← Back to Skills Marketplace
omersadika

Ika Operator

by Omer Sadika · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
143
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ika-operator
Description
Guide for operating Ika network nodes - validators, fullnodes, and notifiers. Use when deploying, configuring, monitoring, or troubleshooting Ika infrastruct...
README (SKILL.md)

Ika Node Operator Guide

Deploy and operate Ika network nodes (validators, fullnodes, notifiers).

References (detailed configuration and operations)

  • references/configuration.md - Complete NodeConfig YAML reference, all fields with defaults
  • references/operations.md - Deployment, monitoring, admin API, recovery, metrics proxy
  • references/validator-setup.md - Step-by-step mainnet validator setup with CLI commands

Node Types

Binary Mode Purpose Key Config
ika-node Auto-detect Selects mode from config Detects automatically
ika-validator Validator Consensus + MPC signing Requires consensus-config
ika-fullnode Fullnode State sync via P2P, no consensus No consensus-config, no notifier-client-key-pair
ika-notifier Notifier Submits checkpoints to Sui Requires notifier-client-key-pair

Auto-detection order: consensus-config present → Validator; else notifier-client-key-pair present → Notifier; else → Fullnode.

Hardware Requirements (Validator)

Resource Minimum
CPU 16 physical cores / 16 vCPUs
Memory 128 GB
Storage 4 TB NVMe
Network 1 Gbps
OS Linux Ubuntu/Debian x64 (or Docker on x64 Linux)

Warning: Hetzner has strict crypto ToS and may close validators without notice.

Connectivity (Validator Ports)

Protocol/Port Direction Purpose
TCP/8080 Inbound Protocol / Transaction Interface
UDP/8081 Inbound/Outbound Consensus Interface
UDP/8084 Inbound/Outbound Peer-to-Peer State Sync
TCP/8443 Outbound Metrics Pushing
TCP/9184 Inbound/Outbound Metrics Scraping (both Sui fullnode and Ika node)

Critical: Ports 8080-8084 and 9184 must be open with correct protocols (TCP/UDP).

Prerequisites

  • DNS address for your validator (e.g., ika-mainnet-1.\x3Cyour-domain>)
  • Your own Sui fullnode on Sui mainnet, fully synced (at least 2 latest epochs). Use separate DNS for Sui node.
  • Sui CLI installed, configured for mainnet, active address with at least 10 SUI
  • Minimum 40 million IKA stake to join the committee

Quick Start: Mainnet Validator

Download binaries from: https://github.com/dwallet-labs/ika/releases

Step 1: Configure Ika Environment

Get the latest package/object IDs from the canonical source:

  • Mainnet: deployed_contracts/mainnet/address.yaml (GitHub)
  • Testnet: deployed_contracts/testnet/address.yaml (GitHub)
./ika validator config-env \
  --ika-package-id                    \x3Cika_package_id> \
  --ika-common-package-id             \x3Cika_common_package_id> \
  --ika-dwallet-2pc-mpc-package-id    \x3Cika_dwallet_2pc_mpc_package_id> \
  --ika-system-package-id             \x3Cika_system_package_id> \
  --ika-system-object-id              \x3Cika_system_object_id>
# Creates: ~/.ika/ika_config/ika_sui_config.yaml
# Note: ika-dwallet-coordinator-object-id is not set at this stage (defaults to zero);
# it must be configured later in the node's validator.yaml under sui-connector-config.

Step 2: Generate Validator Info & Keys

./ika validator make-validator-info \
  "My Validator" "Description" \
  "https://example.com/image.png" "https://example.com" \
  "ika-mainnet-1.example.com" \
  10000 \
  \x3CYOUR_SUI_ADDRESS>
# Generates: protocol.key, network.key, consensus.key, root-seed.key, validator.info

CRITICAL: Back up ALL generated keys. root-seed.key is SECRET and IRREPLACEABLE. If lost, it cannot be updated via contract. Other keys (protocol, network, consensus) can be rotated on-chain.

