shll-skills 6.0.1 → 6.0.3

package/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: shll-run
 description: Execute DeFi transactions on BSC via SHLL AgentNFA. The AI handles all commands and users only need to chat.
-version: 6.0.1
+version: 6.0.2
 author: SHLL Team
 website: https://shll.run
 twitter: https://twitter.com/shllrun
@@ -68,7 +68,7 @@ On-chain guardrails:
 - Spending limits, cooldowns, whitelist rules, and protocol rules are enforced on-chain.
 - Raw calldata is blocked if the recipient cannot be decoded safely.
 
-## Current Critical Constraints (v6.0.0)
+## Current Critical Constraints (v6.0.2)
 
 1. `init` command is disabled. Do not use it.
 2. Raw calldata remains high risk; rely on strict recipient safety checks.
@@ -146,11 +146,10 @@ Write commands include:
 - `raw`
 - `lend`
 - `redeem`
-- `config`
 - `four_buy`
 - `four_sell`
 
-Read-only commands do not require confirmation.
+Read-only commands (no confirmation needed): `config`, `policies`, `status`, `history`, `portfolio`, `price`, `tokens`, `search`, `balance`, `four_info`.
 
 ## CLI Commands
 
@@ -187,6 +186,7 @@ If `-l/--listing` is omitted, `setup-guide` auto-selects an active listing from
 
 ### Read-only and audit
 
+- `shll-run config -k <tokenId>` (view-only; modify via web console)
 - `shll-run portfolio -k <tokenId>`
 - `shll-run price --token <symbolOrAddress>`
 - `shll-run search --query <text>`

package/dist/{chunk-5GV6AGSA.mjs → chunk-TH3ENDDM.mjs}

@@ -6,7 +6,7 @@ var MEV_PROTECTED_RPC = "https://bscrpc.pancakeswap.finance";
 var DEFAULT_LISTING_MANAGER = "0x1f9CE85bD0FF75acc3D92eB79f1Eb472f0865071";
 var DEFAULT_LISTING_ID = "0x64083b44e38db02749e6e16bf84ce6c19146cc42a108e53324e11f250b15a0b7";
 var DEFAULT_INDEXER = "https://indexer-mainnet.shll.run";
-var SKILL_VERSION = "6.0.1";
+var SKILL_VERSION = "6.0.2";
 var BINDINGS_UPDATED_AT = "2026-03-06";
 var PANCAKE_V2_ROUTER = "0x10ED43C718714eb63d5aA57B78B54704E256024E";
 var PANCAKE_V3_SMART_ROUTER = "0x13f4EA83D0bd40E75C8222255bc855a974568Dd4";
@@ -170,16 +170,11 @@ var LISTING_MANAGER_ABI = [
   }
 ];
 var SPENDING_LIMIT_ABI = [
-  { type: "function", name: "setLimits", inputs: [{ name: "instanceId", type: "uint256" }, { name: "maxPerTx", type: "uint256" }, { name: "maxPerDay", type: "uint256" }, { name: "maxSlippageBps", type: "uint256" }], outputs: [], stateMutability: "nonpayable" },
   { type: "function", name: "instanceLimits", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "maxPerTx", type: "uint256" }, { name: "maxPerDay", type: "uint256" }, { name: "maxSlippageBps", type: "uint256" }], stateMutability: "view" },
   { type: "function", name: "tokenRestrictionEnabled", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "bool" }], stateMutability: "view" },
-  { type: "function", name: "getTokenList", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "address[]" }], stateMutability: "view" },
-  { type: "function", name: "addToken", inputs: [{ name: "instanceId", type: "uint256" }, { name: "token", type: "address" }], outputs: [], stateMutability: "nonpayable" },
-  { type: "function", name: "removeToken", inputs: [{ name: "instanceId", type: "uint256" }, { name: "token", type: "address" }], outputs: [], stateMutability: "nonpayable" },
-  { type: "function", name: "setTokenRestriction", inputs: [{ name: "instanceId", type: "uint256" }, { name: "enabled", type: "bool" }], outputs: [], stateMutability: "nonpayable" }
+  { type: "function", name: "getTokenList", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "address[]" }], stateMutability: "view" }
 ];
 var COOLDOWN_ABI = [
-  { type: "function", name: "setCooldown", inputs: [{ name: "instanceId", type: "uint256" }, { name: "seconds_", type: "uint256" }], outputs: [], stateMutability: "nonpayable" },
   { type: "function", name: "cooldownSeconds", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "uint256" }], stateMutability: "view" }
 ];
 var FOUR_MEME_HELPER_ABI = [
@@ -293,7 +288,7 @@ async function resolveTokenAsync(publicClient, input) {
 }
 
 // src/shared/clients.ts
-import { createPublicClient as createPublicClient2, createWalletClient as createWalletClient2, http as http2 } from "viem";
+import { createPublicClient as createPublicClient2, http as http2 } from "viem";
 import { privateKeyToAccount as privateKeyToAccount2, generatePrivateKey } from "viem/accounts";
 import { bsc as bsc2 } from "viem/chains";
 
