Economic Execution and Control Layer for Agentic Systems — Policy-controlled payments with Circle Gateway nanopayments (EIP-3009), x402 protocol support, gasless transactions, and per-agent wallet isolation.
📦 PyPI · 🧪 Tests: 1220 passed
In the Agent Era, software can act economically. But current wallets fail when software, not humans, is the operator:
- Full key access = extreme risk (agent can drain the wallet)
- Human approval = kills speed and autonomy
- No spending limits = agent can spend unlimited
Where Stripe helps merchants accept human payments, OmniClaw governs autonomous agents making machine payments — with policy, trust verification, and concurrency safety built in.
OmniClaw solves this by separating:
- Financial Policy Engine (owner runs) - holds private keys, enforces policy
- Execution Layer (agent uses) - thin CLI that only does what policy allows
The agent never touches the private key. It only talks to the CLI. The owner decides what the agent can do via policy.json.
┌─────────────────────────────────────────────────────────────────────┐
│ OMNICLAW SYSTEM │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ OWNER SIDE (runs the Financial Policy Engine) AGENT SIDE (uses CLI) │
│ ════════════════════════════════════════════════ ═══════════════════════ │
│ │
│ ┌─────────────────────────────┐ ┌─────────────────────┐ │
│ │ Financial Policy Engine │ │ OmniClaw CLI │ │
│ │ (uvicorn server) │◄──────────────►│ (thin client) │ │
│ │ │ HTTPS │ │ │
│ │ - Holds private key │ │ - pay │ │
│ │ - Enforces policy │ │ - deposit │ │
│ │ - Signs transactions │ │ - withdraw │ │
│ └─────────────────────────────┘ └─────────────────────┘ │
│ │ │ │
│ │ Circle Nanopayment │ │
│ └──────────────┬──────────────────────┘ │
│ │ │
│ ┌──────▼──────┐ │
│ │ Circle │ │
│ │ Gateway │ │
│ │ (USDC) │ │
│ └─────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────┘
| Component | Who Runs It | What It Does |
|---|---|---|
| Financial Policy Engine | Owner/human | Holds private key, enforces policy, signs transactions |
| CLI (agent uses) | Agent | Thin client - sends requests, gets responses. Cannot bypass policy |
Every agent has two wallets:
| Wallet | How It Works |
|---|---|
| EOA (External Owned Account) | Derived from OMNICLAW_PRIVATE_KEY. Holds actual USDC on-chain. Used to sign deposits. |
| Circle Developer Wallet | Created via policy.json. Where withdrawn funds go. The "circle wallet." |
Your USDC starts here: Then moves here: Ends up here:
┌──────────┐ ┌────────────┐ ┌──────────────┐
│ EOA │ ─deposit───────► │ Gateway │ ──pay──────► │ Seller │
│ (on-chain)│ (on-chain) │ Contract │ (x402) │ EOA │
└──────────┘ └────────────┘ └──────────────┘
│ │
│ withdraw │
└──────────────► Circle Developer Wallet
- Deposit: Move USDC from your EOA → Gateway (on-chain, costs gas)
- Pay: Use Gateway for gasless payments (x402 protocol)
- Withdraw: Move USDC from Gateway → your Circle wallet
Circle's Gateway supports EIP-3009 - off-chain authorization:
- No gas needed for payments
- Instant settlement
- Circle batches and settles on-chain
- Sub-cent transactions are economically viable
This is what makes agent-to-agent commerce practical — agents can trade at high frequency without bleeding gas on every transaction.
OmniClaw isn't just for buyers. You can protect your own endpoint behind x402 and accept payments from other agents:
from omniclaw.protocols.nanopayments import GatewayMiddleware
# Protect any async endpoint
middleware = GatewayMiddleware(
price="0.01", # 0.01 USDC per call
seller_address="0xYourAddress",
)
app = FastAPI()
app.add_middleware(GatewayMiddleware, price="0.01")
@app.get("/api/data")
async def get_data():
return {"data": "expensive information"}This opens your service to agent-to-agent commerce — other agents can pay your endpoint using gasless nanopayments.
pip install omniclaw
# or
uv add omniclaw# Required to run
export OMNICLAW_PRIVATE_KEY="0x..." # Your agent's private key
export OMNICLAW_AGENT_TOKEN="your-token" # Token from policy.json
export OMNICLAW_AGENT_POLICY_PATH="/path/to/policy.json"
export CIRCLE_API_KEY="your-circle-key" # Circle API key
# Network (testnet or mainnet)
export OMNICLAW_NETWORK="ETH-SEPOLIA" # or ETH-MAINNET
export OMNICLAW_ENV="production" # set for mainnet
# RPC for on-chain operations
export OMNICLAW_RPC_URL="https://..."
