receipts-guard

1
1
Source

Capture and verify all agreements before your agent accepts them. Local risk analysis and evidence capture for autonomous transactions.

Install

mkdir -p .claude/skills/receipts-guard && curl -L -o skill.zip "https://mcp.directory/api/skills/download/6667" && unzip -o skill.zip -d .claude/skills/receipts-guard && rm skill.zip

Installs to .claude/skills/receipts-guard

About this skill

RECEIPTS Guard v0.7.1 - The Three Rails

"The rails for the machine economy."

ERC-8004 identity + x402 payments + arbitration protocol. The infrastructure for agent commerce.

The Three Rails:

RailStandardPurpose
IdentityERC-8004On-chain agent identity anchoring
TrustERC-8004 ReputationArbitration outcomes build reputation
Paymentx402Paid arbitration, automated settlements

Local-first. Chain-anchored. Cloud-deployable. Security-hardened.

What's New in v0.7.1 (Security Hardening)

  • 🔐 HTTP Authentication - API Key and DID Request Signing
  • 🛡️ Authorization Checks - Counterparty verification for /accept
  • 🌐 CORS Hardening - Configurable origin whitelist (blocked by default)
  • ⚡ Rate Limiting - 100 requests/minute per IP
  • ✅ Input Validation - Payment address, cost, deadline validation

What's New in v0.7.0

  • ⛓️ ERC-8004 Integration - Anchor identity to Ethereum/Base registries
  • 💰 x402 Payments - Paid arbitration with USDC/ETH
  • ☁️ Cloud Deployment - Dockerfile + Fly.io Sprites support
  • 🌐 HTTP Server Mode - REST API for cloud agents

From v0.6.0:

  • 🪪 Self-Sovereign Identity - DID-based identity with Ed25519 signatures
  • 🔑 Key Rotation - Old key signs new key, creating unbroken proof chain
  • 👤 Human Controller - Twitter-based recovery backstop

From v0.5.0:

  • ⚖️ Full Arbitration Protocol - propose → accept → fulfill → arbitrate → ruling
  • 📜 PAO (Programmable Agreement Object) - Canonical termsHash, mutual signatures
  • 📊 LPR (Legal Provenance Review) - Timeline visualization for arbiters

Quick Start

# === ARBITRATION FLOW ===

# 1. Create proposal
node capture.js propose "I will deliver API docs by Friday" "AgentX" \
  --arbiter="arbiter-prime" --deadline="2026-02-14"

# 2. Accept proposal (as counterparty)
node capture.js accept --proposalId=prop_abc123

# 3. Fulfill agreement
node capture.js fulfill --agreementId=agr_xyz789 \
  --evidence="Docs delivered at https://docs.example.com"

# --- OR if there's a dispute ---

# 4. Open arbitration
node capture.js arbitrate --agreementId=agr_xyz789 \
  --reason="non_delivery" --evidence="No docs received by deadline"

# 5. Submit evidence (both parties)
node capture.js submit --arbitrationId=arb_def456 \
  --evidence="Screenshot of empty inbox" --type=screenshot

# 6. Issue ruling (as arbiter)
node capture.js ruling --arbitrationId=arb_def456 \
  --decision=claimant --reasoning="Evidence shows non-delivery past deadline"

# 7. View timeline
node capture.js timeline --agreementId=agr_xyz789

Commands

Identity (v0.6.0)

identity init - Create Identity

node capture.js identity init --namespace=remaster_io --name=receipts-guard \
  --controller-twitter=@Remaster_io

Creates:

  • Ed25519 keypair
  • DID document: did:agent:<namespace>:<name>
  • Human controller configuration

identity show - Display Identity

node capture.js identity show [--full]

Shows identity summary or full DID document with --full.

identity rotate - Rotate Keys

node capture.js identity rotate [--reason=scheduled|compromise|device_change]
  • Old key signs new key (proof chain)
  • Old key archived for historical signature verification
  • Unbroken chain = same identity

identity verify - Verify Identity or Signature

# Verify DID key chain
node capture.js identity verify --did=did:agent:acme:trade-bot

# Verify signature
node capture.js identity verify \
  --signature="ed25519:xxx:timestamp" \
  --termsHash="sha256:abc123..."

