🦞
receipts-guard

Capture and verify all agreements before your agent accepts
SKILL.md
---
name: receipts-guard
description: ERC-8004 identity, x402 payments, and arbitration protocol for autonomous agent commerce. The three rails for the machine economy.
metadata: {"openclaw":{"emoji":"⚖️","requires":{"anyBins":["node"]},"version":"0.7.1"}}
---

# RECEIPTS Guard v0.7.1 - The Three Rails

> "The rails for the machine economy."

ERC-8004 identity + x402 payments + arbitration protocol. The infrastructure for agent commerce.

**The Three Rails:**
| Rail | Standard | Purpose |
|------|----------|---------|
| **Identity** | ERC-8004 | On-chain agent identity anchoring |
| **Trust** | ERC-8004 Reputation | Arbitration outcomes build reputation |
| **Payment** | x402 | Paid arbitration, automated settlements |

**Local-first. Chain-anchored. Cloud-deployable. Security-hardened.**

## What's New in v0.7.1 (Security Hardening)

- **🔐 HTTP Authentication** - API Key and DID Request Signing
- **🛡️ Authorization Checks** - Counterparty verification for /accept
- **🌐 CORS Hardening** - Configurable origin whitelist (blocked by default)
- **⚡ Rate Limiting** - 100 requests/minute per IP
- **✅ Input Validation** - Payment address, cost, deadline validation

## What's New in v0.7.0

- **⛓️ ERC-8004 Integration** - Anchor identity to Ethereum/Base registries
- **💰 x402 Payments** - Paid arbitration with USDC/ETH
- **☁️ Cloud Deployment** - Dockerfile + Fly.io Sprites support
- **🌐 HTTP Server Mode** - REST API for cloud agents

### From v0.6.0:
- **🪪 Self-Sovereign Identity** - DID-based identity with Ed25519 signatures
- **🔑 Key Rotation** - Old key signs new key, creating unbroken proof chain
- **👤 Human Controller** - Twitter-based recovery backstop

### From v0.5.0:
- **⚖️ Full Arbitration Protocol** - propose → accept → fulfill → arbitrate → ruling
- **📜 PAO (Programmable Agreement Object)** - Canonical termsHash, mutual signatures
- **📊 LPR (Legal Provenance Review)** - Timeline visualization for arbiters

## Quick Start

```bash
# === ARBITRATION FLOW ===

# 1. Create proposal
node capture.js propose "I will deliver API docs by Friday" "AgentX" \
  --arbiter="arbiter-prime" --deadline="2026-02-14"

# 2. Accept proposal (as counterparty)
node capture.js accept --proposalId=prop_abc123

# 3. Fulfill agreement
node capture.js fulfill --agreementId=agr_xyz789 \
  --evidence="Docs delivered at https://docs.example.com"

# --- OR if there's a dispute ---

# 4. Open arbitration
node capture.js arbitrate --agreementId=agr_xyz789 \
  --reason="non_delivery" --evidence="No docs received by deadline"

# 5. Submit evidence (both parties)
node capture.js submit --arbitrationId=arb_def456 \
  --evidence="Screenshot of empty inbox" --type=screenshot

# 6. Issue ruling (as arbiter)
node capture.js ruling --arbitrationId=arb_def456 \
  --decision=claimant --reasoning="Evidence shows non-delivery past deadline"

# 7. View timeline
node capture.js timeline --agreementId=agr_xyz789
```

## Commands

### Identity (v0.6.0)

#### `identity init` - Create Identity
```bash
node capture.js identity init --namespace=remaster_io --name=receipts-guard \
  --controller-twitter=@Remaster_io
```

Creates:
- Ed25519 keypair
- DID document: `did:agent:<namespace>:<name>`
- Human controller configuration

#### `identity show` - Display Identity
```bash
node capture.js identity show [--full]
```

Shows identity summary or full DID document with `--full`.

#### `identity rotate` - Rotate Keys
```bash
node capture.js identity rotate [--reason=scheduled|compromise|device_change]
```

- Old key signs new key (proof chain)
- Old key archived for historical signature verification
- Unbroken chain = same identity

#### `identity verify` - Verify Identity or Signature
```bash
# Verify DID key chain
node capture.js identity verify --did=did:agent:acme:trade-bot

# Verify signature
node capture.js identity verify \
  --signature="ed25519:xxx:timestamp" \
  --termsHash="sha256:abc123..."
```

#### `identity set-controller` - Set Human Controller
```bash
node capture.js identity set-controller --twitter=@handle
```

Links a human controller for emergency recovery.

#### `identity recover` - Emergency Recovery
```bash
node capture.js identity recover --controller-proof=<TWITTER_URL> --confirm
```

Human controller posts recovery authorization, all old keys revoked.

#### `identity publish` - Publish DID Document
```bash
node capture.js identity publish [--platform=moltbook|ipfs|local]
```

#### `identity anchor` - Anchor to ERC-8004 (v0.7.0)
```bash
node capture.js identity anchor --chain=ethereum|base|sepolia
```

Registers identity on-chain to ERC-8004 Identity Registry:
- Requires `RECEIPTS_WALLET_PRIVATE_KEY` environment variable
- Stores transaction hash in DID document
- Mainnet: credibility anchor
- Base: x402-native, lower fees

**Deployed Registries:**
| Chain | Identity Registry | Status |
|-------|-------------------|--------|
| Ethereum | `0x8004A169FB4a3325136EB29fA0ceB6D2e539a432` | Live |
| Sepolia | `0x8004A818BFB912233c491871b3d84c89A494BD9e` | Testnet |
| Base | Coming soon | TBD |

#### `identity resolve` - Resolve DID (v0.7.0)
```bash
node capture.js identity resolve --did=did:agent:namespace:name [--chain=CHAIN]
```

Resolves DID from local storage or on-chain registry.

