@axisagent/cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/README.md +61 -0
  2. package/dist/cli.d.ts +2 -0
  3. package/dist/cli.js +115 -0
  4. package/dist/index.d.ts +5 -0
  5. package/dist/index.js +5 -0
  6. package/dist/localServer.d.ts +11 -0
  7. package/dist/localServer.js +333 -0
  8. package/dist/packageWriter.d.ts +41 -0
  9. package/dist/packageWriter.js +48 -0
  10. package/dist/relayClient.d.ts +17 -0
  11. package/dist/relayClient.js +109 -0
  12. package/dist/schema.d.ts +115 -0
  13. package/dist/schema.js +73 -0
  14. package/dist/skillRegistry.d.ts +99 -0
  15. package/dist/skillRegistry.js +707 -0
  16. package/package.json +60 -0
package/dist/skillRegistry.js ADDED
@@ -0,0 +1,707 @@
1
+ import { assertSkillDefinition, validateSafetyRules } from "./schema.js";
2
+ const approvalDefaults = {
3
+ defaultMode: "approval-required",
4
+ requiresApproval: true,
5
+ networkAccess: true,
6
+ walletWrite: true,
7
+ secrets: [],
8
+ maxSpendUsd: 250,
9
+ sessionLimitMinutes: 30
10
+ };
11
+ const readOnlyDefaults = {
12
+ defaultMode: "read-only",
13
+ requiresApproval: false,
14
+ networkAccess: true,
15
+ walletWrite: false,
16
+ secrets: [],
17
+ maxSpendUsd: null,
18
+ sessionLimitMinutes: 30
19
+ };
20
+ export const skills = [
21
+ {
22
+ id: "base-mcp-wallet-ops",
23
+ title: "Base MCP Wallet Ops",
24
+ category: "Base",
25
+ summary: "Connect local agents to Base Account wallet reads, sends, swaps, signatures, and transaction history with explicit approval gates.",
26
+ useWhen: "Use when a user wants Claude, Codex, Cursor, or OpenClaw to operate a Base wallet without exposing private keys to the frontend.",
27
+ chains: ["Base"],
28
+ protocols: ["Base MCP"],
29
+ risk: "high",
30
+ executionMode: "approval-required",
31
+ permissions: ["network", "wallet-read", "wallet-signature", "transaction-preview"],
32
+ installTargets: ["codex", "claude", "openclaw", "generic-mcp"],
33
+ source: "https://docs.base.org/ai-agents/index",
34
+ tokenUtility: "AXIS unlocks multi-agent wallet policy sync and higher simulation limits.",
35
+ auditNotes: ["No private key storage", "Every wallet write requires approval", "Transaction preview is mandatory"],
36
+ operations: ["read balances", "send tokens", "prepare swaps", "sign messages", "fetch transaction history"],
37
+ tests: ["reject send without approval", "render transaction preview before signing"],
38
+ policy: { ...approvalDefaults, allowedChains: ["Base"], humanReadableRule: "Wallet writes on Base require explicit user approval before signing." }
39
+ },
40
+ {
41
+ id: "base-contract-call-builder",
42
+ title: "Base Contract Call Builder",
43
+ category: "Base",
44
+ summary: "Build unsigned calldata for Base contracts, batch calls, and policy-gated protocol interactions before a wallet signs.",
45
+ useWhen: "Use when an agent needs to prepare contract interactions but the user wants to inspect calldata, target address, and value first.",
46
+ chains: ["Base"],
47
+ protocols: ["Base MCP"],
48
+ risk: "critical",
49
+ executionMode: "approval-required",
50
+ permissions: ["network", "wallet-read", "wallet-signature", "transaction-preview", "contract-call"],
51
+ installTargets: ["codex", "claude", "openclaw", "generic-mcp"],
52
+ source: "https://docs.base.org/ai-agents/index",
53
+ tokenUtility: "AXIS pays for verified ABI labels and high-risk simulation batches.",
54
+ auditNotes: ["ABI source shown", "Target address allowlist supported", "Blocks unknown payable calls by default"],
55
+ operations: ["build calldata", "batch contract calls", "preview value transfer", "decode ABI", "enforce allowlist"],
56
+ tests: ["block unknown target", "decode calldata before approval"],
57
+ policy: { ...approvalDefaults, allowedChains: ["Base"], maxSpendUsd: 100, humanReadableRule: "Unknown contract calls are blocked until the user reviews target, calldata, and value." }
58
+ },
59
+ {
60
+ id: "x402-base-payments",
61
+ title: "x402 Base Payments",
62
+ category: "Agent Payments",
63
+ summary: "Let local agents discover and pay x402-enabled APIs with Base USDC while enforcing per-call and session budgets.",
64
+ useWhen: "Use when an agent needs to pay for API calls, gated content, or services without getting unlimited wallet access.",
65
+ chains: ["Base"],
66
+ protocols: ["x402", "USDC"],
67
+ risk: "high",
68
+ executionMode: "approval-required",
69
+ permissions: ["network", "wallet-read", "wallet-signature", "transaction-preview", "paid-api"],
70
+ installTargets: ["codex", "claude", "openclaw", "generic-mcp"],
71
+ source: "https://docs.cdp.coinbase.com/agentic-wallet/mcp/welcome",
72
+ tokenUtility: "AXIS holders can create shared team budgets for paid agent calls.",
73
+ auditNotes: ["Per-call cap required", "Receipts logged locally", "No recurring spend without approval"],
74
+ operations: ["discover paid API", "quote x402 price", "pay with USDC", "write receipt", "enforce budget"],
75
+ tests: ["reject payment above cap", "log receipt after payment"],
76
+ policy: { ...approvalDefaults, allowedChains: ["Base"], maxSpendUsd: 20, humanReadableRule: "Paid API calls require a visible quote and cannot exceed the configured x402 budget." }
77
+ },
78
+ {
79
+ id: "coinbase-agentkit-actions",
80
+ title: "Coinbase AgentKit Actions",
81
+ category: "Developer Ops",
82