identity set-controller - Set Human Controller

node capture.js identity set-controller --twitter=@handle

Links a human controller for emergency recovery.

identity recover - Emergency Recovery

node capture.js identity recover --controller-proof=<TWITTER_URL> --confirm

Human controller posts recovery authorization, all old keys revoked.

identity publish - Publish DID Document

node capture.js identity publish [--platform=moltbook|ipfs|local]

identity anchor - Anchor to ERC-8004 (v0.7.0)

node capture.js identity anchor --chain=ethereum|base|sepolia

Registers identity on-chain to ERC-8004 Identity Registry:

  • Requires RECEIPTS_WALLET_PRIVATE_KEY environment variable
  • Stores transaction hash in DID document
  • Mainnet: credibility anchor
  • Base: x402-native, lower fees

Deployed Registries:

ChainIdentity RegistryStatus
Ethereum0x8004A169FB4a3325136EB29fA0ceB6D2e539a432Live
Sepolia0x8004A818BFB912233c491871b3d84c89A494BD9eTestnet
BaseComing soonTBD

identity resolve - Resolve DID (v0.7.0)

node capture.js identity resolve --did=did:agent:namespace:name [--chain=CHAIN]

Resolves DID from local storage or on-chain registry.


ERC-8004 Integration (v0.7.0)

The ERC-8004 standard provides three registries for agent trust:

  1. Identity Registry - NFT-based agent identifiers
  2. Reputation Registry - On-chain feedback and scores
  3. Validation Registry - Work verification by validators

RECEIPTS integrates with existing registries while providing superior off-chain agreement lifecycle management.

Chain Configuration:

# Environment variables
export ETHEREUM_RPC=https://eth.llamarpc.com
export BASE_RPC=https://mainnet.base.org
export RECEIPTS_WALLET_PRIVATE_KEY=0x... # Never commit this!

x402 Payment Integration (v0.7.0)

x402 enables paid arbitration - arbiters get compensated for their work.

Proposal with Payment Terms

node capture.js propose "Service agreement" "counterparty" \
  --arbiter="arbiter-prime" \
  --arbitration-cost="10" \
  --payment-token="USDC" \
  --payment-chain="base" \
  --payment-address="0x..." # Arbiter's address

Arbitration with Payment Proof

# Without payment proof (fails if x402 required)
node capture.js arbitrate --agreementId=agr_xxx --reason="non_delivery"
# Error: Payment required: 10 USDC

# With payment proof
node capture.js arbitrate --agreementId=agr_xxx --reason="non_delivery" \
  --evidence="..." --payment-proof="0x123..."

x402 Schema:

{
  "x402": {
    "arbitrationCost": "10",
    "arbitrationToken": "USDC",
    "arbitrationChain": 8453,
    "paymentAddress": "0x...",
    "paymentProtocol": "x402",
    "version": "1.0"
  }
}

Cloud Deployment (v0.7.0)

Run RECEIPTS Guard as a persistent cloud agent.

HTTP Server Mode

node capture.js serve [--port=3000]

Public Endpoints (no auth):

  • GET / - Service info
  • GET /health - Health check
  • GET /identity - DID document
  • GET /identity/chains - Chain status

Protected Endpoints (auth required):

  • GET /list - List all records
  • GET /proposals - List proposals
  • GET /agreements - List agreements
  • POST /propose - Create proposal
  • POST /accept - Accept proposal (counterparty only)

HTTP API Security (v0.7.1)

The HTTP server implements multiple security layers:

Authentication

Option 1: API Key

# Generate a secure API key
export RECEIPTS_API_KEY=$(openssl rand -hex 32)

# Use in requests
curl -H "X-API-Key: $RECEIPTS_API_KEY" https://your-agent.fly.dev/list

Option 2: DID Request Signing

# Sign each request with your Ed25519 key
# Headers required:
# - X-DID: your DID (e.g., did:agent:namespace:name)
# - X-DID-Timestamp: Unix timestamp in milliseconds
# - X-DID-Signature: ed25519:BASE64URL_SIGNATURE:TIMESTAMP

# Signed message format: METHOD:PATH:TIMESTAMP
# Example: POST:/propose:1707494400000

CORS Configuration

By default, cross-origin requests are blocked for security.

