@agentlayer.tech/wallet 0.1.12 → 0.1.14

package/agent-wallet/agent_wallet/transaction_policy.py

@@ -2,6 +2,7 @@
 
 from __future__ import annotations
 
+import struct
 from typing import Any
 
 from agent_wallet.wallet_layer.base import WalletBackendError
@@ -88,6 +89,32 @@ def _program_ids(message: Any, loaded_addresses: list[str] | None = None) -> lis
     return values
 
 
+def _instruction_account_keys(
+    message: Any,
+    instruction: Any,
+    *,
+    loaded_addresses: list[str] | None = None,
+) -> list[str]:
+    keys = _account_keys(message, loaded_addresses)
+    values: list[str] = []
+    for raw_index in list(getattr(instruction, "accounts", []) or []):
+        index = int(raw_index)
+        if index < 0 or index >= len(keys):
+            raise WalletBackendError("Provider transaction contains an invalid account index.")
+        values.append(keys[index])
+    return values
+
+
+def _instruction_data_bytes(instruction: Any) -> bytes:
+    raw = getattr(instruction, "data", b"")
+    if isinstance(raw, bytes):
+        return raw
+    try:
+        return bytes(raw)
+    except Exception as exc:  # pragma: no cover - defensive bridge for solders internals
+        raise WalletBackendError("Provider transaction instruction data could not be decoded.") from exc
+
+
 def _assert_program_allowlist(
     program_ids: list[str],
     *,
@@ -379,6 +406,230 @@ def verify_provider_swap_simulation_result(
     }
 
