@agentlayer.tech/wallet 0.1.30 → 0.1.33

package/codex/plugins/agent-wallet/server.py

@@ -46,27 +46,17 @@ HOST_DEFAULT_CONFIG_KEYS = {
     "jupiterUltraBaseUrl",
     "jupiterPriceBaseUrl",
     "jupiterPortfolioBaseUrl",
-    "jupiterLendBaseUrl",
     "jupiterApiKey",
-    "houdiniBaseUrl",
-    "houdiniApiKey",
-    "houdiniApiSecret",
-    "houdiniUserIp",
-    "houdiniUserAgent",
-    "houdiniUserTimezone",
     "kaminoBaseUrl",
     "kaminoProgramId",
 }
 BACKENDS = ("solana_local", "wdk_btc_local", "wdk_evm_local")
 PREVIEW_CACHE_TTL_SECONDS = 15 * 60
-PRIVATE_SWAP_CACHE_TTL_SECONDS = 35 * 60
 PREVIEW_BOUND_SWAP_TOOLS = {
     "swap_solana_tokens",
-    "swap_solana_privately",
     "flash_trade_open_position",
     "flash_trade_close_position",
 }
-PRIVATE_SWAP_APPROVAL_TOOL_NAME = "swap_solana_privately"
 APPROVAL_PREVIEW_TOOL_ALIASES = {
     "x402_pay_request": "x402_preview_request",
 }
@@ -81,7 +71,6 @@ selected_solana_network: str | None = None
 selected_evm_network: str | None = None
 selected_btc_network: str | None = None
 approval_preview_cache: dict[str, dict[str, Any]] = {}
-private_swap_order_cache: dict[str, dict[str, Any]] = {}
 
 
 class WalletCliError(RuntimeError):
@@ -245,17 +234,10 @@ def _cache_preview_for_approval(user_id: str, tool_name: str, payload: dict[str,
     _prune_approval_preview_cache()
     approval_preview_cache[_approval_cache_key(user_id, cache_tool_name)] = {
         "digest": _preview_digest(data),
-        "expires_at": time.time()
-        + (
-            PRIVATE_SWAP_CACHE_TTL_SECONDS
-            if cache_tool_name == PRIVATE_SWAP_APPROVAL_TOOL_NAME
-            else PREVIEW_CACHE_TTL_SECONDS
-        ),
+        "expires_at": time.time() + PREVIEW_CACHE_TTL_SECONDS,
         "preview": data,
         "summary": summary,
     }
-    if cache_tool_name == PRIVATE_SWAP_APPROVAL_TOOL_NAME:
-        private_swap_order_cache.pop(_approval_cache_key(user_id, cache_tool_name), None)
 
 
 def _latest_cached_preview(user_id: str, tool_name: str) -> dict[str, Any] | None:
@@ -290,66 +272,6 @@ def _cached_preview_for_token(user_id: str, tool_name: str, token: str) -> dict[
     return preview if isinstance(preview, dict) else None
 
