{ "schemaVersion": "1.0", "item": { "slug": "guardrail-smart-accounts", "name": "Guardrail Smart Accounts", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/shawnwollenberg/guardrail-smart-accounts", "canonicalUrl": "https://clawhub.ai/shawnwollenberg/guardrail-smart-accounts", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/guardrail-smart-accounts", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=guardrail-smart-accounts", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/guardrail-smart-accounts" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/guardrail-smart-accounts", "agentPageUrl": "https://openagent3.xyz/skills/guardrail-smart-accounts/agent", "manifestUrl": "https://openagent3.xyz/skills/guardrail-smart-accounts/agent.json", "briefUrl": "https://openagent3.xyz/skills/guardrail-smart-accounts/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Guardrail Smart Accounts Skill", "body": "Create and manage ERC-4337 smart accounts, policies, permissions, and enforcement for AI agents with on-chain spending guardrails." }, { "title": "Overview", "body": "The Guardrail Smart Accounts Skill enables agents and humans to create dedicated ERC-4337 smart accounts with built-in spending limits enforced on-chain. Every account is bound to a Guardrail policy at creation.\n\nGuardrail never takes custody of funds — all enforcement occurs on-chain via deployed contracts.\n\nThis skill supports both:\n\nProgrammatic agent execution\nHuman-in-the-loop wallet workflows\n\nIt is designed as infrastructure: contract-level fees, policy-bound accounts, and non-custodial enforcement." }, { "title": "Security & Credential Model (Required)", "body": "This skill performs on-chain operations that require:\n\nJSON-RPC access\nTransaction signing\n\nPrivate keys must never be provided in chat and must never be stored in unconstrained agent memory.\n\nThe skill supports the following secure signing models:" }, { "title": "1. External Signer (Recommended)", "body": "The agent prepares a transaction.\nThe runtime forwards it to a secure signer service (HSM, MPC, hosted signer).\nThe signer enforces scope, rate limits, and allowlists.\nThe agent never sees raw private keys." }, { "title": "2. Wallet Connector / User-Approved Signing", "body": "Transactions are prepared by the agent.\nA user wallet (browser, hardware wallet) prompts for approval.\nKeys remain in the wallet." }, { "title": "3. Scoped Session Keys (Advanced)", "body": "Session keys must be policy-restricted.\nKeys must have strict limits (value caps, allowlists).\nKeys must be short-lived and rotated frequently.\nNever expose a long-lived owner EOA private key." }, { "title": "The Skill Must NOT", "body": "Ask the user to paste private keys or seed phrases.\nStore private keys in memory, logs, or prompts.\nAccess unrelated environment variables or local files.\nRequest cloud credentials or system-level secrets.\nPersist secrets beyond runtime execution.\n\nIf secure signing is not configured, use this skill in read-only mode until proper signing is established." }, { "title": "Required Runtime Configuration", "body": "These values must be provided via secure secret storage (not chat):\n\nGUARDRAIL_CHAIN_ID — Target chain identifier\nGUARDRAIL_RPC_URL — JSON-RPC endpoint for the target chain (treat as sensitive — hosted RPC URLs often contain API keys)\nGUARDRAIL_SIGNING_MODE — one of: external_signer, wallet_connector, session_key" }, { "title": "Conditional Secrets (declared in manifest as optionalSecrets)", "body": "These are only required when using specific signing modes:\n\nGUARDRAIL_SIGNER_ENDPOINT — External signer service URL. Only required when GUARDRAIL_SIGNING_MODE is external_signer. Not needed for wallet_connector or session_key modes.\nGUARDRAIL_SIGNER_AUTH_TOKEN — Scoped, revocable authentication token for the external signer. Only required when GUARDRAIL_SIGNING_MODE is external_signer. Must be stored in secure secret storage, never in chat or logs.\nGUARDRAIL_DASHBOARD_API_KEY — API key for dashboard management UI interaction. Not required for direct contract usage." }, { "title": "Signer Token Rotation and Revocation", "body": "When using external_signer mode:\n\nGUARDRAIL_SIGNER_AUTH_TOKEN should be scoped to the minimum required permissions (allowlists, rate limits, spend caps).\nTokens should be short-lived and rotated on a regular schedule.\nThe external signer provider must support immediate token revocation.\nIf a token is compromised, revoke it at the signer provider and rotate to a new token in secure secret storage.