@agentlayer.tech/wallet 0.1.28 → 0.1.32

package/CHANGELOG.md

@@ -2,6 +2,79 @@
 
 ## Unreleased
 
+## v0.1.32 - 2026-06-01
+
+- Fixed a `SyntaxError` in `codex/plugins/agent-wallet/server.py` introduced by
+  the Houdini private-swap removal in v0.1.31: the deletion left the orphaned
+  `_cache_pending_private_swap_order` signature fused onto the body of
+  `_normalize_wallet_backend`, leaving an unclosed parenthesis. The Codex and
+  Claude Code plugins share this `server.py`, so the broken file prevented the
+  agent-wallet MCP server from starting in both runtimes (JSON-RPC `-32000` /
+  "failed to reconnect"). Restored the `_normalize_wallet_backend` definition;
+  the server now starts and completes the MCP `initialize` handshake.
+- Fixed Claude Code agent-wallet MCP failing to start (`-32000` / "failed to
+  reconnect"). When Claude Code copies the plugin into its plugin cache, the
+  launcher's relative `../../codex/...` and local `server.py` paths no longer
+  resolve, so it reported "server.py not found". `run_mcp.sh` now falls back to
+  the codex `server.py` inside the installed runtime package
+  (`~/.openclaw/agent-wallet-runtime/current/codex/plugins/agent-wallet`), which
+  is always present after install. Codex was unaffected (its launcher is
+  self-contained).
+
+## v0.1.31 - 2026-05-31
+
+- Hardened the WDK EVM/BTC local vaults with a decrypt-on-demand key model: the
+  decrypted seed is no longer held in process memory between requests. Each
+  signing request decrypts the seed just-in-time from the sealed password and
+  zeroizes the key/plaintext buffers afterward; `unlock`/`lock` are now
+  deprecated no-ops. The at-rest format is unchanged, so existing wallets keep
+  working without migration.
+- EVM wallets are now provisioned automatically at install, alongside Solana.
+  Every install creates both wallets; `--backend` only selects the active one.
+  EVM provisioning auto-generates and seals the vault password and binds both
+  base and ethereum. It is best-effort: an install-time failure does not abort
+  the install, and the wallet is created lazily on first EVM use instead.
+- Fixed the local config installer to validate EVM networks with the EVM
+  normalizer (previously an EVM backend was rejected as a Solana network).
+
+## v0.1.30 - 2026-05-30
+
+- Added a Claude Code plugin bridge under `claude-code/plugins/agent-wallet` so
+  the existing local wallet runtime can be used directly inside Claude Code
+  without creating a new wallet.
+- The Claude Code bridge connects to the current `~/.openclaw` runtime and
+  reuses the same Solana, Bitcoin, and EVM wallet surface already used by
+  OpenClaw, Hermes, and Codex.
+- Added `wallet claude-code install --yes`, which symlinks the bundled Claude
+  Code plugin into `~/.claude/plugins/agent-wallet` and attempts to register it
+  via the Claude Code CLI.
+- Fixed the `smoke_install_from_github` test, which was failing because
+  `setup.sh` checks for the Codex plugin manifest but the test bundle never
+  created that path.
+- Added the Claude Code plugin manifest check to `setup.sh` so bundle integrity
+  is validated for both the Codex and Claude Code plugin surfaces.
+
+## v0.1.29 - 2026-05-29
+
+- Added a new `Codex` plugin bridge under `codex/plugins/agent-wallet` so the
+  existing local wallet runtime can be used directly inside Codex without
+  creating a second wallet.
+- Kept the Codex bridge non-custodial and additive: it reuses the current
+  `agent-wallet` runtime, existing wallets, and the current tool surface
+  instead of replacing OpenClaw or Hermes.
+- Added `wallet codex install --yes`, which links the bundled Codex plugin into
+  the standard local plugin marketplace path and can ask Codex to install the
+  plugin from that local marketplace.
+- Added `get_kamino_open_positions`, which aggregates the wallet's Kamino
+  positions across markets with loan details, reserve APYs, and rewards.
+- Removed Solana devnet/testnet support from the wallet runtime, host bridges,
+  and local helper scripts so the supported Solana surface is now mainnet-only.
+- Removed EVM testnet support from the wallet runtime and host bridges so the
+  supported EVM surface is now `ethereum` and `base` mainnet only.
+- Removed Bitcoin `testnet` and `regtest` support from the wallet runtime,
+  host bridges, and local helper scripts so the supported BTC surface is now
+  `bitcoin` mainnet only.
+
 ## v0.1.28 - 2026-05-28
 
