Add skills

Author: KaloyanTanev

.claude/skills/add-operators/SKILL.md

@@ -0,0 +1,84 @@
+---
+name: add-operators
+description: Add new operators to an existing Charon distributed validator cluster
+user-invokable: true
+---
+
+# Add Operators
+
+> **Warning:** This is an alpha feature and is not yet recommended for production use.
+
+Expand a Charon cluster by adding new operators. This is a coordinated operation involving both existing and new operators.
+
+## Prerequisites
+
+Read `scripts/edit/add-operators/README.md` for full details if needed.
+
+Common prerequisites:
+1. `.env` file exists with `NETWORK` and `VC` variables set
+2. `.charon` directory with `cluster-lock.json` and `charon-enr-private-key`
+3. Docker is running
+4. `jq` installed
+
+## Role Selection
+
+Ask the user: **"Are you an existing operator in the cluster, or a new operator joining?"**
+
+### If Existing Operator
+
+**Script**: `scripts/edit/add-operators/existing-operator.sh`
+
+**Additional prerequisites**:
+- `.charon/cluster-lock.json` and `.charon/validator_keys/` must exist
+- The script will automatically stop the VC container for ASDB export
+
+**Arguments to gather**:
+- `--new-operator-enrs`: Comma-separated ENRs of the new operators joining
+- Whether to use `--dry-run` first
+
+**Run**:
+```bash
+./scripts/edit/add-operators/existing-operator.sh \
+    --new-operator-enrs "enr:-...,enr:-..." \
+    [--dry-run]
+```
+
+Set `WORK_DIR` env var to override the repository root directory if running from a custom location.
+
+
+The script will export the anti-slashing database, run the P2P ceremony, update keys, and print commands to start containers manually. After completion, remind the user to **wait ~2 epochs before starting** containers.
+
+### If New Operator
+
+**Script**: `scripts/edit/add-operators/new-operator.sh`
+
+This is a **two-step process**:
+
+#### Step 1: Generate ENR
+
+Ask if the user needs to generate an ENR (first time setup):
+
+```bash
+./scripts/edit/add-operators/new-operator.sh --generate-enr
+```
+
+This creates `.charon/charon-enr-private-key` and displays the ENR. Tell the user to **share this ENR with the existing operators**.
+The existing operators, in turn, need to share the `cluster-lock.json` with the new operators, which contains the current cluster configuration and is required for the P2P ceremony.
+
+#### Step 2: Join the Ceremony
+
+After the existing operators have the ENR, gather:
+- `--new-operator-enrs`: Comma-separated ENRs of ALL new operators (including their own)
+- `--cluster-lock`: Path to the `cluster-lock.json` received from existing operators
+- Whether to use `--dry-run` first
+
+```bash
+./scripts/edit/add-operators/new-operator.sh \
+    --new-operator-enrs "enr:-...,enr:-..." \
+    --cluster-lock ./received-cluster-lock.json \
+    [--dry-run]
+```
+
+Set `WORK_DIR` env var to override the repository root directory if running from a custom location.
+
+Remind the user that **all operators (existing AND new) must participate simultaneously** in the P2P ceremony. After completion, the script will print commands to start containers manually. The new operator does NOT have slashing protection history (fresh start).

.claude/skills/add-validators/SKILL.md

@@ -0,0 +1,58 @@
+---
+name: add-validators
+description: Add new validators to an existing Charon distributed validator cluster
+user-invokable: true
+---
+
+# Add Validators
+
+> **Warning:** This is an alpha feature and is not yet recommended for production use.
+
+Add new validators to an existing Charon distributed validator cluster. All operators must run this simultaneously as it requires a P2P ceremony.
+
+## Prerequisites
+
+Before running, verify:
+1. `.env` file exists with `NETWORK` and `VC` variables set
+2. `.charon/cluster-lock.json` and `.charon/deposit-data*.json` exist
+3. Docker is running
+4. `jq` is installed
+
+Read `scripts/edit/add-validators/README.md` for full details if needed.
+
+## Gather Arguments
+
+Ask the user for the following required arguments using AskUserQuestion:
+
+1. **Number of validators** (`--num-validators`): How many new validators to add (positive integer)
+2. **Withdrawal addresses** (`--withdrawal-addresses`): Comma-separated Ethereum withdrawal address(es)
+3. **Fee recipient addresses** (`--fee-recipient-addresses`): Comma-separated fee recipient address(es)
+
+Also ask whether they want to:
+- Run with `--dry-run` first to preview the operation
+- Use `--unverified` flag (skip key verification, used for remote KeyManager API setups)
+
+## Execution
+
+Run the script from the repository root:
+
+```bash
+./scripts/edit/add-validators/add-validators.sh \
+    --num-validators <N> \
+    --withdrawal-addresses <addrs> \
+    --fee-recipient-addresses <addrs> \
+    [--unverified] [--dry-run]
+```
+
+Set `WORK_DIR` env var to override the repository root directory if running from a custom location.
+
+The script will:
+1. Validate prerequisites
+2. Display current cluster info (operators, validators)
+3. Run a P2P ceremony (all operators must participate simultaneously)
+4. Stop containers if they were running
+5. Backup `.charon/` to `./backups/`
+6. Install new configuration
+7. Print commands to start containers manually
+
+Remind the user that **all operators must run this script at the same time** for the P2P ceremony to succeed.

