@agentlayer.tech/wallet 0.1.18 → 0.1.20

package/agent-wallet/agent_wallet/evm_user_wallets.py

@@ -3,14 +3,28 @@
 from __future__ import annotations
 
 import json
+import os
+import secrets
+import subprocess
+import time
 from pathlib import Path
 from typing import Any
-
-from agent_wallet.config import resolve_openclaw_home, settings
+from urllib.error import URLError
+from urllib.parse import urlparse
+from urllib.request import urlopen
+
+from agent_wallet.config import (
+    resolve_boot_key,
+    resolve_evm_wallet_password,
+    resolve_openclaw_home,
+    settings,
+)
 from agent_wallet.providers.wdk_evm_local import WdkEvmLocalClient
 from agent_wallet.user_wallets import normalize_user_id
 from agent_wallet.wallet_layer.base import WalletBackendError
 
+LOCAL_WDK_EVM_HOSTS = {"127.0.0.1", "localhost", "::1"}
+
 
 def _normalize_evm_network(value: str | None) -> str:
     network = str(value or "").strip().lower()
@@ -34,6 +48,87 @@ def _resolve_service_url(service_url: str | None = None) -> str:
     return effective
 
 
+def _paired_network(network: str) -> str | None:
+    mapping = {
+        "ethereum": "base",
+        "base": "ethereum",
+        "sepolia": "base-sepolia",
+        "base-sepolia": "sepolia",
+    }
+    return mapping.get(_normalize_evm_network(network))
+
+
+def _health_url(service_url: str) -> str:
+    return f"{service_url.rstrip('/')}/health"
+
+
+def _service_is_healthy(service_url: str) -> bool:
+    try:
+        with urlopen(_health_url(service_url), timeout=1.5) as response:
+            return int(getattr(response, "status", 0) or 0) == 200
+    except (URLError, TimeoutError, OSError):
+        return False
+
+
+def _is_local_service_url(service_url: str) -> bool:
+    parsed = urlparse(service_url)
+    return parsed.scheme in {"http", "https"} and parsed.hostname in LOCAL_WDK_EVM_HOSTS
+
+
+def _resolve_local_wdk_evm_root() -> Path | None:
+    configured = os.getenv("OPENCLAW_EVM_WDK_WALLET_ROOT", "").strip()
+    candidates = [configured] if configured else []
+    candidates.extend(
+        [
+            str(Path(__file__).resolve().parents[2] / "wdk-evm-wallet"),
+            str(resolve_openclaw_home() / "agent-wallet-runtime" / "current" / "wdk-evm-wallet"),
+        ]
+    )
+    for candidate in candidates:
+        root = Path(candidate).expanduser()
+        if (root / "run-local.sh").exists():
+            return root
+    return None
+
+
+def _auto_start_local_service(service_url: str, network: str) -> None:
+    if _service_is_healthy(service_url):
+        return
+    if not _is_local_service_url(service_url):
+        raise WalletBackendError(
+            f"wdk-evm-wallet is unreachable at {_health_url(service_url)} and auto-start only supports localhost URLs."
+        )
+    wallet_root = _resolve_local_wdk_evm_root()
+    if wallet_root is None:
+        raise WalletBackendError(
+            "wdk-evm-wallet is not healthy and the local launcher could not be found."
+        )
+    parsed = urlparse(service_url)
+    env = os.environ.copy()
+    env["HOST"] = parsed.hostname or "127.0.0.1"
+    env["PORT"] = str(parsed.port or 8081)
+    env["WDK_EVM_NETWORK"] = _normalize_evm_network(network)
+    process = subprocess.Popen(  # noqa: S603
+        ["sh", str(wallet_root / "run-local.sh")],
+        cwd=str(wallet_root),
+        env=env,
+        stdin=subprocess.DEVNULL,
+        stdout=subprocess.DEVNULL,
+        stderr=subprocess.DEVNULL,
+        start_new_session=True,
+    )
+    deadline = time.time() + 30.0
+    while time.time() < deadline:
+        if _service_is_healthy(service_url):
+            return
+        if process.poll() is not None:
+            raise WalletBackendError("wdk-evm-wallet exited before becoming healthy.")
+        time.sleep(0.5)
+    raise WalletBackendError(
+        f"Timed out waiting for wdk-evm-wallet health at {_health_url(service_url)}."
+    )
+
+
 def _resolve_user_evm_wallet_dir(user_id: str) -> Path:
     return resolve_openclaw_home() / "users" / normalize_user_id(user_id) / "wallets"
 