 - Simplified `x402_pay_request` into a single-shot paid execution flow while

package/README.md

@@ -16,6 +16,7 @@ For Hermes:
 npx @agentlayer.tech/wallet install --yes && npx @agentlayer.tech/wallet hermes install --yes
 ```
 
+
 AgentLayer is a beta local-first wallet and finance stack for agents.
 
 The repository includes:
@@ -23,6 +24,7 @@ The repository includes:
 - `agent-wallet/` - the main wallet backend for AgentLayer
 - `.openclaw/` - the local AgentLayer bridge layer for the OpenClaw wallet integration
 - `hermes/` - optional Hermes Agent plugin bridge for the same wallet backend
+- `codex/` - optional Codex plugin bridge for the same wallet backend
 - `wdk-btc-wallet/` - the local Bitcoin wallet service
 - `wdk-evm-wallet/` - the local EVM wallet service
 - `provider-gateway/` - shared provider access for Solana RPC, Bags, and related finance reads
@@ -84,6 +86,7 @@ Useful npm CLI commands:
 wallet status
 wallet doctor
 wallet hermes install --yes
+wallet codex install --yes
 wallet update --yes
 wallet update --yes --dry-run
 wallet rollback
@@ -200,6 +203,7 @@ Kamino integration gives the wallet a structured Solana lending surface:
 - `get_kamino_lend_market_reserves` - inspect reserve metrics for one Kamino market.
 - `get_kamino_lend_user_obligations` - inspect the wallet's obligations inside a Kamino market.
 - `get_kamino_lend_user_rewards` - fetch the wallet's Kamino rewards summary.
+- `get_kamino_open_positions` - aggregate all open Kamino positions across markets with loan details, reserve APYs, and rewards.
 - `kamino_lend_deposit` - preview, prepare, or execute a lending deposit.
 - `kamino_lend_withdraw` - preview, prepare, or execute a lending withdrawal.
 - `kamino_lend_borrow` - preview, prepare, or execute a borrow.

package/agent-wallet/.env.example

@@ -44,7 +44,6 @@ JUPITER_API_BASE_URL=https://lite-api.jup.ag/swap/v1
 JUPITER_ULTRA_API_BASE_URL=https://lite-api.jup.ag/ultra/v1
 JUPITER_PRICE_API_BASE_URL=https://lite-api.jup.ag/price/v3
 JUPITER_PORTFOLIO_API_BASE_URL=https://api.jup.ag/portfolio/v1
-JUPITER_LEND_API_BASE_URL=https://api.jup.ag/lend/v1
 JUPITER_API_KEY=
 
 # LI.FI cross-chain routing. API key is optional for basic read-only quote/status calls.
@@ -54,17 +53,6 @@ LIFI_API_KEY=
 LIFI_INTEGRATOR=openclaw
 LIFI_DEFAULT_DENY_BRIDGES=mayan
 
-# Houdini Partner API for private Solana payouts.
-# HOUDINI_USER_IP is required because Houdini rejects requests without compliance headers.
-# If PROVIDER_GATEWAY_URL points at a gateway with Houdini enabled,
-# the wallet runtime can omit these partner secrets and route through the gateway instead.
-HOUDINI_API_BASE_URL=https://api-partner.houdiniswap.com/v2
-HOUDINI_API_KEY=
-HOUDINI_API_SECRET=
-HOUDINI_USER_IP=
-HOUDINI_USER_AGENT=AgentLayer/0.1.12
-HOUDINI_USER_TIMEZONE=UTC
-
 # Flash Trade perps
 FLASH_API_BASE_URL=
 FLASH_SDK_BRIDGE_COMMAND=

package/agent-wallet/README.md

@@ -26,7 +26,7 @@ It provides:
 - runtime instructions for safe wallet usage
 - a single `invoke()` method for safe dispatch
 - OpenClaw-style plugin manifest and skill bundle
-- explicit network-aware results so the host and agent can see `devnet` vs `mainnet`
+- explicit network-aware results so the host and agent can see the active chain network
 
 ## Hermes integration
 
@@ -89,17 +89,11 @@ Current safe tools:
 - `stake_sol_native`
 - `transfer_spl_token`
 - `swap_solana_tokens` - Solana Jupiter swaps; prefer `intent_preview` -> chat confirmation -> `intent_execute` so execution refreshes the quote inside approved limits.
-- `swap_solana_privately` - Houdini-backed private Solana payout flow for same-token `SOL->SOL` or `USDC->USDC` transfers to a destination wallet.
-- `get_solana_private_swap_status`
-- `get_jupiter_earn_tokens`
-- `get_jupiter_earn_positions`
-- `get_jupiter_earn_earnings`
 - `get_kamino_lend_markets`
 - `get_kamino_lend_market_reserves`
