@agentlayer.tech/wallet 0.1.34 → 0.1.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.openclaw/extensions/agent-wallet/openclaw.plugin.json +1 -1
- package/.openclaw/extensions/agent-wallet/package.json +1 -1
- package/CHANGELOG.md +22 -0
- package/VERSION +1 -1
- package/agent-wallet/agent_wallet/__init__.py +1 -1
- package/agent-wallet/agent_wallet/providers/wdk_evm_local.py +4 -2
- package/agent-wallet/openclaw.plugin.json +1 -1
- package/agent-wallet/pyproject.toml +1 -1
- package/agent-wallet/skills/wallet-operator/SKILL.md +21 -9
- package/bin/openclaw-agent-wallet.mjs +14 -0
- package/claude-code/plugins/agent-wallet/.claude-plugin/plugin.json +1 -1
- package/claude-code/plugins/agent-wallet/scripts/run_mcp.sh +5 -3
- package/codex/plugins/agent-wallet/.codex-plugin/plugin.json +1 -1
- package/codex/plugins/agent-wallet/scripts/run_mcp.sh +3 -1
- package/codex/plugins/agent-wallet/server.py +125 -41
- package/codex/plugins/agent-wallet/skills/wallet-operator/SKILL.md +1 -0
- package/hermes/plugins/agent_wallet/plugin.yaml +1 -1
- package/package.json +1 -1
- package/wdk-btc-wallet/package.json +1 -1
- package/wdk-evm-wallet/package.json +1 -1
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"id": "agent-wallet",
|
|
3
3
|
"name": "Agent Wallet",
|
|
4
4
|
"description": "Official OpenClaw plugin bridge for the agent-wallet backends, including Solana, local BTC, and local EVM.",
|
|
5
|
-
"version": "0.1.
|
|
5
|
+
"version": "0.1.36",
|
|
6
6
|
"contracts": {
|
|
7
7
|
"tools": [
|
|
8
8
|
"close_empty_token_accounts",
|
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,28 @@
|
|
|
2
2
|
|
|
3
3
|
## Unreleased
|
|
4
4
|
|
|
5
|
+
## v0.1.35 - 2026-06-03
|
|
6
|
+
|
|
7
|
+
- Hardened the Codex / Claude Code MCP wallet bridge:
|
|
8
|
+
- Run the blocking wallet CLI subprocess off the event loop
|
|
9
|
+
(`asyncio.to_thread`) so a slow or hung wallet op no longer freezes the MCP
|
|
10
|
+
server — `tools/list`, read-only calls, and cancellation stay responsive.
|
|
11
|
+
The approval-preview cache is now guarded by a lock for concurrent calls.
|
|
12
|
+
- Consume the approved preview after a successful execute, so a duplicate
|
|
13
|
+
execute call cannot silently re-run the operation from stale 15-min approval
|
|
14
|
+
context. A failed execute keeps the preview so retries still work.
|
|
15
|
+
- `set_wallet_backend` commits session network/backend selection only after
|
|
16
|
+
the validating call succeeds, preventing a stale backend + new network mix.
|
|
17
|
+
- Fixed an off-by-one in the Claude Code launcher's sibling-codex fallback
|
|
18
|
+
path so a local checkout resolves `codex/server.py`.
|
|
19
|
+
- Replaced the `py_compile` self-check with a non-writing `ast.parse` check so
|
|
20
|
+
a read-only install dir cannot trigger a false "runtime broken" error.
|
|
21
|
+
- Parse `AGENT_WALLET_CODEX_TIMEOUT` defensively and surface a clean timeout
|
|
22
|
+
error instead of the raw `TimeoutExpired` repr (which echoed argv, including
|
|
23
|
+
the approval token). CLI stdout parsing now tolerates a stray line ahead of
|
|
24
|
+
the JSON result.
|
|
25
|
+
- Codex skill doc parity (`set_wallet_backend` / `set_evm_network`).
|
|
26
|
+
|
|
5
27
|
## v0.1.34 - 2026-06-02
|
|
6
28
|
|
|
7
29
|
- Added native ETH support to EVM (Velora) swaps in the wallet runtime.
