szhygulin/recon-crypto-mcp

Patch release. Ships everything merged since v0.5.0 — new second-agent verification artifact, a direct Uniswap V3 swap path, incident-status tooling for all three lending protocols, a preview-token gate on EVM sends, and quieter peer-trust wording.

New tools

• get_verification_artifact — sparse, copy-paste-ready payload ({chain, chainId, from, to, value, data, payloadHash, preSignHash?} for EVM) plus a canned prompt for a second, independent LLM to decode the bytes from scratch. The from field lets the second agent auto-check in-calldata recipients (unwrapWETH9 target, bridge destination, transfer to) against the signer.
• prepare_uniswap_swap — direct Uniswap V3 routing for clear-signed swaps (bypasses LiFi when the user names the venue).
• get_market_incident_status — Aave V3 + Compound V3 + Morpho Blue incident / pause surfaces.
• get_compound_market_info — Compound V3 market facts + governance state.
• get_token_metadata — ERC-20 symbol/decimals/name lookup.

Defenses / gates

• previewToken + userDecision: \"send\" gate on send_transaction — server-minted UUID bound to the pin (re-minted on refresh:true) plus z.literal(\"send\"), both required on every EVM send. Closes the accidental preview_send → send_transaction collapse that let agents skip the EXTRA CHECKS YOU CAN RUN BEFORE REPLYING \"SEND\" menu. Schema-enforced; clear-error refusal on miss/mismatch. Honest limit: a fully-hostile agent can still forge userDecision after a legitimate preview_send — this is a careless-mistake backstop, not a coordinated-lying defense.
• Peer-trust warning allowlist — get_ledger_status only emits peerTrustWarning when the paired WalletConnect peer host is NOT on the *.ledger.com allowlist. Quiets the common case (pairing with real Ledger Live); still fires loudly on unknown hosts.
• Pre-flight checks — Aave reserve state, Compound pause state, and TRON bandwidth/energy are now checked before a prepare_* builds a tx that would predictably revert or strand the user.

UX / behavior

• Priority-fee floor lowered from 1.5 → 0.5 gwei (current mempool has cleared below the old floor consistently; 0.5 gwei is enough headroom without overpaying on calm windows).
• Proactively offers request_capability when a gap is encountered instead of just narrating it.
• Richer simulate_transaction revert decoding.
• simulate_position_change extended to Compound V3 + Morpho Blue.
• TRON post-broadcast polling tuned per-chain; TRON preview + verify-decode block surfaced.
• Governance pause state surfaced in position readers.

Docs

• Security section in README.md refreshed: new defenses-table row for the previewToken gate, new threat-catch bullet, from-field auto-check note, and a roadmap entry for future server-integrated second-agent verification (MCP calls an independent second-provider LLM directly and blocks the send on disagreement — structurally closes the coordinated-agent gap).
• CLAUDE.md added with preflight / git / tool-use / incident-response guidance.

Chore

• Security audit findings closed (PR #46).
• Token-metadata + approval-chain boilerplate dedup (PR #47).
• .gitignore: .context/ (crypto-audit scratch), .claude/ (local Claude Code state).

Tests

• 479/479 pass. New suites: test/preview-token-gate.test.ts (EVM gate + TRON bypass), expanded test/security-audit.test.ts (peer-trust allowlist), updated test/simulation.test.ts for the new priority-fee floor.

Internal references

PRs #42, #43, #44, #45, #46, #47, #48, #50, #51, #52, #53, #54, #55.