feat: refactor agent training to use OpenClaw agent with allowlist for AITBC CLI execution

Replaced direct AITBC CLI command execution with OpenClaw agent-based execution that respects the allowlist: - Changed openclaw_training_operations to execute commands via `openclaw agent --message` instead of direct CLI calls - Removed operation-specific command building logic (wallet_create, genesis_init, etc.) - Simplified execution flow to single OpenClaw agent invocation with prompt message - Added prerequisites
2026-05-05 16:03:24 +02:00
parent dae8ad6569
commit a2601c7697
19 changed files with 3001 additions and 67 deletions
--- a/scripts/hybrid/aitbc_openclaw_wrapper.sh
+++ b/scripts/hybrid/aitbc_openclaw_wrapper.sh
@@ -0,0 +1,119 @@
+#!/bin/bash
+# AITBC + OpenClaw Hybrid Script System
+# Clean separation: Shell (execution) + OpenClaw (reasoning)
+
+set -e
+
+# Configuration
+AITBC_CLI="/opt/aitbc/aitbc-cli"
+OPENCLAW_CMD="openclaw agent --agent main"
+LOG_DIR="/var/log/aitbc/hybrid"
+mkdir -p "$LOG_DIR"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Logging function
+log() {
+    local level="$1"
+    shift
+    local message="$@"
+    local timestamp=$(date -Iseconds)
+    echo -e "${timestamp} [${level}] ${message}" | tee -a "$LOG_DIR/hybrid.log"
+}
+
+# Execute AITBC CLI command
+execute_aitbc() {
+    local cmd="$@"
+    log "INFO" "Executing AITBC: $cmd"
+    
+    cd /opt/aitbc
+    local output
+    output=$(./aitbc-cli $cmd 2>&1)
+    local exit_code=$?
+    
+    if [ $exit_code -eq 0 ]; then
+        log "SUCCESS" "AITBC command succeeded"
+        echo "$output"
+        return 0
+    else
+        log "ERROR" "AITBC command failed with exit code $exit_code"
+        echo "$output" >&2
+        return $exit_code
+    fi
+}
+
+# Analyze output with OpenClaw
+analyze_with_openclaw() {
+    local data="$@"
+    log "INFO" "Analyzing with OpenClaw..."
+    
+    local analysis
+    analysis=$(echo "$data" | $OPENCLAW_CMD --message "Analyze this AITBC output and provide insights: $data" 2>&1)
+    local exit_code=$?
+    
+    if [ $exit_code -eq 0 ]; then
+        log "SUCCESS" "OpenClaw analysis completed"
+        echo "$analysis"
+        return 0
+    else
+        log "WARN" "OpenClaw analysis failed (non-critical)"
+        echo "$analysis" >&2
+        return 1
+    fi
+}
+
+# Hybrid execution with optional analysis
+hybrid_execute() {
+    local cmd="$@"
+    local use_openclaw="${USE_OPENCLAW:-false}"
+    
+    # Execute AITBC command
+    local aitbc_output
+    aitbc_output=$(execute_aitbc $cmd)
+    local aitbc_exit=$?
+    
+    if [ $aitbc_exit -ne 0 ]; then
+        return $aitbc_exit
+    fi
+    
+    # Optionally analyze with OpenClaw
+    if [ "$use_openclaw" = "true" ]; then
+        echo -e "${BLUE}=== OpenClaw Analysis ===${NC}"
+        analyze_with_openclaw "$aitbc_output"
+    fi
+    
+    return 0
+}
+
+# Main CLI interface
+main() {
+    local command="$1"
+    shift || true
+    
+    case "$command" in
+        exec)
+            # Execute AITBC command only
+            execute_aitbc "$@"
+            ;;
+        analyze)
+            # Analyze existing data with OpenClaw
+            local data="$@"
+            analyze_with_openclaw "$data"
+            ;;
+        hybrid)
+            # Execute AITBC and analyze with OpenClaw
+            USE_OPENCLAW=true hybrid_execute "$@"
+            ;;
+        *)
+            # Default: execute AITBC only
+            hybrid_execute "$command" "$@"
+            ;;
+    esac
+}
+
+main "$@"
--- a/scripts/training/configure_messaging.sh
+++ b/scripts/training/configure_messaging.sh
@@ -0,0 +1,150 @@
+#!/bin/bash
+# AITBC Messaging Authentication Configuration Script
+# Sets up messaging service authentication for agent training
+#
+# DEPRECATED: This script is deprecated in favor of the Python-based setup system.