@@ -823,14 +818,6 @@ function createClients(rpcUrl) {
   });
   return { account, publicClient, policyClient, rpc: writeRpc };
 }
-function createWallet(rpcUrl) {
-  const privateKey = process.env.RUNNER_PRIVATE_KEY;
-  if (!privateKey) throw new Error("RUNNER_PRIVATE_KEY environment variable is required");
-  const rpc = rpcUrl || DEFAULT_RPC;
-  const account = privateKeyToAccount2(toHex(privateKey));
-  const walletClient = createWalletClient2({ account, chain: bsc2, transport: http2(rpc) });
-  return { account, walletClient };
-}
 function createReadOnlyClient(rpcUrl) {
   const rpc = rpcUrl || process.env.SHLL_RPC || DEFAULT_RPC;
   return createPublicClient2({
@@ -990,10 +977,14 @@ function checkActionRecipientSafety(action, vault) {
 function policyRejectionHelp(reason, tokenId) {
   const consoleUrl = agentConsoleUrl(tokenId);
   const r = reason ?? "";
+  if (r.includes("Function not allowed"))
+    return { explanation: "The contract method selector is not enabled by the active DeFi policy configuration.", action: "Enable the required protocol pack or selector in Console > Safety, or use a supported transaction path.", consoleUrl };
   if (r.includes("Approve spender not allowed"))
     return { explanation: "The DEX router address is not in the approved spender whitelist.", action: "Contact the Agent owner to approve this router, or use a different DEX.", consoleUrl };
   if (r.includes("Target not allowed"))
     return { explanation: "The contract address is not in the DeFi target whitelist.", action: "Enable the corresponding DeFi Pack in Console > Safety, or contact the Agent owner.", consoleUrl };
+  if (r.includes("Receiver must be vault"))
+    return { explanation: "Swap output recipient must be the agent vault address enforced by ReceiverGuard.", action: "Retry with recipient/to set to the vault address, or use a supported flow that routes proceeds back to the vault.", consoleUrl };
   if (r.includes("Token not in whitelist"))
     return { explanation: "Token restriction is ON and this token is not whitelisted.", action: `Add the token to the whitelist or disable token restriction at: ${consoleUrl}`, consoleUrl };
   if (r.includes("Exceeds per-tx limit"))
@@ -1241,13 +1232,18 @@ function ensureRecipientSafe(result) {
   }
 }
 async function validateActionsOrThrow(policyClient, tokenId, actions) {
-  for (const action of actions) {
+  for (const [index, action] of actions.entries()) {
     const sim = await policyClient.validate(tokenId, action);
     if (!sim.ok) {
       throw new SkillError(
         "POLICY_REJECTED",
         "Policy rejected transaction",
         {
+          failedActionIndex: index,
+          failedActionTarget: action.target,
+          failedActionSelector: getActionSelector(action),
+          failedActionFunction: getActionFunctionName(action),
+          failedActionValue: action.value.toString(),
           reason: sim.reason,
           ...policyRejectionHelp(sim.reason, tokenId.toString())
         },
@@ -1267,6 +1263,37 @@ async function executeActions(policyClient, tokenId, actions) {
   const result = await policyClient.executeBatch(tokenId, actions, true);
   return { hash: result.hash };
 }
+function getActionSelector(action) {
+  return action.data && action.data.length >= 10 ? action.data.slice(0, 10) : "0x";
+}
+function getActionFunctionName(action) {
+  if (action.data === "0x") {
+    return "nativeTransfer";
+  }
+  const candidates = [
+    ERC20_ABI,
+    WBNB_ABI,
+    VTOKEN_ABI,
+    VBNB_MINT_ABI,
+    SWAP_EXACT_ETH_ABI,
+    SWAP_EXACT_TOKENS_ABI,
+    SWAP_EXACT_TOKENS_FOR_ETH_ABI,
+    SWAP_EXACT_ETH_FOR_TOKENS_FEE_ABI,
+    SWAP_EXACT_TOKENS_FOR_TOKENS_FEE_ABI,
+    SWAP_EXACT_TOKENS_FOR_ETH_FEE_ABI,
+    V3_EXACT_INPUT_SINGLE_ABI,
+    V3_EXACT_INPUT_ABI,
+    FOUR_MEME_V1_ABI,
+    FOUR_MEME_V2_ABI
+  ];
+  for (const abi of candidates) {
+    const decoded = tryDecodeCalldata(abi, action.data);
+    if (decoded?.functionName) {
+      return decoded.functionName;
+    }
+  }
+  return "unknown";
+}
 
