-v0WgTPFT.cjs"));
 	const report = await writeGraphReport(graphData, {
 		serverPort: config.serverPort,
 		slug
@@ -629,6 +690,51 @@ async function writeLocalGraphMeta(graphData, config, slug, includeAttachments)
 function graphMetaResult(graph) {
 	return graph ? { chainInsights: { graph } } : void 0;
 }
+async function writeExposureArtifacts(result, toolName, subject, network, includeAttachments) {
+	if (!includeAttachments) return void 0;
+	const { workspaceOutputPaths } = await Promise.resolve().then(() => require("./output-root-DI0tzA0X.cjs")).then((n) => n.output_root_exports);
+	const paths = workspaceOutputPaths();
+	const now = /* @__PURE__ */ new Date();
+	const slug = `${exposureArtifactTimestamp(now)}-${sanitizeSlug(toolName)}-${sanitizeSlug(subject)}-${(0, node_crypto.randomUUID)().replace(/-/g, "").slice(0, 12)}`;
+	await Promise.all([(0, node_fs_promises.mkdir)(paths.reportsRoot, {
+		recursive: true,
+		mode: 448
+	}), (0, node_fs_promises.mkdir)(paths.reportTablesRoot, {
+		recursive: true,
+		mode: 448
+	})]);
+	const reportPath = node_path.default.join(paths.reportsRoot, `${slug}.exposure-report.md`);
+	const compactFactsPath = node_path.default.join(paths.reportTablesRoot, `${slug}.compact-facts.json`);
+	const compactFacts = {
+		schema: result.structuredContent.schema,
+		tool: result.structuredContent.tool,
+		network,
+		subject,
+		generated_at: now.toISOString(),
+		summary_text: result.summaryText,
+		facts: result.structuredContent
+	};
+	const reportBody = [
+		`# ${toolName} Report`,
+		"",
+		`Network: ${network}`,
+		`Generated: ${now.toISOString()}`,
+		"",
+		result.summaryText,
+		"",
+		"## Artifacts",
+		`- Report: ${reportPath}`,
+		`- Compact facts: ${compactFactsPath}`
+	];
+	const tableRows = tableRowsFromExposureContent(result.structuredContent);
+	if (tableRows) {
+		const tablePath = node_path.default.join(paths.reportTablesRoot, `${slug}.table.csv`);
+		reportBody.push(`- Table: ${tablePath}`);
+		await (0, node_fs_promises.writeFile)(tablePath, exposureRowsToCsv(tableRows), { mode: 384 });
+	}
+	await (0, node_fs_promises.writeFile)(reportPath, reportBody.join("\n") + "\n", { mode: 384 });
+	await (0, node_fs_promises.writeFile)(compactFactsPath, JSON.stringify(compactFacts, null, 2) + "\n", { mode: 384 });
+}
 /**
 * Core proxy logic — exported so tests can inject dependencies directly.
 * The IIFE at the bottom calls this with real dependencies.
@@ -637,9 +743,9 @@ function graphMetaResult(graph) {
 * All diagnostic output goes to console.error() or process.stderr.write().
 */
 async function createProxy() {
-	const { loadConfig } = await Promise.resolve().then(() => require("./config-BwVx19Og.cjs")).then((n) => n.config_exports);
-	const { activeDataDir, findActiveWorkspace } = await Promise.resolve().then(() => require("./active-BVr55kvW.cjs")).then((n) => n.active_exports);
-	const { createConfiguredGraphMcpFetch, resolveGraphMcpEndpoint } = await Promise.resolve().then(() => require("./client-Y_zqKqJT.cjs")).then((n) => n.client_exports);
+	const { loadConfig } = await Promise.resolve().then(() => require("./config-CkW404Cs.cjs")).then((n) => n.config_exports);
+	const { activeDataDir, findActiveWorkspace } = await Promise.resolve().then(() => require("./active-XWv72R1X.cjs")).then((n) => n.active_exports);
+	const { createConfiguredGraphMcpFetch, resolveGraphMcpEndpoint } = await Promise.resolve().then(() => require("./client-BY-56ojr.cjs")).then((n) => n.client_exports);
 	const { loadSchema, saveSchema } = await Promise.resolve().then(() => require("./schema-cache-CJk1EL3L.cjs"));
 	const proxyMode = resolveMcpProxyMode();
 	const workspaceArtifactsEnabled = proxyMode === "workspace";
@@ -746,18 +852,6 @@ async function createProxy() {
 	const remotePromptNames = new Set(remotePrompts.map((prompt) => prompt.name));
 	for (const prompt of remotePrompts) registerRemotePrompt(server, remoteClient, prompt);
 	registerLocalPrompts(server, remotePromptNames);
-	const caseToolError = (label, err) => ({
-		content: [{
-			type: "text",
-			text: `${label} failed: ${err.message}`
-		}],
-		isError: true
-	});
-	const parseTags = (tags) => {
-		if (Array.isArray(tags)) return tags.map((tag) => tag.trim()).filter(Boolean);
-		if (typeof tags === "string") return tags.split(",").map((tag) => tag.trim()).filter(Boolean);
-		return [];
-	};
 	if (workspaceArtifactsEnabled) {
 		server.registerTool("balance", {
 			description: "Show the local Chain Insights payment wallet address and Base USDC balance.",
@@ -797,712 +891,279 @@ async function createProxy() {
 				connectDomains: graphArtifactOrigins(config)
 			} } }
 		}] }));
-		server.registerTool("case_open", {
-			description: "Create a local Chain Insights investigation case. Use this before saving evidence, dossiers, or session notes for a new investigation.",
+		if (!remoteToolNames.has("aml_address_risk")) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, "aml_address_risk", {
+			title: "Address Risk",
+			description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS.aml_address_risk,
 			inputSchema: {
-				name: zod.string().min(1).describe("Case name"),
-				tags: zod.union([zod.string(), zod.array(zod.string())]).optional().describe("Comma-separated tags or string array"),
-				description: zod.string().optional().describe("Brief investigation description")
+				address: zod.string().min(1).describe("Full blockchain address to screen"),
+				network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
+				compare_address: zod.string().optional().describe("Optional second full address for comparison"),
+				include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
 			},
+			_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
 			annotations: {
-				readOnlyHint: false,
+				readOnlyHint: true,
 				destructiveHint: false,
-				idempotentHint: false,
-				openWorldHint: false
+				idempotentHint: true,
+				openWorldHint: true
 			}
-		}, async ({ name, tags, description }) => {
+		}, async ({ address, network, compare_address, include_attachments }) => {
 			try {
-				const { CaseStore } = await Promise.resolve().then(() => require("./cases-Bz_9XKEw.cjs")).then((n) => n.cases_exports);
-				const created = await CaseStore.create({
-					name,
-					tags: parseTags(tags),
-					description: description ?? ""
+				if (!remoteConnected) return {
+					content: [{
+						type: "text",
+						text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
+					}],
+					isError: true
+				};
+				const { addressRisk } = await Promise.resolve().then(() => require("./public-tools-BREojpU7.cjs"));
+				const result = await addressRisk(remoteClient, {
+					address,
+					network,
+					compareAddress: compare_address,
+					writeArtifacts: workspaceArtifactsEnabled
 				});
-				const { casesRoot } = await Promise.resolve().then(() => require("./store-CQhU8dz8.cjs")).then((n) => n.store_exports);
+				const graph = await writeLocalGraphMeta(result.graphData, config, `address-risk-${network}-${address}`, shouldIncludeAttachments({ include_attachments }, workspaceArtifactsEnabled));
 				return {
 					content: [{
 						type: "text",
-						text: JSON.stringify({
-							case_id: created.id,
-							name: created.name,
-							status: created.status,
-							tags: created.tags,
-							directory: `${node_path.default.join(casesRoot(), created.id)}/`
-						}, null, 2)
+						text: result.summaryText
 					}],
+					structuredContent: result.structuredContent,
+					_meta: graphMetaResult(graph),
 					isError: false
 				};
 			} catch (err) {
-				return caseToolError("Case open", err);
-			}
