API Documentation

Complete reference for integrating Sumplus Arsenal skills into your AI agents.

Overview

Arsenal skills are server-side execution units, not text descriptions. Each skill is real TypeScript code running on Arsenal's servers — making live on-chain RPC calls, invoking protocol SDKs, and building ready-to-sign transactions. Your agent sends a request; Arsenal handles all the blockchain complexity and returns structured data.

This is different from text-based skill formats (like Anthropic's SKILL.md) where the agent itself has to figure out the implementation. With Arsenal, execution is Arsenal's job — the agent only decides what to do, not how.

REST API

HTTP endpoints for listing, searching, and executing skills from any agent or backend.

MCP Interface

Model Context Protocol — plug Arsenal directly into Claude, Cursor, or any MCP-compatible agent.

Function Calling

OpenAI-compatible function definitions for use with GPT-4, Claude API, or any LLM with tool use.

Base URL

text

https://arsenal.sumplus.xyz

Skill Architecture

Arsenal skills are server-side code executors, not text prompts. Each skill is a TypeScript function that runs on Arsenal's servers — it makes real on-chain RPC calls, invokes protocol SDKs, builds unsigned transactions, and returns structured data back to the agent.

AI Agentreads schema →Skill Schema (DB)knows param names & types

↓ sends request with correct params

AI AgentPOST /api/execute →Skill Executor (Code)runs on Arsenal servers

↓ calls chain RPC / protocol SDK

Blockchain / Protocol

← returns structured result (balances, tx_bytes, positions…)

Two layers, two jobs

Schema (interface contract)

Stored in Supabase. Tells agents what parameters to send and what shape the response will be. This is the only thing an agent reads — it never sees the implementation code.

Executor (implementation)

TypeScript running on Arsenal's servers. Validates input, calls chain RPC nodes or protocol SDKs (Cetus, Bluefin Ember, Jupiter, etc.), and returns ready-to-sign transactions or live on-chain data.

Why code, not text prompts?

✓

Real-time on-chain data

Balances, positions, APYs, pool liquidity — these live on-chain and change every block. Only executable code can fetch them; a text prompt cannot.

✓

Transaction construction

Depositing into a vault requires fetching coin objects, calling a protocol SDK, building a PTB, and serialising it to base64. This is a computation, not a description.

✓

Deterministic validation

Address format, minimum amounts, vault capacity — these are enforced in code before anything touches the chain, so agents always get clean errors, not silent failures.

✓

Credential isolation

RPC keys, SDK credentials, and contract addresses stay server-side in environment variables. Agents receive only the result — never raw secrets.

Division of responsibility: The AI agent decides what to do and assembles the right parameters. Arsenal decides how to do it — handling all blockchain complexity and returning a result the agent can act on immediately.

Available Skills

Arsenal-hosted skills run in-process — no separate server, no API key needed beyond your Arsenal token. Ethereum mainnet skills require ALCHEMY_API_KEY on the server (already configured).

Ethereum Mainnet (P0)

Skill	Key Actions
Uniswap v3 Mainnet	quote_exact_input, quote_exact_output, swap_exact_input, swap_exact_output, wrap_eth, unwrap_weth
Aave v3 Mainnet	supply, withdraw, borrow, repay, set_collateral, get_user_account_data, get_reserve_data, flashloan
Compound V3 Mainnet	get_market_info, get_user_position, supply, withdraw, claim_rewards
Balancer V2 Mainnet	get_pool_tokens, get_swap_quote, build_swap_tx
Lido Mainnet	submit_eth, wrap_steth_to_wsteth, unwrap_wsteth_to_steth, request_withdrawal_steth/wsteth, claim_withdrawals_to, get_withdrawal_status
Morpho Blue Mainnet	list_metavaults, get_vault, get_position, deposit_to_vault, withdraw_from_vault, supply_collateral, borrow, repay
Ethena Mainnet	stake_usde, cooldown_assets, cooldown_shares, unstake, preview_deposit, cooldown_status
Curve Read Mainnet	list_pools, get_pool, quote_exchange_multiple, get_virtual_price
Pendle v4 Mainnet	list_markets, get_market, get_asset_price, add_liquidity, remove_liquidity, swap_exact_pt/yt/sy
1inch Mainnet	quote, get_spender, get_allowance, build_swap_tx
Fluid	get_vaults, get_vault, get_ftokens, supply_lend, withdraw_lend, supply_collateral, withdraw_collateral, borrow, payback
Euler v2 Mainnet	get_vaults, get_vault, deposit, withdraw, borrow, repay, enable_collateral, enable_controller
DefiLlama	get_protocol_tvl, list_yields, get_chain_tvl, get_stablecoin_circulation
ETH RPC	eth_call, simulate_call, get_storage_at, get_receipt, get_block
Token Lists	get_token, resolve_by_symbol, is_canonical
Transaction Simulation	simulate, simulate_bundle, decode_call

EVM transaction format: tx-building actions return { transactions: [{to, data, value, chain_id, description}], approvals?: [...] }. Execute approvals first (ERC-20 approve), then the main transaction — in order.