 // src/services/info.ts
 var ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
@@ -1705,25 +1732,6 @@ async function executeSwap(input) {
           args: [minOut, path, vault, deadline]
         })
       });
-    } else if (isNativeOut) {
-      actions.push({
-        target: tokenIn.address,
-        value: 0n,
-        data: encodeFunctionData2({
-          abi: ERC20_ABI,
-          functionName: "approve",
-          args: [v2Router, amountIn]
-        })
-      });
-      actions.push({
-        target: v2Router,
-        value: 0n,
-        data: encodeFunctionData2({
-          abi: SWAP_EXACT_TOKENS_FOR_ETH_ABI,
-          functionName: "swapExactTokensForETH",
-          args: [amountIn, minOut, path, vault, deadline]
-        })
-      });
     } else {
       actions.push({
         target: tokenIn.address,
@@ -1738,8 +1746,8 @@ async function executeSwap(input) {
         target: v2Router,
         value: 0n,
         data: encodeFunctionData2({
-          abi: SWAP_EXACT_TOKENS_ABI,
-          functionName: "swapExactTokensForTokens",
+          abi: SWAP_EXACT_TOKENS_FOR_TOKENS_FEE_ABI,
+          functionName: "swapExactTokensForTokensSupportingFeeOnTransferTokens",
           args: [amountIn, minOut, path, vault, deadline]
         })
       });
@@ -2417,59 +2425,48 @@ async function getHistory(tokenIdRaw, limit) {
     recentPolicyRejections: rejections.length
   };
 }
-async function updateRiskConfig(tokenIdRaw, options) {
-  if (!options.txLimit && !options.dailyLimit && !options.cooldown) {
-    throw new SkillError("INVALID_INPUT", "Must specify at least one policy config option");
-  }
+async function getPolicyConfigGuidance(tokenIdRaw, rpcUrl) {
   const tokenId = parseTokenId(tokenIdRaw);
-  const { publicClient, policyClient, rpc } = createClients(options.rpcUrl);
-  await ensureAccess(tokenId, rpc, publicClient);
-  const { walletClient } = createWallet(rpc);
+  const { publicClient, policyClient } = createClients(rpcUrl);
   const policies = await policyClient.getPolicies(tokenId);
-  const results = [];
-  if (options.txLimit || options.dailyLimit) {
-    const spendingPolicy = policies.find((policy) => policy.policyTypeName === "spending_limit");
-    if (!spendingPolicy) {
-      throw new SkillError("NOT_FOUND", "No SpendingLimitPolicy found");
+  const consoleUrl = agentConsoleUrl(tokenId);
+  const currentConfig = {};
+  const spendingPolicy = policies.find((p) => p.policyTypeName === "spending_limit");
+  if (spendingPolicy) {
+    try {
+      const [maxPerTx, maxPerDay, maxSlippageBps] = await publicClient.readContract({
+        address: spendingPolicy.address,
+        abi: SPENDING_LIMIT_ABI,
+        functionName: "instanceLimits",
+        args: [tokenId]
+      });
+      currentConfig.spendingLimit = {
+        maxPerTx: (Number(maxPerTx) / 1e18).toFixed(4) + " BNB",
+        maxPerDay: (Number(maxPerDay) / 1e18).toFixed(4) + " BNB",
+        slippageBps: maxSlippageBps.toString()
+      };
+    } catch {
     }
-    const current = await publicClient.readContract({
-      address: spendingPolicy.address,
-      abi: SPENDING_LIMIT_ABI,
-      functionName: "instanceLimits",
-      args: [tokenId]
-    });
-    const [curMaxPerTx, curMaxPerDay, curSlippage] = current;
-    const hash = await walletClient.writeContract({
-      address: spendingPolicy.address,
-      abi: SPENDING_LIMIT_ABI,
-      functionName: "setLimits",
-      args: [
-        tokenId,
-        options.txLimit ? parseAmount(options.txLimit, 18) : curMaxPerTx,
-        options.dailyLimit ? parseAmount(options.dailyLimit, 18) : curMaxPerDay,
-        curSlippage
-      ]
-    });
-    await publicClient.waitForTransactionReceipt({ hash });
-    results.push(`SpendingLimit updated: ${hash}`);
   }
-  if (options.cooldown) {
-    const cooldownPolicy = policies.find((policy) => policy.policyTypeName === "cooldown");
-    if (!cooldownPolicy) {
-      throw new SkillError("NOT_FOUND", "No CooldownPolicy found");
+  const cooldownPolicy = policies.find((p) => p.policyTypeName === "cooldown");
+  if (cooldownPolicy) {
+    try {
+      const cooldown = await publicClient.readContract({
+        address: cooldownPolicy.address,
+        abi: COOLDOWN_ABI,
+        functionName: "cooldownSeconds",
+        args: [tokenId]
+      });
+      currentConfig.cooldown = { seconds: Number(cooldown) };
+    } catch {
     }
-    const hash = await walletClient.writeContract({
-      address: cooldownPolicy.address,
-      abi: COOLDOWN_ABI,
-      functionName: "setCooldown",
-      args: [tokenId, BigInt(options.cooldown)]
-    });
-    await publicClient.waitForTransactionReceipt({ hash });
-    results.push(`Cooldown updated: ${hash}`);
   }
   return {
-    status: "success",
-    details: results
+    status: "read_only",
+    tokenId: tokenIdRaw,
+    currentConfig,
+    message: "Policy modification via Skills is disabled. Please use the web console to adjust your security settings.",
+    consoleUrl
   };
 }
 function dedupeStrings(values) {
@@ -2507,5 +2504,5 @@ export {
   readTokenRestriction,
   getStatusOverview,
   getHistory,
-  updateRiskConfig
+  getPolicyConfigGuidance
 };