\nNever use long-lived owner EOA private keys as signer tokens." }, { "title": "Dashboard API Key Usage", "body": "GUARDRAIL_DASHBOARD_API_KEY provides access to the management dashboard API for registering agents, managing policies, and viewing audit logs. It does not grant signing or fund-transfer capability. Store it in secure secret storage and rotate periodically.\n\nThe runtime must validate the chain ID and reject unsupported networks by default." }, { "title": "1. Create Smart Account", "body": "Deploy a new smart account via the Guardrail factory. The account is bound to a PermissionEnforcer and controlled by a signer (EOA or generated keypair).\n\nDeterministic deployment via CREATE2 (salt-based)\nOwner recorded on-chain\nOne-time creation fee: $10 USD equivalent in ETH\nPolicy-bound by default\n\nFactory Contract: AgentAccountFactory\nFunction: createAccount(address owner, bytes32 agentId, bytes32 salt) payable returns (address)\n\n// Get required creation fee\nuint256 fee = factory.getCreationFee();\n\n// Deploy account (send fee as msg.value)\naddress account = factory.createAccount{value: fee}(ownerAddress, agentId, salt);" }, { "title": "2. Fund Smart Account (Inbound Transfer)", "body": "Send ETH to the smart account address.\n\nInbound transfers are free.\n\n// NOTE: walletClient must be backed by a secure signer integration.\n// Do NOT provide raw private keys to the agent.\n\nawait walletClient.sendTransaction({\n to: smartAccountAddress,\n value: parseEther(\"1.0\"),\n});" }, { "title": "3. Withdraw from Smart Account (Outbound Transfer)", "body": "Execute a transfer from the smart account.\n\nOutbound transfers are charged a 10 bps (0.10%) fee, capped at $100 USD equivalent per transaction.\n\nFunction: execute(address target, uint256 value, bytes data)\n\nconst data = encodeFunctionData({\n abi: agentSmartAccountABI,\n functionName: \"execute\",\n args: [destinationAddress, parseEther(\"1.0\"), \"0x\"],\n});\n\nawait walletClient.sendTransaction({\n to: smartAccountAddress,\n data,\n});\n\nFee enforcement occurs inside GuardrailFeeManager." }, { "title": "4. Read State (Safe / Read-Only)", "body": "These functions do not require signing.\n\n// Get account owner\nconst owner = await publicClient.readContract({\n address: smartAccountAddress,\n abi: agentSmartAccountABI,\n functionName: \"owner\",\n});\n\n// Get creation fee\nconst fee = await publicClient.readContract({\n address: factoryAddress,\n abi: agentAccountFactoryABI,\n functionName: \"getCreationFee\",\n});\n\n// Calculate transfer fee\nconst transferFee = await publicClient.readContract({\n address: feeManagerAddress,\n abi: guardrailFeeManagerABI,\n functionName: \"calculateTransferFee\",\n args: [parseEther(\"10.0\")],\n});\n\npublicClient must be a read-only RPC client." }, { "title": "5. Policy Management", "body": "Create and manage policies that define what actions agents can perform, with constraints on value, volume, and scope.\n\nCreate Policy — POST /api/v1/policies\n\nconst response = await fetch(`${API_BASE_URL}/api/v1/policies`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n name: \"DeFi Trading Policy\",\n description: \"Allow swaps and transfers with daily limits\",\n definition: {\n actions: [\"swap\", \"transfer\"],\n assets: {\n tokens: [\"0xA0b8...eB48\", \"0xdAC1...1eC7\"],\n protocols: [\"*\"],\n chains: [1, 8453],\n },\n constraints: {\n maxValuePerTx: \"1000000000000000000\",\n maxDailyVolume: \"10000000000000000000\",\n maxWeeklyVolume: \"50000000000000000000\",\n maxTxCount: 100,\n requireApproval: false,\n },\n duration: {\n validFrom: \"2025-01-01T00:00:00Z\",\n validUntil: \"2025-12-31T23:59:59Z\",\n },\n conditions: [\n { field: \"amount\", operator: \"lte\", value: \"5000000000000000000\" },\n ],\n },\n }),\n});\nconst policy = await response.json();\n\nPolicyDefinition structure:\n\nFieldTypeDescriptionactionsstring[]Allowed action types: swap, transfer, approve, stake, unstake, deposit, withdraw, mint, burn, bridge, claim, vote, delegate, lp_add, lp_remove, borrow, repay, liquidate, * (wildcard)assets.tokensstring[]Token contract addresses, or [\"*\"] for allassets.protocolsstring[]Protocol contract addresses, or [\"*\"] for allassets.chainsnumber[]Allowed chain IDsconstraints.maxValuePerTxstringMaximum value per transaction (wei)constraints.maxDailyVolumestringMaximum daily volume (wei)constraints.maxWeeklyVolumestringMaximum weekly volume (wei)constraints.maxTxCountnumberMaximum transaction count within the durationconstraints.requireApprovalbooleanWhether transactions require manual approvalduration.validFromstringISO 8601 start timeduration.validUntilstringISO 8601 end timeconditionsarrayAdvanced rules with field, operator (eq, ne, gt, gte, lt, lte, in, not_in, contains, regex), and value\n\nActivate Policy — POST /api/v1/policies/{id}/activate\n\nRegisters the policy on-chain via PolicyRegistry. Required before granting permissions.