shll-skills 4.0.1 → 5.0.0

package/dist/index.js

@@ -2152,6 +2152,71 @@ lendingInfoCmd.action(async (opts) => {
     process.exit(1);
   }
 });
+var OPERATOR_OF_ABI = [{
+  type: "function",
+  name: "operatorOf",
+  inputs: [{ name: "tokenId", type: "uint256" }],
+  outputs: [{ name: "", type: "address" }],
+  stateMutability: "view"
+}];
+var myAgentsCmd = new import_commander.Command("my-agents").description("List all agents where the current RUNNER_PRIVATE_KEY is the operator").option("-r, --rpc <url>", "BSC RPC URL", DEFAULT_RPC).option("--nfa-address <address>", "AgentNFA contract address", DEFAULT_NFA).option("--indexer <url>", "Indexer base URL", DEFAULT_INDEXER);
+myAgentsCmd.action(async (opts) => {
+  try {
+    if (!process.env.RUNNER_PRIVATE_KEY) {
+      output({ status: "error", message: "RUNNER_PRIVATE_KEY environment variable is missing" });
+      process.exit(1);
+    }
+    const operator = (0, import_accounts2.privateKeyToAccount)(toHex(process.env.RUNNER_PRIVATE_KEY)).address.toLowerCase();
+    const rpcUrl = opts.rpc || DEFAULT_RPC;
+    const nfaAddr = toHex(opts.nfaAddress || DEFAULT_NFA);
+    const indexerUrl = (opts.indexer || DEFAULT_INDEXER).replace(/\/+$/, "");
+    const publicClient = (0, import_viem2.createPublicClient)({ chain: import_chains2.bsc, transport: (0, import_viem2.http)(rpcUrl) });
+    const res = await fetch(`${indexerUrl}/api/agents`);
+    if (!res.ok) {
+      output({ status: "error", message: `Indexer error: ${res.status}` });
+      process.exit(1);
+    }
+    const json = await res.json();
+    const agents = (json.items || []).filter((a) => !a.isTemplate && a.tokenId !== void 0);
+    if (agents.length === 0) {
+      output({ status: "success", agents: [], message: "No agents found in indexer" });
+      return;
+    }
+    const checks = await Promise.all(
+      agents.map(async (a) => {
+        const tokenId = BigInt(a.tokenId);
+        try {
+          const op = await publicClient.readContract({
+            address: nfaAddr,
+            abi: OPERATOR_OF_ABI,
+            functionName: "operatorOf",
+            args: [tokenId]
+          });
+          return {
+            tokenId: tokenId.toString(),
+            vault: a.account || "",
+            owner: a.owner || "",
+            agentType: a.agentType || "unknown",
+            isOperator: op.toLowerCase() === operator
+          };
+        } catch {
+          return null;
+        }
+      })
+    );
+    const myAgents = checks.filter((c) => c !== null && c.isOperator);
+    output({
+      status: "success",
+      operator,
+      agents: myAgents,
+      count: myAgents.length
+    });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    output({ status: "error", message });
+    process.exit(1);
+  }
+});
 program.addCommand(swapCmd);
 program.addCommand(rawCmd);
 program.addCommand(tokensCmd);
@@ -2173,4 +2238,5 @@ program.addCommand(statusCmd);
 program.addCommand(lendCmd);
 program.addCommand(redeemCmd);
 program.addCommand(lendingInfoCmd);
+program.addCommand(myAgentsCmd);
 program.parse(process.argv);

package/dist/index.mjs

@@ -1664,6 +1664,71 @@ lendingInfoCmd.action(async (opts) => {
     process.exit(1);
   }
 });
+var OPERATOR_OF_ABI = [{
+  type: "function",
+  name: "operatorOf",
+  inputs: [{ name: "tokenId", type: "uint256" }],
+  outputs: [{ name: "", type: "address" }],
+  stateMutability: "view"
+}];
+var myAgentsCmd = new Command("my-agents").description("List all agents where the current RUNNER_PRIVATE_KEY is the operator").option("-r, --rpc <url>", "BSC RPC URL", DEFAULT_RPC).option("--nfa-address <address>", "AgentNFA contract address", DEFAULT_NFA).option("--indexer <url>", "Indexer base URL", DEFAULT_INDEXER);