-		});
-		server.registerTool("case_list", {
-			description: "List local Chain Insights investigation cases. Use before resuming when the user does not provide a case ID.",
-			inputSchema: { status: zod.enum([
-				"open",
-				"active",
-				"suspended",
-				"closed"
-			]).optional().describe("Optional status filter") },
-			annotations: {
-				readOnlyHint: true,
-				destructiveHint: false,
-				idempotentHint: true,
-				openWorldHint: false
-			}
-		}, async ({ status }) => {
-			try {
-				const { CaseStore } = await Promise.resolve().then(() => require("./cases-Bz_9XKEw.cjs")).then((n) => n.cases_exports);
-				const cases = await CaseStore.list();
-				const filtered = status ? cases.filter((entry) => entry.status === status) : cases;
-				return {
+				if (err instanceof require_client.PaymentRequiredError) return {
 					content: [{
 						type: "text",
-						text: JSON.stringify({ cases: filtered }, null, 2)
+						text: err.message
 					}],
-					isError: false
+					isError: true
 				};
-			} catch (err) {
-				return caseToolError("Case list", err);
-			}
-		});
-		server.registerTool("case_resume", {
-			description: "Load local Chain Insights case context: metadata, evidence count, dossier summaries, and latest session notes.",
-			inputSchema: { case_id: zod.string().min(1).describe("Chain Insights case ID") },
-			annotations: {
-				readOnlyHint: true,
-				destructiveHint: false,
-				idempotentHint: true,
-				openWorldHint: false
-			}
-		}, async ({ case_id }) => {
-			try {
-				const { CaseStore } = await Promise.resolve().then(() => require("./cases-Bz_9XKEw.cjs")).then((n) => n.cases_exports);
-				const context = await CaseStore.loadContext(case_id);
 				return {
 					content: [{
 						type: "text",
-						text: JSON.stringify(context, null, 2)
+						text: `Address risk failed: ${err.message}`
 					}],
-					isError: false
+					isError: true
 				};
-			} catch (err) {
-				return caseToolError("Case resume", err);
 			}
 		});
-		server.registerTool("case_add_evidence", {
-			description: "Append a tool result or analyst note to a local case evidence manifest. Use after address_risk, trace_victim_funds, trace_suspect_funds, trace_deposit_sources, graph_query, or manual findings that should be preserved.",
+		if (!remoteToolNames.has("aml_trace_victim_funds")) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, "aml_trace_victim_funds", {
+			title: "Trace Victim Funds",
+			description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS.aml_trace_victim_funds,
 			inputSchema: {
-				case_id: zod.string().min(1).describe("Chain Insights case ID"),
-				source: zod.string().min(1).describe("Source tool or evidence origin"),
-				content: zod.string().min(1).describe("Evidence markdown/text to store"),
-				query_params: zod.string().optional().describe("Original query parameters, for example \"network=bittensor address=...\"")
+				victim_addresses: zod.union([zod.string().min(1), zod.array(zod.string().min(1))]).describe("Comma-separated full victim/source addresses, or an array. Min 1, max 5."),
+				network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
+				known_suspect_addresses: zod.union([zod.string(), zod.array(zod.string())]).optional().describe("Known suspect addresses for context only. This tool does not reverse-trace them. Max 5."),
+				include_attachments: zod.boolean().optional().describe("Include graph app report metadata"),
+				incident_timestamp_ms: zod.number().min(0).optional().describe("Optional incident timestamp in milliseconds."),
+				max_hops: zod.number().int().min(1).max(5).optional(),
+				per_address_limit: zod.number().int().min(1).max(10).optional(),
+				min_amount_sum: zod.number().min(0).optional()
 			},
+			_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
 			annotations: {
 				readOnlyHint: false,
 				destructiveHint: false,
 				idempotentHint: false,
-				openWorldHint: false
+				openWorldHint: true
 			}
-		}, async ({ case_id, source, content, query_params }) => {
+		}, async ({ victim_addresses, known_suspect_addresses, network, incident_timestamp_ms, max_hops, per_address_limit, min_amount_sum, include_attachments }) => {
 			try {
-				const { EvidenceStore } = await Promise.resolve().then(() => require("./cases-Bz_9XKEw.cjs")).then((n) => n.cases_exports);
-				const saved = await EvidenceStore.append(case_id, {
-					source,
-					content,
-					queryParams: query_params ?? ""
+				if (!remoteConnected) return {
+					content: [{
+						type: "text",
+						text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
+					}],
+					isError: true
+				};
+				const { traceVictimFunds } = await Promise.resolve().then(() => require("./public-tools-BREojpU7.cjs"));
+				const result = await traceVictimFunds(remoteClient, config, {
+					victimAddresses: victim_addresses,
+					knownSuspectAddresses: known_suspect_addresses,
+					network,
+					incidentTimestampMs: incident_timestamp_ms,
+					maxHops: max_hops,
+					perAddressLimit: per_address_limit,
+					minAmountSum: min_amount_sum,
+					writeArtifacts: workspaceArtifactsEnabled
 				});
+				const graph = await writeLocalGraphMeta(result.graphData, config, `trace-victim-funds-${network}`, shouldIncludeAttachments({ include_attachments }, workspaceArtifactsEnabled));
 				return {
 					content: [{
 						type: "text",
-						text: JSON.stringify(saved, null, 2)
+						text: result.summaryText
 					}],
+					structuredContent: result.structuredContent,
+					_meta: graphMetaResult(graph),
 					isError: false
 				};
 			} catch (err) {
-				return caseToolError("Evidence append", err);
-			}
-		});
-		server.registerTool("case_verify_evidence", {
-			description: "Verify a local case evidence manifest and report tampered or missing evidence files.",
-			inputSchema: { case_id: zod.string().min(1).describe("Chain Insights case ID") },
-			annotations: {
-				readOnlyHint: true,
-				destructiveHint: false,
-				idempotentHint: true,
-				openWorldHint: false
-			}
-		}, async ({ case_id }) => {
-			try {
-				const { EvidenceStore } = await Promise.resolve().then(() => require("./cases-Bz_9XKEw.cjs")).then((n) => n.cases_exports);
-				const result = await EvidenceStore.verifyManifest(case_id);
+				if (err instanceof require_client.PaymentRequiredError) return {
+					content: [{
+						type: "text",
+						text: err.message
+					}],
+					isError: true
+				};
 				return {
 					content: [{
 						type: "text",
-						text: JSON.stringify(result, null, 2)
+						text: `Trace victim funds failed: ${err.message}`
 					}],
-					isError: false
+					isError: true
 				};
-			} catch (err) {
-				return caseToolError("Evidence verify", err);
 			}
 		});
-		server.registerTool("case_export", {
-			description: "Export a Chain Insights case to an Obsidian, LLM Wiki, Codex, Claude Code, and ChatGPT-friendly handoff bundle.",
+		if (!remoteToolNames.has("aml_trace_suspect_funds")) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, "aml_trace_suspect_funds", {
+			title: "Trace Suspect Funds",
+			description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS.aml_trace_suspect_funds,
 			inputSchema: {
-				case_id: zod.string().min(1).describe("Chain Insights case ID to export"),
-				target: zod.enum(["obsidian-llmwiki"]).optional().describe("Export target. Default obsidian-llmwiki."),
-				mode: zod.enum([
-					"private",
-					"partner",
-					"public"
-				]).optional().describe("Redaction mode. Default private."),
-				output_dir: zod.string().optional().describe("Optional output directory. Defaults to published/<case-slug>.")
