Built on Monad Testnet

Let Your AI Spend Money,
Not Steal It.

Agent-native payment OS. Session keys with on-chain policy enforcement, 3-tier approval, Telegram notifications, TOTP 2FA, Passkeys, and full audit trails.

$ curl -fsSL https://raw.githubusercontent.com/rumpsmcken-sudo/wallet/main/install.sh | bash
9policy checks
3approval tiers
15+CLI commands
400msblock time
// copy & paste to your AI
Give This to Your AI

Paste this into Claude Code, Codex, Manus, or any AI agent. It will install, configure, and learn how to use Agent Wallet autonomously.

Agent Wallet System Prompt

v0.1.0
## Agent Wallet - Payment Tool for AI Agents You now have access to `agent-wallet`, a CLI tool that lets you make secure payments on the Monad blockchain. Install it and remember how to use it. ### Step 1: Install ```bash curl -fsSL https://raw.githubusercontent.com/rumpsmcken-sudo/wallet/main/install.sh | bash ``` **If installation fails**, do the following: 1. Capture the full error output. 2. Collect environment info: `node --version`, `npm --version`, `uname -a` (or `systeminfo` on Windows). 3. Check if the GitHub CLI is available: `which gh && gh auth status`. 4. If `gh` is authenticated, ask the user: "Installation failed. I can file a GitHub issue to help the developers fix this. May I?" 5. If the user agrees, create the issue: ``` gh issue create --repo rumpsmcken-sudo/wallet \ --title "[Install Bug] <one-line error summary>" \ --body "$(cat <<'EOF' ## Environment - **OS**: <output of uname -a or systeminfo> - **Node.js**: <output of node --version> - **npm**: <output of npm --version> - **Shell**: <bash/zsh/powershell + version> - **Agent**: <Claude Code / Codex / Manus / other> ## Install Command \`\`\`bash curl -fsSL https://raw.githubusercontent.com/rumpsmcken-sudo/wallet/main/install.sh | bash \`\`\` ## Error Output \`\`\` <paste full npm error output here, max 200 lines> \`\`\` ## Steps Before Failure <describe what you did before running install, e.g. fresh terminal, after init, etc.> ## Additional Context <any other relevant info: proxy, corporate network, disk space, permissions, etc.> --- *Auto-reported by AI Agent via `gh issue create`* EOF )" ``` 6. If `gh` is NOT available or not authenticated, show the user the error and suggest they manually open an issue at https://github.com/rumpsmcken-sudo/wallet/issues with the same information above. ### Step 2: Initialize ```bash agent-wallet init ``` This creates `~/.agent-wallet/` with config, sessions, pending approvals, and audit log directories. ### Step 3: Authorize (one-time — user signs with their own wallet) Generate a random password yourself (do NOT ask the user for one). This password is for encrypting YOUR local session key — the user does not need to know it. ```bash agent-wallet setup --password $(openssl rand -hex 16) --json ``` This opens a browser page where the user connects MetaMask and authorizes a session key for you. You NEVER touch the owner's private key — it stays in MetaMask. After authorization, a session key is created and encrypted locally. Tell the user: "I need wallet authorization to make payments. A browser window will open — please connect MetaMask and click Authorize. Your private key stays in your wallet." If `--json` output shows `"status":"already_configured"`, skip this step. Remember the password you generated — you'll need it for `--password` in subsequent commands. ### Step 4: Remember These Commands **Core Payment Flow:** - `agent-wallet pay --to <address> --amount <base-units> --reason "<why>" --token <token-addr> --session-key <key> --password <password> --json` - `--reason` is REQUIRED. You must explain every payment. - Amount is in base units (1 USDC = 1000000, 6 decimals) - Returns JSON: `{"success":true,"txHash":"0x..."}` or `{"error":"DENY_AMOUNT_LIMIT","maxAllowed":"5000000"}` **Session Key Management:** - `agent-wallet session create --label <name> --password <password> --max-per-tx 5000000 --max-daily 20000000 --duration 86400 --allowed-tokens <token-addr> --json` - Creates a temporary key with spending limits - `agent-wallet session create --label <name> --request-only --reason "I need payment access for..." --password <password> --json` - Agent-initiated: creates a pending request for the user to approve - `agent-wallet session list --json` - List all session keys - `agent-wallet session revoke --label <name>` - Revoke a key **Approval Flow (3 tiers):** - amount < autoApproveBelow: executes immediately - amount < confirmBelow: returns `APPROVAL_REQUIRED` with `approvalId` - amount >= confirmBelow: manual approval needed - `agent-wallet approve --list --json` - See pending approvals - `agent-wallet approve --approve <id> --json` - Approve a payment - When you get `APPROVAL_REQUIRED`, tell the user: "I need approval for X USDC. Check Telegram or run: `agent-wallet approve --approve <id>`" **Policy Configuration:** - `agent-wallet policy set --auto-approve-below 3000000 --confirm-below 10000000` - Set thresholds - `agent-wallet policy show --json` - View current policy **x402 Machine Payment (API purchases):** - `agent-wallet fetch <url> --session-key <key> --password <password> --json` - Automatically handles HTTP 402 Payment Required - Signs payment, resends request, returns API data **Monitoring & Audit:** - `agent-wallet audit --limit 10 --json` - View recent payments - `agent-wallet audit --verify` - Verify hash chain integrity - `agent-wallet watch` - Real-time payment stream (user terminal) - `agent-wallet watch --telegram` - With Telegram notifications **Security (2FA):** - `agent-wallet totp setup --password <password>` - Enable TOTP 2FA - `agent-wallet totp verify <code> --password <password>` - Verify code - `agent-wallet auth setup-passkey` - Register Passkey (fingerprint/Face ID) - `agent-wallet auth verify-passkey` - Verify with biometrics **Emergency:** - `agent-wallet pause` - Freeze wallet (owner only) - `agent-wallet recover --transfer-to <address>` - Transfer ownership **Balance:** - `agent-wallet balance --json` - Check wallet + session key balances ### Step 5: Remember Error Handling When a payment fails, parse the JSON error: - `DENY_AMOUNT_LIMIT` -> Lower the amount - `DENY_DAILY_LIMIT` -> Wait until tomorrow or ask user to increase limit - `DENY_TARGET` -> Use a whitelisted address - `DENY_TOKEN` -> Use an allowed token - `SESSION_REVOKED` -> Your access was revoked, inform the user - `APPROVAL_REQUIRED` -> Tell the user to approve via Telegram or CLI - `DENY_PAUSED` -> Wallet is frozen, inform the user ### Step 6: Monad Testnet Config ``` Chain ID: 10143 RPC: https://testnet-rpc.monad.xyz USDC: 0x534b2f3A21130d7a60830c2Df862319e593943A3 MockUSDC: 0x4d16368d29fb31fc7c5bd4a9881913daadb20a89 Block time: 400ms ``` ### Best Practices 1. ALWAYS use `--json` flag for machine-readable output 2. ALWAYS provide `--reason` with meaningful explanation 3. ALWAYS use `--non-interactive` in automated workflows 4. Use `--context "task:current-task-name"` to link payments to your tasks 5. Start with `session create --request-only` to ask for permission first 6. Parse JSON responses and handle errors programmatically 7. If approval is required, inform the user clearly with the approval ID 8. Check `balance --json` before making large payments 9. Never hardcode private keys — the setup flow keeps them in the user's wallet 10. Log all payment attempts in your task context for traceability
~ Paste this into Claude Code, Codex, OpenClaw, Manus, or any AI agent terminal
// capabilities
Built for Agents, Controlled by Humans