+myAgentsCmd.action(async (opts) => {
+  try {
+    if (!process.env.RUNNER_PRIVATE_KEY) {
+      output({ status: "error", message: "RUNNER_PRIVATE_KEY environment variable is missing" });
+      process.exit(1);
+    }
+    const operator = privateKeyToAccount(toHex(process.env.RUNNER_PRIVATE_KEY)).address.toLowerCase();
+    const rpcUrl = opts.rpc || DEFAULT_RPC;
+    const nfaAddr = toHex(opts.nfaAddress || DEFAULT_NFA);
+    const indexerUrl = (opts.indexer || DEFAULT_INDEXER).replace(/\/+$/, "");
+    const publicClient = createPublicClient({ chain: bsc, transport: http(rpcUrl) });
+    const res = await fetch(`${indexerUrl}/api/agents`);
+    if (!res.ok) {
+      output({ status: "error", message: `Indexer error: ${res.status}` });
+      process.exit(1);
+    }
+    const json = await res.json();
+    const agents = (json.items || []).filter((a) => !a.isTemplate && a.tokenId !== void 0);
+    if (agents.length === 0) {
+      output({ status: "success", agents: [], message: "No agents found in indexer" });
+      return;
+    }
+    const checks = await Promise.all(
+      agents.map(async (a) => {
+        const tokenId = BigInt(a.tokenId);
+        try {
+          const op = await publicClient.readContract({
+            address: nfaAddr,
+            abi: OPERATOR_OF_ABI,
+            functionName: "operatorOf",
+            args: [tokenId]
+          });
+          return {
+            tokenId: tokenId.toString(),
+            vault: a.account || "",
+            owner: a.owner || "",
+            agentType: a.agentType || "unknown",
+            isOperator: op.toLowerCase() === operator
+          };
+        } catch {
+          return null;
+        }
+      })
+    );
+    const myAgents = checks.filter((c) => c !== null && c.isOperator);
+    output({
+      status: "success",
+      operator,
+      agents: myAgents,
+      count: myAgents.length
+    });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    output({ status: "error", message });
+    process.exit(1);
+  }
+});
 program.addCommand(swapCmd);
 program.addCommand(rawCmd);
 program.addCommand(tokensCmd);
@@ -1685,4 +1750,5 @@ program.addCommand(statusCmd);
 program.addCommand(lendCmd);
 program.addCommand(redeemCmd);
 program.addCommand(lendingInfoCmd);
+program.addCommand(myAgentsCmd);
 program.parse(process.argv);

package/dist/mcp.js

@@ -508,6 +508,8 @@ var import_chains2 = require("viem/chains");
 var DEFAULT_NFA = "0xE98DCdbf370D7b52c9A2b88F79bEF514A5375a2b";
 var DEFAULT_GUARD = "0x25d17eA0e3Bcb8CA08a2BFE917E817AFc05dbBB3";
 var DEFAULT_RPC = "https://bsc-dataseed1.binance.org";
+var DEFAULT_LISTING_MANAGER = "0x1f9CE85bD0FF75acc3D92eB79f1Eb472f0865071";
+var DEFAULT_LISTING_ID = "0x733e9d959da5c1745fa507df6b47537f0945012eff3ceb4b684cd4482f2bc4d3";
 var PANCAKE_V2_ROUTER = "0x10ED43C718714eb63d5aA57B78B54704E256024E";
 var PANCAKE_V3_SMART_ROUTER = "0x13f4EA83D0bd40E75C8222255bc855a974568Dd4";
 var WBNB = "0xbb4CdB9CBd36B01bD1cBaEBF2De08d9173bc095c";
@@ -605,6 +607,21 @@ var VTOKEN_READ_ABI = [
   { type: "function", name: "supplyRatePerBlock", inputs: [], outputs: [{ name: "", type: "uint256" }], stateMutability: "view" }
 ];
 var VBNB_MINT_ABI = [{ type: "function", name: "mint", inputs: [], outputs: [], stateMutability: "payable" }];
+var WBNB_ABI = [
+  { type: "function", name: "deposit", inputs: [], outputs: [], stateMutability: "payable" },
+  { type: "function", name: "withdraw", inputs: [{ name: "wad", type: "uint256" }], outputs: [], stateMutability: "nonpayable" }
