@agentlayer.tech/wallet 0.1.18 → 0.1.19

package/agent-wallet/agent_wallet/providers/wdk_evm_local.py

@@ -102,6 +102,35 @@ def _unwrap_payload(response: httpx.Response) -> dict[str, Any]:
     return data
 
 
+def _unwrap_list_payload(response: httpx.Response) -> list[dict[str, Any]]:
+    try:
+        payload = response.json()
+    except Exception as exc:  # pragma: no cover - defensive
+        raise WalletBackendError(
+            f"wdk-evm-wallet returned a non-JSON response ({response.status_code}).",
+            code="network_unavailable",
+            details={
+                "service": "wdk-evm-wallet",
+                "http_status": response.status_code,
+            },
+        ) from exc
+    if response.status_code >= 400 or payload.get("ok") is False:
+        detail = payload.get("error") or f"HTTP {response.status_code}"
+        raise WalletBackendError(
+            str(detail),
+            code=str(payload.get("error_code") or "").strip() or None,
+            details=_error_details_from_payload(payload),
+        )
+    data = payload.get("data")
+    if not isinstance(data, list):
+        raise WalletBackendError("wdk-evm-wallet returned an invalid list response payload.")
+    wallets: list[dict[str, Any]] = []
+    for item in data:
+        if isinstance(item, dict):
+            wallets.append(dict(item))
+    return wallets
+
+
 class WdkEvmLocalClient:
     """Small client for the local EVM wallet service."""
 
@@ -203,3 +232,26 @@ class WdkEvmLocalClient:
                 details={"service": "wdk-evm-wallet", "path": path},
             ) from exc
         return _unwrap_payload(response)
+
+    def list_wallets_sync(self) -> list[dict[str, Any]]:
+        try:
+            with httpx.Client(
+                timeout=float(settings.http_timeout),
+                headers=self._headers,
+                follow_redirects=False,
+                trust_env=False,
+            ) as client:
+                response = client.get(f"{self.base_url}/v1/evm/wallets")
+        except httpx.TimeoutException as exc:
+            raise WalletBackendError(
+                "wdk-evm-wallet request timed out.",
+                code="network_unavailable",
+                details={"service": "wdk-evm-wallet", "path": "/v1/evm/wallets"},
+            ) from exc
+        except httpx.RequestError as exc:
+            raise WalletBackendError(
+                f"wdk-evm-wallet request failed: {exc}",
+                code="network_unavailable",
+                details={"service": "wdk-evm-wallet", "path": "/v1/evm/wallets"},
+            ) from exc
+        return _unwrap_list_payload(response)

package/agent-wallet/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "openclaw-agent-wallet"
-version = "0.1.18"
+version = "0.1.19"
 description = "Plugin-friendly wallet backend for OpenClaw agents"
 requires-python = ">=3.10"
 dependencies = [

package/agent-wallet/scripts/build_release_bundle.py

@@ -33,6 +33,7 @@ INCLUDED_TOP_LEVEL_DIRS = [
 EXCLUDED_EXACT_RELATIVE_PATHS = {
     ".openclaw/extensions-local",
     ".openclaw/openclaw.local.example.json",
+    ".openclaw/extensions/pay-bridge",
 }
 EXCLUDED_DIR_NAMES = {
     ".git",

package/agent-wallet/scripts/install_agent_wallet.py

@@ -201,6 +201,9 @@ def _ignore_runtime_entries(_directory: str, names: list[str]) -> set[str]:
     keep_dist = ".openclaw" in directory.parts and "extensions" in directory.parts
     ignored: set[str] = set()
     for name in names:
+        if name == "pay-bridge" and directory.parts[-2:] == (".openclaw", "extensions"):
+            ignored.add(name)
+            continue
         if name == "dist" and keep_dist:
             continue
         if name in EXCLUDED_RUNTIME_DIR_NAMES:

package/agent-wallet/scripts/install_openclaw_local_config.py

@@ -5,7 +5,7 @@ from __future__ import annotations
 import argparse
 import json
 import os
-import shutil
+import secrets
 import sys
 from datetime import datetime, timezone
 from pathlib import Path
@@ -49,15 +49,6 @@ OPTIONAL_TOOLS = [
     "flash_trade_close_position",
 ]
 
