diff --git a/README.md b/README.md index 7a17977..6267769 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ SKILLs for the MetaMask Agent CLI. These skills enable AI agents to authenticate Install with [Vercel's Skills CLI](https://skills.sh): ```bash -npx skills add metaMask/agent-skills +npx skills add metamask/agent-skills ``` Select any one of the SKILLs upon prompt. \ No newline at end of file diff --git a/skills/metamask-agent-wallet/references/auth.md b/skills/metamask-agent-wallet/references/auth.md index 34b019b..6bac5e4 100644 --- a/skills/metamask-agent-wallet/references/auth.md +++ b/skills/metamask-agent-wallet/references/auth.md @@ -4,7 +4,26 @@ Use these commands to initialize wallet mode, sign in, inspect authentication st ## `init` Command -Initialize the project by selecting wallet mode and trading mode. +Initialize the project by selecting a wallet mode and trading mode. + +Wallet modes: + +1. Server wallet — Keys are managed and secured server-side. Agents can't access your main wallet. You can define policy controls like outflow limits and protocol whitelists. +2. Bring your own wallet — Import a seed phrase. Optionally, encrypt on-device with a password. You approve every transaction with your password if encrypted. + +Trading modes (server wallet only): + +1. Guard mode — Guardrails keep the agent in check. Human approval (2FA) is required for agent wallet transactions outside your policies. +2. Beast mode — For traders who understand the risks. The agent acts on its own, except when a transaction is flagged as malicious. + +| | Guard mode | Beast mode | +| --- | --- | --- | +| Security check | Yes | Yes | +| Whitelisted protocols | Yes | No | +| Outflow limit (rolling 24h) | Yes | No | +| Approval for malicious transactions | Yes | Yes | +| Approval for protocols not in whitelist | Yes | No | +| Approval for raising outflow limit | Yes | No | ### Syntax @@ -58,6 +77,12 @@ mm-dev init show Sign in to the CLI. Defaults to QR / browser flow. +Sign-in options: + +1. Sign in with MetaMask Mobile — Scan the QR code with MetaMask Mobile. The CLI can only access your agent wallet. Approval requests are sent to MetaMask Mobile. +2. Sign in with Google — Approval requests are sent to your email. +3. Sign in with email — Approval requests are sent to your email. + ### Syntax ```bash diff --git a/skills/metamask-agent-wallet/references/wallet.md b/skills/metamask-agent-wallet/references/wallet.md index 94eb5ab..f8d8fba 100644 --- a/skills/metamask-agent-wallet/references/wallet.md +++ b/skills/metamask-agent-wallet/references/wallet.md @@ -4,7 +4,19 @@ Use the `wallet` commands to create, list, select, inspect wallets, and check ba ## `wallet create` Command -Create a new wallet under the authenticated account. +Create a new wallet under the authenticated account. For server wallets, you select a trading mode: + +1. Guard mode — Guardrails keep the agent in check. Human approval (2FA) is required for agent wallet transactions outside your policies. +2. Beast mode — For traders who understand the risks. The agent acts on its own, except when a transaction is flagged as malicious. + +| | Guard mode | Beast mode | +| --- | --- | --- | +| Security check | Yes | Yes | +| Whitelisted protocols | Yes | No | +| Outflow limit (rolling 24h) | Yes | No | +| Approval for malicious transactions | Yes | Yes | +| Approval for protocols not in whitelist | Yes | No | +| Approval for raising outflow limit | Yes | No | ### Syntax @@ -18,7 +30,7 @@ mm-dev wallet create [--chain-namespace ] [--name ] [--trading- | --- | --- | --- | | `--chain-namespace` | No | Wallet chain namespace: `evm` (EIP-155) or `solana` (allowed: `evm`, `solana`) | | `--name` | No | Display name for the wallet | -| `--trading-mode` | No | Trading mode for server wallets: `guard` (enforces outflow/whitelist policies) or `beast` (skips policy checks). Only applies to server-wallet mode (allowed: `guard`, `beast`) | +| `--trading-mode` | No | Trading mode for server wallets: `guard` or `beast`. Only applies to server-wallet mode (allowed: `guard`, `beast`) | | `--password` | No | Password to unlock the BYOK mnemonic (BYOK mode only) [env: `MM_PASSWORD`] | ### Example diff --git a/skills/metamask-agent-wallet/workflows/login.md b/skills/metamask-agent-wallet/workflows/login.md index ff74de8..7f8f87c 100644 --- a/skills/metamask-agent-wallet/workflows/login.md +++ b/skills/metamask-agent-wallet/workflows/login.md @@ -6,13 +6,15 @@ Reference command syntax in `references/auth.md`. ## Flow -1. Ask the user which login method they want: Google, Email, or QR. +1. Present login options with descriptions. 2. Execute login. 3. Verify with token. ## Login -QR login (`mm-dev login qr`) does not support `--no-wait`. If the user wants QR, they must complete the login flow themselves. +Present the sign-in options to the user. See `references/auth.md` for option details. + +QR login (`mm-dev login qr`) does not support `--no-wait`. If the user selects QR, they must complete the login flow in the browser. ```bash mm-dev login google --no-wait diff --git a/skills/metamask-agent-wallet/workflows/onboarding.md b/skills/metamask-agent-wallet/workflows/onboarding.md index 8f55156..6ce2fde 100644 --- a/skills/metamask-agent-wallet/workflows/onboarding.md +++ b/skills/metamask-agent-wallet/workflows/onboarding.md @@ -22,8 +22,9 @@ If this fails, the CLI is not installed. Guide the user to install it before pro ## Login Flow -Ask the user which login method they want to use: Google, Email, or QR. -QR login (`mm-dev login qr`) does not support `--no-wait`. If the user wants QR, they must complete the onboarding