ape-claw 0.1.0

package/src/lib/nft-opensea.mjs

@@ -0,0 +1,159 @@
+import { createWalletClient, defineChain, encodeFunctionData, http } from "viem";
+import { privateKeyToAccount } from "viem/accounts";
+import { SeaportABI } from "@opensea/seaport-js/lib/abi/Seaport.js";
+
+const OPENSEA_API_BASE = "https://api.opensea.io/api/v2";
+
+function toHexPrivateKey(pk) {
+  const raw = String(pk || "").trim();
+  if (!raw) return "";
+  return raw.startsWith("0x") ? raw : `0x${raw}`;
+}
+
+function functionNameFromSignature(sig) {
+  const raw = String(sig || "").split("(")[0];
+  if (raw === "fulfillBasicOrder_efficient_6GL6yc") return "fulfillBasicOrder";
+  return raw;
+}
+
+function buildParams(functionName, inputData = {}) {
+  if (functionName === "fulfillAdvancedOrder" && "advancedOrder" in inputData) {
+    return [
+      inputData.advancedOrder,
+      inputData.criteriaResolvers || [],
+      inputData.fulfillerConduitKey ||
+        "0x0000000000000000000000000000000000000000000000000000000000000000",
+      inputData.recipient,
+    ];
+  }
+  if (functionName === "fulfillBasicOrder" && "basicOrderParameters" in inputData) {
+    return [inputData.basicOrderParameters];
+  }
+  if (functionName === "fulfillOrder" && "order" in inputData) {
+    return [
+      inputData.order,
+      inputData.fulfillerConduitKey ||
+        "0x0000000000000000000000000000000000000000000000000000000000000000",
+      inputData.recipient,
+    ];
+  }
+  return Object.values(inputData);
+}
+
+async function fetchJson(url, init = {}) {
+  const res = await fetch(url, init);
+  if (!res.ok) {
+    const body = await res.text().catch(() => "");
+    throw new Error(`OpenSea HTTP ${res.status}${body ? `: ${body.slice(0, 220)}` : ""}`);
+  }
+  return res.json();
+}
+
+function openseaChainSlug(chainId) {
+  const id = Number(chainId);
+  if (id === 33139) return "ape_chain";
+  if (id === 1) return "ethereum";
+  if (id === 8453) return "base";
+  if (id === 42161) return "arbitrum";
+  throw new Error(`Unsupported OpenSea chainId for fulfillment: ${chainId}`);
+}
+
+export async function getListingFulfillmentData({
+  apiKey,
+  orderHash,
+  protocolAddress,
+  chainId,
+  fulfillerAddress,
+  privateKey,
+  assetContractAddress,
+  tokenId,
+  includeOptionalCreatorFees = false,
+}) {
+  if (!apiKey) throw new Error("Missing OPENSEA_API_KEY for live fulfillment.");
+  if (!orderHash) throw new Error("Missing order hash for fulfillment.");
+  const resolvedFulfiller =
+    fulfillerAddress || (privateKey ? privateKeyToAccount(toHexPrivateKey(privateKey)).address : "");
+  if (!resolvedFulfiller) throw new Error("Missing fulfiller address for fulfillment.");
+
+  const payload = {
+    listing: {
+      hash: orderHash,
+      chain: openseaChainSlug(chainId),
+      protocol_address: protocolAddress,
+    },
+    fulfiller: {
+      address: resolvedFulfiller,
+    },
+    units_to_fill: "1",
+    include_optional_creator_fees: includeOptionalCreatorFees,
+  };
+
+  if (assetContractAddress && tokenId) {
+    payload.consideration = {
+      asset_contract_address: assetContractAddress,
+      token_id: String(tokenId),
+    };
+  }
+
+  const data = await fetchJson(`${OPENSEA_API_BASE}/listings/fulfillment_data`, {
+    method: "POST",
+    headers: {
+      "x-api-key": apiKey,
+      accept: "application/json",
+      "content-type": "application/json",
+      "user-agent": "ape-claw/0.1.0",
+    },
+    body: JSON.stringify(payload),
+  });
+  return data;
+}
+
+export async function executeListingFulfillmentTx({
+  fulfillmentData,
+  privateKey,
+  rpcUrl,
+}) {
+  const hexPk = toHexPrivateKey(privateKey);
+  if (!hexPk) throw new Error("Missing APE_CLAW_PRIVATE_KEY for live nft execute.");
+  const tx = fulfillmentData?.fulfillment_data?.transaction;
+  if (!tx) throw new Error("OpenSea fulfillment data missing transaction object.");
+  const fn = functionNameFromSignature(tx.function);
+  const params = buildParams(fn, tx.input_data || {});
+  const calldata = encodeFunctionData({
+    abi: SeaportABI,
+    functionName: fn,
+    args: params,
+  });
+
+  const chainId = Number(tx.chain);
+  const nativeCurrency = chainId === 33139
+    ? { name: "ApeCoin", symbol: "APE", decimals: 18 }
+    : { name: "Ether", symbol: "ETH", decimals: 18 };
+  const chain = defineChain({
+    id: chainId,
+    name: `chain-${chainId}`,
+    nativeCurrency,
+    rpcUrls: { default: { http: [rpcUrl] } },
+  });
+  const account = privateKeyToAccount(hexPk);
+  const client = createWalletClient({
+    account,
+    chain,
+    transport: http(rpcUrl),
+  });
+
+  const hash = await client.sendTransaction({
+    to: tx.to,
+    data: calldata,
+    value: BigInt(tx.value || "0"),
+    chain,
+  });
+
+  return {
+    txHash: hash,
+    chainId,
+    to: tx.to,
+    functionName: fn,
+  };
+}
+

