// Use when the user asks to buy a product from the Shopify store. Orchestrates checkout with credit card details injected via keypo-signer vault exec (biometric policy — Touch ID required).
Use when managing Secure Enclave signing keys or encrypted secrets. Use for creating/listing/deleting P-256 keys, signing digests, running commands with secrets injected via vault exec, storing/retrieving encrypted secrets. Also use when an agent needs API keys, private keys, or credentials injected into a subprocess without exposing them. Use vault sessions for unattended agent workflows that need repeated access to protected secrets.
MUST LOAD for any shopping, buying, gift, or product request. Secure Shopify checkout with biometric vault.
Use when interacting with keypo-wallet — checking wallet balances, listing wallets, sending transactions, or managing Secure Enclave signing keys. Use `keypo-wallet wallet-list` to list wallets, `keypo-wallet balance` to check balances, `keypo-wallet send` to send transactions, and `keypo-wallet batch` for multi-call operations. Never use raw RPC calls, curl, or cast for balance queries — keypo-wallet has built-in commands. Also use when composing keypo-wallet as the secure execution backend for other EVM protocol skills (Uniswap, Aave, ENS, etc.).
Use when the user wants to swap tokens on Base Sepolia (or Base mainnet) using Uniswap V3. Handles any ERC-20 token pair including ETH wrapping/unwrapping. The agent discovers pools, gets quotes, constructs calldata, and executes swaps via keypo-wallet. Also use when the user says "swap", "trade", "exchange tokens", "buy USDC", "sell WETH", or asks about Uniswap liquidity or pricing on Base. Requires Foundry (cast) for read calls and keypo-wallet for transaction execution.
Use when a user provides a smart contract address and wants to generate a reusable SKILL.md file for interacting with that contract through keypo-wallet. Analyzes verified contracts by fetching their ABI, categorizes functions, and outputs a complete agent skill file with verified addresses, function signatures, calldata encoding instructions, and keypo-wallet execution commands. Also use when a user says "make a skill for this contract", "generate a skill", or "I want to interact with this contract using keypo-wallet". Requires Foundry (cast) to be installed.
Interact with Wrapped Ether (WETH) at 0x4200000000000000000000000000000000000006 on Base Sepolia. Wrap and unwrap ETH, check balances, and manage ERC-20 WETH allowances. Use with keypo-wallet for transaction execution — use `cast calldata` to encode function calls and pipe to `keypo-wallet send` or `keypo-wallet batch`.
| name | checkout-purchase |
| description | Use when the user asks to buy a product from the Shopify store. Orchestrates checkout with credit card details injected via keypo-signer vault exec (biometric policy — Touch ID required). |
| version | 0.2.0 |
| metadata | {"author":"keypo-us","requires":"keypo-signer, Node 18"} |
Orchestrate a Shopify purchase with credit card secrets injected at runtime from the keypo-signer vault. The agent never sees or handles card data — Touch ID acts as the human-in-the-loop approval.
For vault usage rules, see skills/keypo-signer/SKILL.md.
Run these checks in parallel before starting:
# 1. Vault has address secrets in open tier + card secrets in biometric tier
keypo-signer vault list
# Expect: SHIPPING_FIRST_NAME, SHIPPING_LAST_NAME, etc. in "open"
# Expect: CARD_NUMBER, NAME_ON_CARD, EXPIRATION_MONTH, EXPIRATION_YEAR, SECURITY_CODE in "biometric"
If vault secrets are missing, tell the user to set up the vault — do not attempt to store secrets yourself.
Query the store's JSON API to find products and their variant IDs:
curl -s https://shop.keypo.io/products.json | jq '.products[] | {title, handle, price: .variants[0].price, variant_id: .variants[0].id}'
Build the product URL as: https://shop.keypo.io/products/<handle>?variant=<variant_id>
demo/checkout/run-with-vault.sh <product-url> [size]
Path note:
run-with-vault.shis indemo/checkout/. Always run from the repo root or use an absolute path.
This triggers keypo-signer vault exec --env .env.vault-template which will:
Wait for the user to authenticate via Touch ID before proceeding.
Watch stdout for checkout status:
Navigating to URL — browser launchingAttempting to add product to cart — add to cartEntering contact email — checkout startedEntering card details — payment fieldsClicking Pay now button — submitting orderhas completed — successhas a checkout error — failure, inspect browserTell the user whether the checkout succeeded or failed. If succeeded, note that they should check their email for the order confirmation.
Note: An
Error sending email/ECONNREFUSED 127.0.0.1:587error is expected — there is no local SMTP server. This does not affect the order; it only means the bot's internal notification email was not sent. The Shopify order confirmation is sent separately by Shopify.
These rules are absolute — violating them breaks the security model.
vault get — this retrieves plaintext secrets. Use only vault exec..env files with real card values.CARD_* fields in .env.vault-template — they must remain blank.See skills/keypo-signer/SKILL.md for the complete vault safety rules.