package/dist/index.js

@@ -12,7 +12,7 @@ var MEV_PROTECTED_RPC = "https://bscrpc.pancakeswap.finance";
 var DEFAULT_LISTING_MANAGER = "0x1f9CE85bD0FF75acc3D92eB79f1Eb472f0865071";
 var DEFAULT_LISTING_ID = "0x64083b44e38db02749e6e16bf84ce6c19146cc42a108e53324e11f250b15a0b7";
 var DEFAULT_INDEXER = "https://indexer-mainnet.shll.run";
-var SKILL_VERSION = "6.0.1";
+var SKILL_VERSION = "6.0.2";
 var BINDINGS_UPDATED_AT = "2026-03-06";
 var PANCAKE_V2_ROUTER = "0x10ED43C718714eb63d5aA57B78B54704E256024E";
 var PANCAKE_V3_SMART_ROUTER = "0x13f4EA83D0bd40E75C8222255bc855a974568Dd4";
@@ -176,16 +176,11 @@ var LISTING_MANAGER_ABI = [
   }
 ];
 var SPENDING_LIMIT_ABI = [
-  { type: "function", name: "setLimits", inputs: [{ name: "instanceId", type: "uint256" }, { name: "maxPerTx", type: "uint256" }, { name: "maxPerDay", type: "uint256" }, { name: "maxSlippageBps", type: "uint256" }], outputs: [], stateMutability: "nonpayable" },
   { type: "function", name: "instanceLimits", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "maxPerTx", type: "uint256" }, { name: "maxPerDay", type: "uint256" }, { name: "maxSlippageBps", type: "uint256" }], stateMutability: "view" },
   { type: "function", name: "tokenRestrictionEnabled", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "bool" }], stateMutability: "view" },
-  { type: "function", name: "getTokenList", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "address[]" }], stateMutability: "view" },
-  { type: "function", name: "addToken", inputs: [{ name: "instanceId", type: "uint256" }, { name: "token", type: "address" }], outputs: [], stateMutability: "nonpayable" },
-  { type: "function", name: "removeToken", inputs: [{ name: "instanceId", type: "uint256" }, { name: "token", type: "address" }], outputs: [], stateMutability: "nonpayable" },
-  { type: "function", name: "setTokenRestriction", inputs: [{ name: "instanceId", type: "uint256" }, { name: "enabled", type: "bool" }], outputs: [], stateMutability: "nonpayable" }
+  { type: "function", name: "getTokenList", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "address[]" }], stateMutability: "view" }
 ];
 var COOLDOWN_ABI = [
-  { type: "function", name: "setCooldown", inputs: [{ name: "instanceId", type: "uint256" }, { name: "seconds_", type: "uint256" }], outputs: [], stateMutability: "nonpayable" },
   { type: "function", name: "cooldownSeconds", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "uint256" }], stateMutability: "view" }
 ];
 var FOUR_MEME_HELPER_ABI = [
@@ -825,14 +820,6 @@ function createClients(rpcUrl) {
   });
   return { account, publicClient, policyClient, rpc: writeRpc };
 }
-function createWallet(rpcUrl) {
-  const privateKey = process.env.RUNNER_PRIVATE_KEY;
-  if (!privateKey) throw new Error("RUNNER_PRIVATE_KEY environment variable is required");
-  const rpc = rpcUrl || DEFAULT_RPC;
-  const account = (0, import_accounts2.privateKeyToAccount)(toHex(privateKey));
-  const walletClient = (0, import_viem2.createWalletClient)({ account, chain: import_chains2.bsc, transport: (0, import_viem2.http)(rpc) });
-  return { account, walletClient };
-}
 function createReadOnlyClient(rpcUrl) {
   const rpc = rpcUrl || process.env.SHLL_RPC || DEFAULT_RPC;
   return (0, import_viem2.createPublicClient)({
@@ -992,10 +979,14 @@ function checkActionRecipientSafety(action, vault) {
 function policyRejectionHelp(reason, tokenId) {
   const consoleUrl = agentConsoleUrl(tokenId);
   const r = reason ?? "";
+  if (r.includes("Function not allowed"))
+    return { explanation: "The contract method selector is not enabled by the active DeFi policy configuration.", action: "Enable the required protocol pack or selector in Console > Safety, or use a supported transaction path.", consoleUrl };
   if (r.includes("Approve spender not allowed"))
     return { explanation: "The DEX router address is not in the approved spender whitelist.", action: "Contact the Agent owner to approve this router, or use a different DEX.", consoleUrl };
   if (r.includes("Target not allowed"))
     return { explanation: "The contract address is not in the DeFi target whitelist.", action: "Enable the corresponding DeFi Pack in Console > Safety, or contact the Agent owner.", consoleUrl };
+  if (r.includes("Receiver must be vault"))
+    return { explanation: "Swap output recipient must be the agent vault address enforced by ReceiverGuard.", action: "Retry with recipient/to set to the vault address, or use a supported flow that routes proceeds back to the vault.", consoleUrl };
   if (r.includes("Token not in whitelist"))
     return { explanation: "Token restriction is ON and this token is not whitelisted.", action: `Add the token to the whitelist or disable token restriction at: ${consoleUrl}`, consoleUrl };
   if (r.includes("Exceeds per-tx limit"))
@@ -1262,13 +1253,18 @@ function ensureRecipientSafe(result) {
   }
 }
 async function validateActionsOrThrow(policyClient, tokenId, actions) {
-  for (const action of actions) {
+  for (const [index, action] of actions.entries()) {
     const sim = await policyClient.validate(tokenId, action);
     if (!sim.ok) {
       throw new SkillError(
         "POLICY_REJECTED",
         "Policy rejected transaction",
         {
+          failedActionIndex: index,
+          failedActionTarget: action.target,
+          failedActionSelector: getActionSelector(action),
+          failedActionFunction: getActionFunctionName(action),
+          failedActionValue: action.value.toString(),
           reason: sim.reason,
           ...policyRejectionHelp(sim.reason, tokenId.toString())
         },
@@ -1288,6 +1284,37 @@ async function executeActions(policyClient, tokenId, actions) {
   const result = await policyClient.executeBatch(tokenId, actions, true);
   return { hash: result.hash };
 }
+function getActionSelector(action) {
+  return action.data && action.data.length >= 10 ? action.data.slice(0, 10) : "0x";
+}
+function getActionFunctionName(action) {
+  if (action.data === "0x") {
+    return "nativeTransfer";
+  }
+  const candidates = [
+    ERC20_ABI,
+    WBNB_ABI,
+    VTOKEN_ABI,
+    VBNB_MINT_ABI,
+    SWAP_EXACT_ETH_ABI,
+    SWAP_EXACT_TOKENS_ABI,
+    SWAP_EXACT_TOKENS_FOR_ETH_ABI,
+    SWAP_EXACT_ETH_FOR_TOKENS_FEE_ABI,
+    SWAP_EXACT_TOKENS_FOR_TOKENS_FEE_ABI,
+    SWAP_EXACT_TOKENS_FOR_ETH_FEE_ABI,
+    V3_EXACT_INPUT_SINGLE_ABI,
+    V3_EXACT_INPUT_ABI,
+    FOUR_MEME_V1_ABI,
+    FOUR_MEME_V2_ABI
+  ];
+  for (const abi of candidates) {
+    const decoded = tryDecodeCalldata(abi, action.data);
+    if (decoded?.functionName) {
+      return decoded.functionName;
+    }
+  }
+  return "unknown";
+}
 