# Nanopayments CAIP-2 is derived from OMNICLAW_NETWORK (EVM only)uvicorn omniclaw.agent.server:app --port 8080This runs the Financial Policy Engine that holds the private key and enforces policy.
Agent runtime should set these (no interactive setup required):
export OMNICLAW_SERVER_URL="http://localhost:8080"
export OMNICLAW_TOKEN="your-agent-token"Optional: persist config locally for dev workflows:
omniclaw-cli configure --server-url http://localhost:8080 --token your-token --wallet primaryCLI output is agent-first (JSON, no banner). For human-friendly output set:
export OMNICLAW_CLI_HUMAN=1Note: omniclaw and omniclaw-cli point to the same CLI.
Send USDC to your EOA address (derived from OMNICLAW_PRIVATE_KEY)
omniclaw-cli deposit --amount 10→ Moves USDC from EOA → Circle Gateway contract (on-chain, costs gas)
# Pay another agent
omniclaw-cli pay --recipient 0xDEAD... --amount 5
# Or pay for x402 service (URL)
omniclaw-cli pay --recipient https://api.example.com/data --amount 1→ Uses gasless nanopayments via x402 protocol (Gateway CAIP-2 derived from OMNICLAW_NETWORK, EVM only)
omniclaw-cli withdraw --amount 3→ Moves USDC from Gateway → your Circle Developer Wallet
Just share your address, receive payments directly:
omniclaw-cli address # Get your address to shareExpose your service behind payment:
omniclaw-cli serve \
--price 0.01 \
--endpoint /api/data \
--exec "python my_service.py" \
--port 8000This opens http://localhost:8000/api/data that requires USDC payment to access.
| Command | Description | Example |
|---|---|---|
configure |
Set server URL, token, wallet | configure --server-url http://localhost:8080 --token mytoken --wallet primary |
address |
Get wallet address | address |
balance |
Get wallet balance | balance |
balance-detail |
Detailed balance (EOA, Gateway, Circle) | balance-detail |
deposit |
Deposit USDC to Gateway | deposit --amount 5 |
withdraw |
Withdraw to Circle wallet | withdraw --amount 2 |
withdraw-trustless |
Trustless withdraw (~7-day fallback) | withdraw-trustless --amount 2 |
withdraw-trustless-complete |
Complete trustless withdraw after delay | withdraw-trustless-complete |
pay |
Make payment | pay --recipient 0x... --amount 5 |
simulate |
Simulate payment | simulate --recipient 0x... --amount 5 |
serve |
Expose x402 payment gate | serve --price 0.01 --endpoint /api --exec "echo hello" |
status |
Agent status | status |
ping |
Health check | ping |
ledger |
Transaction history | ledger --limit 20 |
Copy and edit examples/policy-simple.json:
For full policy options, see docs/POLICY_REFERENCE.md
{
"version": "2.0",
"tokens": {
"YOUR_AGENT_TOKEN": {
"wallet_alias": "primary",
"active": true,
"label": "Your Agent Name"
}
},
"wallets": {
"primary": {
"name": "Primary Wallet",
"limits": {
"daily_max": "100.00",
"per_tx_max": "50.00"
},
"recipients": {
"mode": "allow_all"
}
}
}
}| Variable | Required | Description |
|---|---|---|
OMNICLAW_PRIVATE_KEY |
Yes | Agent's private key for signing |
OMNICLAW_AGENT_TOKEN |
Yes | Token matching policy.json |
OMNICLAW_AGENT_POLICY_PATH |
Yes | Path to policy.json |
OMNICLAW_NETWORK |
No | Network (ETH-SEPOLIA, ETH-MAINNET) |
OMNICLAW_ENV |
No | Set to "production" for mainnet |
OMNICLAW_RPC_URL |
No | RPC endpoint for on-chain ops |
CIRCLE_API_KEY |
Yes | Circle API key |
OMNICLAW_SERVER_URL |
No | CLI server URL (for configure) |
- docs/agent-getting-started.md - Agent setup walkthrough
- docs/agent-skills.md - Skill instructions for AI agents
- docs/FEATURES.md - Full feature documentation
MIT — © 2026 Omnuron AI. See LICENSE for details.