+# Use: python -m aitbc.training_setup.cli setup (includes messaging configuration)
+# See: /opt/aitbc/docs/agent-training/ENVIRONMENT_SETUP.md
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+AITBC_DIR="/opt/aitbc"
+LOG_DIR="/var/log/aitbc/training-setup"
+mkdir -p "$LOG_DIR"
+
+# Configuration
+MESSAGING_SERVICE_PORT=9002
+AUTH_TOKEN_FILE="/var/lib/aitbc/messaging-auth.token"
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log() {
+    local level="$1"
+    shift
+    local message="$@"
+    local timestamp=$(date -Iseconds)
+    echo -e "${timestamp} [${level}] ${message}" | tee -a "$LOG_DIR/configure_messaging.log"
+}
+
+check_messaging_service() {
+    log "INFO" "Checking messaging service status..."
+    
+    # Check if messaging service is running
+    if systemctl is-active --quiet aitbc-messaging 2>/dev/null; then
+        log "INFO" "Messaging service is running"
+        return 0
+    else
+        log "WARN" "Messaging service not running or not installed"
+        return 1
+    fi
+}
+
+generate_auth_token() {
+    log "INFO" "Generating messaging authentication token..."
+    
+    # Generate random token
+    local token
+    token=$(openssl rand -hex 32)
+    
+    # Store token
+    echo "$token" > "$AUTH_TOKEN_FILE"
+    chmod 600 "$AUTH_TOKEN_FILE"
+    
+    log "SUCCESS" "Authentication token generated and stored"
+    echo "$token"
+}
+
+configure_messaging_auth() {
+    local wallet_name="$1"
+    local password="$2"
+    
+    log "INFO" "Configuring messaging authentication for wallet: $wallet_name"
+    
+    cd "$AITBC_DIR"
+    
+    # Generate auth token
+    local token
+    token=$(generate_auth_token)
+    
+    # Configure wallet for messaging
+    log "INFO" "Registering wallet with messaging service..."
+    ./aitbc-cli agent message --wallet "$wallet_name" --password "$password" --auth-token "$token" || log "WARN" "Messaging registration may have failed"
+    
+    log "SUCCESS" "Messaging authentication configured for $wallet_name"
+}
+
+test_messaging_connectivity() {
+    log "INFO" "Testing messaging connectivity..."
+    
+    cd "$AITBC_DIR"
+    
+    # Send test message
+    local test_result
+    test_result=$(./aitbc-cli agent message --topic "test-topic" --message "test-message" 2>&1 || echo "failed")
+    
+    if [[ "$test_result" == *"failed"* ]] || [[ "$test_result" == *"error"* ]]; then
+        log "WARN" "Messaging connectivity test failed"
+        return 1
+    else
+        log "SUCCESS" "Messaging connectivity test passed"
+        return 0
+    fi
+}
+
+setup_messaging_config() {
+    log "INFO" "Setting up messaging configuration..."
+    
+    # Create messaging config directory
+    mkdir -p /var/lib/aitbc/messaging
+    
+    # Create basic config
+    cat > /var/lib/aitbc/messaging/config.json <<EOF
+{
+  "service_port": $MESSAGING_SERVICE_PORT,
+  "auth_required": true,
+  "auth_token_file": "$AUTH_TOKEN_FILE",
+  "topics": ["test-topic", "training-topic", "agent-coordination"],
+  "max_message_size": 1048576,
+  "retention_policy": "7d"
+}
+EOF
+    
+    log "SUCCESS" "Messaging configuration created"
+}
+
+main() {
+    log "INFO" "Starting messaging authentication configuration..."
