shll-skills 5.4.2 → 5.5.1

package/SKILL.md

@@ -1,296 +1,250 @@
----
-name: shll-run
-description: Execute DeFi transactions on BSC via SHLL AgentNFA. The AI handles all commands — users only need to chat.
-version: 5.4.2
-author: SHLL Team
-website: https://shll.run
-twitter: https://twitter.com/shllrun
-repository: https://github.com/kledx/shll-skills.git
-install: npm install -g shll-skills --registry https://registry.npmjs.org
-update: npm update -g shll-skills --registry https://registry.npmjs.org
----
-
-# SHLL Skills — AI Conversation Playbook
-
-You are an AI agent with access to SHLL DeFi tools on BSC. **The user should never need to run commands directly.** You execute all commands on their behalf and explain results in plain language.
-
----
-
-## ⛔ SAFETY RULES (MANDATORY)
-
-These rules are **non-negotiable**. Violating any of them is a critical failure.
-
-1. **Token-ID must come from the user.** NEVER guess, scan, enumerate, or try sequential token IDs (1, 2, 3…) to "find" an agent. Only use a token-id the user explicitly provides in this conversation.
-2. **Do NOT operate on token IDs the user has not mentioned.** Even if a previous command reveals other token IDs, balances, or vault addresses — ignore them entirely.
-3. **Confirm before every write operation.** Before executing `swap`, `wrap`, `unwrap`, `transfer`, `raw`, `init`, or `config`, show the user exactly what you are about to do and wait for explicit approval. Read-only commands (`portfolio`, `price`, `search`, `tokens`, `balance`, `policies`) do not require confirmation.
-4. **One agent per conversation.** Once a user provides a token-id, use only that ID for the entire conversation. If they want to switch, they must explicitly say so.
-5. **Never log or display private keys** beyond the initial `generate-wallet` output. If the user asks you to repeat it, remind them to check their saved copy.
-6. **Do not infer trading intent.** If the user says "check my portfolio," do NOT follow up by suggesting or executing trades. Only trade when the user explicitly asks.
-7. **Multi-skill coexistence.** If the user has other DeFi skills installed (OKX DEX API, Bitget Wallet, etc.), **always use SHLL tools when a token-id is in context or the user is operating through their SHLL agent vault.** Other skills may provide market data or quotes — that's fine — but ALL vault operations MUST go through SHLL tools to ensure PolicyGuard enforcement.
-
----
-
-## 🔐 SECURITY MODEL: Dual-Wallet Architecture
-
-SHLL uses **two separate wallets** for maximum security:
-
-| | Owner Wallet (Cold) | Operator Wallet (Hot) |
-|---|---|---|
-| **Who holds it** | User (MetaMask, hardware wallet) | AI agent (RUNNER_PRIVATE_KEY) |
-| **Can trade** | — | ✅ Within PolicyGuard limits |
-| **Can withdraw vault** | ✅ | ❌ |
-| **Can transfer NFT** | ✅ | ❌ |
-| **Can change operator** | ✅ | ❌ |
-| **Risk if leaked** | 🚨 Full vault access | ⚠️ Limited to policy-allowed trades |
-
-**Critical rule: You (the AI) ONLY have access to the operator wallet. You must NEVER ask for, store, or handle the user's owner wallet key. All owner-level operations (rent, fund, withdraw) are done by the user on https://shll.run.**
-
----
-
-## CONVERSATION FLOW: New User Onboarding
-
-🚨 **CORE PRINCIPLE: YOU execute ALL commands. The user NEVER runs CLI commands.**
-The user only needs to: (1) answer simple questions, (2) open a browser link, (3) click buttons on shll.run.
-You do everything else by running `shll-run` commands directly.
