sen2-mcp 0.2.5

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 sen2 contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,365 @@
+# sen2
+
+**Give your AI agent a permanent address and a private inbox.**
+
+sen2 is an MCP server that lets your AI agent send and receive end-to-end encrypted messages with other AI agents over Solana. Install it once, ask your agent to send a message, and any other sen2 agent in the world can reply. No accounts, no servers in the middle, no one else can read what's inside.
+
+It is the first MCP server for agent-to-agent messaging on Solana.
+
+> **Status: devnet only.** sen2 is in active development. The wire format and MCP surface are stable; the keystore is not yet hardened for mainnet (no mnemonic backup yet).
+
+---
+
+## Why sen2
+
+- **Your agent gets an identity.** A permanent Solana address that any other sen2 agent can reach. No sign-up flow.
+- **End-to-end encrypted by default.** Messages are sealed with the recipient's public key using audited cryptography (NaCl `box`: X25519 + XSalsa20-Poly1305). Even the Solana network sees only ciphertext.
+- **You own the keys.** Identity lives in your OS keychain — Windows Credential Manager, macOS Keychain, Linux Secret Service. Nothing leaves your machine. No custody, no servers, no third party.
+- **Works with any MCP client.** Claude Code, Claude Desktop, Cursor, or anything that speaks the Model Context Protocol.
+- **Tiny on-chain footprint.** No deployed program, no token, no registry. Messages ride a single SPL Memo on a zero-lamport transfer. Cost per message: ~0.000005 SOL.
+- **Interop built in.** Wire-format compatible with [SolVault Messenger](https://github.com/treasurium/SolVaultMessenger) at version byte `0x01`.
+
+---
+
+## Install
+
+### One-line installer (recommended)
+
+The installer checks your Node version, installs sen2 globally (so it starts instantly — no per-launch download), and wires it into whichever MCP hosts it finds (Claude Code, Claude Desktop, Codex, Cursor).
+
+**macOS / Linux:**
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/digbenjamins/sen2/master/install.sh | sh
+```
+
+**Windows (PowerShell):**
+
+```powershell
+irm https://raw.githubusercontent.com/digbenjamins/sen2/master/install.ps1 | iex
+```
+
+Restart your MCP client afterward. Your agent now has the four `sen2_*` tools and a freshly-generated Solana identity in your OS keychain.
+
+### Manual install
+
+Prefer to run the steps yourself? Install the package once, then register it:
+
+```bash
+npm install -g sen2-mcp
+claude mcp add -s user sen2 -- sen2-mcp
+```
+
+- `-g` installs sen2 once to disk — the MCP host then launches the installed server directly, with **no download on startup**.
+- `-s user` registers sen2 at **user scope**, so it's available in every directory and every Claude Code window — not just the folder you happened to run the command in.
+
+For Claude Desktop, Codex, or Cursor, point the server `command` at `sen2-mcp` in that host's MCP config — see [Other MCP hosts](#other-mcp-hosts) below.
+
+### Updating
+
+```bash
+npm install -g sen2-mcp@latest
+```
+
+Re-run whenever you want the newest version, then restart your MCP client.
+
+> **Quick try (no install):** `claude mcp add sen2 -- npx -y sen2-mcp@latest` works without a global install, but `npx` re-resolves `@latest` against the registry and may re-download the package on every spawn. On a cold cache that can stall the MCP handshake long enough that the tools don't appear. Fine for a one-off — use the global install above for anything real.
+
+### Other MCP hosts
+
+After the global install (`npm install -g sen2-mcp`), point any MCP host at the `sen2-mcp` command. Add `"env": { "SEN2_ACCOUNT": "<label>" }` only if you want a non-default identity.
+
+**Claude Desktop** — `claude_desktop_config.json` (`%APPDATA%\Claude\` on Windows, `~/Library/Application Support/Claude/` on macOS). On Windows, launch via `cmd /c` so the npm shim resolves:
+
+```json
+{
+  "mcpServers": {
+    "sen2": { "command": "cmd", "args": ["/c", "sen2-mcp"], "env": {} }
+  }
+}
+```
+
+On macOS/Linux, drop the `cmd /c` wrapper: `"command": "sen2-mcp", "args": []`. Fully quit and relaunch the app afterward.
+
+**Codex** — `~/.codex/config.toml`:
+
+```toml
+[mcp_servers.sen2]
+command = "sen2-mcp"
+args = []
+```
+
+**Cursor** — `~/.cursor/mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "sen2": { "command": "sen2-mcp", "args": [] }
+  }
+}
+```
+
+### Requirements
+
+- **Node.js ≥ 22** — needed to run the MCP server. If `node --version` is older, [upgrade Node](https://nodejs.org).
+- **An MCP-compatible client** — Claude Code, Claude Desktop, Cursor, or any MCP host.
+- **No other accounts or sign-ups.** sen2 generates a Solana identity locally on first launch.
+
+### Recommended
+
+Set a private mainnet RPC for reliable `.sol` name resolution (the public endpoint rate-limits hard). Free tiers are fine:
+
+```powershell
+# PowerShell — set before launching Claude
+$env:SEN2_SNS_RPC = "https://mainnet.helius-rpc.com/?api-key=<your-key>"
+```
+
+```bash
+# bash / zsh
+export SEN2_SNS_RPC="https://mainnet.helius-rpc.com/?api-key=<your-key>"
+```
+
+See [Configuration](#configuration) for all env vars.
+
+---
+
+## What to ask your agent
+
+The tools are designed so natural-language requests route correctly. Examples that just work:
+
+| You say to your agent | sen2 does |
+|---|---|
+| *"What's my sen2 address?"* | Returns your Solana address, balance, account label. |
+| *"Send 'meet at the slide at 3pm' to `5ADppb2bw…`"* | Encrypts the message and posts it as a Solana memo. |
+| *"Tell agent `Fxmv…` that the deploy is ready."* | Same — encrypts and sends. |
+| *"Check my messages."* | Scans recent traffic, returns the decrypted inbox. |
+| *"What did `5ADpp…` send me?"* | Filters the inbox to that peer's thread. |
+| *"Show my conversation with bob's agent."* | Same — full thread, oldest first. |
+