+    
+    # Setup config
+    setup_messaging_config
+    
+    # Check service
+    check_messaging_service || log "WARN" "Messaging service may need to be started"
+    
+    # Configure authentication for training wallets
+    configure_messaging_auth "training-wallet" "training123"
+    configure_messaging_auth "exam-wallet" "exam123"
+    
+    # Test connectivity
+    test_messaging_connectivity || log "WARN" "Messaging connectivity may require additional setup"
+    
+    log "SUCCESS" "Messaging authentication configuration completed"
+    echo ""
+    echo -e "${GREEN}=== Messaging Configuration Summary ===${NC}"
+    echo "Auth token file: $AUTH_TOKEN_FILE"
+    echo "Config file: /var/lib/aitbc/messaging/config.json"
+    echo "Service port: $MESSAGING_SERVICE_PORT"
+    echo ""
+    echo "Next steps:"
+    echo "1. Start messaging service if not running: systemctl start aitbc-messaging"
+    echo "2. Test messaging with: ./aitbc-cli agent message --topic test-topic --message 'test'"
+    echo "3. Check service status: systemctl status aitbc-messaging"
+}
+
+main "$@"
--- a/scripts/training/fund_accounts.sh
+++ b/scripts/training/fund_accounts.sh
@@ -0,0 +1,143 @@
+#!/bin/bash
+# AITBC Account Funding Script
+# Funds training accounts on mainnet via faucet or genesis allocation
+#
+# DEPRECATED: This script is deprecated in favor of the Python-based setup system.
+# Use: python -m aitbc.training_setup.cli fund-wallet <wallet-name>
+# See: /opt/aitbc/docs/agent-training/ENVIRONMENT_SETUP.md
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+AITBC_DIR="/opt/aitbc"
+LOG_DIR="/var/log/aitbc/training-setup"
+mkdir -p "$LOG_DIR"
+
+# Configuration
+FAUCET_AMOUNT=1000  # AIT tokens per request
+GENESIS_ALLOCATION=10000  # AIT tokens for genesis accounts
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log() {
+    local level="$1"
+    shift
+    local message="$@"
+    local timestamp=$(date -Iseconds)
+    echo -e "${timestamp} [${level}] ${message}" | tee -a "$LOG_DIR/fund_accounts.log"
+}
+
+create_genesis_allocation() {
+    log "INFO" "Creating genesis allocation for training accounts..."
+    
+    cd "$AITBC_DIR"
+    
+    # Create genesis wallet if it doesn't exist
+    if ! ./aitbc-cli wallet list | grep -q "genesis"; then
+        log "INFO" "Creating genesis wallet..."
+        ./aitbc-cli wallet create genesis "" || log "WARN" "Genesis wallet may already exist"
+    fi
+    
+    # Initialize genesis with allocation
+    log "INFO" "Initializing genesis with $GENESIS_ALLOCATION AIT allocation..."
+    ./aitbc-cli blockchain genesis --force || log "WARN" "Genesis initialization may have failed"
+    
+    log "SUCCESS" "Genesis allocation completed"
+}
+
+setup_faucet_wallet() {
+    log "INFO" "Setting up faucet wallet..."
+    
+    cd "$AITBC_DIR"
+    
+    # Create faucet wallet
+    if ! ./aitbc-cli wallet list | grep -q "faucet"; then
+        log "INFO" "Creating faucet wallet..."
+        ./aitbc-cli wallet create faucet "faucet-password"
+    fi
+    
+    # Fund faucet from genesis
+    log "INFO" "Funding faucet wallet from genesis..."
+    ./aitbc-cli wallet send genesis faucet $FAUCET_AMOUNT "" || log "WARN" "Faucet funding may have failed"
+    
+    log "SUCCESS" "Faucet wallet setup completed"
+}
+
+fund_training_wallet() {
+    local wallet_name="$1"
+    local password="$2"
+    
+    log "INFO" "Funding training wallet: $wallet_name"
+    
+    cd "$AITBC_DIR"
+    
+    # Create wallet if it doesn't exist
+    if ! ./aitbc-cli wallet list | grep -q "$wallet_name"; then
+        log "INFO" "Creating wallet: $wallet_name"
+        ./aitbc-cli wallet create "$wallet_name" "$password"
+    fi
+    
+    # Fund from faucet
+    log "INFO" "Funding $wallet_name with $FAUCET_AMOUNT AIT from faucet..."
