@agentlayer.tech/wallet 0.1.0

package/agent-wallet/scripts/install_openclaw_local_config.py

@@ -0,0 +1,226 @@
+"""Patch an OpenClaw config file for the agent-wallet plugin."""
+
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import sys
+from datetime import datetime, timezone
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).resolve().parents[1]))
+
+from agent_wallet.file_ops import atomic_write_text, chmod_if_exists
+from agent_wallet.sealed_keys import resolve_sealed_keys_path, seal_keys, unseal_keys
+from security_utils import write_redacted_backup
+
+OPTIONAL_TOOLS = [
+    "sign_wallet_message",
+    "transfer_sol",
+    "transfer_btc",
+    "transfer_spl_token",
+    "swap_solana_tokens",
+    "close_empty_token_accounts",
+    "request_devnet_airdrop",
+]
+
+
+def _default_config_path() -> Path:
+    return Path(os.path.expanduser("~/.openclaw/openclaw.json"))
+
+
+def _repo_root() -> Path:
+    return Path(__file__).resolve().parents[2]
+
+
+def _default_extension_path() -> Path:
+    return _repo_root() / ".openclaw" / "extensions" / "agent-wallet"
+
+
+def _default_package_root() -> Path:
+    return Path(__file__).resolve().parents[1]
+
+
+def _default_python_bin() -> str:
+    return os.getenv("OPENCLAW_AGENT_WALLET_PYTHON", sys.executable)
+
+
+def _default_user_id() -> str:
+    return f"{os.getenv('USER', 'openclaw-user')}-local"
+
+
+def _normalize_network(backend: str, network: str) -> str:
+    backend_name = backend.strip().lower()
+    normalized = network.strip().lower()
+    if backend_name in {"wdk_btc_local", "wdk-btc-local", "btc_local", "btc-local"}:
+        if normalized == "mainnet":
+            return "bitcoin"
+        return normalized or "bitcoin"
+    return normalized or "devnet"
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(description=__doc__)
+    parser.add_argument("--config-path", default=str(_default_config_path()))
+    parser.add_argument("--plugin-id", default="agent-wallet")
+    parser.add_argument("--user-id", default=_default_user_id())
+    parser.add_argument("--backend", default="solana_local")
+    parser.add_argument("--network", default="devnet")
+    parser.add_argument("--rpc-url", default="")
+    parser.add_argument("--rpc-urls", default="")
+    parser.add_argument("--wdk-btc-service-url", default="")
+    parser.add_argument("--wdk-btc-wallet-id", default="")
+    parser.add_argument("--wdk-btc-account-index", type=int, default=0)
+    parser.add_argument("--sign-only", action=argparse.BooleanOptionalAction, default=False)
+    parser.add_argument("--encrypt-user-wallets", action=argparse.BooleanOptionalAction, default=True)
+    parser.add_argument(
+        "--migrate-plaintext-user-wallets",
+        action=argparse.BooleanOptionalAction,
+        default=True,
+    )
+    parser.add_argument("--extension-path", default=str(_default_extension_path()))
+    parser.add_argument("--package-root", default=str(_default_package_root()))
+    parser.add_argument("--python-bin", default=_default_python_bin())
+    parser.add_argument("--write-master-key", action=argparse.BooleanOptionalAction, default=False)
+    return parser
+
+
+def _collect_sealed_secret_updates() -> dict[str, str]:
+    updates: dict[str, str] = {}
+    master_key = os.getenv("AGENT_WALLET_MASTER_KEY", "").strip()
+    approval_secret = os.getenv("AGENT_WALLET_APPROVAL_SECRET", "").strip()
+    private_key = os.getenv("SOLANA_AGENT_PRIVATE_KEY", "").strip()
+    if master_key:
+        updates["master_key"] = master_key
+    if approval_secret:
+        updates["approval_secret"] = approval_secret
+    if private_key:
+        updates["private_key"] = private_key
+    return updates
+
+
+def _maybe_install_sealed_keys() -> str | None:
+    boot_key = os.getenv("AGENT_WALLET_BOOT_KEY", "").strip()
+    if not boot_key:
+        return None
+    updates = _collect_sealed_secret_updates()
+    if not updates:
+        return None
+    sealed_path = resolve_sealed_keys_path()
+    existing = unseal_keys(boot_key) if sealed_path.exists() else {}
+    return str(seal_keys(boot_key, {**existing, **updates}))
+
+
+def _require_hardened_runtime_secrets(backend: str) -> str | None:
+    if backend.strip().lower() in {"", "none"}:
+        return None
+
+    boot_key = os.getenv("AGENT_WALLET_BOOT_KEY", "").strip()
+    if not boot_key:
+        raise SystemExit(
+            "AGENT_WALLET_BOOT_KEY is required. Runtime secrets must be loaded from sealed_keys.json."