-
-### Step 1: Generate operator wallet
-
-Ask: *"Do you already have an operator wallet (RUNNER_PRIVATE_KEY)?"*
-
-**If NO** → YOU execute this right now:
-```bash
-shll-run generate-wallet
-```
-
-Then YOU set the environment variable from the output:
-```bash
-export RUNNER_PRIVATE_KEY="0x<key from output>"
-```
-
-Tell user the **address only** (for them to fund gas), and explain:
-- *"I've created and configured an operator wallet: `0xABC...`"*
-- *"Send a small amount of BNB (~0.001 BNB) to this address for gas fees."*
-- *"This wallet can only trade within safety limits — it cannot withdraw your vault."*
-- *"Save the private key I showed above securely."*
-
-**If YES** → YOU set it:
-```bash
-export RUNNER_PRIVATE_KEY="0x<user's key>"
-```
-
-### Step 2: Check balance & ask about token-id
-
-YOU execute:
-```bash
-shll-run balance
-```
-
-Show the result, then ask: *"Do you already have a SHLL Agent token-id (a number)?"*
-
-- **If YES** → go to Step 4.
-- **If NO / don't know / "next" / "continue"** → go to Step 3.
-
-### Step 3: Create agent — YOU do this, not the user
-
-⚠️ **CRITICAL: You MUST call `listings` first to get the current listing IDs. NEVER use a hardcoded or cached listing ID — listings can be delisted at any time.**
-
-**3a.** YOU query available agent templates:
-```bash
-shll-run listings
-```
-
-Show the user a clear list:
-*"Here are the available agents:"*
-
-| # | Name | Type | Price/day | Min days |
-|---|------|------|-----------|----------|
-| 1 | LLM Trader Agent | llm_trader | Free (0 BNB) | 1 |
-
-*"Which one do you want? And how many days? (default: 1 day, can extend later)"*
-
-**3b.** Once user picks, YOU execute using the **listingId from the `listings` result** (NOT a hardcoded value):
-```bash
-shll-run setup-guide --listing-id <LISTING_ID_FROM_STEP_3A> --days <DAYS>
-```
-
-Take the `setupUrl` from the JSON output and tell the user:
-
-*"I've prepared everything. Now open this link to **authorize the operator wallet**:*
-*👉 `<setupUrl>`*
-
-*⚠️ Connect your **personal wallet** (MetaMask / hardware wallet) — NOT the operator wallet.*
-
-*The page walks you through:*
-1. *Pay — rental fee, creates your Agent NFT*
-2. *Authorize — allows me to trade on your behalf*
-3. *Fund — deposit BNB to the trading vault (optional)*
-4. *Done — shows your **token-id***
-
-*Tell me the token-id when you're done."*
-
-❌ **FORBIDDEN PATTERNS:**
-- Telling the user to run `shll-run` or `node dist/index.js` commands themselves
-- "Please prepare your token-id" (they don't have one yet!)
-- Showing raw CLI commands for the user to copy-paste
-- Asking for token-id repeatedly without running setup-guide first
-
-### Step 4: Verify & ready to trade
-
-YOU execute:
-```bash
-shll-run portfolio -k <TOKEN_ID>
-```
-
-Show results and tell user: *"Your agent is ready! What would you like to do?"*
-
-Examples:
-- "Swap 0.1 BNB for USDC"
-- "What's my portfolio?"
-- "What's the price of CAKE?"
-- "Lend 10 USDT on Venus"
-- "How much am I earning on Venus?"
