@agentlayer.tech/wallet 0.1.12 → 0.1.14

package/.openclaw/extensions/agent-wallet/openclaw.plugin.json

@@ -3,6 +3,72 @@
   "name": "Agent Wallet",
   "description": "Official OpenClaw plugin bridge for the agent-wallet backends, including Solana, local BTC, and local EVM.",
   "version": "0.1.0",
+  "contracts": {
+    "tools": [
+      "claim_bags_fees",
+      "close_empty_token_accounts",
+      "continue_solana_private_swap",
+      "get_active_wallet_backend",
+      "get_bags_claimable_positions",
+      "get_bags_fee_analytics",
+      "get_btc_fee_rates",
+      "get_btc_max_spendable",
+      "get_btc_transfer_history",
+      "get_evm_aave_account",
+      "get_evm_aave_positions",
+      "get_evm_aave_reserves",
+      "get_evm_fee_rates",
+      "get_evm_lido_overview",
+      "get_evm_lido_positions",
+      "get_evm_lido_withdrawal_requests",
+      "get_evm_network",
+      "get_evm_swap_quote",
+      "get_evm_token_balance",
+      "get_evm_token_metadata",
+      "get_evm_transaction_receipt",
+      "get_jupiter_earn_earnings",
+      "get_jupiter_earn_positions",
+      "get_jupiter_earn_tokens",
+      "get_kamino_lend_market_reserves",
+      "get_kamino_lend_markets",
+      "get_kamino_lend_user_obligations",
+      "get_kamino_lend_user_rewards",
+      "get_lifi_quote",
+      "get_lifi_supported_chains",
+      "get_lifi_transfer_status",
+      "get_solana_private_swap_status",
+      "get_solana_token_prices",
+      "get_wallet_address",
+      "get_wallet_balance",
+      "get_wallet_capabilities",
+      "get_wallet_portfolio",
+      "jupiter_earn_deposit",
+      "jupiter_earn_withdraw",
+      "kamino_lend_borrow",
+      "kamino_lend_deposit",
+      "kamino_lend_repay",
+      "kamino_lend_withdraw",
+      "launch_bags_token",
+      "list_pending_solana_private_swaps",
+      "manage_evm_aave_position",
+      "manage_evm_lido_position",
+      "manage_evm_lido_withdrawal",
+      "request_devnet_airdrop",
+      "set_evm_network",
+      "set_wallet_backend",
+      "sign_wallet_message",
+      "swap_evm_lifi_cross_chain_tokens",
+      "swap_evm_tokens",
+      "swap_solana_lifi_cross_chain_tokens",
+      "swap_solana_privately",
+      "swap_solana_tokens",
+      "transfer_btc",
+      "transfer_evm_native",
+      "transfer_evm_token",
+      "transfer_sol",
+      "transfer_spl_token"
+    ]
+  },
   "skills": ["skills/wallet-operator"],
   "configSchema": {
     "type": "object",
@@ -171,6 +237,36 @@
           "sensitive": true
         }
       },
+      "houdiniBaseUrl": {
+        "type": "string",
+        "description": "Optional Houdini Partner API base URL for private Solana payouts."
+      },
+      "houdiniApiKey": {
+        "type": "string",
+        "description": "Optional Houdini Partner API key.",
+        "uiHints": {
+          "sensitive": true
+        }
+      },
+      "houdiniApiSecret": {
+        "type": "string",
+        "description": "Optional Houdini Partner API secret.",
+        "uiHints": {
+          "sensitive": true
+        }
+      },
+      "houdiniUserIp": {
+        "type": "string",
+        "description": "Required Houdini compliance header: end-user IP address."
+      },
+      "houdiniUserAgent": {
+        "type": "string",
+        "description": "Required Houdini compliance header: end-user agent string."
+      },
+      "houdiniUserTimezone": {
+        "type": "string",
+        "description": "Required Houdini compliance header: end-user timezone, for example Europe/Moscow."
+      },
       "kaminoBaseUrl": {
         "type": "string",
         "description": "Optional Kamino REST API base URL."