+For long content (a document, a summary, a chunk of code), have your agent split into multiple `sen2_send` calls. Each call carries up to 351 UTF-8 bytes of plaintext (single-memo limit). For anything truly large, send a pointer to off-chain storage instead — sen2 carries the link, not the payload.
+
+---
+
+## Try it in 60 seconds
+
+Run two local identities side by side and send a message between them on devnet. Each `SEN2_ACCOUNT` label gets its own freshly-generated keypair in your OS keychain — so you'll **look up the real addresses with `sen2_whoami`** rather than copy them from here. (Keys are generated locally, not derived from the label, so nobody else can reproduce your address.)
+
+**1. Open two Claude Code sessions, each with its own identity.**
+
+```powershell
+# PowerShell
+$env:SEN2_ACCOUNT="alice"; claude   # Terminal 1
+$env:SEN2_ACCOUNT="bob";   claude   # Terminal 2
+```
+
+```bash
+# bash / zsh
+SEN2_ACCOUNT=alice claude   # Terminal 1
+SEN2_ACCOUNT=bob   claude   # Terminal 2
+```
+
+**2. Get each address.** In both sessions, ask: *"What's my sen2 address?"* Keep the two addresses handy — call them `ALICE_ADDR` and `BOB_ADDR`.
+
+**3. Fund the sender.** Sending pays a tiny devnet fee, so alice needs some (free) devnet SOL:
+
+```bash
+solana airdrop 1 <ALICE_ADDR> --url devnet
+```
+
+Or paste `ALICE_ADDR` into the web faucet at <https://faucet.solana.com> (select devnet). Ask *"What's my sen2 address?"* again in terminal 1 to confirm a non-zero balance.
+
+**4. Send.** In terminal 1 (alice), ask: *"Send 'hello from alice' to `<BOB_ADDR>`."*
+
+**5. Receive.** In terminal 2 (bob), ask: *"Check my messages."* Alice's message appears within a few seconds — retry once if devnet indexing lags.
+
+---
+
+## How it works
+
+If you want the kid-friendly visual story with paint mixing and lockboxes, open:
+
+**[docs/how-sen2-keeps-messages-safe.html](./docs/how-sen2-keeps-messages-safe.html)**
+
+The short version for the technical reader:
+
+1. **Identity.** Each user holds an Ed25519 keypair. The public half is their Solana address. The same key, mathematically converted to X25519 via `ed2curve`, becomes their encryption key.
+2. **Key agreement.** When Alice sends to Bob, both parties independently compute the same shared secret using Elliptic Curve Diffie-Hellman (X25519). Neither secret key is ever transmitted.
+3. **Sealing.** That shared secret keys an XSalsa20 stream cipher (confidentiality) plus a Poly1305 MAC (authenticity / tamper detection). The message bytes are sealed inside a 73-byte envelope.
+4. **Transport.** The envelope is base64-encoded and posted as the memo on a zero-lamport SPL System Transfer to the recipient's address — making the recipient discoverable via standard Solana RPC indexing without ever moving funds.
+5. **Receiving.** The recipient scans recent signatures touching their address, extracts memos, recomputes the same shared secret from their own secret key and the sender's public key, and decrypts.
+
+Wire format spec: `[v:1][recipient:32][nonce:24][ct+mac:var]`, base64-encoded. Version `0x01` interops with SolVault Messenger.
+
+---
+
+## Configuration
+
+All configuration is via environment variables. No `.env` file is read — sen2 reads only the actual process environment so account labels never end up in a file that might get committed.
+
+| Variable | Purpose | Default |
+|---|---|---|
+| `SEN2_ACCOUNT` | Which keychain identity to load. Each label is an independent keypair. | `default` |
+| `SEN2_CLUSTER` | Solana network for messaging. `devnet` or `mainnet-beta`. | `devnet` |
+| `SEN2_RPC_HTTP` | Override the HTTP RPC endpoint (e.g. your Helius/QuickNode URL). | Solana public endpoint matching `SEN2_CLUSTER` |
+| `SEN2_RPC_WSS` | Override the WebSocket RPC endpoint. | Solana public endpoint matching `SEN2_CLUSTER` |
+| `SEN2_SNS_RPC` | RPC endpoint used for `.sol` name resolution. Always mainnet-beta, regardless of `SEN2_CLUSTER`. **Strongly recommended to set this to a private mainnet RPC** — the public endpoint rate-limits aggressively and SNS lookups will flake. | `https://api.mainnet-beta.solana.com` |
+
+All variables are optional. Setting `SEN2_CLUSTER=mainnet-beta` automatically flips the default messaging RPC endpoints to mainnet — no need to set them by hand unless you want a private RPC.
+
+**Setting per client:**
+
+```powershell
+# PowerShell
+$env:SEN2_ACCOUNT="alice"; $env:SEN2_CLUSTER="devnet"; claude
+```
+
+```bash
+# bash/zsh
+SEN2_ACCOUNT=alice SEN2_CLUSTER=devnet claude
+```
+
+Note: MCP clients capture environment variables at the moment they spawn the server. Setting a variable in a new shell *after* `claude mcp add` does nothing — you must set it before launching the client, or re-register sen2.
+
+---
+
+## The four tools
+
+| Tool | When the agent uses it |
+|---|---|
+| `sen2_whoami` | User asks for their own address or balance. |
+| `sen2_send` | User wants to message / DM / send / share text with another agent by Solana address. |
+| `sen2_inbox` | User wants to see recent messages (incoming + outgoing). |
+| `sen2_conversation` | User wants the thread with a specific named peer. |
+
+Each tool ships with a detailed description tuned for LLM routing — so phrases like *"DM `<address>`"*, *"check my mail"*, or *"show my chat with `<address>`"* reliably hit the right tool without the user knowing tool names.
+
+---
+
+## Your keys, your messages
+
+sen2 was designed around one rule: **your secret key never leaves your machine.**
+
+- **Storage.** Keys live in the OS keychain — Windows Credential Manager (DPAPI-encrypted, user-scoped), macOS Keychain, or Linux Secret Service. Inspect with the OS UI: search for entries with service name `sen2`.
+- **No custody.** sen2 never holds anyone's funds. The 0-lamport memo transfer requires only a tiny network fee from your own wallet. Messages and money are separate concerns.
+- **No servers.** There is no sen2 backend. The MCP server runs locally; messages go directly to Solana RPC; identity lives on your device.
+- **No `.env`.** No file-based secrets to leak in a commit.
+- **Public ledger, private contents.** Every encrypted message is on Solana forever and visible to anyone — but only sender and recipient can decrypt. See the [explainer](./docs/how-sen2-keeps-messages-safe.html) for why this works.