 // src/services/info.ts
 var import_viem5 = require("viem");
@@ -1729,25 +1756,6 @@ async function executeSwap(input) {
           args: [minOut, path, vault, deadline]
         })
       });
-    } else if (isNativeOut) {
-      actions.push({
-        target: tokenIn.address,
-        value: 0n,
-        data: (0, import_viem7.encodeFunctionData)({
-          abi: ERC20_ABI,
-          functionName: "approve",
-          args: [v2Router, amountIn]
-        })
-      });
-      actions.push({
-        target: v2Router,
-        value: 0n,
-        data: (0, import_viem7.encodeFunctionData)({
-          abi: SWAP_EXACT_TOKENS_FOR_ETH_ABI,
-          functionName: "swapExactTokensForETH",
-          args: [amountIn, minOut, path, vault, deadline]
-        })
-      });
     } else {
       actions.push({
         target: tokenIn.address,
@@ -1762,8 +1770,8 @@ async function executeSwap(input) {
         target: v2Router,
         value: 0n,
         data: (0, import_viem7.encodeFunctionData)({
-          abi: SWAP_EXACT_TOKENS_ABI,
-          functionName: "swapExactTokensForTokens",
+          abi: SWAP_EXACT_TOKENS_FOR_TOKENS_FEE_ABI,
+          functionName: "swapExactTokensForTokensSupportingFeeOnTransferTokens",
           args: [amountIn, minOut, path, vault, deadline]
         })
       });
@@ -2360,59 +2368,48 @@ async function getHistory(tokenIdRaw, limit) {
     recentPolicyRejections: rejections.length
   };
 }
-async function updateRiskConfig(tokenIdRaw, options) {
-  if (!options.txLimit && !options.dailyLimit && !options.cooldown) {
-    throw new SkillError("INVALID_INPUT", "Must specify at least one policy config option");
-  }
+async function getPolicyConfigGuidance(tokenIdRaw, rpcUrl) {
   const tokenId = parseTokenId(tokenIdRaw);
-  const { publicClient, policyClient, rpc } = createClients(options.rpcUrl);
-  await ensureAccess(tokenId, rpc, publicClient);
-  const { walletClient } = createWallet(rpc);
+  const { publicClient, policyClient } = createClients(rpcUrl);
   const policies = await policyClient.getPolicies(tokenId);
-  const results = [];
-  if (options.txLimit || options.dailyLimit) {
-    const spendingPolicy = policies.find((policy) => policy.policyTypeName === "spending_limit");
-    if (!spendingPolicy) {
-      throw new SkillError("NOT_FOUND", "No SpendingLimitPolicy found");
+  const consoleUrl = agentConsoleUrl(tokenId);
+  const currentConfig = {};
+  const spendingPolicy = policies.find((p) => p.policyTypeName === "spending_limit");
+  if (spendingPolicy) {
+    try {
+      const [maxPerTx, maxPerDay, maxSlippageBps] = await publicClient.readContract({
+        address: spendingPolicy.address,
+        abi: SPENDING_LIMIT_ABI,
+        functionName: "instanceLimits",
+        args: [tokenId]
+      });
+      currentConfig.spendingLimit = {
+        maxPerTx: (Number(maxPerTx) / 1e18).toFixed(4) + " BNB",
+        maxPerDay: (Number(maxPerDay) / 1e18).toFixed(4) + " BNB",
+        slippageBps: maxSlippageBps.toString()
+      };
+    } catch {
     }
-    const current = await publicClient.readContract({
-      address: spendingPolicy.address,
-      abi: SPENDING_LIMIT_ABI,
-      functionName: "instanceLimits",
-      args: [tokenId]
-    });
-    const [curMaxPerTx, curMaxPerDay, curSlippage] = current;
-    const hash = await walletClient.writeContract({
-      address: spendingPolicy.address,
-      abi: SPENDING_LIMIT_ABI,
-      functionName: "setLimits",
-      args: [
-        tokenId,
-        options.txLimit ? parseAmount(options.txLimit, 18) : curMaxPerTx,
-        options.dailyLimit ? parseAmount(options.dailyLimit, 18) : curMaxPerDay,
-        curSlippage
-      ]
-    });
-    await publicClient.waitForTransactionReceipt({ hash });
-    results.push(`SpendingLimit updated: ${hash}`);
   }
-  if (options.cooldown) {
-    const cooldownPolicy = policies.find((policy) => policy.policyTypeName === "cooldown");
-    if (!cooldownPolicy) {
-      throw new SkillError("NOT_FOUND", "No CooldownPolicy found");
+  const cooldownPolicy = policies.find((p) => p.policyTypeName === "cooldown");
+  if (cooldownPolicy) {
+    try {
+      const cooldown = await publicClient.readContract({
+        address: cooldownPolicy.address,
+        abi: COOLDOWN_ABI,
+        functionName: "cooldownSeconds",
+        args: [tokenId]
+      });
+      currentConfig.cooldown = { seconds: Number(cooldown) };
+    } catch {
     }
-    const hash = await walletClient.writeContract({
-      address: cooldownPolicy.address,
-      abi: COOLDOWN_ABI,
-      functionName: "setCooldown",
-      args: [tokenId, BigInt(options.cooldown)]
-    });
-    await publicClient.waitForTransactionReceipt({ hash });
-    results.push(`Cooldown updated: ${hash}`);
   }
   return {
-    status: "success",
-    details: results
+    status: "read_only",
+    tokenId: tokenIdRaw,
+    currentConfig,
+    message: "Policy modification via Skills is disabled. Please use the web console to adjust your security settings.",
+    consoleUrl
   };
 }
 function dedupeStrings(values) {
@@ -2582,15 +2579,10 @@ function registerAgentCommands(program2) {
       process.exit(1);
     }
   });
-  const configCmd = new import_commander5.Command("config").description("Configure agent risk parameters (Requires RENTER status!)").option("--tx-limit <amount>", "Max BNB per tx").option("--daily-limit <amount>", "Max BNB per day").option("--cooldown <seconds>", "Seconds between tx");
+  const configCmd = new import_commander5.Command("config").description("View current risk parameters (modify via web console)");
   addSharedOptions(configCmd).action(async (opts) => {
     try {
-      output(await updateRiskConfig(opts.tokenId, {
-        txLimit: opts.txLimit,
-        dailyLimit: opts.dailyLimit,
-        cooldown: opts.cooldown,
-        rpcUrl: opts.rpc
-      }));
+      output(await getPolicyConfigGuidance(opts.tokenId, opts.rpc));
     } catch (error) {
       outputError(error);
       process.exit(1);

package/dist/index.mjs

@@ -11,6 +11,7 @@ import {
   getBalance,
   getFourMemeInfo,
   getHistory,
+  getPolicyConfigGuidance,
   getPolicySummary,
   getPortfolio,
   getPrice,
@@ -25,9 +26,8 @@ import {
   toErrorPayload,
   transferFromVault,
   unwrapWbnb,
-  updateRiskConfig,
   wrapBnb
-} from "./chunk-5GV6AGSA.mjs";
+} from "./chunk-TH3ENDDM.mjs";
 
