@agether/agether 2.6.0 → 2.6.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agether/agether",
-  "version": "2.6.0",
+  "version": "2.6.2",
   "description": "OpenClaw plugin for Agether — onchain credit for AI agents on Ethereum & Base",
   "main": "src/index.ts",
   "openclaw": {

package/skills/agether/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: agether
-description: On-chain credit protocol for AI agents on Base. Morpho credit & lending, x402 payments, ERC-8004 identity.
+description: On-chain credit protocol for AI agents. Morpho credit & lending, x402 payments, ERC-8004 identity.
 ---
 
 # Agether — On-Chain Credit for AI Agents
@@ -26,11 +26,11 @@ If you don't paste it, the user sees NOTHING. An empty colon ":" with no data af
 1. **PASTE tool results into your reply.** Every tool returns JSON. Extract the key fields and write them in your message. The user cannot see tool output directly.
 2. **ALWAYS paste tx links.** Tools return `tx` field like `https://basescan.org/tx/0x...`. Copy it verbatim into your reply.
 3. **After on-chain actions, call `agether_balance` and paste the balances.**
-4. **On first message, call `agether_health`.** This is your single best "context loader" — it returns balances, positions, LTV, alerts, and headroom in one call. If `agentId` is `"?"`, see AGENT ID RESOLUTION below.
+4. **On first message, call `agether_health`.** This is your single best "context loader" — it returns balances, positions, LTV, alerts, and headroom in one call. If `chain` is `"?"`, follow the MANDATORY BOOT SEQUENCE above — set chain FIRST, then agent ID.
 5. **Be proactive** — if the user asks to call a paid API, do the full flow without asking.
 6. **Never ask for private keys** — they come from OpenClaw secrets (AGETHER_PRIVATE_KEY env var).
 7. **Max LTV is 80%** (125% collateral ratio). To borrow $X, you need $X × 1.25 in collateral value.
-8. **When user says "register" → ALWAYS call `agether_register`.** A wallet CAN have multiple ERC-8004 identities. The tool handles everything. Never refuse to register because the wallet "already has an identity". Just call the tool.
+8. **When user says "register" → ALWAYS call `agether_register`.** But ONLY after chain is set (see MANDATORY BOOT SEQUENCE). A wallet CAN have multiple ERC-8004 identities. The tool handles everything. Never refuse to register because the wallet "already has an identity". Just call the tool.
 9. **Never guess about blockchain state.** If you're unsure, call the tool. Don't tell the user something is impossible — try it first.
 10. **Your EOA wallet IS the user's wallet.** Same private key, same address. If the user says "I have WETH", call `agether_balance` — you'll see it in the `collateral` field. You already have access to those tokens.
 11. **`morpho_deposit` and `morpho_deposit_and_borrow` transfer collateral from your EOA automatically.** You do NOT need anyone to "send you" tokens. If your EOA has WETH, just call the deposit tool directly. The SDK handles EOA→Safe account→Morpho in one flow.
@@ -43,39 +43,63 @@ If you don't paste it, the user sees NOTHING. An empty colon ":" with no data af
 
 ---
 
-## 🆔 AGENT ID RESOLUTION (CRITICAL)
+## 🚫🚫🚫 MANDATORY BOOT SEQUENCE — READ THIS FIRST 🚫🚫🚫
 
-If `agether_health` or `agether_balance` returns `agentId: "?"`, ALL Morpho tools will fail. You MUST resolve this first:
+There is a **strict ordering requirement**. Violating this order WILL cause wrong-chain registration and lost funds.
+
+### STEP 1 → CHAIN (must be first, ALWAYS, no exceptions)
+
+**You MUST set the chain BEFORE you do ANYTHING else — before `agether_set_agent`, before `agether_register`, before ANY on-chain tool call.**
+
+An `agentId` is **chain-specific**. Agent 28368 on Base is a completely different account than agent 28368 on Ethereum. If you set an agentId without knowing the chain, you WILL point at the wrong contract on the wrong network.
+
+**NEVER call `agether_set_agent` before the chain is confirmed. NEVER.**
 
 ```
-1. Check your memory for a previously registered agentId
-2. IF you find an agentId in memory:
-     → Ask user: "I remember agent ID <X> from before. Should I use it, or register a new one?"
-     → IF user says yes → call `agether_set_agent(agentId: "<X>")`
-     → IF user says no  → call `agether_register(name: "<ask name>")`
-3. IF no agentId in memory:
-     → call `agether_register(name: "<ask name>")`
-4. After either path → call `agether_health` to confirm everything is working
+IF agether_health returns chain: "?"
+  → Ask user: "Which chain — Ethereum or Base?"
+  → Call agether_set_chain(chain: "<ethereum or base>")
+  → Call agether_health again to confirm chain is set (not "?")
 ```
 