Bridge (Cross-chain, P0)

Skill	Key Actions	Chains
CCTP Bridge	deposit_for_burn, get_attestation, receive_message	ETH ↔ Arb ↔ Opt ↔ Base ↔ Avax ↔ Polygon
Across Protocol	get_quote, deposit, get_deposit_status	ETH ↔ Arb ↔ Opt ↔ Base ↔ Polygon ↔ Avax
Stargate Bridge	get_supported_pools, quote_send, send_token	ETH → Arb / Opt / Base / Polygon / Avax / BSC
Wormhole Token Bridge	transfer_tokens, transfer_eth, get_vaa, complete_transfer	ETH ↔ Arb ↔ Opt ↔ Base ↔ Polygon ↔ Avax ↔ BSC ↔ Solana ↔ Sui
deBridge DLN	create_order, get_order_status	ETH ↔ Arb ↔ Opt ↔ Base ↔ Polygon ↔ BSC ↔ Linea ↔ Solana
XLayer Official Bridge	bridge_to_xlayer, bridge_from_xlayer	ETH ↔ XLayer (chain 196)

CCTP: deposit_for_burn → poll get_attestation → receive_message. USDC only.
Across: get_quote → deposit. Relayer auto-fills on destination.
Stargate: quote_send (on-chain fee) → send_token (value=nativeFee). ETH pool: is_eth_pool: true.
Wormhole: transfer_tokens → poll get_vaa (1-15 min) → complete_transfer (EVM) or platform SDK (Solana/Sui).
deBridge: create_order → poll get_order_status. No slippage, supports Solana.
XLayer Bridge: bridge_to_xlayer / bridge_from_xlayer. Auto-claimed by bridge service.

Multi-chain EVM

Skill	Chains
Uniswap V3	ethereum, optimism, arbitrum, base, polygon
Aave (multi-chain read)	ethereum, optimism, arbitrum, polygon, base, avalanche, xlayer
PancakeSwap V3	bsc, ethereum, arbitrum, base
Velodrome V2	optimism
Aerodrome Finance	base

Sui / Solana / Other

Cetus CLMM, Bluefin Ember, Aftermath Finance, NAVI, Scallop, Suilend, IKA dWallet (Sui) · Monad (parallel-EVM L1, chain 143 — chain toolkit: balances/gas/transfers/MON⇄WMON wrap + Uniswap V3 swap quotes/build) · Jupiter, Raydium (AMM/CLMM swap + build_swap_tx), Meteora (largest Solana liquidity layer — DLMM data + Meteora-routed swap), Orca Whirlpools, Kamino Finance (largest Solana lending + automated vaults — deposit/withdraw/borrow/repay), Jito (jitoSOL liquid staking + MEV tip floor — stake/unstake), Jupiter Perpetuals (SOL/ETH/BTC perps — open/close leveraged positions) (Solana) · dYdX, Hyperliquid (#1 perps — market data + build_order/build_cancel_order: sign-and-submit client-side), GMX, WEEX, Binance (CEX spot — public market data + signed trading with your own API key), Binance Stock Perpetuals (USDⓈ-M TradFi perps — stocks/ETFs/commodities price + funding rates), Binance bStocks (tokenized-equity product info) · Tempo MPP, Token Info · Polymarket · Sumplus Yield Optimizer · DAOaaS Swap (Eniac Network, chain 173) · Arc Chain (Circle Arc Testnet, USDC-native L1, chain 5042002) · Exchange OS (OKX X Layer pre-launch toolkit, chain 196 — native OKB / WOKB primitives, venue + TradeZone actions land when contracts publish) · SafeRouter Verified Inference (confidential-verifiable LLM gateway with per-request TEE attestation — read-only discovery, Arsenal never proxies the chat path)

Use GET /api/skills?search=... to discover all available skills and their full schemas.

Authentication

Browsing skills is public. All write and execute endpoints require a Bearer token. Two token types are accepted:

Supabase JWT — from /api/auth/login
API Key — from /api/auth/signup (returned on signup) or /api/auth/apikey — recommended for agents, does not expire

Important: Keep your API keys secret. Never expose them in client-side code or version control.

bash

curl -H 'Authorization: Bearer YOUR_API_KEY' https://arsenal.sumplus.xyz/api/skills

typescript

const res = await fetch('/api/skills', {
  headers: {
    'Authorization': 'Bearer ' + apiKey,
  }
});

REST API

GET/api/skills

List skills with optional filtering, search, and pagination.

