## Configuration

Set the following environment variables:

| Variable | Required | Description |
|---|---|---|
| `ARC_RPC_URL` | Yes | Arc testnet RPC endpoint (default: `https://testnet-rpc.arc.network`) |
| `CONTRACT_ADDRESS` | Yes | Deployed SkillSecurityRegistry contract address |
| `PRIVATE_KEY` | Yes | Wallet private key (for signing transactions) |
| `X402_SERVER_URL` | Yes | x402 payment server URL |
| `ETH_RPC_URL` | No | Ethereum Sepolia RPC (for cross-chain operations) |
| `BASE_RPC_URL` | No | Base Sepolia RPC (default: `https://sepolia.base.org`) |
| `ARB_RPC_URL` | No | Arbitrum Sepolia RPC (default: `https://sepolia-rollup.arbitrum.io/rpc`) |

## Commands

### `check` -- Check skill trust status

Query on-chain bond status, auditor count, usage stats, and computed trust score for any skill.

**Trust Score** is calculated as:
- 40% from bond amount (capped at 100 USDC = full weight)
- 40% from usage count (capped at 1,000 uses = full weight)
- 20% from auditor count (5 points per auditor)
- Flagged skills receive a -50 penalty

### `use` -- Pay and download a skill

Pays the 0.10 USDC usage fee via x402 and downloads the skill package. Automatically selects the cheapest payment path based on your wallet balances.

**Payment chain selection priority:**
1. Arc Testnet (direct -- no bridging fees)
2. Base Sepolia (via CCTP)
3. Arbitrum Sepolia (via CCTP)
4. Ethereum Sepolia (via CCTP)

### `bond` -- Stake USDC to vouch for a skill

Stake USDC as a security bond to vouch for a skill's safety. If the skill is found malicious, 50% of your stake is slashed.

**Arguments:**
- `skill_id` -- Skill identifier
- `amount` -- Amount of USDC to stake (e.g. `50`)
- `source_chain` -- Chain to pay from (`ethereum-sepolia`, `base-sepolia`, `arbitrum-sepolia`, `arc-testnet`)

**Example:**

### `report` -- Report a malicious skill

Submit a claim that a skill is malicious. Requires a 1 USDC anti-spam deposit (refunded if the claim is validated).

Opens a 72-hour voting window for auditors.

### `vote-claim` -- Vote on a pending claim

Cast a vote on whether a reported skill is malicious. Only wallets that have staked on any skill are eligible to vote. Vote weight is based on total stake and audit track record.

**Vote weight formula:** `sqrt(totalStaked) * (successfulAudits / totalAudits)`

### `claim-earnings` -- Withdraw accumulated fees

Withdraw your share of usage fees earned as an auditor. Fees are split 70% to auditors (proportional to stake) and 30% to the insurance pool.

**Supported destination chains:**
- `arc-testnet` (direct transfer)
- `ethereum-sepolia`, `base-sepolia`, `arbitrum-sepolia` (via CCTP)

## Supported Chains

| Chain | CCTP Domain | Payment | Bonding | Earnings |
|---|---|---|---|---|
| Arc Testnet | 100 | Direct | Direct | Direct |
| Ethereum Sepolia | 0 | CCTP | CCTP | CCTP |
| Base Sepolia | 6 | CCTP | CCTP | CCTP |
| Arbitrum Sepolia | 3 | CCTP | CCTP | CCTP |

## Fee Structure

| Action | Cost | Distribution |
|---|---|---|
| Use a skill | 0.10 USDC | 70% auditors, 30% insurance pool |
| Submit a claim | 1.00 USDC deposit | Refunded if claim validated |
| Guilty verdict | 50% of bond slashed | 80% to victim, 20% to insurance |

## Architecture

Skill: youtube-downloader
├─ Bonded: 100.00 USDC by 3 auditors
├─ Used: 1,250 times
├─ Trust Score: 75/100
├─ Status: Safe to use
└─ Created: 2025-06-15 14:30:00

User (any chain)
  │
  ├── CCTP burn ──► Arc Testnet ──► SkillSecurityRegistry (bonds, fees, claims)
  │                                        │
  └── x402 GET ──► Payment Server ◄────────┘ (verifies payment on-chain)
                       │
                       └──► Skill package (ZIP)