+];
+var SPENDING_LIMIT_ABI = [
+  { type: "function", name: "setLimits", inputs: [{ name: "instanceId", type: "uint256" }, { name: "maxPerTx", type: "uint256" }, { name: "maxPerDay", type: "uint256" }, { name: "maxSlippageBps", type: "uint256" }], outputs: [], stateMutability: "nonpayable" },
+  { type: "function", name: "instanceLimits", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "maxPerTx", type: "uint256" }, { name: "maxPerDay", type: "uint256" }, { name: "maxSlippageBps", type: "uint256" }], stateMutability: "view" }
+];
+var COOLDOWN_ABI = [
+  { type: "function", name: "setCooldown", inputs: [{ name: "instanceId", type: "uint256" }, { name: "seconds_", type: "uint256" }], outputs: [], stateMutability: "nonpayable" },
+  { type: "function", name: "cooldownSeconds", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "uint256" }], stateMutability: "view" }
+];
+var LISTING_MANAGER_ABI = [
+  { type: "function", name: "listings", inputs: [{ name: "listingId", type: "bytes32" }], outputs: [{ name: "nfa", type: "address" }, { name: "templateId", type: "uint256" }, { name: "owner", type: "address" }, { name: "pricePerDay", type: "uint256" }, { name: "minDays", type: "uint32" }, { name: "active", type: "bool" }], stateMutability: "view" }
+];
 function getConfig() {
   const privateKey = process.env.RUNNER_PRIVATE_KEY;
   if (!privateKey) throw new Error("RUNNER_PRIVATE_KEY environment variable is required");
@@ -626,7 +643,7 @@ function createClients() {
 }
 var server = new import_mcp.McpServer({
   name: "shll-defi",
-  version: "1.0.0"
+  version: "5.0.0"
 });
 server.tool(
   "portfolio",
@@ -929,6 +946,395 @@ server.tool(
     return { content: [{ type: "text", text: JSON.stringify({ status: "success", hash: result.hash, token, amount, to: recipient }) }] };
   }
 );
+var OPERATOR_OF_ABI = [{
+  type: "function",
+  name: "operatorOf",
+  inputs: [{ name: "tokenId", type: "uint256" }],
+  outputs: [{ name: "", type: "address" }],
+  stateMutability: "view"
+}];
+var DEFAULT_INDEXER = "https://indexer-mainnet.shll.run";
+server.tool(
+  "my_agents",
+  "List all agents where the current operator key is authorized. Returns token IDs, vault addresses, and agent types. Call this first if the user does not specify a token ID.",
+  {},
+  async () => {
+    const { account, publicClient, config } = createClients();
+    const operator = account.address.toLowerCase();
+    const nfaAddr = config.nfa;
+    const res = await fetch(`${DEFAULT_INDEXER}/api/agents`);
+    if (!res.ok) return { content: [{ type: "text", text: JSON.stringify({ error: `Indexer error: ${res.status}` }) }] };
+    const json = await res.json();
+    const agents = (json.items || []).filter((a) => !a.isTemplate && a.tokenId !== void 0);
+    if (agents.length === 0) {
+      return { content: [{ type: "text", text: JSON.stringify({ operator, agents: [], count: 0 }) }] };
+    }
+    const checks = await Promise.all(
+      agents.map(async (a) => {
+        const tokenId = BigInt(a.tokenId);
+        try {
+          const op = await publicClient.readContract({
+            address: nfaAddr,
+            abi: OPERATOR_OF_ABI,
+            functionName: "operatorOf",
+            args: [tokenId]
+          });
+          return op.toLowerCase() === operator ? {
+            tokenId: tokenId.toString(),
+            vault: a.account || "",
+            owner: a.owner || "",
+            agentType: a.agentType || "unknown"
+          } : null;
+        } catch {
+          return null;
+        }
+      })
+    );