+ summary: "Package Coinbase AgentKit action providers as portable local-agent tools with schemas and framework adapters.",
83
+ useWhen: "Use when a builder wants to expose wallet-aware actions to LangChain, MCP, or custom local agents with consistent schemas.",
84
+ chains: ["Base", "Ethereum"],
85
+ protocols: ["Coinbase AgentKit"],
86
+ risk: "medium",
87
+ executionMode: "read-only",
88
+ permissions: ["network", "market-data"],
89
+ installTargets: ["codex", "cursor", "generic-mcp"],
90
+ source: "https://docs.cdp.coinbase.com/agent-kit/core-concepts/architecture-explained",
91
+ tokenUtility: "AXIS unlocks premium action templates and publisher verification.",
92
+ auditNotes: ["Schema-only by default", "No wallet writes in template mode", "Adapters are generated locally"],
93
+ operations: ["export action schema", "map tool adapter", "generate MCP wrapper", "document permissions"],
94
+ tests: ["generate schema", "validate adapter metadata"],
95
+ policy: { ...readOnlyDefaults, allowedChains: ["Base", "Ethereum"], humanReadableRule: "Action provider templates are read-only until a wallet policy is explicitly attached." }
96
+ },
97
+ {
98
+ id: "agentic-wallet-mcp-setup",
99
+ title: "Agentic Wallet MCP Setup",
100
+ category: "Connector",
101
+ summary: "Install and pair Agentic Wallet MCP so local agents can use wallet, onramp, and x402 tools under Axis policy.",
102
+ useWhen: "Use when a user wants a guided local setup flow for wallet-enabled agents without manually editing every client config.",
103
+ chains: ["Base"],
104
+ protocols: ["Agentic Wallet MCP"],
105
+ risk: "medium",
106
+ executionMode: "approval-required",
107
+ permissions: ["network", "wallet-read", "api-key"],
108
+ installTargets: ["codex", "claude", "openclaw", "generic-mcp"],
109
+ source: "https://docs.cdp.coinbase.com/agentic-wallet/mcp/welcome",
110
+ tokenUtility: "AXIS unlocks multi-client config export and team policy templates.",
111
+ auditNotes: ["Writes local config only", "Secrets are referenced by env name", "No private key export"],
112
+ operations: ["install MCP", "pair wallet", "configure spend limits", "export client config"],
113
+ tests: ["refuse plaintext secrets", "generate local config preview"],
114
+ policy: { ...approvalDefaults, walletWrite: false, allowedChains: ["Base"], maxSpendUsd: null, secrets: ["CDP_API_KEY_NAME", "CDP_API_KEY_PRIVATE_KEY"], humanReadableRule: "Connector setup may reference secrets by environment name but never writes raw keys to disk." }
115
+ },
116
+ {
117
+ id: "bankr-launch-feed",
118
+ title: "Bankr Launch Feed",
119
+ category: "Base",
120
+ summary: "Monitor Bankr token launches on Base, score deployers, filter scam signals, and prepare guarded trade tickets.",
121
+ useWhen: "Use when a user wants an agent to watch new Bankr launches and surface only candidates that pass risk filters.",
122
+ chains: ["Base"],
123
+ protocols: ["Bankr"],
124
+ risk: "high",
125
+ executionMode: "approval-required",
126
+ permissions: ["network", "market-data", "wallet-read", "transaction-preview"],
127
+ installTargets: ["codex", "claude", "openclaw"],
128
+ source: "https://docs.base.org/ai-agents/plugins/native/bankr",
129
+ tokenUtility: "AXIS unlocks launch alerts, verified deployer labels, and advanced filters.",
130
+ auditNotes: ["Read-first workflow", "Trade ticket only after filters", "No automatic buy"],
131
+ operations: ["fetch launches", "score deployer", "filter recency", "prepare buy ticket", "send alert"],
132
+ tests: ["flag unknown deployer", "block auto-buy path"],
133
+ policy: { ...approvalDefaults, walletWrite: false, allowedChains: ["Base"], maxSpendUsd: 50, humanReadableRule: "Bankr launch monitoring is read-first and cannot buy without an explicit user approval ticket." }
134
+ },
135
+ {
136
+ id: "bankr-automation-trader",
137
+ title: "Bankr Automation Trader",
138
+ category: "Base Trading",
139
+ summary: "Prepare Bankr DCA, TWAP, limit, and stop workflows on Base with spend caps, time windows, and reviewable execution plans.",
140
+ useWhen: "Use when a user wants an agent to automate a Bankr strategy while retaining approval, budget, and stop conditions.",
141
+ chains: ["Base"],
142
+ protocols: ["Bankr"],
143
+ risk: "critical",
144
+ executionMode: "approval-required",
145
+ permissions: ["network", "market-data", "wallet-read", "wallet-signature", "transaction-preview", "trading"],
146
+ installTargets: ["codex", "claude", "openclaw"],
147
+ source: "https://docs.bankr.bot/getting-started/supported-chains/",
148
+ tokenUtility: "AXIS staking is required for publisher verification on live trading skills.",
149
+ auditNotes: ["Max spend mandatory", "No silent recurring orders", "Strategy can be paused locally"],
150
+ operations: ["create DCA plan", "create TWAP plan", "prepare limit order", "prepare stop order", "pause schedule"],
151
+ tests: ["reject missing spend cap", "require approval before schedule activation"],
152
+ policy: { ...approvalDefaults, allowedChains: ["Base"], maxSpendUsd: 250, humanReadableRule: "Bankr automation can schedule trades only after the user approves amount, time window, and stop rules." }
153
+ },
154
+ {
155
+ id: "aerodrome-swap-lp",
156
+ title: "Aerodrome Swap and LP",
157
+ category: "Base DeFi",
158
+ summary: "Plan Aerodrome swaps, LP deposits, withdrawals, gauge stakes, and emissions claims with position and impermanent-loss checks.",