+				network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
+				suspect_addresses: zod.union([zod.string().min(1), zod.array(zod.string().min(1))]).describe("Comma-separated full suspect-controlled addresses, or an array. Min 1, max 5."),
+				incident_timestamp_ms: zod.number().min(0).optional().describe("Optional incident timestamp in milliseconds. This tool works without it."),
+				max_hops: zod.number().int().min(1).max(5).optional().describe("Maximum forward trace hops. Default 3."),
+				per_address_limit: zod.number().int().min(1).max(10).optional(),
+				min_amount_sum: zod.number().min(0).optional(),
+				include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
 			},
+			_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
 			annotations: {
 				readOnlyHint: false,
 				destructiveHint: false,
 				idempotentHint: false,
-				openWorldHint: false
+				openWorldHint: true
 			}
-		}, async ({ case_id, target, mode, output_dir }) => {
+		}, async ({ suspect_addresses, incident_timestamp_ms, network, max_hops, per_address_limit, min_amount_sum, include_attachments }) => {
 			try {
-				const { exportCase } = await Promise.resolve().then(() => require("./export-D4v4-6F4.cjs"));
-				const result = await exportCase({
-					caseId: case_id,
-					target: target ?? "obsidian-llmwiki",
-					mode: mode ?? "private",
-					outputDir: output_dir
+				if (!remoteConnected) return {
+					content: [{
+						type: "text",
+						text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
+					}],
+					isError: true
+				};
+				const { traceSuspectFunds } = await Promise.resolve().then(() => require("./public-tools-BREojpU7.cjs"));
+				const result = await traceSuspectFunds(remoteClient, config, {
+					suspectAddresses: suspect_addresses,
+					network,
+					maxHops: max_hops,
+					perAddressLimit: per_address_limit,
+					minAmountSum: min_amount_sum,
+					incidentTimestampMs: incident_timestamp_ms,
+					writeArtifacts: workspaceArtifactsEnabled
 				});
+				const graph = await writeLocalGraphMeta(result.graphData, config, `trace-suspect-funds-${network}`, shouldIncludeAttachments({ include_attachments }, workspaceArtifactsEnabled));
 				return {
 					content: [{
 						type: "text",
-						text: [
-							`Case exported: ${result.outputDir}`,
-							`Manifest: ${result.manifestPath}`,
-							`Files: ${result.fileCount}`,
-							`Open first: ${result.nextFile}`,
-							...result.warnings.map((warning) => `Warning: ${warning}`)
-						].join("\n")
+						text: result.summaryText
 					}],
-					structuredContent: result,
+					structuredContent: result.structuredContent,
+					_meta: graphMetaResult(graph),
 					isError: false
 				};
 			} catch (err) {
-				return caseToolError("Case export", err);
-			}
-		});
-		server.registerTool("case_update_dossier", {
-			description: "Append a finding to an address/entity dossier inside a local Chain Insights case.",
-			inputSchema: {
-				case_id: zod.string().min(1).describe("Chain Insights case ID"),
-				address: zod.string().min(1).describe("Full address or entity identifier"),
-				finding: zod.string().min(1).describe("Finding to append"),
-				entity_type: zod.enum([
-					"eoa",
-					"contract",
-					"exchange",
-					"mixer",
-					"unknown"
-				]).optional().describe("Entity type")
-			},
-			annotations: {
-				readOnlyHint: false,
-				destructiveHint: false,
-				idempotentHint: false,
-				openWorldHint: false
-			}
-		}, async ({ case_id, address, finding, entity_type }) => {
-			try {
-				const { DossierStore } = await Promise.resolve().then(() => require("./cases-Bz_9XKEw.cjs")).then((n) => n.cases_exports);
-				await DossierStore.appendFinding(case_id, address, finding, entity_type ?? "unknown");
-				return {
+				if (err instanceof require_client.PaymentRequiredError) return {
 					content: [{
 						type: "text",
-						text: JSON.stringify({
-							case_id,
-							address,
-							updated: true
-						}, null, 2)
+						text: err.message
 					}],
-					isError: false
+					isError: true
 				};
-			} catch (err) {
-				return caseToolError("Dossier update", err);
-			}
-		});
-		server.registerTool("case_start_session", {
-			description: "Start a local investigation session file for a Chain Insights case.",
-			inputSchema: { case_id: zod.string().min(1).describe("Chain Insights case ID") },
-			annotations: {
-				readOnlyHint: false,
-				destructiveHint: false,
-				idempotentHint: false,
-				openWorldHint: false
-			}
-		}, async ({ case_id }) => {
-			try {
-				const { SessionStore } = await Promise.resolve().then(() => require("./cases-Bz_9XKEw.cjs")).then((n) => n.cases_exports);
-				const session = await SessionStore.start(case_id);
 				return {
 					content: [{
 						type: "text",
-						text: JSON.stringify(session, null, 2)
+						text: `Trace suspect funds failed: ${err.message}`
 					}],
-					isError: false
+					isError: true
 				};
-			} catch (err) {
-				return caseToolError("Session start", err);
 			}
 		});
-		server.registerTool("case_end_session", {
-			description: "End the latest local investigation session for a Chain Insights case with findings and next steps.",
+		if (!remoteToolNames.has("aml_trace_deposit_sources")) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, "aml_trace_deposit_sources", {
+			title: "Trace Deposit Sources",
+			description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS.aml_trace_deposit_sources,
 			inputSchema: {
-				case_id: zod.string().min(1).describe("Chain Insights case ID"),
-				findings: zod.string().optional().describe("Key findings from this session"),
-				next_steps: zod.string().optional().describe("Next investigation steps")
+				network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
+				deposit_addresses: zod.union([zod.string().min(1), zod.array(zod.string().min(1))]).describe("Comma-separated full suspected deposit/cashout addresses, or an array. Min 1, max 5."),
+				max_hops: zod.number().int().min(1).max(5).optional().describe("Maximum reverse traceback hops. Default 2."),
+				include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
 			},
+			_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
 			annotations: {
 				readOnlyHint: false,
 				destructiveHint: false,
 				idempotentHint: false,
-				openWorldHint: false
+				openWorldHint: true
 			}
-		}, async ({ case_id, findings, next_steps }) => {
+		}, async ({ deposit_addresses, network, max_hops, include_attachments }) => {
 			try {
-				const { SessionStore } = await Promise.resolve().then(() => require("./cases-Bz_9XKEw.cjs")).then((n) => n.cases_exports);
-				await SessionStore.end(case_id, {
-					findings: findings ?? "",
-					nextSteps: next_steps ?? ""
+				if (!remoteConnected) return {
+					content: [{
+						type: "text",
+						text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
+					}],
+					isError: true
+				};
+				const { traceDepositSources } = await Promise.resolve().then(() => require("./public-tools-BREojpU7.cjs"));
+				const result = await traceDepositSources(remoteClient, config, {
+					depositAddresses: deposit_addresses,
+					network,
+					maxHops: max_hops,
+					writeArtifacts: workspaceArtifactsEnabled
 				});
-				await SessionStore.archiveOldSessions(case_id);
+				const graph = await writeLocalGraphMeta(result.graphData, config, `trace-deposit-sources-${network}`, shouldIncludeAttachments({ include_attachments }, workspaceArtifactsEnabled));
 				return {
 					content: [{
 						type: "text",
-						text: JSON.stringify({
-							case_id,
-							ended: true