.claude/skills/export-asdb/SKILL.md

@@ -0,0 +1,31 @@
+---
+name: export-asdb
+description: Export the anti-slashing database (EIP-3076) from the validator client
+user-invokable: true
+---
+
+# Export Anti-Slashing Database
+
+> **Warning:** This is an alpha feature and is not yet recommended for production use.
+
+Export the EIP-3076 anti-slashing database from the validator client. The VC container must be stopped before export.
+
+## Prerequisites
+
+1. `.env` file exists with `VC` variable set
+2. VC container must be **stopped**
+
+Read `scripts/edit/vc/README.md` for full details if needed.
+
+## Gather Arguments
+
+Ask the user for:
+- `--output-file`: Path to write the exported JSON file (e.g., `./asdb-export/slashing-protection.json`)
+
+## Execution
+
+```bash
+./scripts/edit/vc/export_asdb.sh --output-file <path>
+```
+
+The `VC` variable is read from `.env` automatically. The script routes to the appropriate VC-specific export implementation (lodestar, teku, prysm, or nimbus).

.claude/skills/import-asdb/SKILL.md

@@ -0,0 +1,31 @@
+---
+name: import-asdb
+description: Import an anti-slashing database (EIP-3076) into the validator client
+user-invokable: true
+---
+
+# Import Anti-Slashing Database
+
+> **Warning:** This is an alpha feature and is not yet recommended for production use.
+
+Import an EIP-3076 anti-slashing database into the validator client. The VC container must be stopped.
+
+## Prerequisites
+
+1. `.env` file exists with `VC` variable set
+2. VC container must be **stopped**
+
+Read `scripts/edit/vc/README.md` for full details if needed.
+
+## Gather Arguments
+
+Ask the user for:
+- `--input-file`: Path to the JSON file to import (e.g., `./asdb-export/slashing-protection.json`)
+
+## Execution
+
+```bash
+./scripts/edit/vc/import_asdb.sh --input-file <path>
+```
+
+The `VC` variable is read from `.env` automatically. The script routes to the appropriate VC-specific import implementation (lodestar, teku, prysm, or nimbus).