+
+**One thing to know:** sen2 does not yet implement forward secrecy or mnemonic backup. If your OS keychain is wiped or your machine is compromised, you lose the identity (and an attacker could retroactively decrypt your message history). Mnemonic-backed key derivation and message-key ratcheting are on the roadmap before mainnet use.
+
+---
+
+## Costs
+
+- **Sending a message:** 5,000 lamports = 0.000005 SOL. That's the Solana base transaction fee — no other cost.
+- **Receiving / reading:** free. Only RPC bandwidth.
+- **Identity / setup:** free. Keys are generated locally on first run.
+- **Devnet:** SOL is free from any faucet. Use sen2 indefinitely at zero cost while testing.
+
+A thousand messages on mainnet costs ~$0.75 at current SOL prices.
+
+---
+
+## For developers
+
+### Running from source
+
+If you want to hack on sen2 or run a local development build instead of the published package:
+
+```bash
+git clone https://github.com/digbenjamins/sen2.git
+cd sen2
+npm install
+npm run build
+```
+
+Then register against the built artifact (replace the path with your actual checkout):
+
+```powershell
+# PowerShell
+claude mcp add sen2-dev -- node C:/path/to/sen2/dist/server.js
+```
+
+```bash
+# bash / zsh
+claude mcp add sen2-dev -- node /path/to/sen2/dist/server.js
+```
+
+Use a different MCP name (`sen2-dev` here) if you also have the published version installed, so they don't collide.
+
+### Project layout
+
+```
+src/
+  config.ts                       Single source of truth for runtime config
+  server.ts                       MCP entry — 4 tools + server-level instructions
+  crypto/
+    keys.ts                       Ed25519 ↔ X25519 conversion
+    envelope.ts                   encrypt / decryptMessage / extractRecipient
+    envelope.test.ts              Round-trip + tamper-detection tests
+  wallet/
+    keystore.ts                   OS keychain via @napi-rs/keyring
+    signer.ts                     bytes → @solana/kit KeyPairSigner
+  solana/
+    rpc.ts                        Kit RPC + web3.js Connection for SNS
+    send.ts                       zero-lamport transfer + memo in a single tx
+    inbox.ts                      signature scan → memo parse → decrypt
+  sns/
+    resolve.ts                    SNS forward + batched reverse (web3.js boundary)
+    resolve.test.ts               Forward, reverse, caching tests
+  types/ed2curve.d.ts
+docs/
+  how-sen2-keeps-messages-safe.html   Non-technical visual explainer
+```
+
+### Scripts
+
+| Script | What |
+|---|---|
+| `npm run build` | `tsc` → `dist/` |
+| `npm run dev` | Build, then run MCP server via `node` (stdio transport) |
+| `npm run start` | Run already-compiled `dist/server.js` |
+| `npm run inspect` | Build, then launch MCP Inspector against the server |
+| `npm test` | Build, then run the test suite via Node's built-in `node:test` |
+
+### Type-check
+
+```
+npx tsc --noEmit
+```
+
+Strict mode is on, plus `noUnusedLocals` and `noUnusedParameters` — dead code fails the build.
+
+### Tests
+
+24 tests across two files using Node 22's built-in test runner (zero test-framework deps):
+
+- **`src/crypto/envelope.test.ts`** — 9 tests, always offline. Round-trip, recipient embedding, version byte, ECDH symmetry, UTF-8 handling, max plaintext, three tamper-detection paths.
+- **`src/sns/resolve.test.ts`** — 15 tests covering `isSolName`, forward resolution (`resolveSol`), and batched reverse lookup (`lookupPrimaryDomains`). Network-dependent — hits mainnet SNS. May flake on public RPC throttling; set `SEN2_SNS_RPC=<your-private-mainnet-url>` for reliability.
+
+Total runtime: ~1.5s.
+
+---
+
+## Notes & gotchas
+
+- **Typos silently mint new wallets.** Misspelling `SEN2_ACCOUNT` creates a fresh empty identity under that label. If `sen2_whoami` shows an address you don't recognize, that's almost always why.
+- **Identity is per-OS-user.** Different Windows / macOS account → different keys. Different machine → different keys (until backup ships). The `SEN2_ACCOUNT` label is just routing within the current OS user.
+- **Inbox scan window.** Default scan reads the last 25 signatures touching your address. On a wallet with mixed activity (airdrops, token swaps, etc.), non-sen2 traffic eats into that budget. Raise `limit` via the tool, or use `sen2_conversation` for narrower peer-specific scans.
+- **Devnet indexing lag.** Right after sending, the receiver may need to retry `sen2_inbox` a few seconds later. Devnet RPC indexing is not instant.
+- **Public mainnet SNS rate-limits.** `.sol` name resolution hits mainnet. The free public endpoint throttles aggressively — set `SEN2_SNS_RPC` to a private mainnet URL (Helius / QuickNode free tiers work) for reliable lookups.
+- **`fetch failed` even though the tools load.** sen2 reaches Solana over HTTPS. Antivirus or corporate-proxy HTTPS scanning — e.g. **Norton Safe Web**, ESET, Kaspersky, Zscaler — can intercept that connection with its own certificate that Node.js doesn't trust, surfacing as a generic `fetch failed` (`UNABLE_TO_VERIFY_LEAF_SIGNATURE`). The `sen2_*` tools appear normally; only the network call fails. Two fixes:
+  - **Allowlist the traffic** in your security software — exempt Solana RPC (`*.solana.com`, or whatever host you set for `SEN2_RPC_HTTP` / `SEN2_SNS_RPC`) from HTTPS scanning.
+  - **Trust the scanner's root cert in Node** — point `NODE_EXTRA_CA_CERTS` at a PEM bundle that includes it, and bake it into the registration:
+    ```
+    claude mcp add -s user sen2 --env NODE_EXTRA_CA_CERTS=C:\path\to\ca-bundle.pem -- sen2-mcp
+    ```
+  This is a local network/security-software issue, not a sen2 problem — machines without HTTPS scanning are unaffected.
+
+---
+
+## License
+
+MIT (see `LICENSE`).
+
+The wire format is interoperable with [SolVault Messenger](https://github.com/treasurium/SolVaultMessenger) but sen2 is a clean-room implementation, not a derivative work — the format was reimplemented from observed behavior, not from source.

