@agentlayer.tech/wallet 0.1.23 → 0.1.25

package/README.md

@@ -249,15 +249,19 @@ Lido:
 
 Across these service-backed flows, read operations remain directly callable, while write operations stay behind preview, explicit intent, and host-issued approval tokens before execution.
 
-If you want the installer to finish the OpenClaw plugin wiring in the same pass, provide the runtime secrets first:
-
-Solana:
+For the default Solana flow, run the installer directly:
 
 ```bash
-export AGENT_WALLET_BOOT_KEY="$(openssl rand -base64 32)"
-export AGENT_WALLET_MASTER_KEY="$(openssl rand -base64 32)"
-export AGENT_WALLET_APPROVAL_SECRET="$(openssl rand -base64 32)"
+npx @agentlayer.tech/wallet install --yes
 ```
+
+That installs the runtime, patches the OpenClaw plugin config, generates local
+runtime secrets when missing, and creates the first encrypted per-user Solana
+mainnet wallet. The agent receives the public address and guarded wallet tools,
+not the private key.
+
+BTC and EVM are separate host-side setup flows.
+
 Bitcoin:
 
 ```bash
@@ -272,7 +276,17 @@ sh agent-wallet/scripts/setup_evm_wallet.sh
 
 That host-side bootstrap can auto-start the local `wdk-evm-wallet` service, create or unlock the vault wallet, bind both `base` and `ethereum` for the same local user, and patch OpenClaw config to `backend=wdk_evm_local`.
 
-That generates three fresh local secrets in the current shell session. If you prefer Python instead of `openssl`:
+Advanced operators can still supply their own runtime provisioning secrets
+instead of using `--yes` auto-generation:
+
+```bash
+export AGENT_WALLET_BOOT_KEY="$(openssl rand -base64 32)"
+export AGENT_WALLET_MASTER_KEY="$(openssl rand -base64 32)"
+export AGENT_WALLET_APPROVAL_SECRET="$(openssl rand -base64 32)"
+npx @agentlayer.tech/wallet install --no-auto-secrets
+```
+
+If you prefer Python instead of `openssl`:
 
 ```bash
 python3 -c "import secrets; print(secrets.token_urlsafe(32))"
@@ -284,7 +298,10 @@ Run it three times and assign the outputs to:
 - `AGENT_WALLET_MASTER_KEY`
 - `AGENT_WALLET_APPROVAL_SECRET`
 
-Without those secrets, the installer still lays down the runtime and installs dependencies, but stops before the final hardened OpenClaw config step and prints the exact `next_configure_command` to run later.
+These variables are provisioning inputs only. Runtime secrets are sealed into
+`~/.openclaw/sealed_keys.json`; normal runtime execution should use
+`AGENT_WALLET_BOOT_KEY` or `AGENT_WALLET_BOOT_KEY_FILE`, not direct
+`AGENT_WALLET_MASTER_KEY` / `AGENT_WALLET_APPROVAL_SECRET` env loading.
 
 ## Connect the MCP server
 

package/agent-wallet/README.md

@@ -129,8 +129,9 @@ Policy defaults:
 - read-only tools are always allowed
 - `prepare` requires `user_intent=true`
 - `prepare` does not return signed transaction bytes
-- `execute` requires a host-issued `approval_token` bound to the exact previewed operation
-- on mainnet networks, that `approval_token` must include explicit mainnet confirmation
+- backend `execute` requires an internal authorization token bound to the exact previewed operation
+- in OpenClaw, the extension handles that internal authorization automatically after the user explicitly confirms the shown summary in chat; do not ask OpenClaw users for `/approve`, buttons, popups, or a manual token
+- on mainnet networks, that internal authorization must include explicit mainnet confirmation
 - on mainnet networks, preview and prepare responses include a `confirmation_summary` and `mainnet_warning` to force a clearer final confirmation step
 