\n\nawait fetch(`${API_BASE_URL}/api/v1/policies/${policyId}/activate`, {\n method: \"POST\",\n headers: { Authorization: `Bearer ${token}` },\n});\n\nUpdate Policy — PUT /api/v1/policies/{id}\n\nDraft policies update directly. Active policies create a new version.\n\nawait fetch(`${API_BASE_URL}/api/v1/policies/${policyId}`, {\n method: \"PUT\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n name: \"Updated Policy Name\",\n definition: {\n actions: [\"swap\", \"transfer\", \"approve\"],\n constraints: { maxValuePerTx: \"2000000000000000000\" },\n },\n }),\n});\n\nRevoke Policy — POST /api/v1/policies/{id}/revoke\n\nDeactivates the policy on-chain. Active permissions using this policy will no longer validate.\n\nReactivate Policy — POST /api/v1/policies/{id}/reactivate\n\nRe-registers a previously revoked policy on-chain.\n\nList Policies — GET /api/v1/policies\n\nGet Policy — GET /api/v1/policies/{id}\n\nDelete Policy — DELETE /api/v1/policies/{id}\n\nOnly draft policies can be deleted. Active or revoked policies must be revoked first." }, { "title": "6. Permission Management", "body": "Permissions link an agent to a policy, authorizing specific actions for a defined period.\n\nGrant Permission — POST /api/v1/permissions\n\nThe agent must be active and the policy must be activated before granting a permission.\n\nconst response = await fetch(`${API_BASE_URL}/api/v1/permissions`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n agent_id: \"agent-uuid\",\n policy_id: \"policy-uuid\",\n valid_from: \"2025-01-01T00:00:00Z\",\n valid_until: \"2025-12-31T23:59:59Z\",\n }),\n});\nconst permission = await response.json();\n\nMint Permission — POST /api/v1/permissions/{id}/mint\n\nRegisters the permission on-chain via PolicyRegistry.grantPermission(). For smart account agents, syncs constraints to PermissionEnforcer. Returns onchain_token_id.\n\nconst minted = await fetch(\n `${API_BASE_URL}/api/v1/permissions/${permissionId}/mint`,\n {\n method: \"POST\",\n headers: { Authorization: `Bearer ${token}` },\n }\n).then((r) => r.json());\n// minted.onchain_token_id — on-chain token ID\n\nRevoke Permission — DELETE /api/v1/permissions/{id}\n\nRevokes the permission. Calls PolicyRegistry.revokePermission() on-chain if the permission was minted.\n\nList Permissions — GET /api/v1/permissions\n\nSupports query parameters: agent_id, policy_id.\n\nconst response = await fetch(\n `${API_BASE_URL}/api/v1/permissions?agent_id=${agentId}`,\n { headers: { Authorization: `Bearer ${token}` } }\n);\nconst permissions = await response.json();\n\nGet Permission — GET /api/v1/permissions/{id}" }, { "title": "7. Action Validation", "body": "Validate whether an agent is permitted to perform an action. Runs for both advisory (EOA) and enforced (smart account) agents.\n\nValidate Action — POST /api/v1/validate\n\nconst result = await fetch(`${API_BASE_URL}/api/v1/validate`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n agent_id: \"agent-uuid\",\n action: {\n type: \"swap\",\n token: \"0xA0b8...eB48\",\n protocol: \"0x7a25...3e6F\",\n amount: \"500000000000000000\",\n chain: 8453,\n to: \"0xDef1...C0de\",\n },\n }),\n}).then((r) => r.json());\n// result.allowed — boolean\n// result.reason — explanation if denied\n// result.permission_id — matching permission\n// result.policy_id — matching policy\n// result.constraints — active constraints\n// result.request_id — audit trail reference\n\nFor enforced (smart account) agents, validation acts as a pre-flight check before on-chain execution. The on-chain PermissionEnforcer performs the final enforcement in validateUserOp.\n\nSimulate Action — POST /api/v1/validate/simulate\n\nSame input as validate, but returns current usage and remaining quota without recording a validation request.\n\nconst sim = await fetch(`${API_BASE_URL}/api/v1/validate/simulate`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n agent_id: \"agent-uuid\",\n action: { type: \"transfer\", amount: \"1000000000000000000\", chain: 1 },\n }),\n}).then((r) => r.json());\n// sim.would_allow — boolean\n// sim.reason — explanation\n// sim.matching_policy — policy ID if matched\n// sim.current_usage — current period usage\n// sim.remaining_quota — remaining allowance\n// sim.recommendations — suggested adjustments\n\nBatch Validate — POST /api/v1/validate/batch\n\nValidate multiple actions in a single request." }, { "title": "8. Audit & Monitoring", "body": "Query the immutable audit trail for policy, permission, and validation events.\n\nList Audit Logs — GET /api/v1/audit\n\nSupports query parameters: event_type, agent_id, policy_id, start_date, end_date, limit, offset.