package/.openclaw/extensions/agent-wallet/skills/wallet-operator/SKILL.md

@@ -5,11 +5,13 @@ Use wallet tools only when the user explicitly asks for wallet information, sign
 Safety rules:
 
 - Prefer read-only tools first.
+- When a wallet tool exists for the task, do not fall back to `exec`, `solana`, `spl-token`, `bitcoin-cli`, `curl`, or any shell-based wallet workflow. If the wallet tool fails, report the tool error and stop.
 - Jupiter Portfolio tools are temporarily disabled. Do not suggest or call them until they are re-enabled.
 - Use Jupiter Earn read tools before Jupiter Earn writes when the user needs lending/yield context.
 - Use Kamino market/reserve reads before Kamino writes when the user needs lending context.
 - Use Aave account reads before Aave writes when the user needs EVM lending context.
 - For transfers, native staking, swaps, Aave writes, Jupiter Earn writes, and Kamino writes, use `preview` before `prepare` or `execute`.
+- For `swap_solana_privately`, use `preview` and then `execute` after explicit user approval. Do not use `prepare` for this tool.
 - Use `prepare` only when the user clearly intends to produce an execution plan.
 - Use `execute` only after the host issues an `approval_token` bound to the exact previewed operation.
 - On `mainnet`, require an approval token that includes explicit mainnet confirmation before any execution.

package/.openclaw/extensions/pay-bridge/README.md

@@ -0,0 +1,32 @@
+# pay-bridge
+
+Thin OpenClaw bridge to the locally installed `pay` CLI.
+
+This plugin is intentionally separate from `agent-wallet`:
+
+- `agent-wallet` remains the execution wallet stack for Solana/EVM/BTC
+- `pay-bridge` only discovers and calls paid APIs through `pay`
+- the `pay` wallet stays separate from the AgentLayer wallet runtime
+
+## Exposed tools
+
+- `pay_status`
+- `pay_wallet_info`
+- `pay_search_services`
+- `pay_get_service_endpoints`
+- `pay_api_request`
+
+## Intended workflow
+
+1. `pay_status`
+2. `pay_search_services`
+3. `pay_get_service_endpoints`
+4. `pay_api_request`
+
+`pay_api_request` is deliberately narrow:
+
+- it requires a `service_fqn`, `resource`, and `url`
+- it validates the URL against `pay skills endpoints`
+- it requires `purpose` and `user_confirmed=true`
+
+This keeps the bridge thin and prevents it from becoming a generic arbitrary paid-curl launcher.