package/src/lib/paths.mjs

@@ -0,0 +1,17 @@
+import path from "node:path";
+
+const ROOT_OVERRIDE = String(process.env.APE_CLAW_ROOT || "").trim();
+const STATE_DIR_OVERRIDE = String(process.env.APE_CLAW_STATE_DIR || "").trim();
+
+export const ROOT = ROOT_OVERRIDE ? path.resolve(ROOT_OVERRIDE) : process.cwd();
+export const STATE_DIR = STATE_DIR_OVERRIDE ? path.resolve(STATE_DIR_OVERRIDE) : path.join(ROOT, "state");
+export const POLICY_PATH = path.join(ROOT, "config", "policy.json");
+export const ALLOWLIST_PATH = path.join(ROOT, "allowlists", "recommended.apechain.json");
+export const OPENSEA_OVERRIDES_PATH = path.join(ROOT, "allowlists", "opensea-slug-overrides.json");
+export const EVENTS_PATH = path.join(STATE_DIR, "events.jsonl");
+export const QUOTES_PATH = path.join(STATE_DIR, "quotes.json");
+export const BRIDGE_REQUESTS_PATH = path.join(STATE_DIR, "bridge-requests.json");
+export const CLAWBOTS_PATH = path.join(ROOT, "config", "clawbots.json");
+export const CHAT_PATH = path.join(STATE_DIR, "chat.jsonl");
+export const INVITES_PATH = path.join(STATE_DIR, "invites.json");
+

package/src/lib/pod-init.mjs

@@ -0,0 +1,40 @@
+import fs from "node:fs";
+import path from "node:path";
+
+function ensureDir(p) {
+  fs.mkdirSync(p, { recursive: true });
+}
+
+function copyDir(srcDir, dstDir) {
+  ensureDir(dstDir);
+  const entries = fs.readdirSync(srcDir, { withFileTypes: true });
+  for (const e of entries) {
+    const src = path.join(srcDir, e.name);
+    const dst = path.join(dstDir, e.name);
+    if (e.isDirectory()) copyDir(src, dst);
+    else fs.copyFileSync(src, dst);
+  }
+}
+
+export function initPodWorkspace({ targetDir, templatesDir }) {
+  if (!targetDir) throw new Error("targetDir required");
+  if (!templatesDir) throw new Error("templatesDir required");
+  const absTarget = path.resolve(targetDir);
+  const absTemplates = path.resolve(templatesDir);
+  if (!fs.existsSync(absTemplates)) throw new Error(`missing templates: ${absTemplates}`);
+  ensureDir(absTarget);
+  copyDir(absTemplates, absTarget);
+  // Ensure the revenue-sharing agreement exists even if templates are old/partial.
+  const rev = path.join(absTarget, "REVENUE_SHARING.md");
+  if (!fs.existsSync(rev)) {
+    fs.writeFileSync(rev, [
+      "# REVENUE_SHARING.md (THE POD)",
+      "",
+      "When an agent installs/uses onchain skills in this Pod, it agrees to route skill-related revenue",
+      "to the Pod's shared receiver (e.g. PodVault) and share among Pod members.",
+      "",
+    ].join("\n"));
+  }
+  return { ok: true, targetDir: absTarget };
+}
+