 // src/index.ts
 import { Command as Command9 } from "commander";
@@ -226,15 +226,10 @@ function registerAgentCommands(program2) {
       process.exit(1);
     }
   });
-  const configCmd = new Command5("config").description("Configure agent risk parameters (Requires RENTER status!)").option("--tx-limit <amount>", "Max BNB per tx").option("--daily-limit <amount>", "Max BNB per day").option("--cooldown <seconds>", "Seconds between tx");
+  const configCmd = new Command5("config").description("View current risk parameters (modify via web console)");
   addSharedOptions(configCmd).action(async (opts) => {
     try {
-      output(await updateRiskConfig(opts.tokenId, {
-        txLimit: opts.txLimit,
-        dailyLimit: opts.dailyLimit,
-        cooldown: opts.cooldown,
-        rpcUrl: opts.rpc
-      }));
+      output(await getPolicyConfigGuidance(opts.tokenId, opts.rpc));
     } catch (error) {
       outputError(error);
       process.exit(1);

package/dist/mcp.js

@@ -12,7 +12,7 @@ var MEV_PROTECTED_RPC = "https://bscrpc.pancakeswap.finance";
 var DEFAULT_LISTING_MANAGER = "0x1f9CE85bD0FF75acc3D92eB79f1Eb472f0865071";
 var DEFAULT_LISTING_ID = "0x64083b44e38db02749e6e16bf84ce6c19146cc42a108e53324e11f250b15a0b7";
 var DEFAULT_INDEXER = "https://indexer-mainnet.shll.run";
-var SKILL_VERSION = "6.0.1";
+var SKILL_VERSION = "6.0.2";
 var PANCAKE_V2_ROUTER = "0x10ED43C718714eb63d5aA57B78B54704E256024E";
 var PANCAKE_V3_SMART_ROUTER = "0x13f4EA83D0bd40E75C8222255bc855a974568Dd4";
 var V3_QUOTER = "0xB048Bbc1Ee6b733FFfCFb9e9CeF7375518e25997";
@@ -175,16 +175,11 @@ var LISTING_MANAGER_ABI = [
   }
 ];
 var SPENDING_LIMIT_ABI = [
-  { type: "function", name: "setLimits", inputs: [{ name: "instanceId", type: "uint256" }, { name: "maxPerTx", type: "uint256" }, { name: "maxPerDay", type: "uint256" }, { name: "maxSlippageBps", type: "uint256" }], outputs: [], stateMutability: "nonpayable" },
   { type: "function", name: "instanceLimits", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "maxPerTx", type: "uint256" }, { name: "maxPerDay", type: "uint256" }, { name: "maxSlippageBps", type: "uint256" }], stateMutability: "view" },
   { type: "function", name: "tokenRestrictionEnabled", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "bool" }], stateMutability: "view" },
-  { type: "function", name: "getTokenList", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "address[]" }], stateMutability: "view" },
-  { type: "function", name: "addToken", inputs: [{ name: "instanceId", type: "uint256" }, { name: "token", type: "address" }], outputs: [], stateMutability: "nonpayable" },
-  { type: "function", name: "removeToken", inputs: [{ name: "instanceId", type: "uint256" }, { name: "token", type: "address" }], outputs: [], stateMutability: "nonpayable" },
-  { type: "function", name: "setTokenRestriction", inputs: [{ name: "instanceId", type: "uint256" }, { name: "enabled", type: "bool" }], outputs: [], stateMutability: "nonpayable" }
+  { type: "function", name: "getTokenList", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "address[]" }], stateMutability: "view" }
 ];
 var COOLDOWN_ABI = [
-  { type: "function", name: "setCooldown", inputs: [{ name: "instanceId", type: "uint256" }, { name: "seconds_", type: "uint256" }], outputs: [], stateMutability: "nonpayable" },
   { type: "function", name: "cooldownSeconds", inputs: [{ name: "instanceId", type: "uint256" }], outputs: [{ name: "", type: "uint256" }], stateMutability: "view" }
 ];
 var FOUR_MEME_HELPER_ABI = [
@@ -824,14 +819,6 @@ function createClients(rpcUrl) {
   });
   return { account, publicClient, policyClient, rpc: writeRpc };
 }
-function createWallet(rpcUrl) {
-  const privateKey = process.env.RUNNER_PRIVATE_KEY;
-  if (!privateKey) throw new Error("RUNNER_PRIVATE_KEY environment variable is required");
-  const rpc = rpcUrl || DEFAULT_RPC;
-  const account = (0, import_accounts2.privateKeyToAccount)(toHex(privateKey));
-  const walletClient = (0, import_viem2.createWalletClient)({ account, chain: import_chains2.bsc, transport: (0, import_viem2.http)(rpc) });
-  return { account, walletClient };
-}
 function createReadOnlyClient(rpcUrl) {
   const rpc = rpcUrl || process.env.SHLL_RPC || DEFAULT_RPC;
   return (0, import_viem2.createPublicClient)({
@@ -991,10 +978,14 @@ function checkActionRecipientSafety(action, vault) {
 function policyRejectionHelp(reason, tokenId) {
   const consoleUrl = agentConsoleUrl(tokenId);
   const r = reason ?? "";
+  if (r.includes("Function not allowed"))
+    return { explanation: "The contract method selector is not enabled by the active DeFi policy configuration.", action: "Enable the required protocol pack or selector in Console > Safety, or use a supported transaction path.", consoleUrl };
   if (r.includes("Approve spender not allowed"))
     return { explanation: "The DEX router address is not in the approved spender whitelist.", action: "Contact the Agent owner to approve this router, or use a different DEX.", consoleUrl };
   if (r.includes("Target not allowed"))
     return { explanation: "The contract address is not in the DeFi target whitelist.", action: "Enable the corresponding DeFi Pack in Console > Safety, or contact the Agent owner.", consoleUrl };
+  if (r.includes("Receiver must be vault"))
+    return { explanation: "Swap output recipient must be the agent vault address enforced by ReceiverGuard.", action: "Retry with recipient/to set to the vault address, or use a supported flow that routes proceeds back to the vault.", consoleUrl };
   if (r.includes("Token not in whitelist"))
     return { explanation: "Token restriction is ON and this token is not whitelisted.", action: `Add the token to the whitelist or disable token restriction at: ${consoleUrl}`, consoleUrl };
   if (r.includes("Exceeds per-tx limit"))
@@ -1242,13 +1233,18 @@ function ensureRecipientSafe(result) {
   }
 }
 async function validateActionsOrThrow(policyClient, tokenId, actions) {
-  for (const action of actions) {
+  for (const [index, action] of actions.entries()) {
     const sim = await policyClient.validate(tokenId, action);
     if (!sim.ok) {
       throw new SkillError(
         "POLICY_REJECTED",
         "Policy rejected transaction",
         {
+          failedActionIndex: index,
+          failedActionTarget: action.target,
+          failedActionSelector: getActionSelector(action),
+          failedActionFunction: getActionFunctionName(action),
+          failedActionValue: action.value.toString(),
           reason: sim.reason,
           ...policyRejectionHelp(sim.reason, tokenId.toString())
         },
@@ -1268,6 +1264,37 @@ async function executeActions(policyClient, tokenId, actions) {
   const result = await policyClient.executeBatch(tokenId, actions, true);
   return { hash: result.hash };
 }
+function getActionSelector(action) {
+  return action.data && action.data.length >= 10 ? action.data.slice(0, 10) : "0x";
+}
+function getActionFunctionName(action) {
+  if (action.data === "0x") {
+    return "nativeTransfer";
+  }
+  const candidates = [
+    ERC20_ABI,
+    WBNB_ABI,
+    VTOKEN_ABI,
+    VBNB_MINT_ABI,
+    SWAP_EXACT_ETH_ABI,
+    SWAP_EXACT_TOKENS_ABI,
+    SWAP_EXACT_TOKENS_FOR_ETH_ABI,
+    SWAP_EXACT_ETH_FOR_TOKENS_FEE_ABI,
+    SWAP_EXACT_TOKENS_FOR_TOKENS_FEE_ABI,
+    SWAP_EXACT_TOKENS_FOR_ETH_FEE_ABI,
+    V3_EXACT_INPUT_SINGLE_ABI,
+    V3_EXACT_INPUT_ABI,
+    FOUR_MEME_V1_ABI,
+    FOUR_MEME_V2_ABI
+  ];
+  for (const abi of candidates) {
+    const decoded = tryDecodeCalldata(abi, action.data);
+    if (decoded?.functionName) {
+      return decoded.functionName;
+    }
+  }
+  return "unknown";
+}
 