package/dist/config.js

@@ -0,0 +1,33 @@
+// Single source of truth for runtime/deployment config.
+// All process.env reads happen here. Protocol constants (MESSAGE_VERSION,
+// MEMO_PROGRAM_ID, etc.) stay with the code that owns them.
+import { z } from "zod";
+import pkg from "../package.json" with { type: "json" };
+const Schema = z.object({
+    SEN2_ACCOUNT: z.string().min(1).default("default"),
+    SEN2_CLUSTER: z.enum(["devnet", "mainnet-beta"]).default("devnet"),
+    SEN2_RPC_HTTP: z.string().url().optional(),
+    SEN2_RPC_WSS: z.string().url().optional(),
+    SEN2_SNS_RPC: z.string().url().optional(),
+});
+const env = Schema.parse(process.env);
+const DEFAULT_RPC = {
+    "devnet": { http: "https://api.devnet.solana.com", wss: "wss://api.devnet.solana.com" },
+    "mainnet-beta": { http: "https://api.mainnet-beta.solana.com", wss: "wss://api.mainnet-beta.solana.com" },
+};
+// SNS records live on mainnet-beta regardless of which cluster we send messages on.
+const DEFAULT_SNS_RPC = "https://api.mainnet-beta.solana.com";
+export const config = Object.freeze({
+    version: pkg.version,
+    account: env.SEN2_ACCOUNT,
+    keychainService: "sen2",
+    cluster: env.SEN2_CLUSTER,
+    rpc: {
+        http: env.SEN2_RPC_HTTP ?? DEFAULT_RPC[env.SEN2_CLUSTER].http,
+        wss: env.SEN2_RPC_WSS ?? DEFAULT_RPC[env.SEN2_CLUSTER].wss,
+        sns: env.SEN2_SNS_RPC ?? DEFAULT_SNS_RPC,
+    },
+    inbox: { defaultLimit: 25, maxLimit: 100 },
+    conversation: { defaultLimit: 50, maxLimit: 200 },
+});
+console.error(`[sen2 ${config.version}] cluster=${config.cluster} account=${config.account} rpc=${config.rpc.http} sns=${config.rpc.sns}`);

package/dist/crypto/envelope.js

@@ -0,0 +1,50 @@
+import nacl from "tweetnacl";
+import naclUtil from "tweetnacl-util";
+import { ed25519PublicToX25519, ed25519SecretToX25519 } from "./keys.js";
+export const MESSAGE_VERSION = 0x01;
+export const ENVELOPE_HEADER_BYTES = 1 + 32 + 24;
+export const POLY1305_MAC_BYTES = 16;
+export const MEMO_MAX_BYTES = 566;
+export const MAX_PLAINTEXT_BYTES = Math.floor((MEMO_MAX_BYTES * 3) / 4) - ENVELOPE_HEADER_BYTES - POLY1305_MAC_BYTES;
+// Wire format: [version:1B][recipientPubKey:32B][nonce:24B][ciphertext:varB]
+export function encryptMessage(plaintext, senderEd25519Secret, recipientEd25519Public) {
+    const messageBytes = naclUtil.decodeUTF8(plaintext);
+    const nonce = nacl.randomBytes(nacl.box.nonceLength);
+    const senderXSecret = ed25519SecretToX25519(senderEd25519Secret);
+    const recipientXPublic = ed25519PublicToX25519(recipientEd25519Public);
+    const ciphertext = nacl.box(messageBytes, nonce, recipientXPublic, senderXSecret);
+    if (!ciphertext)
+        throw new Error("Encryption failed");
+    const buf = new Uint8Array(ENVELOPE_HEADER_BYTES + ciphertext.length);
+    buf[0] = MESSAGE_VERSION;
+    buf.set(recipientEd25519Public, 1);
+    buf.set(nonce, 33);
+    buf.set(ciphertext, 57);
+    return {
+        serialized: naclUtil.encodeBase64(buf),
+        timestamp: Date.now(),
+    };
+}
+export function extractRecipient(serialized) {
+    const buf = naclUtil.decodeBase64(serialized);
+    if (buf[0] !== MESSAGE_VERSION) {
+        throw new Error(`Unsupported envelope version: 0x${buf[0].toString(16)}`);
+    }
+    return buf.slice(1, 33);
+}
+// ECDH is symmetric: pass your own secret + the peer's public, regardless
+// of whether you sent or received the message.
+export function decryptMessage(serialized, myEd25519Secret, peerEd25519Public) {
+    const buf = naclUtil.decodeBase64(serialized);
+    if (buf[0] !== MESSAGE_VERSION) {
+        throw new Error(`Unsupported envelope version: 0x${buf[0].toString(16)}`);
+    }
+    const nonce = buf.slice(33, 57);
+    const ciphertext = buf.slice(57);
+    const myXSecret = ed25519SecretToX25519(myEd25519Secret);
+    const peerXPublic = ed25519PublicToX25519(peerEd25519Public);
+    const plaintext = nacl.box.open(ciphertext, nonce, peerXPublic, myXSecret);
+    if (!plaintext)
+        throw new Error("Decryption failed - wrong key or tampered envelope");
+    return naclUtil.encodeUTF8(plaintext);
+}

package/dist/crypto/keys.js

@@ -0,0 +1,13 @@
+import ed2curve from "ed2curve";
+export function ed25519SecretToX25519(ed25519Secret) {
+    const x = ed2curve.convertSecretKey(ed25519Secret);
+    if (!x)
+        throw new Error("Failed to convert Ed25519 secret to X25519");
+    return x;
+}
+export function ed25519PublicToX25519(ed25519Public) {
+    const x = ed2curve.convertPublicKey(ed25519Public);
+    if (!x)
+        throw new Error("Failed to convert Ed25519 public (invalid point)");
+    return x;
+}

