szhygulin/recon-crypto-mcp

Highlights

• Read-only advisor mode (Model A). Four new tools — generate_readonly_link, import_readonly_token, list_readonly_invites, revoke_readonly_invite — let you hand a time-bound, scoped share token to a financial advisor or experienced friend so they can read your DeFi positions on their own VaultPilot instance, without ever holding signing access. Token format vp1.<base64url> is copy-pastable in chat (~350 chars for a typical 1-EVM + 1-Solana share). Issuer-side bookkeeping only — anyone holding the token can query the listed addresses, but anyone could query those addresses without it (chain reads are public). Hosted-enforcement Model B is deferred.
• TRON UX overhaul. Two long-standing pain points fixed for the prepare → CHECKS PERFORMED → Ledger character-walk → broadcast loop:
  • Server now emits the EVM-mirror ═══════ CHECKS PERFORMED ═══════ template at prepare time on every prepare_tron_*, with a swiss-knife.xyz decoder URL spliced in for TRC-20 calldata and a one-line node -e ...require('bs58check') recipient cross-check. Replaces the agent improvising its own block (and shelling out to multi-line python).
  • Tx expiration widened from TronGrid's default ~60s to the protocol max of 24h. Live regression: a 5,929 USDT send expired twice in a row before the user could finish reading the verification block. The character-walk on a fresh recipient cannot be rushed; this fix removes the time pressure.
• Revoke approval no longer blocked at preview. prepare_revoke_approval → preview_send end-to-end works now: the spender allowlist short-circuits when the decoded approve() amount is exactly 0n. Revokes to non-allowlisted spenders (Permit2, dead routers) — the canonical use case for cleanup — succeed.
• Verification artifact UX cleanup. get_verification_artifact's pasteableBlock is now per-chain; an EVM artifact dropped from ~95 lines to ~62 (~50% shorter, ignoring the JSON payload), with no Solana boilerplate carried into chains that don't need it. explain_tx's narrative header renamed from "TRANSACTION POST-MORTEM" to the more neutral "TRANSACTION ANALYSIS".

Included PRs

• #285 feat(tron): server-authored CHECKS PERFORMED template (EVM-mirror)
• #300 feat(tron): widen tx expiration to 24h max (closes #280)
• #307 fix(allowances): preview_send accepts approve(spender, 0) revokes (closes #305)
• #313 refactor(verification-artifact): split second-LLM instructions per chain
• #314 ux(explain_tx): rename "post-mortem" to "analysis"
• #317 feat(share): read-only advisor mode (Model A)

Plus parallel work merged in this window — #306 (Permit2 sub-allowances), #315 (NFT portfolio), #316 (preflight v4 pin), #318 (risk_score TVL+bounty fix), and CLA infra fixups.

Versioning notes

Patch bump rather than minor — #317 added new tool surface but it's strictly additive; consumers on ^0.9.0 ranges pick this up automatically. 0.9.2 was skipped at the maintainer's request to keep the version aligned with internal tracking. Versions ≤ 0.8.2 remain MIT-licensed; 0.9.0+ ships under BUSL-1.1 (auto-converts to Apache 2.0 on 2030-04-26).

Deliberately deferred

• Read-only advisor Model B (hosted enforcement). Genuine recall of a token already in the recipient's hands requires a hosted endpoint that authenticates against the issuer's revocation list. Lands when multi-tenant hosted MCP ships.
• Recipient-side persistent state for imported tokens. v1's import_readonly_token returns the decoded envelope and the recipient agent juggles addresses in conversation. Persistent storage (list_imports, etc.) is additive and can land later.
• Granular per-position visibility for share tokens (e.g. "share my Aave position but not my Lido position"). All-wallets-or-nothing in v1.