package/.openclaw/extensions/pay-bridge/core.mjs

@@ -0,0 +1,287 @@
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+
+const execFileAsync = promisify(execFile);
+const ANSI_RE = /\u001b\[[0-9;]*m/g;
+
+function stripAnsi(text) {
+  return String(text || "").replace(ANSI_RE, "");
+}
+
+function nonEmptyLines(text) {
+  return stripAnsi(text)
+    .split(/\r?\n/)
+    .map((line) => line.trim())
+    .filter(Boolean);
+}
+
+function extractLastJsonValue(text) {
+  const lines = nonEmptyLines(text);
+  for (let i = lines.length - 1; i >= 0; i -= 1) {
+    const candidate = lines[i];
+    if (!candidate.startsWith("{") && !candidate.startsWith("[")) continue;
+    try {
+      return JSON.parse(candidate);
+    } catch {
+      continue;
+    }
+  }
+  return null;
+}
+
+function collectStringLeaves(value, acc = new Set()) {
+  if (typeof value === "string") {
+    acc.add(value);
+    return acc;
+  }
+  if (Array.isArray(value)) {
+    for (const item of value) collectStringLeaves(item, acc);
+    return acc;
+  }
+  if (value && typeof value === "object") {
+    for (const item of Object.values(value)) collectStringLeaves(item, acc);
+  }
+  return acc;
+}
+
+function withAccountArgs(args, account) {
+  if (!account) return args;
+  return [...args, "--account", account];
+}
+
+export function resolvePayBinary(config = {}) {
+  return (
+    config.payBinary ||
+    process.env.OPENCLAW_PAY_BINARY ||
+    "pay"
+  );
+}
+
+export async function runPayCommand(payBinary, args, options = {}) {
+  const { cwd, input = null } = options;
+  let stdout = "";
+  let stderr = "";
+  try {
+    const result = await execFileAsync(payBinary, args, {
+      cwd,
+      env: { ...process.env },
+      input,
+      maxBuffer: 1024 * 1024 * 8,
+    });
+    stdout = result.stdout ?? "";
+    stderr = result.stderr ?? "";
+  } catch (error) {
+    stdout = typeof error?.stdout === "string" ? error.stdout : "";
+    stderr = typeof error?.stderr === "string" ? error.stderr : "";
+    const payload = extractLastJsonValue(stdout) || extractLastJsonValue(stderr);
+    const message =
+      payload?.error?.message ||
+      payload?.message ||
+      stripAnsi(stderr || stdout || error?.message || "pay command failed").trim() ||
+      "pay command failed";
+    const wrapped = new Error(message);
+    wrapped.stdout = stdout;
+    wrapped.stderr = stderr;
+    wrapped.details = payload && typeof payload === "object" ? payload : null;
+    throw wrapped;
+  }
+  return { stdout, stderr };
+}
+
+export function parseWhoamiOutput(stdout) {
+  const lines = nonEmptyLines(stdout);
+  const systemUser = lines[0] || null;
+  const noAccount = lines.some((line) => /no mainnet account/i.test(line));
+  return {
+    system_user: systemUser,
+    has_mainnet_account: !noAccount,
+    raw_lines: lines,
+  };
+}
+
+export function parseAccountListOutput(stdout) {
+  const lines = nonEmptyLines(stdout);
+  const noAccounts = lines.some((line) => /no accounts found/i.test(line));
+  return {
+    has_accounts: !noAccounts,
+    raw_lines: lines,
+  };
+}
+
+export async function getPayStatus(config = {}, options = {}) {
+  const payBinary = resolvePayBinary(config);
+  const versionResult = await runPayCommand(payBinary, ["--version"], options);
+  const whoamiResult = await runPayCommand(
+    payBinary,
+    withAccountArgs(["whoami"], config.defaultAccount),
+    options
+  );
+  const accountListResult = await runPayCommand(payBinary, ["account", "list"], options);
+  return {
+    installed: true,
+    pay_binary: payBinary,
+    version: stripAnsi(versionResult.stdout).trim() || null,
+    account_configured: parseWhoamiOutput(whoamiResult.stdout).has_mainnet_account,
+    has_any_accounts: parseAccountListOutput(accountListResult.stdout).has_accounts,
+    whoami: parseWhoamiOutput(whoamiResult.stdout),
+    accounts: parseAccountListOutput(accountListResult.stdout),
+  };
+}
+
+export async function getPayWalletInfo(config = {}, options = {}) {
+  const payBinary = resolvePayBinary(config);
+  const whoamiResult = await runPayCommand(
+    payBinary,
+    withAccountArgs(["whoami"], config.defaultAccount),
+    options
+  );
+  const accountListResult = await runPayCommand(payBinary, ["account", "list"], options);
+  return {
+    pay_binary: payBinary,
+    default_account: config.defaultAccount || null,
+    whoami: parseWhoamiOutput(whoamiResult.stdout),
+    accounts: parseAccountListOutput(accountListResult.stdout),
+    notes: [
+      "This wallet is managed by pay.sh and is separate from the AgentLayer execution wallet.",
+    ],
+  };
+}
+
+export async function searchPayServices(config = {}, params = {}, options = {}) {