+        )
+
+    sealed_path = resolve_sealed_keys_path()
+    if not sealed_path.exists():
+        raise SystemExit(
+            "sealed_keys.json was not created. Provide AGENT_WALLET_MASTER_KEY and "
+            "AGENT_WALLET_APPROVAL_SECRET during install so the installer can seal them."
+        )
+
+    secrets = unseal_keys(boot_key)
+    missing = [name for name in ("master_key", "approval_secret") if not str(secrets.get(name) or "").strip()]
+    if missing:
+        raise SystemExit(
+            "sealed_keys.json is missing required runtime secrets: "
+            + ", ".join(missing)
+            + "."
+        )
+    return str(sealed_path)
+
+
+def main() -> None:
+    args = build_parser().parse_args()
+    config_path = Path(args.config_path).expanduser()
+    data = json.loads(config_path.read_text(encoding="utf-8"))
+
+    backup_path = config_path.with_name(
+        f"{config_path.name}.bak.agent-wallet.{datetime.now(timezone.utc).strftime('%Y%m%dT%H%M%SZ')}"
+    )
+    write_redacted_backup(backup_path, data)
+
+    plugins = data.setdefault("plugins", {})
+    plugins["enabled"] = True
+
+    load = plugins.setdefault("load", {})
+    paths = load.setdefault("paths", [])
+    extension_path_text = str(Path(args.extension_path).expanduser().resolve())
+    if extension_path_text not in paths:
+        paths.append(extension_path_text)
+
+    entries = plugins.setdefault("entries", {})
+    effective_network = _normalize_network(args.backend, args.network)
+    plugin_config = {
+        "userId": args.user_id,
+        "backend": args.backend,
+        "network": effective_network,
+        "signOnly": args.sign_only,
+        "encryptUserWallets": args.encrypt_user_wallets,
+        "migratePlaintextUserWallets": args.migrate_plaintext_user_wallets,
+        "packageRoot": str(Path(args.package_root).expanduser().resolve()),
+        "pythonBin": args.python_bin,
+    }
+    if args.rpc_url.strip():
+        plugin_config["rpcUrl"] = args.rpc_url.strip()
+    if args.rpc_urls.strip():
+        plugin_config["rpcUrls"] = [
+            item.strip() for item in args.rpc_urls.split(",") if item.strip()
+        ]
+    if args.wdk_btc_service_url.strip():
+        plugin_config["wdkBtcServiceUrl"] = args.wdk_btc_service_url.strip()
+    if args.wdk_btc_wallet_id.strip():
+        plugin_config["wdkBtcWalletId"] = args.wdk_btc_wallet_id.strip()
+    if args.wdk_btc_account_index is not None:
+        plugin_config["wdkBtcAccountIndex"] = int(args.wdk_btc_account_index)
+    if args.write_master_key:
+        raise SystemExit(
+            "Refusing to write masterKey into config. Runtime secrets must live in sealed_keys.json."
+        )
+
+    entries[args.plugin_id] = {
+        "enabled": True,
+        "config": plugin_config,
+    }
+
+    tools = data.setdefault("tools", {})
+    also_allow = tools.setdefault("alsoAllow", [])
+    for tool_name in OPTIONAL_TOOLS:
+        if tool_name not in also_allow:
+            also_allow.append(tool_name)
+
+    atomic_write_text(config_path, json.dumps(data, indent=2) + "\n", mode=0o600)
+    chmod_if_exists(config_path, 0o600)
+    _maybe_install_sealed_keys()
+    sealed_keys_path = _require_hardened_runtime_secrets(args.backend)
+
+    print(
+        json.dumps(
+            {
+                "ok": True,
+                "config_path": str(config_path),
+                "backup_path": str(backup_path),
+                "extension_path": extension_path_text,
+                "python_bin": args.python_bin,
+                "package_root": plugin_config["packageRoot"],
+                "plugin_id": args.plugin_id,
+                "user_id": args.user_id,
+                "sealed_keys_path": sealed_keys_path,
+            },
+            indent=2,
+        )
+    )
+
+
+if __name__ == "__main__":
+    main()

package/agent-wallet/scripts/install_openclaw_sealed_keys.py

@@ -0,0 +1,105 @@
+"""Create or update the encrypted sealed_keys.json secret bundle."""