+    const myAgents = checks.filter((c) => c !== null);
+    return {
+      content: [{
+        type: "text",
+        text: JSON.stringify({ operator, agents: myAgents, count: myAgents.length })
+      }]
+    };
+  }
+);
+server.tool(
+  "wrap",
+  "Wrap BNB to WBNB in agent vault",
+  {
+    token_id: import_zod.z.string().describe("Agent NFA Token ID"),
+    amount: import_zod.z.string().describe("BNB amount to wrap (human-readable, e.g. 0.1)")
+  },
+  async ({ token_id, amount }) => {
+    const { policyClient } = createClients();
+    const tokenId = BigInt(token_id);
+    const amt = (0, import_viem2.parseEther)(amount);
+    const data = (0, import_viem2.encodeFunctionData)({ abi: WBNB_ABI, functionName: "deposit" });
+    const action = { target: WBNB, value: amt, data };
+    const sim = await policyClient.validate(tokenId, action);
+    if (!sim.ok) return { content: [{ type: "text", text: JSON.stringify({ status: "rejected", reason: sim.reason }) }] };
+    const result = await policyClient.execute(tokenId, action, true);
+    return { content: [{ type: "text", text: JSON.stringify({ status: "success", hash: result.hash, message: `Wrapped ${amount} BNB \u2192 WBNB` }) }] };
+  }
+);
+server.tool(
+  "unwrap",
+  "Unwrap WBNB to BNB in agent vault",
+  {
+    token_id: import_zod.z.string().describe("Agent NFA Token ID"),
+    amount: import_zod.z.string().describe("WBNB amount to unwrap (human-readable, e.g. 0.1)")
+  },
+  async ({ token_id, amount }) => {
+    const { policyClient } = createClients();
+    const tokenId = BigInt(token_id);
+    const amt = (0, import_viem2.parseEther)(amount);
+    const data = (0, import_viem2.encodeFunctionData)({ abi: WBNB_ABI, functionName: "withdraw", args: [amt] });
+    const action = { target: WBNB, value: 0n, data };
+    const sim = await policyClient.validate(tokenId, action);
+    if (!sim.ok) return { content: [{ type: "text", text: JSON.stringify({ status: "rejected", reason: sim.reason }) }] };
+    const result = await policyClient.execute(tokenId, action, true);
+    return { content: [{ type: "text", text: JSON.stringify({ status: "success", hash: result.hash, message: `Unwrapped ${amount} WBNB \u2192 BNB` }) }] };
+  }
+);
+server.tool(
+  "search",
+  "Search for a token by name or symbol on BSC via DexScreener",
+  { query: import_zod.z.string().describe("Token name or symbol to search") },
+  async ({ query }) => {
+    const encoded = encodeURIComponent(query);
+    const resp = await fetch(`https://api.dexscreener.com/latest/dex/search?q=${encoded}`, { signal: AbortSignal.timeout(8e3) });
+    if (!resp.ok) return { content: [{ type: "text", text: JSON.stringify({ error: "DexScreener API error" }) }] };
+    const data = await resp.json();
+    const results = (data.pairs || []).filter((p) => p.chainId === "bsc").slice(0, 10).map((p) => ({
+      symbol: p.baseToken.symbol,
+      name: p.baseToken.name,
+      address: p.baseToken.address,
+      priceUsd: p.priceUsd,
+      liquidity: p.liquidity?.usd || 0,
+      volume24h: p.volume?.h24 || 0
+    }));
+    return { content: [{ type: "text", text: JSON.stringify({ results, count: results.length }) }] };
+  }
+);
+server.tool(
+  "tokens",
+  "List all known token symbols and their BSC addresses",
+  {},
+  async () => {
+    const tokens = Object.entries(TOKEN_LIST).map(([sym, info]) => ({
+      symbol: sym,
+      address: info.address,
+      decimals: info.decimals
+    }));
+    return { content: [{ type: "text", text: JSON.stringify({ tokens, count: tokens.length }) }] };
+  }
+);
+server.tool(
+  "policies",