 ## Install

package/agent-wallet/agent_wallet/openclaw_adapter.py

@@ -4428,19 +4428,6 @@ class OpenClawWalletAdapter:
                         raise WalletBackendError(
                             "approved preview payload does not match the approval token. Generate a new preview and approval before execute."
                         )
-                    preview_summary = self._build_confirmation_summary(
-                        action_label="Flash Trade open position",
-                        payload=approved_preview,
-                    )
-                    summary_without_digest = {
-                        key: value
-                        for key, value in approval_summary_copy.items()
-                        if key != "_preview_digest"
-                    }
-                    if preview_summary != summary_without_digest:
-                        raise WalletBackendError(
-                            "approved preview payload does not match the approval token. Generate a new preview and approval before execute."
-                        )
                     execute_preview = dict(approved_preview)
                 else:
                     execute_preview = await active_backend.preview_flash_trade_open_position(
@@ -4567,19 +4554,6 @@ class OpenClawWalletAdapter:
                         raise WalletBackendError(
                             "approved preview payload does not match the approval token. Generate a new preview and approval before execute."
                         )
-                    preview_summary = self._build_confirmation_summary(
-                        action_label="Flash Trade close position",
-                        payload=approved_preview,
-                    )
-                    summary_without_digest = {
-                        key: value
-                        for key, value in approval_summary_copy.items()
-                        if key != "_preview_digest"
-                    }
-                    if preview_summary != summary_without_digest:
-                        raise WalletBackendError(
-                            "approved preview payload does not match the approval token. Generate a new preview and approval before execute."
-                        )
                     execute_preview = dict(approved_preview)
                 else:
                     execute_preview = await active_backend.preview_flash_trade_close_position(
@@ -5376,19 +5350,6 @@ class OpenClawWalletAdapter:
                         raise WalletBackendError(
                             "approved preview payload does not match the approval token. Generate a new preview and approval before execute."
                         )
-                    preview_summary = self._build_confirmation_summary(
-                        action_label="Swap",
-                        payload=approved_preview,
-                    )
-                    summary_without_digest = {
-                        key: value
-                        for key, value in approval_summary_copy.items()
-                        if key != "_preview_digest"
-                    }
-                    if preview_summary != summary_without_digest:
-                        raise WalletBackendError(
-                            "approved preview payload does not match the approval token. Generate a new preview and approval before execute."
-                        )
                     execute_preview = dict(approved_preview)
                 else:
                     execute_preview = await self.backend.preview_swap(
@@ -5525,19 +5486,6 @@ class OpenClawWalletAdapter:
                         raise WalletBackendError(
                             "approved preview payload does not match the approval token. Generate a new preview and approval before execute."
                         )
-                    preview_summary = self._build_confirmation_summary(
-                        action_label="Solana private swap",
-                        payload=approved_preview,
-                    )
-                    summary_without_digest = {
-                        key: value
-                        for key, value in approval_summary_copy.items()
-                        if key != "_preview_digest"
-                    }
-                    if preview_summary != summary_without_digest:
-                        raise WalletBackendError(
-                            "approved preview payload does not match the approval token. Generate a new preview and approval before execute."
-                        )
                     execute_preview = dict(approved_preview)
 
                 self._require_execute_approval(
@@ -5593,20 +5541,6 @@ class OpenClawWalletAdapter:
                         raise WalletBackendError(
                             "approved preview payload does not match the approval token. Generate a new preview and approval before continue."
                         )
-                    preview_summary = self._build_confirmation_summary(
-                        action_label="Solana private swap",
-                        payload=approved_preview,
-                    )
-                    summary_without_digest = {
-                        key: value
-                        for key, value in approval_summary_copy.items()
-                        if key != "_preview_digest"
-                    }
-                    if preview_summary != summary_without_digest:
-                        raise WalletBackendError(
-                            "approved preview payload does not match the approval token. Generate a new preview and approval before continue."
-                        )
-
                 self._require_execute_approval(
                     approval_token=approval_token,
                     tool_name="swap_solana_privately",

package/agent-wallet/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "openclaw-agent-wallet"
-version = "0.1.23"
+version = "0.1.25"
 description = "Plugin-friendly wallet backend for OpenClaw agents"
 requires-python = ">=3.10"
 dependencies = [

package/agent-wallet/scripts/install_openclaw_local_config.py

@@ -16,7 +16,7 @@ from agent_wallet.file_ops import atomic_write_text, chmod_if_exists
 from agent_wallet.sealed_keys import resolve_sealed_keys_path, seal_keys, unseal_keys
 from security_utils import write_redacted_backup
 