 // src/services/info.ts
 var import_viem5 = require("viem");
@@ -1709,25 +1736,6 @@ async function executeSwap(input) {
           args: [minOut, path, vault, deadline]
         })
       });
-    } else if (isNativeOut) {
-      actions.push({
-        target: tokenIn.address,
-        value: 0n,
-        data: (0, import_viem7.encodeFunctionData)({
-          abi: ERC20_ABI,
-          functionName: "approve",
-          args: [v2Router, amountIn]
-        })
-      });
-      actions.push({
-        target: v2Router,
-        value: 0n,
-        data: (0, import_viem7.encodeFunctionData)({
-          abi: SWAP_EXACT_TOKENS_FOR_ETH_ABI,
-          functionName: "swapExactTokensForETH",
-          args: [amountIn, minOut, path, vault, deadline]
-        })
-      });
     } else {
       actions.push({
         target: tokenIn.address,
@@ -1742,8 +1750,8 @@ async function executeSwap(input) {
         target: v2Router,
         value: 0n,
         data: (0, import_viem7.encodeFunctionData)({
-          abi: SWAP_EXACT_TOKENS_ABI,
-          functionName: "swapExactTokensForTokens",
+          abi: SWAP_EXACT_TOKENS_FOR_TOKENS_FEE_ABI,
+          functionName: "swapExactTokensForTokensSupportingFeeOnTransferTokens",
           args: [amountIn, minOut, path, vault, deadline]
         })
       });
@@ -2421,59 +2429,48 @@ async function getHistory(tokenIdRaw, limit) {
     recentPolicyRejections: rejections.length
   };
 }
-async function updateRiskConfig(tokenIdRaw, options) {
-  if (!options.txLimit && !options.dailyLimit && !options.cooldown) {
-    throw new SkillError("INVALID_INPUT", "Must specify at least one policy config option");
-  }
+async function getPolicyConfigGuidance(tokenIdRaw, rpcUrl) {
   const tokenId = parseTokenId(tokenIdRaw);
-  const { publicClient, policyClient, rpc } = createClients(options.rpcUrl);
-  await ensureAccess(tokenId, rpc, publicClient);
-  const { walletClient } = createWallet(rpc);
+  const { publicClient, policyClient } = createClients(rpcUrl);
   const policies = await policyClient.getPolicies(tokenId);
-  const results = [];
-  if (options.txLimit || options.dailyLimit) {
-    const spendingPolicy = policies.find((policy) => policy.policyTypeName === "spending_limit");
-    if (!spendingPolicy) {
-      throw new SkillError("NOT_FOUND", "No SpendingLimitPolicy found");
+  const consoleUrl = agentConsoleUrl(tokenId);
+  const currentConfig = {};
+  const spendingPolicy = policies.find((p) => p.policyTypeName === "spending_limit");
+  if (spendingPolicy) {
+    try {
+      const [maxPerTx, maxPerDay, maxSlippageBps] = await publicClient.readContract({
+        address: spendingPolicy.address,
+        abi: SPENDING_LIMIT_ABI,
+        functionName: "instanceLimits",
+        args: [tokenId]
+      });
+      currentConfig.spendingLimit = {
+        maxPerTx: (Number(maxPerTx) / 1e18).toFixed(4) + " BNB",
+        maxPerDay: (Number(maxPerDay) / 1e18).toFixed(4) + " BNB",
+        slippageBps: maxSlippageBps.toString()
+      };
+    } catch {
     }
-    const current = await publicClient.readContract({
-      address: spendingPolicy.address,
-      abi: SPENDING_LIMIT_ABI,
-      functionName: "instanceLimits",
-      args: [tokenId]
-    });
-    const [curMaxPerTx, curMaxPerDay, curSlippage] = current;
-    const hash = await walletClient.writeContract({
-      address: spendingPolicy.address,
-      abi: SPENDING_LIMIT_ABI,
-      functionName: "setLimits",
-      args: [
-        tokenId,
-        options.txLimit ? parseAmount(options.txLimit, 18) : curMaxPerTx,
-        options.dailyLimit ? parseAmount(options.dailyLimit, 18) : curMaxPerDay,
-        curSlippage
-      ]
-    });
-    await publicClient.waitForTransactionReceipt({ hash });
-    results.push(`SpendingLimit updated: ${hash}`);
   }
-  if (options.cooldown) {
-    const cooldownPolicy = policies.find((policy) => policy.policyTypeName === "cooldown");
-    if (!cooldownPolicy) {
-      throw new SkillError("NOT_FOUND", "No CooldownPolicy found");
+  const cooldownPolicy = policies.find((p) => p.policyTypeName === "cooldown");
+  if (cooldownPolicy) {
+    try {
+      const cooldown = await publicClient.readContract({
+        address: cooldownPolicy.address,
+        abi: COOLDOWN_ABI,
+        functionName: "cooldownSeconds",
+        args: [tokenId]
+      });
+      currentConfig.cooldown = { seconds: Number(cooldown) };
+    } catch {
     }
-    const hash = await walletClient.writeContract({
-      address: cooldownPolicy.address,
-      abi: COOLDOWN_ABI,
-      functionName: "setCooldown",
-      args: [tokenId, BigInt(options.cooldown)]
-    });
-    await publicClient.waitForTransactionReceipt({ hash });
-    results.push(`Cooldown updated: ${hash}`);
   }
   return {
-    status: "success",
-    details: results
+    status: "read_only",
+    tokenId: tokenIdRaw,
+    currentConfig,
+    message: "Policy modification via Skills is disabled. Please use the web console to adjust your security settings.",
+    consoleUrl
   };
 }
 function dedupeStrings(values) {
@@ -2750,20 +2747,13 @@ function registerAgentTools(server2) {
   );
   server2.tool(
     "config",
-    "Configure risk parameters",
+    "View current risk parameters and get a link to the web console for modifications",
     {
-      token_id: CommonSchemas.tokenId.describe("Agent Token ID"),
-      tx_limit: import_zod5.z.string().optional().describe("Max BNB per tx"),
-      daily_limit: import_zod5.z.string().optional().describe("Max BNB per day"),
-      cooldown: import_zod5.z.string().optional().describe("Seconds between tx")
+      token_id: CommonSchemas.tokenId.describe("Agent Token ID")
     },
-    async ({ token_id, tx_limit, daily_limit, cooldown }) => {
+    async ({ token_id }) => {
       try {
-        return asToolResult5(await updateRiskConfig(token_id, {
-          txLimit: tx_limit,
-          dailyLimit: daily_limit,
-          cooldown
-        }));
+        return asToolResult5(await getPolicyConfigGuidance(token_id));
       } catch (error) {
         return formatMcpError(error);
       }