159
+ useWhen: "Use when a user wants an agent to manage Aerodrome liquidity on Base while seeing risk and reward assumptions first.",
160
+ chains: ["Base"],
161
+ protocols: ["Aerodrome"],
162
+ risk: "high",
163
+ executionMode: "approval-required",
164
+ permissions: ["network", "wallet-read", "wallet-signature", "transaction-preview", "contract-call"],
165
+ installTargets: ["codex", "claude", "openclaw"],
166
+ source: "https://docs.base.org/ai-agents/plugins/native/aerodrome",
167
+ tokenUtility: "AXIS unlocks LP simulation and pool risk labels.",
168
+ auditNotes: ["Pool address verification", "LP risk summary", "Claims require confirmation"],
169
+ operations: ["swap", "deposit liquidity", "withdraw liquidity", "stake gauge", "claim rewards"],
170
+ tests: ["block unknown pool", "show LP exposure summary"],
171
+ policy: { ...approvalDefaults, allowedChains: ["Base"], maxSpendUsd: 500, humanReadableRule: "Aerodrome LP operations require pool verification and an exposure summary before signing." }
172
+ },
173
+ {
174
+ id: "avantis-perps-trader",
175
+ title: "Avantis Perps Trader",
176
+ category: "Perp DEX",
177
+ summary: "Prepare Avantis perpetual trades on Base with leverage caps, liquidation distance, TP/SL, and human approval gates.",
178
+ useWhen: "Use when a user wants a local agent to create or manage Avantis perps while preventing uncontrolled leverage.",
179
+ chains: ["Base"],
180
+ protocols: ["Avantis"],
181
+ risk: "critical",
182
+ executionMode: "approval-required",
183
+ permissions: ["network", "market-data", "wallet-read", "wallet-signature", "transaction-preview", "trading"],
184
+ installTargets: ["codex", "claude", "openclaw"],
185
+ source: "https://docs.base.org/ai-agents/plugins/native/avantis",
186
+ tokenUtility: "AXIS unlocks advanced perps risk simulations and verified strategy templates.",
187
+ auditNotes: ["Leverage cap required", "TP/SL recommended", "Liquidation price shown"],
188
+ operations: ["open trade", "close trade", "set limit order", "set TP/SL", "update margin"],
189
+ tests: ["reject leverage above cap", "show liquidation distance"],
190
+ policy: { ...approvalDefaults, allowedChains: ["Base"], maxSpendUsd: 200, humanReadableRule: "Avantis perps actions require leverage, margin, liquidation price, and approval before execution." }
191
+ },
192
+ {
193
+ id: "moonwell-lending-ops",
194
+ title: "Moonwell Lending Ops",
195
+ category: "Base Lending",
196
+ summary: "Monitor and prepare Moonwell supply, borrow, repay, withdraw, and health checks with collateral risk warnings.",
197
+ useWhen: "Use when a user wants a local agent to manage Base lending positions without risking silent liquidation changes.",
198
+ chains: ["Base"],
199
+ protocols: ["Moonwell"],
200
+ risk: "high",
201
+ executionMode: "approval-required",
202
+ permissions: ["network", "wallet-read", "wallet-signature", "transaction-preview", "contract-call"],
203
+ installTargets: ["codex", "claude", "openclaw"],
204
+ source: "https://docs.base.org/ai-agents/plugins/native/moonwell",
205
+ tokenUtility: "AXIS unlocks liquidation alerts and multi-position reports.",
206
+ auditNotes: ["Health factor shown", "Borrow actions require approval", "Collateral changes are highlighted"],
207
+ operations: ["supply", "withdraw", "borrow", "repay", "health check"],
208
+ tests: ["warn if borrow worsens health", "block withdrawal below threshold"],
209
+ policy: { ...approvalDefaults, allowedChains: ["Base"], maxSpendUsd: 400, humanReadableRule: "Moonwell actions must show health impact before user approval." }
210
+ },
211
+ {
212
+ id: "morpho-vault-router",
213
+ title: "Morpho Vault Router",
214
+ category: "Base Lending",
215
+ summary: "Compare Morpho vault APYs, liquidity, risk labels, deposits, withdrawals, borrows, and repayments under policy.",
216
+ useWhen: "Use when a user wants an agent to discover Base lending opportunities while avoiding opaque vault risk.",
217
+ chains: ["Base", "Ethereum"],
218
+ protocols: ["Morpho"],
219
+ risk: "high",
220
+ executionMode: "approval-required",
221
+ permissions: ["network", "market-data", "wallet-read", "wallet-signature", "transaction-preview"],
222
+ installTargets: ["codex", "claude", "openclaw"],
223
+ source: "https://docs.base.org/ai-agents/plugins/native/morpho",
224
+ tokenUtility: "AXIS unlocks vault scoring and strategy backtests.",
225
+ auditNotes: ["Vault address verification", "Liquidity warning", "APY source displayed"],
226
+ operations: ["query vaults", "compare APY", "deposit", "withdraw", "repay"],
227
+ tests: ["flag low liquidity vault", "require approval for deposit"],
228
+ policy: { ...approvalDefaults, allowedChains: ["Base", "Ethereum"], maxSpendUsd: 500, humanReadableRule: "Morpho vault actions require vault verification, liquidity check, and explicit approval." }
229
+ },
230
+ {
231
+ id: "uniswap-base-liquidity",
232
+ title: "Uniswap Base Liquidity",
233
+ category: "Base DeFi",
234
+ summary: "Plan Uniswap Base swaps and V2/V3/V4 liquidity positions with route, slippage, fee tier, and allowance previews.",
235
+ useWhen: "Use when a user asks an agent to plan swaps or LP actions on Base while reviewing every transaction.",
236
+ chains: ["Base"],
237
+ protocols: ["Uniswap"],
238
+ risk: "high",
239
+ executionMode: "approval-required",
240