-Both `agether_set_agent` and `agether_register` save the agentId to config permanently (survives restarts).
+`agether_set_chain` accepts: `ethereum`, `eth`, `1`, `base`, `8453`.
 
----
+### STEP 2 → AGENT ID (ONLY after chain is confirmed, not "?")
 
-## � CHAIN RESOLUTION (CRITICAL)
+**NEVER call `agether_set_agent` or `agether_register` until the chain is confirmed (chain ≠ "?").**
 
-If `agether_health` returns `chain: "?"`, the chain is NOT configured. You MUST resolve this before proceeding with any on-chain action:
+Even if you have an agentId cached in memory or config — that agentId belongs to a **specific chain**. Do NOT blindly reuse it. A config value like `"agentId": "28368"` might be from the old deployment or a different chain.
 
 ```
-1. Ask user: "Which blockchain would you like to use? **Ethereum** or **Base**?"
-2. User chooses a chain
-3. Call `agether_set_chain(chain: "<ethereum or base>")`
-4. After set → call `agether_health` to confirm everything is working on that chain
+IF chain is confirmed AND agentId is "?"
+  1. IF you remember an agentId AND know which chain it was for:
+       → Ask: "I remember agent <X> on <CHAIN>. Is this still correct?"
+       → IF yes AND chain matches → agether_set_agent(agentId: "<X>")
+       → IF no → agether_register(name: "<ask>")
+  2. IF no memory of agentId:
+       → agether_register(name: "<ask>")
+  3. Call agether_health to confirm
 ```
 
-`agether_set_chain` saves the chain to config permanently (survives restarts). Accepts: `ethereum`, `eth`, `1`, `base`, `8453`.
+### ⛔ FORBIDDEN (will cause bugs)
 
-**IMPORTANT:** Resolve chain BEFORE resolving agentId — the agent registration happens on a specific chain.
+- ❌ `agether_set_agent` → then `agether_set_chain` — **WRONG ORDER, agent points at wrong chain**
+- ❌ `agether_register` before chain is set — **WILL FAIL**
+- ❌ Reusing a cached agentId without confirming which chain it belongs to — **WRONG ACCOUNT**
+- ❌ Seeing `"agentId": "28368"` in config and assuming it's valid — it might be stale or from a different chain
+- ❌ Calling `agether_set_agent` just because config has an agentId — **ASK THE USER FIRST**
+
+### ✅ CORRECT SEQUENCE (always follow this)
+
+```
+1. agether_health          → check chain and agentId status
+2. agether_set_chain       → if chain is "?", ask user and set it FIRST
+3. agether_health          → confirm chain is now set
+4. agether_set_agent OR agether_register → only NOW, after chain is confirmed
+5. agether_health          → final confirmation that both chain + agentId are set
+```
+
+Both `agether_set_agent` and `agether_register` save the agentId to config permanently (survives restarts).
 
 ---
 
@@ -176,11 +200,11 @@ When `autoYield` and/or `autoDraw` are enabled, `x402_pay` automatically sources
 ```
 1. agether_health                ← ONE call for full context
 2. Check the "chain" field:
-     → If chain is "?" → go to CHAIN RESOLUTION (must resolve before anything else)
+     → If chain is "?" → STOP. Set chain first (MANDATORY BOOT SEQUENCE). Do NOT proceed until chain is confirmed.
 3. Check the "alerts" array:
      → If any 🔴 alerts → WARN user immediately (liquidation risk!)
      → If any 🟡 alerts → mention the risk casually
-     → If "agentId: ?" → go to AGENT ID RESOLUTION
+     → If "agentId: ?" → set agent ID (but only AFTER chain is confirmed — see MANDATORY BOOT SEQUENCE)
 4. Now you have full context to handle any request
 ```
 

package/src/index.ts

@@ -175,6 +175,20 @@ function getConfig(api: any): PluginConfig {
 let cachedAgentId: string | undefined;
 let activeChainId: ChainId = ChainId.Ethereum;
 