|
package/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.36
|
|
@@ -13,7 +13,7 @@ from agent_wallet.config import resolve_evm_wallet_password, resolve_openclaw_ho
|
|
|
13
13
|
from agent_wallet.wallet_layer.base import WalletBackendError
|
|
14
14
|
|
|
15
15
|
LOCAL_WDK_EVM_HOSTS = {"127.0.0.1", "localhost", "::1"}
|
|
16
|
-
|
|
16
|
+
LONG_RUNNING_POST_PATHS = {
|
|
17
17
|
"/v1/evm/aave/supply/send",
|
|
18
18
|
"/v1/evm/aave/withdraw/send",
|
|
19
19
|
"/v1/evm/aave/borrow/send",
|
|
@@ -24,7 +24,9 @@ LONG_RUNNING_SEND_PATHS = {
|
|
|
24
24
|
"/v1/evm/lido/request_withdrawal_steth/send",
|
|
25
25
|
"/v1/evm/lido/request_withdrawal_wsteth/send",
|
|
26
26
|
"/v1/evm/lido/claim_withdrawal/send",
|
|
27
|
+
"/v1/evm/swap/quote",
|
|
27
28
|
"/v1/evm/swap/send",
|
|
29
|
+
"/v1/evm/lifi/quote",
|
|
28
30
|
"/v1/evm/lifi/send",
|
|
29
31
|
"/v1/evm/transfer/send",
|
|
30
32
|
"/v1/evm/token-transfer/send",
|
|
@@ -72,7 +74,7 @@ def _load_local_token() -> str:
|
|
|
72
74
|
def _timeout_for_path(path: str) -> float:
|
|
73
75
|
normalized = str(path or "").strip()
|
|
74
76
|
base_timeout = float(settings.http_timeout)
|
|
75
|
-
if normalized in
|
|
77
|
+
if normalized in LONG_RUNNING_POST_PATHS:
|
|
76
78
|
return max(base_timeout, LONG_RUNNING_SEND_TIMEOUT_SECONDS)
|
|
77
79
|
return base_timeout
|
|
78
80
|
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"id": "agent-wallet",
|
|
3
3
|
"name": "Agent Wallet",
|
|
4
4
|
"description": "Plugin-friendly wallet backend for OpenClaw agents with safe wallet tools and runtime instructions across Solana, local BTC, and local EVM.",
|
|
5
|
-
"version": "0.1.
|
|
5
|
+
"version": "0.1.36",
|
|
6
6
|
"skills": ["skills/wallet-operator"],
|
|
7
7
|
"configSchema": {
|
|
8
8
|
"type": "object",
|
|
@@ -12,12 +12,13 @@ Use this skill before calling OpenClaw wallet tools. It is the routing guide for
|
|
|
12
12
|
1. Start with `get_wallet_capabilities` when the active chain, signing support, or available tools are unclear.
|
|
13
13
|
2. Use `get_wallet_address` before asking for deposits or confirming a recipient/source wallet.
|
|
14
14
|
3. Use `get_wallet_balance` before spending, swapping, bridging, staking, lending, or claiming.
|
|
15
|
-
4.
|
|
16
|
-
5. `
|
|
17
|
-
6.
|
|
18
|
-
7.
|
|
19
|
-
8.
|
|
20
|
-
9.
|
|
15
|
+
4. Treat `get_wallet_balance` as the default balance read for the active backend, not as a Solana-only helper. If `get_wallet_capabilities` says `can_get_balance=true`, prefer calling `get_wallet_balance` before assuming a backend lacks native balance support.
|
|
16
|
+
5. Use `preview` first for every write action. For Solana Jupiter swaps, prefer `intent_preview` then `intent_execute` after explicit chat confirmation so execution can refresh the quote inside approved limits. Solana swap intents are normalized by the backend to at least 300 bps slippage, 120 seconds validity, and 3 fresh execution attempts; do not pass a hand-tightened `minimum_output_amount_raw` unless the user explicitly set that floor. Use `prepare` only after explicit user intent. In OpenClaw, use `execute` only after the user explicitly confirms the shown summary in chat; do not ask the user for `/approve`, buttons, popups, or a manual token.
|
|
17
|
+
6. `prepare` returns an execution plan only; it must not return signed transaction bytes.