+ permissions: ["network", "market-data", "wallet-read", "wallet-signature", "transaction-preview"],
241
+ installTargets: ["codex", "claude", "openclaw"],
242
+ source: "https://docs.base.org/ai-agents/plugins/native/uniswap",
243
+ tokenUtility: "AXIS unlocks route comparison and verified token labels.",
244
+ auditNotes: ["Slippage cap required", "Allowance warnings", "Fee tier displayed"],
245
+ operations: ["quote swap", "create LP", "increase LP", "decrease LP", "collect fees"],
246
+ tests: ["reject high slippage", "show allowance delta"],
247
+ policy: { ...approvalDefaults, allowedChains: ["Base"], maxSpendUsd: 500, humanReadableRule: "Uniswap Base actions require route, slippage, and allowance preview before signing." }
248
+ },
249
+ {
250
+ id: "virtuals-agent-commerce",
251
+ title: "Virtuals Agent Commerce",
252
+ category: "Agent Commerce",
253
+ summary: "Create and operate Virtuals ACP agents with identity, email, card, JWT session auth, and Base SIWE login under policy.",
254
+ useWhen: "Use when a user wants an agent to manage another commercial agent identity without leaking credentials.",
255
+ chains: ["Base"],
256
+ protocols: ["Virtuals ACP"],
257
+ risk: "high",
258
+ executionMode: "approval-required",
259
+ permissions: ["network", "api-key", "wallet-read", "wallet-signature", "secrets-read"],
260
+ installTargets: ["codex", "claude", "openclaw"],
261
+ source: "https://docs.base.org/ai-agents/plugins/native/virtuals",
262
+ tokenUtility: "AXIS unlocks verified commerce-agent templates.",
263
+ auditNotes: ["JWT stored by env reference", "SIWE requires approval", "Email actions logged locally"],
264
+ operations: ["create agent", "issue card", "open inbox", "compose reply", "refresh session"],
265
+ tests: ["refuse plaintext JWT", "require SIWE approval"],
266
+ policy: { ...approvalDefaults, walletWrite: false, allowedChains: ["Base"], maxSpendUsd: null, secrets: ["VIRTUALS_API_KEY", "VIRTUALS_JWT"], humanReadableRule: "Virtuals commerce actions can reference secrets but must not write raw credentials to skill files." }
267
+ },
268
+ {
269
+ id: "hyperliquid-market-stream",
270
+ title: "Hyperliquid Market Stream",
271
+ category: "Perp DEX",
272
+ summary: "Subscribe to Hyperliquid order books, trades, funding, and user fills for read-only perps monitoring.",
273
+ useWhen: "Use when a user wants an agent to watch perps markets and alert on risk without placing orders.",
274
+ chains: ["Hyperliquid"],
275
+ protocols: ["Hyperliquid"],
276
+ risk: "medium",
277
+ executionMode: "read-only",
278
+ permissions: ["network", "market-data", "notifications"],
279
+ installTargets: ["codex", "claude", "openclaw"],
280
+ source: "https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api/websocket",
281
+ tokenUtility: "AXIS unlocks multi-market alert templates.",
282
+ auditNotes: ["Read-only websocket", "No API wallet required", "Alerts only"],
283
+ operations: ["stream order book", "stream trades", "watch funding", "alert fills"],
284
+ tests: ["connect websocket mock", "emit alert without order path"],
285
+ policy: { ...readOnlyDefaults, allowedChains: ["Hyperliquid"], humanReadableRule: "Hyperliquid market stream is read-only and cannot place or cancel orders." }
286
+ },
287
+ {
288
+ id: "hyperliquid-order-executor",
289
+ title: "Hyperliquid Order Executor",
290
+ category: "Perp DEX",
291
+ summary: "Prepare Hyperliquid orders with API-wallet isolation, nonce checks, leverage caps, and user confirmation.",
292
+ useWhen: "Use when a user wants to place Hyperliquid orders through an agent but needs strict approval and isolated API wallet policy.",
293
+ chains: ["Hyperliquid"],
294
+ protocols: ["Hyperliquid"],
295
+ risk: "critical",
296
+ executionMode: "approval-required",
297
+ permissions: ["network", "api-key", "market-data", "trading", "secrets-read"],
298
+ installTargets: ["codex", "claude", "openclaw"],
299
+ source: "https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/api",
300
+ tokenUtility: "AXIS staking is required for publishing executable perp skills.",
301
+ auditNotes: ["API wallet isolation", "Nonce check", "Position and leverage preview"],
302
+ operations: ["prepare order", "cancel order", "check positions", "enforce risk limit"],
303
+ tests: ["reject missing API wallet", "require approval for order"],
304
+ policy: { ...approvalDefaults, walletWrite: false, allowedChains: ["Hyperliquid"], maxSpendUsd: 200, secrets: ["HYPERLIQUID_API_WALLET"], humanReadableRule: "Hyperliquid orders require API-wallet isolation, risk preview, and explicit approval." }
305
+ },
306
+ {
307
+ id: "gmx-v2-perps-agent",
308
+ title: "GMX V2 Perps Agent",
309
+ category: "Perp DEX",
310
+ summary: "Read GMX V2 markets, positions, and orders while preparing guarded Arbitrum perps workflows.",
311
+ useWhen: "Use when a user wants a local agent to manage GMX perps with conservative risk controls.",
312
+ chains: ["Arbitrum"],
313
+ protocols: ["GMX"],
314
+ risk: "critical",
315
+ executionMode: "approval-required",
316
+ permissions: ["network", "market-data", "wallet-read", "wallet-signature", "transaction-preview", "trading"],
317
+ installTargets: ["codex", "claude", "openclaw"],
318
+ source: "https://docs.gmx.io/docs/api/overview/",
319
+ tokenUtility: "AXIS unlocks GMX risk templates and subaccount policy presets.",
320
+ auditNotes: ["Order workflow preview", "Subaccount policy supported", "Position impact shown"],