package/dist/mcp.mjs

@@ -11,6 +11,7 @@ import {
   getBalance,
   getFourMemeInfo,
   getHistory,
+  getPolicyConfigGuidance,
   getPolicySummary,
   getPortfolio,
   getPrice,
@@ -24,9 +25,8 @@ import {
   sellFourMeme,
   transferFromVault,
   unwrapWbnb,
-  updateRiskConfig,
   wrapBnb
-} from "./chunk-5GV6AGSA.mjs";
+} from "./chunk-TH3ENDDM.mjs";
 
 // src/mcp.ts
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
@@ -303,20 +303,13 @@ function registerAgentTools(server2) {
   );
   server2.tool(
     "config",
-    "Configure risk parameters",
+    "View current risk parameters and get a link to the web console for modifications",
     {
-      token_id: CommonSchemas.tokenId.describe("Agent Token ID"),
-      tx_limit: z4.string().optional().describe("Max BNB per tx"),
-      daily_limit: z4.string().optional().describe("Max BNB per day"),
-      cooldown: z4.string().optional().describe("Seconds between tx")
+      token_id: CommonSchemas.tokenId.describe("Agent Token ID")
     },
-    async ({ token_id, tx_limit, daily_limit, cooldown }) => {
+    async ({ token_id }) => {
       try {
-        return asToolResult5(await updateRiskConfig(token_id, {
-          txLimit: tx_limit,
-          dailyLimit: daily_limit,
-          cooldown
-        }));
+        return asToolResult5(await getPolicyConfigGuidance(token_id));
       } catch (error) {
         return formatMcpError(error);
       }

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "shll-skills",
-    "version": "6.0.1",
+    "version": "6.0.3",
     "description": "SHLL DeFi Agent - CLI + MCP Server for BSC",
     "main": "dist/index.js",
     "bin": {
@@ -35,4 +35,4 @@
         "SKILL.md"
     ],
     "license": "MIT"
-}
+}