 
-def _cache_pending_private_swap_order(
-    user_id: str,
-    tool_name: str,
-    preview: dict[str, Any],
-    details: dict[str, Any],
-) -> None:
-    if tool_name != PRIVATE_SWAP_APPROVAL_TOOL_NAME:
-        return
-    houdini_id = str(details.get("houdini_id") or "").strip()
-    deposit_address = str(details.get("deposit_address") or "").strip()
-    if not houdini_id or not deposit_address:
-        return
-    private_swap_order_cache[_approval_cache_key(user_id, tool_name)] = {
-        "digest": _preview_digest(preview),
-        "expires_at": time.time() + PRIVATE_SWAP_CACHE_TTL_SECONDS,
-        "order": {
-            "multi_id": str(details.get("multi_id") or "").strip() or None,
-            "houdini_id": houdini_id,
-            "deposit_address": deposit_address,
-            "order": details.get("order") if isinstance(details.get("order"), dict) else {},
-        },
-    }
-
-
-def _latest_pending_private_swap_order(
-    user_id: str,
-    tool_name: str,
-    preview: dict[str, Any],
-) -> dict[str, Any] | None:
-    if tool_name != PRIVATE_SWAP_APPROVAL_TOOL_NAME:
-        return None
-    cached = private_swap_order_cache.get(_approval_cache_key(user_id, tool_name))
-    if not cached:
-        return None
-    if float(cached.get("expires_at") or 0) <= time.time():
-        private_swap_order_cache.pop(_approval_cache_key(user_id, tool_name), None)
-        return None
-    if cached.get("digest") != _preview_digest(preview):
-        return None
-    order = cached.get("order")
-    return order if isinstance(order, dict) else None
-
-
-def _clear_pending_private_swap_order(user_id: str, tool_name: str) -> None:
-    if tool_name == PRIVATE_SWAP_APPROVAL_TOOL_NAME:
-        private_swap_order_cache.pop(_approval_cache_key(user_id, tool_name), None)
-
-
-def _list_pending_private_swap_orders(user_id: str) -> list[dict[str, Any]]:
-    key = _approval_cache_key(user_id, PRIVATE_SWAP_APPROVAL_TOOL_NAME)
-    pending = private_swap_order_cache.get(key)
-    if not pending or float(pending.get("expires_at") or 0) <= time.time():
-        private_swap_order_cache.pop(key, None)
-        return []
-    order = pending.get("order")
-    if not isinstance(order, dict):
-        return []
-    return [{**order, "expires_at_ms": int(float(pending["expires_at"]) * 1000)}]
-
-
 def _normalize_wallet_backend(value: Any) -> str:
     normalized = str(value or "").strip().lower()
     aliases = {
@@ -651,8 +573,6 @@ def _issue_approval_token(
     ]
     if preview_payload.get("is_mainnet") is True:
         extra_args.append("--mainnet-confirmed")
-    if tool_name == PRIVATE_SWAP_APPROVAL_TOOL_NAME:
-        extra_args.extend(["--ttl-seconds", "1800"])
     payload = _call_wallet_cli("issue-approval", extra_args)
     token = str(payload.get("approval_token") or "").strip()
     if not token:
@@ -966,9 +886,6 @@ async def _handle_set_evm_network(params: dict[str, Any]) -> dict[str, Any]:
 
 
 async def _handle_wallet_tool(tool_name: str, params: dict[str, Any]) -> dict[str, Any]:
-    if tool_name == "list_pending_solana_private_swaps":
-        return {"orders": _list_pending_private_swap_orders(_user_id())}
-
     config = _base_config(params, tool_name=tool_name)
     backend = _normalize_wallet_backend(config.get("backend"))
     if backend == "wdk_evm_local" and params.get("network") is None and selected_evm_network:
@@ -976,24 +893,7 @@ async def _handle_wallet_tool(tool_name: str, params: dict[str, Any]) -> dict[st
         config["network"] = selected_evm_network
 
     effective_params = dict(params)
-    if tool_name != "continue_solana_private_swap":
-        _attach_approval_for_execute(tool_name, config, effective_params)
-    else:
-        cached = _latest_cached_preview(_user_id(), PRIVATE_SWAP_APPROVAL_TOOL_NAME)
-        if cached and isinstance(cached.get("preview"), dict):
-            effective_params["_approved_preview"] = cached["preview"]
-            effective_params["approval_token"] = _issue_approval_token(
-                PRIVATE_SWAP_APPROVAL_TOOL_NAME,
-                config,
-                cached["preview"],
-            )
-            pending = _latest_pending_private_swap_order(
-                _user_id(), PRIVATE_SWAP_APPROVAL_TOOL_NAME, cached["preview"]
-            )
-            if pending and effective_params.get("_resume_private_swap_order") is None:
-                effective_params["_resume_private_swap_order"] = pending
-        elif not effective_params.get("approval_token"):
-            raise RuntimeError(APPROVAL_CONTEXT_MISSING_MESSAGE)
+    _attach_approval_for_execute(tool_name, config, effective_params)
 
     try:
         payload = _invoke_tool(tool_name, effective_params, config)
@@ -1001,22 +901,6 @@ async def _handle_wallet_tool(tool_name: str, params: dict[str, Any]) -> dict[st
         raise _normalize_approval_context_error(exc) from exc
 
