feat(agent): add dedicated crypto_agent for wallet & market ops (#1397)

[senamakel]

Summary

• Add a new built-in crypto_agent (under src/openhuman/agent/agents/crypto_agent/) specialized for wallet actions and market operations.
• Enforce a strict read → simulate → confirm → execute contract in the prompt, with no-fabrication and never-log-secrets rules.
• Narrow tool allowlist: wallet_status/wallet_balances/wallet_supported_assets/wallet_chain_status, wallet_prepare_{transfer,swap,contract_call}, wallet_execute_prepared, stock_quote/stock_exchange_rate/stock_crypto_series, memory_recall, ask_user_clarification, current_time. No shell, no file_write, no curl, no integration delegation.
• Orchestrator gains crypto_agent in its subagents (synthesises delegate_do_crypto) and the prompt's decision tree routes crypto wallet/market requests there — explicitly not through delegate_to_integrations_agent or delegate_run_code.
• Capability catalog updated with automation.crypto_agent for user-visible docs.

Problem

OpenHuman already supports built-in agent definitions under src/openhuman/agent/agents/, but there was no domain-specific agent for crypto workflows. Routing wallet / trading work through generic agents either over-broadens the tool surface (shell, broad HTTP, etc.) or skips the read-before-write and quote-before-execute discipline a financial-risk agent needs. A dedicated agent gives the orchestrator a safe place to send these requests.

Solution

• New folder src/openhuman/agent/agents/crypto_agent/ with agent.toml, mod.rs, prompt.rs, prompt.md. Prompt builder mirrors the help/researcher pattern (archetype + tools + safety + workspace), keeps the global safety preamble ON, and omits identity / skills / memory boilerplate to keep the financial-risk voice tight.
• Registered in BUILTINS in agents/loader.rs; module declared in agents/mod.rs. Built-in count assertion bumped 15 → 16.
• Tool allowlist matches the wallet RPC controllers in src/openhuman/wallet/schemas.rs and the financial-apis stock_* series. Tools not yet registered are silently dropped by the tool filter at spawn time — so this PR is safe to merge ahead of Add crypto wallet tools for balances, transfers, swaps, and contract calls #1396.
• Orchestrator's subagents lists crypto_agent so the runtime auto-synthesises a delegate_do_crypto tool. The decision-tree section in orchestrator/prompt.md adds an explicit branch for crypto requests.
• Tests cover: narrow allowlist, safety-preamble-on, write-tool exclusions (shell / file_write / curl / http_request / composio_execute / spawn_*), iteration cap, prompt-body contract (read/simulate/confirm/execute + prepared_id gating + no fabrication + never log secrets), and the orchestrator routing entry.

Submission Checklist

• Tests added or updated (happy path + at least one failure / edge case) per Testing Strategy
• Diff coverage ≥ 80% — new Rust code is covered by loader tests + prompt builder tests in the same modules.
• N/A: agent-definition change, no new feature row required in docs/TEST-COVERAGE-MATRIX.md (capability catalog updated instead).
• All affected feature IDs from the matrix are listed in the PR description under ## Related
• No new external network dependencies introduced
• N/A: no release-cut surface touched, manual smoke checklist unchanged.
• Linked issue closed via Closes #NNN in the ## Related section

Impact

• Runtime: desktop only (same as the rest of the agent harness). Adds one built-in agent definition; no migration. Tools listed but not yet registered are filtered out at spawn time, so the runtime is unaffected until Add crypto wallet tools for balances, transfers, swaps, and contract calls #1396 lands the wallet tool implementations.
• Security: net-positive — confines crypto write paths to a dedicated agent with a small allowlist and a mandatory user-confirmation gate before wallet_execute_prepared.

Related

• Closes Add a dedicated crypto transaction agent #1397
• Parent umbrella: Add crypto wallet and trading workflows to the OpenHuman agent #1394
• Depends on (tools): Add crypto wallet tools for balances, transfers, swaps, and contract calls #1396
• Capability: automation.crypto_agent, skills.wallet_execution, skills.connect_web3_wallet, skills.connect_crypto_exchange

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

• Key: N/A
• URL: N/A

Commit & Branch

• Branch: issue/1397-add-a-dedicated-crypto-transaction-agent
• Commit SHA: c7c5e6029de2095bf1102ba587e85dc254bab0db

Validation Run

• N/A: no app/ workspace changes, pnpm --filter openhuman-app format:check not relevant.
• N/A: no TypeScript changes, pnpm typecheck not relevant.
• Focused tests: cargo test --lib openhuman::agent::agents (54 passed), cargo test --lib openhuman::about_app (20 passed)
• Rust fmt/check (if changed): cargo fmt + cargo check clean for changed crate
• N/A: no Tauri shell changes, cargo fmt/cargo check on app/src-tauri not relevant.