flow themselves. +Present the sign-in options to the user. See `references/auth.md` for option details. + +QR login (`mm-dev login qr`) does not support `--no-wait`. If the user selects QR, they must complete the login flow in the browser. ### Login @@ -50,13 +51,7 @@ First check if the project is already initialized: mm-dev init show ``` -If already initialized, skip this step. Otherwise, ask the user which wallet mode they want: -- `server-wallet` (recommended) — keys are hosted by MetaMask infrastructure. No need to manage private keys or mnemonics. -- `byok` — bring your own mnemonic. The user manages their own keys locally. - -Ask the user which trading mode they want (server-wallet only): -- `guard` — enforces outflow and whitelist policies. When a policy is violated, the CLI requires MFA confirmation before proceeding. -- `beast` — skips all policy checks and confirmations. Useful for scripting or experienced users who want faster execution. +If already initialized, skip this step. Otherwise, ask the user to provision an agent wallet and select a trading mode. See `references/auth.md` for wallet mode and trading mode details. Server wallet: diff --git a/skills/metamask-agent-workflows/workflows/login.md b/skills/metamask-agent-workflows/workflows/login.md index ff74de8..074d9dd 100644 --- a/skills/metamask-agent-workflows/workflows/login.md +++ b/skills/metamask-agent-workflows/workflows/login.md @@ -6,13 +6,19 @@ Reference command syntax in `references/auth.md`. ## Flow -1. Ask the user which login method they want: Google, Email, or QR. +1. Present login options with descriptions. 2. Execute login. 3. Verify with token. ## Login -QR login (`mm-dev login qr`) does not support `--no-wait`. If the user wants QR, they must complete the login flow themselves. +Present the following sign-in options to the user: + +1. Sign in with MetaMask Mobile — Scan the QR code with MetaMask Mobile. The CLI can only access your agent wallet. Approval requests are sent to MetaMask Mobile. +2. Sign in with Google — Approval requests are sent to your email. +3. Sign in with email — Approval requests are sent to your email. + +QR login (`mm-dev login qr`) does not support `--no-wait`. If the user selects QR, they must complete the login flow in the browser. ```bash mm-dev login google --no-wait diff --git a/skills/metamask-agent-workflows/workflows/onboarding.md b/skills/metamask-agent-workflows/workflows/onboarding.md index 8f55156..5228d9a 100644 --- a/skills/metamask-agent-workflows/workflows/onboarding.md +++ b/skills/metamask-agent-workflows/workflows/onboarding.md @@ -22,8 +22,13 @@ If this fails, the CLI is not installed. Guide the user to install it before pro ## Login Flow -Ask the user which login method they want to use: Google, Email, or QR. -QR login (`mm-dev login qr`) does not support `--no-wait`. If the user wants QR, they must complete the onboarding flow themselves. +Present the following sign-in options to the user: + +1. Sign in with MetaMask Mobile — Scan the QR code with MetaMask Mobile. The CLI can only access your agent wallet. Approval requests are sent to MetaMask Mobile. +2. Sign in with Google — Approval requests are sent to your email. +3. Sign in with email — Approval requests are sent to your email. + +QR login (`mm-dev login qr`) does not support `--no-wait`. If the user selects QR, they must complete the login flow in the browser. ### Login @@ -50,13 +55,24 @@ First check if the project is already initialized: mm-dev init show ``` -If already initialized, skip this step. Otherwise, ask the user which wallet mode they want: -- `server-wallet` (recommended) — keys are hosted by MetaMask infrastructure. No need to manage private keys or mnemonics. -- `byok` — bring your own mnemonic. The user manages their own keys locally. +If already initialized, skip this step. Otherwise, ask the user to provision an agent wallet: + +1. Server wallet — Keys are managed and secured server-side. Agents can't access your main wallet. You can define policy controls like outflow limits and protocol whitelists. +2. Bring your own wallet — Import a seed phrase. Optionally, encrypt on-device with a password. You approve every transaction with your password if encrypted. + +If the user selects `server-wallet`, ask them to choose an operating mode: -Ask the user which trading mode they want (server-wallet only): -- `guard` — enforces outflow and whitelist policies. When a policy is violated, the CLI requires MFA confirmation before proceeding. -- `beast` — skips all policy checks and confirmations. Useful for scripting or experienced users who want faster execution. +1. Guard mode — Guardrails keep the agent in check. Human approval (2FA) is required for agent wallet transactions outside your policies. +2. Beast mode — For traders who understand the risks. The agent acts on its own, except when a transaction is flagged as malicious. + +| | Guard mode | Beast mode | +| --- | --- | --- | +| Security check | Yes | Yes | +| Whitelisted protocols | Yes | No | +| Outflow limit (rolling 24h) | Yes | No | +| Approval for malicious transactions | Yes | Yes | +| Approval for protocols not in whitelist | Yes | No | +| Approval for raising outflow limit | Yes | No | Server wallet: @@ -102,3 +118,10 @@ Confirm the session is authenticated, the wallet mode is correct, and the token ```bash mm-dev wallet address ``` + +## Get started + +After setup completes, prompt the user with the following next steps: + +- To view wallet details, run `wallet address` or `wallet balance`. +- Transfer funds to this wallet address to start trading (skip if you already have a balance).