-PAY_BRIDGE_PLUGIN_ID = "pay-bridge"
-PAY_BRIDGE_TOOLS = [
-    "pay_status",
-    "pay_wallet_info",
-    "pay_search_services",
-    "pay_get_service_endpoints",
-    "pay_api_request",
-]
-
 X402_TOOLS = [
     "x402_search_services",
     "x402_get_service_details",
@@ -104,13 +95,6 @@ def _default_extension_path() -> Path:
     return _repo_root() / ".openclaw" / "extensions" / "agent-wallet"
 
 
-def _default_pay_bridge_extension_path() -> Path:
-    runtime_root = _trusted_runtime_root()
-    if runtime_root is not None:
-        return runtime_root / ".openclaw" / "extensions" / PAY_BRIDGE_PLUGIN_ID
-    return _repo_root() / ".openclaw" / "extensions" / PAY_BRIDGE_PLUGIN_ID
-
-
 def _default_package_root() -> Path:
     runtime_root = _trusted_runtime_root()
     if runtime_root is not None:
@@ -133,14 +117,6 @@ def _default_python_bin() -> str:
     return sys.executable
 
 
-def _default_pay_binary() -> str:
-    explicit = os.getenv("OPENCLAW_PAY_BINARY", "").strip()
-    if explicit:
-        return explicit
-    resolved = shutil.which("pay")
-    return resolved or "pay"
-
-
 def _default_user_id() -> str:
     return f"{os.getenv('USER', 'openclaw-user')}-local"
 
@@ -178,10 +154,8 @@ def build_parser() -> argparse.ArgumentParser:
         default=True,
     )
     parser.add_argument("--extension-path", default=str(_default_extension_path()))
-    parser.add_argument("--pay-bridge-extension-path", default=str(_default_pay_bridge_extension_path()))
     parser.add_argument("--package-root", default=str(_default_package_root()))
     parser.add_argument("--python-bin", default=_default_python_bin())
-    parser.add_argument("--pay-binary", default=_default_pay_binary())
     parser.add_argument("--write-master-key", action=argparse.BooleanOptionalAction, default=False)
     return parser
 
@@ -191,12 +165,15 @@ def _collect_sealed_secret_updates() -> dict[str, str]:
     master_key = os.getenv("AGENT_WALLET_MASTER_KEY", "").strip()
     approval_secret = os.getenv("AGENT_WALLET_APPROVAL_SECRET", "").strip()
     private_key = os.getenv("SOLANA_AGENT_PRIVATE_KEY", "").strip()
+    evm_wallet_password = os.getenv("WDK_EVM_WALLET_PASSWORD", "").strip()
     if master_key:
         updates["master_key"] = master_key
     if approval_secret:
         updates["approval_secret"] = approval_secret
     if private_key:
         updates["private_key"] = private_key
+    if evm_wallet_password:
+        updates["wdk_evm_wallet_password"] = evm_wallet_password
     return updates
 
 
@@ -205,10 +182,12 @@ def _maybe_install_sealed_keys() -> str | None:
     if not boot_key:
         return None
     updates = _collect_sealed_secret_updates()
-    if not updates:
-        return None
     sealed_path = resolve_sealed_keys_path()
     existing = unseal_keys(boot_key) if sealed_path.exists() else {}
+    if "wdk_evm_wallet_password" not in existing and "wdk_evm_wallet_password" not in updates:
+        updates["wdk_evm_wallet_password"] = secrets.token_urlsafe(24)
+    if not updates:
+        return None
     return str(seal_keys(boot_key, {**existing, **updates}))
 
