fix(buy): enforce inference spend safety

Author: bussyjd

cmd/obol/buy.go

@@ -6,7 +6,9 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/ObolNetwork/obol-stack/internal/agentruntime"
 	"github.com/ObolNetwork/obol-stack/internal/buy"
+	"github.com/ObolNetwork/obol-stack/internal/schemas"
 )
 
 func TestBudgetToBaseUnits(t *testing.T) {
@@ -59,6 +61,61 @@ func TestBudgetToBaseUnits(t *testing.T) {
 	}
 }
 
+func TestResolveBudgetEnforcesExplicitCap(t *testing.T) {
+	t.Parallel()
+
+	pricePerAuth := big.NewInt(1000)
+	tests := []struct {
+		name      string
+		flag      string
+		authCount int
+		want      *big.Int
+		wantErr   string
+	}{
+		{
+			name:      "no explicit budget returns exact signed spend",
+			authCount: 5,
+			want:      big.NewInt(5000),
+		},
+		{
+			name:      "explicit budget equal to signed spend passes",
+			flag:      "0.005",
+			authCount: 5,
+			want:      big.NewInt(5000),
+		},
+		{
+			name:      "explicit budget above signed spend still returns exact signed spend",
+			flag:      "0.01",
+			authCount: 5,
+			want:      big.NewInt(5000),
+		},
+		{
+			name:      "explicit budget below count cost errors",
+			flag:      "0.004",
+			authCount: 5,
+			wantErr:   "below the requested pre-authorization cost",
+		},
+	}
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			got, err := resolveBudget(tc.flag, "USDC", tc.authCount, pricePerAuth)
+			if tc.wantErr != "" {
+				if err == nil || !strings.Contains(err.Error(), tc.wantErr) {
+					t.Fatalf("resolveBudget err = %v, want substring %q", err, tc.wantErr)
+				}
+				return
+			}
+			if err != nil {
+				t.Fatalf("resolveBudget unexpected err: %v", err)
+			}
+			if got.Cmp(tc.want) != 0 {
+				t.Fatalf("resolveBudget = %s, want %s", got, tc.want)
+			}
+		})
+	}
+}
+
 func TestBuildBuyPyArgv(t *testing.T) {
 	tests := []struct {
 		name string
@@ -72,15 +129,15 @@ func TestBuildBuyPyArgv(t *testing.T) {
 				Seller:      "https://demo.example/services/x",
 				BudgetMicro: "10000000",
 			},
-			want: []string{
-				hermesPython, hermesBuyPyPath, "buy", "default-paid",
+			want: append(buy.BuyPyCommand(agentruntime.Hermes, "buy", "default-paid"),
 				"--endpoint", "https://demo.example/services/x",
 				"--budget", "10000000",
-			},
+			),
 		},
 		{
 			name: "all optional flags",
 			opts: buyPyOptions{
+				Runtime:         agentruntime.Hermes,
 				Name:            "demo",
 				Seller:          "https://s.example",
 				Model:           "qwen3.5:9b",
@@ -92,8 +149,7 @@ func TestBuildBuyPyArgv(t *testing.T) {
 				SetDefault:      true,
 				Force:           true,
 			},
-			want: []string{
-				hermesPython, hermesBuyPyPath, "buy", "demo",
+			want: append(buy.BuyPyCommand(agentruntime.Hermes, "buy", "demo"),
 				"--endpoint", "https://s.example",
 				"--budget", "5000000",
 				"--model", "qwen3.5:9b",
@@ -103,22 +159,20 @@ func TestBuildBuyPyArgv(t *testing.T) {
 				"--cost-cap", "150000",
 				"--set-default",
 				"--force",
-			},
+			),
 		},
 		{
-			name: "cost cap without auto-refill is still emitted (host owns intent)",
+			name: "cost cap without auto-refill is suppressed",
 			opts: buyPyOptions{
 				Name:        "demo",
 				Seller:      "https://s.example",
 				BudgetMicro: "1000000",
 				CostCap:     big.NewInt(42),
 			},
-			want: []string{
-				hermesPython, hermesBuyPyPath, "buy", "demo",
+			want: append(buy.BuyPyCommand(agentruntime.Hermes, "buy", "demo"),
 				"--endpoint", "https://s.example",
 				"--budget", "1000000",
-				"--cost-cap", "42",
-			},
+			),
 		},
 		{
 			name: "cost cap of zero is suppressed",
@@ -128,11 +182,10 @@ func TestBuildBuyPyArgv(t *testing.T) {
 				BudgetMicro: "1000000",
 				CostCap:     big.NewInt(0),
 			},
-			want: []string{
-				hermesPython, hermesBuyPyPath, "buy", "demo",
+			want: append(buy.BuyPyCommand(agentruntime.Hermes, "buy", "demo"),
 				"--endpoint", "https://s.example",
 				"--budget", "1000000",
-			},
+			),
 		},
 		{
 			name: "explicit count emits --count",
@@ -142,12 +195,11 @@ func TestBuildBuyPyArgv(t *testing.T) {
 				BudgetMicro: "5000000000000000000",
 				Count:       5000,
 			},
-			want: []string{
-				hermesPython, hermesBuyPyPath, "buy", "demo",
+			want: append(buy.BuyPyCommand(agentruntime.Hermes, "buy", "demo"),
 				"--endpoint", "https://s.example",
 				"--budget", "5000000000000000000",
 				"--count", "5000",
-			},
+			),
 		},
 		{
 			name: "auto-refill without explicit counts",
@@ -157,12 +209,11 @@ func TestBuildBuyPyArgv(t *testing.T) {
 				BudgetMicro: "1000000",
 				AutoRefill:  true,
 			},
-			want: []string{
-				hermesPython, hermesBuyPyPath, "buy", "demo",
+			want: append(buy.BuyPyCommand(agentruntime.Hermes, "buy", "demo"),
 				"--endpoint", "https://s.example",
 				"--budget", "1000000",
 				"--auto-refill",
-			},
+			),
 		},
 		{
 			name: "auto-refill off does not emit refill flags",
@@ -174,11 +225,10 @@ func TestBuildBuyPyArgv(t *testing.T) {
 				RefillThreshold: 3,
 				RefillCount:     7,
 			},
-			want: []string{
-				hermesPython, hermesBuyPyPath, "buy", "demo",
+			want: append(buy.BuyPyCommand(agentruntime.Hermes, "buy", "demo"),
 				"--endpoint", "https://s.example",
 				"--budget", "1000000",
-			},
+			),
 		},
 		{
 			name: "model whitespace trimmed",
@@ -188,12 +238,24 @@ func TestBuildBuyPyArgv(t *testing.T) {
 				Model:       "  qwen3.5:9b  ",
 				BudgetMicro: "1000000",
 			},
-			want: []string{
-				hermesPython, hermesBuyPyPath, "buy", "demo",
+			want: append(buy.BuyPyCommand(agentruntime.Hermes, "buy", "demo"),
 				"--endpoint", "https://s.example",
 				"--budget", "1000000",
 				"--model", "qwen3.5:9b",
+			),
+		},
+		{
+			name: "openclaw runtime uses openclaw skill mount",
+			opts: buyPyOptions{
+				Runtime:     agentruntime.OpenClaw,
+				Name:        "demo",
+				Seller:      "https://s.example",
+				BudgetMicro: "1000000",
 			},
+			want: append(buy.BuyPyCommand(agentruntime.OpenClaw, "buy", "demo"),
+				"--endpoint", "https://s.example",
+				"--budget", "1000000",
+			),
 		},
 	}
 