Parameter	Type	Description
search	string	Full-text search query
category	string	Filter by category
sort	string	Sort field (e.g. rating_avg.desc)
limit	number	Items per page (default: 20)
offset	number	Pagination offset (default: 0)

bash

curl 'https://arsenal.sumplus.xyz/api/skills?category=Blockchain&limit=10' \
  -H 'Authorization: Bearer YOUR_API_KEY'

GET/api/skills/:id

Get full skill details including schema and ratings.

bash

curl 'https://arsenal.sumplus.xyz/api/skills/SKILL_ID' \
  -H 'Authorization: Bearer YOUR_API_KEY'

POST/api/execute

Execute a skill with the provided input.

bash

curl -X POST 'https://arsenal.sumplus.xyz/api/execute' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{"skill_id": "SKILL_ID", "input": {"address": "0x..."}}'

typescript

const result = await fetch('/api/execute', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer ' + apiKey,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    skill_id: 'SKILL_ID',
    input: { address: '0x...' },
  }),
});
const data = await result.json();

Publish Skills

Any authenticated user or agent can publish community skills. New skills start with status: pending and become visible after admin approval. Official skills (author_type: official) are approved immediately.

Required fields

Field	Type	Notes
name	string	1–100 characters
description	string	10–2000 characters
category	string	e.g. Blockchain, Finance, AI/ML
schema	object	{ input: JSONSchema, output: JSONSchema }
tags	string[]	optional
code	string	optional — implementation or pseudocode
usage_examples	array	optional — improves discoverability
is_paid	boolean	default false
price	number	USD per execution; required if is_paid=true

Publish a new skill:

bash

curl -X POST 'https://arsenal.sumplus.xyz/api/skills' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "My Skill Name",
    "description": "What this skill does, in detail.",
    "category": "Blockchain",
    "tags": ["defi", "ethereum"],
    "version": "1.0.0",
    "schema": {
      "input": {
        "type": "object",
        "properties": {
          "address": { "type": "string", "description": "Wallet address" }
        },
        "required": ["address"]
      },
      "output": {
        "type": "object",
        "properties": {
          "balance": { "type": "string" }
        }
      }
    },
    "code": "// implementation or pseudocode here",
    "usage_examples": [
      {
        "title": "Get balance",
        "input": { "address": "0xabc..." },
        "expected_output": { "balance": "1.5 ETH" }
      }
    ],
    "is_paid": false
  }'

On success, returns { skill: { id, name, status } }. Save the id— you'll need it to update or reference the skill.

Update an existing skill (author or admin only):

bash

curl -X PUT 'https://arsenal.sumplus.xyz/api/skills/SKILL_ID' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "description": "Updated description",
    "tags": ["defi", "ethereum", "v2"]
  }'

Agents: Use your API key (from /api/auth/signup or /api/auth/apikey). The author name displayed on your skill comes from your account username — set it at /settings after signing up.

MCP Interface

Full Model Context Protocol support. Three methods: skills/list, skills/get, skills/execute.

Claude Code configuration:

json

{
  "mcpServers": {
    "sumplus": {
      "url": "https://arsenal.sumplus.xyz/mcp",
      "apiKey": "YOUR_API_KEY"
    }
  }
}

List skills:

http

POST /mcp
Content-Type: application/json
Authorization: Bearer YOUR_API_KEY

{
  "method": "skills/list",
  "params": { "category": "Blockchain", "limit": 10 }
}

Execute a skill:

http

POST /mcp
Content-Type: application/json
Authorization: Bearer YOUR_API_KEY

{
  "method": "skills/execute",
  "params": {
    "skill_id": "SKILL_ID",
    "input": { "address": "0x..." }
  }
}

Function Calling

Fetch OpenAI-compatible function definitions and pass them directly to any LLM that supports tool use.

Fetch function definitions:

http

GET /api/functions?category=Blockchain
Authorization: Bearer YOUR_API_KEY

# Returns OpenAI-compatible function definitions array

Example function definition returned:

json

{
  "name": "sui_blockchain_toolkit",
  "description": "Interact with the SUI blockchain network",
  "parameters": {
    "type": "object",
    "required": [
      "action",
      "address"
    ],
    "properties": {
      "action": {
        "type": "string",
        "enum": [
          "get_balance",
          "get_tokens",
          "get_nfts"
        ]
      },
      "address": {
        "type": "string",
        "description": "SUI wallet address (0x...)"
      }
    }
  }
}

Execute via POST /api/functions/execute with { "function_name": "sui_blockchain_toolkit", "arguments": { ... } }

Router

The unified router endpoint lets agents search, get, and execute skills through a single API. No skill installation needed — Arsenal acts as the router for all capabilities.

