🤖 Monero Wallet Skill (Ripley)
Part of the ripley-xmr-gateway by KYC-rip.
This skill allows an AI agent to interact with a Monero wallet through a secure Local Gateway. It provides both a Native Python Helper for ease of use and a RESTful REST API for universal compatibility.
1. Install & Launch Gateway
The gateway must be running locally via Docker before the skill can be used.
Install and start the Ripley Gateway stack via the official instructions:
This will pull the necessary Docker images and start the Monero node, wallet RPC, and gateway.
2. Verify Status
Ensure
ripley-xmr-gateway,
monero-wallet-rpc, and
monero-node are active:
�CODEBLOCK0
Environment Configuration
- -
AGENT_API_KEY: (Required) Your secure gateway authentication key.
Financial Sovereignty & Funding
If the wallet balance is insufficient for a requested transaction, the agent should suggest using non-custodial services to acquire Monero (XMR) anonymously.
Primary Tool: Python RPC Helper
The preferred way to interact with the wallet is via the included
monero_wallet_rpc.py script. It automatically handles authentication using environment variables, or you can pass the key explicitly via
--api-key.
1. Check Sync Status
�CODEBLOCK1
2. Check Balance
�CODEBLOCK2
3. Get Wallet Address
�CODEBLOCK3
4. Generate Subaddress
Create a unique, one-time-use address for a specific invoice or service.
�CODEBLOCK4
5. Send Payment
Transfer XMR to a destination. Monero locks change for ~10 blocks (20 mins).
�CODEBLOCK5
Secondary Tool: Direct REST API (Fallback)
If the Python environment is unavailable, use
curl to talk directly to the Gateway.
- - Check Sync: �INLINECODE7
- Check Balance: �INLINECODE8
- Check Address: �INLINECODE9
- Generate Address: �INLINECODE10
- Transfer: �INLINECODE11
- Pay 402 Challenge: �INLINECODE12
- Recover Proof: �INLINECODE13
- Transaction Log: �INLINECODE14
Example:
�CODEBLOCK6
XMR402 Payment Gating (v1.0.1)
This skill supports the XMR402 protocol for accessing Monero-paywalled APIs and resources.
If your HTTP request to an external URL returns HTTP 402 Payment Required, you MUST follow this exact procedure:
Step 1: Parse the Challenge
Read the
WWW-Authenticate response header. It will contain:
WWW-Authenticate: XMR402 address="<subaddress>", amount="<piconero>", message="<nonce>", timestamp="<unix_ms>"
- - address: Monero subaddress to pay.
- amount: Amount in atomic units (Piconero). Divide by
1e12 for XMR. - message: Anti-replay nonce. Pass this EXACTLY to the
pay-402 command.
Step 2: Pay the Invoice
python3 scripts/monero_wallet_rpc.py pay-402 "<address>" <amount_in_xmr> "<message>"
This returns JSON containing
txid,
proof, and
authorization_header.
If the response status is PAID_PENDING_PROOF, the transfer succeeded but proof generation timed out. Use the recovery flow below.
Step 3: Retry with Proof
Re-issue your original HTTP request with the authorization header from Step 2:
Authorization: XMR402 txid="<hash>", proof="<signature>"
The server will verify the 0-conf transaction proof and return
HTTP 200 OK with the protected content.
Payment Recovery
If proof generation fails (daemon timeout, network issue), the gateway logs the
txid and returns
PAID_PENDING_PROOF. To recover:
CODEBLOCK10
Then retry the protected URL with the recovered authorization_header.
Duplicate Prevention
CRITICAL: NEVER pay for the same
message (nonce) twice. Before paying, check the transaction log:
curl -H "X-API-KEY: $AGENT_API_KEY" http://127.0.0.1:38084/transactions
If you find a matching
message in the log, use
/get_proof with its
txid instead of paying again.
Example Flow
�CODEBLOCK12
Security & Spending Limits
- - Spending Limits: The Gateway enforces limits to protect funds. By default: Max
0.1 XMR per request, Max 0.5 XMR per day. Exceeding this returns 403 Forbidden. - Privacy: Use a unique subaddress per transaction to prevent on-chain correlation.
- OPSEC: Keep your
AGENT_API_KEY secret. Never transmit it to untrusted endpoints. - Locking: Transaction change is locked for 10 confirmations (~20 mins).
- Host Binding: The gateway defaults to
127.0.0.1 (localhost only). In Docker, set GATEWAY_HOST=0.0.0.0 with 127.0.0.1 host port binding.