Validation Blocked

• command: N/A
• error: N/A
• impact: N/A

Behavior Changes

• Intended behavior change: orchestrator will route wallet/market requests to a dedicated specialist agent with read/simulate/confirm/execute discipline.
• User-visible effect: once Add crypto wallet tools for balances, transfers, swaps, and contract calls #1396's wallet tools land, crypto wallet actions will be handled by a focused agent that asks for explicit confirmation before signing.

Parity Contract

• Legacy behavior preserved: yes — no existing agents or tools modified beyond the orchestrator gaining one extra subagent entry and one extra decision-tree branch.
• Guard/fallback/dispatch parity checks: unknown tool names in the allowlist are silently filtered, matching existing behaviour (e.g. researcher's stock_* tools).

Duplicate / Superseded PR Handling

• Duplicate PR(s): none known
• Canonical PR: this one
• Resolution: N/A

Summary by CodeRabbit

• New Features

  • Introduced a Crypto Agent for wallet and market workflows: inspect, quote/prepare, and execute transactions with mandatory user confirmation and local-credentials privacy.
  • Orchestrator updated to route crypto wallet/market requests to the Crypto Agent, enforcing a read → simulate → confirm → execute flow.

• Documentation

  • Added a comprehensive operational prompt and usage guidance outlining strict safety rules and reply formats.

• Tests

  • Added tests validating prompt content, execution flow, and agent configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new built-in crypto agent: capability catalog entry, agent configuration and narrow tool allowlist, detailed prompt and builder enforcing read→simulate→confirm→execute, loader registration with tests, and orchestrator routing to a synthesized delegate for crypto operations.

Changes

Crypto Agent Implementation

Layer / File(s)	Summary
Capability and Module Registration src/openhuman/about_app/catalog.rs, src/openhuman/agent/agents/mod.rs	automation.crypto_agent capability added to catalog (Beta, LOCAL_CREDENTIALS); crypto_agent module exported from agents layer.
Agent Configuration and Tool Allowlist src/openhuman/agent/agents/crypto_agent/agent.toml, src/openhuman/agent/agents/crypto_agent/mod.rs	Agent metadata, omit flags (identity/memory/skills while preserving safety preamble), agentic model hint, runtime params, and a narrow [tools].named allowlist restricting to wallet inspect/prepare/execute flows, market data, user clarification, and time grounding.
Prompt Specification and Builder src/openhuman/agent/agents/crypto_agent/prompt.md, src/openhuman/agent/agents/crypto_agent/prompt.rs	Prompt defines scope and hard rules (no fabrication, read→simulate→confirm→execute, confirmation gating, no secret logging), standard operational flow, required output shape and examples; build composes the runtime prompt and unit tests validate contract wording and guardrails.
Agent Registration and Runtime Contract Tests src/openhuman/agent/agents/loader.rs	Adds crypto_agent to BUILTINS (wires agent.toml and prompt::build), updates builtin count, and adds tests asserting model hint, sandbox mode, safety preamble retention, exact named tool allowlist, forbidden broad tools, omit flags, and iteration bounds.
Orchestrator Delegation and Routing src/openhuman/agent/agents/orchestrator/agent.toml, src/openhuman/agent/agents/orchestrator/prompt.md	Orchestrator includes crypto_agent as a subagent (synthesized to delegate_do_crypto) and routes crypto wallet/market requests (balances, transfers, swaps, contract calls, positions, exchange trading) to that delegate with enforced read→simulate→confirm→execute and anti-fabrication constraints.

Sequence Diagram

sequenceDiagram
  participant User
  participant Orchestrator
  participant CryptoAgent
  participant WalletTools
  User->>Orchestrator: request involving wallet/market action
  Orchestrator->>CryptoAgent: delegate_do_crypto (route request)
  CryptoAgent->>WalletTools: read balances / inspect state
  WalletTools-->>CryptoAgent: balances / positions
  CryptoAgent->>WalletTools: wallet_prepare_transfer / quote (simulate)
  WalletTools-->>CryptoAgent: quote + prepared_id
  CryptoAgent->>User: confirmation prompt (fees/ETA/prepared_id)
  User-->>CryptoAgent: user approval (ok to send)
  CryptoAgent->>WalletTools: wallet_execute_prepared(prepared_id)
  WalletTools-->>CryptoAgent: execution result or tool error
  CryptoAgent->>User: final report (success or sanitized error)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• #1394: Add a dedicated crypto transaction agent — This PR implements the dedicated crypto agent, narrow tool allowlist, prompt guardrails, and orchestrator routing described in the issue.