@@ -407,7 +469,8 @@ func TestResolveBuyModel(t *testing.T) {
 
 // resolveCostCap: explicit flag wins (in atomic units OR human decimal),
 // otherwise we apply the costCapMarkupBps markup over price when
-// auto-refill is on. No auto-refill means no auto cap.
+// auto-refill is on. Explicit --cost-cap without auto-refill is rejected so
+// it cannot accidentally create an in-pod auto-refill policy.
 func TestResolveCostCap(t *testing.T) {
 	t.Parallel()
 	price := big.NewInt(1000)
@@ -424,8 +487,9 @@ func TestResolveCostCap(t *testing.T) {
 		{name: "no flag + no auto-refill = nil", autoRefill: false, price: price, wantNil: true},
 		{name: "no flag + auto-refill = 150% markup", autoRefill: true, price: price, want: big.NewInt(1500)},
 		{name: "atomic-unit flag wins", flag: "42", autoRefill: true, price: price, want: big.NewInt(42)},
-		{name: "human-decimal USDC fallback", flag: "0.001", token: "USDC", autoRefill: false, price: price, want: big.NewInt(1000)},
-		{name: "invalid flag errors", flag: "not-a-number", token: "USDC", autoRefill: false, price: price, wantErr: "not a valid number"},
+		{name: "human-decimal USDC fallback", flag: "0.001", token: "USDC", autoRefill: true, price: price, want: big.NewInt(1000)},
+		{name: "cost cap without auto-refill errors", flag: "42", token: "USDC", autoRefill: false, price: price, wantErr: "requires --auto-refill"},
+		{name: "invalid flag errors", flag: "not-a-number", token: "USDC", autoRefill: true, price: price, wantErr: "not a valid number"},
 	}
 
 	for _, tc := range tests {
@@ -454,6 +518,70 @@ func TestResolveCostCap(t *testing.T) {
 	}
 }
 