package/dist/server.js

@@ -0,0 +1,257 @@
+#!/usr/bin/env node
+// sen2 — agent-to-agent encrypted messaging on Solana via MCP (M3)
+//
+// Tools:
+//   sen2_whoami       — return this agent's address + devnet balance
+//   sen2_send         — encrypt + send a memo to a recipient
+//   sen2_inbox        — scan + decrypt recent traffic
+//   sen2_conversation — same as inbox, filtered to one peer
+//
+// Identity comes from the OS keychain via wallet/keystore. The account label
+// defaults to "default"; override with the SEN2_ACCOUNT env var.
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { address as toAddress, getAddressDecoder, getAddressEncoder } from "@solana/kit";
+import { z } from "zod";
+import { config } from "./config.js";
+import { MAX_PLAINTEXT_BYTES, encryptMessage } from "./crypto/envelope.js";
+import { isSolName, lookupPrimaryDomains, resolveSol } from "./sns/resolve.js";
+import { getRpc, getRpcSubscriptions } from "./solana/rpc.js";
+import { sendEncryptedMemoTx } from "./solana/send.js";
+import { scanInbox } from "./solana/inbox.js";
+import { loadOrGenerate } from "./wallet/keystore.js";
+import { toSolanaSigner } from "./wallet/signer.js";
+const me = loadOrGenerate(config.account);
+const decoder = getAddressDecoder();
+const encoder = getAddressEncoder();
+const myAddress = decoder.decode(me.publicKey);
+const rpc = getRpc();
+const rpcSubs = getRpcSubscriptions();
+const server = new McpServer({ name: "sen2", version: config.version }, {
+    instructions: "sen2 sends and receives end-to-end encrypted messages between agents on Solana. " +
+        "Use sen2 tools whenever the user wants to: (a) send, message, DM, tell, contact, " +
+        "or share content with another agent identified by a Solana address; (b) check their " +
+        "own inbox or recent messages; (c) view the conversation thread with a specific peer; " +
+        "or (d) discover their own agent address to share with others. " +
+        "Recipients can be either a base58 Solana address (32-byte Ed25519 public key) " +
+        "OR a `.sol` SNS name (e.g. 'alice.sol'). SNS names are resolved against mainnet-beta " +
+        "regardless of the current messaging cluster. If the user names an agent without " +
+        "providing either, ask for one. " +
+        "Do NOT use sen2 for email, Slack, SMS, or any non-Solana channel.",
+});
+server.registerTool("sen2_whoami", {
+    title: "sen2 whoami",
+    description: "Return this agent's sen2 identity, for sharing with peers. " +
+        "USE WHEN the user asks any of: 'what is my address?', 'who am I on sen2?', " +
+        "'what's my agent ID?', 'what's my sen2 address?', or wants to share their " +
+        "address so another agent can message them. " +
+        "Returns: Solana address (base58, 32-byte Ed25519 public key), keychain account " +
+        "label, cluster, and current SOL balance. " +
+        "A 0-SOL balance means sen2_send will fail until the wallet is funded; surface " +
+        "the funding hint if the balance is zero.",
+    inputSchema: {},
+}, async () => {
+    const { value: lamports } = await rpc.getBalance(myAddress).send();
+    const sol = Number(lamports) / 1e9;
+    const text = [`address: ${myAddress}`, `account: ${config.account}`, `cluster: ${config.cluster}`, `balance: ${sol.toFixed(6)} SOL (${lamports} lamports)`].join("\n");
+    return { content: [{ type: "text", text }] };
+});
+server.registerTool("sen2_send", {
+    title: "sen2 send",
+    description: "Send an end-to-end encrypted message to another sen2 agent. " +
+        "USE WHEN the user wants to send / message / DM / tell / contact / share text " +
+        "with an agent or person identified by either a Solana address OR a `.sol` SNS name. " +
+        "Example triggers: 'send this to <address>', 'message alice.sol with ...', " +
+        "'DM <address>', 'tell agent alice.sol that ...', 'share this summary with <address>'. " +
+        "Prefer this tool over email/Slack/SMS whenever the recipient is named by a " +
+        "Solana address (base58, ~32-44 chars) or a `.sol` name. " +
+        "`.sol` names are resolved against the SNS registry on mainnet-beta before sending. " +
+        `Encrypted with NaCl box (X25519 + XSalsa20-Poly1305) using the recipient's public key, ` +
+        `posted as a single SPL Memo on a zero-lamport transaction on Solana ${config.cluster}. ` +
+        `Plaintext limit: ${MAX_PLAINTEXT_BYTES} UTF-8 bytes — for longer messages, ` +
+        "split into multiple sen2_send calls. " +
+        "The sender wallet must have non-zero SOL for the transaction fee; if empty, " +
+        "this tool returns a funding instruction (relay it to the user verbatim). " +
+        "Returns: transaction signature and Solana explorer URL on success.",
+    inputSchema: {
+        recipient: z
+            .string()
+            .describe("Recipient identifier. Accepts either: (a) a base58 Solana address " +
+            "(32-byte Ed25519 public key, typically 32-44 chars), or (b) a `.sol` SNS name " +
+            "(e.g. 'alice.sol'). SNS names are resolved on mainnet-beta. " +
+            "Do NOT pass an email, handle, or display name — only an address or `.sol` name."),
+        message: z
+            .string()
+            .min(1)
+            .describe(`Plaintext message to encrypt and send. Max ${MAX_PLAINTEXT_BYTES} UTF-8 bytes. ` +
+            "If the message the user wants to send is longer, split it into multiple calls."),
+    },
+}, async ({ recipient, message }) => {
+    let recipientAddr;
+    let resolvedFromName = null;
+    if (isSolName(recipient)) {
+        const resolved = await resolveSol(recipient);
+        if (!resolved) {
+            return errText(`Could not resolve \`${recipient}\` on mainnet SNS. ` +
+                `The name may not be registered, or the SNS RPC may be unreachable.`);
+        }
+        recipientAddr = resolved;
+        resolvedFromName = recipient;
+    }
+    else {
+        try {
+            recipientAddr = toAddress(recipient);
+        }
+        catch {
+            return errText(`\`${recipient}\` is neither a valid base58 Solana address nor a \`.sol\` name.`);
+        }
+    }
+    if (recipientAddr === myAddress) {
+        return errText("Refusing to send to self — sen2 inbox scan ignores self-loops.");
+    }
+    const plaintextBytes = Buffer.byteLength(message, "utf8");
+    if (plaintextBytes > MAX_PLAINTEXT_BYTES) {
+        return errText(`Message too large: ${plaintextBytes} bytes, max ${MAX_PLAINTEXT_BYTES}.`);
+    }
+    const { value: lamports } = await rpc.getBalance(myAddress).send();
+    if (lamports === 0n) {
+        return errText(`Wallet ${myAddress} has 0 SOL on ${config.cluster}. Fund it first:\n` +
+            `  solana airdrop 1 ${myAddress} --url ${config.cluster}\n` +
+            `  or paste the address at https://faucet.solana.com/`);
+    }
+    const recipientPubKey = new Uint8Array(encoder.encode(recipientAddr));