321
+ operations: ["read markets", "read positions", "prepare order", "cancel order", "monitor funding"],
322
+ tests: ["show position impact", "require order approval"],
323
+ policy: { ...approvalDefaults, allowedChains: ["Arbitrum"], maxSpendUsd: 250, humanReadableRule: "GMX perps orders require position impact, leverage, and approval before signing." }
324
+ },
325
+ {
326
+ id: "dydx-v4-trading-agent",
327
+ title: "dYdX v4 Trading Agent",
328
+ category: "Perp DEX",
329
+ summary: "Prepare dYdX Chain trading and analytics workflows with order, position, and websocket monitoring.",
330
+ useWhen: "Use when a user wants a Cosmos-based perps agent with explicit order approval and position monitoring.",
331
+ chains: ["dYdX Chain"],
332
+ protocols: ["dYdX"],
333
+ risk: "critical",
334
+ executionMode: "approval-required",
335
+ permissions: ["network", "api-key", "market-data", "trading", "secrets-read"],
336
+ installTargets: ["codex", "claude", "openclaw"],
337
+ source: "https://docs.dydx.xyz",
338
+ tokenUtility: "AXIS unlocks strategy backtest reports and verified bot templates.",
339
+ auditNotes: ["API key scoped", "Order preview required", "Position alerts enabled"],
340
+ operations: ["read markets", "place order", "cancel order", "monitor positions"],
341
+ tests: ["reject unscoped key", "require approval for order"],
342
+ policy: { ...approvalDefaults, walletWrite: false, allowedChains: ["dYdX Chain"], maxSpendUsd: 200, secrets: ["DYDX_API_KEY"], humanReadableRule: "dYdX orders require a scoped key, visible order ticket, and user approval." }
343
+ },
344
+ {
345
+ id: "drift-perps-trader",
346
+ title: "Drift Perps Trader",
347
+ category: "Perp DEX",
348
+ summary: "Use Drift data and SDK patterns for Solana perps order planning, DLOB monitoring, and position risk alerts.",
349
+ useWhen: "Use when a user wants a Solana perps agent that can prepare orders but must never trade without approval.",
350
+ chains: ["Solana"],
351
+ protocols: ["Drift"],
352
+ risk: "critical",
353
+ executionMode: "approval-required",
354
+ permissions: ["network", "api-key", "market-data", "wallet-read", "wallet-signature", "trading"],
355
+ installTargets: ["codex", "claude", "openclaw"],
356
+ source: "https://docs.drift.trade/developers",
357
+ tokenUtility: "AXIS unlocks Solana risk templates and strategy review queues.",
358
+ auditNotes: ["DLOB monitoring", "Wallet signing requires approval", "Position risk shown"],
359
+ operations: ["place order", "cancel order", "monitor DLOB", "watch positions"],
360
+ tests: ["reject unsigned auto-trade", "show margin risk"],
361
+ policy: { ...approvalDefaults, allowedChains: ["Solana"], maxSpendUsd: 200, humanReadableRule: "Drift trading requires margin preview and explicit approval before wallet signing." }
362
+ },
363
+ {
364
+ id: "jupiter-perps-reader",
365
+ title: "Jupiter Perps Reader",
366
+ category: "Perp DEX",
367
+ summary: "Read Jupiter Perps and JLP data for pool exposure, market structure, and position research without trading.",
368
+ useWhen: "Use when a user wants Solana perps research or JLP monitoring before enabling executable actions.",
369
+ chains: ["Solana"],
370
+ protocols: ["Jupiter Perps"],
371
+ risk: "high",
372
+ executionMode: "read-only",
373
+ permissions: ["network", "market-data", "wallet-read"],
374
+ installTargets: ["codex", "claude", "openclaw"],
375
+ source: "https://developers.jup.ag/docs/perps",
376
+ tokenUtility: "AXIS unlocks JLP reports and cross-market dashboards.",
377
+ auditNotes: ["Read-only perps data", "No wallet writes", "Execution skill separated"],
378
+ operations: ["read pool data", "monitor JLP", "track markets", "export report"],
379
+ tests: ["no transaction path", "generate market report"],
380
+ policy: { ...readOnlyDefaults, allowedChains: ["Solana"], humanReadableRule: "Jupiter Perps reader is research-only and cannot place orders." }
381
+ },
382
+ {
383
+ id: "aevo-derivatives-mcp",
384
+ title: "Aevo Derivatives MCP",
385
+ category: "Perp DEX",
386
+ summary: "Expose Aevo derivatives, options, and structured-product data through an MCP-style local skill with guarded order planning.",
387
+ useWhen: "Use when a user wants an agent to research Aevo derivatives or prepare orders after policy review.",
388
+ chains: ["Aevo L2"],
389
+ protocols: ["Aevo"],
390
+ risk: "critical",
391
+ executionMode: "approval-required",
392
+ permissions: ["network", "api-key", "market-data", "trading", "secrets-read"],
393
+ installTargets: ["codex", "claude", "openclaw", "generic-mcp"],
394
+ source: "https://docs.aevo.xyz/",
395
+ tokenUtility: "AXIS unlocks derivatives strategy templates and audits.",
396
+ auditNotes: ["API key scoped", "Options risk disclosed", "Order ticket required"],
397
+ operations: ["read markets", "read options", "prepare order", "monitor positions"],
398
+ tests: ["show options risk", "require order approval"],
399
+ policy: { ...approvalDefaults, walletWrite: false, allowedChains: ["Aevo L2"], maxSpendUsd: 200, secrets: ["AEVO_API_KEY"], humanReadableRule: "Aevo derivatives orders require a scoped key, visible risk ticket, and approval." }
400
+ },
401
+ {
402
+ id: "wallet-allowance-revoker",
403
+ title: "Wallet Allowance Revoker",
404
+ category: "Wallet Security",
405