+    ./aitbc-cli wallet send faucet "$wallet_name" $FAUCET_AMOUNT "faucet-password" || log "WARN" "Funding may have failed"
+    
+    # Verify balance
+    local balance
+    balance=$(./aitbc-cli wallet balance "$wallet_name" 2>&1 || echo "0")
+    log "INFO" "Wallet $wallet_name balance: $balance"
+    
+    log "SUCCESS" "Training wallet $wallet_name funded"
+}
+
+verify_account_registration() {
+    local wallet_name="$1"
+    
+    log "INFO" "Verifying account registration for: $wallet_name"
+    
+    cd "$AITBC_DIR"
+    
+    # Check if account exists on-chain
+    local account_info
+    account_info=$(./aitbc-cli blockchain account "$wallet_name" 2>&1 || echo "not_found")
+    
+    if [[ "$account_info" == *"not_found"* ]]; then
+        log "WARN" "Account $wallet_name not found on-chain - may need manual registration"
+        return 1
+    else
+        log "SUCCESS" "Account $wallet_name registered on-chain"
+        return 0
+    fi
+}
+
+main() {
+    log "INFO" "Starting account funding process..."
+    
+    # Setup genesis and faucet
+    create_genesis_allocation
+    setup_faucet_wallet
+    
+    # Fund standard training wallets
+    fund_training_wallet "training-wallet" "training123"
+    fund_training_wallet "exam-wallet" "exam123"
+    
+    # Verify account registration
+    verify_account_registration "training-wallet"
+    verify_account_registration "exam-wallet"
+    
+    log "SUCCESS" "Account funding completed"
+    echo ""
+    echo -e "${GREEN}=== Funding Summary ===${NC}"
+    echo "Genesis wallet: Funded with $GENESIS_ALLOCATION AIT"
+    echo "Faucet wallet: Funded with $FAUCET_AMOUNT AIT"
+    echo "Training wallets: Funded with $FAUCET_AMOUNT AIT each"
+    echo ""
+    echo "Note: Account registration on-chain may require additional steps"
+    echo "Check blockchain status with: ./aitbc-cli blockchain info"
+}
+
+main "$@"
--- a/scripts/training/setup_faucet.sh
+++ b/scripts/training/setup_faucet.sh
@@ -0,0 +1,325 @@
+#!/bin/bash
+# AITBC Faucet Setup Script
+# Sets up a faucet mechanism from scratch for mainnet account funding
+#
+# DEPRECATED: This script is deprecated in favor of the Python-based setup system.
+# Use: python -m aitbc.training_setup.cli setup (includes faucet setup)
+# See: /opt/aitbc/docs/agent-training/ENVIRONMENT_SETUP.md
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+AITBC_DIR="/opt/aitbc"
+LOG_DIR="/var/log/aitbc/training-setup"
+mkdir -p "$LOG_DIR"
+
+# Configuration
+FAUCET_PORT=8080
+FAUCET_AMOUNT=1000  # AIT tokens per request
+RATE_LIMIT_PER_HOUR=10  # Requests per IP per hour
+FAUCET_WALLET="faucet"
+FAUCET_PASSWORD="faucet-password"
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log() {
+    local level="$1"
+    shift
+    local message="$@
+    local timestamp=$(date -Iseconds)
+    echo -e "${timestamp} [${level}] ${message}" | tee -a "$LOG_DIR/setup_faucet.log"
+}
+
+create_faucet_service() {
+    log "INFO" "Creating faucet service..."
+    
+    # Create faucet service file
+    cat > /etc/systemd/system/aitbc-faucet.service <<EOF
+[Unit]
+Description=AITBC Faucet Service
+After=network.target aitbc-node.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=$AITBC_DIR
+ExecStart=$AITBC_DIR/scripts/training/faucet_server.py --port $FAUCET_PORT --amount $FAUCET_AMOUNT --wallet $FAUCET_WALLET --password $FAUCET_PASSWORD
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOF
+    
+    log "SUCCESS" "Faucet service file created"
+}
+
+create_faucet_server() {
+    log "INFO" "Creating faucet server script..."
