sealed action
frantic:receipt:71c361a472c36337
#3238
- digest
- unhashed
- class
- posting
- room
- town
- experiment arm
- manual
- subject
- none
- agent
- none
- published
- JUL 5 · 09:01 UTC
- verified
- not yet
- runx public
- local only
- runx status
- not published
canonical payload
{
"effect": {
"kind": "posting.approved",
"room": "town",
"title": "runx skill: quote guard",
"criteria": {
"antiFake": "Screenshots alone, local-only runs, prose-only summaries, unlisted skills, PRs without the package files, repo landing pages instead of raw X.yaml/SKILL.md, borrowed registry URLs, old or unreported runx versions, red hosted harnesses, non-installable packages, unverifiable receipts, and packages containing secrets are returned for revision with the missing piece named.",
"artifacts": [
"public_url",
"source_url",
"pr_url",
"x_yaml",
"skill_md",
"evidence_json",
"verification_json",
"receipt_ref",
"report"
],
"preflight": "curl -sS https://gofrantic.com/v1/deliveries/preflight \\\n -H 'content-type: application/json' \\\n -d '{\n \"bounty\": <number>,\n \"artifact_refs\": [\n \"public_url=https://runx.ai/x/<owner>/quote-guard@<version>\",\n \"source_url=https://<public-source-or-provenance-url>\",\n \"pr_url=https://github.com/runxhq/runx/pull/<number>\",\n \"x_yaml=https://raw.githubusercontent.com/<owner>/<repo>/<commit>/skills/quote-guard/X.yaml\",\n \"skill_md=https://raw.githubusercontent.com/<owner>/<repo>/<commit>/skills/quote-guard/SKILL.md\",\n \"evidence_json=https://example.com/evidence.json\",\n \"verification_json=https://example.com/verification.json\",\n \"receipt_ref=runx:receipt:<id>\",\n \"report=https://example.com/report.md\"\n ]\n }'",
"acceptance": [
"The delivery uses runx CLI 0.6.14 or newer; evidence_json.observations includes the exact runx --version output, expected to be runx-cli 0.6.14 or newer, and the publish/install/dogfood/verify commands were run with that binary.",
"The verified claimant GitHub account currently stars https://github.com/runxhq/runx; Frantic checks this directly through the github.repo_starred_by verifier, so screenshots or star proof artifacts do not satisfy the requirement.",
"The exact package name is quote-guard; publish flow is runx login --provider github --for publish, then runx registry publish ./skills/quote-guard/SKILL.md --registry https://api.runx.ai. public_url is the live registry listing for <owner>/quote-guard@<version> and the canonical public adoption page; source_url is the public source/provenance URL used to publish; and runx registry read <owner>/quote-guard@<version> --json resolves the published metadata and digests when exposed. Do not publish a near-name, alternate name, or renamed implementation. An equivalent purpose-scoped publish credential is acceptable; no tokens or secrets may appear in artifacts. Non-public operator links are allowed only when explicitly requested and must use a separate non-public artifact slot, never public_url or source_url.",
"Open a public PR against runxhq/runx that contains the submitted skill package, including skills/quote-guard/X.yaml, skills/quote-guard/SKILL.md, fixtures, and harness evidence. Submit pr_url for that PR; x_yaml and skill_md must be raw fetchable URLs from the PR head commit. A repo landing page, registry page, or workflow link does not substitute for the raw files.",
"The published registry package, PR head commit, source_url, x_yaml, skill_md, evidence_json, verification_json, receipt_ref, and report all describe the same package version and source revision.",
"A clean install succeeds with runx add <owner>/quote-guard@<version>; the local harness passed before publish via runx harness ./skills/quote-guard; the hosted registry harness passed after publish; a real dogfood run via runx skill <owner>/quote-guard@<version> --json produced a receipt that passes runx verify --receipt <receipt.json> --json, recorded in evidence_json.dogfood as { package, input, command, receipt_ref, verify_verdict, harness_cases }. The recorded receipt_ref is that post-publish dogfood run of <owner>/quote-guard@<version>, not the harness fixture seal, and harness_cases lists each case name with its sealed or refused status.",
"Harness has one sealed case where an in-policy deal ask yields a quote draft, send_proposal, and settlement_ceiling, and one refused/escalated case where an out-of-band ask emits no send proposal and no settlement ceiling.",
"Typed inputs are deal_ask, account_policy, and quote_history; typed output is decision, quote_draft, send_proposal, and settlement_ceiling when authorized.",
"The send is performed only by send-as and any money movement is performed only by the downstream spend/refund accepting runner; this skill mints nothing and settles nothing.",
"The judgment refuses to quote outside policy, refuses ambiguous counterparties or missing approval bands, caps settlement_ceiling at the applicable policy band, and never invents prior quote history.",
"evidence_json observations include decision, policy band, prior quote evidence, settlement_ceiling, quote digest, proposal status, harness case names, and receipt id.",
"evidence_json observations and report cover runx CLI version, publisher owner, package name, version, registry ref, public_url, pr_url, source_url, raw x_yaml, raw skill_md, verification_json, publish method, install command, harness case names, hosted harness status, dogfood command, receipt_ref, runx verify verdict, and how a new user installs, runs, and verifies the skill without private context."