Every feature exists because agents need it. Remove the agent, and none of this makes sense.

🔑

Session Keys

Temporary, limited-privilege keys with per-tx limits, daily/weekly caps, address whitelists, and auto-expiry. Agent never touches the real private key.

🛡

Policy Engine

9 on-chain checks enforced in sequence: time validity, cooldown, per-tx limit, daily cap, weekly cap, target whitelist, token whitelist, method whitelist. Uncheatable.

🤝

3-Tier Approval

Small payments auto-execute. Medium payments need confirmation via Telegram inline buttons or CLI. Large payments require manual approval with TOTP 2FA.

🔒

TOTP 2FA + Passkeys

Google Authenticator TOTP for sensitive operations. WebAuthn Passkeys with on-chain P256 verification via Monad's EIP-7951 precompile. Biometric security.

📱

Telegram Notifications

Real-time push notifications with inline keyboard approval. /status, /audit, /pause, /revoke commands. Agent acts, you approve from your phone.

📜

Audit Trail

Every payment logged with who, what, why, policy result, approval tier, and tx hash. SHA-256 hash chain for tamper detection. Full traceability.

// dual-track architecture
Two Tracks, One System

P2P payments go through the Smart Wallet. API micropayments go through x402. Same session key, same policy, same audit log.

AI Agent (Claude Code / Codex / Manus)
agent-wallet pay --reason "..." --json
agent-wallet fetch <url> --json
↓ ↓
Track 1: Smart Wallet
P2P transfers, large payments
executeWithSessionKey()
On-chain policy enforcement
USDC from wallet contract
Track 2: x402 / MPP
API micropayments
EIP-712 signatures
Facilitator pays gas
USDC from session key EOA
↓ ↓
Shared Layer
Policy Engine (9 on-chain checks) • Session Key Manager (register / revoke / rotate)
Audit Logger (JSONL + SHA-256 hash chain) • Notification Router (Telegram + CLI + watch)
// get started
Running in 3 Minutes

From zero to autonomous agent payments.