 
@@ -255,17 +234,14 @@ def main() -> None:
     allow = plugins.setdefault("allow", [])
     if args.plugin_id not in allow:
         allow.append(args.plugin_id)
-    if PAY_BRIDGE_PLUGIN_ID not in allow:
-        allow.append(PAY_BRIDGE_PLUGIN_ID)
+    allow[:] = [item for item in allow if item != "pay-bridge"]
 
     load = plugins.setdefault("load", {})
     paths = load.setdefault("paths", [])
     extension_path_text = str(Path(args.extension_path).expanduser().resolve())
     if extension_path_text not in paths:
         paths.append(extension_path_text)
-    pay_bridge_extension_path_text = str(Path(args.pay_bridge_extension_path).expanduser().resolve())
-    if pay_bridge_extension_path_text not in paths:
-        paths.append(pay_bridge_extension_path_text)
+    paths[:] = [item for item in paths if "extensions/pay-bridge" not in str(item)]
 
     entries = plugins.setdefault("entries", {})
     effective_network = _normalize_network(args.backend, args.network)
@@ -318,25 +294,19 @@ def main() -> None:
         "enabled": True,
         "config": plugin_config,
     }
-    existing_pay_entry = entries.get(PAY_BRIDGE_PLUGIN_ID) if isinstance(entries.get(PAY_BRIDGE_PLUGIN_ID), dict) else {}
-    existing_pay_config = (
-        dict(existing_pay_entry.get("config"))
-        if isinstance(existing_pay_entry.get("config"), dict)
-        else {}
-    )
-    pay_bridge_config = {
-        **existing_pay_config,
-        "payBinary": args.pay_binary.strip() or _default_pay_binary(),
-        "requireHttps": bool(existing_pay_config.get("requireHttps", True)),
-    }
-    entries[PAY_BRIDGE_PLUGIN_ID] = {
-        "enabled": True,
-        "config": pay_bridge_config,
-    }
+    entries.pop("pay-bridge", None)
 
     tools = data.setdefault("tools", {})
     also_allow = tools.setdefault("alsoAllow", [])
-    for tool_name in OPTIONAL_TOOLS + PAY_BRIDGE_TOOLS + X402_TOOLS:
+    removed_pay_tools = {
+        "pay_status",
+        "pay_wallet_info",
+        "pay_search_services",
+        "pay_get_service_endpoints",
+        "pay_api_request",
+    }
+    also_allow[:] = [tool_name for tool_name in also_allow if tool_name not in removed_pay_tools]
+    for tool_name in OPTIONAL_TOOLS + X402_TOOLS:
         if tool_name not in also_allow:
             also_allow.append(tool_name)
 
@@ -352,7 +322,6 @@ def main() -> None:
                 "config_path": str(config_path),
                 "backup_path": str(backup_path),
                 "extension_path": extension_path_text,
-                "pay_bridge_extension_path": pay_bridge_extension_path_text,
                 "python_bin": args.python_bin,
                 "package_root": plugin_config["packageRoot"],
                 "plugin_id": args.plugin_id,

package/agent-wallet/scripts/install_openclaw_sealed_keys.py

@@ -5,6 +5,7 @@ from __future__ import annotations
 import argparse
 import json
 import os
+import secrets as py_secrets
 import sys
 from pathlib import Path
 
@@ -49,12 +50,15 @@ def _collect_secret_updates() -> dict[str, str]:
     master_key = os.getenv("AGENT_WALLET_MASTER_KEY", "").strip()
     approval_secret = os.getenv("AGENT_WALLET_APPROVAL_SECRET", "").strip()
     private_key = os.getenv("SOLANA_AGENT_PRIVATE_KEY", "").strip()
+    evm_wallet_password = os.getenv("WDK_EVM_WALLET_PASSWORD", "").strip()
     if master_key:
         updates["master_key"] = master_key
     if approval_secret:
         updates["approval_secret"] = approval_secret
     if private_key:
         updates["private_key"] = private_key
+    if evm_wallet_password:
+        updates["wdk_evm_wallet_password"] = evm_wallet_password
     return updates
 
