feat(examples): production-grade Privy owner + session-key proxy reference demo

[omarespejel]

Summary

Create a production-grade demo path that combines:

• managed owner custody/signing (Privy)
• on-chain session-key policy enforcement (SessionAccount)
• signer-boundary isolation for runtime session signing (SISNA/keyring proxy)

This should supersede the current split where:

• examples/starkzap-onboard-transfer demonstrates Privy + Starkzap onboarding/transfer
• examples/full-stack-swarm demonstrates session-key policy + proxy signing

Problem

Today we have strong pieces, but no single production-grade end-to-end reference that demonstrates both:

1. managed owner key custody (no raw owner private key in app/runtime process)
2. delegated session execution with on-chain spend/selector guardrails and verifiable deny paths

full-stack-swarm currently uses STARKNET_SIGNER_MODE=direct + STARKNET_PRIVATE_KEY for owner-side setup steps, which is useful for demos but not ideal as a production reference architecture.

Goal

Deliver an explicit reference flow for Sepolia that proves the intended production trust boundaries:

1. Owner/admin actions are signed via Privy (or equivalent managed custody signer mode)
2. Session execution is signed only via proxy boundary (SISNA/keyring), never by app process keys
3. On-chain guardrails enforce policy (spend cap + selector blocklist)
4. Demo outputs include positive and negative execution evidence links

Scope

In scope

• Add a new signer mode path for owner-side MCP operations that supports Privy-backed signing
• Keep session path on proxy signer mode (existing keyring contract unchanged)
• New/updated example flow that runs:
  • deploy SessionAccount
  • register ERC-8004 identity + link account
  • add session key + set spending policy
  • successful transfer/swap within cap
  • deliberate over-cap rejection
  • deliberate admin-selector rejection (if included in selected flow)
• Documentation: architecture diagram, env vars, security notes, expected evidence artifacts

Out of scope

• Replacing proxy/session signer boundary with Privy for delegated session signatures
• Mainnet rollout in this issue
• UI-level production integration in Starkclaw app

Acceptance criteria

• No owner private key required for owner-side setup flow in the new reference demo
• Session execution still requires proxy signer mode and emits 4-felt session signatures
• At least one deny-path tx is reproducible and captured in output report
• CI/README reproduce steps validated on Sepolia
• Security notes clearly document trust boundaries and failure modes

Proposed implementation slices

1. packages/starknet-mcp-server: add STARKNET_SIGNER_MODE=privy (owner/admin only)
2. examples/full-stack-swarm (or sibling examples/full-stack-swarm-privy): wire owner sidecars to privy signer mode
3. Keep trade/session sidecars in proxy mode
4. Add runbook and evidence template

Risks

• Signer interface mismatch between existing MCP account signer abstraction and Privy signer requirements
• Env complexity and operational UX (Privy server URL/auth, paymaster, proxy config)
• Confusion between owner signer mode and session signer mode unless docs are explicit

Dependencies

• Privy app credentials and signing endpoint availability
• Sepolia paymaster/API keys for gasless paths
• SISNA/keyring proxy deployment for session signing path

Nice-to-have follow-ups

• Mergeable checklist for “production trust boundary compliance” across examples
• Optional telemetry fields tying deny-path tx hashes to policy snapshot IDs

[omarespejel]

Execution note for fast v1 demo (Sepolia):\n\n- Reuse this issue as parent tracker (no new issue needed).\n- Dependency for Dfns signer mode: keep-starknet-strange/SISNA#22.\n\nProposed v1 demo scope:\n1. MCP -> SISNA -> DFNS signer path for session tx signing\n2. ERC-8004 + SessionAccount flow with evidence artifacts\n3. One success path + one deliberate deny path (policy/cap/admin selector)\n4. Output: tx links + signer/audit correlation IDs + runbook steps\n\nOut of scope for v1:\n- Generic hash-sign endpoint for ERC-8004 set_agent_wallet SNIP-6 proof (track as v2 follow-up after SISNA signer surface extension).\n\nIf no objections, I’ll treat #299 + SISNA#22 as the single execution lane and start implementation/testing against Sepolia.