+
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import sys
+from pathlib import Path
+
+sys.path.insert(0, str(Path(__file__).resolve().parents[1]))
+
+from agent_wallet.sealed_keys import resolve_sealed_keys_path, seal_keys, unseal_keys
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(description=__doc__)
+    parser.add_argument(
+        "--replace",
+        action=argparse.BooleanOptionalAction,
+        default=False,
+        help="Replace the sealed bundle instead of merging with existing entries.",
+    )
+    parser.add_argument(
+        "--boot-key",
+        default="",
+        help="Deprecated insecure path. Use AGENT_WALLET_BOOT_KEY env instead.",
+    )
+    parser.add_argument(
+        "--master-key",
+        default="",
+        help="Deprecated insecure path. Use AGENT_WALLET_MASTER_KEY env instead.",
+    )
+    parser.add_argument(
+        "--approval-secret",
+        default="",
+        help="Deprecated insecure path. Use AGENT_WALLET_APPROVAL_SECRET env instead.",
+    )
+    parser.add_argument(
+        "--private-key",
+        default="",
+        help="Deprecated insecure path. Use SOLANA_AGENT_PRIVATE_KEY env instead.",
+    )
+    return parser
+
+
+def _collect_secret_updates() -> dict[str, str]:
+    updates: dict[str, str] = {}
+    master_key = os.getenv("AGENT_WALLET_MASTER_KEY", "").strip()
+    approval_secret = os.getenv("AGENT_WALLET_APPROVAL_SECRET", "").strip()
+    private_key = os.getenv("SOLANA_AGENT_PRIVATE_KEY", "").strip()
+    if master_key:
+        updates["master_key"] = master_key
+    if approval_secret:
+        updates["approval_secret"] = approval_secret
+    if private_key:
+        updates["private_key"] = private_key
+    return updates
+
+
+def main() -> None:
+    args = build_parser().parse_args()
+    if (
+        args.boot_key.strip()
+        or args.master_key.strip()
+        or args.approval_secret.strip()
+        or args.private_key.strip()
+    ):
+        raise SystemExit(
+            "Passing secrets via command-line arguments is insecure. "
+            "Use AGENT_WALLET_BOOT_KEY / AGENT_WALLET_MASTER_KEY / "
+            "AGENT_WALLET_APPROVAL_SECRET / SOLANA_AGENT_PRIVATE_KEY environment variables instead."
+        )
+
+    boot_key = os.getenv("AGENT_WALLET_BOOT_KEY", "").strip()
+    if not boot_key:
+        raise SystemExit("AGENT_WALLET_BOOT_KEY is required.")
+
+    updates = _collect_secret_updates()
+    sealed_path = resolve_sealed_keys_path()
+    existing = unseal_keys(boot_key) if sealed_path.exists() and not args.replace else {}
+    secrets = {**existing, **updates}
+    if not secrets:
+        raise SystemExit(
+            "No secrets provided. Set AGENT_WALLET_MASTER_KEY, AGENT_WALLET_APPROVAL_SECRET, "
+            "and/or SOLANA_AGENT_PRIVATE_KEY in the environment."
+        )
+
+    path = seal_keys(boot_key, secrets)
+    print(
+        json.dumps(
+            {
+                "ok": True,
+                "path": str(path),
+                "stored_keys": sorted(secrets.keys()),
+                "updated_keys": sorted(updates.keys()),
+                "replaced": bool(args.replace),
+            },
+            indent=2,
+        )
+    )
+
+
+if __name__ == "__main__":
+    main()

package/agent-wallet/scripts/manage_openclaw_btc_wallet.py

@@ -0,0 +1,244 @@
+#!/usr/bin/env python3
+"""Host-side helper for managing a local OpenClaw BTC wallet binding."""
