Skill

SkillsDevOps & Infrastructure › Cloud & deployment

rhaios-staging

Interact with the Rhaios staging REST API for yield operations. Discover -> prepare -> setup-if-needed -> sign -> execute flow with pluggable signer backend. Triggers on requests involving DeFi yield, vault deposits, redeems, rebalancing, or Rhaios API.

Freerisk: medium
rhaiosstaginggoethereumtypescript

Tools: –prefix,–dir

The full skill

— name: rhaios-staging description: > Interact with the Rhaios staging REST API for yield operations. Discover -> prepare -> setup-if-needed -> sign -> execute flow with pluggable signer backend. Triggers on requests involving DeFi yield, vault deposits, redeems, rebalancing, or Rhaios API. license: MIT compatibility: Requires Node.js 22+ or Bun 1.0+ metadata: author: rhaios version: "0.1.2" openclaw: primaryEnv: PRIVY_WALLET_ADDRESS env: – name: SIGNER_BACKEND required: false sensitive: false description: "privy or private-key. Defaults to privy." – name: SIGNER_PRIVATE_KEY required: false sensitive: true description: "Required only when SIGNER_BACKEND=private-key. 0x-prefixed 32-byte hex." – name: PRIVY_APP_ID required: false sensitive: true description: "Provided by Privy skill. Required when SIGNER_BACKEND=privy." – name: PRIVY_APP_SECRET required: false sensitive: true description: "Provided by Privy skill. Required when SIGNER_BACKEND=privy." – name: PRIVY_WALLET_ID required: false sensitive: false description: "Required when SIGNER_BACKEND=privy. Must be ownerless." – name: PRIVY_WALLET_ADDRESS required: false sensitive: false description: "Required when SIGNER_BACKEND=privy. 0x-prefixed address." crossSkillDeps: – name: privy-agentic-wallets required: false description: "Provides PRIVY_APP_ID and PRIVY_APP_SECRET." install: – kind: node package: "@rhaios/toolkit" — ## First-Time Setup Before first use, install dependencies from the repo root: “`bash # Pick your package manager: npm install –prefix ${CLAUDE_SKILL_DIR} # or: bun install –cwd ${CLAUDE_SKILL_DIR} # or: pnpm install –dir ${CLAUDE_SKILL_DIR} “` If you see `Cannot find module` errors, dependencies are not installed. Run the install command above. — This skill targets the **staging** environment at `https://api.staging.rhaios.com`. It provides one command surface (`prepare-sign-execute`) for end-to-end execution. **Vault discovery:** Before preparing an intent, agents can call `POST /v1/yield/discover` to browse and rank vaults by APY, risk, TVL, and Sharpe ratio. Pass the returned `vaultId` to `yield_prepare` (via `deposit.vaultId` in the input contract) to target a specific vault instead of auto-selection. Default chain is `base`. ## Security First `SIGNER_PRIVATE_KEY` and Privy app secrets are sensitive. Never print, echo, or include them in logs/chat output. If `SIGNER_BACKEND=privy`, `PRIVY_APP_ID` and `PRIVY_APP_SECRET` are master credentials. ## Required Environment (Client) “`bash # Optional. Defaults to privy. Use private-key for local key signing. # SIGNER_BACKEND=privy # Required only for SIGNER_BACKEND=privy # PRIVY_APP_ID and PRIVY_APP_SECRET are provided by the Privy skill — # they should already be in your environment. Do NOT ask the user for these. PRIVY_WALLET_ID=<wallet-id> PRIVY_WALLET_ADDRESS=<0x-wallet-address> # Required only for SIGNER_BACKEND=private-key SIGNER_PRIVATE_KEY=<0x-32-byte-private-key> “` Notes: – API URL is hardcoded to `https://api.staging.rhaios.com` and cannot be overridden. – Fork-only mode is always enabled — all transactions go through managed test RPCs. – If `SIGNER_BACKEND=privy`, `PRIVY_APP_ID` and `PRIVY_APP_SECRET` must already be set (provided by the Privy skill). Only `PRIVY_WALLET_ID` and `PRIVY_WALLET_ADDRESS` need to be set per-wallet. – If `SIGNER_BACKEND=privy`, `PRIVY_WALLET_ID` must resolve to an ownerless wallet (`owner_id = null`). – If `SIGNER_BACKEND=private-key`, `agentAddress` (if provided) must match the private key address. ### Ownerless Wallet Creation “`ts const wallet = await privy.wallets().create({ chain_type: 'ethereum' }); “` ## Single Runtime Command “`bash # Using bun (recommended — runs TypeScript natively): cat payload.json | bun run –cwd ${CLAUDE_SKILL_DIR} prepare-sign-execute # Using npx + tsx (if bun is not available): cat payload.json | npx –prefix ${CLAUDE_SKILL_DIR} tsx ${CLAUDE_SKILL_DIR}/scripts/prepare-sign-execute.ts “` ## Input Contract (JSON stdin) “`json { "operation": "deposit", "chain": "base", "agentAddress": "0xYourAgentAddress", "deposit": { "asset": "USDC", "amount": "1", "vaultId": "VAULT_ID_FROM_DISCOVER" }, "controls": { "dryRun": false, "strictMode": true, "requireConfirm": true, "confirm": "yes", "maxGasGwei": "1", "maxAmount": "1000" } } “` Operation-specific fields: – `deposit`: requires `deposit.asset`, `deposit.amount`, `deposit.vaultId` (from yield_discover — present results to the user and let them choose) – `redeem`: requires `redeem.vaultId` and exactly one of `redeem.percentage` or `redeem.shares` – `rebalance`: requires `rebalance.vaultId`, `rebalance.asset`, and exactly one of `rebalance.percentage` or `rebalance.shares` ## Runtime Behavior 1. `Preflight` – Validates env for the selected signer backend, health freshness, request constraints, and guardrails. 2. `Prepare` – Calls `POST /v1/yield/prepare`. – Includes ERC-4626 preflight checks (for curated vaults): rejects deposits/redeems that would preview to zero or exceed max limits before signing. 3. `Setup` (automatic only when needed) – If `needsSetup=true` and `dryRun=false`: – **Full setup** (`setupType=full`): signs a Type-4 (EIP-7702) transaction with authorization_list for first-time delegation + module initialization. – **Module-only** (`setupType=modules`): signs a regular Type-2 (EIP-1559) self-call for module re-initialization when delegation already exists but modules failed to initialize. – Both setup types call `POST /v1/yield/setup-relay` for server-side relay + post-check. – Then re-runs `POST /v1/yield/prepare`. – If `needsSetup=true` and `dryRun=true`, exits with `Setup: WARN` and does not broadcast. 4. `Sign` – Signs required payloads via the selected signer backend: – EIP-7702 authorization when requested by envelope – validator userOp signature encoding – intent EIP-712 signature 5. `Execute` – Calls `POST /v1/yield/execute` with `intentEnvelope`, `intentSignature`, and `intentId` unless `dryRun=true`. – Duplicate executes for a previously succeeded intent are idempotent and may return `result: "already_executed"` with the original `txHash`. – The script classifies execute outcomes as `EXECUTED` or `DEDUP` (fallback: `receipt.source=cached` when `result` is absent). 6. `Post-check` – Calls `GET /v1/yield/status` for quick position/value verification. ## Wallet Funding (Test RPC) Staging runs managed test RPCs — chain forks that mirror mainnet state. Agents can mint test balances without spending real tokens. Check test RPC health first: “`bash https://api.staging.rhaios.com/v1/testing/fork-status “` Then fund your wallet: “`bash -H "Content-Type: application/json" \ https://api.staging.rhaios.com/v1/testing/fund-wallet \ -d '{ "chain": "base", "walletAddress": "0xYourAgentAddress", "ethWei": "20000000000000000", "usdcAmount": "10000000" }' “` ## Safety Model The script enforces: 1. Env integrity – required env vars for selected signer backend – wallet/address format checks – signer/address match – ownerless wallet requirement (Privy backend only) 2. Chain and health invariants – chain consistency checks – freshness `critical` blocks execution 3. Request validation – operation-specific required fields – percentage/shares XOR rules – optional max amount and gas cap checks 4. Intent invariants – `intentEnvelope.chainId` and signing payload consistency – sender/signer match – intent ID vs merkle root consistency ## Example: Dry-Run Deposit “`bash cat <<'JSON' | bun run –cwd ${CLAUDE_SKILL_DIR} prepare-sign-execute { "operation": "deposit", "deposit": { "asset": "USDC", "amount": "1", "vaultId": "VAULT_ID_FROM_DISCOVER" }, "controls": { "dryRun": true, "strictMode": true, "requireConfirm": false } } JSON “` **Important:** Always call `yield_discover` first, present the ranked vaults to the user, and let them choose. Then pass their chosen `vaultId` to this script. Do not auto-select vaults on behalf of the user. **Vault capacity:** Some vaults may be at capacity (`maxDeposit=0`). If `yield_prepare` returns `vault_at_capacity`, inform the user and let them pick a different vault from the discover results. ## Example: Live Deposit “`bash cat <<'JSON' | bun run –cwd ${CLAUDE_SKILL_DIR} prepare-sign-execute { "operation": "deposit", "deposit": { "asset": "USDC", "amount": "1", "vaultId": "VAULT_ID_FROM_DISCOVER" }, "controls": { "dryRun": false, "strictMode": true, "requireConfirm": true, "confirm": "yes", "maxGasGwei": "1", "maxAmount": "1000" } } JSON “`