+  "View all active policies and current risk settings for an agent",
+  { token_id: import_zod.z.string().describe("Agent NFA Token ID") },
+  async ({ token_id }) => {
+    const { publicClient, policyClient } = createClients();
+    const tokenId = BigInt(token_id);
+    const policies = await policyClient.getPolicies(tokenId);
+    const enriched = [];
+    const summaryParts = [];
+    for (const p of policies) {
+      const entry = { name: p.policyTypeName, address: p.address, renterConfigurable: p.renterConfigurable };
+      if (p.policyTypeName === "spending_limit") {
+        try {
+          const limits = await publicClient.readContract({ address: p.address, abi: SPENDING_LIMIT_ABI, functionName: "instanceLimits", args: [tokenId] });
+          const [maxPerTx, maxPerDay, maxSlippageBps] = limits;
+          const txBnb = (Number(maxPerTx) / 1e18).toFixed(4);
+          const dayBnb = (Number(maxPerDay) / 1e18).toFixed(4);
+          entry.currentConfig = { maxPerTx: maxPerTx.toString(), maxPerTxBnb: txBnb, maxPerDay: maxPerDay.toString(), maxPerDayBnb: dayBnb, maxSlippageBps: maxSlippageBps.toString() };
+          summaryParts.push(`Max ${txBnb} BNB/tx, ${dayBnb} BNB/day, slippage ${maxSlippageBps}bps`);
+        } catch {
+        }
+      }
+      if (p.policyTypeName === "cooldown") {
+        try {
+          const cd = await publicClient.readContract({ address: p.address, abi: COOLDOWN_ABI, functionName: "cooldownSeconds", args: [tokenId] });
+          const secs = Number(cd);
+          entry.currentConfig = { cooldownSeconds: secs.toString() };
+          summaryParts.push(`Cooldown ${secs}s between transactions`);
+        } catch {
+        }
+      }
+      if (p.policyTypeName === "receiver_guard") summaryParts.push("Outbound transfers restricted (ReceiverGuard)");
+      if (p.policyTypeName === "dex_whitelist") summaryParts.push("Only whitelisted DEXs allowed");
+      if (p.policyTypeName === "token_whitelist") summaryParts.push("Only whitelisted tokens allowed");
+      if (p.policyTypeName === "defi_guard") summaryParts.push("DeFi interactions validated by DeFiGuard");
+      enriched.push(entry);
+    }
+    const humanSummary = summaryParts.length > 0 ? summaryParts.join(" | ") : "No configurable policies found";
+    return { content: [{ type: "text", text: JSON.stringify({ tokenId: token_id, humanSummary, securityNote: "Operator wallet CANNOT withdraw vault funds or transfer Agent NFT.", policies: enriched }) }] };
+  }
+);
+server.tool(
+  "status",
+  "One-shot security overview: vault balance, operator status, policies, and recent activity",
+  { token_id: import_zod.z.string().describe("Agent NFA Token ID") },
+  async ({ token_id }) => {
+    const { account, publicClient, policyClient } = createClients();
+    const tokenId = BigInt(token_id);
+    const vault = await policyClient.getVault(tokenId);
+    const bnbBalance = await publicClient.getBalance({ address: vault });
+    const bnbHuman = (Number(bnbBalance) / 1e18).toFixed(6);
+    const opBalance = await publicClient.getBalance({ address: account.address });
+    const opBnb = (Number(opBalance) / 1e18).toFixed(6);
+    const operatorInfo = { address: account.address, gasBnb: opBnb, gasOk: Number(opBalance) > 1e15 };
+    const policies = await policyClient.getPolicies(tokenId);
+    const summaryParts = [];
+    for (const p of policies) {
+      if (p.policyTypeName === "spending_limit") {
+        try {
+          const limits = await publicClient.readContract({ address: p.address, abi: SPENDING_LIMIT_ABI, functionName: "instanceLimits", args: [tokenId] });
