Problem
lw_generate_mnemonic and lw_import_mnemonic work freely over MCP today. The seed flows through the connected AI provider's API and may be logged. The CLI (aqua wallet generate-mnemonic /
import-mnemonic) runs locally and is the safe path — nothing currently steers users there.
Fix
Gate both tools in server.py's call_tool (not in tools.py, so CLI is unaffected):
- Refuse unless confirm_seed_exposure_to_ai_provider=true is in the args.
- Refusal payload includes the CLI alternative and override instructions.
- Add the new boolean to TOOL_SCHEMAS; update each tool description to lead with "BLOCKED BY DEFAULT over MCP."
- Add a SEED HANDLING section to the server instructions directing the model to recommend the CLI first.
- Add a short "Seeds and your AI provider" note to the README.
Acceptance
- Both tools refuse without the flag; succeed with it.
- aqua wallet generate-mnemonic / import-mnemonic still work unchanged.
- Server instructions + README updated.
Problem
lw_generate_mnemonic and lw_import_mnemonic work freely over MCP today. The seed flows through the connected AI provider's API and may be logged. The CLI (aqua wallet generate-mnemonic /
import-mnemonic) runs locally and is the safe path — nothing currently steers users there.
Fix
Gate both tools in server.py's call_tool (not in tools.py, so CLI is unaffected):
Acceptance