|
|
18
|
+
7. On mainnet, restate the network and material terms before `execute`; the OpenClaw plugin handles the internal execution authorization after chat confirmation.
|
|
19
|
+
8. If backend is `sign_only`, do not execute; use `prepare` and state that nothing was broadcast.
|
|
20
|
+
9. Never claim a transfer, swap, bridge, stake, claim, deposit, borrow, repay, or withdrawal happened unless the tool result says it was broadcast/confirmed.
|
|
21
|
+
10. Do not use Mayan. Direct Mayan paths were removed. Cross-chain swaps must go through LI.FI with Mayan denied.
|
|
21
22
|
|
|
22
23
|
## Provider Map
|
|
23
24
|
|
|
@@ -46,19 +47,30 @@ Use this skill before calling OpenClaw wallet tools. It is the routing guide for
|
|
|
46
47
|
|
|
47
48
|
- `get_wallet_capabilities`: available chain, backend, send/sign support.
|
|
48
49
|
- `get_wallet_address`: active wallet address.
|
|
49
|
-
- `get_wallet_balance`: primary balance/portfolio summary
|
|
50
|
-
-
|
|
50
|
+
- `get_wallet_balance`: primary balance/portfolio summary for the active backend.
|
|
51
|
+
- Solana: native SOL plus discovered SPL assets and USD values when available.
|
|
52
|
+
- EVM: native ETH balance plus discovered ERC-20 assets and USD values when available.
|
|
53
|
+
- If the user asks for an EVM wallet balance, try this first before falling back to token-specific reads.
|
|
54
|
+
- `get_wallet_portfolio`: detailed Solana portfolio holdings. Do not assume this works on every backend; `wdk_evm_local` may reject portfolio lookup even when `get_wallet_balance` works.
|
|
51
55
|
- `get_solana_token_prices`: prices by Solana mint.
|
|
52
56
|
- `get_lifi_supported_chains`: supported LI.FI subset.
|
|
53
57
|
- `get_lifi_quote`: read-only LI.FI quote/status surface; use when user asks for indicative cross-chain quote outside the write flow.
|
|
54
58
|
- `get_lifi_transfer_status`: check LI.FI bridge status after a cross-chain source transaction.
|
|
55
59
|
- `get_evm_network`: active EVM network and supported EVM swap networks.
|
|
56
|
-
- `get_evm_token_balance`: ERC-20 balance by `token_address`, optional `network`.
|
|
60
|
+
- `get_evm_token_balance`: ERC-20 balance by `token_address`, optional `network`. This is not the native ETH balance reader; use it for a specific token contract such as USDC or WETH.
|
|
57
61
|
- `get_evm_token_metadata`: ERC-20 metadata by `token_address`, optional `network`.
|
|
58
62
|
- `get_evm_fee_rates`: EVM fee suggestions.
|
|
59
63
|
- `get_evm_transaction_receipt`: EVM receipt by `tx_hash`.
|
|
60
64
|
- `get_btc_transfer_history`, `get_btc_fee_rates`, `get_btc_max_spendable`: BTC read helpers.
|
|
61
65
|
|
|
66
|
+
## Balance Routing
|
|
67
|
+
|
|
68
|
+
- Solana wallet balance request: use `get_wallet_balance`.
|
|
69
|
+
- EVM wallet balance request: use `get_wallet_balance` first for native ETH and discovered ERC-20 holdings.
|
|
70
|
+
- EVM specific token balance request: use `get_evm_token_balance` with a concrete ERC-20 `token_address`.
|
|
71
|
+
- EVM native transfer sizing: use `get_wallet_balance` for available ETH, then `get_evm_fee_rates` if the user needs fee context.
|
|
72
|
+
- If the tool descriptions and runtime capabilities seem inconsistent, prefer a direct read call over guessing from descriptions alone.