+          const [maxPerTx, maxPerDay] = limits;
+          summaryParts.push(`Max ${(Number(maxPerTx) / 1e18).toFixed(4)} BNB/tx, ${(Number(maxPerDay) / 1e18).toFixed(4)} BNB/day`);
+        } catch {
+        }
+      }
+      if (p.policyTypeName === "cooldown") {
+        try {
+          const cd = await publicClient.readContract({ address: p.address, abi: COOLDOWN_ABI, functionName: "cooldownSeconds", args: [tokenId] });
+          summaryParts.push(`Cooldown ${Number(cd)}s`);
+        } catch {
+        }
+      }
+      if (p.policyTypeName === "receiver_guard") summaryParts.push("ReceiverGuard active");
+      if (p.policyTypeName === "dex_whitelist") summaryParts.push("DEX whitelist active");
+      if (p.policyTypeName === "token_whitelist") summaryParts.push("Token whitelist active");
+      if (p.policyTypeName === "defi_guard") summaryParts.push("DeFiGuard active");
+    }
+    let activityStats = { available: false };
+    try {
+      const summaryRes = await fetch(`${DEFAULT_INDEXER}/api/agents/${token_id}/summary`, { signal: AbortSignal.timeout(8e3) });
+      if (summaryRes.ok) {
+        const summaryData = await summaryRes.json();
+        activityStats = {
+          available: true,
+          totalExecutions: summaryData.totalExecutions,
+          successRate: summaryData.totalExecutions > 0 ? `${(summaryData.successCount / summaryData.totalExecutions * 100).toFixed(1)}%` : "N/A",
+          lastExecution: summaryData.lastExecution ? new Date(Number(summaryData.lastExecution) * 1e3).toISOString() : null
+        };
+      }
+    } catch {
+    }
+    return {
+      content: [{
+        type: "text",
+        text: JSON.stringify({
+          tokenId: token_id,
+          vault: { address: vault, bnbBalance: bnbHuman },
+          operator: operatorInfo,
+          securitySummary: summaryParts.length > 0 ? summaryParts.join(" | ") : "No policies found",
+          policyCount: policies.length,
+          activity: activityStats,
+          securityNote: "Operator wallet CANNOT withdraw vault funds or transfer Agent NFT.",
+          dashboardUrl: `https://shll.run/dashboard?tokenId=${token_id}`
+        })
+      }]
+    };
+  }
+);
+server.tool(
+  "history",
+  "Show recent transactions executed through the agent vault",
+  {
+    token_id: import_zod.z.string().describe("Agent NFA Token ID"),
+    limit: import_zod.z.number().default(10).describe("Number of transactions to show")
+  },
+  async ({ token_id, limit }) => {
+    const activityRes = await fetch(`${DEFAULT_INDEXER}/api/activity/${token_id}?limit=${limit}`, { signal: AbortSignal.timeout(1e4) });
+    if (!activityRes.ok) return { content: [{ type: "text", text: JSON.stringify({ error: `Indexer returned ${activityRes.status}` }) }] };
+    const data = await activityRes.json();
+    let failures = [];
+    try {
+      const failRes = await fetch(`${DEFAULT_INDEXER}/api/agents/${token_id}/commit-failures?limit=5`, { signal: AbortSignal.timeout(8e3) });
+      if (failRes.ok) {
+        const failData = await failRes.json();
+        failures = failData.items || [];
+      }
+    } catch {
+    }
+    const transactions = (data.items || []).map((tx) => ({
+      time: new Date(Number(tx.timestamp) * 1e3).toISOString(),
+      txHash: tx.txHash,
+      target: tx.target,
+      success: tx.success,
+      bscscanUrl: `https://bscscan.com/tx/${tx.txHash}`
+    }));
+    return { content: [{ type: "text", text: JSON.stringify({ tokenId: token_id, transactions, totalShown: transactions.length, recentPolicyRejections: failures.length, policyRejections: failures.length > 0 ? failures : void 0 }) }] };