package/src/lib/policy.mjs

@@ -0,0 +1,112 @@
+import { readJson } from "./io.mjs";
+import { POLICY_PATH, ALLOWLIST_PATH } from "./paths.mjs";
+
+function normalizeKey(value) {
+  return String(value || "")
+    .toLowerCase()
+    .trim()
+    .replace(/[^a-z0-9]/g, "");
+}
+
+export function loadPolicy() {
+  const policy = readJson(POLICY_PATH, null);
+  if (!policy) {
+    throw new Error("Missing config/policy.json. Copy config/policy.example.json first.");
+  }
+  return policy;
+}
+
+export function loadAllowlist() {
+  const list = readJson(ALLOWLIST_PATH, []);
+  return normalizeAllowlist(Array.isArray(list) ? list : []);
+}
+
+export function normalizeAllowlist(allowlist) {
+  const dedup = new Map();
+  for (const item of allowlist) {
+    // Dedup by slug or name only — rank is never used as an identity key
+    const slug = String(item.slug || "").toLowerCase();
+    const name = String(item.name || "").toLowerCase();
+    const key = slug || name;
+    if (!key) continue; // skip entries with no slug or name
+    const existing = dedup.get(key);
+    if (!existing) {
+      dedup.set(key, item);
+      continue;
+    }
+    const candidateHasCA = Boolean(item.contractAddress);
+    const existingHasCA = Boolean(existing.contractAddress);
+    if (candidateHasCA && !existingHasCA) dedup.set(key, item);
+  }
+  return [...dedup.values()];
+}
+
+export function resolveCollectionTarget(collection, allowlist) {
+  const input = String(collection || "").trim();
+  if (!input) return { matches: [], exact: null };
+  const needleLower = input.toLowerCase();
+  const needleNorm = normalizeKey(input);
+  const matches = allowlist.filter((c) => {
+    const name = String(c.name || "");
+    const slug = String(c.slug || "");
+    const ca = String(c.contractAddress || "");
+    return (
+      needleLower === name.toLowerCase() ||
+      needleLower === slug.toLowerCase() ||
+      (ca && needleLower === ca.toLowerCase()) ||
+      needleNorm === normalizeKey(name) ||
+      needleNorm === normalizeKey(slug)
+    );
+  });
+  return { matches, exact: matches.length === 1 ? matches[0] : null };
+}
+
+export function enforceBuyPolicy({
+  policy,
+  collection,
+  maxPrice,
+  currency,
+  allowUnsafe = false,
+  allowlist = [],
+}) {
+  const errors = [];
+  const warnings = [];
+  const allowedCurrencies = new Set(policy.nftBuy.currencyAllowlist || []);
+  const target = resolveCollectionTarget(collection, allowlist);
+  if (!allowedCurrencies.has(currency)) {
+    errors.push(`Currency ${currency} is not allowed.`);
+  }
+  if (Number(maxPrice) > Number(policy.nftBuy.maxPricePerTx)) {
+    errors.push(`maxPrice exceeds policy maxPricePerTx (${policy.nftBuy.maxPricePerTx}).`);
+  }
+  if (
+    policy.market.collectionAllowlistMode === "recommended-only" &&
+    !allowUnsafe &&
+    target.matches.length === 0
+  ) {
+    errors.push(`Collection ${collection} is not in recommended allowlist.`);
+  }
+  if (target.matches.length > 1 && !allowUnsafe) {
+    errors.push(
+      `Collection ${collection} is ambiguous (${target.matches.length} matches). Use contract address or unique slug.`,
+    );
+  }
+  if (target.exact && !target.exact.contractAddress && !allowUnsafe) {
+    errors.push(
+      `Collection ${target.exact.name} has unresolved contractAddress. Resolve CA or pass --allow-unsafe.`,
+    );
+  }
+  if (allowUnsafe) warnings.push("Unsafe override enabled.");
+  return { ok: errors.length === 0, errors, warnings, target: target.exact };
+}
+
+export function enforceBridgePolicy({ policy, feeBps }) {
+  if (Number(feeBps) > Number(policy.bridge.maxBridgeFeeBps)) {
+    return {
+      ok: false,
+      errors: [`Bridge fee ${feeBps} bps exceeds cap ${policy.bridge.maxBridgeFeeBps} bps.`],
+    };
+  }
+  return { ok: true, errors: [] };
+}
+

