MultiClaw
A portable desktop application for authorizing AI agent payments. Delegate spending authority without sharing private keys.
What is MultiClaw?
MultiClaw is a standalone desktop app that acts as a payment authorization oracle for AI agents. When your agents encounter x402 paywalls or receive A2A x402 requests, they seek authorization from MultiClaw. You approve or deny in the app, and MultiClaw signs payment headers using your wallet — your keys never leave the device.
Key features:
- Wide x402 support — v1/v2 HTTP x402 and A2A x402 (direct JSON payloads)
- Key isolation — agents receive tokens with spending limits, not your private keys
- Spend policies — daily caps, per-request limits, auto-approve thresholds, domain restrictions
- Multi-agent support — register unlimited agents, each with their own policy and wallet assignment
- Bearer and HMAC auth — simple token-based auth or cryptographic signatures
- AP2 Intent Mandates — generate signed credentials for merchant verification
- Flexible deployment — download as a portable executable (no install required) or install via
pip install multiclaw
Interfaces
MultiClaw provides four ways to interact:
| Mode | Launch | Use Case |
|---|---|---|
| CLI (default) | multiclaw |
Interactive REPL or single commands. Connects to running GUI/daemon automatically. |
| GUI | multiclaw --gui |
Desktop application with visual interface and approval dialogs. Also serves as daemon for CLI. |
| Headless | multiclaw --headless |
Background daemon with no UI. Accepts CLI connections. Ideal for servers and automation. |
| Console | File → Console in GUI | Terminal window within the GUI for quick commands. |
The built-in console (File → Console) accepts all CLI commands from within the GUI.
CLI and Console share the same command set. See Commands Reference for details.
Getting Started
1. Install
Option A — pip (recommended for CLI/headless use):
# CLI and headless only
pip install multiclaw
# Full GUI included
pip install multiclaw[gui]Then run multiclaw from any terminal. No further setup needed.
Option B — Standalone executable: Download the latest MultiClaw.exe from GitHub Releases. Double-click to launch GUI mode, or run from a terminal for CLI access. No installation required — runs from USB.
2. Create a Wallet
On first launch, create a new wallet or import an existing seed phrase. The wallet is encrypted with AES-256-GCM using your password.
# CLI mode
wallet create mywallet
seed create
address create S001 0 "Agent Funding"3. Fund Your Wallet
Send USDC to your wallet address on a supported network (SKALE, Base, Base Sepolia). The app shows your balance across all networks.
4. Create a Spend Policy
Define spending rules:
# CLI mode
policy create standard --day 100 --txn 10 --auto 1- Daily limit — maximum total spending per day
- Per-request max — maximum single payment amount
- Auto-approve below — payments under this amount are signed automatically
- Domain restrictions — allowlist or blocklist specific domains
5. Register an Agent
Create a new agent and choose an authentication mode:
# CLI mode
agent register "My Claude Agent" --auth hmac- HMAC (recommended) — agent signs requests with a shared secret
- Bearer — agent sends a static token (simpler, less secure)
Copy the agent credentials to your AI agent's environment.
6. Commission the Agent
Assign a wallet and spend policy to the agent:
# CLI mode
agent commission XK7M2P standard A001
Commissioning an agent with wallet and spend policy assignment.
7. Start the Server
# CLI mode
server start
# GUI mode
# Click "Start Server" in Network tabAgent Integration
Agents communicate with MultiClaw via HTTP on localhost:9402. When an agent hits an x402 paywall:
- Agent receives HTTP 402 with
Payment-Requiredheader - Agent forwards the header to
POST /sign - MultiClaw validates against policy, signs if allowed
- Agent receives signed payment header
- Agent retries original request with payment header
Bearer Mode Example
POST http://localhost:9402/sign
Content-Type: application/json
{
"agent_code": "ABC123",
"signature": "AT_your_token_here",
"payment_required": "eyJhY2NlcHRzIjpbey4uLn1d",
"request_url": "https://api.example.com/resource"
}Response (Success)
{
"status": "success",
"header_name": "X-PAYMENT-RESPONSE",
"header_value": "eyJ4NDAyVmVyc2lvbiI6Mn0...",
"transaction_id": "abc123..."