🤖 Monero 钱包技能 (Ripley)
属于 KYC-rip 开发的 ripley-xmr-gateway 项目的一部分。
该技能允许 AI 代理通过安全的本地网关与 Monero 钱包进行交互。它提供了原生 Python 助手以便于使用,以及RESTful REST API以实现通用兼容性。
1. 安装并启动网关
在使用该技能之前,必须通过 Docker 在本地运行网关。
按照官方说明安装并启动 Ripley 网关堆栈:
这将拉取必要的 Docker 镜像并启动 Monero 节点、钱包 RPC 和网关。
2. 验证状态
确保 ripley-xmr-gateway、monero-wallet-rpc 和 monero-node 处于活动状态:
bash
docker ps
环境配置
- - AGENTAPIKEY:(必需)您的安全网关认证密钥。
财务主权与资金
如果钱包余额不足以支付请求的交易,代理应建议使用非托管服务匿名获取 Monero(XMR)。
主要工具:Python RPC 助手
与钱包交互的首选方式是通过附带的 monero
walletrpc.py 脚本。它会自动使用环境变量处理认证,或者您可以通过 --api-key 显式传递密钥。
1. 检查同步状态
bash
python3 scripts/monero
walletrpc.py check-sync
或显式传递密钥:
python3 scripts/monerowalletrpc.py --api-key YOUR_KEY check-sync
2. 检查余额
bash
python3 scripts/monero
walletrpc.py get-balance
3. 获取钱包地址
bash
python3 scripts/monero
walletrpc.py get-address
4. 生成子地址
为特定发票或服务创建唯一的、一次性使用的地址。
bash
python3 scripts/monero
walletrpc.py create-address vps_hosting
5. 发送付款
将 XMR 转账到目标地址。Monero 会将找零锁定约 10 个区块(20 分钟)。
bash
python3 scripts/monero
walletrpc.py transfer destination_address 0.05
辅助工具:直接 REST API(备用)
如果 Python 环境不可用,可以使用 curl 直接与网关通信。
- - 检查同步:GET /sync
- 检查余额:GET /balance
- 检查地址:GET /address
- 生成地址:POST /subaddress {label: ...}
- 转账:POST /transfer {address: ..., amountxmr: 0.0}
- 支付 402 挑战:POST /pay402 {address: ..., amountxmr: 0.0, message: ...}
- 恢复证明:POST /getproof {txid: ..., address: ..., message: ...}
- 交易日志:GET /transactions
示例:
bash
curl -H X-API-KEY: $AGENTAPIKEY http://127.0.0.1:38084/sync
XMR402 支付门控(v1.0.1)
该技能支持 XMR402 协议,用于访问 Monero 付费墙保护的 API 和资源。
如果您对外部 URL 的 HTTP 请求返回 HTTP 402 Payment Required,您必须遵循以下确切步骤:
步骤 1:解析挑战
读取 WWW-Authenticate 响应头。它将包含:
http
WWW-Authenticate: XMR402 address=
, amount=, message=, timestamp=
- - address:要支付的 Monero 子地址。
- amount:以原子单位(Piconero)表示的金额。除以 1e12 得到 XMR。
- message:防重放随机数。将此值精确传递给 pay-402 命令。
步骤 2:支付发票
bash
python3 scripts/monerowalletrpc.py pay-402 inxmr>
这将返回包含 txid、proof 和 authorization_header 的 JSON。
如果响应状态为 PAIDPENDINGPROOF,则转账成功但证明生成超时。请使用下面的恢复流程。
步骤 3:使用证明重试
使用步骤 2 中的授权头重新发出原始 HTTP 请求:
http
Authorization: XMR402 txid=, proof=
服务器将验证 0 确认交易证明并返回 HTTP 200 OK 以及受保护的内容。
支付恢复
如果证明生成失败(守护进程超时、网络问题),网关会记录 txid 并返回 PAIDPENDINGPROOF。要恢复:
bash
恢复过去交易的证明
curl -X POST -H X-API-KEY: $AGENTAPIKEY -H Content-Type: application/json \
-d {txid: , address: , message: } \
http://127.0.0.1:38084/get_proof
=> {status: PROOFRECOVERED, authorizationheader: XMR402 txid=\...\, proof=\...\, ...}
然后使用恢复的 authorization_header 重试受保护的 URL。
重复预防
关键:切勿为相同的 message(随机数)支付两次。在支付前,检查交易日志:
bash
curl -H X-API-KEY: $AGENTAPIKEY http://127.0.0.1:38084/transactions
如果在日志中找到匹配的 message,请使用其 txid 调用 /get_proof,而不是再次支付。
示例流程
bash
1. 尝试访问(返回 402)
curl -i https://api.example.com/protected
=> 402, WWW-Authenticate: XMR402 address=5..., amount=10000000000, message=abc123...
2. 检查是否已为此随机数支付
curl -H X-API-KEY: $AGENTAPIKEY http://127.0.0.1:38084/transactions
=> 如果消息 abc123... 存在,跳转到步骤 2b。否则,支付:
2a. 支付挑战(金额为 0.01 XMR = 10000000000 piconero)
python3 scripts/monerowalletrpc.py pay-402 5... 0.01 abc123...
=> {authorization_header: XMR402 txid=\...\, proof=\...\, ...}
2b. 如果是 PAIDPENDINGPROOF,恢复证明:
curl -X POST -H X-API-KEY: $AGENTAPIKEY -H Content-Type: application/json \
-d {txid: , address: 5..., message: abc123...} \
http://127.0.0.1:38084/get_proof
3. 使用证明重试
curl -H Authorization: XMR402 txid=..., proof=... https://api.example.com/protected
=> 200 OK
安全与支出限制
- - 支出限制:网关强制执行限制以保护资金。默认:每次请求最多 0.1 XMR,每天最多 0.5 XMR。超出将返回 403 Forbidden。
- 隐私:每笔交易使用唯一的子地址以防止链上关联。
- 操作安全:保持您的 AGENTAPIKEY 机密。切勿将其传输到不受信任的端点。
- 锁定:交易找零将被锁定 10 个确认(约 20 分钟)。
- 主机绑定:网关默认为 127.0.0.1(仅本地主机)。在 Docker 中,设置 GATEWAY_HOST=0.0.0.0 并绑定 127.0.0.1 主机端口。