@@ -98,6 +193,58 @@ def list_user_evm_wallet_bindings(user_id: str) -> list[dict[str, Any]]:
     return bindings
 
 
+def _maybe_store_evm_wallet_password(password: str) -> bool:
+    value = str(password or "").strip()
+    if not value:
+        return False
+    boot_key = resolve_boot_key()
+    if not boot_key:
+        return False
+    from agent_wallet.sealed_keys import resolve_sealed_keys_path, seal_keys, unseal_keys
+
+    sealed_path = resolve_sealed_keys_path()
+    existing = unseal_keys(boot_key) if sealed_path.exists() else {}
+    if existing.get("wdk_evm_wallet_password") == value:
+        return False
+    seal_keys(boot_key, {**existing, "wdk_evm_wallet_password": value})
+    return True
+
+
+def _ensure_evm_wallet_password() -> str:
+    existing = resolve_evm_wallet_password()
+    if existing:
+        return existing
+    boot_key = resolve_boot_key()
+    if not boot_key:
+        return ""
+    generated = secrets.token_urlsafe(24)
+    _maybe_store_evm_wallet_password(generated)
+    return generated
+
+
+def _bind_network_pair(
+    user_id: str,
+    *,
+    wallet_id: str,
+    network: str,
+    service_url: str,
+    account_index: int,
+    address: str | None,
+) -> None:
+    paired = _paired_network(network)
+    if not paired:
+        return
+    bind_user_evm_wallet(
+        user_id,
+        wallet_id=wallet_id,
+        network=paired,
+        service_url=service_url,
+        account_index=account_index,
+        tolerate_locked=True,
+        fallback_address=address,
+    )
+
+
 def bind_user_evm_wallet(
     user_id: str,
     *,
@@ -208,6 +355,164 @@ def ensure_user_evm_wallet_binding(
     )
 