-OPTIONAL_TOOLS = [
+LEGACY_ALLOWLIST_TOOLS = [
     "get_wallet_capabilities",
     "get_wallet_address",
     "get_wallet_balance",
@@ -57,6 +57,62 @@ X402_TOOLS = [
 ]
 
 
+def _extract_tool_allowlist_from_manifest(manifest_path: Path) -> list[str]:
+    try:
+        manifest = json.loads(manifest_path.read_text(encoding="utf-8"))
+    except (FileNotFoundError, json.JSONDecodeError):
+        return []
+
+    tools = manifest.get("contracts", {}).get("tools", [])
+    if not isinstance(tools, list):
+        return []
+
+    allowlist: list[str] = []
+    for item in tools:
+        tool_name = str(item).strip()
+        if tool_name and tool_name not in allowlist:
+            allowlist.append(tool_name)
+    return allowlist
+
+
+def _load_extension_tool_allowlist(extension_path: Path) -> list[str]:
+    manifest_candidates = [
+        extension_path / "openclaw.plugin.json",
+        _repo_root() / ".openclaw" / "extensions" / "agent-wallet" / "openclaw.plugin.json",
+    ]
+    for manifest_path in manifest_candidates:
+        allowlist = _extract_tool_allowlist_from_manifest(manifest_path)
+        if allowlist:
+            return allowlist
+    return LEGACY_ALLOWLIST_TOOLS + X402_TOOLS
+
+
+def _is_agent_wallet_extension_path(value: object) -> bool:
+    return "extensions/agent-wallet" in str(value).replace("\\", "/")
+
+
+def _normalize_load_paths(paths: list[object], extension_path_text: str) -> list[str]:
+    normalized: list[str] = []
+    seen: set[str] = set()
+
+    for item in paths:
+        item_text = str(item).strip()
+        if not item_text:
+            continue
+        if "extensions/pay-bridge" in item_text:
+            continue
+        if _is_agent_wallet_extension_path(item_text) and item_text != extension_path_text:
+            continue
+        if item_text in seen:
+            continue
+        normalized.append(item_text)
+        seen.add(item_text)
+
+    if extension_path_text not in seen:
+        normalized.append(extension_path_text)
+    return normalized
+
+
 def _default_config_path() -> Path:
     return Path(os.path.expanduser("~/.openclaw/openclaw.json"))
 
@@ -239,9 +295,7 @@ def main() -> None:
     load = plugins.setdefault("load", {})
     paths = load.setdefault("paths", [])
     extension_path_text = str(Path(args.extension_path).expanduser().resolve())
-    if extension_path_text not in paths:
-        paths.append(extension_path_text)
-    paths[:] = [item for item in paths if "extensions/pay-bridge" not in str(item)]
+    paths[:] = _normalize_load_paths(list(paths), extension_path_text)
 
     entries = plugins.setdefault("entries", {})
     effective_network = _normalize_network(args.backend, args.network)
@@ -306,7 +360,7 @@ def main() -> None:
         "pay_api_request",
     }
     also_allow[:] = [tool_name for tool_name in also_allow if tool_name not in removed_pay_tools]
-    for tool_name in OPTIONAL_TOOLS + X402_TOOLS:
+    for tool_name in _load_extension_tool_allowlist(Path(extension_path_text)):
         if tool_name not in also_allow:
             also_allow.append(tool_name)
 

package/agent-wallet/skills/wallet-operator/SKILL.md

@@ -5,16 +5,16 @@ description: Use when operating OpenClaw wallet tools: balances, transfers, swap
 
 # Wallet Operator
 
-Use this skill before calling OpenClaw wallet tools. It is the routing guide for wallet commands, providers, units, and approval flow.
+Use this skill before calling OpenClaw wallet tools. It is the routing guide for wallet commands, providers, units, and confirmation flow.
 