     _cache_preview_for_approval(_user_id(), tool_name, payload)
-    if tool_name == "swap_solana_privately" and payload.get("ok") is True:
-        data = payload.get("data")
-        approved_preview = effective_params.get("_approved_preview")
-        if (
-            isinstance(data, dict)
-            and data.get("execution_state") == "awaiting_deposit_funding"
-            and isinstance(approved_preview, dict)
-        ):
-            _cache_pending_private_swap_order(_user_id(), tool_name, approved_preview, data)
-        elif isinstance(data, dict):
-            _clear_pending_private_swap_order(_user_id(), tool_name)
-    if tool_name == "continue_solana_private_swap" and payload.get("ok") is True:
-        data = payload.get("data")
-        if isinstance(data, dict) and data.get("execution_state") == "funding_submitted":
-            _clear_pending_private_swap_order(_user_id(), PRIVATE_SWAP_APPROVAL_TOOL_NAME)
-
     if payload.get("ok") is False:
         raise RuntimeError(str(payload.get("error") or f"{tool_name} failed"))
     return payload.get("data", {})

package/hermes/plugins/agent_wallet/tools.py

@@ -15,7 +15,7 @@ from typing import Any
 
 SECRET_CONFIG_KEYS = {"privateKey", "masterKey", "approvalSecret"}
 BACKENDS = ("solana_local", "wdk_btc_local", "wdk_evm_local")
-PREVIEW_BOUND_SWAP_TOOLS = {"swap_solana_tokens", "swap_solana_privately"}
+PREVIEW_BOUND_SWAP_TOOLS = {"swap_solana_tokens"}
 
 
 def _json(data: dict[str, Any]) -> str:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentlayer.tech/wallet",
-  "version": "0.1.30",
+  "version": "0.1.33",
   "description": "NPM installer for the OpenClaw Agent Wallet local runtime.",
   "type": "module",
   "repository": {

package/wdk-btc-wallet/src/local_vault.js

@@ -26,14 +26,6 @@ function assertPositiveInteger(value, fieldName) {
   return parsed;
 }
 
-function assertNonNegativeInteger(value, fieldName) {
-  const parsed = Number(value);
-  if (!Number.isInteger(parsed) || parsed < 0) {
-    throw new Error(`${fieldName} must be a non-negative integer.`);
-  }
-  return parsed;
-}
-
 function sanitizeLabel(label) {
   const normalized = String(label ?? "").trim();
   return normalized || "BTC Wallet";
@@ -67,6 +59,7 @@ async function encryptSeedPhrase({ seedPhrase, password, walletId }) {
     cipher.final(),
   ]);
   const tag = cipher.getAuthTag();
+  key.fill(0);
   return {
     version: VAULT_VERSION,
     kdf: {
@@ -95,7 +88,12 @@ async function decryptSeedPhrase({ encrypted, password, walletId }) {
   decipher.setAAD(Buffer.from(`wdk-btc-wallet:${walletId}:v${VAULT_VERSION}`, "utf8"));
   decipher.setAuthTag(tag);
   const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-  return plaintext.toString("utf8");
+  key.fill(0);
+  // The returned string is an unavoidable transient (V8 strings are immutable);
+  // the derived key and plaintext buffers are zeroized so no zeroizable secret lingers.
+  const seedPhrase = plaintext.toString("utf8");
+  plaintext.fill(0);
+  return seedPhrase;
 }
 
 async function decryptSeedPhraseWithPasswordCheck(args) {
@@ -117,7 +115,6 @@ async function decryptSeedPhraseWithPasswordCheck(args) {
 export class LocalBtcVault {
   constructor(config) {
     this.config = config;
-    this._unlocked = new Map();
   }
 
   async createWallet({
@@ -139,10 +136,9 @@ export class LocalBtcVault {
       source: "created",
       network,
     });
-    await this.unlockWallet({ walletId: wallet.walletId, password, timeoutSeconds: 0 });
     return {
       ...wallet,
-      unlocked: true,
+      unlocked: false,
       unlockExpiresAt: null,
       ...(revealSeedPhrase ? { seedPhrase } : {}),
     };
@@ -160,39 +156,35 @@ export class LocalBtcVault {
       source: "imported",
       network,
     });
-    await this.unlockWallet({ walletId: wallet.walletId, password, timeoutSeconds: 0 });
     return {
       ...wallet,
-      unlocked: true,
+      unlocked: false,
       unlockExpiresAt: null,
     };
   }
 