+  }
+);
+server.tool(
+  "config",
+  "Configure risk parameters (spending limits, cooldown) for an agent. Only tightening is allowed.",
+  {
+    token_id: import_zod.z.string().describe("Agent NFA Token ID"),
+    tx_limit: import_zod.z.string().optional().describe("Max BNB per transaction (human-readable, e.g. 0.5)"),
+    daily_limit: import_zod.z.string().optional().describe("Max BNB per day (human-readable, e.g. 2.0)"),
+    cooldown: import_zod.z.string().optional().describe("Minimum seconds between transactions (e.g. 60)")
+  },
+  async ({ token_id, tx_limit, daily_limit, cooldown }) => {
+    if (!tx_limit && !daily_limit && !cooldown) {
+      return { content: [{ type: "text", text: JSON.stringify({ error: "Specify at least one: tx_limit, daily_limit, or cooldown" }) }] };
+    }
+    const { account, publicClient, policyClient, config } = createClients();
+    const tokenId = BigInt(token_id);
+    const walletClient = (0, import_viem2.createWalletClient)({ account, chain: import_chains2.bsc, transport: (0, import_viem2.http)(config.rpc) });
+    const policies = await policyClient.getPolicies(tokenId);
+    const results = [];
+    if (tx_limit || daily_limit) {
+      const spendingPolicy = policies.find((p) => p.policyTypeName === "spending_limit");
+      if (!spendingPolicy) return { content: [{ type: "text", text: JSON.stringify({ error: "No SpendingLimitPolicy found" }) }] };
+      const current = await publicClient.readContract({ address: spendingPolicy.address, abi: SPENDING_LIMIT_ABI, functionName: "instanceLimits", args: [tokenId] });
+      const [curMaxPerTx, curMaxPerDay, curSlippage] = current;
+      const newMaxPerTx = tx_limit ? (0, import_viem2.parseEther)(tx_limit) : curMaxPerTx;
+      const newMaxPerDay = daily_limit ? (0, import_viem2.parseEther)(daily_limit) : curMaxPerDay;
+      const hash = await walletClient.writeContract({ address: spendingPolicy.address, abi: SPENDING_LIMIT_ABI, functionName: "setLimits", args: [tokenId, newMaxPerTx, newMaxPerDay, curSlippage] });
+      await publicClient.waitForTransactionReceipt({ hash });
+      results.push(`SpendingLimit updated: ${hash}`);
+    }
+    if (cooldown) {
+      const cooldownPolicy = policies.find((p) => p.policyTypeName === "cooldown");
+      if (!cooldownPolicy) return { content: [{ type: "text", text: JSON.stringify({ error: "No CooldownPolicy found" }) }] };
+      const seconds = BigInt(cooldown);
+      const hash = await walletClient.writeContract({ address: cooldownPolicy.address, abi: COOLDOWN_ABI, functionName: "setCooldown", args: [tokenId, seconds] });
+      await publicClient.waitForTransactionReceipt({ hash });
+      results.push(`Cooldown updated: ${hash}`);
+    }
+    return { content: [{ type: "text", text: JSON.stringify({ status: "success", message: "Risk parameters updated", details: results }) }] };
+  }
+);
+server.tool(
+  "listings",
+  "List all available agent templates for rent",
+  {},
+  async () => {
+    const res = await fetch(`${DEFAULT_INDEXER}/api/listings`);
+    if (!res.ok) return { content: [{ type: "text", text: JSON.stringify({ error: `Indexer returned ${res.status}` }) }] };
+    const data = await res.json();
+    const available = data.items.filter((l) => l.active);
+    const listings = available.map((l) => ({
+      listingId: l.id,
+      name: l.agentName || "Unnamed Agent",
+      type: l.agentType || "unknown",
+      pricePerDayBNB: (Number(l.pricePerDay) / 1e18).toFixed(6),
+      minDays: l.minDays,
+      nfa: l.nfa
+    }));