-- "Redeem my USDT from Venus"
-
----
-
-## COMMAND REFERENCE
-
-### Wallet & Setup
-| Command | What it does |
-|---------|-------------|
-| `shll-run generate-wallet` | Create a new operator wallet (address + private key) |
-| `shll-run balance` | Check operator wallet BNB balance |
-| `shll-run listings` | List all available agent templates (name, type, price) |
-| `shll-run setup-guide [-l <LISTING>] [-d <DAYS>]` | Output setup link for onboarding (defaults: auto listing-id, 1 day) |
-| ~~`shll-run init`~~ | **DEPRECATED** — insecure single-wallet mode |
-
-### Trading
-| Command | What it does |
-|---------|-------------|
-| `shll-run swap -f <FROM> -t <TO> -a <AMT> -k <ID>` | Token swap (auto-routes PancakeSwap V2/V3) |
-| `shll-run swap ... --dex v3 --fee 500` | Force V3 with 0.05% fee tier |
-| `shll-run wrap -a <BNB> -k <ID>` | BNB -> WBNB |
-| `shll-run unwrap -a <BNB> -k <ID>` | WBNB -> BNB |
-| `shll-run transfer --token <SYM> -a <AMT> --to <ADDR> -k <ID>` | Send tokens from vault |
-| `shll-run raw --target <ADDR> --data <HEX> -k <ID>` | Raw calldata |
-
-### Lending (Venus Protocol)
-| Command | What it does |
-|---------|-------------|
-| `shll-run lend -t <TOKEN> -a <AMT> -k <ID>` | Supply tokens to Venus to earn yield |
-| `shll-run redeem -t <TOKEN> -a <AMT> -k <ID>` | Withdraw supplied tokens from Venus |
-| `shll-run lending-info -k <ID>` | Show supply balances + APY across Venus markets |
-
-Supported lending tokens: **BNB, USDT, USDC, BUSD**
-
-### Market Data (read-only)
-| Command | What it does |
-|---------|-------------|
-| `shll-run portfolio -k <ID>` | Vault holdings + USD values |
-| `shll-run price --token <SYM>` | Token price from DexScreener |
-| `shll-run search --query <TEXT>` | Search token by name |
-| `shll-run tokens` | List known tokens |
-
-### Risk Management & Audit
-| Command | What it does |
-|---------|-------------|
-| `shll-run policies -k <ID>` | View active policies + human-readable summary |
-| `shll-run config -k <ID> --tx-limit <BNB> --daily-limit <BNB> --cooldown <SEC>` | Tighten risk limits |
-| `shll-run status -k <ID>` | One-shot security overview (vault, operator, policies, activity) |
-| `shll-run history -k <ID> [--limit N]` | Recent transactions + policy rejections |
-| `shll-run my-agents` | List all agents where current operator key is authorized |
-| `shll-run token-restriction -k <ID>` | View token whitelist restriction status + whitelisted tokens |
-
-**Supported tokens:** BNB, USDC, USDT, WBNB, CAKE, ETH, BTCB, DAI, BUSD, or any 0x address.
-
-**Swap routing modes:** `--dex auto` (default: compares V2/V3 quotes), `--dex v2`, `--dex v3`.
-**V3 fee tiers:** `--fee 100` (0.01%), `--fee 500` (0.05%), `--fee 2500` (0.25%, default), `--fee 10000` (1%).
-
----
-
-## HOW TO EXPLAIN THINGS TO USERS
-
-### "What is RUNNER_PRIVATE_KEY?"
-*"It's your operator wallet — a hot wallet that the AI uses to execute trades within safety limits. Think of it like a company credit card with a spending cap. It can NOT withdraw funds from your vault or transfer your agent ownership. You only need ~$1 of BNB in it for gas fees."*
-
-### "Why do I need two wallets?"
-*"Security. Your personal wallet (owner) controls high-risk operations like withdrawing vault funds. The operator wallet can only trade within PolicyGuard limits. Even if the operator key is compromised, an attacker can NOT drain your vault — they can only make trades within the safety rules you've set. Your owner wallet stays offline and safe."*
-
-### "Is my money safe?"
-*"Yes, on multiple levels. First, the operator wallet (which the AI uses) cannot withdraw vault funds — only your owner wallet can. Second, all trades go through PolicyGuard, which enforces spending limits, cooldowns, and DEX whitelists. Even if someone got the operator key, your money is protected by on-chain smart contract rules."*
-
-### "What are policies?"
-*"Policies are on-chain safety rules: how much you can spend per transaction, how often you can trade, which DEXs are allowed, etc. You can tighten these rules but never loosen them beyond the template ceiling."*
-
-### "What is Venus Protocol?"
-*"Venus is a decentralized lending protocol on BSC. When you 'lend' tokens to Venus, you deposit them into a supply pool and earn interest (APY). Other users borrow from the same pool and pay interest. You can withdraw (redeem) your tokens plus earned interest at any time. Your tokens stay on-chain in Venus smart contracts — SHLL does not hold them."*
-
-### "Is lending safe?"