-						}, null, 2)
+						text: result.summaryText
 					}],
+					structuredContent: result.structuredContent,
+					_meta: graphMetaResult(graph),
 					isError: false
 				};
 			} catch (err) {
-				return caseToolError("Session end", err);
+				if (err instanceof require_client.PaymentRequiredError) return {
+					content: [{
+						type: "text",
+						text: err.message
+					}],
+					isError: true
+				};
+				return {
+					content: [{
+						type: "text",
+						text: `Trace deposit sources failed: ${err.message}`
+					}],
+					isError: true
+				};
 			}
 		});
-	}
-	if (!remoteToolNames.has("address_risk")) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, "address_risk", {
-		title: "Address Risk",
-		description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS.address_risk,
-		inputSchema: {
-			address: zod.string().min(1).describe("Full blockchain address to screen"),
-			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
-			compare_address: zod.string().optional().describe("Optional second full address for comparison"),
-			include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
-		},
-		_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
-		annotations: {
-			readOnlyHint: true,
-			destructiveHint: false,
-			idempotentHint: true,
-			openWorldHint: true
-		}
-	}, async ({ address, network, compare_address, include_attachments }) => {
-		try {
-			if (!remoteConnected) return {
-				content: [{
-					type: "text",
-					text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
-				}],
-				isError: true
-			};
-			const { addressRisk } = await Promise.resolve().then(() => require("./public-tools-BY3PTw6x.cjs"));
-			const result = await addressRisk(remoteClient, {
-				address,
-				network,
-				compareAddress: compare_address
-			});
-			const graph = await writeLocalGraphMeta(result.graphData, config, `address-risk-${network}-${address}`, shouldIncludeAttachments({ include_attachments }, workspaceArtifactsEnabled));
-			return {
-				content: [{
-					type: "text",
-					text: result.summaryText
-				}],
-				structuredContent: result.structuredContent,
-				_meta: graphMetaResult(graph),
-				isError: false
-			};
-		} catch (err) {
-			if (err instanceof require_client.PaymentRequiredError) return {
-				content: [{
-					type: "text",
-					text: err.message
-				}],
-				isError: true
-			};
-			return {
-				content: [{
-					type: "text",
-					text: `Address risk failed: ${err.message}`
-				}],
-				isError: true
-			};
-		}
-	});
-	if (!remoteToolNames.has("trace_victim_funds")) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, "trace_victim_funds", {
-		title: "Trace Victim Funds",
-		description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS.trace_victim_funds,
-		inputSchema: {
-			victim_addresses: zod.union([zod.string().min(1), zod.array(zod.string().min(1))]).describe("Comma-separated full victim/source addresses, or an array. Min 1, max 5."),
-			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
-			known_suspect_addresses: zod.union([zod.string(), zod.array(zod.string())]).optional().describe("Known suspect addresses for context only. This tool does not reverse-trace them. Max 5."),
-			include_attachments: zod.boolean().optional().describe("Include graph app report metadata"),
-			case_id: zod.string().optional().describe("Optional Chain Insights case ID. When provided, compact evidence is appended to the case manifest."),
-			incident_timestamp_ms: zod.number().min(0).optional().describe("Optional incident timestamp in milliseconds."),
-			max_hops: zod.number().int().min(1).max(5).optional(),
-			per_address_limit: zod.number().int().min(1).max(10).optional(),
-			min_amount_sum: zod.number().min(0).optional()
-		},
-		_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
-		annotations: {
-			readOnlyHint: false,
-			destructiveHint: false,
-			idempotentHint: false,
-			openWorldHint: true
-		}
-	}, async ({ victim_addresses, known_suspect_addresses, network, case_id, incident_timestamp_ms, max_hops, per_address_limit, min_amount_sum, include_attachments }) => {
-		try {
-			if (!remoteConnected) return {
-				content: [{
-					type: "text",
-					text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
-				}],
-				isError: true
-			};
-			if (!workspaceArtifactsEnabled && case_id) return {
-				content: [{
-					type: "text",
-					text: "case_id requires Chain Insights workspace mode; omit case_id when CHAIN_INSIGHTS_MCP_PROXY_MODE=stateless."
-				}],
-				isError: true
-			};
-			const { traceVictimFunds } = await Promise.resolve().then(() => require("./public-tools-BY3PTw6x.cjs"));
-			const result = await traceVictimFunds(remoteClient, config, {
-				victimAddresses: victim_addresses,
-				knownSuspectAddresses: known_suspect_addresses,
-				network,
-				caseId: case_id,
-				incidentTimestampMs: incident_timestamp_ms,
-				maxHops: max_hops,
-				perAddressLimit: per_address_limit,
-				minAmountSum: min_amount_sum,
-				writeArtifacts: workspaceArtifactsEnabled
-			});
-			const graph = await writeLocalGraphMeta(result.graphData, config, `trace-victim-funds-${network}`, shouldIncludeAttachments({ include_attachments }, workspaceArtifactsEnabled));
-			return {
-				content: [{
-					type: "text",
-					text: result.summaryText
-				}],
-				structuredContent: result.structuredContent,
-				_meta: graphMetaResult(graph),
-				isError: false
-			};
-		} catch (err) {
-			if (err instanceof require_client.PaymentRequiredError) return {
-				content: [{
-					type: "text",
-					text: err.message
-				}],
-				isError: true
-			};
-			return {
-				content: [{
-					type: "text",
-					text: `Trace victim funds failed: ${err.message}`
-				}],
-				isError: true
-			};
-		}
-	});
-	if (!remoteToolNames.has("trace_suspect_funds")) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, "trace_suspect_funds", {
-		title: "Trace Suspect Funds",
-		description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS.trace_suspect_funds,
-		inputSchema: {
-			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
-			suspect_addresses: zod.union([zod.string().min(1), zod.array(zod.string().min(1))]).describe("Comma-separated full suspect-controlled addresses, or an array. Min 1, max 5."),
-			incident_timestamp_ms: zod.number().min(0).optional().describe("Optional incident timestamp in milliseconds. This tool works without it."),
-			max_hops: zod.number().int().min(1).max(5).optional().describe("Maximum forward trace hops. Default 3."),
-			per_address_limit: zod.number().int().min(1).max(10).optional(),
-			min_amount_sum: zod.number().min(0).optional(),
-			case_id: zod.string().optional().describe("Optional Chain Insights case ID. When provided, compact evidence is appended to the case manifest."),
-			include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
-		},
-		_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
-		annotations: {
-			readOnlyHint: false,
-			destructiveHint: false,
-			idempotentHint: false,
-			openWorldHint: true
-		}
-	}, async ({ suspect_addresses, incident_timestamp_ms, network, max_hops, per_address_limit, min_amount_sum, case_id, include_attachments }) => {
-		try {
-			if (!remoteConnected) return {
-				content: [{
-					type: "text",
-					text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
-				}],
-				isError: true
-			};
-			if (!workspaceArtifactsEnabled && case_id) return {
-				content: [{
-					type: "text",
-					text: "case_id requires Chain Insights workspace mode; omit case_id when CHAIN_INSIGHTS_MCP_PROXY_MODE=stateless."