+  const payBinary = resolvePayBinary(config);
+  const args = ["skills", "search"];
+  if (params.query) args.push(String(params.query));
+  if (params.category) args.push("--category", String(params.category));
+  args.push("--json");
+  const { stdout, stderr } = await runPayCommand(
+    payBinary,
+    withAccountArgs(args, params.account || config.defaultAccount),
+    options
+  );
+  const parsed = JSON.parse(stdout.trim() || "{}");
+  return {
+    query: params.query || "",
+    category: params.category || null,
+    results: parsed,
+    warnings: nonEmptyLines(stderr),
+  };
+}
+
+export async function getPayServiceEndpoints(config = {}, params = {}, options = {}) {
+  const payBinary = resolvePayBinary(config);
+  const args = [
+    "skills",
+    "endpoints",
+    String(params.service_fqn),
+    String(params.resource),
+    "--json",
+  ];
+  const { stdout, stderr } = await runPayCommand(
+    payBinary,
+    withAccountArgs(args, params.account || config.defaultAccount),
+    options
+  );
+  const parsed = JSON.parse(stdout.trim() || "{}");
+  return {
+    service_fqn: String(params.service_fqn),
+    resource: String(params.resource),
+    endpoints: parsed,
+    warnings: nonEmptyLines(stderr),
+  };
+}
+
+function ensureHttps(url, requireHttps = true) {
+  if (!requireHttps) return;
+  const parsed = new URL(url);
+  if (parsed.protocol !== "https:") {
+    throw new Error("pay_api_request only allows https URLs.");
+  }
+}
+
+function appendQuery(url, query) {
+  const parsed = new URL(url);
+  if (query && typeof query === "object") {
+    for (const [key, value] of Object.entries(query)) {
+      if (value === undefined || value === null) continue;
+      parsed.searchParams.set(key, String(value));
+    }
+  }
+  return parsed.toString();
+}
+
+export function endpointPayloadContainsUrl(endpointPayload, url) {
+  const strings = collectStringLeaves(endpointPayload);
+  return strings.has(url);
+}
+
+export async function executePayApiRequest(config = {}, params = {}, options = {}) {
+  if (params.user_confirmed !== true) {
+    throw new Error("pay_api_request requires user_confirmed=true.");
+  }
+  if (!params.purpose || !String(params.purpose).trim()) {
+    throw new Error("pay_api_request requires a non-empty purpose.");
+  }
+  if (!params.service_fqn || !params.resource || !params.url) {
+    throw new Error("pay_api_request requires service_fqn, resource, and url.");
+  }
+  if (params.json_body !== undefined && params.text_body !== undefined) {
+    throw new Error("Provide either json_body or text_body, not both.");
+  }
+
+  const endpointData = await getPayServiceEndpoints(config, {
+    account: params.account,
+    resource: params.resource,
+    service_fqn: params.service_fqn,
+  }, options);
+
+  const finalUrl = appendQuery(String(params.url), params.query);
+  ensureHttps(finalUrl, config.requireHttps !== false);
+  if (!endpointPayloadContainsUrl(endpointData.endpoints, String(params.url))) {
+    throw new Error("The requested URL is not present in pay_get_service_endpoints for this service/resource.");
+  }
+
+  const payBinary = resolvePayBinary(config);
+  const method = String(params.method || "GET").toUpperCase();
+  const args = ["curl"];
+  if (params.account || config.defaultAccount) {
+    args.push("--account", String(params.account || config.defaultAccount));
+  }
+  args.push("--request", method);
+
+  const headers = params.headers && typeof params.headers === "object" ? params.headers : {};
+  for (const [key, value] of Object.entries(headers)) {
+    args.push("--header", `${key}: ${String(value)}`);
+  }
+
+  if (params.json_body !== undefined) {
+    const hasContentType = Object.keys(headers).some((key) => key.toLowerCase() === "content-type");
+    if (!hasContentType) {
+      args.push("--header", "content-type: application/json");
+    }
+    args.push("--data", JSON.stringify(params.json_body));
+  } else if (params.text_body !== undefined) {
+    args.push("--data", String(params.text_body));
+  }
+
+  args.push(finalUrl);
+  const { stdout, stderr } = await runPayCommand(payBinary, args, options);
+  const trimmed = stdout.trim();
+  let responseBody = trimmed;
+  if (params.parse_json_response !== false) {
+    try {
+      responseBody = JSON.parse(trimmed);
+    } catch {
+      responseBody = trimmed;
+    }
+  }
+  return {
+    method,
+    purpose: String(params.purpose),
+    request_url: finalUrl,
+    service_fqn: String(params.service_fqn),
+    resource: String(params.resource),
+    response: responseBody,
+    raw_response_text: trimmed,
+    warnings: nonEmptyLines(stderr),
+  };
+}