\n\nconst logs = await fetch(\n `${API_BASE_URL}/api/v1/audit?event_type=policy.activated&start_date=2025-01-01T00:00:00Z`,\n { headers: { Authorization: `Bearer ${token}` } }\n).then((r) => r.json());\n\nEvent types: policy.created, policy.activated, policy.revoked, permission.created, permission.minted, permission.revoked, validation.request.\n\nExport Audit Logs — GET /api/v1/audit/export\n\nSupports format=json or format=csv, plus start_date and end_date parameters.\n\nconst exportUrl = `${API_BASE_URL}/api/v1/audit/export?format=csv&start_date=2025-01-01`;\n// Download or redirect to this URL" }, { "title": "Enforcement Model", "body": "The system supports two enforcement tiers based on agent wallet type:" }, { "title": "Advisory (EOA Agents)", "body": "Off-chain validation via /api/v1/validate logs actions and returns allow/deny decisions.\nThe backend cannot prevent on-chain execution for EOA wallets.\nUse validation results for dashboards, alerts, and compliance monitoring.\nViolations are recorded in audit logs for review." }, { "title": "Enforced (Smart Account Agents)", "body": "AgentSmartAccount.validateUserOp() calls PermissionEnforcer on-chain.\nTransactions that violate policy constraints revert before execution.\nThe agent cannot bypass enforcement — it is built into the account's validation logic.\nOff-chain validation still runs for dashboards, simulation, and pre-flight checks." }, { "title": "Which Tier Applies?", "body": "Agent TypeEnforcementOn-Chain PreventionOff-Chain ValidationEOAAdvisoryNoYesSmart AccountEnforcedYesYes\n\nUpgrading from EOA to smart account is one-way via POST /api/v1/agents/{id}/upgrade-to-smart-account." }, { "title": "Account Creation Fee", "body": "Amount: $10 USD equivalent in ETH\nWhen: One-time, at smart account deployment\nEnforced in: AgentAccountFactory contract\nPaid to: Fee collector address via GuardrailFeeManager" }, { "title": "Transfer Fee (Outbound Only)", "body": "Rate: 10 basis points (0.10%)\nCap: $100 USD equivalent per transaction\nWhen: On every execute() or executeBatch() call with value > 0\nNot charged on:\n\nInbound deposits\nZero-value calls\nERC-20 transfers encoded in calldata\n\nTransfer AmountFeeNotes$1,000$1$10,000$10$100,000$100Cap reached$2,000,000$100Cap applies" }, { "title": "Base Mainnet (Chain ID 8453)", "body": "ContractAddressIdentityRegistry0xc1fa477f991C74Cc665E605fC74f0e2B795b5104PolicyRegistry0x92cd41e6a4aA13072CeBCda8830d48f269F058c4PermissionEnforcer0xbF63Fa97cfBba99647B410f205730d63d831061cPriceOracle0xf3c8c6BDc54C60EDaE6AE84Ef05B123597C355B3GuardrailFeeManager0xD1B7Bd65F2aB60ff84CdDF48f306a599b01d293AAgentAccountFactory0xCE621A324A8cb40FD424EB0D41286A97f6a6c91CEntryPoint (v0.6)0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789" }, { "title": "Sepolia (Chain ID 11155111)", "body": "ContractAddressIdentityRegistry0xc1fa477f991C74Cc665E605fC74f0e2B795b5104PolicyRegistry0x92cd41e6a4aA13072CeBCda8830d48f269F058c4PermissionEnforcer0x94991827135fbd0E681B3db51699e4988a7752f1PriceOracle0x052cDddba3C55A63F5e48F9e5bC6b70604Db93b8GuardrailFeeManager0x0f77fdD1AFCe0597339dD340E738CE3dC9A5CC12AgentAccountFactory0xA831229B58C05d5bA9ac109f3B29e268A0e5F41EEntryPoint (v0.6)0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789" }, { "title": "Dashboard", "body": "All API operations documented above are also available via the web dashboard at https://agentguardrail.xyz/, which provides a visual interface for managing agents, policies, permissions, and audit logs.\n\nIf using dashboard-generated signer keypairs or API keys:\n\nStore them in secure secret storage\nNever paste them into chat\nPrefer external signer or hardware-backed signing" }, { "title": "Autonomy & Safety Guidance", "body": "Because this skill can move funds on-chain:\n\nStart on Sepolia testnet.\nFund accounts with small amounts initially.\nUse strict Guardrail policies.\nEnable autonomous execution only with secure signing configured.\nApply rate limits and allowlists at the signer layer." }, { "title": "Privacy and Data Handling", "body": "This skill does not store, log, or transmit private keys, seed phrases, or signer tokens.\nGUARDRAIL_RPC_URL may contain an embedded API key (common with hosted RPC providers). Treat it as sensitive.\nGUARDRAIL_SIGNER_AUTH_TOKEN grants signing capability when combined with the signer endpoint. It must be stored in secure secret storage and never exposed in logs, prompts, or chat.\nOn-chain transactions are public by nature. The skill does not add any off-chain data collection beyond what the blockchain records.\nThe skill does not access local files, browser storage, or environment variables beyond those declared in the manifest metadata." }, { "title": "Design Principles", "body": "Policy-Bound by Default — Every account is bound to a Guardrail policy at creation.