 - `get_kamino_lend_user_obligations`
 - `get_kamino_lend_user_rewards`
-- `jupiter_earn_deposit`
-- `jupiter_earn_withdraw`
+- `get_kamino_open_positions`
 - `kamino_lend_deposit`
 - `kamino_lend_withdraw`
 - `kamino_lend_borrow`
@@ -107,7 +101,6 @@ Current safe tools:
 - `close_empty_token_accounts`
 - `deactivate_solana_stake`
 - `withdraw_solana_stake`
-- `request_devnet_airdrop`
 - `x402_search_services`
 - `x402_get_service_details`
 - `x402_preview_request`
@@ -122,8 +115,6 @@ Temporarily disabled but kept in the codebase for later re-enable:
 The signing tool still requires explicit `user_confirmed=true`.
 Transfer, native staking, swap, and Aave position-management tools support `preview`, `prepare`, and `execute` modes. The safe operational path is still preview-first. `prepare` now returns an execution plan only and never exposes signed transaction bytes to the agent. `execute` works only when the backend has a signer and `sign_only=false`.
 
-Exception: `swap_solana_privately` is intentionally optimized for `preview -> execute`. Hosts should not insert a separate `prepare` step for Houdini private payouts because it adds no execution value and only burns additional provider quota.
-
 Policy defaults:
 
 - read-only tools are always allowed
@@ -190,42 +181,16 @@ For production `mainnet`, prefer a dedicated RPC instead of the public Solana en
 
 - `SOLANA_RPC_URL` for one primary endpoint
 - `SOLANA_RPC_URLS` as a comma-separated ordered failover list
-- or just `ALCHEMY_API_KEY` / `HELIUS_API_KEY`, which auto-derive a primary Solana RPC for `mainnet` or `devnet`
+- or just `ALCHEMY_API_KEY` / `HELIUS_API_KEY`, which auto-derive a primary Solana RPC for `mainnet`
 
 Production recommendation: treat RPC as deployment-owned config, not wallet logic. Runtime env wins over `openclaw.json` plugin config, so keep `Alchemy/Helius/QuickNode` endpoints in deployment secrets or service env and use plugin `rpcUrl` / `rpcUrls` only as local fallback.
 
-For Houdini-backed private Solana payouts, also provide:
-
-- `HOUDINI_API_KEY`
-- `HOUDINI_API_SECRET`
-- `HOUDINI_USER_IP`
-- optional `HOUDINI_USER_AGENT`
-- optional `HOUDINI_USER_TIMEZONE`
-
-The current MVP intentionally keeps the scope narrow:
-
-- supported private routes are same-token Solana payouts only
-- `SOL -> SOL`
-- `USDC -> USDC`
-- execution binds to the approved Houdini `quoteId`, creates a single private exchange, and sends the exact Solana deposit locally from the wallet
-
-This is a private payout flow expressed in Houdini's swap terminology. Cross-token private swaps can be added later without changing the OpenClaw/Hermes approval model.
-
-For production, the cleaner setup is to place Houdini partner secrets on `provider-gateway` and let `agent-wallet` consume the narrow gateway endpoints through `PROVIDER_GATEWAY_URL` and optional `PROVIDER_GATEWAY_BEARER_TOKEN`. In that mode:
-
-- the gateway owns `HOUDINI_API_KEY` / `HOUDINI_API_SECRET`
-- the gateway derives the authoritative user IP from ingress
-- `agent-wallet` still performs preview/prepare/execute, local transaction verification, signing, and broadcast
-- direct Houdini env vars can be omitted from the wallet runtime
-
 For OpenClaw onboarding, `agent-wallet` now ships with a hosted default provider gateway:
 
 - `https://agent-layer-production.up.railway.app`
 
 So users do not need to enter `PROVIDER_GATEWAY_URL` manually for the default Bags launch/fees flows or shared mainnet RPC path. You only need to set `PROVIDER_GATEWAY_URL` yourself if you want to override that hosted default with your own deployment.
 
-That same provider gateway path can now also cover Jupiter Earn reads and transaction-building. Ordinary Jupiter swap routing remains direct.
-
 For a self-hosted install where each operator brings their own RPC key, a minimal Solana setup can be just:
 