|
|
73
|
+
|
|
62
74
|
## Transfer Commands
|
|
63
75
|
|
|
64
76
|
- SOL transfer: `transfer_sol`
|
|
@@ -1617,6 +1617,20 @@ function pinHomeIntoMcpFile(mcpPath, env = process.env) {
|
|
|
1617
1617
|
const entry = (doc.mcpServers || {})["agent-wallet"];
|
|
1618
1618
|
if (!entry) return { pinned: false, reason: "no agent-wallet server entry", path: mcpPath };
|
|
1619
1619
|
const home = resolveOpenclawHome(env);
|
|
1620
|
+
// When the install home is the default ~/.openclaw, run_mcp.sh already derives
|
|
1621
|
+
// it (`${OPENCLAW_HOME:-"$HOME/.openclaw"}`), so pinning is redundant and would
|
|
1622
|
+
// dirty version-controlled bundle files. Skip it — and drop any stale pin so the
|
|
1623
|
+
// file self-heals back to a clean, distributable state.
|
|
1624
|
+
const defaultHome = path.resolve(expandHome("~/.openclaw"));
|
|
1625
|
+
if (home === defaultHome) {
|
|
1626
|
+
if (entry.env && "OPENCLAW_HOME" in entry.env) {
|
|
1627
|
+
delete entry.env.OPENCLAW_HOME;
|
|
1628
|
+
if (Object.keys(entry.env).length === 0) delete entry.env;
|
|
1629
|
+
writeJsonFile(mcpPath, doc);
|
|
1630
|
+
return { pinned: false, reason: "home is default; removed redundant pin", path: mcpPath };
|
|
1631
|
+
}
|
|
1632
|
+
return { pinned: false, reason: "home is default; run_mcp.sh derives it", path: mcpPath };
|
|
1633
|
+
}
|
|
1620
1634
|
entry.env = { ...(entry.env || {}), OPENCLAW_HOME: home };
|
|
1621
1635
|
writeJsonFile(mcpPath, doc);
|
|
1622
1636
|
return { pinned: true, openclaw_home: home, path: mcpPath };
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "agent-wallet",
|
|
3
3
|
"displayName": "Agent Wallet",
|
|
4
|
-
"version": "0.1.
|
|
4
|
+
"version": "0.1.36",
|
|
5
5
|
"description": "Claude Code bridge for the existing AgentLayer wallet runtime. Connects to Solana, Bitcoin, and EVM wallets without creating a new one.",
|
|
6
6
|
"author": {
|
|
7
7
|
"name": "AgentLayer"
|
|
@@ -10,13 +10,13 @@ PACKAGE_ROOT=${AGENT_WALLET_PACKAGE_ROOT:-${OPENCLAW_AGENT_WALLET_PACKAGE_ROOT:-
|
|
|
10
10
|
# relative sibling paths below no longer resolve, so fall back to the codex
|
|
11
11
|
# plugin copy inside the installed runtime package, which is always present.
|
|
12
12
|
LOCAL_SERVER="$PLUGIN_ROOT/server.py"
|
|
13
|
-
CODEX_SERVER="$PLUGIN_ROOT
|
|
13
|
+
CODEX_SERVER="$PLUGIN_ROOT/../../../codex/plugins/agent-wallet/server.py"
|
|
14
14
|
RUNTIME_CODEX_DIR="$OPENCLAW_HOME/agent-wallet-runtime/current/codex/plugins/agent-wallet"
|
|
15
15
|
|
|
16
16
|
if [ -f "$LOCAL_SERVER" ]; then
|
|
17
17
|
SERVER_PY="$LOCAL_SERVER"
|
|
18
18
|
elif [ -f "$CODEX_SERVER" ]; then
|
|
19
|
-
SERVER_PY=$(CDPATH= cd -- "$PLUGIN_ROOT
|
|
19
|
+
SERVER_PY=$(CDPATH= cd -- "$PLUGIN_ROOT/../../../codex/plugins/agent-wallet" && pwd)/server.py