---

### ERC-8004 Integration (v0.7.0)

The ERC-8004 standard provides three registries for agent trust:

1. **Identity Registry** - NFT-based agent identifiers
2. **Reputation Registry** - On-chain feedback and scores
3. **Validation Registry** - Work verification by validators

RECEIPTS integrates with existing registries while providing superior off-chain agreement lifecycle management.

**Chain Configuration:**
```bash
# Environment variables
export ETHEREUM_RPC=https://eth.llamarpc.com
export BASE_RPC=https://mainnet.base.org
export RECEIPTS_WALLET_PRIVATE_KEY=0x... # Never commit this!
```

---

### x402 Payment Integration (v0.7.0)

x402 enables paid arbitration - arbiters get compensated for their work.

#### Proposal with Payment Terms
```bash
node capture.js propose "Service agreement" "counterparty" \
  --arbiter="arbiter-prime" \
  --arbitration-cost="10" \
  --payment-token="USDC" \
  --payment-chain="base" \
  --payment-address="0x..." # Arbiter's address
```

#### Arbitration with Payment Proof
```bash
# Without payment proof (fails if x402 required)
node capture.js arbitrate --agreementId=agr_xxx --reason="non_delivery"
# Error: Payment required: 10 USDC

# With payment proof
node capture.js arbitrate --agreementId=agr_xxx --reason="non_delivery" \
  --evidence="..." --payment-proof="0x123..."
```

**x402 Schema:**
```json
{
  "x402": {
    "arbitrationCost": "10",
    "arbitrationToken": "USDC",
    "arbitrationChain": 8453,
    "paymentAddress": "0x...",
    "paymentProtocol": "x402",
    "version": "1.0"
  }
}
```

---

### Cloud Deployment (v0.7.0)

Run RECEIPTS Guard as a persistent cloud agent.

#### HTTP Server Mode
```bash
node capture.js serve [--port=3000]
```

**Public Endpoints (no auth):**
- `GET /` - Service info
- `GET /health` - Health check
- `GET /identity` - DID document
- `GET /identity/chains` - Chain status

**Protected Endpoints (auth required):**
- `GET /list` - List all records
- `GET /proposals` - List proposals
- `GET /agreements` - List agreements
- `POST /propose` - Create proposal
- `POST /accept` - Accept proposal (counterparty only)

---

### HTTP API Security (v0.7.1)

The HTTP server implements multiple security layers:

#### Authentication

**Option 1: API Key**
```bash
# Generate a secure API key
export RECEIPTS_API_KEY=$(openssl rand -hex 32)

# Use in requests
curl -H "X-API-Key: $RECEIPTS_API_KEY" https://your-agent.fly.dev/list
```

**Option 2: DID Request Signing**
```bash
# Sign each request with your Ed25519 key
# Headers required:
# - X-DID: your DID (e.g., did:agent:namespace:name)
# - X-DID-Timestamp: Unix timestamp in milliseconds
# - X-DID-Signature: ed25519:BASE64URL_SIGNATURE:TIMESTAMP

# Signed message format: METHOD:PATH:TIMESTAMP
# Example: POST:/propose:1707494400000
```

#### CORS Configuration

By default, cross-origin requests are **blocked** for security.

```bash
# Allow specific origins
export RECEIPTS_ALLOWED_ORIGINS=https://app.example.com,https://dashboard.example.com

# Allow all origins (not recommended for production)
export RECEIPTS_ALLOWED_ORIGINS=*
```

#### Rate Limiting

Default: 100 requests per minute per IP.

```bash
# Customize rate limit
export RECEIPTS_RATE_LIMIT=200
```

Response headers:
- `X-RateLimit-Limit` - Max requests per window
- `X-RateLimit-Remaining` - Remaining requests
- `X-RateLimit-Reset` - Window reset timestamp

#### Input Validation

All POST endpoints validate:
- **Payment addresses** - Must be valid Ethereum address format (0x + 40 hex chars)
- **Arbitration costs** - Must be non-negative, max 1,000,000
- **Deadlines** - Must be valid ISO date in the future
- **Payment tokens** - Must be USDC, ETH, USDT, or DAI
- **Payment chains** - Must be configured chain (ethereum, base, sepolia)

#### Authorization

- `/accept` endpoint verifies the requester is the designated counterparty (when using DID signing)
- API key authentication trusts the server owner

#### Environment Variables

```bash
# Security
RECEIPTS_API_KEY=              # API key for authentication (generate with: openssl rand -hex 32)
RECEIPTS_ALLOWED_ORIGINS=      # Comma-separated CORS origins (default: none/blocked)
RECEIPTS_RATE_LIMIT=           # Requests per minute (default: 100)

# Existing
RECEIPTS_WALLET_PRIVATE_KEY=   # For on-chain transactions
RECEIPTS_AGENT_ID=             # Agent identifier
ETHEREUM_RPC=                  # Ethereum RPC endpoint
BASE_RPC=                      # Base RPC endpoint
```

---

#### Fly.io Sprites Deployment
```bash
# Deploy
fly launch
fly deploy

# Configure secrets
fly secrets set RECEIPTS_WALLET_PRIVATE_KEY=...
fly secrets set ETHEREUM_RPC=...

# Create persistent volume
fly volumes create receipts_data --size 1
```

#### Docker
```bash
doc

... (truncated)