-				}],
-				isError: true
-			};
-			const { traceSuspectFunds } = await Promise.resolve().then(() => require("./public-tools-BY3PTw6x.cjs"));
-			const result = await traceSuspectFunds(remoteClient, config, {
-				suspectAddresses: suspect_addresses,
-				network,
-				maxHops: max_hops,
-				perAddressLimit: per_address_limit,
-				minAmountSum: min_amount_sum,
-				incidentTimestampMs: incident_timestamp_ms,
-				caseId: case_id,
-				writeArtifacts: workspaceArtifactsEnabled
-			});
-			const graph = await writeLocalGraphMeta(result.graphData, config, `trace-suspect-funds-${network}`, shouldIncludeAttachments({ include_attachments }, workspaceArtifactsEnabled));
-			return {
-				content: [{
-					type: "text",
-					text: result.summaryText
-				}],
-				structuredContent: result.structuredContent,
-				_meta: graphMetaResult(graph),
-				isError: false
-			};
-		} catch (err) {
-			if (err instanceof require_client.PaymentRequiredError) return {
-				content: [{
-					type: "text",
-					text: err.message
-				}],
-				isError: true
-			};
-			return {
-				content: [{
-					type: "text",
-					text: `Trace suspect funds failed: ${err.message}`
-				}],
-				isError: true
-			};
-		}
-	});
-	if (!remoteToolNames.has("trace_deposit_sources")) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, "trace_deposit_sources", {
-		title: "Trace Deposit Sources",
-		description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS.trace_deposit_sources,
-		inputSchema: {
-			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
-			deposit_addresses: zod.union([zod.string().min(1), zod.array(zod.string().min(1))]).describe("Comma-separated full suspected deposit/cashout addresses, or an array. Min 1, max 5."),
-			max_hops: zod.number().int().min(1).max(5).optional().describe("Maximum reverse traceback hops. Default 2."),
-			case_id: zod.string().optional().describe("Optional Chain Insights case ID. When provided, compact evidence is appended to the case manifest."),
-			include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
-		},
-		_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
-		annotations: {
-			readOnlyHint: false,
-			destructiveHint: false,
-			idempotentHint: false,
-			openWorldHint: true
-		}
-	}, async ({ deposit_addresses, network, max_hops, case_id, include_attachments }) => {
-		try {
-			if (!remoteConnected) return {
-				content: [{
-					type: "text",
-					text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
-				}],
-				isError: true
-			};
-			if (!workspaceArtifactsEnabled && case_id) return {
-				content: [{
-					type: "text",
-					text: "case_id requires Chain Insights workspace mode; omit case_id when CHAIN_INSIGHTS_MCP_PROXY_MODE=stateless."
-				}],
-				isError: true
-			};
-			const { traceDepositSources } = await Promise.resolve().then(() => require("./public-tools-BY3PTw6x.cjs"));
-			const result = await traceDepositSources(remoteClient, config, {
-				depositAddresses: deposit_addresses,
-				network,
-				maxHops: max_hops,
-				caseId: case_id,
-				writeArtifacts: workspaceArtifactsEnabled
-			});
-			const graph = await writeLocalGraphMeta(result.graphData, config, `trace-deposit-sources-${network}`, shouldIncludeAttachments({ include_attachments }, workspaceArtifactsEnabled));
-			return {
-				content: [{
-					type: "text",
-					text: result.summaryText
-				}],
-				structuredContent: result.structuredContent,
-				_meta: graphMetaResult(graph),
-				isError: false
-			};
-		} catch (err) {
-			if (err instanceof require_client.PaymentRequiredError) return {
-				content: [{
-					type: "text",
-					text: err.message
-				}],
-				isError: true
-			};
-			return {
-				content: [{
-					type: "text",
-					text: `Trace deposit sources failed: ${err.message}`
-				}],
-				isError: true
-			};
-		}
-	});
-	if (!remoteToolNames.has("stake_insights")) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, "stake_insights", {
-		title: "Stake Insights",
-		description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS.stake_insights,
-		inputSchema: {
-			network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
-			address: zod.string().optional().describe("Full Bittensor address to inspect as either coldkey or hotkey. Provide exactly one of address, coldkey, or hotkey."),
-			coldkey: zod.string().optional().describe("Full Bittensor coldkey address to inspect. Provide exactly one of address, coldkey, or hotkey."),
-			hotkey: zod.string().optional().describe("Full Bittensor hotkey address to inspect. Provide exactly one of address, coldkey, or hotkey."),
-			netuid: zod.number().int().min(0).optional().describe("Optional subnet netuid filter."),
-			start_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive lower activity timestamp bound in milliseconds."),
-			end_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive upper activity timestamp bound in milliseconds."),
-			start_block: zod.number().int().min(0).optional().describe("Optional start block. Current stake graph parity may require timestamp windows instead."),
-			end_block: zod.number().int().min(0).optional().describe("Optional end block. Current stake graph parity may require timestamp windows instead."),
-			depth: zod.number().int().min(1).max(3).optional().describe("Optional expansion depth limit. First release returns direct STAKES_IN relationships; default 1, max 3."),
-			include_attachments: zod.boolean().optional().describe("Include graph app report metadata")
-		},
-		_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
-		annotations: {
-			readOnlyHint: true,
-			destructiveHint: false,
-			idempotentHint: true,
-			openWorldHint: true
-		}
-	}, async ({ network, address, coldkey, hotkey, netuid, start_timestamp_ms, end_timestamp_ms, start_block, end_block, depth, include_attachments }) => {
-		try {
-			if (!remoteConnected) return {
-				content: [{
-					type: "text",
-					text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
-				}],
-				isError: true
-			};
-			const { stakeInsights } = await Promise.resolve().then(() => require("./public-tools-BY3PTw6x.cjs"));
-			const result = await stakeInsights(remoteClient, {
-				network,
-				address,
-				coldkey,
-				hotkey,
-				netuid,
-				startTimestampMs: start_timestamp_ms,
-				endTimestampMs: end_timestamp_ms,
-				startBlock: start_block,
-				endBlock: end_block,
-				depth
-			});