|
|
20
20
|
elif [ -f "$RUNTIME_CODEX_DIR/server.py" ]; then
|
|
21
21
|
SERVER_PY=$(CDPATH= cd -- "$RUNTIME_CODEX_DIR" && pwd)/server.py
|
|
22
22
|
else
|
|
@@ -37,7 +37,9 @@ else
|
|
|
37
37
|
fi
|
|
38
38
|
|
|
39
39
|
# Fail loudly (not -32000) if the resolved server cannot even be parsed.
|
|
40
|
-
|
|
40
|
+
# Use ast.parse (no bytecode written) so a read-only install dir cannot trigger
|
|
41
|
+
# a false "runtime broken" error from py_compile failing to write __pycache__.
|
|
42
|
+
if ! "$PYTHON_BIN" -c 'import sys, ast; ast.parse(open(sys.argv[1], encoding="utf-8").read())' "$SERVER_PY" 2>/dev/null; then
|
|
41
43
|
"$PYTHON_BIN" - "$SERVER_PY" >&2 <<'PY'
|
|
42
44
|
import json, sys
|
|
43
45
|
print(json.dumps({
|
|
@@ -24,7 +24,9 @@ if [ ! -f "$PLUGIN_ROOT/server.py" ]; then
|
|
|
24
24
|
fi
|
|
25
25
|
|
|
26
26
|
# Fail loudly (not -32000) if the resolved server cannot even be parsed.
|
|
27
|
-
|
|
27
|
+
# Use ast.parse (no bytecode written) so a read-only install dir cannot trigger
|
|
28
|
+
# a false "runtime broken" error from py_compile failing to write __pycache__.
|
|
29
|
+
if ! "$PYTHON_BIN" -c 'import sys, ast; ast.parse(open(sys.argv[1], encoding="utf-8").read())' "$PLUGIN_ROOT/server.py" 2>/dev/null; then
|
|
28
30
|
"$PYTHON_BIN" - "$PLUGIN_ROOT/server.py" >&2 <<'PY'
|
|
29
31
|
import json, sys
|
|
30
32
|
print(json.dumps({
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
from __future__ import annotations
|
|
4
4
|
|
|
5
|
+
import asyncio
|
|
5
6
|
import copy
|
|
6
7
|
import base64
|
|
7
8
|
import hashlib
|
|
@@ -9,6 +10,7 @@ import json
|
|
|
9
10
|
import os
|
|
10
11
|
import subprocess
|
|
11
12
|
import sys
|
|
13
|
+
import threading
|
|
12
14
|
import time
|
|
13
15
|
from functools import lru_cache
|
|
14
16
|
from pathlib import Path
|
|
@@ -71,6 +73,9 @@ selected_solana_network: str | None = None
|
|
|
71
73
|
selected_evm_network: str | None = None
|
|
72
74
|
selected_btc_network: str | None = None
|
|
73
75
|
approval_preview_cache: dict[str, dict[str, Any]] = {}
|
|
76
|
+
# Guards approval_preview_cache against races once wallet calls run concurrently
|
|
77
|
+
# via asyncio.to_thread. Reentrant so prune helpers can be nested under writers.
|
|
78
|
+
_approval_cache_lock = threading.RLock()
|
|
74
79
|
|
|
75
80
|
|
|
76
81
|
class WalletCliError(RuntimeError):
|
|
@@ -94,6 +99,8 @@ def _openclaw_home() -> Path:
|
|
|
94
99
|
|
|
95
100
|
@lru_cache(maxsize=1)
|
|
96
101
|
def _openclaw_plugin_config() -> dict[str, Any]:
|
|
102
|
+
# Cached for the process lifetime: openclaw.json is read once per MCP server
|
|
103
|
+
# start. Edits to plugin config require restarting the bridge to take effect.
|
|
97
104
|
config_path = _openclaw_home() / "openclaw.json"
|
|
98
105
|
try:
|
|
99
106
|
payload = json.loads(config_path.read_text(encoding="utf-8"))
|
|
@@ -212,9 +219,10 @@ def _approval_preview_tool_name(tool_name: str) -> str:
|
|
|
212
219
|
|
|
213
220
|
def _prune_approval_preview_cache() -> None:
|
|
214
221
|
now = time.time()
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
approval_preview_cache.