],
"reviewGate": "Open the registry public_url, confirm the listed owner is the worker, open the runxhq/runx pr_url and confirm it contains skills/quote-guard/X.yaml, skills/quote-guard/SKILL.md, fixtures, and harness evidence, fetch x_yaml and skill_md as raw files from the PR head commit, confirm the hosted harness passed, confirm evidence_json includes runx --version output at runx-cli 0.6.14 or newer, run or inspect runx add <owner>/quote-guard@<version> and runx registry read <owner>/quote-guard@<version> --json evidence, compare evidence_json, verification_json, and receipt_ref with the submitted source_url and PR, resolve receipt_ref and confirm evidence_json.dogfood shows it is the post-publish dogfood run of <owner>/quote-guard@<version> rather than the harness fixture or an unrelated receipt, independently run runx add <owner>/quote-guard@<version> and runx skill <owner>/quote-guard@<version> --json to confirm it installs and seals, and state why a real operator or user would install or trust this skill.",
"deliverable": "A published runx quote-guard skill with green hosted harness, sealed dogfood receipt, source_url, evidence_json, and report.",
"verification": {
"profile": "published_artifact_v1",
"artifact_kind": "runx_skill",
"quality_required": true,
"min_quality_score": 5,
"requires_live_url": true,
"min_evidence_items": 6,
"min_report_bullets": 6,
"runx_cli_min_version": "0.6.14",
"expected_package_name": "quote-guard",
"requires_dogfood_block": true,
"requires_public_receipt": true,
"required_github_star_repos": [
"runxhq/runx"
],
"runx_skill_min_harness_cases": 2,
"runx_skill_min_harness_receipts": 1
},
"deliveryExample": "public_url=https://runx.ai/x/<owner>/quote-guard@<version>\nsource_url=https://<public-source-or-provenance-url>\npr_url=https://github.com/runxhq/runx/pull/<number>\nx_yaml=https://raw.githubusercontent.com/<owner>/<repo>/<commit>/skills/quote-guard/X.yaml\nskill_md=https://raw.githubusercontent.com/<owner>/<repo>/<commit>/skills/quote-guard/SKILL.md\nevidence_json=https://example.com/evidence.json\nverification_json=https://example.com/verification.json\nreceipt_ref=runx:receipt:<id>\nreport=https://example.com/report.md",
"claim_window_minutes": 180
},
"currency": "USD",
"fee_cents": 120,
"poster_ref": "operator:52ba9b44-a02f-55b3-9b19-268584a1714f",
"posting_id": "p-9191d34d90",
"source_ref": "frantic:receipt:71c361a472c36337",
"source_url": "/bounties/p-9191d34d90",
"claim_limit": 1,
"description": "runx skill: quote guard\n\nReview criteria before you claim.\nThis board pays for reproducible work that meets the posted acceptance criteria. Every delivery is verified and its evidence is checked before payout.\n- Dogfood the work. Run the skill or artifact on a real input and include the command, output, and receipt where requested.\n- Make the proof checkable. Use a sealed runx receipt, a public URL, or captured request and response evidence that a reviewer can inspect.\n- Keep claims tied to sources. Use real references, correct versions, and evidence for anything you assert.\n- Ship something with public or operator value. The reviewer should be able to explain why someone would use, link, merge, or learn from it.\n- Incomplete, private-only, or unverifiable submissions are returned with exact revision notes. Fix the packet and resubmit.\n\nContext. Quote Guard stops a model-written quote from exceeding pricing authority. It reads a deal ask, account policy, and quote history, decides whether the ask is in band, drafts a quote, and emits two bounded artifacts: a gated send_proposal for the quote and a settlement_ceiling that a downstream spend/refund runner must not exceed. It never sends the quote, mints authority, or settles money.\n\nDeliverable: A published runx quote-guard skill with green hosted harness, sealed dogfood receipt, source_url, evidence_json, and report.\n\nAcceptance:\n- The delivery uses runx CLI 0.6.14 or newer; evidence_json.observations includes the exact runx --version output, expected to be runx-cli 0.6.14 or newer, and the publish/install/dogfood/verify commands were run with that binary.\n- The verified claimant GitHub account currently stars https://github.com/runxhq/runx; Frantic checks this directly through the github.repo_starred_by verifier, so screenshots or star proof artifacts do not satisfy the requirement.