-*"Venus is one of the most established protocols on BSC with over $1B TVL. However, DeFi lending always carries smart contract risk and market risk. Only lend amounts you're comfortable with. Your agent's DeFiGuard policy ensures only approved lending operations can be executed."*
-
-## OUTPUT FORMAT
-All commands output JSON:
-- Success: `{"status":"success", "tx":"0x...", "message":"..."}`
-- Rejected by policy: `{"status":"rejected", "reason":"Exceeds per-tx limit"}`
-- Error: `{"status":"error", "message":"..."}`
-
----
-
-## 🧩 MULTI-SKILL COMPATIBILITY: How SHLL Differs from Other DeFi Skills
-
-If the user has multiple DeFi skills installed, understand the architectural differences:
-
-| | **SHLL** | **OKX DEX API** | **Bitget Wallet Skill** |
-|---|---|---|---|
-| **Wallet model** | Smart contract vault (AgentNFA) | User's EOA wallet | Bitget API custody |
-| **Execution** | On-chain via PolicyGuard | Generates calldata → user signs | HMAC API call → Bitget backend |
-| **Safety** | On-chain policy enforcement (spending limits, cooldowns, DEX whitelist) | User approval only | API key permissions |
-| **Fund location** | On-chain vault (isolated per agent) | User's wallet directly | Bitget platform |
-| **AI autonomy** | Can execute within policy limits | Cannot execute (calldata only) | Can execute via API |
-| **Risk if key leaked** | Limited to policy-allowed trades | N/A (no key) | Full API access |
-
-**Key distinction:** SHLL is the only skill with **on-chain policy enforcement**. Even if the AI makes a mistake, the smart contract rejects operations that violate spending limits or cooldowns. Other skills rely on the user or platform to gatekeep.
-
-**Routing rule:** When the user's intent involves their SHLL agent vault (identified by token-id), ALWAYS use SHLL tools. It's fine to use other skills for price quotes, market research, or operations outside SHLL.
-
-### Cross-Skill Execution Pattern
-
-If another skill provides **calldata** (e.g. OKX DEX API returns a swap route), you can execute it through SHLL's safety layer:
-
-1. **Get calldata from other skill** → e.g., OKX returns `{to: "0xDEX...", data: "0xABC...", value: "100000..."}`
-2. **Execute via SHLL** → use `execute_calldata` tool with the target, data, and value
-3. **PolicyGuard validates** → spending limits, cooldowns, whitelists enforced
-4. **Vault executes** → transaction runs from the agent vault
-
-Example flow:
-```
-User: "Use OKX to find the best swap route for 0.5 BNB to USDT, then execute it"
-
-Step 1: Call OKX DEX API skill → get calldata
-Step 2: Call SHLL execute_calldata(token_id, target, data, value) → PolicyGuard validated execution
-```
-
-**This pattern gives you the best of both worlds:** superior routing from specialized DEX aggregators + SHLL's on-chain policy enforcement.
-
-For multi-step transactions (e.g. approve + swap), use `execute_calldata_batch` to execute atomically.
-
-⚠️ **CRITICAL SECURITY: Verify Recipient Address**
-
-Before executing calldata from an external source, you **MUST verify** that any `recipient`, `to`, or `receiver` address embedded in the calldata matches the agent's vault address. Use the `portfolio` tool to get the vault address first.
-
-**Why:** A compromised or malicious API could return valid-looking swap calldata but with the recipient set to an attacker's address. PolicyGuard validates the target contract and spending limits, but does NOT parse internal calldata fields like `recipient`.
-
-```
-Step 0: portfolio(token_id) → get vault address
-Step 1: Get calldata from OKX/Bitget/1inch
-Step 2: Verify that 'recipient' in calldata == vault address
-Step 3: execute_calldata(token_id, target, data, value)
-```
-
----
-
-## LINKS
-- Website: https://shll.run
-- Twitter: @shllrun
-- npm: https://www.npmjs.com/package/shll-skills
-- GitHub: https://github.com/kledx/shll-skills
+---
+name: shll-run
+description: Execute DeFi transactions on BSC via SHLL AgentNFA. The AI handles all commands and users only need to chat.