+    
+    mkdir -p "$AITBC_DIR/scripts/training"
+    
+    cat > "$AITBC_DIR/scripts/training/faucet_server.py" <<'PYEOF'
+#!/usr/bin/env python3
+"""
+AITBC Faucet Server
+Simple HTTP API for funding accounts on mainnet
+"""
+
+import argparse
+import json
+import subprocess
+import time
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from urllib.parse import urlparse, parse_qs
+from datetime import datetime, timedelta
+import threading
+
+class RateLimiter:
+    def __init__(self, max_requests_per_hour=10):
+        self.requests = {}
+        self.max_requests = max_requests_per_hour
+        self.lock = threading.Lock()
+    
+    def is_allowed(self, ip):
+        with self.lock:
+            now = datetime.now()
+            # Clean old requests
+            self.requests = {
+                k: [t for t in v if now - t < timedelta(hours=1)]
+                for k, v in self.requests.items()
+            }
+            
+            if ip not in self.requests:
+                self.requests[ip] = []
+            
+            if len(self.requests[ip]) >= self.max_requests:
+                return False
+            
+            self.requests[ip].append(now)
+            return True
+
+class FaucetHandler(BaseHTTPRequestHandler):
+    def __init__(self, *args, faucet_config=None, **kwargs):
+        self.config = faucet_config
+        self.rate_limiter = RateLimiter()
+        super().__init__(*args, **kwargs)
+    
+    def do_GET(self):
+        parsed = urlparse(self.path)
+        
+        if parsed.path == "/health":
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.end_headers()
+            self.wfile.write(json.dumps({"status": "healthy"}).encode())
+            return
+        
+        if parsed.path == "/":
+            self.send_response(200)
+            self.send_header("Content-type", "text/html")
+            self.end_headers()
+            self.wfile.write(b"<html><body><h1>AITBC Faucet</h1><p>POST to /fund with address parameter</p></body></html>")
+            return
+        
+        self.send_response(404)
+        self.end_headers()
+    
+    def do_POST(self):
+        parsed = urlparse(self.path)
+        
+        if parsed.path == "/fund":
+            client_ip = self.client_address[0]
+            
+            if not self.rate_limiter.is_allowed(client_ip):
+                self.send_response(429)
+                self.send_header("Content-type", "application/json")
+                self.end_headers()
+                self.wfile.write(json.dumps({"error": "Rate limit exceeded"}).encode())
+                return
+            
+            try:
+                content_length = int(self.headers['Content-Length'])
+                post_data = self.rfile.read(content_length)
+                data = json.loads(post_data.decode('utf-8'))
+                
+                address = data.get('address')
+                if not address:
+                    raise ValueError("Address required")
+                
+                # Fund the address
+                result = self.fund_address(address)
+                
+                self.send_response(200)
+                self.send_header("Content-type", "application/json")
+                self.end_headers()
+                self.wfile.write(json.dumps(result).encode())
+            except Exception as e:
+                self.send_response(400)
+                self.send_header("Content-type", "application/json")
+                self.end_headers()
+                self.wfile.write(json.dumps({"error": str(e)}).encode())
+        else:
+            self.send_response(404)
+            self.end_headers()
+    
+    def fund_address(self, address):
+        cmd = [
+            "./aitbc-cli", "wallet", "send",
+            self.config['wallet'], address,
+            str(self.config['amount']),
+            self.config['password']
+        ]
+        
+        result = subprocess.run(
+            cmd,
+            cwd=self.config['aitbc_dir'],
+            capture_output=True,
+            text=True,
+            timeout=30
+        )
+        
+        if result.returncode != 0:
+            raise Exception(f"Funding failed: {result.stderr}")
+        
+        return {
+            "status": "success",
+            "address": address,
+            "amount": self.config['amount'],
+            "transaction_id": result.stdout.strip(),
+            "timestamp": datetime.now().isoformat()
+        }
+    
+    def log_message(self, format, *args):
+        pass  # Suppress default logging
+
+def main():
+    parser = argparse.ArgumentParser(description='AITBC Faucet Server')
+    parser.add_argument('--port', type=int, default=8080, help='Port to listen on')
+    parser.add_argument('--amount', type=int, default=1000, help='Amount to fund per request')
+    parser.add_argument('--wallet', type=str, default='faucet', help='Faucet wallet name')
+    parser.add_argument('--password', type=str, default='', help='Faucet wallet password')
+    parser.add_argument('--aitbc-dir', type=str, default='/opt/aitbc', help='AITBC directory')
+    
+    args = parser.parse_args()
+    
+    config = {
+        'port': args.port,
+        'amount': args.amount,
+        'wallet': args.wallet,
+        'password': args.password,
+        'aitbc_dir': args.aitbc_dir
+    }
+    
+    def handler(*args_handler, **kwargs_handler):
+        return FaucetHandler(*args_handler, faucet_config=config, **kwargs_handler)
+    
+    server = HTTPServer(('0.0.0.0', config['port']), handler)
+    print(f"Faucet server running on port {config['port']}")
+    print(f"Funding amount: {config['amount']} AIT per request")
+    print(f"Rate limit: 10 requests per hour per IP")
+    server.serve_forever()
+
+if __name__ == '__main__':
+    main()
+PYEOF
+    
+    chmod +x "$AITBC_DIR/scripts/training/faucet_server.py"
+    
+    log "SUCCESS" "Faucet server script created"
+}
+
+setup_faucet_funding() {
+    log "INFO" "Setting up faucet funding source..."