+
+from __future__ import annotations
+
+import argparse
+import json
+import sys
+from getpass import getpass
+from pathlib import Path
+
+PACKAGE_ROOT = Path(__file__).resolve().parents[1]
+if str(PACKAGE_ROOT) not in sys.path:
+    sys.path.insert(0, str(PACKAGE_ROOT))
+
+from agent_wallet.btc_user_wallets import (  # noqa: E402
+    create_user_btc_wallet,
+    get_user_btc_wallet_binding,
+    import_user_btc_wallet,
+    lock_user_btc_wallet,
+    reveal_user_btc_wallet_seed_phrase,
+    unlock_user_btc_wallet,
+)
+
+
+def _normalize_network(value: str) -> str:
+    network = str(value or "").strip().lower()
+    if network == "mainnet":
+        return "bitcoin"
+    return network or "bitcoin"
+
+
+def _read_secret(
+    *,
+    prompt: str,
+    confirm_prompt: str | None = None,
+    stdin_mode: bool = False,
+) -> str:
+    if stdin_mode:
+        value = sys.stdin.read().strip()
+        if not value:
+            raise SystemExit(f"{prompt.rstrip(':')} is required on stdin.")
+        return value
+    value = getpass(prompt)
+    if confirm_prompt is not None:
+        confirmed = getpass(confirm_prompt)
+        if value != confirmed:
+            raise SystemExit("Secrets did not match.")
+    if not value.strip():
+        raise SystemExit(f"{prompt.rstrip(':')} is required.")
+    return value.strip()
+
+
+def _read_password_and_seed_from_stdin() -> tuple[str, str]:
+    raw = sys.stdin.read().strip()
+    if not raw:
+        raise SystemExit("Password and seed phrase payload is required on stdin.")
+    lines = raw.splitlines()
+    if len(lines) < 2:
+        raise SystemExit(
+            "For import via stdin, provide password on the first line and the seed phrase on the remaining lines."
+        )
+    password = lines[0].strip()
+    seed_phrase = " ".join(line.strip() for line in lines[1:] if line.strip())
+    if not password or not seed_phrase:
+        raise SystemExit("Both password and seed phrase are required.")
+    return password, seed_phrase
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(description="Manage a local OpenClaw BTC wallet binding")
+    subparsers = parser.add_subparsers(dest="command", required=True)
+
+    common_parent = argparse.ArgumentParser(add_help=False)
+    common_parent.add_argument("--user-id", required=True)
+    common_parent.add_argument("--network", default="bitcoin")
+    common_parent.add_argument("--service-url")
+
+    get_parser = subparsers.add_parser("get", parents=[common_parent])
+
+    setup_parser = subparsers.add_parser("setup", parents=[common_parent])
+    setup_parser.add_argument("--label")
+    setup_parser.add_argument("--account-index", type=int)
+    setup_parser.add_argument("--reveal-seed", action="store_true")
+    setup_parser.add_argument("--password-stdin", action="store_true")
+
+    create_parser = subparsers.add_parser("create", parents=[common_parent])
+    create_parser.add_argument("--label")
+    create_parser.add_argument("--account-index", type=int)
+    create_parser.add_argument("--reveal-seed", action="store_true")
+    create_parser.add_argument("--password-stdin", action="store_true")
+
+    import_parser = subparsers.add_parser("import", parents=[common_parent])
+    import_parser.add_argument("--label")
+    import_parser.add_argument("--account-index", type=int)
+    import_parser.add_argument("--password-stdin", action="store_true")
+    import_parser.add_argument("--seed-stdin", action="store_true")
+
+    unlock_parser = subparsers.add_parser("unlock", parents=[common_parent])
+    unlock_parser.add_argument("--password-stdin", action="store_true")
+
+    reveal_parser = subparsers.add_parser("reveal-seed", parents=[common_parent])
+    reveal_parser.add_argument("--password-stdin", action="store_true")
+
+    lock_parser = subparsers.add_parser("lock", parents=[common_parent])
+
+    args = parser.parse_args()
+    effective_network = _normalize_network(args.network)
