clawpowers 1.1.1 → 1.1.3

package/skills/prospecting/SKILL.md

@@ -266,6 +266,147 @@ print(json.dumps(prospects, indent=2))
 "
 ```
 
+### Premium Enrichment (x402-Aware)
+
+By default, the prospecting skill uses free public sources (GitHub, LinkedIn
+search, Hunter.io free tier). When incomplete contact data is holding back
+your campaign, x402-aware paid enrichment APIs can fill the gaps.
+
+#### Three States
+
+| State | Config | Behaviour |
+|-------|--------|-----------|
+| **disabled** | `payments.enabled: false` | Skip all paid enrichment, log a note, continue with free data |
+| **dry-run** | `payments.mode: "dry_run"` | Log what _would_ be paid, show cost estimate, do NOT execute payment |
+| **live** | `payments.mode: "live"` | Execute payment if within policy limits; queue for approval if over |
+
+#### How It Works
+
+After Phase 4 (Contact Enrichment), the skill checks how many contacts are
+still missing key data (email, phone, LinkedIn URL) and offers to enrich them
+via premium APIs that accept x402 micropayments.
+
+```bash
+# After free enrichment — assess gaps
+TOTAL_LEADS=15
+INCOMPLETE=8  # missing email or key contact field
+
+echo "Found $TOTAL_LEADS leads. $INCOMPLETE have incomplete data."
+echo "Premium enrichment available for \$0.02/lead."
+echo "Estimated cost: \$$(echo "$INCOMPLETE * 0.02" | bc) USDC"
+```
+
+#### Payment Gate Flow
+
+```javascript
+// runtime/payments/pipeline.js — called automatically when x402 enrichment is triggered
+const { evaluatePayment } = require('../../runtime/payments/pipeline');
+
+const result = await evaluatePayment({
+  skill: 'prospecting',
+  reason: 'premium contact enrichment',
+  amount_usd: incompleteCount * 0.02,
+  asset: 'USDC',
+  chain: 'base',
+  recipient: '0xENRICHMENT_API_RECIPIENT',
+  url: 'https://api.contactdb.example.com/enrich',
+});
+
+switch (result.action) {
+  case 'disabled':
+    console.log('[prospecting] Premium enrichment disabled — using free data only.');
+    break;
+
+  case 'dry_run':
+    console.log(
+      `[prospecting] DRY-RUN: would pay $${(incompleteCount * 0.02).toFixed(2)} USDC ` +
+      `to enrich ${incompleteCount} contacts via ${result.reason}. No payment made.`
+    );
+    break;
+
+  case 'queued':
+    console.log(
+      `[prospecting] Payment queued for owner approval: ` +
+      `$${(incompleteCount * 0.02).toFixed(2)} USDC for ${incompleteCount} enrichments.`
+    );
+    // → Enrichment pauses until owner approves pending tx
+    break;
+
+  case 'approved':
+    console.log(`[prospecting] Executing premium enrichment for ${incompleteCount} contacts...`);
+    await runPremiumEnrichment(incompleteContacts);
+    break;
+}
+```
+
+#### Enabling Premium Enrichment
+
+```bash
+# ~/.clawpowers/config.json
+{
+  "payments": {
+    "enabled": true,
+    "mode": "live",
+    "per_tx_limit": 0.50,
+    "daily_limit": 5.00,
+    "require_approval_above": 1.00
+  }
+}
+```
+
+```bash
+# .env additions for prospecting
+AGENT_PRIVATE_KEY=0x...
+AGENT_WALLET_ADDRESS=0x...
+CHAIN_NAME=base
+SPEND_LIMIT_PER_TX=0.50
+SPEND_LIMIT_DAILY=5.00
+```
+
+#### Supported Premium Enrichment Sources
+
+| Source | Cost/lead | Data provided |
+|--------|-----------|--------------|
+| Apollo.io (paid tier) | ~$0.02 | Verified email, phone, LinkedIn |
+| Clearbit Enrichment | ~$0.03 | Company firmographics, tech stack |
+| Hunter.io Pro | ~$0.01 | Email verification, role signals |
+| Proxycurl | ~$0.015 | LinkedIn profile scrape |
+| Coresignal | ~$0.02 | Company employee headcount, tech |
+
+All premium API calls go through the x402 client wrapper:
+
+```javascript
+import { x402FromEnv } from 'agentwallet-sdk';
+
+const wallet = walletFromEnv();
+const client = x402FromEnv(wallet);
+
+// Automatically pays any HTTP 402 responses from enrichment APIs
+const response = await client.fetch(
+  `https://api.apollo.io/v1/people/enrich?email=${email}`,
+  { headers: { 'x-api-key': process.env.APOLLO_API_KEY } }
+);
+const enriched = await response.json();
+```
+
+#### Dry-Run Output Example
+
+When `payments.mode` is `"dry_run"`, the skill outputs a cost preview before
+any action is taken:
+
+```
+[prospecting] Enrichment summary:
+  Free sources:   7 / 15 contacts fully enriched
+  Incomplete:     8 / 15 contacts missing email or title
+
+[prospecting] DRY-RUN: Premium enrichment would cost:
+  8 contacts × $0.02/lead = $0.16 USDC
+  API: Apollo.io (paid), chain: base
+
+  To execute: set payments.mode = "live" in ~/.clawpowers/config.json
+  To approve this batch: clawpowers payments approve --skill prospecting
+```
+
 ## ClawPowers Enhancement
 
 When `~/.clawpowers/` runtime is initialized:

package/skills/security-audit/SKILL.md

@@ -265,6 +265,51 @@ trivy fs . --severity HIGH,CRITICAL
 bandit -r src/ -ll
 ```
 