.claude/skills/local-monitoring/SKILL.md

@@ -0,0 +1,121 @@
+---
+name: local-monitoring
+description: Query the local Grafana/Prometheus/Loki stack shipped with this CDVN repo. Use when investigating cluster health, charon/beacon/EL errors, peer connectivity, validator performance, or log patterns against the locally-running monitoring stack (not Obol's hosted Grafana).
+user-invokable: true
+---
+
+# Local Monitoring
+
+Query the local monitoring stack (Grafana, Prometheus, Loki) that ships with this repo to investigate cluster health and diagnose issues.
+
+For Obol's hosted Grafana (across all clusters), use the `obol-monitoring` skill instead. This skill is for the local stack only.
+
+## Prerequisites
+
+Before running, verify:
+1. The monitoring stack is up: `docker compose ps prometheus grafana loki` shows them running
+2. Grafana is reachable on the host at `http://localhost:${MONITORING_PORT_GRAFANA:-3000}` (default 3000)
+3. The user knows their Grafana admin credentials, or has unauthenticated access enabled (default in this repo's `grafana.ini`)
+
+If the stack isn't up, point the user to `docker compose up -d prometheus grafana loki` first.
+
+## Architecture notes
+
+- **Prometheus** (`:9090`) and **Loki** (`:3100`) are on the docker network only — not exposed to the host by default. Query them through one of:
+  - **Grafana datasource proxy** (preferred): `http://localhost:3000/api/datasources/proxy/uid/<prometheus|loki>/<path>` — uses Grafana's own connection
+  - **`docker compose exec`** fallback: `docker compose exec prometheus wget -qO- 'http://localhost:9090/api/v1/query?query=...'`
+- Datasource UIDs (from `grafana/datasource.yml`): `prometheus`, `loki`, `tempo`
+- Charon metrics are labeled with `cluster_name` and `cluster_peer` — get these from `.env` (`CLUSTER_NAME`, `CLUSTER_PEER`) before querying
+
+## Gather Arguments
+
+Use AskUserQuestion to clarify what the user wants to investigate. Common shapes:
+
+1. **What to investigate** — pick one:
+   - Cluster health snapshot (readyz, peers, active validators)
+   - Charon error/log search (last N minutes)
+   - Beacon node performance (latency, sync status)
+   - Peer connectivity (ping latency, connection types)
+   - Custom PromQL / LogQL query
+2. **Time range** — default last 15m; ask if investigating a specific incident
+3. **Cluster scope** — usually their own (`$CLUSTER_NAME` from `.env`); ask only if multiple clusters share this Prometheus
+
+If the request is already specific (e.g. "show me charon errors from the last hour"), skip AskUserQuestion and proceed.
+
+## Execution
+
+### Instant query (Prometheus)
+
+```bash
+GRAFANA_URL="http://localhost:${MONITORING_PORT_GRAFANA:-3000}"
+curl -sG "$GRAFANA_URL/api/datasources/proxy/uid/prometheus/api/v1/query" \
+  --data-urlencode 'query=<PROMQL>'
+```
+
+### Range query (Prometheus)
+
+```bash
+curl -sG "$GRAFANA_URL/api/datasources/proxy/uid/prometheus/api/v1/query_range" \
+  --data-urlencode 'query=<PROMQL>' \
+  --data-urlencode "start=$(date -u -v-15M +%s)" \
+  --data-urlencode "end=$(date -u +%s)" \
+  --data-urlencode 'step=30s'
+```
+
+### Log search (Loki)
+
+```bash
+curl -sG "$GRAFANA_URL/api/datasources/proxy/uid/loki/loki/api/v1/query_range" \
+  --data-urlencode 'query={service_name="charon"} |= "error"' \
+  --data-urlencode "start=$(date -u -v-15M +%s)000000000" \
+  --data-urlencode "end=$(date -u +%s)000000000" \
+  --data-urlencode 'limit=200'
+```
+
+### Fallback via `docker compose exec`
+
+If the Grafana proxy is unavailable:
+```bash
+docker compose exec prometheus wget -qO- "http://localhost:9090/api/v1/query?query=<URL_ENCODED_PROMQL>"
+docker compose exec loki      wget -qO- "http://localhost:3100/loki/api/v1/query_range?query=<...>"
+```
+
+For a query cookbook (cluster health, charon errors, peer ping, BN latency, validator effectiveness), see [queries.md](queries.md).
+
+## Output handling
+
+Parse the JSON response and present results clearly:
+
+- **Prometheus instant query** — show metric labels + value, flag anomalies (zeros where non-zero expected, threshold breaches)
+- **Prometheus range query** — summarise min/max/avg over the window; call out spikes
+- **Loki logs** — group by `cluster_peer` if present; surface error/warn lines verbatim with timestamps; suppress repetitive noise
+- Always print the **exact query that was run** so the user can re-run it in Grafana
+
+If the response contains `"status":"error"`, surface the `error` and `errorType` fields and stop — do not invent results.
+
+## Common diagnoses
+
+When showing results, watch for these patterns and call them out:
+
+- **`app_monitoring_readyz != 1`** — node is not ready; explain what readyz state means (1=ready, other=various failure modes documented in charon docs)
+- **High `p2p_ping_latency_secs` p90** — peer network is slow; check `p2p_peer_connection_types` for relayed vs direct
+- **`p2p_ping_success == 0`** for a peer — that operator is unreachable
+- **Charon log `error` spikes** — group by `topic` / `component` to identify which subsystem
+- **`core_scheduler_validators_active` lower than `cluster_validators`** — some validators not active (not yet activated, or exited)
+- **EL/CL container missing from metrics** — check `docker compose ps` and respective container logs
+
+## Pointers to dashboards
+
+Direct the user to the pre-provisioned dashboards in `grafana/dashboards/` rather than reinventing them:
+- `charon_overview_dashboard.json` — readyz, peers, validator activity (start here)
+- `cluster_dashboard.json` — full cluster view across operators
+- `node_overview_dashboard.json` — host/EL/CL/VC resource usage
+- `logs_dashboard.json` — Loki log explorer with charon filters
+
+Open in browser: `http://localhost:${MONITORING_PORT_GRAFANA:-3000}/dashboards`.
+
+## Dependencies
+
+- `curl`, `jq` (for parsing responses cleanly)
+- Running `prometheus`, `grafana`, `loki` containers from this compose stack
+- `CLUSTER_NAME` and `CLUSTER_PEER` set in `.env` (used as Prometheus label values)