|
|
222
|
+
with _approval_cache_lock:
|
|
223
|
+
for key in list(approval_preview_cache):
|
|
224
|
+
if float(approval_preview_cache[key].get("expires_at") or 0) <= now:
|
|
225
|
+
approval_preview_cache.pop(key, None)
|
|
218
226
|
|
|
219
227
|
|
|
220
228
|
def _cache_preview_for_approval(user_id: str, tool_name: str, payload: dict[str, Any]) -> None:
|
|
@@ -231,18 +239,35 @@ def _cache_preview_for_approval(user_id: str, tool_name: str, payload: dict[str,
|
|
|
231
239
|
summary = data.get("confirmation_summary")
|
|
232
240
|
if not isinstance(summary, dict):
|
|
233
241
|
return
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
242
|
+
with _approval_cache_lock:
|
|
243
|
+
_prune_approval_preview_cache()
|
|
244
|
+
approval_preview_cache[_approval_cache_key(user_id, cache_tool_name)] = {
|
|
245
|
+
"digest": _preview_digest(data),
|
|
246
|
+
"expires_at": time.time() + PREVIEW_CACHE_TTL_SECONDS,
|
|
247
|
+
"preview": data,
|
|
248
|
+
"summary": summary,
|
|
249
|
+
}
|
|
241
250
|
|
|
242
251
|
|
|
243
252
|
def _latest_cached_preview(user_id: str, tool_name: str) -> dict[str, Any] | None:
|
|
244
|
-
|
|
245
|
-
|
|
253
|
+
with _approval_cache_lock:
|
|
254
|
+
_prune_approval_preview_cache()
|
|
255
|
+
return approval_preview_cache.get(_approval_cache_key(user_id, _approval_preview_tool_name(tool_name)))
|
|
256
|
+
|
|
257
|
+
|
|
258
|
+
def _consume_cached_preview(user_id: str, tool_name: str) -> None:
|
|
259
|
+
"""Drop the cached preview once a successful execute has consumed it.
|
|
260
|
+
|
|
261
|
+
Without this, a preview lingers for the full TTL and a duplicate execute
|
|
262
|
+
call could re-run the operation from stale approval context — the runtime's
|
|
263
|
+
single-use nonce registry cannot stop it, because the bridge runs each
|
|
264
|
+
invoke in a fresh subprocess (empty registry) and mints a new token per
|
|
265
|
+
execute. Requiring a fresh preview before the next execute is the safe rule.
|
|
266
|
+
"""
|
|
267
|
+
with _approval_cache_lock:
|
|
268
|
+
approval_preview_cache.pop(
|
|
269
|
+
_approval_cache_key(user_id, _approval_preview_tool_name(tool_name)), None
|
|
270
|
+
)
|
|
246
271
|
|
|
247
272
|
|
|
248
273
|
def _approval_token_preview_digest(token: str) -> str:
|
|
@@ -509,28 +534,55 @@ def _parse_cli_error(text: str) -> WalletCliError:
|
|
|
509
534
|
)
|
|
510
535
|
|
|
511
536
|
|
|
537
|
+
def _cli_timeout_seconds() -> float:
|
|
538
|
+
"""Parse the CLI timeout from env, falling back to 180s on bad values."""
|
|
539
|
+
raw = os.getenv("AGENT_WALLET_CODEX_TIMEOUT", "180")
|
|
540
|
+
try:
|
|
541
|
+
value = float(raw)
|
|
542
|
+
except (TypeError, ValueError):
|
|
543
|
+
return 180.0
|
|
544
|
+
return value if value > 0 else 180.0
|
|
545
|
+
|
|
546
|
+
|
|
512
547
|
def _call_wallet_cli(command: str, extra_args: list[str]) -> dict[str, Any]:
|
|
513
548
|
package_root = _resolve_package_root()
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
549
|
+
timeout_seconds = _cli_timeout_seconds()
|
|
550
|
+
try:
|
|
551
|
+
completed = subprocess.run(
|
|
552
|
+
[
|
|
553
|
+
_python_bin(package_root),
|
|
554
|
+
"-m",
|
|
555
|
+
"agent_wallet.openclaw_cli",
|
|
556
|
+
command,
|
|
557
|
+
*extra_args,
|
|
558
|
+
],
|
|
559
|
+
cwd=str(package_root),
|
|
560
|
+
env=_cli_env(package_root),
|
|
561
|
+
text=True,
|
|
562
|
+
capture_output=True,
|
|
563
|
+
timeout=timeout_seconds,
|
|
564
|
+
check=False,
|
|
565
|
+
)
|
|
566
|
+
except subprocess.TimeoutExpired as exc:
|
|
567
|
+
# Surface a clean, actionable message instead of the raw TimeoutExpired
|
|
568
|
+
# repr, which would echo the full argv (approval_token, config JSON).
|
|
569
|
+
raise WalletCliError(
|
|
570
|
+
f"agent-wallet CLI '{command}' timed out after {timeout_seconds:g}s. "
|
|
571
|
+
"Retry, or raise AGENT_WALLET_CODEX_TIMEOUT if the network is slow.",
|
|
572
|
+
code="timeout",
|
|
573
|
+
) from exc
|
|
529
574
|
if completed.returncode != 0:
|
|
530
575
|
detail = completed.stderr.strip() or completed.stdout.strip()
|
|
531
576
|
raise _parse_cli_error(detail)
|
|
577
|
+
# The CLI contract is a single JSON line on stdout. Parse the last non-empty
|
|
578
|
+
# line so a stray print/warning ahead of it from the runtime cannot break an
|
|
579
|
+
# otherwise-successful call.
|
|
580
|
+
stdout = completed.stdout.strip()
|
|
581
|
+
if not stdout:
|
|
582
|
+
return {}
|
|
583
|
+
last_line = stdout.splitlines()[-1].strip()
|
|
532
584
|
try:
|
|
533
|
-
return json.loads(
|
|
585
|
+
return json.loads(last_line)
|
|
534
586
|
except json.JSONDecodeError as exc:
|
|
535
587
|
raise WalletCliError(f"agent-wallet CLI returned invalid JSON: {exc}") from exc
|
|
536
588
|
|
|
@@ -824,26 +876,38 @@ async def _handle_set_wallet_backend(params: dict[str, Any]) -> dict[str, Any]:
|
|
|
824
876
|
|
|
825
877
|
requested = params.get("backend", params.get("wallet"))
|
|
826
878
|
backend = _normalize_wallet_backend(requested)
|
|
879
|
+
# Resolve the target network into a local first; only commit to the session
|
|
880
|
+
# globals after the validating wallet call succeeds, so a failed switch never
|
|
881
|
+
# leaves a stale backend paired with a freshly mutated network selection.
|
|
827
882
|
if backend == "wdk_evm_local":
|
|
828
883
|
implied = params.get("network") or selected_evm_network or _default_evm_network() or "ethereum"
|
|
829
|
-
|
|
884
|
+
resolved_network = _normalize_selectable_evm_network(implied)
|
|
830
885
|
elif backend == "wdk_btc_local":
|
|
831
|
-
|
|
886
|
+
resolved_network = _normalize_btc_network(
|
|
832
887
|
params.get("network") or selected_btc_network or _default_btc_network()
|
|
833
888
|
)
|
|
834
889
|
else:
|
|
835
|
-
|
|
890
|
+
resolved_network = _normalize_solana_network(
|
|
836
891
|
params.get("network") or selected_solana_network or _default_solana_network()
|
|
837
892
|
)
|
|
838
893
|
|
|
839
|
-
config =
|
|
840
|
-
|
|
894
|
+
config = _host_default_config()
|
|
895
|
+
config["backend"] = backend
|
|
896
|
+
config["network"] = resolved_network
|
|
897
|
+
payload = await asyncio.to_thread(
|
|
898
|
+
_invoke_tool,
|
|
841
899
|
"get_evm_network" if backend == "wdk_evm_local" else "get_wallet_capabilities",
|
|
842
900
|
{} if backend != "wdk_evm_local" else {"network": config["network"]},
|
|
843
901
|
config,
|
|
844
902
|
)
|
|
845
903
|
if payload.get("ok") is False:
|
|
846
904
|
raise RuntimeError(str(payload.get("error") or "set_wallet_backend failed"))
|
|
905
|
+
if backend == "wdk_evm_local":
|
|
906
|
+
selected_evm_network = resolved_network
|
|
907
|
+
elif backend == "wdk_btc_local":
|
|
908
|
+
selected_btc_network = resolved_network
|
|
909
|
+
else:
|
|
910
|
+
selected_solana_network = resolved_network
|
|
847
911
|
selected_wallet_backend = backend
|
|
848
912
|
return {
|
|
849
913
|
"selected_backend": backend,
|
|
@@ -866,7 +930,7 @@ async def _handle_set_evm_network(params: dict[str, Any]) -> dict[str, Any]:
|
|
|
866
930
|
network = _normalize_selectable_evm_network(params.get("network"))
|
|
867
931
|
config = _effective_config_for_backend("wdk_evm_local")
|
|
868
932
|
config["network"] = network
|
|
869
|
-
payload = _invoke_tool
|
|
933
|
+
payload = await asyncio.to_thread(_invoke_tool, "get_evm_network", {"network": network}, config)
|
|
870
934
|
if payload.get("ok") is False:
|
|
871
935
|
raise RuntimeError(str(payload.get("error") or "set_evm_network failed"))
|
|
872
936
|
selected_wallet_backend = "wdk_evm_local"
|
|
@@ -885,6 +949,30 @@ async def _handle_set_evm_network(params: dict[str, Any]) -> dict[str, Any]:
|
|
|
885
949
|
}
|
|
886
950
|
|
|
887
951
|
|
|
952
|
+
def _invoke_wallet_tool_blocking(
|
|
953
|
+
tool_name: str,
|
|
954
|
+
config: dict[str, Any],
|
|
955
|
+
effective_params: dict[str, Any],
|
|
956
|
+
) -> dict[str, Any]:
|
|
957
|
+
"""Synchronous wallet invocation: approval attach + CLI subprocess + cache.