package/src/lib/rpc.mjs

@@ -0,0 +1,49 @@
+const RELAY_API_BASE = process.env.RELAY_API_BASE || "https://api.relay.link";
+let relayRpcMapCache = null;
+
+function relayHeaders() {
+  return { accept: "application/json" };
+}
+
+async function fetchJson(url, init = {}) {
+  const res = await fetch(url, init);
+  if (!res.ok) throw new Error(`HTTP ${res.status}`);
+  return res.json();
+}
+
+export async function getRelayRpcMap() {
+  if (relayRpcMapCache) return relayRpcMapCache;
+  try {
+    const data = await fetchJson(`${RELAY_API_BASE}/chains`, {
+      method: "GET",
+      headers: relayHeaders(),
+    });
+    const map = new Map();
+    for (const chain of data?.chains || []) {
+      const id = Number(chain?.id);
+      const rpc = String(chain?.httpRpcUrl || "");
+      if (Number.isFinite(id) && rpc) map.set(id, rpc);
+    }
+    relayRpcMapCache = map;
+  } catch {
+    relayRpcMapCache = new Map();
+  }
+  return relayRpcMapCache;
+}
+
+export async function resolveRpcUrl(chainId, policy = {}) {
+  const direct = process.env[`RPC_URL_${chainId}`];
+  if (direct) return direct;
+  const policyRpc =
+    Number(chainId) === Number(policy?.apechainChainId) ? String(policy?.apechainRpcUrl || "") : "";
+  const isLocalPolicyRpc =
+    policyRpc.startsWith("http://localhost") || policyRpc.startsWith("https://localhost") ||
+    policyRpc.startsWith("http://127.0.0.1") || policyRpc.startsWith("https://127.0.0.1");
+  if (policyRpc && !isLocalPolicyRpc) return policyRpc;
+  const relayMap = await getRelayRpcMap();
+  const relayRpc = relayMap.get(Number(chainId));
+  if (relayRpc) return relayRpc;
+  if (policyRpc) return policyRpc;
+  throw new Error(`Missing RPC URL for chain ${chainId}. Set RPC_URL_${chainId}.`);
+}
+

package/src/lib/telemetry.mjs

@@ -0,0 +1,92 @@
+import { appendJsonl, nowIso, randomId } from "./io.mjs";
+import { EVENTS_PATH } from "./paths.mjs";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+const TELEMETRY_BASE = String(process.env.APE_CLAW_TELEMETRY_URL || "").trim().replace(/\/+$/, "");
+const TELEMETRY_REMOTE_ONLY = /^(1|true|yes|on)$/i.test(String(process.env.APE_CLAW_TELEMETRY_REMOTE_ONLY || "").trim());
+
+function authStorePath() {
+  return path.join(os.homedir(), ".ape-claw", "auth.json");
+}
+
+function loadAuthStore() {
+  try {
+    const p = authStorePath();
+    if (!fs.existsSync(p)) return {};
+    const raw = fs.readFileSync(p, "utf8");
+    const j = JSON.parse(raw);
+    return j && typeof j === "object" ? j : {};
+  } catch {
+    return {};
+  }
+}
+
+function authHeadersForRemoteEvent(evt) {
+  const stored = loadAuthStore();
+  const fromEnvId = String(process.env.APE_CLAW_AGENT_ID || "").trim();
+  const fromEnvToken = String(process.env.APE_CLAW_AGENT_TOKEN || "").trim();
+  const agentId = fromEnvId || String(stored.agentId || "").trim() || String(evt.agentId || "").trim();
+  const token = fromEnvToken || String(stored.agentToken || "").trim();
+  return {
+    "content-type": "application/json",
+    ...(agentId ? { "x-agent-id": agentId } : {}),
+    ...(token ? { "x-agent-token": token } : {}),
+  };
+}
+
+async function sendRemoteEvent(evt) {
+  if (!TELEMETRY_BASE) return;
+  const url = `${TELEMETRY_BASE}/api/events`;
+  const res = await fetch(url, {
+    method: "POST",
+    headers: authHeadersForRemoteEvent(evt),
+    body: JSON.stringify(evt),
+  });
+  if (!res.ok) {
+    const body = await res.text().catch(() => "");
+    throw new Error(`remote telemetry failed (${res.status})${body ? `: ${body.slice(0, 200)}` : ""}`);
+  }
+}
+
+export function emitEvent({
+  eventType,
+  agentId = "local-cli",
+  sessionId = "local-session",
+  traceId = null,
+  command = "",
+  dryRun = true,
+  chainId = 33139,
+  payload = {},
+  result = {},
+  ok = true,
+  error = null,
+}) {
+  const evt = {
+    v: 1,
+    ts: nowIso(),
+    eventType,
+    agentId,
+    sessionId,
+    traceId: traceId || randomId("trace"),
+    command,
+    dryRun,
+    chainId,
+    payload,
+    result,
+    ok,
+    error,
+  };
+  if (!TELEMETRY_REMOTE_ONLY) {
+    appendJsonl(EVENTS_PATH, evt);
+  }
+  if (TELEMETRY_BASE) {
+    void sendRemoteEvent(evt).catch((err) => {
+      // Telemetry emission must never break command execution.
+      console.warn(`[telemetry] ${err.message}`);
+    });
+  }
+  return evt;
+}
+