 
@@ -80,6 +84,10 @@ def main() -> None:
     sealed_path = resolve_sealed_keys_path()
     existing = unseal_keys(boot_key) if sealed_path.exists() and not args.replace else {}
     secrets = {**existing, **updates}
+    generated_keys: list[str] = []
+    if "wdk_evm_wallet_password" not in secrets:
+        secrets["wdk_evm_wallet_password"] = py_secrets.token_urlsafe(24)
+        generated_keys.append("wdk_evm_wallet_password")
     if not secrets:
         raise SystemExit(
             "No secrets provided. Set AGENT_WALLET_MASTER_KEY, AGENT_WALLET_APPROVAL_SECRET, "
@@ -93,7 +101,7 @@ def main() -> None:
                 "ok": True,
                 "path": str(path),
                 "stored_keys": sorted(secrets.keys()),
-                "updated_keys": sorted(updates.keys()),
+                "updated_keys": sorted(set(updates.keys()) | set(generated_keys)),
                 "replaced": bool(args.replace),
             },
             indent=2,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentlayer.tech/wallet",
-  "version": "0.1.18",
+  "version": "0.1.19",
   "description": "NPM installer for the OpenClaw Agent Wallet local runtime.",
   "type": "module",
   "repository": {
@@ -40,7 +40,6 @@
     "agent-wallet/pyproject.toml",
     ".openclaw/AGENTS.md",
     ".openclaw/extensions/agent-wallet/",
-    ".openclaw/extensions/pay-bridge/",
     "hermes/plugins/agent_wallet/",
     "wdk-btc-wallet/src/",
     "wdk-btc-wallet/bootstrap.sh",

package/.openclaw/extensions/pay-bridge/README.md

@@ -1,38 +0,0 @@
-# pay-bridge
-
-Thin OpenClaw bridge to the locally installed `pay` CLI.
-
-External install path:
-
-```bash
-openclaw plugins install clawhub:@agentlayertech/pay-bridge-plugin
-```
-
-This plugin is intentionally separate from `agent-wallet`:
-
-- `agent-wallet` remains the execution wallet stack for Solana/EVM/BTC
-- `pay-bridge` only discovers and calls paid APIs through `pay`
-- the `pay` wallet stays separate from the AgentLayer wallet runtime
-
-## Exposed tools
-
-- `pay_status`
-- `pay_wallet_info`
-- `pay_search_services`
-- `pay_get_service_endpoints`
-- `pay_api_request`
-
-## Intended workflow
-
-1. `pay_status`
-2. `pay_search_services`
-3. `pay_get_service_endpoints`
-4. `pay_api_request`
-
-`pay_api_request` is deliberately narrow:
-
-- it requires a `service_fqn`, `resource`, and `url`
-- it validates the URL against `pay skills endpoints`
-- it requires `purpose` and `user_confirmed=true`
-
-This keeps the bridge thin and prevents it from becoming a generic arbitrary paid-curl launcher.