\nAgent and Human Neutral — Authority derives from ownership and policy, not caller identity.\nNon-Custodial — Guardrail never holds funds.\nInfrastructure First — Fees are enforced at the contract layer. The API cannot bypass protocol economics.\nLeast Privilege — Signing must use scoped, secure integrations." } ], "body": "Guardrail Smart Accounts Skill\n\nCreate and manage ERC-4337 smart accounts, policies, permissions, and enforcement for AI agents with on-chain spending guardrails.\n\nOverview\n\nThe Guardrail Smart Accounts Skill enables agents and humans to create dedicated ERC-4337 smart accounts with built-in spending limits enforced on-chain. Every account is bound to a Guardrail policy at creation.\n\nGuardrail never takes custody of funds — all enforcement occurs on-chain via deployed contracts.\n\nThis skill supports both:\n\nProgrammatic agent execution\nHuman-in-the-loop wallet workflows\n\nIt is designed as infrastructure: contract-level fees, policy-bound accounts, and non-custodial enforcement.\n\nSecurity & Credential Model (Required)\n\nThis skill performs on-chain operations that require:\n\nJSON-RPC access\nTransaction signing\n\nPrivate keys must never be provided in chat and must never be stored in unconstrained agent memory.\n\nThe skill supports the following secure signing models:\n\n1. External Signer (Recommended)\nThe agent prepares a transaction.\nThe runtime forwards it to a secure signer service (HSM, MPC, hosted signer).\nThe signer enforces scope, rate limits, and allowlists.\nThe agent never sees raw private keys.\n2. Wallet Connector / User-Approved Signing\nTransactions are prepared by the agent.\nA user wallet (browser, hardware wallet) prompts for approval.\nKeys remain in the wallet.\n3. Scoped Session Keys (Advanced)\nSession keys must be policy-restricted.\nKeys must have strict limits (value caps, allowlists).\nKeys must be short-lived and rotated frequently.\nNever expose a long-lived owner EOA private key.\nThe Skill Must NOT\nAsk the user to paste private keys or seed phrases.\nStore private keys in memory, logs, or prompts.\nAccess unrelated environment variables or local files.\nRequest cloud credentials or system-level secrets.\nPersist secrets beyond runtime execution.\n\nIf secure signing is not configured, use this skill in read-only mode until proper signing is established.\n\nRequired Runtime Configuration\n\nThese values must be provided via secure secret storage (not chat):\n\nGUARDRAIL_CHAIN_ID — Target chain identifier\nGUARDRAIL_RPC_URL — JSON-RPC endpoint for the target chain (treat as sensitive — hosted RPC URLs often contain API keys)\nGUARDRAIL_SIGNING_MODE — one of: external_signer, wallet_connector, session_key\nConditional Secrets (declared in manifest as optionalSecrets)\n\nThese are only required when using specific signing modes:\n\nGUARDRAIL_SIGNER_ENDPOINT — External signer service URL. Only required when GUARDRAIL_SIGNING_MODE is external_signer. Not needed for wallet_connector or session_key modes.\nGUARDRAIL_SIGNER_AUTH_TOKEN — Scoped, revocable authentication token for the external signer. Only required when GUARDRAIL_SIGNING_MODE is external_signer. Must be stored in secure secret storage, never in chat or logs.\nGUARDRAIL_DASHBOARD_API_KEY — API key for dashboard management UI interaction. Not required for direct contract usage.\nSigner Token Rotation and Revocation\n\nWhen using external_signer mode:\n\nGUARDRAIL_SIGNER_AUTH_TOKEN should be scoped to the minimum required permissions (allowlists, rate limits, spend caps).\nTokens should be short-lived and rotated on a regular schedule.\nThe external signer provider must support immediate token revocation.\nIf a token is compromised, revoke it at the signer provider and rotate to a new token in secure secret storage.\nNever use long-lived owner EOA private keys as signer tokens.\nDashboard API Key Usage\n\nGUARDRAIL_DASHBOARD_API_KEY provides access to the management dashboard API for registering agents, managing policies, and viewing audit logs. It does not grant signing or fund-transfer capability. Store it in secure secret storage and rotate periodically.\n\nThe runtime must validate the chain ID and reject unsupported networks by default.\n\nCore Capabilities\n1. Create Smart Account\n\nDeploy a new smart account via the Guardrail factory. The account is bound to a PermissionEnforcer and controlled by a signer (EOA or generated keypair).\n\nDeterministic deployment via CREATE2 (salt-based)\nOwner recorded on-chain\nOne-time creation fee: $10 USD equivalent in ETH\nPolicy-bound by default\n\nFactory Contract: AgentAccountFactory Function: createAccount(address owner, bytes32 agentId, bytes32 salt) payable returns (address)\n\n// Get required creation fee\nuint256 fee = factory.getCreationFee();\n\n// Deploy account (send fee as msg.value)\naddress account = factory.createAccount{value: fee}(ownerAddress, agentId, salt);\n\n2. Fund Smart Account (Inbound Transfer)\n\nSend ETH to the smart account address.