+ summary: "Find risky token approvals and prepare revocation transactions with spender labels and contract verification checks.",
406
+ useWhen: "Use when a user wants an agent to reduce wallet approval risk across EVM chains.",
407
+ chains: ["Ethereum", "Base", "Arbitrum", "Optimism", "Polygon"],
408
+ protocols: ["ERC20", "Blockscout", "Etherscan"],
409
+ risk: "high",
410
+ executionMode: "approval-required",
411
+ permissions: ["network", "wallet-read", "wallet-signature", "transaction-preview"],
412
+ installTargets: ["codex", "claude", "openclaw"],
413
+ source: "https://docs.uniswap.org/",
414
+ tokenUtility: "AXIS unlocks batch simulation and verified spender labels.",
415
+ auditNotes: ["Approval required per revocation", "Unlimited approvals flagged", "Contract labels shown"],
416
+ operations: ["scan allowances", "label spender", "prepare revoke", "batch report"],
417
+ tests: ["detect unlimited allowance", "require revoke approval"],
418
+ policy: { ...approvalDefaults, allowedChains: ["Ethereum", "Base", "Arbitrum", "Optimism", "Polygon"], maxSpendUsd: 20, humanReadableRule: "Allowance revocations require spender labels and explicit approval before signing." }
419
+ },
420
+ {
421
+ id: "token-risk-screener",
422
+ title: "Token Risk Screener",
423
+ category: "Security",
424
+ summary: "Score tokens for honeypot patterns, liquidity, ownership, tax behavior, contract verification, and social risk.",
425
+ useWhen: "Use before an agent proposes a trade, launch participation, or LP position involving an unknown token.",
426
+ chains: ["Ethereum", "Base", "Arbitrum", "Solana"],
427
+ protocols: ["DEX Screener", "Blockscout", "Etherscan"],
428
+ risk: "medium",
429
+ executionMode: "read-only",
430
+ permissions: ["network", "market-data"],
431
+ installTargets: ["codex", "claude", "openclaw"],
432
+ source: "https://docs.uniswap.org/",
433
+ tokenUtility: "AXIS unlocks deeper token simulations and label feeds.",
434
+ auditNotes: ["Read-only analysis", "Source links required", "No buy recommendation without disclaimer"],
435
+ operations: ["score token", "check liquidity", "verify contract", "detect honeypot signals"],
436
+ tests: ["score unknown token", "return source links"],
437
+ policy: { ...readOnlyDefaults, allowedChains: ["Ethereum", "Base", "Arbitrum", "Solana"], humanReadableRule: "Token risk screening is read-only and must show evidence links." }
438
+ },
439
+ {
440
+ id: "mev-slippage-simulator",
441
+ title: "MEV Slippage Simulator",
442
+ category: "Trading Safety",
443
+ summary: "Estimate slippage, route fragility, sandwich exposure, and fail conditions before an agent submits a swap.",
444
+ useWhen: "Use when an agent prepares swaps or LP changes and the user wants risk estimates before approval.",
445
+ chains: ["Ethereum", "Base", "Arbitrum", "Optimism", "Polygon"],
446
+ protocols: ["Uniswap", "1inch"],
447
+ risk: "medium",
448
+ executionMode: "read-only",
449
+ permissions: ["network", "market-data", "transaction-preview"],
450
+ installTargets: ["codex", "claude", "openclaw"],
451
+ source: "https://business.1inch.com/portal/documentation/apis/swap/swap",
452
+ tokenUtility: "AXIS unlocks higher-frequency route simulation.",
453
+ auditNotes: ["Read-only route simulation", "Shows failure assumptions", "No signing path"],
454
+ operations: ["simulate slippage", "compare routes", "estimate price impact", "flag MEV risk"],
455
+ tests: ["reject route without quote", "surface price impact"],
456
+ policy: { ...readOnlyDefaults, allowedChains: ["Ethereum", "Base", "Arbitrum", "Optimism", "Polygon"], humanReadableRule: "MEV simulation is read-only and must run before high-risk swap approvals." }
457
+ },
458
+ {
459
+ id: "agent-permission-firewall",
460
+ title: "Agent Permission Firewall",
461
+ category: "Security",
462
+ summary: "Define local policy gates for tool calls, wallet writes, network access, secrets, paid APIs, and filesystem actions.",
463
+ useWhen: "Use as the default guard layer before installing any third-party agent skill.",
464
+ chains: ["Local"],
465
+ protocols: ["Axis"],
466
+ risk: "low",
467
+ executionMode: "read-only",
468
+ permissions: ["filesystem-read"],
469
+ installTargets: ["codex", "claude", "openclaw", "cursor", "generic-mcp"],
470
+ source: "https://modelcontextprotocol.io/specification/2025-06-18/server/tools",
471
+ tokenUtility: "AXIS unlocks shared team policies and reviewer attestations.",
472
+ auditNotes: ["Local policy only", "No wallet access", "Used by scanner and install flow"],
473
+ operations: ["read policy", "score permission", "block tool call", "write audit log"],
474
+ tests: ["block missing approval", "score critical permission"],
475
+ policy: { ...readOnlyDefaults, networkAccess: false, allowedChains: ["Local"], humanReadableRule: "The firewall reads policies and blocks unsafe actions before execution." }
476
+ },
477
+ {
478
+ id: "api-key-vault-setup",
479
+ title: "API Key Vault Setup",
480
+ category: "Security",
481
+ summary: "Create env-based secret references and client config templates without storing raw API keys inside skill packages.",
482
+ useWhen: "Use when a user installs skills that need API keys but wants local-only secret handling.",
483
+ chains: ["Local"],
484
+ protocols: ["Axis"],
485
+ risk: "medium",
486
+ executionMode: "approval-required",
487
+ permissions: ["filesystem-read", "filesystem-write", "secrets-read"],