package/.openclaw/extensions/pay-bridge/index.ts

@@ -0,0 +1,196 @@
+import {
+  executePayApiRequest,
+  getPayServiceEndpoints,
+  getPayStatus,
+  getPayWalletInfo,
+  searchPayServices,
+} from "./core.mjs";
+
+const PLUGIN_ID = "pay-bridge";
+
+function asContent(data) {
+  return {
+    content: [
+      {
+        type: "text",
+        text: JSON.stringify(data, null, 2),
+      },
+    ],
+  };
+}
+
+function resolvePluginConfig(api) {
+  const globalConfig = api?.config ?? {};
+  const pluginEntry = globalConfig?.plugins?.entries?.[PLUGIN_ID];
+  return pluginEntry?.config ?? globalConfig?.config ?? {};
+}
+
+function registerTool(api, definition) {
+  api.registerTool({
+    name: definition.name,
+    description: definition.description,
+    parameters: definition.parameters,
+    returns: {
+      type: "object",
+      additionalProperties: true,
+    },
+    async execute(_id, params = {}) {
+      const config = resolvePluginConfig(api);
+      let result;
+      if (definition.name === "pay_status") {
+        result = await getPayStatus(config, { cwd: process.cwd() });
+      } else if (definition.name === "pay_wallet_info") {
+        result = await getPayWalletInfo(config, { cwd: process.cwd() });
+      } else if (definition.name === "pay_search_services") {
+        result = await searchPayServices(config, params, { cwd: process.cwd() });
+      } else if (definition.name === "pay_get_service_endpoints") {
+        result = await getPayServiceEndpoints(config, params, { cwd: process.cwd() });
+      } else if (definition.name === "pay_api_request") {
+        result = await executePayApiRequest(config, params, { cwd: process.cwd() });
+      } else {
+        throw new Error(`Unsupported pay-bridge tool: ${definition.name}`);
+      }
+      return asContent(result);
+    },
+  });
+}
+
+const toolDefinitions = [
+  {
+    name: "pay_status",
+    description:
+      "Check whether the local pay.sh CLI is installed and whether a pay wallet/account is configured. Use this before any paid API workflow.",
+    parameters: {
+      type: "object",
+      properties: {},
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "pay_wallet_info",
+    description:
+      "Show pay wallet/account status. This wallet is separate from the AgentLayer execution wallet and is only for pay.sh API payments.",
+    parameters: {
+      type: "object",
+      properties: {},
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "pay_search_services",
+    description:
+      "Search the pay.sh skills catalog for paid APIs. Prefer this instead of guessing URLs manually.",
+    parameters: {
+      type: "object",
+      properties: {
+        query: {
+          type: "string",
+          description: "Search text for service names, descriptions, or endpoint paths.",
+        },
+        category: {
+          type: "string",
+          description: "Optional category filter such as ai_ml, maps, data, compute, search, crypto_finance.",
+        },
+        account: {
+          type: "string",
+          description: "Optional pay account override.",
+        },
+      },
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "pay_get_service_endpoints",
+    description:
+      "List the discoverable endpoints for a pay.sh service/resource pair and return their gateway URLs. Use the returned URL with pay_api_request.",
+    parameters: {
+      type: "object",
+      properties: {
+        service_fqn: {
+          type: "string",
+          description: "Fully qualified pay service name, for example solana-foundation/google/language.",
+        },
+        resource: {
+          type: "string",
+          description: "Resource name inside the service, for example entities or jobs.",
+        },
+        account: {
+          type: "string",
+          description: "Optional pay account override.",