 ```bash
@@ -277,9 +242,7 @@ export AGENT_WALLET_BOOT_KEY='paste-generated-secret-here'
 In that mode, `agent-wallet` will auto-resolve:
 
 - `mainnet` -> `https://solana-mainnet.g.alchemy.com/v2/<ALCHEMY_API_KEY>`
-- `devnet` -> `https://solana-devnet.g.alchemy.com/v2/<ALCHEMY_API_KEY>`
 - `mainnet` -> `https://mainnet.helius-rpc.com/?api-key=<HELIUS_API_KEY>`
-- `devnet` -> `https://devnet.helius-rpc.com/?api-key=<HELIUS_API_KEY>`
 
 and still append the official Solana endpoint as fallback.
 
@@ -317,7 +280,7 @@ printf '%s\n' 'your-local-btc-password' | \
 python -m agent_wallet.openclaw_cli btc-wallet-create \
   --user-id alice@example.com \
   --password-stdin \
-  --config-json '{"backend":"wdk_btc_local","network":"testnet","wdkBtcServiceUrl":"http://127.0.0.1:8080"}'
+  --config-json '{"backend":"wdk_btc_local","network":"bitcoin","wdkBtcServiceUrl":"http://127.0.0.1:8080"}'
 ```
 
 If you want a friendlier host-shell flow, use:
@@ -325,7 +288,7 @@ If you want a friendlier host-shell flow, use:
 ```bash
 python scripts/manage_openclaw_btc_wallet.py setup \
   --user-id alice@example.com \
-  --network testnet \
+  --network bitcoin \
   --service-url http://127.0.0.1:8080
 ```
 
@@ -340,11 +303,11 @@ If you want a true one-command OpenClaw bootstrap, use:
 ```bash
 python agent-wallet/scripts/bootstrap_openclaw_btc.py \
   --user-id alice@example.com \
-  --network testnet \
+  --network bitcoin \
   --service-url http://127.0.0.1:8080
 ```
 
-For BTC mainnet, use the same bootstrap with `--network mainnet`. The script normalizes that to `bitcoin` in plugin config automatically.
+You can also pass `--network mainnet`; the bootstrap normalizes that alias to `bitcoin`.
 
 For the simplest host-side UX, use the shell wrapper instead:
 
@@ -356,7 +319,7 @@ That is the intended "agent/host installs, user only enters password" entrypoint
 
 - the script wraps the full BTC bootstrap
 - it auto-starts the local `wdk-btc-wallet` service for localhost URLs if needed
-- it asks for `user-id` and shows a small `mainnet / testnet / regtest` menu if you did not pass them as args or env
+- it asks for `user-id` and defaults BTC network to `mainnet` if you did not pass it explicitly
 - it prompts for the BTC wallet password interactively unless you explicitly pass `--password-stdin`
 - it prefers `/tmp/agent-wallet-venv/bin/python`, then `agent-wallet/.venv/bin/python`, and only then falls back to system `python3`
 - it creates or unlocks the BTC wallet binding and patches local OpenClaw config in one pass
@@ -407,7 +370,7 @@ For the local EVM backend (`backend=wdk_evm_local`), the lifecycle mirrors the B
 - `agent-wallet` talks to it through a local bearer token loaded from `~/.openclaw/wdk-evm-wallet/local-auth-token`
 - `agent-wallet` stores only a per-user EVM wallet binding under `~/.openclaw/users/<normalized-user-id>/wallets/evm-<network>-agent.json`
 - the runtime can auto-create missing EVM bindings or auto-unlock the local vault during ordinary OpenClaw switching/tool calls when `sealed_keys.json` contains `wdk_evm_wallet_password`
-- supported EVM networks are `ethereum`, `sepolia`, `base`, and `base-sepolia`
+- supported EVM networks are `ethereum` and `base`
 - OpenClaw-facing EVM tools accept an optional per-call `network` override for `ethereum` or `base`, so the agent can switch between the two mainnet EVM paths without editing host config
 - EVM `get_wallet_balance` now returns an enriched portfolio-style payload with native balance, discovered ERC-20 balances, and USD values when token discovery and pricing are available
 - if a requested EVM network binding is missing, `agent-wallet` auto-binds it from the same local wallet when there is exactly one reusable EVM wallet for that user or when `wdkEvmWalletId` is provided explicitly
@@ -430,7 +393,7 @@ That wrapper:
 - defaults to `http://127.0.0.1:8081`
 - can auto-start `wdk-evm-wallet/run-local.sh` if the local service is not already healthy
 - creates or unlocks the local EVM wallet binding
-- also binds the paired EVM network by default: `ethereum <-> base`, `sepolia <-> base-sepolia`
+- also binds the paired EVM network by default: `ethereum <-> base`
 - stores the entered EVM vault password into `sealed_keys.json` when `AGENT_WALLET_BOOT_KEY` is available, so later OpenClaw wallet switching can auto-raise the EVM backend without another password prompt
 - patches OpenClaw config to `backend=wdk_evm_local`
 
@@ -441,7 +404,7 @@ printf '%s\n' 'your-local-evm-password' | \
 python -m agent_wallet.openclaw_cli evm-wallet-create \
   --user-id alice@example.com \
   --password-stdin \
-  --config-json '{"backend":"wdk_evm_local","network":"sepolia","wdkEvmServiceUrl":"http://127.0.0.1:8081"}'
+  --config-json '{"backend":"wdk_evm_local","network":"ethereum","wdkEvmServiceUrl":"http://127.0.0.1:8081"}'
 ```
 