 
+def ensure_user_evm_wallet_ready(
+    user_id: str,
+    *,
+    network: str | None = None,
+    service_url: str | None = None,
+    wallet_id: str | None = None,
+    account_index: int | None = None,
+    auto_start_service: bool = True,
+) -> dict[str, Any]:
+    effective_network = _normalize_evm_network(network or settings.solana_network)
+    effective_service_url = _resolve_service_url(service_url)
+    effective_account_index = settings.wdk_evm_account_index if account_index is None else int(account_index)
+    if auto_start_service:
+        _auto_start_local_service(effective_service_url, effective_network)
+    elif not _service_is_healthy(effective_service_url):
+        raise WalletBackendError(
+            f"wdk-evm-wallet is not healthy at {_health_url(effective_service_url)}."
+        )
+
+    client = WdkEvmLocalClient(effective_service_url)
+    explicit_wallet_id = str(wallet_id or "").strip()
+    binding: dict[str, Any] | None = None
+    if explicit_wallet_id:
+        binding = ensure_user_evm_wallet_binding(
+            user_id,
+            network=effective_network,
+            service_url=effective_service_url,
+            wallet_id=explicit_wallet_id,
+            account_index=effective_account_index,
+        )
+    else:
+        try:
+            binding = get_user_evm_wallet_binding(user_id, network=effective_network)
+        except WalletBackendError:
+            binding = None
+
+    if binding is None:
+        existing_bindings = list_user_evm_wallet_bindings(user_id)
+        wallet_ids = {
+            str(item.get("wallet_id") or "").strip()
+            for item in existing_bindings
+            if str(item.get("wallet_id") or "").strip()
+        }
+        if len(wallet_ids) > 1:
+            raise WalletBackendError(
+                "Multiple EVM wallet bindings exist for this user. Set wdk_evm_wallet_id explicitly to auto-bind a new network."
+            )
+        if wallet_ids:
+            binding = bind_user_evm_wallet(
+                user_id,
+                wallet_id=next(iter(wallet_ids)),
+                network=effective_network,
+                service_url=effective_service_url,
+                account_index=effective_account_index,
+                tolerate_locked=True,
+                fallback_address=str(existing_bindings[0].get("address") or "").strip() or None,
+            )
+        else:
+            service_wallets = client.list_wallets_sync()
+            service_wallet_ids = {
+                str(item.get("walletId") or "").strip()
+                for item in service_wallets
+                if str(item.get("walletId") or "").strip()
+            }
+            if len(service_wallet_ids) > 1:
+                raise WalletBackendError(
+                    "Multiple local EVM vault wallets exist. Set wdk_evm_wallet_id explicitly before automatic switching."
+                )
+            if service_wallet_ids:
+                binding = bind_user_evm_wallet(
+                    user_id,
+                    wallet_id=next(iter(service_wallet_ids)),
+                    network=effective_network,
+                    service_url=effective_service_url,
+                    account_index=effective_account_index,
+                    tolerate_locked=True,
+                )
+            else:
+                password = _ensure_evm_wallet_password()
+                if not password:
+                    raise WalletBackendError(
+                        "EVM wallet is not set up yet and no sealed local EVM wallet password is available for automatic creation."
+                    )
+                created = create_user_evm_wallet(
+                    user_id,
+                    password=password,
+                    network=effective_network,
+                    service_url=effective_service_url,
+                    account_index=effective_account_index,
+                )
+                binding = get_user_evm_wallet_binding(user_id, network=effective_network)
+                _bind_network_pair(
+                    user_id,
+                    wallet_id=str(created.get("wallet_id") or ""),
+                    network=effective_network,
+                    service_url=effective_service_url,
+                    account_index=effective_account_index,
+                    address=str(created.get("address") or "").strip() or None,
+                )
+
+    resolved_wallet_id = str(binding.get("wallet_id") or explicit_wallet_id).strip()
+    if not resolved_wallet_id:
+        raise WalletBackendError("EVM wallet binding is missing wallet_id.")
+
+    def _resolve_address() -> str:
+        payload = client.post_sync(
+            "/v1/evm/address/resolve",
+            {
+                "walletId": resolved_wallet_id,
+                "accountIndex": effective_account_index,
+                "network": effective_network,
+            },
+        )
+        address = str(payload.get("address") or "").strip()
+        if not address:
+            raise WalletBackendError("wdk-evm-wallet did not return an address.")
+        return address
+
+    try:
+        resolved_address = _resolve_address()
+    except WalletBackendError as exc:
+        is_locked = exc.code == "wallet_locked" or "wallet is locked" in str(exc).strip().lower()
+        if not is_locked:
+            raise
+        password = resolve_evm_wallet_password()
+        if not password:
+            raise WalletBackendError(
+                "EVM wallet exists but cannot be unlocked automatically because no sealed local EVM wallet password is available."
+            ) from exc
+        unlock_user_evm_wallet(
+            user_id,
+            password=password,
+            network=effective_network,
+            service_url=effective_service_url,
+            wallet_id=resolved_wallet_id,
+            account_index=effective_account_index,
+        )
+        resolved_address = _resolve_address()
+
+    binding = bind_user_evm_wallet(
+        user_id,
+        wallet_id=resolved_wallet_id,
+        network=effective_network,
+        service_url=effective_service_url,
+        account_index=effective_account_index,
+        fallback_address=resolved_address,
+    )
+    _bind_network_pair(
+        user_id,
+        wallet_id=resolved_wallet_id,
+        network=effective_network,
+        service_url=effective_service_url,
+        account_index=effective_account_index,
+        address=resolved_address,
+    )
+    return binding
+
+
 def create_user_evm_wallet(
     user_id: str,
     *,
@@ -251,6 +556,7 @@ def create_user_evm_wallet(
         "updated_at": created.get("updatedAt"),
     }
     _write_wallet_binding(resolve_user_evm_wallet_path(user_id, effective_network), binding)
+    _maybe_store_evm_wallet_password(password)
     return {
         **binding,
         "unlocked": bool(created.get("unlocked", True)),
@@ -302,6 +608,7 @@ def import_user_evm_wallet(
         "updated_at": created.get("updatedAt"),
     }
     _write_wallet_binding(resolve_user_evm_wallet_path(user_id, effective_network), binding)
+    _maybe_store_evm_wallet_password(password)
     return {
         **binding,
         "unlocked": bool(created.get("unlocked", True)),
@@ -334,6 +641,7 @@ def unlock_user_evm_wallet(
             "timeoutSeconds": 0,
         },
     )
+    _maybe_store_evm_wallet_password(password)
     return {
         **binding,
         "unlocked": bool(payload.get("unlocked", True)),