+func TestAuthCapAndCapacityLabel(t *testing.T) {
+	t.Parallel()
+
+	permit2Entry := &buy.CatalogEntry{Asset: &schemas.ServiceCatalogAsset{TransferMethod: "permit2"}}
+	eip3009Entry := &buy.CatalogEntry{Asset: &schemas.ServiceCatalogAsset{TransferMethod: "eip3009"}}
+
+	tests := []struct {
+		name       string
+		entry      *buy.CatalogEntry
+		requested  int
+		wantAuths  int
+		wantCapped bool
+		wantReason string
+		wantLabel  string
+	}{
+		{
+			name:       "permit2 perMTok can cap below one natural unit",
+			entry:      permit2Entry,
+			requested:  defaultInteractivePerMTokCount * schemas.ApproxTokensPerRequest,
+			wantAuths:  permit2SafeAuthCount,
+			wantCapped: true,
+			wantReason: "Permit2 storage limit",
+			wantLabel:  "0.5 million tokens",
+		},
+		{
+			name:       "non-permit2 still mirrors buy.py max auth count",
+			entry:      eip3009Entry,
+			requested:  defaultInteractivePerMTokCount * schemas.ApproxTokensPerRequest,
+			wantAuths:  maxBuyPyAuthCount,
+			wantCapped: true,
+			wantReason: "buy.py signing limit",
+			wantLabel:  "1 million tokens",
+		},
+		{
+			name:       "small request is not capped",
+			entry:      permit2Entry,
+			requested:  25,
+			wantAuths:  25,
+			wantCapped: false,
+			wantLabel:  "25 requests",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			got, capped, reason := applyAuthCap(tc.entry, tc.requested)
+			if got != tc.wantAuths || capped != tc.wantCapped || reason != tc.wantReason {
+				t.Fatalf("applyAuthCap = (%d, %v, %q), want (%d, %v, %q)",
+					got, capped, reason, tc.wantAuths, tc.wantCapped, tc.wantReason)
+			}
+			unit := "perRequest"
+			multiplier := 1
+			if strings.Contains(tc.wantLabel, "million tokens") {
+				unit = "perMTok"
+				multiplier = schemas.ApproxTokensPerRequest
+			}
+			if label := capacityLabel(got, multiplier, unit); label != tc.wantLabel {
+				t.Fatalf("capacityLabel = %q, want %q", label, tc.wantLabel)
+			}
+		})
+	}
+}
+
 // looksLikeURL keeps the positional URL detection in sync with the error
 // message we surface when users pass a name-shaped positional.
 func TestLooksLikeURL(t *testing.T) {

cmd/obol/buy_test.go

@@ -70,12 +70,7 @@ func FetchWalletInfo(cfg *config.Config, runtime agentruntime.Runtime, id, token
 	kubectlBin := filepath.Join(cfg.BinDir, "kubectl")
 	kubeconfig := filepath.Join(cfg.ConfigDir, "kubeconfig.yaml")
 
-	argv := []string{
-		"/opt/hermes/.venv/bin/python3",
-		"/data/.hermes/obol-skills/buy-x402/scripts/buy.py",
-		"balance",
-		"--chain", chain,
-	}
+	argv := BuyPyCommand(runtime, "balance", "--chain", chain)
 	kubectlArgs := agentruntime.BuildExecArgs(runtime, id, argv, false)
 
 	cmd := exec.Command(kubectlBin, kubectlArgs...)

internal/buy/balance.go

@@ -45,12 +45,7 @@ func ListPurchases(cfg *config.Config, runtime agentruntime.Runtime, id string)
 	kubectlBin := filepath.Join(cfg.BinDir, "kubectl")
 	kubeconfig := filepath.Join(cfg.ConfigDir, "kubeconfig.yaml")
 
-	argv := []string{
-		"/opt/hermes/.venv/bin/python3",
-		"/data/.hermes/obol-skills/buy-x402/scripts/buy.py",
-		"list",
-		"--json",
-	}
+	argv := BuyPyCommand(runtime, "list", "--json")
 	kubectlArgs := agentruntime.BuildExecArgs(runtime, id, argv, false)
 
 	cmd := exec.Command(kubectlBin, kubectlArgs...)

internal/buy/purchases.go

@@ -0,0 +1,25 @@
+package buy
+
+import "github.com/ObolNetwork/obol-stack/internal/agentruntime"
+
+const (
+	hermesPythonPath = "/opt/hermes/.venv/bin/python3"
+	hermesBuyPyPath  = "/data/.hermes/obol-skills/buy-x402/scripts/buy.py"
+
+	openClawPythonPath = "python3"
+	openClawBuyPyPath  = "/data/.openclaw/skills/buy-x402/scripts/buy.py"
+)
+
+// BuyPyCommand returns the in-pod argv prefix for the buy-x402 helper in the
+// selected runtime. Hermes carries its own venv; OpenClaw exposes python3 on
+// PATH and mounts skills under /data/.openclaw/skills.
+func BuyPyCommand(runtime agentruntime.Runtime, args ...string) []string {
+	python := hermesPythonPath
+	script := hermesBuyPyPath
+	if runtime == agentruntime.OpenClaw {
+		python = openClawPythonPath
+		script = openClawBuyPyPath
+	}
+	argv := []string{python, script}
+	return append(argv, args...)
+}