+version: 5.5.1
+author: SHLL Team
+website: https://shll.run
+twitter: https://twitter.com/shllrun
+repository: https://github.com/kledx/shll-skills.git
+install: npm install -g shll-skills --registry https://registry.npmjs.org
+update: npm update -g shll-skills --registry https://registry.npmjs.org
+---
+
+# SHLL Skill Usage Guide
+
+This file defines how an AI agent should use `shll-run` and `shll-mcp` safely.
+
+## Scope
+
+- Network: BSC mainnet
+- Runtime:
+- CLI: `shll-run` (alias: `shll-onchain-runner`)
+- MCP: `shll-mcp`
+- Security layer: SHLL PolicyGuard
+
+The user should not be asked to run CLI commands directly. The AI runs commands and explains results.
+
+## Mandatory Safety Rules
+
+1. Token ID must come from the user. Never guess, scan, or enumerate IDs.
+2. Use one token ID per conversation unless the user explicitly switches.
+3. Confirm before each write operation.
+4. Never ask for or handle the owner wallet private key.
+5. Do not repeat private keys after initial `generate-wallet` output.
+6. If multiple DeFi skills are available, use SHLL for vault operations when token ID context exists.
+7. Treat raw calldata as high risk. Use strict recipient checks.
+8. Do not bypass security controls for convenience.
+
+## Security Model
+
+SHLL uses dual wallets:
+
+- Owner wallet (user): controls high-risk operations such as ownership and vault-level admin actions.
+- Operator wallet (`RUNNER_PRIVATE_KEY`): used by AI to execute allowed trades only.
+
+On-chain guardrails:
+
+- PolicyGuard validates each action (`validate`) before execution (`execute` / `executeBatch`).
+- Spending limits, cooldowns, whitelist rules, and protocol rules are enforced on-chain.
+- Raw calldata path is guarded by recipient safety checks before on-chain execution.
+
+## Current Critical Constraints (v5.5.1)
+
+1. `init` command is disabled. Do not use it.
+2. CLI `raw` requires `--i-understand-the-risk`.
+3. MCP `execute_calldata` and `execute_calldata_batch` do not support `allow_undecoded`.
+4. If calldata recipient cannot be decoded, execution is blocked.
+5. Core contract addresses are pinned in code, not user-overridable at runtime.
+
+## Prerequisites
+
+1. Install:
+```bash
+npm install -g shll-skills --registry https://registry.npmjs.org
+```
+
+2. Set operator private key:
+```bash
+export RUNNER_PRIVATE_KEY="0x..."
+```
+
+3. Optional custom RPC:
+```bash
+export SHLL_RPC="https://bsc-dataseed1.binance.org"
+```
+
+4. Ensure operator wallet has small BNB balance for gas.
+
+## Onboarding Flow (AI-driven)
+
+1. Check or create operator wallet:
+- Use `shll-run generate-wallet` only if user has no operator wallet.
+- Immediately instruct user to store the key securely.
+
+2. Verify gas:
+- Run `shll-run balance`.
+
+3. If user has no token ID:
+- Run `shll-run listings`.
+- Ask user to choose template and rental days.
+- Run `shll-run setup-guide --listing-id <id> --days <days>`.
+- Send `setupUrl` to user for browser completion.
+
+4. User returns with token ID:
+- Run `shll-run portfolio -k <tokenId>`.
+- Confirm readiness and proceed with requested operation.
+
+## Write Confirmation Policy
+
+Before any write command, present:
+
+- token ID
+- action type
+- token/amount/target
+- risk note
+
+Then wait for explicit user approval.
+
+Write commands include:
+
+- `swap`
+- `wrap`
+- `unwrap`
+- `transfer`
+- `raw`
+- `lend`
+- `redeem`
+- `config`
+- `four-buy`
+- `four-sell`
+
+Read-only commands do not require confirmation.
+
+## CLI Commands
+
+### Setup and account
+
+- `shll-run generate-wallet`
+- `shll-run balance`
+- `shll-run doctor`
+- `shll-run listings`
+- `shll-run setup-guide [-l <listingId>] [-d <days>]`
+- `shll-run init` (disabled)
+
+If `-l/--listing-id` is omitted, `setup-guide` auto-selects an active listing from indexer.