 
+def verify_provider_houdini_transaction(
+    message: Any,
+    *,
+    wallet_address: str,
+    deposit_address: str,
+    amount_raw: int,
+    is_native_input: bool,
+    token_mint: str | None = None,
+    loaded_addresses: list[str] | None = None,
+) -> dict[str, Any]:
+    binding = _assert_basic_wallet_binding(
+        message,
+        wallet_address=wallet_address,
+        loaded_addresses=loaded_addresses,
+    )
+    keys = binding["account_keys"]
+    program_ids = _program_ids(message, loaded_addresses)
+    unknown_program_ids = _assert_program_allowlist(
+        program_ids,
+        allowed_programs=CORE_PROGRAM_IDS,
+        label="Houdini private swap funding",
+        reject_unknown=False,
+    )
+
+    matched_native_lamports = 0
+    matched_token_amount = 0
+    parsed_transfers: list[dict[str, Any]] = []
+
+    for instruction in _compiled_instructions(message):
+        instruction_accounts = _instruction_account_keys(
+            message,
+            instruction,
+            loaded_addresses=loaded_addresses,
+        )
+        data = _instruction_data_bytes(instruction)
+        program_id_index = int(getattr(instruction, "program_id_index", -1))
+        if program_id_index < 0 or program_id_index >= len(keys):
+            raise WalletBackendError("Provider transaction contains an invalid program id index.")
+        program_id = _account_keys(message, loaded_addresses)[program_id_index]
+
+        if (
+            is_native_input
+            and program_id == SYSTEM_PROGRAM_ID
+            and len(data) >= 12
+            and len(instruction_accounts) >= 2
+        ):
+            instruction_type = struct.unpack_from("<I", data, 0)[0]
+            if instruction_type == 2:
+                lamports = struct.unpack_from("<Q", data, 4)[0]
+                recipient = instruction_accounts[1]
+                parsed_transfers.append(
+                    {
+                        "program_id": program_id,
+                        "recipient": recipient,
+                        "amount_raw": str(lamports),
+                        "kind": "system-transfer",
+                    }
+                )
+                if recipient == deposit_address:
+                    matched_native_lamports += lamports
+            continue
+
+        if program_id not in {TOKEN_PROGRAM_ID, TOKEN_2022_PROGRAM_ID} or len(instruction_accounts) < 2:
+            continue
+
+        if not data:
+            continue
+        instruction_tag = data[0]
+        if instruction_tag == 3 and len(data) >= 9 and len(instruction_accounts) >= 2:
+            token_amount = struct.unpack_from("<Q", data, 1)[0]
+            recipient = instruction_accounts[1]
+            parsed_transfers.append(
+                {
+                    "program_id": program_id,
+                    "recipient": recipient,
+                    "amount_raw": str(token_amount),
+                    "kind": "spl-transfer",
+                    "mint": None,
+                }
+            )
+            if not is_native_input and recipient == deposit_address:
+                matched_token_amount += token_amount
+            continue
+
+        if instruction_tag == 12 and len(data) >= 10 and len(instruction_accounts) >= 3:
+            token_amount = struct.unpack_from("<Q", data, 1)[0]
+            mint = instruction_accounts[1]
+            recipient = instruction_accounts[2]
+            parsed_transfers.append(
+                {
+                    "program_id": program_id,
+                    "recipient": recipient,
+                    "amount_raw": str(token_amount),
+                    "kind": "spl-transfer-checked",
+                    "mint": mint,
+                }
+            )
+            if (
+                not is_native_input
+                and recipient == deposit_address
+                and (token_mint is None or mint == token_mint)
+            ):
+                matched_token_amount += token_amount
+
+    if is_native_input:
+        if matched_native_lamports != amount_raw:
+            raise WalletBackendError(
+                "Houdini funding transaction does not transfer the approved native SOL amount to the expected deposit address."
+            )
+    else:
+        if matched_token_amount != amount_raw:
+            raise WalletBackendError(
+                "Houdini funding transaction does not transfer the approved SPL token amount to the expected deposit address."
+            )
+
+    return {