\n\nInbound transfers are free.\n\n// NOTE: walletClient must be backed by a secure signer integration.\n// Do NOT provide raw private keys to the agent.\n\nawait walletClient.sendTransaction({\n to: smartAccountAddress,\n value: parseEther(\"1.0\"),\n});\n\n3. Withdraw from Smart Account (Outbound Transfer)\n\nExecute a transfer from the smart account.\n\nOutbound transfers are charged a 10 bps (0.10%) fee, capped at $100 USD equivalent per transaction.\n\nFunction: execute(address target, uint256 value, bytes data)\n\nconst data = encodeFunctionData({\n abi: agentSmartAccountABI,\n functionName: \"execute\",\n args: [destinationAddress, parseEther(\"1.0\"), \"0x\"],\n});\n\nawait walletClient.sendTransaction({\n to: smartAccountAddress,\n data,\n});\n\n\nFee enforcement occurs inside GuardrailFeeManager.\n\n4. Read State (Safe / Read-Only)\n\nThese functions do not require signing.\n\n// Get account owner\nconst owner = await publicClient.readContract({\n address: smartAccountAddress,\n abi: agentSmartAccountABI,\n functionName: \"owner\",\n});\n\n// Get creation fee\nconst fee = await publicClient.readContract({\n address: factoryAddress,\n abi: agentAccountFactoryABI,\n functionName: \"getCreationFee\",\n});\n\n// Calculate transfer fee\nconst transferFee = await publicClient.readContract({\n address: feeManagerAddress,\n abi: guardrailFeeManagerABI,\n functionName: \"calculateTransferFee\",\n args: [parseEther(\"10.0\")],\n});\n\n\npublicClient must be a read-only RPC client.\n\n5. Policy Management\n\nCreate and manage policies that define what actions agents can perform, with constraints on value, volume, and scope.\n\nCreate Policy — POST /api/v1/policies\n\nconst response = await fetch(`${API_BASE_URL}/api/v1/policies`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n name: \"DeFi Trading Policy\",\n description: \"Allow swaps and transfers with daily limits\",\n definition: {\n actions: [\"swap\", \"transfer\"],\n assets: {\n tokens: [\"0xA0b8...eB48\", \"0xdAC1...1eC7\"],\n protocols: [\"*\"],\n chains: [1, 8453],\n },\n constraints: {\n maxValuePerTx: \"1000000000000000000\",\n maxDailyVolume: \"10000000000000000000\",\n maxWeeklyVolume: \"50000000000000000000\",\n maxTxCount: 100,\n requireApproval: false,\n },\n duration: {\n validFrom: \"2025-01-01T00:00:00Z\",\n validUntil: \"2025-12-31T23:59:59Z\",\n },\n conditions: [\n { field: \"amount\", operator: \"lte\", value: \"5000000000000000000\" },\n ],\n },\n }),\n});\nconst policy = await response.json();\n\n\nPolicyDefinition structure:\n\nField\tType\tDescription\nactions\tstring[]\tAllowed action types: swap, transfer, approve, stake, unstake, deposit, withdraw, mint, burn, bridge, claim, vote, delegate, lp_add, lp_remove, borrow, repay, liquidate, * (wildcard)\nassets.tokens\tstring[]\tToken contract addresses, or [\"*\"] for all\nassets.protocols\tstring[]\tProtocol contract addresses, or [\"*\"] for all\nassets.chains\tnumber[]\tAllowed chain IDs\nconstraints.maxValuePerTx\tstring\tMaximum value per transaction (wei)\nconstraints.maxDailyVolume\tstring\tMaximum daily volume (wei)\nconstraints.maxWeeklyVolume\tstring\tMaximum weekly volume (wei)\nconstraints.maxTxCount\tnumber\tMaximum transaction count within the duration\nconstraints.requireApproval\tboolean\tWhether transactions require manual approval\nduration.validFrom\tstring\tISO 8601 start time\nduration.validUntil\tstring\tISO 8601 end time\nconditions\tarray\tAdvanced rules with field, operator (eq, ne, gt, gte, lt, lte, in, not_in, contains, regex), and value\n\nActivate Policy — POST /api/v1/policies/{id}/activate\n\nRegisters the policy on-chain via PolicyRegistry. Required before granting permissions.\n\nawait fetch(`${API_BASE_URL}/api/v1/policies/${policyId}/activate`, {\n method: \"POST\",\n headers: { Authorization: `Bearer ${token}` },\n});\n\n\nUpdate Policy — PUT /api/v1/policies/{id}\n\nDraft policies update directly. Active policies create a new version.\n\nawait fetch(`${API_BASE_URL}/api/v1/policies/${policyId}`, {\n method: \"PUT\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n name: \"Updated Policy Name\",\n definition: {\n actions: [\"swap\", \"transfer\", \"approve\"],\n constraints: { maxValuePerTx: \"2000000000000000000\" },\n },\n }),\n});\n\n\nRevoke Policy — POST /api/v1/policies/{id}/revoke\n\nDeactivates the policy on-chain. Active permissions using this policy will no longer validate.\n\nReactivate Policy — POST /api/v1/policies/{id}/reactivate\n\nRe-registers a previously revoked policy on-chain.