package/.openclaw/extensions/pay-bridge/core.mjs

@@ -1,287 +0,0 @@
-import { execFile } from "node:child_process";
-import { promisify } from "node:util";
-
-const execFileAsync = promisify(execFile);
-const ANSI_RE = /\u001b\[[0-9;]*m/g;
-
-function stripAnsi(text) {
-  return String(text || "").replace(ANSI_RE, "");
-}
-
-function nonEmptyLines(text) {
-  return stripAnsi(text)
-    .split(/\r?\n/)
-    .map((line) => line.trim())
-    .filter(Boolean);
-}
-
-function extractLastJsonValue(text) {
-  const lines = nonEmptyLines(text);
-  for (let i = lines.length - 1; i >= 0; i -= 1) {
-    const candidate = lines[i];
-    if (!candidate.startsWith("{") && !candidate.startsWith("[")) continue;
-    try {
-      return JSON.parse(candidate);
-    } catch {
-      continue;
-    }
-  }
-  return null;
-}
-
-function collectStringLeaves(value, acc = new Set()) {
-  if (typeof value === "string") {
-    acc.add(value);
-    return acc;
-  }
-  if (Array.isArray(value)) {
-    for (const item of value) collectStringLeaves(item, acc);
-    return acc;
-  }
-  if (value && typeof value === "object") {
-    for (const item of Object.values(value)) collectStringLeaves(item, acc);
-  }
-  return acc;
-}
-
-function withAccountArgs(args, account) {
-  if (!account) return args;
-  return [...args, "--account", account];
-}
-
-export function resolvePayBinary(config = {}) {
-  return (
-    config.payBinary ||
-    process.env.OPENCLAW_PAY_BINARY ||
-    "pay"
-  );
-}
-
-export async function runPayCommand(payBinary, args, options = {}) {
-  const { cwd, input = null } = options;
-  let stdout = "";
-  let stderr = "";
-  try {
-    const result = await execFileAsync(payBinary, args, {
-      cwd,
-      env: { ...process.env },
-      input,
-      maxBuffer: 1024 * 1024 * 8,
-    });
-    stdout = result.stdout ?? "";
-    stderr = result.stderr ?? "";
-  } catch (error) {
-    stdout = typeof error?.stdout === "string" ? error.stdout : "";
-    stderr = typeof error?.stderr === "string" ? error.stderr : "";
-    const payload = extractLastJsonValue(stdout) || extractLastJsonValue(stderr);
-    const message =
-      payload?.error?.message ||
-      payload?.message ||
-      stripAnsi(stderr || stdout || error?.message || "pay command failed").trim() ||
-      "pay command failed";
-    const wrapped = new Error(message);
-    wrapped.stdout = stdout;
-    wrapped.stderr = stderr;
-    wrapped.details = payload && typeof payload === "object" ? payload : null;
-    throw wrapped;
-  }
-  return { stdout, stderr };
-}
-
-export function parseWhoamiOutput(stdout) {
-  const lines = nonEmptyLines(stdout);
-  const systemUser = lines[0] || null;
-  const noAccount = lines.some((line) => /no mainnet account/i.test(line));
-  return {
-    system_user: systemUser,
-    has_mainnet_account: !noAccount,
-    raw_lines: lines,
-  };
-}
-
-export function parseAccountListOutput(stdout) {
-  const lines = nonEmptyLines(stdout);
-  const noAccounts = lines.some((line) => /no accounts found/i.test(line));
-  return {
-    has_accounts: !noAccounts,
-    raw_lines: lines,
-  };
-}
-
-export async function getPayStatus(config = {}, options = {}) {
-  const payBinary = resolvePayBinary(config);
-  const versionResult = await runPayCommand(payBinary, ["--version"], options);
-  const whoamiResult = await runPayCommand(
-    payBinary,
-    withAccountArgs(["whoami"], config.defaultAccount),
-    options
-  );
-  const accountListResult = await runPayCommand(payBinary, ["account", "list"], options);
-  return {
-    installed: true,
-    pay_binary: payBinary,
-    version: stripAnsi(versionResult.stdout).trim() || null,
-    account_configured: parseWhoamiOutput(whoamiResult.stdout).has_mainnet_account,
-    has_any_accounts: parseAccountListOutput(accountListResult.stdout).has_accounts,
-    whoami: parseWhoamiOutput(whoamiResult.stdout),
-    accounts: parseAccountListOutput(accountListResult.stdout),
-  };
-}
-
-export async function getPayWalletInfo(config = {}, options = {}) {
-  const payBinary = resolvePayBinary(config);
-  const whoamiResult = await runPayCommand(
-    payBinary,
-    withAccountArgs(["whoami"], config.defaultAccount),
-    options
-  );
-  const accountListResult = await runPayCommand(payBinary, ["account", "list"], options);
-  return {
-    pay_binary: payBinary,
-    default_account: config.defaultAccount || null,
-    whoami: parseWhoamiOutput(whoamiResult.stdout),
-    accounts: parseAccountListOutput(accountListResult.stdout),
-    notes: [
-      "This wallet is managed by pay.sh and is separate from the AgentLayer execution wallet.",
-    ],
-  };
-}
-
-export async function searchPayServices(config = {}, params = {}, options = {}) {