package/agent-wallet/agent_wallet/openclaw_runtime.py

@@ -8,7 +8,7 @@ from typing import Any
 from agent_wallet.approval import issue_approval_token
 from agent_wallet.btc_user_wallets import get_user_btc_wallet_binding
 from agent_wallet.config import settings
-from agent_wallet.evm_user_wallets import ensure_user_evm_wallet_binding, get_user_evm_wallet_binding
+from agent_wallet.evm_user_wallets import ensure_user_evm_wallet_ready
 from agent_wallet.models import OpenClawWalletSessionMetadata
 from agent_wallet.openclaw_adapter import OpenClawWalletAdapter
 from agent_wallet.plugin_bundle import build_openclaw_plugin_bundle
@@ -173,38 +173,17 @@ def onboard_openclaw_user_wallet(
             "base_sepolia": "base-sepolia",
         }
         effective_network = aliases.get(requested_network, requested_network)
-        binding: dict[str, Any] | None = None
         wallet_id = str(wdk_evm_wallet_id or settings.wdk_evm_wallet_id).strip()
         if not service_url:
             raise WalletBackendError("wdk_evm_service_url is required for backend=wdk_evm_local.")
-        if wallet_id:
-            try:
-                binding = get_user_evm_wallet_binding(user_id, network=effective_network)
-            except WalletBackendError:
-                binding = ensure_user_evm_wallet_binding(
-                    user_id,
-                    network=effective_network,
-                    service_url=service_url,
-                    wallet_id=wallet_id,
-                    account_index=account_index,
-                )
-            else:
-                if str(binding.get("wallet_id") or "").strip() != wallet_id:
-                    binding = ensure_user_evm_wallet_binding(
-                        user_id,
-                        network=effective_network,
-                        service_url=service_url,
-                        wallet_id=wallet_id,
-                        account_index=account_index,
-                    )
-        else:
-            binding = ensure_user_evm_wallet_binding(
-                user_id,
-                network=effective_network,
-                service_url=service_url,
-                account_index=account_index,
-            )
-            wallet_id = str(binding.get("wallet_id") or "").strip()
+        binding = ensure_user_evm_wallet_ready(
+            user_id,
+            network=effective_network,
+            service_url=service_url,
+            wallet_id=wallet_id or None,
+            account_index=account_index,
+        )
+        wallet_id = str(binding.get("wallet_id") or wallet_id).strip()
         if not wallet_id:
             raise WalletBackendError(
                 "wdk_evm_wallet_id is required for backend=wdk_evm_local, or create a bound user EVM wallet first."
@@ -212,17 +191,7 @@ def onboard_openclaw_user_wallet(
 
         client = WdkEvmLocalClient(service_url)
         wallet_meta = client.post_sync("/v1/evm/wallets/get", {"walletId": wallet_id})
-        resolved_address = str((binding or {}).get("address") or "").strip()
-        if not resolved_address:
-            address_payload = client.post_sync(
-                "/v1/evm/address/resolve",
-                {
-                    "walletId": wallet_id,
-                    "accountIndex": account_index,
-                    "network": effective_network,
-                },
-            )
-            resolved_address = str(address_payload.get("address") or "").strip()
+        resolved_address = str(binding.get("address") or "").strip()
         backend = WdkEvmLocalWalletBackend(
             service_url=service_url,
             wallet_id=wallet_id,

package/agent-wallet/agent_wallet/providers/wdk_evm_local.py

@@ -102,6 +102,35 @@ def _unwrap_payload(response: httpx.Response) -> dict[str, Any]:
     return data
 
 
+def _unwrap_list_payload(response: httpx.Response) -> list[dict[str, Any]]:
+    try:
+        payload = response.json()
+    except Exception as exc:  # pragma: no cover - defensive
+        raise WalletBackendError(
+            f"wdk-evm-wallet returned a non-JSON response ({response.status_code}).",
+            code="network_unavailable",
+            details={
+                "service": "wdk-evm-wallet",
+                "http_status": response.status_code,
+            },
+        ) from exc
+    if response.status_code >= 400 or payload.get("ok") is False:
+        detail = payload.get("error") or f"HTTP {response.status_code}"
+        raise WalletBackendError(
+            str(detail),
+            code=str(payload.get("error_code") or "").strip() or None,
+            details=_error_details_from_payload(payload),
+        )
+    data = payload.get("data")
+    if not isinstance(data, list):
+        raise WalletBackendError("wdk-evm-wallet returned an invalid list response payload.")
+    wallets: list[dict[str, Any]] = []
+    for item in data:
+        if isinstance(item, dict):
+            wallets.append(dict(item))
+    return wallets
+
+
 class WdkEvmLocalClient:
     """Small client for the local EVM wallet service."""
 