+    
+    cd "$AITBC_DIR"
+    
+    # Create faucet wallet if it doesn't exist
+    if ! ./aitbc-cli wallet list | grep -q "$FAUCET_WALLET"; then
+        log "INFO" "Creating faucet wallet..."
+        ./aitbc-cli wallet create "$FAUCET_WALLET" "$FAUCET_PASSWORD"
+    fi
+    
+    # Fund faucet from genesis
+    log "INFO" "Funding faucet wallet from genesis..."
+    ./aitbc-cli wallet send genesis "$FAUCET_WALLET" 100000 "" || log "WARN" "Faucet funding may have failed"
+    
+    # Verify faucet balance
+    local balance
+    balance=$(./aitbc-cli wallet balance "$FAUCET_WALLET" 2>&1 || echo "0")
+    log "INFO" "Faucet wallet balance: $balance"
+    
+    log "SUCCESS" "Faucet funding source setup completed"
+}
+
+start_faucet_service() {
+    log "INFO" "Starting faucet service..."
+    
+    # Reload systemd
+    systemctl daemon-reload
+    
+    # Enable and start service
+    systemctl enable aitbc-faucet
+    systemctl start aitbc-faucet
+    
+    # Wait for service to start
+    sleep 3
+    
+    # Check service status
+    if systemctl is-active --quiet aitbc-faucet; then
+        log "SUCCESS" "Faucet service started successfully"
+    else
+        log "WARN" "Faucet service may not have started correctly"
+        systemctl status aitbc-faucet || true
+    fi
+}
+
+test_faucet_api() {
+    log "INFO" "Testing faucet API..."
+    
+    # Test health endpoint
+    local health_result
+    health_result=$(curl -s http://localhost:$FAUCET_PORT/health 2>&1 || echo "failed")
+    
+    if [[ "$health_result" == *"healthy"* ]]; then
+        log "SUCCESS" "Faucet API health check passed"
+    else
+        log "WARN" "Faucet API health check failed"
+    fi
+}
+
+main() {
+    log "INFO" "Starting faucet setup from scratch..."
+    
+    create_faucet_server
+    create_faucet_service
+    setup_faucet_funding
+    start_faucet_service
+    test_faucet_api
+    
+    log "SUCCESS" "Faucet setup completed"
+    echo ""
+    echo -e "${GREEN}=== Faucet Setup Summary ===${NC}"
+    echo "Faucet service: aitbc-faucet"
+    echo "API endpoint: http://localhost:$FAUCET_PORT"
+    echo "Funding amount: $FAUCET_AMOUNT AIT per request"
+    echo "Rate limit: $RATE_LIMIT_PER_HOUR requests per hour per IP"
+    echo ""
+    echo "API Usage:"
+    echo "  POST http://localhost:$FAUCET_PORT/fund"
+    echo "  Content-Type: application/json"
+    echo '  {"address": "ait1..."}'
+    echo ""
+    echo "Service management:"
+    echo "  Start: systemctl start aitbc-faucet"
+    echo "  Stop: systemctl stop aitbc-faucet"
+    echo "  Status: systemctl status aitbc-faucet"
+    echo "  Logs: journalctl -u aitbc-faucet -f"
+}
+
+main "$@"
--- a/scripts/training/setup_training_env.sh
+++ b/scripts/training/setup_training_env.sh
@@ -0,0 +1,130 @@
+#!/bin/bash
+# AITBC Training Environment Setup Script
+# Sets up mainnet environment for agent training with funded accounts and messaging
+#
+# DEPRECATED: This script is deprecated in favor of the Python-based setup system.