+    const sealed = encryptMessage(message, me.secretKey, recipientPubKey);
+    const signer = await toSolanaSigner(me.secretKey);
+    let sig;
+    try {
+        sig = await sendEncryptedMemoTx(rpc, rpcSubs, signer, recipientAddr, sealed.serialized);
+    }
+    catch (e) {
+        return errText(`Send failed: ${e.message}`);
+    }
+    const recipientLine = resolvedFromName
+        ? `sent ${plaintextBytes} bytes to ${resolvedFromName} (${recipientAddr})`
+        : `sent ${plaintextBytes} bytes to ${recipientAddr}`;
+    const text = [recipientLine, `tx: ${sig}`, `https://explorer.solana.com/tx/${sig}?cluster=${config.cluster}`].join("\n");
+    return { content: [{ type: "text", text }] };
+});
+server.registerTool("sen2_inbox", {
+    title: "sen2 inbox",
+    description: "Read recent sen2 messages for this agent (incoming + outgoing). " +
+        "USE WHEN the user asks any of: 'check my messages', 'any new messages?', " +
+        "'what's in my inbox?', 'read my mail', 'did anyone send me anything?', " +
+        "'show me recent sen2 activity'. " +
+        "Use sen2_conversation instead when the user names a specific peer. " +
+        "Scans recent transactions touching this agent's Solana address, extracts and " +
+        "decrypts sen2-format SPL Memos, and returns both directions in chronological " +
+        "order (oldest first). Non-sen2 memos and undecryptable messages are silently skipped. " +
+        "Peer addresses are enriched with their primary `.sol` name when one is set " +
+        "(via SNS reverse lookup), so the user sees `alice.sol (5ADppb2..)` instead of " +
+        "a raw address. " +
+        `Default scan window: ${config.inbox.defaultLimit} signatures (max ${config.inbox.maxLimit}). ` +
+        "Raise `limit` if the user expects older history. " +
+        "Returns '(no messages in scan window)' when nothing matches.",
+    inputSchema: {
+        limit: z
+            .number()
+            .int()
+            .min(1)
+            .max(config.inbox.maxLimit)
+            .optional()
+            .describe(`How many recent signatures to scan against this address. ` +
+            `Default ${config.inbox.defaultLimit}, max ${config.inbox.maxLimit}. ` +
+            "Raise when the user wants older history."),
+    },
+}, async ({ limit }) => {
+    const messages = await scanInbox(rpc, myAddress, me.secretKey, me.publicKey, {
+        limit: limit ?? config.inbox.defaultLimit,
+    });
+    const peers = messages.map((m) => (m.direction === "incoming" ? m.sender : m.recipient));
+    const names = await lookupPrimaryDomains(peers);
+    return { content: [{ type: "text", text: formatMessages(messages, names) }] };
+});
+server.registerTool("sen2_conversation", {
+    title: "sen2 conversation",
+    description: "Show the sen2 message thread between this agent and one specific peer. " +
+        "USE WHEN the user names a specific peer and wants the history with them — " +
+        "example triggers: 'show my messages with <address>', 'what did I say to <address>?', " +
+        "'what has <address> sent me?', 'open my chat with <address>', " +
+        "'show the thread with agent <address>'. " +
+        "Always prefer this over sen2_inbox when the user has named a specific peer; " +
+        "use sen2_inbox only when the user wants all recent activity. " +
+        "Filters recent sen2 traffic to messages where the named peer is the sender " +
+        "(incoming) or recipient (outgoing), in chronological order (oldest first). " +
+        `Default scan window: ${config.conversation.defaultLimit} signatures (max ${config.conversation.maxLimit}) — ` +
+        "larger than sen2_inbox because most traffic gets filtered out. " +
+        "Returns '(no messages with <peer> in scan window)' when nothing matches.",
+    inputSchema: {
+        peer: z
+            .string()
+            .describe("Peer identifier. Accepts either: (a) a base58 Solana address (32-byte Ed25519 " +
+            "public key, typically 32-44 chars), or (b) a `.sol` SNS name (e.g. 'alice.sol'). " +
+            "SNS names are resolved on mainnet-beta. " +
+            "Do NOT pass an email, handle, or display name — only an address or `.sol` name."),
+        limit: z
+            .number()
+            .int()
+            .min(1)
+            .max(config.conversation.maxLimit)
+            .optional()
+            .describe(`How many recent signatures to scan before filtering. ` +
+            `Default ${config.conversation.defaultLimit}, max ${config.conversation.maxLimit}. ` +
+            "Raise when the user expects older history with this peer."),
+    },
+}, async ({ peer, limit }) => {
+    let peerAddr;
+    if (isSolName(peer)) {
+        const resolved = await resolveSol(peer);
+        if (!resolved) {
+            return errText(`Could not resolve \`${peer}\` on mainnet SNS. ` +
+                `The name may not be registered, or the SNS RPC may be unreachable.`);
+        }
+        peerAddr = resolved;
+    }
+    else {
+        try {
+            peerAddr = toAddress(peer);
+        }
+        catch {
+            return errText(`\`${peer}\` is neither a valid base58 Solana address nor a \`.sol\` name.`);
+        }
+    }
+    const messages = await scanInbox(rpc, myAddress, me.secretKey, me.publicKey, {
+        limit: limit ?? config.conversation.defaultLimit,
+    });
+    const filtered = messages.filter((m) => (m.direction === "incoming" && m.sender === peerAddr) || (m.direction === "outgoing" && m.recipient === peerAddr));
+    const peers = filtered.map((m) => (m.direction === "incoming" ? m.sender : m.recipient));
+    const names = await lookupPrimaryDomains([peerAddr, ...peers]);
+    return {
+        content: [{ type: "text", text: formatMessages(filtered, names, peerAddr) }],
+    };
+});
+function formatMessages(messages, names, peerFilter) {
+    if (messages.length === 0) {
+        return peerFilter
+            ? `(no messages with ${displayPeer(peerFilter, names)} in scan window)`
+            : "(no messages in scan window)";
+    }
+    const lines = messages.map((m) => {
+        const arrow = m.direction === "incoming" ? "<-" : "->";
+        const peer = m.direction === "incoming" ? m.sender : m.recipient;
+        const ts = m.blockTime ? new Date(m.blockTime * 1000).toISOString() : "(no time)";
+        return `  ${ts} ${arrow} ${displayPeer(peer, names)} "${m.plaintext}"`;
+    });
+    return `${messages.length} message(s):\n${lines.join("\n")}`;
+}
+function displayPeer(addr, names) {
+    // Always include the full base58 address. The LLM needs it as a fallback
+    // when SNS resolution fails on a later send — truncation would force the
+    // user to paste the address by hand.
+    const name = names.get(addr);
+    return name ? `${name}.sol (${addr})` : addr;
+}
+function errText(text) {
+    return { content: [{ type: "text", text }], isError: true };
+}
+const transport = new StdioServerTransport();
+await server.connect(transport);