\n\nList Policies — GET /api/v1/policies\n\nGet Policy — GET /api/v1/policies/{id}\n\nDelete Policy — DELETE /api/v1/policies/{id}\n\nOnly draft policies can be deleted. Active or revoked policies must be revoked first.\n\n6. Permission Management\n\nPermissions link an agent to a policy, authorizing specific actions for a defined period.\n\nGrant Permission — POST /api/v1/permissions\n\nThe agent must be active and the policy must be activated before granting a permission.\n\nconst response = await fetch(`${API_BASE_URL}/api/v1/permissions`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n agent_id: \"agent-uuid\",\n policy_id: \"policy-uuid\",\n valid_from: \"2025-01-01T00:00:00Z\",\n valid_until: \"2025-12-31T23:59:59Z\",\n }),\n});\nconst permission = await response.json();\n\n\nMint Permission — POST /api/v1/permissions/{id}/mint\n\nRegisters the permission on-chain via PolicyRegistry.grantPermission(). For smart account agents, syncs constraints to PermissionEnforcer. Returns onchain_token_id.\n\nconst minted = await fetch(\n `${API_BASE_URL}/api/v1/permissions/${permissionId}/mint`,\n {\n method: \"POST\",\n headers: { Authorization: `Bearer ${token}` },\n }\n).then((r) => r.json());\n// minted.onchain_token_id — on-chain token ID\n\n\nRevoke Permission — DELETE /api/v1/permissions/{id}\n\nRevokes the permission. Calls PolicyRegistry.revokePermission() on-chain if the permission was minted.\n\nList Permissions — GET /api/v1/permissions\n\nSupports query parameters: agent_id, policy_id.\n\nconst response = await fetch(\n `${API_BASE_URL}/api/v1/permissions?agent_id=${agentId}`,\n { headers: { Authorization: `Bearer ${token}` } }\n);\nconst permissions = await response.json();\n\n\nGet Permission — GET /api/v1/permissions/{id}\n\n7. Action Validation\n\nValidate whether an agent is permitted to perform an action. Runs for both advisory (EOA) and enforced (smart account) agents.\n\nValidate Action — POST /api/v1/validate\n\nconst result = await fetch(`${API_BASE_URL}/api/v1/validate`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n agent_id: \"agent-uuid\",\n action: {\n type: \"swap\",\n token: \"0xA0b8...eB48\",\n protocol: \"0x7a25...3e6F\",\n amount: \"500000000000000000\",\n chain: 8453,\n to: \"0xDef1...C0de\",\n },\n }),\n}).then((r) => r.json());\n// result.allowed — boolean\n// result.reason — explanation if denied\n// result.permission_id — matching permission\n// result.policy_id — matching policy\n// result.constraints — active constraints\n// result.request_id — audit trail reference\n\n\nFor enforced (smart account) agents, validation acts as a pre-flight check before on-chain execution. The on-chain PermissionEnforcer performs the final enforcement in validateUserOp.\n\nSimulate Action — POST /api/v1/validate/simulate\n\nSame input as validate, but returns current usage and remaining quota without recording a validation request.\n\nconst sim = await fetch(`${API_BASE_URL}/api/v1/validate/simulate`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n Authorization: `Bearer ${token}`,\n },\n body: JSON.stringify({\n agent_id: \"agent-uuid\",\n action: { type: \"transfer\", amount: \"1000000000000000000\", chain: 1 },\n }),\n}).then((r) => r.json());\n// sim.would_allow — boolean\n// sim.reason — explanation\n// sim.matching_policy — policy ID if matched\n// sim.current_usage — current period usage\n// sim.remaining_quota — remaining allowance\n// sim.recommendations — suggested adjustments\n\n\nBatch Validate — POST /api/v1/validate/batch\n\nValidate multiple actions in a single request.\n\n8. Audit & Monitoring\n\nQuery the immutable audit trail for policy, permission, and validation events.\n\nList Audit Logs — GET /api/v1/audit\n\nSupports query parameters: event_type, agent_id, policy_id, start_date, end_date, limit, offset.\n\nconst logs = await fetch(\n `${API_BASE_URL}/api/v1/audit?event_type=policy.activated&start_date=2025-01-01T00:00:00Z`,\n { headers: { Authorization: `Bearer ${token}` } }\n).then((r) => r.json());\n\n\nEvent types: policy.created, policy.activated, policy.revoked, permission.created, permission.minted, permission.revoked, validation.request.\n\nExport Audit Logs — GET /api/v1/audit/export\n\nSupports format=json or format=csv, plus start_date and end_date parameters.\n\nconst exportUrl = `${API_BASE_URL}/api/v1/audit/export?format=csv&start_date=2025-01-01`;\n// Download or redirect to this URL\n\nEnforcement Model\n\nThe system supports two enforcement tiers based on agent wallet type:\n\nAdvisory (EOA Agents)\nOff-chain validation via /api/v1/validate logs actions and returns allow/deny decisions.\nThe backend cannot prevent on-chain execution for EOA wallets.