-			const subject = address ?? coldkey ?? hotkey ?? "subject";
-			const graph = await writeLocalGraphMeta(result.graphData, config, `stake-insights-${network}-${subject}`, shouldIncludeAttachments({ include_attachments }, workspaceArtifactsEnabled));
-			return {
-				content: [{
-					type: "text",
-					text: result.summaryText
-				}],
-				structuredContent: result.structuredContent,
-				_meta: graphMetaResult(graph),
-				isError: false
-			};
-		} catch (err) {
-			if (err instanceof require_client.PaymentRequiredError) return {
-				content: [{
-					type: "text",
-					text: err.message
-				}],
-				isError: true
-			};
-			return {
-				content: [{
-					type: "text",
-					text: `Stake insights failed: ${err.message}`
-				}],
-				isError: true
-			};
-		}
-	});
-	server.registerTool("help", {
-		description: "Show Chain Insights overview, available tools, and investigation workflow.",
-		inputSchema: zod.object({}).passthrough()
-	}, async () => ({
-		content: [{
-			type: "text",
-			text: workspaceArtifactsEnabled ? [
-				"Chain Insights AML investigation workspace for AI agents. Workspaces are Obsidian-compatible vaults backed by plain local files.",
-				"",
-				CHAIN_INSIGHTS_WORKFLOW,
-				"",
-				"Investigation tools:",
-				"- network_capabilities: inspect supported networks, data layers, tool availability, retention windows, and freshness.",
-				"- address_risk: screen a full address for AML risk, behavior, neighborhood, exchange exposure, and optional compare_address connection checks.",
-				"- stake_insights: explain Bittensor staking around one address, coldkey, or hotkey with net stake, movement amounts, counterparties, backend, and query evidence.",
-				"- trace_victim_funds: trace up to five victim/source addresses forward to exchange deposit candidates.",
-				"- trace_deposit_sources: trace backward from suspected deposit/cashout addresses to upstream funders and shared-source convergence.",
-				"- trace_suspect_funds: trace up to five suspected scammer, mule, operator, or laundering-ring addresses forward to cashout topology.",
-				"- graph_query: run read-only GQL/Cypher through the universal graph endpoint. Use USE live_topology, USE archive_topology, or USE facts.",
-				"- graph_query_batch: run related read-only graph-language queries through one paid graph call.",
-				"",
-				"Case workflow tools:",
-				"- case_open: create a local case before preserving evidence.",
-				"- case_list: list local cases.",
-				"- case_resume: load case context, evidence count, dossiers, and latest session.",
-				"- case_add_evidence: append a report or note to the case evidence manifest.",
-				"- case_verify_evidence: verify saved evidence integrity.",
-				"- case_export: export a case for Obsidian, LLM Wiki, Codex, Claude Code, and ChatGPT handoff bundles.",
-				"- case_update_dossier: add a finding to an address/entity dossier.",
-				"- case_start_session and case_end_session: record session notes.",
-				"",
-				"Wallet tools:",
-				"- balance: show the local payment wallet address and Base USDC balance.",
-				"- help: show this overview.",
-				"",
-				GRAPH_REPORT_HINTS,
-				"",
-				GRAPH_SCHEMA_HINTS
-			].join("\n") : [
-				"Chain Insights stateless AML proxy for host applications.",
-				"",
-				"Local workspace, case, evidence, dossier, session, wallet, and graph report attachment tools are disabled in this mode.",
-				"",
-				"Available graph-backed tools:",
-				"- network_capabilities: inspect supported networks, data layers, tool availability, retention windows, and freshness.",
-				"- address_risk: screen a full address for AML risk, behavior, neighborhood, exchange exposure, and optional compare_address connection checks.",
-				"- stake_insights: explain Bittensor staking around one address, coldkey, or hotkey with net stake, movement amounts, counterparties, backend, and query evidence.",
-				"- trace_victim_funds: trace up to five victim/source addresses forward to exchange deposit candidates.",
-				"- trace_deposit_sources: trace backward from suspected deposit/cashout addresses to upstream funders and shared-source convergence.",
-				"- trace_suspect_funds: trace up to five suspected scammer, mule, operator, or laundering-ring addresses forward to cashout topology.",
-				"- graph_query: run read-only GQL/Cypher through the universal graph endpoint. Use USE live_topology, USE archive_topology, or USE facts.",
-				"- graph_query_batch: run related read-only graph-language queries through one paid graph call.",
-				"",
-				GRAPH_SCHEMA_HINTS
-			].join("\n")
-		}],
-		isError: false
-	}));
-	for (const tool of tools ?? []) {
-		if (require_tool_visibility.HIDDEN_REMOTE_TOOL_NAMES.has(tool.name)) continue;
-		if (LOCAL_TOOL_NAMES.has(tool.name)) continue;
-		const inputSchema = knownPublicToolInputSchema(tool.name) ?? zod.object({}).passthrough();
-		const handler = async (args) => {
+		if (!remoteToolNames.has("exposure_profile")) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, "exposure_profile", {
+			title: "Exposure Profile",
+			description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS.exposure_profile,
+			inputSchema: {
+				network: zod.string().min(1).describe(NETWORK_DESCRIPTION),
+				account: zod.string().optional().describe("Full account address to inspect. Provide exactly one of account, owner, or counterparty."),
+				owner: zod.string().optional().describe("Full owner address to inspect. Provide exactly one of account, owner, or counterparty."),
+				counterparty: zod.string().optional().describe("Full counterparty address to inspect. Provide exactly one of account, owner, or counterparty."),
+				venue: zod.string().optional().describe("Optional venue filter, such as Bittensor or Hyperliquid."),
+				instrument: zod.string().optional().describe("Optional instrument display or durable identifier filter, such as Subnet 19 or BTC-PERP."),
+				instrument_type: zod.string().optional().describe("Optional instrument type filter, such as subnet, perp, spot, vault, staking, or other."),
+				start_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive lower activity timestamp bound in milliseconds."),
+				end_timestamp_ms: zod.number().min(0).optional().describe("Optional inclusive upper activity timestamp bound in milliseconds."),
+				limit: zod.number().int().min(1).max(500).optional().describe("Maximum exposure rows to inspect. Default 100, max 500.")