488
+ installTargets: ["codex", "claude", "openclaw", "cursor"],
489
+ source: "https://modelcontextprotocol.io/specification/2025-06-18/server/tools",
490
+ tokenUtility: "AXIS unlocks team key templates and rotation reminders.",
491
+ auditNotes: ["No raw key storage", "Env names only", "Config diff before write"],
492
+ operations: ["create env template", "write client config", "validate secret references", "generate rotation checklist"],
493
+ tests: ["reject raw API key", "write env.example only"],
494
+ policy: { ...approvalDefaults, networkAccess: false, walletWrite: false, allowedChains: ["Local"], maxSpendUsd: null, secrets: ["API_KEY_NAME"], humanReadableRule: "Vault setup writes only secret references and never raw API keys." }
495
+ },
496
+ {
497
+ id: "polymarket-market-researcher",
498
+ title: "Polymarket Market Researcher",
499
+ category: "Prediction Markets",
500
+ summary: "Analyze Polymarket events, liquidity, order books, news context, and probability drift without placing trades.",
501
+ useWhen: "Use when an agent needs prediction-market intelligence before a user decides whether to trade.",
502
+ chains: ["Polygon"],
503
+ protocols: ["Polymarket CLOB"],
504
+ risk: "medium",
505
+ executionMode: "read-only",
506
+ permissions: ["network", "market-data"],
507
+ installTargets: ["codex", "claude", "openclaw", "cursor"],
508
+ source: "https://docs.polymarket.com/developers/CLOB/trades/trades-data-api",
509
+ tokenUtility: "AXIS unlocks premium market monitoring and alert packs.",
510
+ auditNotes: ["Read-only CLOB data", "Source attribution required", "No wallet access"],
511
+ operations: ["search markets", "read order book", "track odds drift", "summarize evidence"],
512
+ tests: ["return cited market report", "confirm no order path"],
513
+ policy: { ...readOnlyDefaults, allowedChains: ["Polygon"], humanReadableRule: "Polymarket research reads public market data and cannot place orders." }
514
+ },
515
+ {
516
+ id: "polymarket-trade-executor",
517
+ title: "Polymarket Trade Executor",
518
+ category: "Prediction Markets",
519
+ summary: "Create guarded Polymarket order tickets with max size, slippage, market verification, and user confirmation gates.",
520
+ useWhen: "Use when a user explicitly asks an agent to prepare a Polymarket order under local policy controls.",
521
+ chains: ["Polygon"],
522
+ protocols: ["Polymarket CLOB"],
523
+ risk: "critical",
524
+ executionMode: "approval-required",
525
+ permissions: ["network", "api-key", "market-data", "wallet-signature", "trading", "secrets-read"],
526
+ installTargets: ["codex", "claude", "openclaw"],
527
+ source: "https://docs.polymarket.com/developers/CLOB/trades/trades-data-api",
528
+ tokenUtility: "AXIS publisher stake is required for executable prediction-market skills.",
529
+ auditNotes: ["Human approval mandatory", "Market ID verification", "Max order size enforced"],
530
+ operations: ["verify market", "prepare order", "estimate slippage", "submit after approval"],
531
+ tests: ["reject missing market ID", "require approval before submit"],
532
+ policy: { ...approvalDefaults, walletWrite: false, allowedChains: ["Polygon"], maxSpendUsd: 100, secrets: ["POLYMARKET_API_KEY"], humanReadableRule: "Polymarket orders require market verification, size cap, and explicit approval." }
533
+ },
534
+ {
535
+ id: "github-skill-auditor",
536
+ title: "GitHub Skill Auditor",
537
+ category: "Developer Ops",
538
+ summary: "Review skill repos for unsafe scripts, hidden instructions, broad permissions, network calls, and missing tests.",
539
+ useWhen: "Use when a publisher submits a new Axis skill or a user wants to inspect a GitHub skill before install.",
540
+ chains: ["Local"],
541
+ protocols: ["GitHub"],
542
+ risk: "medium",
543
+ executionMode: "read-only",
544
+ permissions: ["network", "filesystem-read"],
545
+ installTargets: ["codex", "claude", "cursor"],
546
+ source: "https://openagentskills.dev/docs/specification",
547
+ tokenUtility: "AXIS funds audit bounties and reviewer rewards.",
548
+ auditNotes: ["Read-only repo scan", "No secrets access", "Findings include file paths"],
549
+ operations: ["scan SKILL.md", "review scripts", "score permissions", "generate audit report"],
550
+ tests: ["detect hidden instruction", "flag missing policy"],
551
+ policy: { ...readOnlyDefaults, allowedChains: ["Local"], humanReadableRule: "Skill auditing reads repository files and produces findings without executing scripts." }
552
+ },
553
+ {
554
+ id: "portfolio-tax-exporter",
555
+ title: "Portfolio Tax Exporter",
556
+ category: "Wallet Ops",
557
+ summary: "Read wallet transactions and prepare CSV exports for portfolio accounting without making transactions.",
558
+ useWhen: "Use when a user wants an agent to assemble wallet activity, cost basis notes, and accountant-ready exports.",
559
+ chains: ["Ethereum", "Base", "Arbitrum", "Optimism", "Polygon", "Solana"],
560
+ protocols: ["RPC", "Block Explorers"],
561
+ risk: "medium",
562
+ executionMode: "read-only",
563
+ permissions: ["network", "wallet-read", "filesystem-write"],
564
+ installTargets: ["codex", "claude", "cursor"],
565
+ source: "https://docs.uniswap.org/",
566
+ tokenUtility: "AXIS unlocks multi-wallet exports and label enrichment.",
567
+ auditNotes: ["Read-only wallet data", "CSV generated locally", "No signing path"],
