MultiClaw

A portable desktop application for authorizing AI agent payments. Delegate spending authority without sharing private keys.

What is MultiClaw?

MultiClaw is a standalone desktop app that acts as a payment authorization oracle for AI agents. When your agents encounter x402 paywalls or receive A2A x402 requests, they seek authorization from MultiClaw. You approve or deny in the app, and MultiClaw signs payment headers using your wallet — your keys never leave the device.

Key features:

• Wide x402 support — v1/v2 HTTP x402 and A2A x402 (direct JSON payloads)
• Key isolation — agents receive tokens with spending limits, not your private keys
• Spend policies — daily caps, per-request limits, auto-approve thresholds, domain restrictions
• Multi-agent support — register unlimited agents, each with their own policy and wallet assignment
• Bearer and HMAC auth — simple token-based auth or cryptographic signatures
• AP2 Intent Mandates — generate signed credentials for merchant verification
• Portable — runs from USB, no installation required

Getting Started

1. Download

Download the latest release from GitHub Releases. Available for Windows, macOS, and Linux.

2. Create a Wallet

On first launch, create a new wallet or import an existing seed phrase. The wallet is encrypted with AES-256-GCM using your password.

3. Fund Your Wallet

Send USDC to your wallet address on a supported network (SKALE, Base, Base Sepolia). The app shows your balance across all networks.

4. Create a Spend Policy

Define spending rules:

• Daily limit — maximum total spending per day
• Per-request max — maximum single payment amount
• Auto-approve below — payments under this amount are signed automatically
• Domain restrictions — allowlist or blocklist specific domains

5. Register an Agent

Create a new agent and choose an authentication mode:

• HMAC (recommended) — agent signs requests with a shared secret
• Bearer — agent sends a static token (simpler, less secure)

Copy the agent credentials to your AI agent's environment.

6. Commission the Agent

Assign a wallet and spend policy to the agent. Optionally generate an Intent Mandate for merchant verification.

Commissioning an agent with wallet and spend policy assignment.

Agent Integration

Agents communicate with MultiClaw via HTTP on localhost:9402. When an agent hits an x402 paywall:

1. Agent receives HTTP 402 with Payment-Required header
2. Agent forwards the header to POST /sign
3. MultiClaw validates against policy, signs if allowed
4. Agent receives signed payment header
5. Agent retries original request with payment header

Bearer Mode Example

POST http://localhost:9402/sign
Content-Type: application/json

{
  "agent_code": "ABC123",
  "signature": "AT_your_token_here",
  "payment_required": "eyJhY2NlcHRzIjpbey4uLn1d",
  "request_url": "https://api.example.com/resource"
}

Response (Success)

{
  "status": "success",
  "header_name": "X-PAYMENT-RESPONSE",
  "header_value": "eyJ4NDAyVmVyc2lvbiI6Mn0...",
  "transaction_id": "abc123..."
}

Manual Approval

When a payment exceeds the auto-approve threshold, MultiClaw returns status: pending with a request_id. A dialog appears in the app for you to approve or deny. The agent polls GET /sign/status/{request_id} until resolved.

Endpoints

Transaction history showing signed payments and settlement status.

Spend Policies

Policies define what an agent can spend. Each agent is assigned exactly one policy.

Limits

• Daily limit — maximum spending per calendar day. Agent status changes to "limit_reached" when exhausted.
• Per-request max — requests exceeding this are rejected outright.
• Auto-approve threshold — payments below this are signed without prompting. Set to 0 for manual-only.

Domain Restrictions

• Allowed domains — if set, only these domains can receive payments
• Blocked domains — these domains are always rejected

Domain matching includes subdomains: stripe.com matches api.stripe.com.

Authentication Modes

HMAC Mode (Recommended)

Agent signs each request with HMAC-SHA256 using a shared secret. The signature includes a timestamp for replay protection (5-minute window by default).

signature: "SIG:1707823845:abc123def456..."

More secure — the shared secret is never transmitted.

Bearer Mode

Agent sends a static token with each request.

signature: "AT_abc123def456..."

Simpler for agents that can't do cryptographic signing. Use idempotency_key to make multiple payments to the same endpoint.

Intent Mandates (AP2)

An Intent Mandate is a signed credential documenting your authorization of an agent. You can:

• Generate when commissioning an agent
• Publish to the AP2 Registry for merchant verification
• Share the mandate ID with merchants who want to verify authorization

The mandate includes:

• Agent code and auth fingerprint
• Spending limits (daily, per-request, auto-approve)
• Allowed networks
• Wallet address
• Your cryptographic signature

Privacy-sensitive fields (agent name, policy name, domain restrictions) are intentionally omitted from the public mandate.

Security

Wallet Encryption

Wallets are encrypted with AES-256-GCM. Key derivation uses Argon2id (64MB memory, 3 iterations, 4 threads). Each wallet has a unique salt and IV.

Agent Secrets

HMAC shared secrets are encrypted with your wallet password. Bearer tokens are stored as SHA-256 hashes — the plaintext token is shown once during registration.

Key Isolation

Agents never receive private keys. They receive a code and token that authorize them to request signatures. All signing happens locally in MultiClaw.

Rate Limiting

The server limits requests to 300/minute per IP.

Settlement Verification

Enable "Verify settlements" in Network settings to confirm payments on-chain:

1. Agent reports settlement via /callback with tx_hash
2. MultiClaw queries the network RPC for the transaction receipt
3. Transaction status updates to "verified" (success) or "failed" (reverted)

Configure custom RPC endpoints per network in the Network tab.

Supported Networks

Toggle networks on/off in the Network tab. Disabled networks reject all payment requests.