+			},
+			_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
+			annotations: {
+				readOnlyHint: true,
+				destructiveHint: false,
+				idempotentHint: true,
+				openWorldHint: true
+			}
+		}, async ({ network, account, owner, counterparty, venue, instrument, instrument_type, start_timestamp_ms, end_timestamp_ms, limit }) => {
 			try {
 				if (!remoteConnected) return {
 					content: [{
@@ -1511,21 +1172,32 @@ async function createProxy() {
 					}],
 					isError: true
 				};
-				const normalizedArgs = normalizeRemoteToolArguments(tool.name, args);
-				const validationError = validateKnownPublicToolArguments(tool.name, normalizedArgs);
-				if (validationError) return {
+				const { exposureProfile } = await Promise.resolve().then(() => require("./public-tools-BREojpU7.cjs"));
+				const result = await exposureProfile(remoteClient, {
+					network,
+					account,
+					owner,
+					counterparty,
+					venue,
+					instrument,
+					instrumentType: instrument_type,
+					startTimestampMs: start_timestamp_ms,
+					endTimestampMs: end_timestamp_ms,
+					limit
+				});
+				const subject = account ?? owner ?? counterparty ?? "subject";
+				await writeExposureArtifacts({
+					summaryText: result.summaryText,
+					structuredContent: result.structuredContent
+				}, "exposure_profile", subject, network, workspaceArtifactsEnabled);
+				return {
 					content: [{
 						type: "text",
-						text: validationError
+						text: result.summaryText
 					}],
-					isError: true
-				};
-				const request = {
-					name: tool.name,
-					arguments: normalizedArgs
+					structuredContent: result.structuredContent,
+					isError: false
 				};
-				const requestOptions = remoteToolRequestOptions(tool.name);
-				return await normalizeRemoteToolResult(requestOptions ? await remoteClient.callTool(request, void 0, requestOptions) : await remoteClient.callTool(request), config, tool.name, shouldIncludeAttachments(normalizedArgs, workspaceArtifactsEnabled));
 			} catch (err) {
 				if (err instanceof require_client.PaymentRequiredError) return {
 					content: [{
@@ -1534,48 +1206,255 @@ async function createProxy() {
 					}],
 					isError: true
 				};
-				const msg = err.message ?? String(err);
-				if (/\b402\b/.test(msg) || msg.toLowerCase().includes("payment")) return {
-					content: [{
-						type: "text",
-						text: `Payment required for ${tool.name}. This tool costs USDC on Base via x402 micropayments. Next steps: run \`chain-insights wallet ready\` to check funding and finish one-time payment setup, run \`chain-insights wallet topup\` if it says the wallet needs USDC, or \`chain-insights access-key set <key>\` if you have been given test access.`
-					}],
-					isError: true
-				};
 				return {
 					content: [{
 						type: "text",
-						text: `MCP call failed: ${msg}`
+						text: `Exposure profile failed: ${err.message}`
 					}],
 					isError: true
 				};
 			}
+		});
+		for (const tool of [
+			{
+				name: "exposure_quality",
+				title: "Exposure Quality",
+				failure: "Exposure quality failed"
+			},
+			{
+				name: "exposure_carry",
+				title: "Exposure Carry",
+				failure: "Exposure carry failed"
+			},
+			{
+				name: "exposure_crowding",
+				title: "Exposure Crowding",
+				failure: "Exposure crowding failed"
+			},
+			{
+				name: "exposure_exit_pressure",
+				title: "Exposure Exit Pressure",
+				failure: "Exposure exit pressure failed"
+			},
+			{
+				name: "exposure_correlation",
+				title: "Exposure Correlation",
+				failure: "Exposure correlation failed"
+			},
+			{
+				name: "exposure_explain",
+				title: "Exposure Explain",
+				failure: "Exposure explain failed"
+			}
+		]) {
+			if (remoteToolNames.has(tool.name)) continue;
+			(0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, tool.name, {
+				title: tool.title,
+				description: KNOWN_PUBLIC_TOOL_DESCRIPTIONS[tool.name],
+				inputSchema: knownPublicToolInputSchema(tool.name) ?? {},
+				_meta: { ui: { resourceUri: GRAPH_RESOURCE_URI } },
+				annotations: {
+					readOnlyHint: true,
+					destructiveHint: false,
+					idempotentHint: true,
+					openWorldHint: true
+				}
+			}, async (args) => {
+				try {
+					if (!remoteConnected) return {
+						content: [{
+							type: "text",
+							text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
+						}],
+						isError: true
+					};
+					const input = args;
+					const { exposureCarry, exposureCorrelation, exposureCrowding, exposureExitPressure, exposureExplain, exposureQuality } = await Promise.resolve().then(() => require("./public-tools-BREojpU7.cjs"));
+					const options = {
+						network: String(input["network"] ?? ""),
+						account: input["account"] === void 0 ? void 0 : String(input["account"]),
+						owner: input["owner"] === void 0 ? void 0 : String(input["owner"]),
+						counterparty: input["counterparty"] === void 0 ? void 0 : String(input["counterparty"]),
+						venue: input["venue"] === void 0 ? void 0 : String(input["venue"]),
+						instrument: input["instrument"] === void 0 ? void 0 : String(input["instrument"]),
+						market: input["market"] === void 0 ? void 0 : String(input["market"]),
+						instrumentType: input["instrument_type"] === void 0 ? void 0 : String(input["instrument_type"]),
+						startTimestampMs: typeof input["start_timestamp_ms"] === "number" ? input["start_timestamp_ms"] : void 0,
+						endTimestampMs: typeof input["end_timestamp_ms"] === "number" ? input["end_timestamp_ms"] : void 0,
+						limit: typeof input["limit"] === "number" ? input["limit"] : void 0,
+						candidateAccounts: input["candidate_accounts"],
+						positionId: input["position_id"] === void 0 ? void 0 : String(input["position_id"])
+					};
+					const result = tool.name === "exposure_quality" ? await exposureQuality(remoteClient, options) : tool.name === "exposure_carry" ? await exposureCarry(remoteClient, options) : tool.name === "exposure_crowding" ? await exposureCrowding(remoteClient, options) : tool.name === "exposure_exit_pressure" ? await exposureExitPressure(remoteClient, options) : tool.name === "exposure_correlation" ? await exposureCorrelation(remoteClient, options) : await exposureExplain(remoteClient, options);
+					const subject = options.account ?? options.owner ?? options.counterparty ?? options.instrument ?? options.market ?? "subject";
+					await writeExposureArtifacts({
+						summaryText: result.summaryText,
+						structuredContent: result.structuredContent
+					}, tool.name, subject, options.network, workspaceArtifactsEnabled);
+					return {
+						content: [{
+							type: "text",
+							text: result.summaryText
+						}],
+						structuredContent: result.structuredContent,
+						isError: false
+					};
+				} catch (err) {
+					if (err instanceof require_client.PaymentRequiredError) return {
+						content: [{
+							type: "text",
+							text: err.message
+						}],
+						isError: true
+					};
+					return {
+						content: [{
+							type: "text",
+							text: `${tool.failure}: ${err.message}`
+						}],
+						isError: true
+					};
+				}
+			});
+		}
+		server.registerTool("help", {
+			description: "Show Chain Insights overview, available tools, and investigation workflow.",
+			inputSchema: zod.object({}).passthrough()
+		}, async () => ({
+			content: [{
+				type: "text",
+				text: workspaceArtifactsEnabled ? [
+					"Chain Insights workspace for AI agents. Workspaces are plain local files for reports, artifacts, graphs, and published outputs.",
+					"",
+					CHAIN_INSIGHTS_WORKFLOW,
+					"",
+					"Investigation tools:",
+					"- network_capabilities: inspect supported networks, data layers, tool availability, retention windows, and freshness.",
+					"- aml_address_risk: screen a full address for AML risk, behavior, neighborhood, exchange exposure, and optional compare_address connection checks.",
+					"- exposure_profile: explain staking or trading exposure around one account, owner, or counterparty.",