+    return { content: [{ type: "text", text: JSON.stringify({ count: listings.length, listings, hint: "Use the listingId with setup_guide tool" }) }] };
+  }
+);
+server.tool(
+  "setup_guide",
+  "Generate step-by-step dual-wallet onboarding instructions and shll.run/setup URL",
+  {
+    listing_id: import_zod.z.string().default(DEFAULT_LISTING_ID).describe("Template listing ID (bytes32 hex)"),
+    days: import_zod.z.number().default(1).describe("Number of days to rent")
+  },
+  async ({ listing_id, days }) => {
+    const { account, publicClient } = createClients();
+    const operatorAddress = account.address;
+    const listingId = listing_id;
+    const daysToRent = days;
+    let rentCost = "unknown";
+    try {
+      const listing = await publicClient.readContract({ address: DEFAULT_LISTING_MANAGER, abi: LISTING_MANAGER_ABI, functionName: "listings", args: [listingId] });
+      const [, , , pricePerDay, minDays, active] = listing;
+      if (!active) return { content: [{ type: "text", text: JSON.stringify({ error: "Listing is not active" }) }] };
+      if (daysToRent < minDays) return { content: [{ type: "text", text: JSON.stringify({ error: `Minimum rental is ${minDays} days, you requested ${daysToRent}` }) }] };
+      const totalRent = BigInt(pricePerDay) * BigInt(daysToRent);
+      rentCost = `${(Number(totalRent) / 1e18).toFixed(6)} BNB`;
+    } catch {
+      rentCost = "unable to query \u2014 check listing_id";
+    }
+    const setupUrl = `https://shll.run/setup?operator=${operatorAddress}&listing=${encodeURIComponent(listingId)}&days=${daysToRent}`;
+    return {
+      content: [{
+        type: "text",
+        text: JSON.stringify({
+          status: "guide",
+          securityModel: "DUAL-WALLET: Your wallet (owner) stays offline. AI only uses the operator wallet, which CANNOT withdraw vault funds.",
+          operatorAddress,
+          setupUrl,
+          rentCost,
+          steps: [
+            { step: 1, title: "Open SHLL Setup Page", action: `Open ${setupUrl} in your browser`, note: "Connect YOUR wallet (MetaMask). This is your owner wallet." },
+            { step: 2, title: "Rent Agent", action: "Click 'Rent Agent' and confirm the transaction" },
+            { step: 3, title: "Authorize Operator", action: "Click 'Authorize Operator'", note: `Operator address: ${operatorAddress}` },
+            { step: 4, title: "Fund Vault (optional)", action: "Deposit BNB into the vault for trading" },
+            { step: 5, title: "Tell AI your token-id", action: "Come back and tell the AI your token-id number." }
+          ]
+        })
+      }]
+    };
+  }
+);
+server.tool(
+  "generate_wallet",
+  "Generate a new operator wallet (address + private key) for AI to use. This is a HOT wallet for trading only.",
+  {},
+  async () => {
+    const pk = (0, import_accounts2.generatePrivateKey)();
+    const account = (0, import_accounts2.privateKeyToAccount)(pk);
+    return {
+      content: [{
+        type: "text",
+        text: JSON.stringify({
+          status: "success",
+          address: account.address,
+          privateKey: pk,
+          note: "SAVE THIS PRIVATE KEY SECURELY. This is the OPERATOR wallet \u2014 it can only trade within PolicyGuard limits. It CANNOT withdraw vault funds. Send ~$1 of BNB here for gas fees, then set RUNNER_PRIVATE_KEY.",
+          securityReminder: "Use a SEPARATE wallet as the owner to rent the agent and fund the vault. Use setup_guide tool for step-by-step instructions."
+        })
+      }]
+    };
+  }
+);
 async function main() {
   const transport = new import_stdio.StdioServerTransport();
   await server.connect(transport);