+/**
+ * Hard guardrail: refuse to proceed if chain was never explicitly configured.
+ * Prevents silent default-to-Ethereum when user hasn't chosen a chain.
+ * Throws an error that the LLM sees, forcing it to call agether_set_chain first.
+ */
+function requireChain(cfg: PluginConfig): void {
+  if (!cfg.chainConfigured) {
+    throw new Error(
+      "Chain not configured. Ask the user which chain to use (Ethereum or Base), " +
+      "then call agether_set_chain before proceeding."
+    );
+  }
+}
+
 function createClient(cfg: PluginConfig): MorphoClient {
   const agentId = cachedAgentId || cfg.agentId;
   return new MorphoClient({
@@ -258,7 +272,8 @@ export default function register(api: any) {
   api.registerTool({
     name: "agether_register",
     description:
-      "Register a new ERC-8004 agent identity and create a Safe smart account (via Safe7579). Returns the new agentId.",
+      "Register a new ERC-8004 agent identity and create a Safe smart account (via Safe7579). " +
+      "REQUIRES chain to be configured first — call agether_set_chain before this tool. Returns the new agentId.",
     parameters: {
       type: "object",
       properties: {
@@ -269,6 +284,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { name: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         const result = await client.register(params.name);
         const persistStatus = persistAgentId(result.agentId);
@@ -417,6 +433,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { registryAddress: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
 
         // Build the calldata for ERC8004ValidationModule.setValidationRegistry — the owner (Timelock) must execute it
@@ -526,6 +543,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { amount: string; token: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         const result = await client.supplyCollateral(params.token, params.amount);
         return ok(JSON.stringify({
@@ -558,6 +576,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { collateralAmount: string; token: string; borrowAmount: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         const result = await client.depositAndBorrow(
           params.token,
@@ -597,6 +616,7 @@ export default function register(api: any) {
       try {
         if (!params.agentId && !params.agentAddress) return fail("Provide either agentId or agentAddress");
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
 
         const target = params.agentId
@@ -634,6 +654,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { amount: string; token?: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         const result = await client.borrow(params.amount, params.token);
         return ok(JSON.stringify({
@@ -666,6 +687,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { amount: string; token?: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         const result = await client.repay(params.amount, params.token);
         return ok(JSON.stringify({
@@ -699,6 +721,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { amount: string; token: string; toEoa?: boolean }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         // Default: keep in AgentAccount. toEoa=true → send to EOA.
         const receiver = params.toEoa ? await client.getSignerAddress() : await client.getAccountAddress();
@@ -739,6 +762,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { amount: string; market?: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         const result = await client.supplyAsset(params.amount, params.market);
         return ok(JSON.stringify({
@@ -831,6 +855,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { amount: string; market?: string; toEoa?: boolean }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         // Default: keep in AgentAccount. toEoa=true → send to EOA.
         const receiver = params.toEoa ? await client.getSignerAddress() : await client.getAccountAddress();
@@ -903,6 +928,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { refresh?: boolean }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         const agentId = client.getAgentId();
 
@@ -952,6 +978,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { amount: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         const result = await client.fundAccount(params.amount);
         return ok(JSON.stringify({
@@ -984,6 +1011,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { token: string; amount: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         const result = await client.withdrawToken(params.token, params.amount);
         return ok(JSON.stringify({
@@ -1015,6 +1043,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { amount: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const client = createClient(cfg);
         const result = await client.withdrawEth(params.amount);
         return ok(JSON.stringify({
@@ -1049,6 +1078,7 @@ export default function register(api: any) {
     async execute(_id: string, params: { url: string; method?: string; body?: string }) {
       try {
         const cfg = getConfig(api);
+        requireChain(cfg);
         const agetherCfg = api.config?.plugins?.entries?.agether?.config || {};
         const client = createClient(cfg);