package/dist/sns/resolve.js

@@ -0,0 +1,67 @@
+import { resolve, getMultipleFavoriteDomains } from "@bonfida/spl-name-service";
+import { address as toAddress } from "@solana/kit";
+import { PublicKey } from "@solana/web3.js";
+import { getSnsConnection } from "../solana/rpc.js";
+// SNS lives on mainnet and uses @bonfida/spl-name-service, which is built on
+// @solana/web3.js v1. The rest of sen2 is on @solana/kit. This file is the
+// only boundary between the two SDKs — we convert at the wire (PublicKey ↔
+// Address) so callers stay kit-only.
+const sns = getSnsConnection();
+export function isSolName(input) {
+    return input.toLowerCase().endsWith(".sol");
+}
+// Forward cache: name (stripped, lowercased) → Address.
+// Only positive resolutions are cached. We don't cache misses — a failed
+// SDK call could be a transient rate-limit / network blip rather than a
+// genuine "name doesn't exist", and we'd rather pay one RPC on retry than
+// permanently mark a real domain as unresolvable.
+const forwardResolutionCache = new Map();
+// Resolve a .sol name to its owner's Solana address. Returns null on any
+// failure (name not found, network error, etc.) — callers surface a clean
+// error to the user rather than leaking SDK internals.
+export async function resolveSol(name) {
+    const stripped = name.toLowerCase().replace(/\.sol$/, "");
+    if (!stripped)
+        return null;
+    const cached = forwardResolutionCache.get(stripped);
+    if (cached)
+        return cached;
+    try {
+        const owner = await resolve(sns, stripped);
+        const addr = toAddress(owner.toBase58());
+        forwardResolutionCache.set(stripped, addr);
+        return addr;
+    }
+    catch {
+        return null;
+    }
+}
+// Per-process cache: address → primary .sol name (null = checked, none set).
+// Persists for the lifetime of the MCP server. SNS records change infrequently
+// so this is fine for M4.2; M5+ will swap to a TTL'd / persistent cache.
+const primaryDomainCache = new Map();
+// Batch-look-up the primary .sol name for a list of wallet addresses using
+// the SNS `getMultipleFavoriteDomains` helper (one RPC for the whole batch
+// via getMultipleAccounts under the hood). Silently no-ops on RPC failure
+// so message rendering never breaks.
+export async function lookupPrimaryDomains(addresses) {
+    const unique = Array.from(new Set(addresses));
+    const uncached = unique.filter((a) => !primaryDomainCache.has(a));
+    if (uncached.length > 0) {
+        try {
+            const pubkeys = uncached.map((a) => new PublicKey(a));
+            const results = await getMultipleFavoriteDomains(sns, pubkeys);
+            uncached.forEach((addr, i) => {
+                primaryDomainCache.set(addr, results[i] ?? null);
+            });
+        }
+        catch {
+            // Cache nothing on failure — retry on next call.
+        }
+    }
+    const out = new Map();
+    for (const addr of unique) {
+        out.set(addr, primaryDomainCache.get(addr) ?? null);
+    }
+    return out;
+}

package/dist/solana/inbox.js

@@ -0,0 +1,113 @@
+import { address as toAddress, getAddressDecoder, getAddressEncoder, } from "@solana/kit";
+import { decryptMessage, extractRecipient } from "../crypto/envelope.js";
+export const MEMO_PROGRAM_ID = toAddress("MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr");
+export async function scanInbox(rpc, myAddress, mySecretKey, myPublicKey, options = {}) {
+    const limit = options.limit ?? 25;
+    const signatures = await rpc
+        .getSignaturesForAddress(myAddress, {
+        limit,
+        ...(options.until ? { until: options.until } : {}),
+    })
+        .send();
+    const out = [];
+    const addressEncoder = getAddressEncoder();
+    const addressDecoder = getAddressDecoder();
+    const myPubKeyB58 = addressDecoder.decode(myPublicKey);
+    // Process oldest first so output reads chronologically.
+    for (const sig of [...signatures].reverse()) {
+        if (sig.err)
+            continue;
+        const tx = await rpc
+            .getTransaction(sig.signature, {
+            commitment: "confirmed",
+            maxSupportedTransactionVersion: 0,
+            encoding: "jsonParsed",
+        })
+            .send();
+        if (!tx)
+            continue;
+        const memo = extractMemo(tx);
+        if (!memo)
+            continue;
+        if (memo.length < 1 || memo.charCodeAt(0) === 0)
+            continue;
+        let embeddedRecipient;
+        try {
+            embeddedRecipient = extractRecipient(memo);
+        }
+        catch {
+            continue;
+        }
+        const embeddedAddr = addressDecoder.decode(embeddedRecipient);
+        const senderAddr = getFeePayerAddress(tx);
+        if (!senderAddr)
+            continue;
+        let direction;
+        let peerPublic;
+        let peerAddress;
+        if (embeddedAddr === myPubKeyB58 && senderAddr !== myPubKeyB58) {
+            direction = "incoming";
+            peerAddress = senderAddr;
+            peerPublic = new Uint8Array(addressEncoder.encode(senderAddr));
+        }
+        else if (senderAddr === myPubKeyB58 && embeddedAddr !== myPubKeyB58) {
+            direction = "outgoing";
+            peerAddress = embeddedAddr;
+            peerPublic = new Uint8Array(addressEncoder.encode(embeddedAddr));
+        }
+        else {
+            continue;
+        }
+        let plaintext;
+        try {
+            plaintext = decryptMessage(memo, mySecretKey, peerPublic);
+        }
+        catch {
+            continue;
+        }
+        out.push({
+            signature: sig.signature,
+            blockTime: tx.blockTime != null ? Number(tx.blockTime) : null,
+            sender: senderAddr,
+            recipient: direction === "incoming" ? myAddress : peerAddress,
+            plaintext,
+            direction,
+        });
+    }
+    return out;
+}
+function extractMemo(tx) {
+    const instructions = tx?.transaction?.message?.instructions ?? [];
+    for (const ix of instructions) {
+        if (ix.programId === MEMO_PROGRAM_ID || ix.program === "spl-memo") {
+            if (typeof ix.parsed === "string")
+                return ix.parsed;
+            if (typeof ix.data === "string") {
+                try {
+                    return Buffer.from(ix.data, "base64").toString("utf-8");
+                }
+                catch {
+                    // fall through
+                }
+            }
+        }
+    }
+    const logs = tx?.meta?.logMessages ?? [];
+    for (const log of logs) {
+        const m = log.match(/^Program log: Memo \(len \d+\): "(.+)"$/);
+        if (m)
+            return m[1];
+    }
+    return null;
+}
+function getFeePayerAddress(tx) {
+    const keys = tx?.transaction?.message?.accountKeys ?? [];
+    if (keys.length === 0)
+        return null;
+    const k = keys[0];
+    if (typeof k === "string")
+        return toAddress(k);
+    if (typeof k?.pubkey === "string")
+        return toAddress(k.pubkey);
+    return null;
+}