Possibly related PRs

• tinyhumansai/openhuman#267: Related to capability catalog and CAPABILITIES discovery infrastructure used by the new catalog entry.
• tinyhumansai/openhuman#1424: Related wallet execution tools (wallet_prepare_*, wallet_execute_prepared) that the crypto_agent depends on.

Poem

🐰 I hopped in with prompts tidy and clever,
Read, simulate, show fees, then ask “ok?” forever.
No made-up chain IDs, no secrets to leak,
Prepare, confirm, execute — careful, not meek.
A cautious rabbit agent, securing every tweak.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding a dedicated crypto_agent for wallet and market operations, which is the core focus of all file changes in this PR.
Linked Issues check	✅ Passed	The PR comprehensively addresses all in-scope objectives from #1397: new built-in agent with agent.toml and dynamic prompt wiring, narrow tool allowlist, orchestrator routing to crypto_agent, execution guardrails, tests covering registration/parsing/routing/guardrails, and capability catalog updates.
Out of Scope Changes check	✅ Passed	All changes are scoped to agent definition, prompt wiring, routing, catalog updates, and tests. The PR correctly excludes wallet tool implementations and market integrations, explicitly stated as handled by #1396, maintaining clear separation of concerns.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/openhuman/agent/agents/crypto_agent/prompt.md`:
- Line 37: The prompt's "6. **On failure.**" rule currently instructs to "Show
the tool's error verbatim"; change it to require a sanitized/redacted error
instead: instruct the agent to present a short, faithful but redacted error
excerpt (remove/replace sensitive tokens, stack traces, request IDs, payloads),
then on the next line output the one-line likely cause (e.g. "RPC rejected —
nonce gap", "insufficient gas"), and then stop without retrying; ensure the
edited text explicitly forbids printing raw tool output and gives examples of
what to redact (secrets, full traces, IDs).

In `@src/openhuman/agent/agents/crypto_agent/prompt.rs`:
- Around line 17-45: The build function in prompt.rs lacks tracing around
entry/exit and section assembly; add debug/trace logs at the start and end of
PromptContext::build (function build) and after each section render call
(render_user_files, render_tools, render_safety, render_workspace) to record
presence/emptiness and length (e.g., trimmed length or "empty") and the final
output length; use the project's tracing/log crate at debug or trace level and
include contextual info like ctx identifier and ARCHETYPE usage so you can
correlate logs to specific prompt builds.

In `@src/openhuman/agent/agents/loader.rs`:
- Around line 522-579: The test currently checks a subset of the crypto_agent
tool allowlist/ban; extend the assertions in the match &def.tools block in
loader.rs to pin the full crypto tool contract by (1) adding assertions that
required grounding/utility tools like "stock_quote", "stock_exchange_rate",
"memory_recall", and "current_time" are present (similar to the existing
required checks for wallet_* and stock_crypto_series) and (2) adding assertions
that banned/dangerous tools such as "delegate_run_code" (and any other
disallowed entries mentioned in the contract) are NOT present (similar to the
existing forbidden loop). Reference the same match &def.tools block and reuse
the pattern of iter().any(...) assertions to tighten the test so TOML changes
cannot remove or reintroduce these tools silently.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5530afd8-7597-41f2-a4d2-989aafc8662c

📥 Commits

Reviewing files that changed from the base of the PR and between 2aea60c and c7c5e60.

📒 Files selected for processing (9)

• src/openhuman/about_app/catalog.rs
• src/openhuman/agent/agents/crypto_agent/agent.toml
• src/openhuman/agent/agents/crypto_agent/mod.rs
• src/openhuman/agent/agents/crypto_agent/prompt.md
• src/openhuman/agent/agents/crypto_agent/prompt.rs
• src/openhuman/agent/agents/loader.rs
• src/openhuman/agent/agents/mod.rs
• src/openhuman/agent/agents/orchestrator/agent.toml
• src/openhuman/agent/agents/orchestrator/prompt.md