\nUse validation results for dashboards, alerts, and compliance monitoring.\nViolations are recorded in audit logs for review.\nEnforced (Smart Account Agents)\nAgentSmartAccount.validateUserOp() calls PermissionEnforcer on-chain.\nTransactions that violate policy constraints revert before execution.\nThe agent cannot bypass enforcement — it is built into the account's validation logic.\nOff-chain validation still runs for dashboards, simulation, and pre-flight checks.\nWhich Tier Applies?\nAgent Type\tEnforcement\tOn-Chain Prevention\tOff-Chain Validation\nEOA\tAdvisory\tNo\tYes\nSmart Account\tEnforced\tYes\tYes\n\nUpgrading from EOA to smart account is one-way via POST /api/v1/agents/{id}/upgrade-to-smart-account.\n\nFee Structure\nAccount Creation Fee\nAmount: $10 USD equivalent in ETH\nWhen: One-time, at smart account deployment\nEnforced in: AgentAccountFactory contract\nPaid to: Fee collector address via GuardrailFeeManager\nTransfer Fee (Outbound Only)\nRate: 10 basis points (0.10%)\nCap: $100 USD equivalent per transaction\nWhen: On every execute() or executeBatch() call with value > 0\nNot charged on:\nInbound deposits\nZero-value calls\nERC-20 transfers encoded in calldata\nTransfer Amount\tFee\tNotes\n$1,000\t$1\t\n$10,000\t$10\t\n$100,000\t$100\tCap reached\n$2,000,000\t$100\tCap applies\nSmart Contract Addresses\nBase Mainnet (Chain ID 8453)\nContract\tAddress\nIdentityRegistry\t0xc1fa477f991C74Cc665E605fC74f0e2B795b5104\nPolicyRegistry\t0x92cd41e6a4aA13072CeBCda8830d48f269F058c4\nPermissionEnforcer\t0xbF63Fa97cfBba99647B410f205730d63d831061c\nPriceOracle\t0xf3c8c6BDc54C60EDaE6AE84Ef05B123597C355B3\nGuardrailFeeManager\t0xD1B7Bd65F2aB60ff84CdDF48f306a599b01d293A\nAgentAccountFactory\t0xCE621A324A8cb40FD424EB0D41286A97f6a6c91C\nEntryPoint (v0.6)\t0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789\nSepolia (Chain ID 11155111)\nContract\tAddress\nIdentityRegistry\t0xc1fa477f991C74Cc665E605fC74f0e2B795b5104\nPolicyRegistry\t0x92cd41e6a4aA13072CeBCda8830d48f269F058c4\nPermissionEnforcer\t0x94991827135fbd0E681B3db51699e4988a7752f1\nPriceOracle\t0x052cDddba3C55A63F5e48F9e5bC6b70604Db93b8\nGuardrailFeeManager\t0x0f77fdD1AFCe0597339dD340E738CE3dC9A5CC12\nAgentAccountFactory\t0xA831229B58C05d5bA9ac109f3B29e268A0e5F41E\nEntryPoint (v0.6)\t0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789\nDashboard\n\nAll API operations documented above are also available via the web dashboard at https://agentguardrail.xyz/, which provides a visual interface for managing agents, policies, permissions, and audit logs.\n\nIf using dashboard-generated signer keypairs or API keys:\n\nStore them in secure secret storage\nNever paste them into chat\nPrefer external signer or hardware-backed signing\nAutonomy & Safety Guidance\n\nBecause this skill can move funds on-chain:\n\nStart on Sepolia testnet.\nFund accounts with small amounts initially.\nUse strict Guardrail policies.\nEnable autonomous execution only with secure signing configured.\nApply rate limits and allowlists at the signer layer.\nPrivacy and Data Handling\nThis skill does not store, log, or transmit private keys, seed phrases, or signer tokens.\nGUARDRAIL_RPC_URL may contain an embedded API key (common with hosted RPC providers). Treat it as sensitive.\nGUARDRAIL_SIGNER_AUTH_TOKEN grants signing capability when combined with the signer endpoint. It must be stored in secure secret storage and never exposed in logs, prompts, or chat.\nOn-chain transactions are public by nature. The skill does not add any off-chain data collection beyond what the blockchain records.\nThe skill does not access local files, browser storage, or environment variables beyond those declared in the manifest metadata.\nDesign Principles\nPolicy-Bound by Default — Every account is bound to a Guardrail policy at creation.\nAgent and Human Neutral — Authority derives from ownership and policy, not caller identity.\nNon-Custodial — Guardrail never holds funds.\nInfrastructure First — Fees are enforced at the contract layer. The API cannot bypass protocol economics.\nLeast Privilege — Signing must use scoped, secure integrations." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/shawnwollenberg/guardrail-smart-accounts", "publisherUrl": "https://clawhub.ai/shawnwollenberg/guardrail-smart-accounts", "owner": "shawnwollenberg", "version": "1.0.8", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/guardrail-smart-accounts", "downloadUrl": "https://openagent3.xyz/downloads/guardrail-smart-accounts", "agentUrl": "https://openagent3.xyz/skills/guardrail-smart-accounts/agent", "manifestUrl": "https://openagent3.xyz/skills/guardrail-smart-accounts/agent.json", "briefUrl": "https://openagent3.xyz/skills/guardrail-smart-accounts/agent.md" } }