Install

One command. Works on Mac, Linux, Windows.

curl -fsSL https://raw.githubusercontent.com/rumpsmcken-sudo/wallet/main/install.sh | bash

Initialize & Deploy

Creates config directory and deploys your wallet on Monad.

agent-wallet init && agent-wallet setup --private-key $KEY

Create Session Key

Give your AI a limited, temporary key with spending caps.

agent-wallet session create --label claude --max-per-tx 5000000 --max-daily 20000000 --duration 86400

Let Agent Pay

Agent explains every payment. Policy enforced on-chain. You approve via Telegram.

agent-wallet pay --to 0xAPI --amount 1500000 --reason "Buy API credits" --json
// copy & paste to your AI
Test x402 Payments

Give this to your AI agent after installation. It will autonomously verify the full x402 machine payment flow against our live vendor service.

x402 Verification Prompt

LIVE
## x402 Payment Verification Task You have `agent-wallet` installed. Now verify the x402 machine payment flow against a live vendor API. ### Test Service - Vendor URL: https://x402-vendor.agent-wallet.workers.dev - Chain: Monad Testnet (10143) - Token: USDC (0x534b2f3A21130d7a60830c2Df862319e593943A3) - Recipient: 0x14469c3E7AE509A67731ffC967E128206C9B84eE ### Paid Endpoints | Endpoint | Price | Description | |----------|-------|-------------| | GET /api/weather | 0.001 USDC (1000 units) | Weather forecast | | GET /api/price | 0.005 USDC (5000 units) | Crypto prices | | GET /api/news | 0.002 USDC (2000 units) | News headlines | ### Verification Steps **Step 1: Health Check** Run `curl https://x402-vendor.agent-wallet.workers.dev/health` to confirm the service is online. Expect `{"status":"ok",...}`. **Step 2: Confirm 402 Response** Run `curl -s -w "\n%{http_code}" https://x402-vendor.agent-wallet.workers.dev/api/weather`. You should get HTTP 402 with an `accepts` array containing `payTo`, `maxAmountRequired`, `asset`, and `network` fields. **Step 3: Fetch Free Endpoint** Run `agent-wallet fetch https://x402-vendor.agent-wallet.workers.dev/api/free --session-key <your-session-key> --password <password> --json`. This should return data without payment (protocol: "free"). **Step 4: Pay & Fetch** Run `agent-wallet fetch https://x402-vendor.agent-wallet.workers.dev/api/weather --session-key <your-session-key> --password <password> --json`. This triggers the full x402 flow: 1. Initial GET → 402 with payment requirements 2. Sign EIP-712 TransferWithAuthorization with your session key 3. Retry with X-PAYMENT header 4. Receive 200 + weather data + X-PAYMENT-RESPONSE header with txHash Expected output: `{"url":"...","protocol":"x402","data":{...},"payment":{"amount":"1000","txHash":"0x..."}}` **Step 5: Verify Audit** Run `agent-wallet audit --limit 1 --json` to confirm the x402 payment was recorded with `signatureType: "x402"`. **Step 6: Check Vendor Ledger** Run `curl https://x402-vendor.agent-wallet.workers.dev/stats` to see your payment in the vendor's transaction log. ### Success Criteria - [ ] /health returns status "ok" - [ ] Paid endpoint returns 402 without payment header - [ ] Free endpoint returns 200 with protocol "free" - [ ] Paid endpoint returns 200 after payment with protocol "x402" - [ ] Payment appears in local audit log - [ ] Payment appears in vendor /stats ledger ### If Something Fails - `DENY_AMOUNT_LIMIT` → Check session key `--max-per-tx` is at least 5000 (0.005 USDC covers all endpoints) - `DENY_DAILY_LIMIT` → Check session key `--max-daily` is sufficient - No session key → Create one first: `agent-wallet session create --label test --max-per-tx 10000000 --max-daily 50000000 --duration 3600 --password <password> --json` - Connection error → Check network. Service is at https://x402-vendor.agent-wallet.workers.dev ### Report Failures via GitHub Issue If any verification step fails unexpectedly (not a policy denial, but an actual bug or crash), help the developers fix it: 1. Check if `gh` is available: `which gh && gh auth status`. 2. If authenticated, ask the user: "x402 verification hit a bug. Can I file a GitHub issue?" 3. If approved: ``` gh issue create --repo rumpsmcken-sudo/wallet \ --title "[x402 Bug] <which step failed + one-line summary>" \ --label "bug,x402" \ --body "$(cat <<'EOF' ## Which Step Failed Step <N>: <step name> ## Expected vs Actual - **Expected**: <what should have happened> - **Actual**: <what actually happened> ## Command & Output \`\`\`bash <the exact command that failed> \`\`\` \`\`\` <full output / error message> \`\`\` ## Environment - **OS**: <uname -a> - **Node.js**: <node --version> - **agent-wallet**: <agent-wallet --version or npm ls -g agent-wallet> - **Agent**: <Claude Code / Codex / Manus / other> ## Verification Context - Vendor URL: https://x402-vendor.agent-wallet.workers.dev - Session Key: <address, NOT the private key> - Steps passed before failure: <list> --- *Auto-reported by AI Agent via `gh issue create`* EOF )" ``` 4. If `gh` is not available, show the error to the user and link to https://github.com/rumpsmcken-sudo/wallet/issues
~ Your AI will autonomously run all 6 steps and report pass/fail