-  const payBinary = resolvePayBinary(config);
-  const args = ["skills", "search"];
-  if (params.query) args.push(String(params.query));
-  if (params.category) args.push("--category", String(params.category));
-  args.push("--json");
-  const { stdout, stderr } = await runPayCommand(
-    payBinary,
-    withAccountArgs(args, params.account || config.defaultAccount),
-    options
-  );
-  const parsed = JSON.parse(stdout.trim() || "{}");
-  return {
-    query: params.query || "",
-    category: params.category || null,
-    results: parsed,
-    warnings: nonEmptyLines(stderr),
-  };
-}
-
-export async function getPayServiceEndpoints(config = {}, params = {}, options = {}) {
-  const payBinary = resolvePayBinary(config);
-  const args = [
-    "skills",
-    "endpoints",
-    String(params.service_fqn),
-    String(params.resource),
-    "--json",
-  ];
-  const { stdout, stderr } = await runPayCommand(
-    payBinary,
-    withAccountArgs(args, params.account || config.defaultAccount),
-    options
-  );
-  const parsed = JSON.parse(stdout.trim() || "{}");
-  return {
-    service_fqn: String(params.service_fqn),
-    resource: String(params.resource),
-    endpoints: parsed,
-    warnings: nonEmptyLines(stderr),
-  };
-}
-
-function ensureHttps(url, requireHttps = true) {
-  if (!requireHttps) return;
-  const parsed = new URL(url);
-  if (parsed.protocol !== "https:") {
-    throw new Error("pay_api_request only allows https URLs.");
-  }
-}
-
-function appendQuery(url, query) {
-  const parsed = new URL(url);
-  if (query && typeof query === "object") {
-    for (const [key, value] of Object.entries(query)) {
-      if (value === undefined || value === null) continue;
-      parsed.searchParams.set(key, String(value));
-    }
-  }
-  return parsed.toString();
-}
-
-export function endpointPayloadContainsUrl(endpointPayload, url) {
-  const strings = collectStringLeaves(endpointPayload);
-  return strings.has(url);
-}
-
-export async function executePayApiRequest(config = {}, params = {}, options = {}) {
-  if (params.user_confirmed !== true) {
-    throw new Error("pay_api_request requires user_confirmed=true.");
-  }
-  if (!params.purpose || !String(params.purpose).trim()) {
-    throw new Error("pay_api_request requires a non-empty purpose.");
-  }
-  if (!params.service_fqn || !params.resource || !params.url) {
-    throw new Error("pay_api_request requires service_fqn, resource, and url.");
-  }
-  if (params.json_body !== undefined && params.text_body !== undefined) {
-    throw new Error("Provide either json_body or text_body, not both.");
-  }
-
-  const endpointData = await getPayServiceEndpoints(config, {
-    account: params.account,
-    resource: params.resource,
-    service_fqn: params.service_fqn,
-  }, options);
-
-  const finalUrl = appendQuery(String(params.url), params.query);
-  ensureHttps(finalUrl, config.requireHttps !== false);
-  if (!endpointPayloadContainsUrl(endpointData.endpoints, String(params.url))) {
-    throw new Error("The requested URL is not present in pay_get_service_endpoints for this service/resource.");
-  }
-
-  const payBinary = resolvePayBinary(config);
-  const method = String(params.method || "GET").toUpperCase();
-  const args = ["curl"];
-  if (params.account || config.defaultAccount) {
-    args.push("--account", String(params.account || config.defaultAccount));
-  }
-  args.push("--request", method);
-
-  const headers = params.headers && typeof params.headers === "object" ? params.headers : {};
-  for (const [key, value] of Object.entries(headers)) {
-    args.push("--header", `${key}: ${String(value)}`);
-  }
-
-  if (params.json_body !== undefined) {
-    const hasContentType = Object.keys(headers).some((key) => key.toLowerCase() === "content-type");
-    if (!hasContentType) {
-      args.push("--header", "content-type: application/json");
-    }
-    args.push("--data", JSON.stringify(params.json_body));
-  } else if (params.text_body !== undefined) {
-    args.push("--data", String(params.text_body));
-  }
-
-  args.push(finalUrl);
-  const { stdout, stderr } = await runPayCommand(payBinary, args, options);
-  const trimmed = stdout.trim();
-  let responseBody = trimmed;
-  if (params.parse_json_response !== false) {
-    try {
-      responseBody = JSON.parse(trimmed);
-    } catch {
-      responseBody = trimmed;
-    }
-  }
-  return {
-    method,
-    purpose: String(params.purpose),
-    request_url: finalUrl,
-    service_fqn: String(params.service_fqn),
-    resource: String(params.resource),
-    response: responseBody,
-    raw_response_text: trimmed,
-    warnings: nonEmptyLines(stderr),
-  };
-}