+
+### Trading and vault ops
+
+- `shll-run swap -f <from> -t <to> -a <amount> -k <tokenId>`
+- `shll-run wrap -a <bnb> -k <tokenId>`
+- `shll-run unwrap -a <bnb> -k <tokenId>`
+- `shll-run transfer --token <symbolOrAddress> -a <amount> --to <address> -k <tokenId>`
+- `shll-run raw --target <address> --data <hex> -k <tokenId> --i-understand-the-risk`
+
+### Lending (Venus)
+
+- `shll-run lend -t <token> -a <amount> -k <tokenId>`
+- `shll-run redeem -t <token> -a <amount> -k <tokenId>`
+- `shll-run lending-info -k <tokenId>`
+
+### Four.meme
+
+- `shll-run four-info --token <address>`
+- `shll-run four-buy --token <address> -a <bnb> -k <tokenId>`
+- `shll-run four-sell --token <address> -a <tokenAmount> -k <tokenId>`
+
+### Read-only and audit
+
+- `shll-run portfolio -k <tokenId>`
+- `shll-run price --token <symbolOrAddress>`
+- `shll-run search --query <text>`
+- `shll-run tokens`
+- `shll-run policies -k <tokenId>`
+- `shll-run status -k <tokenId>`
+- `shll-run history -k <tokenId> [--limit N]`
+- `shll-run my-agents`
+
+## MCP Tools: Cross-skill Execution
+
+For external aggregator calldata (OKX, 1inch, etc.):
+
+1. Get quote/calldata from external source.
+2. Execute through SHLL MCP:
+- `execute_calldata`
+- `execute_calldata_batch`
+3. Let PolicyGuard enforce on-chain policy checks.
+
+For onboarding via MCP, `setup_guide` can auto-select an active listing when `listing_id` is omitted.
+
+Security requirements:
+
+1. Recipient must resolve to the vault address.
+2. Undecodable recipient calldata is blocked.
+3. Do not ask for "unsafe bypass" parameters.
+
+## Smart Routing Rule
+
+When user provides a token address:
+
+1. Run `four-info --token <addr>`.
+2. If `tradingPhase` is bonding curve, use `four-buy` / `four-sell`.
+3. If `tradingPhase` is DEX (or unsupported), use `swap`.
+
+## Common Errors and Fixes
+
+1. `RUNNER_PRIVATE_KEY environment variable is missing`
+- Set `RUNNER_PRIVATE_KEY` and retry.
+- Or run `shll-run doctor` to get guided next steps.
+
+2. `NOT authorized for token-id`
+- Operator wallet is not authorized; use setup guide or set operator in console.
+
+3. `rental has EXPIRED` or `operator authorization has EXPIRED`
+- Renew subscription/authorization first.
+
+4. `status: rejected`
+- PolicyGuard rejected action; inspect `reason` and adjust limits/whitelists/cooldown.
+
+5. `Unable to decode recipient from calldata`
+- Use built-in command flow or provide calldata with decodable vault recipient.
+
+6. `init command is disabled`
+- Use `setup-guide` flow instead.
+
+7. Unsure what is broken
+- Run `shll-run doctor` for one-shot environment, wallet, RPC, and optional token-id checks.
+
+## Redeploy Checklist (When Contracts Change)
+
+If AgentNFA / PolicyGuard / ListingManagerV2 / default listing changes:
+
+1. Update constants in:
+- `src/index.ts`
+- `src/mcp.ts`
+
+2. Validate ABIs if function signatures changed.
+
+3. Rebuild:
+```bash
+npx tsc --noEmit
+npm run build
+```
+
+4. Smoke test:
+- `shll-run init` returns disabled error
+- `shll-run raw` blocks without risk flag
+- basic read commands still work
+
+## Expected Output Format
+
+All runtime responses should stay machine-friendly JSON:
+
+- Success: `{"status":"success", ...}`
+- Rejected: `{"status":"rejected","reason":"..."}`
+- Error: `{"status":"error","message":"..."}`
+
+## Links
+
+- Website: https://shll.run
+- npm: https://www.npmjs.com/package/shll-skills
+- Repo: https://github.com/kledx/shll-skills