+					"- exposure_quality: score whether exposure behavior looks disciplined, fragile, lucky, or noisy.",
+					"- exposure_carry: explain carry earned or paid from staking, trading, funding, fees, emissions, or dividends.",
+					"- exposure_crowding: measure side concentration for a market, subnet, hotkey, vault, or strategy.",
+					"- exposure_exit_pressure: explain liquidation, slippage, unstake, funding pain, or other exit pressure.",
+					"- exposure_correlation: compare accounts for possible copy, overlap, or strategy-cluster behavior.",
+					"- exposure_explain: explain a specific exposure lifecycle, trade, position, stake, rotation, or incident.",
+					"- aml_trace_victim_funds: trace up to five victim/source addresses forward to exchange deposit candidates.",
+					"- aml_trace_deposit_sources: trace backward from suspected deposit/cashout addresses to upstream funders and shared-source convergence.",
+					"- aml_trace_suspect_funds: trace up to five suspected scammer, mule, operator, or laundering-ring addresses forward to cashout topology.",
+					"- graph_query: run read-only GQL/Cypher through the universal graph endpoint. Use USE live_topology, USE archive_topology, or USE facts.",
+					"- graph_query_batch: run related read-only graph-language queries through one paid graph call.",
+					"Wallet tools:",
+					"- balance: show the local payment wallet address and Base USDC balance.",
+					"- help: show this overview.",
+					"",
+					GRAPH_REPORT_HINTS,
+					"",
+					GRAPH_SCHEMA_HINTS
+				].join("\n") : [
+					"Chain Insights stateless AML proxy for host applications.",
+					"",
+					"Local workspace persistence, wallet, and graph report attachment tools are disabled in this mode.",
+					"",
+					"Available graph-backed tools:",
+					"- network_capabilities: inspect supported networks, data layers, tool availability, retention windows, and freshness.",
+					"- aml_address_risk: screen a full address for AML risk, behavior, neighborhood, exchange exposure, and optional compare_address connection checks.",
+					"- exposure_profile: explain staking or trading exposure around one account, owner, or counterparty.",
+					"- exposure_quality: score whether exposure behavior looks disciplined, fragile, lucky, or noisy.",
+					"- exposure_carry: explain carry earned or paid from staking, trading, funding, fees, emissions, or dividends.",
+					"- exposure_crowding: measure side concentration for a market, subnet, hotkey, vault, or strategy.",
+					"- exposure_exit_pressure: explain liquidation, slippage, unstake, funding pain, or other exit pressure.",
+					"- exposure_correlation: compare accounts for possible copy, overlap, or strategy-cluster behavior.",
+					"- exposure_explain: explain a specific exposure lifecycle, trade, position, stake, rotation, or incident.",
+					"- aml_trace_victim_funds: trace up to five victim/source addresses forward to exchange deposit candidates.",
+					"- aml_trace_deposit_sources: trace backward from suspected deposit/cashout addresses to upstream funders and shared-source convergence.",
+					"- aml_trace_suspect_funds: trace up to five suspected scammer, mule, operator, or laundering-ring addresses forward to cashout topology.",
+					"- graph_query: run read-only GQL/Cypher through the universal graph endpoint. Use USE live_topology, USE archive_topology, or USE facts.",
+					"- graph_query_batch: run related read-only graph-language queries through one paid graph call.",
+					"",
+					GRAPH_SCHEMA_HINTS
+				].join("\n")
+			}],
+			isError: false
+		}));
+		for (const tool of tools ?? []) {
+			if (require_tool_visibility.HIDDEN_REMOTE_TOOL_NAMES.has(tool.name)) continue;
+			if (LOCAL_TOOL_NAMES.has(tool.name)) continue;
+			const inputSchema = knownPublicToolInputSchema(tool.name) ?? zod.object({}).passthrough();
+			const handler = async (args) => {
+				try {
+					if (!remoteConnected) return {
+						content: [{
+							type: "text",
+							text: `${remoteUnavailableMessage ?? `Graph MCP is not connected at ${graphMcpEndpoint}`}. Restart the Chain Insights MCP proxy after the endpoint is reachable.`
+						}],
+						isError: true
+					};
+					const normalizedArgs = normalizeRemoteToolArguments(tool.name, args);
+					const validationError = validateKnownPublicToolArguments(tool.name, normalizedArgs);
+					if (validationError) return {
+						content: [{
+							type: "text",
+							text: validationError
+						}],
+						isError: true
+					};
+					const request = {
+						name: tool.name,
+						arguments: normalizedArgs
+					};
+					const requestOptions = remoteToolRequestOptions(tool.name);
+					return await normalizeRemoteToolResult(requestOptions ? await remoteClient.callTool(request, void 0, requestOptions) : await remoteClient.callTool(request), config, tool.name, shouldIncludeAttachments(normalizedArgs, workspaceArtifactsEnabled));
+				} catch (err) {
+					if (err instanceof require_client.PaymentRequiredError) return {
+						content: [{
+							type: "text",
+							text: err.message
+						}],
+						isError: true
+					};
+					const msg = err.message ?? String(err);
+					if (/\b402\b/.test(msg) || msg.toLowerCase().includes("payment")) return {
+						content: [{
+							type: "text",
+							text: `Payment required for ${tool.name}. This tool costs USDC on Base via x402 micropayments. Next steps: run \`chain-insights wallet ready\` to check funding and finish one-time payment setup, run \`chain-insights wallet topup\` if it says the wallet needs USDC, or \`chain-insights access-key set <key>\` if you have been given test access.`
+						}],
+						isError: true
+					};
+					return {
+						content: [{
+							type: "text",
+							text: `MCP call failed: ${msg}`
+						}],
+						isError: true
+					};
+				}
+			};
+			const toolConfig = {
+				title: tool.title,
+				description: claudeFacingToolDescription(tool),
+				inputSchema
+			};
+			if (hasGraphApp(tool)) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, tool.name, {
+				...toolConfig,
+				_meta: graphToolMeta(tool)
+			}, handler);
+			else server.registerTool(tool.name, toolConfig, handler);
+		}
+		const transport = new _modelcontextprotocol_sdk_server_stdio_js.StdioServerTransport();
+		await server.connect(transport);
+		await logger.info("proxy.ready", { tools: [...LOCAL_TOOL_NAMES, ...(tools ?? []).map((tool) => tool.name).filter((name) => !require_tool_visibility.HIDDEN_REMOTE_TOOL_NAMES.has(name) && !LOCAL_TOOL_NAMES.has(name))].length });
+		const shutdown = async () => {
+			await logger.info("proxy.shutdown");
+			transport.close();
+			process.exit(0);
 		};
-		const toolConfig = {
-			title: tool.title,
-			description: claudeFacingToolDescription(tool),
-			inputSchema
-		};
-		if (hasGraphApp(tool)) (0, _modelcontextprotocol_ext_apps_server.registerAppTool)(server, tool.name, {
-			...toolConfig,
-			_meta: graphToolMeta(tool)
-		}, handler);
-		else server.registerTool(tool.name, toolConfig, handler);
+		process.on("SIGINT", () => {
+			shutdown();
+		});
+		process.on("SIGTERM", () => {
+			shutdown();
+		});
 	}
-	const transport = new _modelcontextprotocol_sdk_server_stdio_js.StdioServerTransport();
-	await server.connect(transport);
-	await logger.info("proxy.ready", { tools: [...LOCAL_TOOL_NAMES, ...(tools ?? []).map((tool) => tool.name).filter((name) => !require_tool_visibility.HIDDEN_REMOTE_TOOL_NAMES.has(name) && !LOCAL_TOOL_NAMES.has(name))].length });
-	const shutdown = async () => {
-		await logger.info("proxy.shutdown");
-		transport.close();
-		process.exit(0);
-	};
-	process.on("SIGINT", () => {
-		shutdown();
-	});
-	process.on("SIGTERM", () => {
-		shutdown();
-	});
 }
 if (process.argv[1] && require("url").pathToFileURL(__filename).href.includes(process.argv[1].replace(/\\/g, "/"))) createProxy().catch((err) => {
 	process.stderr.write(`Chain Insights MCP proxy startup failed: ${err.message}\n`);