568
+ operations: ["read transactions", "label transfers", "export CSV", "summarize gaps"],
569
+ tests: ["generate CSV locally", "confirm no signing permission"],
570
+ policy: { ...readOnlyDefaults, allowedChains: ["Ethereum", "Base", "Arbitrum", "Optimism", "Polygon", "Solana"], humanReadableRule: "Portfolio export reads wallet history and writes local reports only." }
571
+ },
572
+ {
573
+ id: "defi-yield-risk-monitor",
574
+ title: "DeFi Yield Risk Monitor",
575
+ category: "DeFi Risk",
576
+ summary: "Monitor lending, LP, vault, and farming positions for APY changes, TVL drops, liquidation risk, and reward anomalies.",
577
+ useWhen: "Use when a user wants an agent to watch DeFi positions and alert before risk becomes urgent.",
578
+ chains: ["Ethereum", "Base", "Arbitrum", "Optimism", "Polygon"],
579
+ protocols: ["Aave", "Morpho", "Moonwell", "Aerodrome", "Uniswap"],
580
+ risk: "medium",
581
+ executionMode: "read-only",
582
+ permissions: ["network", "market-data", "wallet-read", "notifications"],
583
+ installTargets: ["codex", "claude", "openclaw"],
584
+ source: "https://docs.base.org/ai-agents/plugins/native/moonwell",
585
+ tokenUtility: "AXIS unlocks multi-chain monitoring and premium alert routes.",
586
+ auditNotes: ["Read-only monitoring", "Threshold alerts", "No position changes"],
587
+ operations: ["watch APY", "watch TVL", "check liquidation risk", "send alert"],
588
+ tests: ["emit threshold alert", "confirm no transaction path"],
589
+ policy: { ...readOnlyDefaults, allowedChains: ["Ethereum", "Base", "Arbitrum", "Optimism", "Polygon"], humanReadableRule: "Yield monitoring is read-only and only alerts on configured risk thresholds." }
590
+ }
591
+ ].map(assertSkillDefinition);
592
+ export function getSkillById(id) {
593
+ return skills.find((skill) => skill.id === id);
594
+ }
595
+ export function getSkillsByChain(chain) {
596
+ const normalized = chain.toLowerCase();
597
+ return skills.filter((skill) => skill.chains.some((item) => item.toLowerCase() === normalized));
598
+ }
599
+ export function getRegistryStats() {
600
+ return {
601
+ totalSkills: skills.length,
602
+ baseSkills: getSkillsByChain("Base").length,
603
+ criticalSkills: skills.filter((skill) => skill.risk === "critical").length,
604
+ approvalRequired: skills.filter((skill) => skill.executionMode === "approval-required").length,
605
+ readOnly: skills.filter((skill) => skill.executionMode === "read-only").length,
606
+ chains: Array.from(new Set(skills.flatMap((skill) => skill.chains))).sort()
607
+ };
608
+ }
609
+ export function validateRegistry() {
610
+ const ids = new Set();
611
+ const findings = [];
612
+ for (const skill of skills) {
613
+ if (ids.has(skill.id)) {
614
+ findings.push(`Duplicate skill id: ${skill.id}`);
615
+ }
616
+ ids.add(skill.id);
617
+ findings.push(...validateSafetyRules(skill).map((finding) => `${skill.id}: ${finding}`));
618
+ }
619
+ return {
620
+ ok: findings.length === 0,
621
+ findings,
622
+ stats: getRegistryStats()
623
+ };
624
+ }
625
+ export function toSkillMarkdown(skill) {
626
+ return `---
627
+ name: ${skill.id}
628
+ description: ${skill.summary}
629
+ license: Axis Research License
630
+ metadata:
631
+ version: "0.1.0"
632
+ author: Axis
633
+ category: ${skill.category}
634
+ risk: ${skill.risk}
635
+ execution_mode: ${skill.executionMode}
636
+ chains:
637
+ ${skill.chains.map((chain) => ` - ${chain}`).join("\n")}
638
+ protocols:
639
+ ${skill.protocols.map((protocol) => ` - ${protocol}`).join("\n")}
640
+ permissions:
641
+ ${skill.permissions.map((permission) => ` - ${permission}`).join("\n")}
642
+ ---
643
+
644
+ # ${skill.title}
645
+
646
+ ${skill.summary}
647
+
648
+ ## Use When
649
+
650
+ ${skill.useWhen}
651
+
652
+ ## Operations
653
+
654
+ ${skill.operations.map((operation) => `- ${operation}`).join("\n")}
655
+
656
+ ## Safety Gates
657
+
658
+ ${skill.auditNotes.map((note) => `- ${note}`).join("\n")}
659
+
660
+ ## Policy
661
+
662
+ - Default mode: ${skill.policy.defaultMode}
663
+ - Requires approval: ${skill.policy.requiresApproval ? "yes" : "no"}
664
+ - Wallet write: ${skill.policy.walletWrite ? "yes" : "no"}
665
+ - Max spend USD: ${skill.policy.maxSpendUsd ?? "not applicable"}
666
+ - Allowed chains: ${skill.policy.allowedChains.join(", ")}
667
+ - Rule: ${skill.policy.humanReadableRule}
668
+
669
+ ## Tests
670
+
671
+ ${skill.tests.map((test) => `- ${test}`).join("\n")}
672
+
673
+ ## Source
674
+
675
+ ${skill.source}
676
+ `;
677
+ }
678
+ export function toPolicyJson(skill) {
679
+ return JSON.stringify({
680
+ id: skill.id,
681
+ title: skill.title,
682
+ risk: skill.risk,
683
+ executionMode: skill.executionMode,
684
+ permissions: skill.permissions,
685
+ policy: skill.policy,
686
+ tests: skill.tests
687
+ }, null, 2);
688
+ }
689
+ export function summarizeSkill(skill) {
690
+ return {
691
+ id: skill.id,
692
+ title: skill.title,
693
+ category: skill.category,
694
+ summary: skill.summary,
695
+ useWhen: skill.useWhen,
696
+ chains: skill.chains,
697
+ protocols: skill.protocols,
698
+ risk: skill.risk,
699
+ executionMode: skill.executionMode,
700
+ permissions: skill.permissions,
701
+ tokenUtility: skill.tokenUtility,
702
+ auditNotes: skill.auditNotes,
703
+ operations: skill.operations,
704
+ installCommand: `npx @axisagent/cli install ${skill.id}`,
705
+ source: skill.source
706
+ };
707
+ }