+### Premium Scanner Escalation
+
+The default audit pipeline uses **free local scanners**: `npm audit`, `gitleaks`, `trivy`, `bandit`, and `semgrep`. These cover the vast majority of findings and require no payment.
+
+When free scanners surface critical or high-severity findings, premium scanners can provide deeper analysis: broader CVE databases, behavioral analysis, license compliance, supply-chain attack detection, and exploit chain mapping.
+
+**Payment gate logic for scanner escalation:**
+
+| Config state | Behavior |
+|-------------|---------|
+| `payments.enabled = false` | Log the premium scanner option. Skip it. Proceed with free scan results only. |
+| `payments.mode = "dry_run"` | Log what would happen: `[dry-run: would pay $0.05 for Snyk deep scan]`. No charge. |
+| `payments.mode = "live"` | Evaluate cost vs. severity. If cost fits policy limits and severity is Critical/High, pay and run the premium scan. |
+
+**Example escalation scenarios:**
+
+```
+Trivy found 2 critical vulns in base image.
+Premium scanner (Snyk container) available for $0.05.
+[dry-run: would pay — severity=critical, cost=$0.05 < per_tx_limit=$0.10]
+```
+
+```
+gitleaks found 0 secrets in current HEAD.
+Premium deep-history scan available for $0.20.
+[skipped — payments.enabled=false]
+```
+
+**When to escalate:**
+- `CRITICAL` findings from free scanners → always consider premium for exploit chain analysis
+- `HIGH` findings with active CVEs → premium scanner may have fresher signature database
+- Pre-production release gates → deep scan is worth the cost
+- Compliance requirements (SOC 2, PCI) → premium scanners generate compliance-ready reports
+
+**Check payment config before escalating:**
+
+```bash
+cat ~/.clawpowers/config.json | grep -A8 '"payments"'
+
+# After audit session, review any payment decisions made
+npx clawpowers payments log
+```
+
+**Escalation is always optional.** The free scanner suite is production-grade. Premium escalation improves coverage at the margin — it never replaces the free baseline.
+
 ## ClawPowers Enhancement
 
 When `~/.clawpowers/` runtime is initialized:

package/skills/using-clawpowers/SKILL.md

@@ -53,6 +53,9 @@ Skills activate automatically when you recognize a matching task pattern. You do
 | Need to create a new skill | `writing-skills` |
 | Multiple independent tasks that can run concurrently | `dispatching-parallel-agents` |
 | Making a payment or calling a paid API | `agent-payments` |
+| "setup payments" / "enable wallet" / "configure spending" | `agent-payments` → `npx clawpowers payments setup` |
+| "demo x402" / "test payments" / "mock merchant" | `npx clawpowers demo x402` |
+| "payment log" / "spending history" | `npx clawpowers payments log` |
 | Checking code/containers for vulnerabilities | `security-audit` |
 | Writing blog posts, docs, or social content | `content-pipeline` |
 | Need to understand how to learn something effectively | `learn-how-to-learn` |
@@ -66,6 +69,8 @@ Skills activate automatically when you recognize a matching task pattern. You do
 | Need roundtrip/idempotence/commutativity tests for a pure function | `formal-verification-lite` |
 | Complex task where premium resources would improve quality | `economic-code-optimization` |
 | Deciding whether to pay for expert review or premium model | `economic-code-optimization` |
+| Hiring another agent to complete a task with payment escrow | `agent-bounties` |
+| Want skin-in-the-game guarantees before a multi-agent task | `agent-bounties` |
 
 ## Reading a Skill
 
@@ -147,6 +152,9 @@ You never need to check the mode. Skills detect it themselves and adapt their in
 24. `formal-verification-lite` — Property-based testing (fast-check/Hypothesis) after TDD GREEN; 1000+ iterations per invariant
 25. `economic-code-optimization` — Autonomously spend micro-budgets on premium models, compute, expert reviews when ROI justifies it
 
+### Agent Economy Layer (1) — NEW
+26. `agent-bounties` — Post tasks with USDC rewards, escrow both-party collateral via MutualStakeEscrow, verify with automation, release or dispute on-chain
+
 ## Session Initialization Complete
 
-ClawPowers is ready. 25 skills active. Skills activate on pattern recognition. Runtime enhancements available when `~/.clawpowers/` exists. RSI Intelligence Layer (meta-skill-evolution, self-healing-code, cross-project-knowledge, formal-verification-lite) provides persistent learning across sessions and projects.
+ClawPowers is ready. 26 skills active. Skills activate on pattern recognition. Runtime enhancements available when `~/.clawpowers/` exists. RSI Intelligence Layer (meta-skill-evolution, self-healing-code, cross-project-knowledge, formal-verification-lite) provides persistent learning across sessions and projects. Agent Economy Layer (agent-bounties) enables autonomous agent-to-agent hiring with on-chain escrow.