 After that, `onboard` and `invoke` can use the bound EVM wallet by `user_id` without manually passing `wdkEvmWalletId` every time.
@@ -500,14 +463,13 @@ This keeps wallet creation and custody in the host/runtime layer while the agent
 
 The wallet backend is already network-scoped:
 
-- `devnet` and `mainnet` use different wallet files
-- per-user wallets are stored as `solana-<network>-agent.json`
-- switching networks does not mix balances or stake accounts across clusters
+- Solana stays on `mainnet`
+- per-user Solana wallets continue to use `solana-mainnet-agent.json`
+- switching BTC or EVM networks does not mix balances across chains
 
 For a local OpenClaw install, use:
 
 ```bash
-python agent-wallet/scripts/switch_openclaw_wallet_network.py --network devnet
 python agent-wallet/scripts/switch_openclaw_wallet_network.py --network mainnet
 ```
 
@@ -570,7 +532,7 @@ Operational notes:
 
 - this path uses Solana RPC and the Stake Program directly, without third-party DeFi APIs
 - stake creation allocates a new stake account controlled by the connected wallet as staker and withdrawer
-- preview and prepare were live-checked on devnet against a real wallet context
+- preview and prepare were live-checked against a real wallet context
 
 ## Official OpenClaw plugin
 
@@ -612,13 +574,13 @@ Public-safe helper scripts are available in `agent-wallet/scripts/`:
 Both scripts now use generic defaults instead of hardcoded local usernames or paths. Sensitive secrets must be supplied via protected environment variables, not config JSON or CLI arguments.
 When `~/.openclaw/agent-wallet-runtime/current` exists, the config installer now prefers that trusted runtime path over a workspace checkout for the plugin manifest, package root, and Python bridge launcher.
 
-Recommended devnet setup:
+Recommended Solana mainnet setup:
 
 ```bash
 AGENT_WALLET_BACKEND=solana_local
 AGENT_WALLET_BOOT_KEY=change-this-in-production
-SOLANA_NETWORK=devnet
-SOLANA_RPC_URLS=https://api.devnet.solana.com
+SOLANA_NETWORK=mainnet
+SOLANA_RPC_URLS=https://api.mainnet-beta.solana.com
 SOLANA_AUTO_CREATE_WALLET=true
 AGENT_WALLET_SIGN_ONLY=false
 ```
@@ -641,4 +603,3 @@ The package now supports:
 - Jupiter-based swap preview and execution on mainnet
 - compact swap `fee_summary` in preview/prepare/execute, including known network fees and route fee bps when Jupiter provides them
 - zero-balance token account cleanup
-- devnet/testnet faucet airdrop

package/agent-wallet/agent_wallet/bootstrap.py

@@ -5,7 +5,7 @@ from __future__ import annotations
 import json
 from pathlib import Path
 