Step 3: Register as Validator Candidate

./ika validator become-candidate ./validator.info
# Returns: Validator ID, Validator Cap ID, Validator Operation Cap ID, and Validator Commission Cap ID

Step 4: Stake into Validator

Stake at least 40 million IKA via: https://ika-mainnet-validators-staking.pages.dev/

Verify your Validator ID matches the CLI output.

Step 5: Join Committee

./ika validator join-committee --validator-cap-id \x3CVALIDATOR_CAP_ID>

You become a pending validator and join the committee at the next epoch.

Step 6: Run the Validator Node

Directory structure:

/opt/ika/
├── bin/ika-node
├── config/validator.yaml
├── key-pairs/
│   ├── protocol.key
│   ├── network.key
│   ├── consensus.key
│   └── root-seed.key
└── db/                        # Created at runtime
    ├── authorities_db/
    └── consensus_db/

Before running, edit validator.yaml:

  • Set ika-dwallet-coordinator-object-id to the value from deployed_contracts/mainnet/address.yaml
  • Ensure: sui-chain-identifier: mainnet
  • Set metrics: push-url: "https://mainnet.metrics.ika-network.net:8443/publish/metrics"
ika-node --config-path /opt/ika/config/validator.yaml

Logging: Set RUST_LOG for log levels, RUST_LOG_JSON=1 for JSON output.

Step 7: Verify

Wait a couple minutes, check logs for:

ika_core::checkpoints: Creating checkpoint(s) for 0 messages next_checkpoint_seq=1

This confirms the node is running. Additional checkpoints appear only during/after MPC sessions.

Package & Object IDs

Always get the latest IDs from the canonical source files in the repo:

  • Mainnet: deployed_contracts/mainnet/address.yaml (GitHub)
  • Testnet: deployed_contracts/testnet/address.yaml (GitHub)

Keypairs

Key Type Purpose Required By Recoverable?
protocol-key-pair AuthorityKeyPair Protocol signatures All Yes (rotate on-chain)
consensus-key-pair Ed25519 Consensus communication All Yes (rotate on-chain)
network-key-pair Ed25519 P2P networking All Yes (rotate on-chain)
account-key-pair SuiKeyPair Sui interactions All Yes
root-seed-key-pair RootSeed MPC cryptographic operations Validators NO - IRREPLACEABLE
notifier-client-key-pair SuiKeyPair Submit checkpoints to Sui Notifiers Yes

Validator Config Essentials

# Mainnet validator must have:
sui-connector-config:
  sui-chain-identifier: mainnet
  sui-rpc-url: 'http://\x3Cyour-sui-fullnode>:9000'
  # Get all IDs from deployed_contracts/mainnet/address.yaml
  ika-package-id: '\x3Cfrom address.yaml>'
  ika-dwallet-coordinator-object-id: '\x3Cfrom address.yaml>'
  # ... other package/object IDs

consensus-config:                         # Presence triggers validator mode
  db-path: '/opt/ika/consensus_db'
  db-retention-epochs: 0
  db-pruner-period-secs: 3600
  max-pending-transactions: 20000

root-seed-key-pair:
  path: /opt/ika/key-pairs/root-seed.key

metrics:
  push-url: "https://mainnet.metrics.ika-network.net:8443/publish/metrics"

Admin API (localhost only)

curl http://127.0.0.1:1337/logging                    # View log filter
curl -X POST 'http://127.0.0.1:1337/enable-tracing?filter=debug&duration=10s'
curl -X POST http://127.0.0.1:1337/reset-tracing      # Reset to env var
curl http://127.0.0.1:1337/node-config                 # View config (keys masked)
curl http://127.0.0.1:1337/capabilities                # View capabilities

Environment Variables

Variable Purpose Default
IKA_CONFIG_DIR Override config directory ~/.ika/ika_config/
RUST_LOG Log level filter
RUST_LOG_JSON JSON log output (1 to enable)
TRACE_FILTER Tracing log filter

Services by Node Type

Service Validator Fullnode Notifier
AuthorityState Y Y Y
ConsensusManager Y
DWalletMPCService Y
SuiConnectorService Y Y Y
CheckpointServices Y Y Y
P2P + StateSync Y Y Y
Discovery Y Y Y