|
|
958
|
+
|
|
959
|
+
Runs off the event loop via ``asyncio.to_thread`` so a slow or hung wallet
|
|
960
|
+
call never freezes the MCP server (tools/list, read-only calls, and
|
|
961
|
+
cancellation stay responsive).
|
|
962
|
+
"""
|
|
963
|
+
used_cache = _attach_approval_for_execute(tool_name, config, effective_params)
|
|
964
|
+
try:
|
|
965
|
+
payload = _invoke_tool(tool_name, effective_params, config)
|
|
966
|
+
except Exception as exc:
|
|
967
|
+
raise _normalize_approval_context_error(exc) from exc
|
|
968
|
+
_cache_preview_for_approval(_user_id(), tool_name, payload)
|
|
969
|
+
# A bridge-managed preview that was just executed successfully is single-use:
|
|
970
|
+
# drop it so a duplicate execute cannot silently re-run the operation.
|
|
971
|
+
if used_cache is not None and payload.get("ok") is not False:
|
|
972
|
+
_consume_cached_preview(_user_id(), tool_name)
|
|
973
|
+
return payload
|
|
974
|
+
|
|
975
|
+
|
|
888
976
|
async def _handle_wallet_tool(tool_name: str, params: dict[str, Any]) -> dict[str, Any]:
|
|
889
977
|
config = _base_config(params, tool_name=tool_name)
|
|
890
978
|
backend = _normalize_wallet_backend(config.get("backend"))
|
|
@@ -893,14 +981,10 @@ async def _handle_wallet_tool(tool_name: str, params: dict[str, Any]) -> dict[st
|
|
|
893
981
|
config["network"] = selected_evm_network
|
|
894
982
|
|
|
895
983
|
effective_params = dict(params)
|
|
896
|
-
|
|
897
|
-
|
|
898
|
-
|
|
899
|
-
payload = _invoke_tool(tool_name, effective_params, config)
|
|
900
|
-
except Exception as exc:
|
|
901
|
-
raise _normalize_approval_context_error(exc) from exc
|
|
984
|
+
payload = await asyncio.to_thread(
|
|
985
|
+
_invoke_wallet_tool_blocking, tool_name, config, effective_params
|
|
986
|
+
)
|
|
902
987
|
|
|
903
|
-
_cache_preview_for_approval(_user_id(), tool_name, payload)
|
|
904
988
|
if payload.get("ok") is False:
|
|
905
989
|
raise RuntimeError(str(payload.get("error") or f"{tool_name} failed"))
|
|
906
990
|
return payload.get("data", {})
|
|
@@ -16,3 +16,4 @@ Rules:
|
|
|
16
16
|
- On mainnet, restate the network, asset, amount, and destination before execute.
|
|
17
17
|
- Do not ask the user for `approval_token`. The bridge manages approval binding internally.
|
|
18
18
|
- If approval context is missing or stale, repeat preview instead of improvising.
|
|
19
|
+
- Use `set_wallet_backend` to switch between Solana, EVM, and Bitcoin wallets within a session, and `set_evm_network` to pick ethereum or base.
|
package/package.json
CHANGED