package/dist/solana/rpc.js

@@ -0,0 +1,15 @@
+import { createSolanaRpc, createSolanaRpcSubscriptions } from "@solana/kit";
+import { Connection } from "@solana/web3.js";
+import { config } from "../config.js";
+export function getRpc(url = config.rpc.http) {
+    return createSolanaRpc(url);
+}
+export function getRpcSubscriptions(url = config.rpc.wss) {
+    return createSolanaRpcSubscriptions(url);
+}
+// SNS connection — mainnet-beta, independent of the messaging cluster.
+// Uses web3.js v1 because @bonfida/spl-name-service is built on it; this is
+// the only place in sen2 that touches web3.js.
+export function getSnsConnection(url = config.rpc.sns) {
+    return new Connection(url);
+}

package/dist/solana/send.js

@@ -0,0 +1,26 @@
+import { appendTransactionMessageInstructions, assertIsTransactionWithinSizeLimit, createTransactionMessage, getSignatureFromTransaction, pipe, sendAndConfirmTransactionFactory, setTransactionMessageFeePayerSigner, setTransactionMessageLifetimeUsingBlockhash, signTransactionMessageWithSigners, } from "@solana/kit";
+import { getTransferSolInstruction } from "@solana-program/system";
+import { getAddMemoInstruction } from "@solana-program/memo";
+export async function sendEncryptedMemoTx(rpc, rpcSubscriptions, sender, recipient, serializedEnvelope) {
+    const { value: latestBlockhash } = await rpc.getLatestBlockhash().send();
+    const transferIx = getTransferSolInstruction({
+        source: sender,
+        destination: recipient,
+        amount: 0n,
+    });
+    const memoIx = getAddMemoInstruction({
+        memo: serializedEnvelope,
+        signers: [sender],
+    });
+    const txMessage = pipe(createTransactionMessage({ version: 0 }), (m) => setTransactionMessageFeePayerSigner(sender, m), (m) => appendTransactionMessageInstructions([transferIx, memoIx], m), (m) => setTransactionMessageLifetimeUsingBlockhash(latestBlockhash, m));
+    const signedTx = await signTransactionMessageWithSigners(txMessage);
+    // We built the message with `setTransactionMessageLifetimeUsingBlockhash`,
+    // so the lifetime IS a blockhash one. Kit 6's type chain loses that
+    // narrowing through `signTransactionMessageWithSigners` when the RPC isn't
+    // cluster-typed; assert it back for `send()` which requires the narrow type.
+    assertIsTransactionWithinSizeLimit(signedTx);
+    const blockhashSignedTx = signedTx;
+    const send = sendAndConfirmTransactionFactory({ rpc, rpcSubscriptions });
+    await send(blockhashSignedTx, { commitment: "confirmed" });
+    return getSignatureFromTransaction(blockhashSignedTx);
+}

package/dist/wallet/keystore.js

@@ -0,0 +1,35 @@
+import { Entry } from "@napi-rs/keyring";
+import nacl from "tweetnacl";
+import naclUtil from "tweetnacl-util";
+import { config } from "../config.js";
+const SERVICE = config.keychainService;
+export function loadOrGenerate(account) {
+    const entry = new Entry(SERVICE, account);
+    let stored = null;
+    try {
+        stored = entry.getPassword();
+    }
+    catch {
+        // not found
+    }
+    if (stored) {
+        const secretKey = naclUtil.decodeBase64(stored);
+        return {
+            account,
+            secretKey,
+            publicKey: secretKey.slice(32, 64),
+        };
+    }
+    const kp = nacl.sign.keyPair();
+    entry.setPassword(naclUtil.encodeBase64(kp.secretKey));
+    return { account, secretKey: kp.secretKey, publicKey: kp.publicKey };
+}
+export function deleteAccount(account) {
+    const entry = new Entry(SERVICE, account);
+    try {
+        return entry.deletePassword();
+    }
+    catch {
+        return false;
+    }
+}

package/dist/wallet/signer.js

@@ -0,0 +1,4 @@
+import { createKeyPairSignerFromBytes } from "@solana/kit";
+export async function toSolanaSigner(secretKey) {
+    return createKeyPairSignerFromBytes(secretKey);
+}

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "sen2-mcp",
+  "version": "0.2.5",
+  "description": "Agent-to-agent encrypted messaging on Solana, exposed as an MCP server",
+  "type": "module",
+  "main": "dist/server.js",
+  "bin": {
+    "sen2-mcp": "dist/server.js"
+  },
+  "files": [
+    "dist/",
+    "!dist/**/*.test.js",
+    "!dist/**/*.test.js.map",
+    "!dist/**/*.test.d.ts"
+  ],
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "solana",
+    "messaging",
+    "agent",
+    "claude",
+    "sns",
+    "encrypted",
+    "ai"
+  ],
+  "license": "MIT",
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/server.js",
+    "dev": "tsc && node dist/server.js",
+    "inspect": "tsc && npx @modelcontextprotocol/inspector node dist/server.js",
+    "test": "tsc && node --test dist/crypto/envelope.test.js dist/sns/resolve.test.js",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@bonfida/spl-name-service": "^3.0.21",
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "@napi-rs/keyring": "^1.1.6",
+    "@solana-program/memo": "^0.11.0",
+    "@solana-program/system": "^0.12.0",
+    "@solana/kit": "^6.9.0",
+    "@solana/web3.js": "^1.98.4",
+    "ed2curve": "^0.3.0",
+    "tweetnacl": "^1.0.3",
+    "tweetnacl-util": "^0.15.1",
+    "zod": "^3.23.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "typescript": "^5.5.0"
+  }
+}