+        "wallet_address": wallet_address,
+        "fee_payer": binding["fee_payer"],
+        "required_signer_keys": binding["required_signer_keys"],
+        "required_signature_count": binding["required_signature_count"],
+        "wallet_signer_index": binding["wallet_signer_index"],
+        "sponsored_fee_payer": binding["sponsored_fee_payer"],
+        "program_ids": program_ids,
+        "unknown_program_ids": unknown_program_ids,
+        "non_core_program_ids": [pid for pid in program_ids if pid not in CORE_PROGRAM_IDS],
+        "account_key_count": len(keys),
+        "instruction_count": len(_compiled_instructions(message)),
+        "deposit_address": deposit_address,
+        "amount_raw": str(amount_raw),
+        "is_native_input": is_native_input,
+        "token_mint": token_mint,
+        "parsed_transfers": parsed_transfers,
+        "verified": True,
+    }
+
+
+def verify_provider_houdini_simulation_result(
+    simulation_value: dict[str, Any],
+    *,
+    wallet_address: str,
+    wallet_account_index: int | None,
+    is_native_input: bool,
+    token_mint: str | None,
+    amount_raw: int,
+    native_sol_extra_spend_allowance_lamports: int = (
+        DEFAULT_NATIVE_SOL_EXTRA_SPEND_ALLOWANCE_LAMPORTS
+    ),
+) -> dict[str, Any]:
+    if not isinstance(simulation_value, dict):
+        raise WalletBackendError(
+            "Houdini funding transaction simulation returned an unexpected payload.",
+            code="transaction_simulation_invalid",
+        )
+
+    if simulation_value.get("err") is not None:
+        raise WalletBackendError(
+            "Houdini funding transaction simulation failed.",
+            code="transaction_simulation_failed",
+            details={"simulation": simulation_value},
+        )
+
+    token_deltas = _wallet_token_deltas_by_mint(
+        simulation_value,
+        wallet_address=wallet_address,
+    )
+    native_delta = _native_lamport_delta(
+        simulation_value,
+        wallet_account_index=wallet_account_index,
+    )
+    warnings: list[str] = []
+    enforced_checks: list[str] = ["simulation_err_is_none"]
+
+    if is_native_input:
+        if native_delta is None:
+            warnings.append("native_input_delta_unavailable")
+        else:
+            max_spend = max(amount_raw, 0) + max(native_sol_extra_spend_allowance_lamports, 0)
+            if -native_delta > max_spend:
+                raise WalletBackendError(
+                    "Houdini funding transaction simulation spends more native SOL than approved.",
+                    code="houdini_simulation_overspend",
+                    details={
+                        "approved_input_amount_raw": str(amount_raw),
+                        "native_delta_lamports": str(native_delta),
+                        "allowed_extra_lamports": str(
+                            native_sol_extra_spend_allowance_lamports
+                        ),
+                    },
+                )
+            enforced_checks.append("native_input_spend_within_approved_amount")
+    else:
+        if not token_mint:
+            raise WalletBackendError("token_mint is required for SPL Houdini simulation checks.")
+        input_delta = token_deltas.get(token_mint)
+        if input_delta is None:
+            warnings.append("token_input_delta_unavailable")
+        elif -input_delta > amount_raw:
+            raise WalletBackendError(
+                "Houdini funding transaction simulation spends more SPL token than approved.",
+                code="houdini_simulation_overspend",
+                details={
+                    "token_mint": token_mint,
+                    "approved_input_amount_raw": str(amount_raw),
+                    "input_delta_raw": str(input_delta),
+                },
+            )
+        else:
+            enforced_checks.append("token_input_spend_within_approved_amount")
+
+    return {
+        "verified": True,
+        "simulation_err": None,
+        "wallet_address": wallet_address,
+        "wallet_account_index": wallet_account_index,
+        "token_mint": token_mint,
+        "amount_raw": str(amount_raw),
+        "is_native_input": is_native_input,
+        "token_deltas": {mint: str(delta) for mint, delta in sorted(token_deltas.items())},
+        "native_delta_lamports": str(native_delta) if native_delta is not None else None,
+        "enforced_checks": enforced_checks,
+        "warnings": warnings,
+    }
+
+
 def verify_provider_bags_transaction(
     message: Any,
     *,