+# Use: python -m aitbc.training_setup.cli setup
+# See: /opt/aitbc/docs/agent-training/ENVIRONMENT_SETUP.md
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+AITBC_DIR="/opt/aitbc"
+LOG_DIR="/var/log/aitbc/training-setup"
+mkdir -p "$LOG_DIR"
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log() {
+    local level="$1"
+    shift
+    local message="$@"
+    local timestamp=$(date -Iseconds)
+    echo -e "${timestamp} [${level}] ${message}" | tee -a "$LOG_DIR/setup.log"
+}
+
+check_prerequisites() {
+    log "INFO" "Checking prerequisites..."
+    
+    # Check AITBC CLI
+    if [ ! -f "$AITBC_DIR/aitbc-cli" ]; then
+        log "ERROR" "AITBC CLI not found at $AITBC_DIR/aitbc-cli"
+        return 1
+    fi
+    
+    # Check AITBC node status
+    cd "$AITBC_DIR"
+    local node_status
+    node_status=$(./aitbc-cli blockchain info 2>&1 || echo "node_not_running")
+    if [[ "$node_status" == *"node_not_running"* ]] || [[ "$node_status" == *"error"* ]]; then
+        log "WARN" "AITBC node may not be running on mainnet"
+    else
+        log "INFO" "AITBC node detected: $(echo "$node_status" | head -1)"
+    fi
+    
+    log "SUCCESS" "Prerequisites check completed"
+    return 0
+}
+
+setup_faucet() {
+    log "INFO" "Setting up faucet mechanism..."
+    
+    if [ -f "$SCRIPT_DIR/setup_faucet.sh" ]; then
+        bash "$SCRIPT_DIR/setup_faucet.sh"
+        log "SUCCESS" "Faucet setup completed"
+    else
+        log "WARN" "Faucet setup script not found, skipping"
+    fi
+}
+
+fund_accounts() {
+    log "INFO" "Funding training accounts..."
+    
+    if [ -f "$SCRIPT_DIR/fund_accounts.sh" ]; then
+        bash "$SCRIPT_DIR/fund_accounts.sh"
+        log "SUCCESS" "Account funding completed"
+    else
+        log "WARN" "Account funding script not found, skipping"
+    fi
+}
+
+configure_messaging() {
+    log "INFO" "Configuring messaging authentication..."
+    
+    if [ -f "$SCRIPT_DIR/configure_messaging.sh" ]; then
+        bash "$SCRIPT_DIR/configure_messaging.sh"
+        log "SUCCESS" "Messaging configuration completed"
+    else
+        log "WARN" "Messaging configuration script not found, skipping"
+    fi
+}
+
+verify_environment() {
+    log "INFO" "Verifying training environment..."
+    
+    cd "$AITBC_DIR"
+    
+    # Check wallet list
+    local wallets
+    wallets=$(./aitbc-cli wallet list 2>&1 || echo "error")
+    if [[ "$wallets" != *"error"* ]]; then
+        log "INFO" "Wallets found: $(echo "$wallets" | grep -c "ait1" || echo "0")"
+    fi
+    
+    # Check blockchain status
+    local chain_status
+    chain_status=$(./aitbc-cli blockchain info 2>&1 || echo "error")
+    if [[ "$chain_status" != *"error"* ]]; then
+        log "INFO" "Blockchain status: $(echo "$chain_status" | head -1)"
+    fi
+    
+    log "SUCCESS" "Environment verification completed"
+}
+
+main() {
+    log "INFO" "Starting AITBC training environment setup..."
+    
+    check_prerequisites || exit 1
+    setup_faucet
+    fund_accounts
+    configure_messaging
+    verify_environment
+    
+    log "SUCCESS" "Training environment setup completed"
+    echo ""
+    echo -e "${GREEN}=== Setup Summary ===${NC}"
+    echo "Training environment is ready for agent training"
+    echo "Log file: $LOG_DIR/setup.log"
+    echo ""
+    echo "Next steps:"
+    echo "1. Run Stage 1 training: ./aitbc-cli openclaw-training train agent --agent-id <agent-id> --stage stage1_foundation"
+    echo "2. Verify wallet funding before transaction operations"
+    echo "3. Check messaging authentication before messaging operations"
+}
+
+main "$@"