-from agent_wallet.config import refuse_mainnet_wallet_recreation
+from agent_wallet.config import normalize_solana_network, refuse_mainnet_wallet_recreation
 from agent_wallet.file_ops import atomic_write_text
 from agent_wallet.wallet_layer.base import WalletBackendError
 from agent_wallet.wallet_layer.base58 import b58encode
@@ -79,11 +79,12 @@ def load_wallet_pin(path: Path) -> dict[str, str] | None:
 
 def write_wallet_pin(path: Path, *, address: str, network: str) -> dict[str, str]:
     """Persist the expected wallet address for later mismatch checks."""
+    normalized_network = normalize_solana_network(network)
     payload = {
         "kind": WALLET_ADDRESS_PIN_KIND,
         "version": WALLET_ADDRESS_PIN_VERSION,
         "address": address,
-        "network": network.strip().lower(),
+        "network": normalized_network,
         "wallet_file": path.name,
     }
     pin_path = resolve_wallet_pin_path(path)
@@ -97,7 +98,7 @@ def write_wallet_pin(path: Path, *, address: str, network: str) -> dict[str, str
 
 def ensure_wallet_pin(path: Path, *, address: str, network: str) -> dict[str, str]:
     """Ensure the wallet pin exists and matches the expected address."""
-    expected_network = network.strip().lower()
+    expected_network = normalize_solana_network(network)
     existing = load_wallet_pin(path)
     if existing is None:
         return write_wallet_pin(path, address=address, network=expected_network)
@@ -114,7 +115,7 @@ def ensure_wallet_pin(path: Path, *, address: str, network: str) -> dict[str, st
 
 def refuse_recreation_if_pinned(path: Path, *, network: str) -> None:
     """Refuse to recreate a wallet when a mainnet address is already pinned."""
-    expected_network = network.strip().lower()
+    expected_network = normalize_solana_network(network)
     if expected_network != "mainnet" or not refuse_mainnet_wallet_recreation():
         return
     existing = load_wallet_pin(path)
@@ -128,7 +129,11 @@ def refuse_recreation_if_pinned(path: Path, *, network: str) -> None:
 
 def ensure_solana_wallet_ready() -> dict[str, str] | None:
     """Ensure that a Solana wallet exists when auto-create is enabled."""
-    from agent_wallet.config import default_solana_wallet_path, resolve_solana_private_key, settings
+    from agent_wallet.config import (
+        default_solana_wallet_path,
+        resolve_solana_private_key,
+        settings,
+    )
 
     if settings.agent_wallet_backend.strip().lower() not in {"solana", "solana_local", "solana-local"}:
         return None
@@ -136,8 +141,13 @@ def ensure_solana_wallet_ready() -> dict[str, str] | None:
     if resolve_solana_private_key():
         return {"address": "", "path": ""}
 
+    normalized_network = normalize_solana_network(settings.solana_network)
     configured_path = settings.solana_agent_keypair_path.strip()
-    path = Path(configured_path).expanduser() if configured_path else default_solana_wallet_path(settings.solana_network)
+    path = (
+        Path(configured_path).expanduser()
+        if configured_path
+        else default_solana_wallet_path(normalized_network)
+    )
 
     if path.exists():
         return {"address": "", "path": str(path)}
@@ -145,9 +155,9 @@ def ensure_solana_wallet_ready() -> dict[str, str] | None:
     if not settings.solana_auto_create_wallet:
         return None
 
-    refuse_recreation_if_pinned(path, network=settings.solana_network)
+    refuse_recreation_if_pinned(path, network=normalized_network)
     created = create_solana_wallet_file(path)
-    write_wallet_pin(path, address=created["address"], network=settings.solana_network)
+    write_wallet_pin(path, address=created["address"], network=normalized_network)
     return created
 