# Allow specific origins
export RECEIPTS_ALLOWED_ORIGINS=https://app.example.com,https://dashboard.example.com

# Allow all origins (not recommended for production)
export RECEIPTS_ALLOWED_ORIGINS=*

Rate Limiting

Default: 100 requests per minute per IP.

# Customize rate limit
export RECEIPTS_RATE_LIMIT=200

Response headers:

  • X-RateLimit-Limit - Max requests per window
  • X-RateLimit-Remaining - Remaining requests
  • X-RateLimit-Reset - Window reset timestamp

Input Validation

All POST endpoints validate:

  • Payment addresses - Must be valid Ethereum address format (0x + 40 hex chars)
  • Arbitration costs - Must be non-negative, max 1,000,000
  • Deadlines - Must be valid ISO date in the future
  • Payment tokens - Must be USDC, ETH, USDT, or DAI
  • Payment chains - Must be configured chain (ethereum, base, sepolia)

Authorization

  • /accept endpoint verifies the requester is the designated counterparty (when using DID signing)
  • API key authentication trusts the server owner

Environment Variables

# Security
RECEIPTS_API_KEY=              # API key for authentication (generate with: openssl rand -hex 32)
RECEIPTS_ALLOWED_ORIGINS=      # Comma-separated CORS origins (default: none/blocked)
RECEIPTS_RATE_LIMIT=           # Requests per minute (default: 100)

# Existing
RECEIPTS_WALLET_PRIVATE_KEY=   # For on-chain transactions
RECEIPTS_AGENT_ID=             # Agent identifier
ETHEREUM_RPC=                  # Ethereum RPC endpoint
BASE_RPC=                      # Base RPC endpoint

Fly.io Sprites Deployment

# Deploy
fly launch
fly deploy

# Configure secrets
fly secrets set RECEIPTS_WALLET_PRIVATE_KEY=...
fly secrets set ETHEREUM_RPC=...

# Create persistent volume
fly volumes create receipts_data --size 1

Docker

docker build -t receipts-guard .
docker run -p 3000:3000 -v receipts-data:/data receipts-guard

migrate - Migrate to DID

node capture.js migrate --to-did

Upgrades existing agreements to use DID references (preserves legacy data).



Content truncated.

a-stock-analysis

openclaw

A股实时行情与分时量能分析。获取沪深股票实时价格、涨跌、成交量,分析分时量能分布(早盘/尾盘放量)、主力动向(抢筹/出货信号)、涨停封单。支持持仓管理和盈亏分析。Use when: (1) 查询A股实时行情, (2) 分析主力资金动向, (3) 查看分时成交量分布, (4) 管理股票持仓, (5) 分析持仓盈亏。

755288

fivem

openclaw

Fix, create, or validate FiveM server resources for QBCore/ESX (config.lua, fxmanifest.lua, items, housing/furniture, scripts, MLOs). Use when asked to debug resource errors, convert ESX↔QB, update fxmanifest versions, add items, or source scripts from GitHub. Also use for SSH key generation for SFTP access.

416258

research-paper-writer

openclaw

Creates formal academic research papers following IEEE/ACM formatting standards with proper structure, citations, and scholarly writing style. Use when the user asks to write a research paper, academic paper, or conference paper on any topic.

81168

keyword-research

openclaw

Discovers high-value keywords with search intent analysis, difficulty assessment, and content opportunity mapping. Essential for starting any SEO or GEO content strategy.

442107

html-to-ppt

openclaw

Convert HTML/Markdown to PowerPoint presentations using Marp

33489

weread

openclaw

WeChat Reading (微信读书) CLI tool for fetching notes and highlights. Use when: (1) user asks about weread/微信读书 notes or highlights, (2) fetching today's or recent reading notes, (3) exporting book highlights, (4) managing reading bookshelf, (5) any task involving reading notes from WeChat Reading.

11285

You might also like

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

2,8752,523

pdf-to-markdown

aliceisjustplaying

Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.

3,8051,654

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

2,1501,640

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

2,2681,467

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

2,4651,225

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

1,958969