From bankr-agent-dev
Guides secure Bankr API integrations with API key flags, read-only access, IP whitelisting, dedicated agent wallets, rate limits, and TypeScript error handling.
npx claudepluginhub bankrbot/claude-plugins --plugin bankr-agent-devThis skill uses the workspace's default tool permissions.
Security patterns and best practices for Bankr API integrations.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.
Security patterns and best practices for Bankr API integrations.
Each API key has independent toggles managed at bankr.bot/api:
| Flag | Controls | Default |
|---|---|---|
agentApiEnabled | /agent/* endpoints | false |
llmGatewayEnabled | LLM Gateway at llm.bankr.bot | false |
readOnly | Restricts agent to read-only tools | false |
| Config | Agent API Key | LLM Gateway Key |
|---|---|---|
| Env var | BANKR_API_KEY | BANKR_LLM_KEY (falls back to API key) |
| CLI config | apiKey | llmKey (falls back to apiKey) |
When readOnly: true:
/agent/prompt works but only read tools are available/agent/sign returns 403/agent/submit returns 403// Handle read-only 403 errors
const response = await fetch(`${API_URL}/agent/sign`, { ... });
if (response.status === 403) {
const error = await response.json();
// error.message: "This API key has read-only access..."
}
// Requests from non-whitelisted IPs get 403
// Configure allowedIps at bankr.bot/api
const response = await fetch(`${API_URL}/agent/prompt`, { ... });
if (response.status === 403) {
const error = await response.json();
// error.message: "IP address not allowed for this API key"
}
For autonomous agents, create a separate Bankr account:
| Use Case | readOnly | allowedIps | Funding |
|---|---|---|---|
| Monitoring bot | Yes | Yes (server IP) | None |
| Trading bot (server) | No | Yes (server IP) | Limited |
| Development/testing | No | No | Minimal |
| Research agent | Yes | No | None |
| Tier | Daily Limit |
|---|---|
| Standard | 100 messages/day |
| Bankr Club | 1,000 messages/day |
| Custom | Set per API key |
// Handle 429 rate limit responses
const response = await fetch(`${API_URL}/agent/prompt`, { ... });
if (response.status === 429) {
const error = await response.json();
// error.resetAt: Unix timestamp when counter resets
// error.limit: Daily limit
// error.used: Messages used
const retryAfter = error.resetAt - Date.now();
}
// Always use environment variables
const API_KEY = process.env.BANKR_API_KEY;
const LLM_KEY = process.env.BANKR_LLM_KEY || API_KEY;
if (!API_KEY) {
throw new Error("BANKR_API_KEY not set. Get one at https://bankr.bot/api");
}
Storage rules:
~/.bankr/config.json for local development (CLI manages this)~/.bankr/, .env to .gitignore/agent/submit executes immediately with no confirmation promptwaitForConfirmation: true for important transactionsbankr-client-patterns - Client setup with error handlingbankr-api-basics - API fundamentalsbankr-sign-submit-api - Sync endpoints that need extra caution