package/agent-wallet/agent_wallet/user_wallets.py

@@ -17,6 +17,7 @@ from agent_wallet.config import (
     resolve_openclaw_home,
     resolve_runtime_solana_rpc_config,
     resolve_runtime_solana_swap_config,
+    resolve_solana_private_key,
     resolve_wallet_master_key,
     settings,
     use_per_user_key_derivation,
@@ -26,6 +27,7 @@ from agent_wallet.encrypted_storage import (
     decrypt_secret_material,
     encrypt_secret_material,
     is_encrypted_wallet_payload,
+    load_wallet_secret_material,
     write_encrypted_wallet_file,
 )
 from agent_wallet.wallet_layer.base import WalletBackendError
@@ -353,3 +355,84 @@ def create_wallet_backend_for_user(
         swap_provider=str(swap_config["provider"]),
         swap_transport=str(swap_config["transport"]),
     )
+
+
+def create_openclaw_solana_backend(
+    user_id: str,
+    *,
+    sign_only: bool | None = None,
+    network: str | None = None,
+    rpc_url: str | None = None,
+) -> tuple[SolanaWalletBackend, dict[str, str], bool]:
+    """Create a Solana backend for OpenClaw, preferring explicit signer config over per-user wallets."""
+    effective_network = _resolve_effective_network(network)
+    configured_public_key = settings.solana_agent_public_key.strip()
+    configured_keypair_path = settings.solana_agent_keypair_path.strip()
+    configured_secret = resolve_solana_private_key().strip()
+
+    signer: SolanaLocalKeypairSigner | None = None
+    storage_format = ""
+    wallet_path = ""
+    key_scope = ""
+
+    if configured_secret:
+        signer = SolanaLocalKeypairSigner.from_secret_material(configured_secret)
+        storage_format = "sealed_runtime_secret"
+        wallet_path = f"{resolve_openclaw_home() / 'sealed_keys.json'}#private_key"
+        key_scope = "sealed-runtime"
+    elif configured_keypair_path:
+        path = Path(configured_keypair_path).expanduser()
+        if not path.exists():
+            raise WalletBackendError(f"Configured Solana keypair path does not exist: {path}")
+        secret_material, loaded_format = load_wallet_secret_material(path)
+        signer = SolanaLocalKeypairSigner.from_secret_material(secret_material)
+        storage_format = loaded_format
+        wallet_path = str(path)
+        key_scope = "configured-keypair"
+
+    resolved_address = configured_public_key or (signer.address if signer else "")
+    if configured_public_key and signer and configured_public_key != signer.address:
+        raise WalletBackendError(
+            "Configured Solana publicKey does not match the signer derived from keypairPath/runtime secret."
+        )
+
+    rpc_config = resolve_runtime_solana_rpc_config(
+        effective_network,
+        rpc_url or settings.solana_rpc_url,
+        settings.solana_rpc_urls,
+    )
+    swap_config = resolve_runtime_solana_swap_config(effective_network)
+
+    if signer is not None or configured_public_key:
+        backend = SolanaWalletBackend(
+            rpc_url=rpc_config["rpc_urls"],
+            commitment=settings.solana_commitment,
+            network=effective_network,
+            signer=signer,
+            address=resolved_address or None,
+            sign_only=settings.agent_wallet_sign_only if sign_only is None else sign_only,
+            rpc_provider_mode=str(rpc_config["mode"]),
+            rpc_provider=str(rpc_config["provider"]),
+            rpc_transport=str(rpc_config["transport"]),
+            swap_provider=str(swap_config["provider"]),
+            swap_transport=str(swap_config["transport"]),
+        )
+        wallet_info = {
+            "user_id": user_id,
+            "address": resolved_address,
+            "path": wallet_path or "<configured-public-key>",
+            "storage_format": storage_format or "configured_public_key",
+            "key_scope": key_scope or ("configured-public-key" if configured_public_key else "host-managed"),
+        }
+        return backend, wallet_info, False
+
+    wallet_path = resolve_user_wallet_path(user_id, network=effective_network)
+    created_now = not wallet_path.exists()
+    backend = create_wallet_backend_for_user(
+        user_id,
+        sign_only=sign_only,
+        network=effective_network,
+        rpc_url=rpc_url,
+    )
+    wallet_info = ensure_user_solana_wallet(user_id, network=effective_network)
+    return backend, wallet_info, created_now

package/agent-wallet/agent_wallet/wallet_layer/base.py

@@ -327,6 +327,46 @@ class AgentWalletBackend(ABC):
     ) -> dict[str, Any]:
         raise WalletBackendError(f"{self.name} does not support Solana-origin LI.FI swap previews.")
 
+    async def preview_solana_private_swap(
+        self,
+        *,
+        input_token: str,
+        output_token: str,
+        destination_address: str,
+        amount_ui: float,
+        use_xmr: bool = False,
+    ) -> dict[str, Any]:
+        raise WalletBackendError(f"{self.name} does not support Solana private swap previews.")
+
+    async def execute_solana_private_swap(
+        self,
+        *,
+        input_token: str,
+        output_token: str,
+        destination_address: str,
+        amount_ui: float,
+        use_xmr: bool = False,
+        approved_preview: dict[str, Any] | None = None,
+        existing_order: dict[str, Any] | None = None,
+    ) -> dict[str, Any]:
+        raise WalletBackendError(f"{self.name} does not support Solana private swaps.")
+
+    async def get_solana_private_swap_status(
+        self,
+        *,
+        multi_id: str | None = None,
+        houdini_id: str | None = None,
+    ) -> dict[str, Any]:
+        raise WalletBackendError(f"{self.name} does not support Solana private swap status lookup.")
+
+    async def continue_solana_private_swap(
+        self,
+        *,
+        approved_preview: dict[str, Any],
+        existing_order: dict[str, Any],
+    ) -> dict[str, Any]:
+        raise WalletBackendError(f"{self.name} does not support continuing Solana private swaps.")
+
     async def execute_solana_lifi_cross_chain_swap(
         self,
         *,