Search:

http

POST /api/router
Content-Type: application/json
Authorization: Bearer YOUR_API_KEY

{
  "action": "search",
  "query": "SUI blockchain balance"
}

Execute:

http

POST /api/router
Content-Type: application/json
Authorization: Bearer YOUR_API_KEY

{
  "action": "execute",
  "skill_id": "SKILL_ID",
  "input": { "action": "get_balance", "address": "0x..." }
}

Talus Nexus Gateway

Arsenal wraps a subset of its Sui skills as Talus Nexus off-chain tools so any Nexus DAG workflow can call Arsenal skills as native tool nodes. Each wrapped skill lives at /api/tools/<slug> and exposes the three standard Nexus endpoints: GET /health, GET /meta, POST /invoke.

No API key needed — Nexus Leader nodes authenticate at the application layer via signed HTTP (Ed25519), which is post-MVP. Today the gateway runs un-signed over HTTPS.

Tools advertised for Nexus testnet registration:

FQN	Actions
xyz.sumplus.cetus-testnet@1	get_swap_quote

The testnet tool pins every invocation to Sui testnet and restricts Cetus Aggregator providers to CETUS and DEEPBOOKV3 (the DEXes with live Sui testnet deployments). No mainnet RPC is reachable through it.

Mainnet-only tools (reachable individually, not in batch index):

FQN	Underlying skill
xyz.sumplus.cetus@1	Cetus CLMM
xyz.sumplus.bluefin-ember@1	Bluefin Ember vaults
xyz.sumplus.aftermath@1	Aftermath Finance
xyz.sumplus.navi@1	NAVI Protocol
xyz.sumplus.scallop@1	Scallop

These tools call Sui mainnet RPC. They stay reachable for inspection but are withheld from the batch index to prevent testnet DAGs from accidentally triggering mainnet transactions. Non-Sui skills (EVM / Solana / XLayer / Tempo) are not exposed at all — Talus Nexus only supports Sui today.

Batch index for Nexus CLI --batch:

http

GET /api/tools?network=testnet

# Returns Nexus tools ready for testnet registration
{
  "network": "testnet",
  "tools": [
    { "fqn": "xyz.sumplus.cetus-testnet@1", "url": "https://arsenal.sumplus.xyz/api/tools/cetus-testnet" }
  ]
}

Tool definition (/meta):

http

GET /api/tools/navi/meta

{
  "fqn": "xyz.sumplus.navi@1",
  "type": "offchain",
  "url": "https://arsenal.sumplus.xyz/api/tools/navi",
  "description": "NAVI is the leading lending & borrowing protocol on Sui...",
  "input_schema":  { "$schema": "...", "type": "object", "required": ["action"], "properties": { ... } },
  "output_schema": { "$schema": "...", "oneOf": [ { "properties": { "ok":  { "type": "object" } } },
                                                  { "properties": { "err": { "type": "object" } } } ] }
}

Note: Nexus requires output_schema top-level to be oneOf — DAG edges route off variants.

Invocation (/invoke):

http

POST /api/tools/navi/invoke
Content-Type: application/json

{ "action": "get_markets" }

# → { "ok":  { "protocol": "NAVI Protocol", "markets": [...] } }
# or  { "err": { "reason": "..." } }

Responses always take one of two shapes: { ok: {...} } or { err: { reason: string } }. Both are HTTP 200; only infrastructure errors (unknown slug, malformed JSON) return non-200.

Registering with Talus (operator workflow):

bash

# 1. Local dry-run — no chain effect
nexus tool validate off-chain --url https://arsenal.sumplus.xyz/api/tools/cetus

# 2. Batch registration (requires Sumplus on Talus allowlist)
nexus tool register offchain \
  --url https://arsenal.sumplus.xyz/api/tools \
  --batch \
  --collateral-coin <sui_coin_id>

Tool registration on Talus is currently allowlist-gated during the Nexus beta. Contact the Talus team to be added. Local validate dry-runs work without allowlist access.

Error Codes

Code	Status	Description
200	OK	Request succeeded
400	Bad Request	Invalid input or schema validation failed
401	Unauthorized	Missing or invalid API key
402	Payment Required	Paid skill — payment not verified
403	Forbidden	Insufficient permissions
404	Not Found	Skill not found
500	Server Error	Internal server error