@@ -203,3 +232,26 @@ class WdkEvmLocalClient:
                 details={"service": "wdk-evm-wallet", "path": path},
             ) from exc
         return _unwrap_payload(response)
+
+    def list_wallets_sync(self) -> list[dict[str, Any]]:
+        try:
+            with httpx.Client(
+                timeout=float(settings.http_timeout),
+                headers=self._headers,
+                follow_redirects=False,
+                trust_env=False,
+            ) as client:
+                response = client.get(f"{self.base_url}/v1/evm/wallets")
+        except httpx.TimeoutException as exc:
+            raise WalletBackendError(
+                "wdk-evm-wallet request timed out.",
+                code="network_unavailable",
+                details={"service": "wdk-evm-wallet", "path": "/v1/evm/wallets"},
+            ) from exc
+        except httpx.RequestError as exc:
+            raise WalletBackendError(
+                f"wdk-evm-wallet request failed: {exc}",
+                code="network_unavailable",
+                details={"service": "wdk-evm-wallet", "path": "/v1/evm/wallets"},
+            ) from exc
+        return _unwrap_list_payload(response)

package/agent-wallet/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "openclaw-agent-wallet"
-version = "0.1.18"
+version = "0.1.20"
 description = "Plugin-friendly wallet backend for OpenClaw agents"
 requires-python = ">=3.10"
 dependencies = [

package/agent-wallet/scripts/build_release_bundle.py

@@ -33,6 +33,7 @@ INCLUDED_TOP_LEVEL_DIRS = [
 EXCLUDED_EXACT_RELATIVE_PATHS = {
     ".openclaw/extensions-local",
     ".openclaw/openclaw.local.example.json",
+    ".openclaw/extensions/pay-bridge",
 }
 EXCLUDED_DIR_NAMES = {
     ".git",

package/agent-wallet/scripts/flash-sdk-bridge/bridge.mjs

@@ -350,14 +350,22 @@ function variantToSide(sideVariant) {
   return String(sideVariant ?? "");
 }
 
+function safeTokenSymbol(poolConfig, mintPk) {
+  try {
+    return poolConfig.getTokenFromMintPk(mintPk)?.symbol ?? null;
+  } catch {
+    return null;
+  }
+}
+
 function buildMarketSnapshot(poolConfig, marketConfig, deprecated = false) {
-  const targetToken = poolConfig.getTokenFromMintPk(marketConfig.targetMint);
-  const collateralToken = poolConfig.getTokenFromMintPk(marketConfig.collateralMint);
+  const targetSymbol = safeTokenSymbol(poolConfig, marketConfig.targetMint);
+  const collateralSymbol = safeTokenSymbol(poolConfig, marketConfig.collateralMint);
   return {
     pool_name: poolConfig.poolName,
-    symbol: targetToken.symbol,
-    market_symbol: targetToken.symbol,
-    collateral_symbol: collateralToken.symbol,
+    symbol: targetSymbol,
+    market_symbol: targetSymbol,
+    collateral_symbol: collateralSymbol,
     side: variantToSide(marketConfig.side),
     market_id: marketConfig.marketId,
     market_address: marketConfig.marketAccount.toBase58(),
@@ -374,14 +382,16 @@ function buildMarketSnapshot(poolConfig, marketConfig, deprecated = false) {
 
 function buildPositionSnapshot(poolConfig, positionAccount) {
   const marketConfig = poolConfig.getMarketConfigByPk(positionAccount.market);
-  const targetToken = poolConfig.getTokenFromMintPk(marketConfig.targetMint);
-  const collateralToken = poolConfig.getTokenFromMintPk(marketConfig.collateralMint);
+  const targetSymbol = marketConfig ? safeTokenSymbol(poolConfig, marketConfig.targetMint) : null;
+  const collateralSymbol = marketConfig
+    ? safeTokenSymbol(poolConfig, marketConfig.collateralMint)
+    : null;
   return {
     pool_name: poolConfig.poolName,
-    symbol: targetToken.symbol,
-    market_symbol: targetToken.symbol,
-    collateral_symbol: collateralToken.symbol,
-    side: variantToSide(marketConfig.side),
+    symbol: targetSymbol,
+    market_symbol: targetSymbol,
+    collateral_symbol: collateralSymbol,
+    side: variantToSide(marketConfig?.side),
     is_active: Boolean(positionAccount.isActive),
     position_address: positionAccount.pubkey.toBase58(),
     market_address: positionAccount.market.toBase58(),