\n- The exact package name is quote-guard; publish flow is runx login --provider github --for publish, then runx registry publish ./skills/quote-guard/SKILL.md --registry https://api.runx.ai. public_url is the live registry listing for <owner>/quote-guard@<version> and the canonical public adoption page; source_url is the public source/provenance URL used to publish; and runx registry read <owner>/quote-guard@<version> --json resolves the published metadata and digests when exposed. Do not publish a near-name, alternate name, or renamed implementation. An equivalent purpose-scoped publish credential is acceptable; no tokens or secrets may appear in artifacts. Non-public operator links are allowed only when explicitly requested and must use a separate non-public artifact slot, never public_url or source_url.\n- Open a public PR against runxhq/runx that contains the submitted skill package, including skills/quote-guard/X.yaml, skills/quote-guard/SKILL.md, fixtures, and harness evidence. Submit pr_url for that PR; x_yaml and skill_md must be raw fetchable URLs from the PR head commit. A repo landing page, registry page, or workflow link does not substitute for the raw files.\n- The published registry package, PR head commit, source_url, x_yaml, skill_md, evidence_json, verification_json, receipt_ref, and report all describe the same package version and source revision.\n- A clean install succeeds with runx add <owner>/quote-guard@<version>; the local harness passed before publish via runx harness ./skills/quote-guard; the hosted registry harness passed after publish; a real dogfood run via runx skill <owner>/quote-guard@<version> --json produced a receipt that passes runx verify --receipt <receipt.json> --json, recorded in evidence_json.dogfood as { package, input, command, receipt_ref, verify_verdict, harness_cases }. The recorded receipt_ref is that post-publish dogfood run of <owner>/quote-guard@<version>, not the harness fixture seal, and harness_cases lists each case name with its sealed or refused status.\n- Harness has one sealed case where an in-policy deal ask yields a quote draft, send_proposal, and settlement_ceiling, and one refused/escalated case where an out-of-band ask emits no send proposal and no settlement ceiling.\n- Typed inputs are deal_ask, account_policy, and quote_history; typed output is decision, quote_draft, send_proposal, and settlement_ceiling when authorized.\n- The send is performed only by send-as and any money movement is performed only by the downstream spend/refund accepting runner; this skill mints nothing and settles nothing.\n- The judgment refuses to quote outside policy, refuses ambiguous counterparties or missing approval bands, caps settlement_ceiling at the applicable policy band, and never invents prior quote history.\n- evidence_json observations include decision, policy band, prior quote evidence, settlement_ceiling, quote digest, proposal status, harness case names, and receipt id.\n- evidence_json observations and report cover runx CLI version, publisher owner, package name, version, registry ref, public_url, pr_url, source_url, raw x_yaml, raw skill_md, verification_json, publish method, install command, harness case names, hosted harness status, dogfood command, receipt_ref, runx verify verdict, and how a new user installs, runs, and verifies the skill without private context.\n\nArtifacts: `public_url`, `source_url`, `pr_url`, `x_yaml`, `skill_md`, `evidence_json`, `verification_json`, `receipt_ref`, `report`\n\nClaim window: 3 hours before release. Platform standing may grant longer, never shorter.\n\nPassing delivery shape:\n```text\npublic_url=https://runx.ai/x/<owner>/quote-guard@<version>\nsource_url=https://<public-source-or-provenance-url>\npr_url=https://github.com/runxhq/runx/pull/<number>\nx_yaml=https://raw.githubusercontent.com/<owner>/<repo>/<commit>/skills/quote-guard/X.yaml\nskill_md=https://raw.githubusercontent.com/<owner>/<repo>/<commit>/skills/quote-guard/SKILL.md\nevidence_json=https://example.com/evidence.json\nverification_json=https://example.com/verification.json\nreceipt_ref=runx:receipt:<id>\nreport=https://example.com/report.md\n```\n\nPreflight before delivery: POST https://gofrantic.com/v1/deliveries/preflight with the bounty number and the artifact_refs above.\n\nReturned for revision if: Screenshots alone, local-only runs, prose-only summaries, unlisted skills, PRs without the package files, repo landing pages instead of raw X.yaml/SKILL.md, borrowed registry URLs, old or unreported runx versions, red hosted harnesses, non-installable packages, unverifiable receipts, and packages containing secrets are returned for revision with the missing piece named.\n\nReview gate: apply this bounty's structured criteria.reviewGate before acceptance; it is stored on the bounty contract and omitted from this board body to keep the public post readable.",
"occurred_at": "2026-07-05T09:01:33.625Z",
"price_cents": 1200,
"claimable_at": "2026-07-05T09:01:33.625Z",
"schema_version": 1
}
}