   async listWallets() {
-    this.#sweepExpiredUnlocked();
     const registry = await this.#loadRegistry();
-    return registry.wallets.map((wallet) => {
-      const unlocked = this._unlocked.get(wallet.walletId);
-      return {
-        ...wallet,
-        unlocked: Boolean(unlocked),
-        unlockExpiresAt: unlocked ? unlocked.expiresAt : null,
-      };
-    });
+    return registry.wallets.map((wallet) => ({
+      ...wallet,
+      unlocked: false,
+      unlockExpiresAt: null,
+    }));
   }
 
   async getWallet({ walletId }) {
-    this.#sweepExpiredUnlocked();
     const wallet = await this.#getWalletMetadata(assertNonEmptyString(walletId, "walletId"));
-    const unlocked = this._unlocked.get(wallet.walletId);
     return {
       ...wallet,
-      unlocked: Boolean(unlocked),
-      unlockExpiresAt: unlocked ? unlocked.expiresAt : null,
+      unlocked: false,
+      unlockExpiresAt: null,
     };
   }
 
-  async unlockWallet({ walletId, password, timeoutSeconds }) {
+  // Deprecated: the wallet now uses a decrypt-on-demand model and never holds a
+  // plaintext seed in memory between requests. This endpoint only verifies the
+  // password so callers get feedback; it does not persist any unlocked state.
+  async unlockWallet({ walletId, password }) {
     const metadata = await this.#getWalletMetadata(assertNonEmptyString(walletId, "walletId"));
     const encrypted = await this.#loadEncryptedWallet(walletId);
     const secret = await decryptSeedPhraseWithPasswordCheck({
@@ -203,28 +195,21 @@ export class LocalBtcVault {
     if (!WDK.isValidSeed(secret)) {
       throw new Error("Decrypted wallet seed phrase is invalid.");
     }
-    const ttl =
-      timeoutSeconds === undefined || timeoutSeconds === null
-        ? this.config.unlockTimeoutSeconds
-        : assertNonNegativeInteger(timeoutSeconds, "timeoutSeconds");
-    const expiresAt = ttl === 0 ? null : new Date(Date.now() + ttl * 1000).toISOString();
-    this._unlocked.set(walletId, {
-      seedPhrase: secret,
-      expiresAt,
-    });
     return {
       walletId,
       label: metadata.label,
-      unlocked: true,
-      unlockExpiresAt: expiresAt,
+      unlocked: false,
+      unlockExpiresAt: null,
+      deprecated: true,
     };
   }
 
+  // Deprecated no-op: the wallet is always sealed at rest in the decrypt-on-demand model.
   async lockWallet({ walletId }) {
-    this._unlocked.delete(assertNonEmptyString(walletId, "walletId"));
     return {
-      walletId,
+      walletId: assertNonEmptyString(walletId, "walletId"),
       unlocked: false,
+      deprecated: true,
     };
   }
 
@@ -283,25 +268,19 @@ export class LocalBtcVault {
     };
     await this.#saveRegistry(registry);
 
-    const unlocked = this._unlocked.get(id);
-    if (unlocked) {
-      this._unlocked.set(id, {
-        seedPhrase,
-        expiresAt: unlocked.expiresAt,
-      });
-    }
-
     return {
       walletId: id,
       label: metadata.label,
       passwordChanged: true,
       updatedAt,
-      unlocked: Boolean(this._unlocked.get(id)),
-      unlockExpiresAt: this._unlocked.get(id)?.expiresAt ?? null,
+      unlocked: false,
+      unlockExpiresAt: null,
     };
   }
 