+
+    def _config_hint(wallet: dict[str, object]) -> dict[str, object]:
+        return {
+            "backend": "wdk_btc_local",
+            "network": effective_network,
+            "wdkBtcServiceUrl": args.service_url,
+            "wdkBtcWalletId": wallet.get("wallet_id"),
+            "wdkBtcAccountIndex": wallet.get("account_index"),
+        }
+
+    if args.command == "get":
+        payload = {"ok": True, "wallet": get_user_btc_wallet_binding(args.user_id, network=effective_network)}
+    elif args.command == "setup":
+        password = _read_secret(
+            prompt="BTC wallet password: ",
+            confirm_prompt=None,
+            stdin_mode=bool(args.password_stdin),
+        )
+        try:
+            existing = get_user_btc_wallet_binding(args.user_id, network=effective_network)
+        except Exception:
+            existing = None
+
+        if existing is None:
+            wallet = create_user_btc_wallet(
+                args.user_id,
+                password=password,
+                label=args.label,
+                network=effective_network,
+                service_url=args.service_url,
+                reveal_seed_phrase=bool(args.reveal_seed),
+                account_index=args.account_index,
+            )
+            payload = {
+                "ok": True,
+                "action": "created",
+                "wallet": wallet,
+                "openclaw_config_hint": _config_hint(wallet),
+            }
+        else:
+            wallet = unlock_user_btc_wallet(
+                args.user_id,
+                password=password,
+                network=effective_network,
+                service_url=args.service_url,
+            )
+            payload = {
+                "ok": True,
+                "action": "unlocked",
+                "wallet": wallet,
+                "openclaw_config_hint": _config_hint(wallet),
+            }
+    elif args.command == "create":
+        payload = {
+            "ok": True,
+            "wallet": create_user_btc_wallet(
+                args.user_id,
+                password=_read_secret(
+                    prompt="BTC wallet password: ",
+                    confirm_prompt="Confirm BTC wallet password: ",
+                    stdin_mode=bool(args.password_stdin),
+                ),
+                label=args.label,
+                network=effective_network,
+                service_url=args.service_url,
+                reveal_seed_phrase=bool(args.reveal_seed),
+                account_index=args.account_index,
+            ),
+        }
+    elif args.command == "import":
+        if args.password_stdin and args.seed_stdin:
+            password, seed_phrase = _read_password_and_seed_from_stdin()
+        else:
+            password = _read_secret(
+                prompt="BTC wallet password: ",
+                confirm_prompt="Confirm BTC wallet password: ",
+                stdin_mode=bool(args.password_stdin),
+            )
+            seed_phrase = _read_secret(
+                prompt="BTC seed phrase: ",
+                stdin_mode=bool(args.seed_stdin),
+            )
+        payload = {
+            "ok": True,
+            "wallet": import_user_btc_wallet(
+                args.user_id,
+                password=password,
+                seed_phrase=seed_phrase,
+                label=args.label,
+                network=effective_network,
+                service_url=args.service_url,
+                account_index=args.account_index,
+            ),
+        }
+    elif args.command == "unlock":
+        payload = {
+            "ok": True,
+            "wallet": unlock_user_btc_wallet(
+                args.user_id,
+                password=_read_secret(
+                    prompt="BTC wallet password: ",
+                    stdin_mode=bool(args.password_stdin),
+                ),
+                network=effective_network,
+                service_url=args.service_url,