+        },
+      },
+      required: ["service_fqn", "resource"],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: "pay_api_request",
+    description:
+      "Call a paid API through the local pay.sh CLI using a URL returned by pay_get_service_endpoints. Requires explicit user_confirmed=true and keeps the pay wallet separate from AgentLayer execution wallets.",
+    optional: true,
+    parameters: {
+      type: "object",
+      properties: {
+        service_fqn: {
+          type: "string",
+          description: "Fully qualified pay service name used to validate the request URL.",
+        },
+        resource: {
+          type: "string",
+          description: "Resource name used to validate the request URL.",
+        },
+        url: {
+          type: "string",
+          description: "Exact HTTPS gateway URL returned by pay_get_service_endpoints.",
+        },
+        method: {
+          type: "string",
+          description: "HTTP method such as GET or POST.",
+        },
+        headers: {
+          type: "object",
+          additionalProperties: { type: "string" },
+          description: "Optional HTTP headers.",
+        },
+        query: {
+          type: "object",
+          additionalProperties: true,
+          description: "Optional query parameters to append to the URL.",
+        },
+        json_body: {
+          description: "Optional JSON request body.",
+        },
+        text_body: {
+          type: "string",
+          description: "Optional raw text request body. Do not provide with json_body.",
+        },
+        account: {
+          type: "string",
+          description: "Optional pay account override.",
+        },
+        parse_json_response: {
+          type: "boolean",
+          description: "If true, attempt to parse the response body as JSON.",
+        },
+        purpose: {
+          type: "string",
+          description: "Short user-facing reason for this paid API call.",
+        },
+        user_confirmed: {
+          type: "boolean",
+          description: "Must be true for paid API requests.",
+        },
+      },
+      required: ["service_fqn", "resource", "url", "method", "purpose", "user_confirmed"],
+      additionalProperties: false,
+    },
+  },
+];
+
+export default function registerPayBridgePlugin(api) {
+  api?.logger?.info?.("[pay-bridge] registering pay.sh OpenClaw plugin");
+  for (const definition of toolDefinitions) {
+    registerTool(api, definition);
+  }
+  api?.logger?.info?.(`[pay-bridge] registered ${toolDefinitions.length} pay tools`);
+}

package/.openclaw/extensions/pay-bridge/openclaw.plugin.json

@@ -0,0 +1,34 @@
+{
+  "id": "pay-bridge",
+  "name": "pay.sh Bridge",
+  "description": "Thin OpenClaw bridge to the local pay.sh CLI for paid API discovery and execution.",
+  "version": "0.1.0",
+  "contracts": {
+    "tools": [
+      "pay_status",
+      "pay_wallet_info",
+      "pay_search_services",
+      "pay_get_service_endpoints",
+      "pay_api_request"
+    ]
+  },
+  "skills": ["skills/pay-operator"],
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "payBinary": {
+        "type": "string",
+        "description": "Absolute path or executable name for the local pay.sh binary."
+      },
+      "defaultAccount": {
+        "type": "string",
+        "description": "Optional pay account name to use when a tool call does not specify one."
+      },
+      "requireHttps": {
+        "type": "boolean",
+        "description": "If true, pay_api_request refuses non-HTTPS URLs."
+      }
+    }
+  }
+}

package/.openclaw/extensions/pay-bridge/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "pay-bridge",
+  "version": "0.1.0",
+  "private": true,
+  "type": "module",
+  "openclaw": {
+    "extensions": [
+      "./index.ts"
+    ]
+  }
+}