-  async resolveSeedPhrase({ walletId, seedPhrase }) {
+  // Decrypt-on-demand: the seed is decrypted just-in-time for a single signing
+  // request from the supplied password, never persisted between requests.
+  async resolveSeedPhrase({ walletId, seedPhrase, password }) {
     if (typeof seedPhrase === "string" && seedPhrase.trim()) {
       if (!WDK.isValidSeed(seedPhrase.trim())) {
         throw new Error("seedPhrase must be a valid BIP-39 seed phrase.");
@@ -313,16 +292,23 @@ export class LocalBtcVault {
       };
     }
     const id = assertNonEmptyString(walletId, "walletId");
-    this.#sweepExpiredUnlocked();
-    const unlocked = this._unlocked.get(id);
-    if (!unlocked) {
-      throw new Error("Wallet is locked. Unlock it first or provide seedPhrase explicitly.");
+    if (typeof password !== "string" || !password.trim()) {
+      throw new Error("Wallet is locked. Provide password or seedPhrase explicitly.");
+    }
+    await this.#getWalletMetadata(id);
+    const encrypted = await this.#loadEncryptedWallet(id);
+    const secret = await decryptSeedPhraseWithPasswordCheck({
+      encrypted,
+      password: password.trim(),
+      walletId: id,
+    });
+    if (!WDK.isValidSeed(secret)) {
+      throw new Error("Decrypted wallet seed phrase is invalid.");
     }
     return {
-      seedPhrase: unlocked.seedPhrase,
-      source: "local-vault",
+      seedPhrase: secret,
+      source: "local-vault-jit",
       walletId: id,
-      unlockExpiresAt: unlocked.expiresAt,
     };
   }
 
@@ -420,13 +406,4 @@ export class LocalBtcVault {
   #registryPath() {
     return path.join(this.config.dataDir, REGISTRY_FILE);
   }
-
-  #sweepExpiredUnlocked() {
-    const now = Date.now();
-    for (const [walletId, state] of this._unlocked.entries()) {
-      if (state.expiresAt && Date.parse(state.expiresAt) <= now) {
-        this._unlocked.delete(walletId);
-      }
-    }
-  }
 }

package/wdk-btc-wallet/src/server.js

@@ -44,6 +44,7 @@ async function withResolvedSeed(body = {}) {
   const resolved = await vault.resolveSeedPhrase({
     walletId: body.walletId,
     seedPhrase: body.seedPhrase,
+    password: body.password,
   });
   return {
     ...body,

package/wdk-evm-wallet/README.md

@@ -165,9 +165,10 @@ Gateway mode:
 - `PROVIDER_GATEWAY_URL` defaults to `https://agent-layer-production.up.railway.app`
 - set `PROVIDER_GATEWAY_URL=https://...` only when overriding the hosted default
 - `PROVIDER_GATEWAY_BEARER_TOKEN` is optional and only needed when the gateway is protected
-- optionally set `WDK_EVM_RPC_GATEWAY_PROVIDER=alchemy|shared|auto`
-- in gateway mode, `ethereum` and `base` use the provider gateway raw EVM RPC route
-- explicit `WDK_EVM_<NETWORK>_RPC_URL` values still override gateway mode per network
+- `ethereum` and `base` mainnet are always routed through the provider gateway raw EVM RPC route
+- `ethereum` and `base` mainnet are pinned to the gateway `provider=alchemy` path
+- direct `WDK_EVM_ETHEREUM_RPC_URL` and `WDK_EVM_BASE_RPC_URL` values no longer override mainnet routing
+- `WDK_EVM_SEPOLIA_RPC_URL` and `WDK_EVM_BASE_SEPOLIA_RPC_URL` remain direct per-network testnet overrides
 
 Local security note:
 

package/wdk-evm-wallet/src/config.js

@@ -10,6 +10,7 @@ const DEFAULTS = {
   unlockTimeoutSeconds: 0,
 };
 const DEFAULT_PROVIDER_GATEWAY_URL = "https://agent-layer-production.up.railway.app";
+const ENFORCED_GATEWAY_MAINNETS = new Set(["ethereum", "base"]);
 
 const DEFAULT_NETWORK_PROFILES = {
   ethereum: {
@@ -191,6 +192,20 @@ export function loadConfig(env = process.env) {
 
   function resolveProviderUrl(networkKey, envValue, fallbackUrl) {
     const direct = String(envValue ?? "").trim();
+    if (ENFORCED_GATEWAY_MAINNETS.has(networkKey)) {
+      const enforcedGatewayUrl = buildGatewayEvmRpcUrl(
+        providerGatewayUrl,
+        networkKey,
+        "alchemy",
+        providerGatewayToken
+      );
+      if (!enforcedGatewayUrl) {
+        throw new Error(
+          `PROVIDER_GATEWAY_URL is required for ${networkKey} mainnet RPC routing.`
+        );
+      }
+      return enforcedGatewayUrl;
+    }
     if (direct) {
       return direct;
     }