 ## Core Rules
 
 1. Start with `get_wallet_capabilities` when the active chain, signing support, or available tools are unclear.
 2. Use `get_wallet_address` before asking for deposits or confirming a recipient/source wallet.
 3. Use `get_wallet_balance` before spending, swapping, bridging, staking, lending, or claiming.
-4. Use `preview` first for every write action. Use `prepare` only after explicit user intent. Use `execute` only with a host-issued `approval_token`.
+4. Use `preview` first for every write action. Use `prepare` only after explicit user intent. In OpenClaw, use `execute` only after the user explicitly confirms the shown summary in chat; do not ask the user for `/approve`, buttons, popups, or a manual token.
 5. `prepare` returns an execution plan only; it must not return signed transaction bytes.
-6. On mainnet, `execute` requires approval that includes explicit mainnet confirmation.
+6. On mainnet, restate the network and material terms before `execute`; the OpenClaw plugin handles the internal execution authorization after chat confirmation.
 7. If backend is `sign_only`, do not execute; use `prepare` and state that nothing was broadcast.
 8. Never claim a transfer, swap, bridge, stake, claim, deposit, borrow, repay, or withdrawal happened unless the tool result says it was broadcast/confirmed.
 9. Do not use Mayan. Direct Mayan paths were removed. Cross-chain swaps must go through LI.FI with Mayan denied.
@@ -63,7 +63,7 @@ Use this skill before calling OpenClaw wallet tools. It is the routing guide for
 ## Transfer Commands
 
 - SOL transfer: `transfer_sol`
-  - Params: `recipient`, `amount` in SOL UI units, `mode`, `purpose`, optional `user_intent`, `approval_token`.
+  - Params: `recipient`, `amount` in SOL UI units, `mode`, `purpose`, optional `user_intent`.
 - SPL transfer: `transfer_spl_token`
   - Params: `recipient`, `mint`, `amount` in UI units, optional `decimals`, `mode`, `purpose`.
 - EVM native transfer: `transfer_evm_native`
@@ -118,7 +118,7 @@ Use this skill before calling OpenClaw wallet tools. It is the routing guide for
 1. Call the write tool with `mode=preview` and a concrete `purpose`.
 2. Show the user the important fields: chain, token, amount, destination, provider, estimated output/minimum output, fees, and route/tool when present.
 3. For `prepare`, call same tool with `mode=prepare`, same params, `user_intent=true`.
-4. For `execute`, use the same semantic params and pass the `approval_token`. Do not mutate amount, token, destination, network, slippage, or minimum output between preview and execute.
+4. For `execute`, use the same semantic params after the user's chat confirmation. Do not mutate amount, token, destination, network, slippage, or minimum output between preview and execute; do not ask the user for a token or out-of-chat approval action.
 5. For cross-chain swaps, after execute, offer `get_lifi_transfer_status` using the source tx hash and bridge/tool if returned.
 
 ## Disabled Or Avoided Paths

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentlayer.tech/wallet",
-  "version": "0.1.23",
+  "version": "0.1.25",
   "description": "NPM installer for the OpenClaw Agent Wallet local runtime.",
   "type": "module",
   "repository": {
@@ -11,7 +11,9 @@
     "url": "https://github.com/lopushok9/Agent-Layer/issues"
   },
   "homepage": "https://github.com/lopushok9/Agent-Layer#readme",
-  "bin": "./bin/openclaw-agent-wallet.mjs",
+  "bin": {
+    "wallet": "./bin/openclaw-agent-wallet.mjs"
+  },
   "scripts": {
     "check": "node --check bin/openclaw-agent-wallet.mjs",
     "build:openclaw-plugins": "node scripts/manage_openclaw_plugin_packages.mjs build",
@@ -72,4 +74,4 @@
     "evm"
   ],
   "license": "SEE LICENSE IN LICENSE"
-}
+}