+            ),
+        }
+    elif args.command == "reveal-seed":
+        payload = {
+            "ok": True,
+            "wallet": reveal_user_btc_wallet_seed_phrase(
+                args.user_id,
+                password=_read_secret(
+                    prompt="BTC wallet password: ",
+                    stdin_mode=bool(args.password_stdin),
+                ),
+                network=effective_network,
+                service_url=args.service_url,
+            ),
+        }
+    else:
+        payload = {
+            "ok": True,
+            "wallet": lock_user_btc_wallet(
+                args.user_id,
+                network=effective_network,
+                service_url=args.service_url,
+            ),
+        }
+
+    print(json.dumps(payload))
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

package/agent-wallet/scripts/reveal_btc_seed.sh

@@ -0,0 +1,130 @@
+#!/bin/sh
+set -eu
+
+SCRIPT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
+PACKAGE_ROOT=$(CDPATH= cd -- "$SCRIPT_DIR/.." && pwd)
+
+resolve_python_bin() {
+  if [ -n "${OPENCLAW_AGENT_WALLET_PYTHON:-}" ] && [ -x "${OPENCLAW_AGENT_WALLET_PYTHON}" ]; then
+    printf "%s" "${OPENCLAW_AGENT_WALLET_PYTHON}"
+    return 0
+  fi
+
+  if [ -x "/tmp/agent-wallet-venv/bin/python" ]; then
+    printf "%s" "/tmp/agent-wallet-venv/bin/python"
+    return 0
+  fi
+
+  if [ -x "$PACKAGE_ROOT/.venv/bin/python" ]; then
+    printf "%s" "$PACKAGE_ROOT/.venv/bin/python"
+    return 0
+  fi
+
+  if command -v python3 >/dev/null 2>&1; then
+    command -v python3
+    return 0
+  fi
+
+  command -v python
+}
+
+PYTHON_BIN=$(resolve_python_bin)
+export OPENCLAW_AGENT_WALLET_PYTHON="$PYTHON_BIN"
+
+has_flag() {
+  flag=$1
+  shift
+  for arg in "$@"; do
+    case "$arg" in
+      "$flag"|"$flag"=*)
+        return 0
+        ;;
+    esac
+  done
+  return 1
+}
+
+prompt_with_default() {
+  label=$1
+  default_value=$2
+  if [ -t 0 ]; then
+    printf "%s [%s]: " "$label" "$default_value" >&2
+    read -r value
+    if [ -z "${value:-}" ]; then
+      printf "%s" "$default_value"
+    else
+      printf "%s" "$value"
+    fi
+    return 0
+  fi
+  printf "%s" "$default_value"
+}
+
+normalize_network_value() {
+  case $(printf "%s" "$1" | tr '[:upper:]' '[:lower:]') in
+    1|mainnet|bitcoin)
+      printf "mainnet"
+      ;;
+    2|testnet)
+      printf "testnet"
+      ;;
+    3|regtest)
+      printf "regtest"
+      ;;
+    *)
+      return 1
+      ;;
+  esac
+}
+
+prompt_network_choice() {
+  default_value=$1
+  if ! [ -t 0 ]; then
+    printf "%s" "$default_value"
+    return 0
+  fi
+
+  case "$default_value" in
+    mainnet|bitcoin) default_hint="1" ;;
+    testnet) default_hint="2" ;;
+    regtest) default_hint="3" ;;
+    *) default_hint="1" ;;
+  esac
+
+  while true; do
+    printf "BTC network:\n" >&2
+    printf "  1) mainnet\n" >&2
+    printf "  2) testnet\n" >&2
+    printf "  3) regtest\n" >&2
+    printf "Choose network [%s]: " "$default_hint" >&2
+    read -r choice
+    if [ -z "${choice:-}" ]; then
+      choice=$default_hint
+    fi
+    if network=$(normalize_network_value "$choice"); then
+      printf "%s" "$network"
+      return 0
+    fi
+    printf "Invalid choice. Enter 1, 2, 3, mainnet, testnet, or regtest.\n" >&2
+  done
+}
+
+DEFAULT_USER_ID=${OPENCLAW_BTC_USER_ID:-${USER:-openclaw-user}-local}
+DEFAULT_NETWORK=${OPENCLAW_BTC_NETWORK:-mainnet}
+DEFAULT_SERVICE_URL=${OPENCLAW_BTC_SERVICE_URL:-http://127.0.0.1:8080}
+
+if ! has_flag --user-id "$@"; then
+  USER_ID=$(prompt_with_default "OpenClaw user id" "$DEFAULT_USER_ID")
+  set -- "$@" --user-id "$USER_ID"
+fi
+
+if ! has_flag --network "$@"; then
+  NETWORK=$(prompt_network_choice "$DEFAULT_NETWORK")
+  set -- "$@" --network "$NETWORK"
+fi
+
+if ! has_flag --service-url "$@"; then
+  set -- "$@" --service-url "$DEFAULT_SERVICE_URL"
+fi
+
+exec "$PYTHON_BIN" "$SCRIPT_DIR/manage_openclaw_btc_wallet.py" reveal-seed "$@"