 
@@ -155,22 +165,28 @@ def describe_bootstrap() -> dict[str, str | bool]:
     """Return the effective bootstrap configuration for installer/runtime usage."""
     from agent_wallet.config import (
         default_solana_wallet_path,
+        normalize_solana_network,
         resolve_solana_rpc_url,
         resolve_runtime_solana_rpc_urls,
         settings,
     )
 
+    normalized_network = normalize_solana_network(settings.solana_network)
     configured_path = settings.solana_agent_keypair_path.strip()
-    path = Path(configured_path).expanduser() if configured_path else default_solana_wallet_path(settings.solana_network)
+    path = (
+        Path(configured_path).expanduser()
+        if configured_path
+        else default_solana_wallet_path(normalized_network)
+    )
     rpc_urls = resolve_runtime_solana_rpc_urls(
-        settings.solana_network,
+        normalized_network,
         settings.solana_rpc_url,
         settings.solana_rpc_urls,
     )
     return {
         "backend": settings.agent_wallet_backend,
-        "network": settings.solana_network,
-        "rpc_url": rpc_urls[0] if rpc_urls else resolve_solana_rpc_url(settings.solana_network, ""),
+        "network": normalized_network,
+        "rpc_url": rpc_urls[0] if rpc_urls else resolve_solana_rpc_url(normalized_network, ""),
         "rpc_urls": rpc_urls,
         "auto_create_wallet": settings.solana_auto_create_wallet,
         "keypair_path": str(path),

package/agent-wallet/agent_wallet/btc_user_wallets.py

@@ -6,19 +6,41 @@ import json
 from pathlib import Path
 from typing import Any
 
-from agent_wallet.config import resolve_openclaw_home, settings
+from agent_wallet.config import (
+    normalize_btc_network,
+    resolve_boot_key,
+    resolve_openclaw_home,
+    settings,
+)
 from agent_wallet.providers.wdk_btc_local import WdkBtcLocalClient
 from agent_wallet.user_wallets import normalize_user_id
 from agent_wallet.wallet_layer.base import WalletBackendError
 
 
 def _normalize_btc_network(value: str | None) -> str:
-    network = str(value or "").strip().lower()
-    aliases = {"mainnet": "bitcoin"}
-    network = aliases.get(network, network)
-    if network not in {"bitcoin", "testnet", "regtest"}:
-        return "bitcoin"
-    return network
+    return normalize_btc_network(value)
+
+
+def _maybe_store_btc_wallet_password(password: str) -> bool:
+    """Seal the BTC vault password so signing can decrypt-on-demand without re-entry.
+
+    Mirrors the EVM flow: once sealed under the boot key, the local BTC client
+    injects it automatically on each signing request.
+    """
+    value = str(password or "").strip()
+    if not value:
+        return False
+    boot_key = resolve_boot_key()
+    if not boot_key:
+        return False
+    from agent_wallet.sealed_keys import resolve_sealed_keys_path, seal_keys, unseal_keys
+
+    sealed_path = resolve_sealed_keys_path()
+    existing = unseal_keys(boot_key) if sealed_path.exists() else {}
+    if existing.get("wdk_btc_wallet_password") == value:
+        return False
+    seal_keys(boot_key, {**existing, "wdk_btc_wallet_password": value})
+    return True
 
 
 def _resolve_service_url(service_url: str | None = None) -> str:
@@ -77,6 +99,7 @@ def create_user_btc_wallet(
             "walletId": created["walletId"],
             "accountIndex": effective_account_index,
             "network": effective_network,
+            "password": password,
         },
     )
     binding = {
@@ -92,6 +115,7 @@ def create_user_btc_wallet(
         "updated_at": created.get("updatedAt"),
     }
     _write_wallet_binding(resolve_user_btc_wallet_path(user_id, effective_network), binding)
+    _maybe_store_btc_wallet_password(password)
     return {
         **binding,
         "unlocked": bool(created.get("unlocked", True)),
@@ -128,6 +152,7 @@ def import_user_btc_wallet(
             "walletId": created["walletId"],
             "accountIndex": effective_account_index,
             "network": effective_network,
+            "password": password,
         },
     )
     binding = {
@@ -167,6 +192,7 @@ def unlock_user_btc_wallet(
             "timeoutSeconds": 0,
         },
     )
+    _maybe_store_btc_wallet_password(password)
     return {
         **binding,
         "unlocked": bool(payload.get("unlocked", True)),