Add agentguard-spend skill

[MerchantGuardOps]

Adds skills/agentguard-spend/SKILL.md — an Agent Skill teaching Claude Code / Cursor / Codex / OpenCode / Windsurf / Gemini CLI / Pi how to walk a developer through adding local-runtime spend caps, capability gates, and Ed25519-signed audit receipts to AI agents.

Why this fits OpenRouterTeam/skills

The skill positions OpenRouter as the recommended integration path throughout. The Quick Start section leads with the baseURL: 'https://openrouter.ai/api/v1' pattern, not direct provider keys, because the unified-API + one-key + cost-optimization model maps cleanly onto per-task budget enforcement.

A user installing this plugin gets:

• agentguard demo → see a real signed receipt in 30 seconds
• agentguard init → scaffolded policy.yaml + quickstart
• The OpenRouter quickstart pattern with withSpendGuard
• CLI + browser verifier (https://agentguard.run/verify)

Format alignment

Frontmatter matches the create-agent skill (just name + description, no metadata block). Section order mirrors create-agent: Architecture → Prerequisites → Decision Tree → Quick Start → API Reference → Rules → Patent Notice → Resources.

Out-of-scope concern (and Plan B)

I know the openrouter plugin description targets OpenRouter-platform features (SDK, model discovery, pricing, image generation, provider performance). If agentguard-spend is considered out of scope here as a third-party product, no problem — we also publish a parallel marketplace at MerchantGuardOps/agentguard-skills where users install via:

/plugin marketplace add MerchantGuardOps/agentguard-skills
/plugin install agentguard@agentguard

Either way, OpenRouter customers get a clean way to layer enforcement + receipts on top of their unified-API setup. Let me know what works.

Evidence of traction

• npm @agentguard-run/spend and PyPI agentguard-spend published, v0.2.2
• 1,200+ npm downloads launch week (May 22-27, 2026)
• 6 U.S. patent provisionals filed
• Public verifier at agentguard.run/verify
• Listed in awesome-openrouter (PR #75)

— JP Montgomery (founder, agentguard.run)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b97c76fdb8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Use valid OpenRouter model overrides

In the OpenRouter quick start, these overrides use Anthropic's native hyphenated IDs and inflated rates instead of OpenRouter's catalog values. OpenRouter lists the models as anthropic/claude-opus-4.7 and anthropic/claude-haiku-4.5, so the current overrides will not match the later request/downgrade model strings; the Opus and GPT-5 cents-per-K values are also several times higher than OpenRouter pricing, causing copied policies to downgrade or block far earlier than the configured dollar caps imply.

Useful? React with 👍 / 👎.

[perry-the-pr-reviewer]

Perry's Review

Adds a third-party agentguard-spend skill teaching agents how to wrap OpenRouter clients with local spend caps, model downgrade routing, and Ed25519-signed audit receipts.

Verdict: 🔁 Needs changes

Details

CI: only the perry/review check is running — no other CI checks present

Findings (see inline comments for full context):

• 🔴 skills/agentguard-spend/SKILL.md:102 — ephemeral private key breaks audit chain across restarts
• 🟡 skills/agentguard-spend/SKILL.md:1 — missing README (every other skill has one; it's referenced from the main repo table)

Note: OpenRouter model slug format (using a dot separator, e.g. claude-opus-4.7, not hyphen) is already flagged by an existing unresolved thread at line 79 from chatgpt-codex-connector — not re-raised here.

Codex (HEAVY_SECONDARY_MODEL): skipped (medium tier)

Research: skipped (medium tier)

Security: no concerns — no credentials in diff; ephemeral key finding is a correctness issue not a secret leak

Test coverage: N/A — skill is a documentation file

Unresolved threads: 1 existing unresolved thread on model ID format at line 79

Tier: medium (183 LoC)

Scope: first review (full)

[perry-the-pr-reviewer]

[blocker] privateKey regenerated on every startup — breaks audit chain continuity

Details

Why: new Uint8Array(randomBytes(32)) produces a fresh keypair every time the process starts. Any receipts signed with the old key become unverifiable after a restart because the new publicKey doesn't match the signer of past decisions. The entire value proposition of AgentGuard is tamper-evident receipts — an ephemeral key quietly invalidates the chain.

Fix: generate the keypair once and persist it (e.g. write to disk with fs.writeFileSync, load from env, or use a KMS). Show users how to load a persisted key:

// Persist once:
const privateKey = new Uint8Array(randomBytes(32));
await fs.writeFile('.agentguard-key', Buffer.from(privateKey).toString('hex'));

// Load on startup:
const hex = await fs.readFile('.agentguard-key', 'utf8');
const privateKey = new Uint8Array(Buffer.from(hex, 'hex'));
const publicKey = await ed.getPublicKeyAsync(privateKey);

At minimum, warn users in a comment that this key must be persisted for audit continuity.

Prompt for agents

In skills/agentguard-spend/SKILL.md at line 102, the quickstart generates a fresh Ed25519 private key every time the code runs. This silently breaks audit trail continuity: receipts signed by a previous key can no longer be verified after any process restart. Update the quickstart example to either (1) show how to generate the key once and persist it to disk or a .env variable, and load it on startup, or (2) add a comment block explaining that this line must be replaced with a persistent key store before production use. Keep the @noble/ed25519 API; only the key-generation idiom needs fixing.

Reviewed at b97c76f

[perry-the-pr-reviewer]

[suggestion] Missing README.md — every other skill in this repo includes one

Details

Why: The main repo README.md table links each skill to skills/<name>/README.md (see the table in the root README). All 10 existing skills ship both SKILL.md (the agent-loaded instruction file) and README.md (the human-facing install + overview page). Without a README.md, this skill can't be linked from the root table and won't be discoverable via gh skill install without knowing the exact name.

Fix: add skills/agentguard-spend/README.md following the pattern of e.g. skills/openrouter-stt/README.md — title, one-paragraph description, gh skill install command, prerequisites, and a short "What it covers" section pointing to SKILL.md.

Prompt for agents

Create skills/agentguard-spend/README.md following the pattern of other skills in this repo (e.g. skills/openrouter-stt/README.md). The file should include: (1) a # agentguard-spend title, (2) a one-paragraph description of what the skill does, (3) the gh skill install OpenRouterTeam/skills agentguard-spend install command block with links to flag docs, (4) prerequisites (Node 20+, OPENROUTER_API_KEY), (5) a short "What it covers" section listing the main topics from SKILL.md. Also add the skill to the table in the root README.md under the Skills section, with a link to skills/agentguard-spend/README.md.

Reviewed at b97c76f