}Manual Approval
When a payment exceeds the auto-approve threshold, MultiClaw returns status: pending with a request_id. A dialog appears in the app for you to approve or deny. The agent polls GET /sign/status/{request_id} until resolved.
Endpoints
| Endpoint | Method | Purpose |
|---|---|---|
/health |
GET | Check if MultiClaw is running |
/sign |
POST | Request payment authorization |
/sign/status/{id} |
GET | Poll for manual approval result |
/mandate |
POST | Get agent's policy limits and Intent Mandate |
/callback |
POST | Report transaction settlement |
/receipt/{id} |
GET | Fetch AP2-formatted receipt |
/agent |
GET | Agent setup instructions |
Transaction history showing signed payments and settlement status.
Spend Policies
Policies define what an agent can spend. Each agent is assigned exactly one policy.
Limits
- Daily limit — maximum spending per calendar day. Agent status changes to "limit_reached" when exhausted.
- Per-request max — requests exceeding this are rejected outright.
- Auto-approve threshold — payments below this are signed without prompting. Set to 0 for manual-only.
Domain Restrictions
- Allowed domains — if set, only these domains can receive payments
- Blocked domains — these domains are always rejected
Domain matching includes subdomains: stripe.com matches api.stripe.com.
Authentication Modes
HMAC Mode (Recommended)
Agent signs each request with HMAC-SHA256 using a shared secret. The signature includes a timestamp for replay protection (5-minute window by default).
signature: "SIG:1707823845:abc123def456..."More secure — the shared secret is never transmitted.
Bearer Mode
Agent sends a static token with each request.
signature: "AT_abc123def456..."Simpler for agents that can't do cryptographic signing. Use idempotency_key to make multiple payments to the same endpoint.
Intent Mandates (AP2)
An Intent Mandate is a signed credential documenting your authorization of an agent. You can:
- Generate when commissioning an agent
- Publish to the AP2 Registry for merchant verification
- Share the mandate ID with merchants who want to verify authorization
The mandate includes:
- Agent code and auth fingerprint
- Spending limits (daily, per-request, auto-approve)
- Allowed networks
- Wallet address
- Your cryptographic signature
Privacy-sensitive fields (agent name, policy name, domain restrictions) are intentionally omitted from the public mandate.
Security
Wallet Encryption
Wallets are encrypted with AES-256-GCM. Key derivation uses Argon2id (64MB memory, 3 iterations, 4 threads). Each wallet has a unique salt and IV.
Agent Secrets
HMAC shared secrets are encrypted with your wallet password. Bearer tokens are stored as SHA-256 hashes — the plaintext token is shown once during registration.
Key Isolation
Agents never receive private keys. They receive a code and token that authorize them to request signatures. All signing happens locally in MultiClaw.
Single Instance
Only one MultiClaw instance runs per data directory. A second launch (CLI or GUI) automatically connects to the running instance — changes appear live in both. If you run MultiClaw from two different folders, each manages its own independent state and they will not interfere with each other.
Rate Limiting
The server limits requests to 300/minute per IP.
Settlement Verification
Enable "Verify settlements" in Network settings to confirm payments on-chain:
- Agent reports settlement via
/callbackwith tx_hash - MultiClaw queries the network RPC for the transaction receipt
- Transaction status updates to "verified" (success) or "failed" (reverted)
Configure custom RPC endpoints per network in the Network tab.
Supported Networks
| Network | Chain ID | Type |
|---|---|---|
| SKALE Base | 1187947933 | Mainnet (gasless) |
| SKALE Base Sepolia | 324705682 | Testnet (gasless) |
| Base | 8453 | Mainnet |
| Base Sepolia | 84532 | Testnet |
| Ethereum | 1 | Mainnet |
| Ethereum Sepolia | 11155111 | Testnet |
Toggle networks on/off in the Network tab. Disabled networks reject all payment requests.