Key Operational Notes

  • Release mode required: Always build with --release for crypto operations
  • Sui fullnode required: Run your own Sui fullnode, fully synced (2+ latest epochs)
  • Package IDs must match: Contract IDs in config must match deployed contracts
  • Minimum stake: 40 million IKA to join the committee
  • Root seed is sacred: Back it up securely. Cannot be regenerated or rotated on-chain.
  • Updates: Monitor #nodes-updates-mainnet channel for new releases
  • Recovery: Use --run-with-range-epoch or --run-with-range-checkpoint for disaster recovery
  • Checkpoint pinning: Use pinned-dwallet-checkpoints in state-sync config for fork recovery
  • Graceful shutdown: Send SIGTERM or SIGINT
Usage Guidance
This guide appears to be what it claims: an operator manual for Ika nodes. Before using it, verify the ika binaries you install come from the official GitHub releases referenced in the docs. Treat any commands that remove directories (rm -rf) or change event cursors as destructive — run them only with backups in place. Keep all generated keys (especially root-seed.key) offline and backed up. Be cautious when configuring metrics remote-write URLs or state-archive object stores: those configs can contain credentials (AWS keys, usernames/passwords) and will transmit data to the configured endpoints. Confirm any external endpoints (metrics push URL, staking portal) are legitimate and under your control; do not paste secrets into example endpoints. Finally, because this is instruction-only, the skill itself cannot exfiltrate secrets automatically, but following its instructions could cause data exposure if misconfigured — proceed only if you (or your operator) understand and control the targets and secrets involved.
Capability Analysis
Type: OpenClaw Skill Name: ika-operator Version: 1.0.0 The skill bundle provides a comprehensive and legitimate guide for operating Ika network infrastructure, including validators and fullnodes. It contains detailed configuration references, hardware requirements, and step-by-step operational procedures that align perfectly with its stated purpose. While the instructions involve high-risk activities such as managing sensitive cryptographic keys (e.g., `root-seed.key`) and executing binaries, these are standard requirements for blockchain node operations and are directed toward official project resources (e.g., `github.com/dwallet-labs/ika` and `ika.xyz`). No evidence of malicious intent, data exfiltration, or prompt injection was found.
Capability Assessment
Purpose & Capability
Name/description map to the requested binaries and files: 'ika' and 'sui' are reasonable requirements for operating Ika nodes and integrating with Sui. No unrelated credentials, installs, or binaries are requested.
Instruction Scope
The SKILL.md and reference docs stay within node operator scope (configuring, key generation, running, monitoring, and recovery). They do include destructive recovery commands (rm -rf on DB paths) and admin actions (key backups, event cursor overrides) that are expected for ops but are sensitive and should only be executed intentionally. The docs also instruct pushing metrics to external endpoints and show examples that include credentials—these are operational but could leak data if misconfigured.
Install Mechanism
This is an instruction-only skill with no install spec and no downloadable archives; it does not write code to disk or fetch remote packages as part of installation, which is low-risk for install mechanism.
Credentials
The registry metadata declares no required environment variables and no primary credential. However, the configuration examples contain optional fields that accept sensitive secrets (AWS access keys, metrics proxy username/password, certificate/private-key paths). Those fields are legitimate for node operators but are optional; there is no unexplained request for unrelated credentials in the skill metadata.
Persistence & Privilege
always:false and user-invocable:true (defaults) — no elevated persistence requested. The skill is instruction-only and does not modify other skills or agent-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ika-operator
  3. After installation, invoke the skill by name or use /ika-operator
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Release v1.0.0
Metadata
Slug ika-operator
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Ika Operator?

Guide for operating Ika network nodes - validators, fullnodes, and notifiers. Use when deploying, configuring, monitoring, or troubleshooting Ika infrastruct... It is an AI Agent Skill for Claude Code / OpenClaw, with 143 downloads so far.

How do I install Ika Operator?

Run "/install ika-operator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ika Operator free?

Yes, Ika Operator is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Ika Operator support?

Ika Operator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ika Operator?

It is built and maintained by Omer Sadika (@omersadika); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments