{ "schemaVersion": "1.0", "item": { "slug": "everclaw-inference", "name": "Everclaw β€” Inference You Own", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/DavidAJohnston/everclaw-inference", "canonicalUrl": "https://clawhub.ai/DavidAJohnston/everclaw-inference", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/everclaw-inference", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=everclaw-inference", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "README.md", "SKILL.md", "templates/openclaw-config-mac.json", "templates/openclaw-config-gateway-only.json", "templates/openclaw-config-linux.json" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/everclaw-inference" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/everclaw-inference", "agentPageUrl": "https://openagent3.xyz/skills/everclaw-inference/agent", "manifestUrl": "https://openagent3.xyz/skills/everclaw-inference/agent.json", "briefUrl": "https://openagent3.xyz/skills/everclaw-inference/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "πŸ€– Agent Setup Instructions", "body": "If your human asks you to set up Everclaw / Morpheus inference, follow these steps exactly." }, { "title": "Quick Setup (Gateway Only β€” easiest)", "body": "node ~/.openclaw/workspace/skills/everclaw/scripts/setup.mjs --template gateway-only --key --apply --test --restart" }, { "title": "Full Setup (Local P2P + Gateway)", "body": "node ~/.openclaw/workspace/skills/everclaw/scripts/setup.mjs --key --apply --test --restart" }, { "title": "What setup.mjs does:", "body": "Detects OS β†’ picks the right config template (mac/linux/gateway-only)\nDeep-merges Morpheus providers into existing openclaw.json (preserves all other config)\nSubstitutes the API key into the mor-gateway provider\nUpdates auth-profiles.json with the new provider credentials\nTests gateway connectivity (with --test)\nRestarts OpenClaw gateway (with --restart)" }, { "title": "Flags:", "body": "FlagWhat it does--template Override OS auto-detection (mac, linux, gateway-only)--key Morpheus API Gateway key (free from app.mor.org)--applyWrite changes (default is dry-run)--testPing gateway after setup--restartRestart OpenClaw gateway after apply" }, { "title": "⚠️ Critical Guardrails", "body": "NEVER use everclaw/ as a model prefix. Everclaw is a skill, not a provider. Use morpheus/ or mor-gateway/.\nAlways dry-run first (omit --apply) to preview changes before writing.\nDon't edit openclaw.json by hand when setup.mjs can do it β€” the merge logic handles edge cases.\nAPI keys: Get a free key at https://app.mor.org β€” don't use the community bootstrap key for production." }, { "title": "Getting an API key:", "body": "Go to https://app.mor.org\nCreate an account and sign in\nClick \"Create API Key\" and enable automation\nPass the key to setup.mjs with --key" }, { "title": "♾️ Everclaw β€” AI Inference You Own, Forever Powering Your OpenClaw Agents", "body": "Powered by Morpheus AI\n\nOpen-source first. GLM-5 handles everything β€” Claude is the escape hatch, not the default. Access GLM-5, GLM-4.7 Flash, Kimi K2.5, and 30+ models with inference you own. Everclaw connects your OpenClaw agent to the Morpheus P2P network β€” stake MOR tokens, open sessions, and recycle your stake for persistent, self-sovereign access to AI.\n\nπŸ“¦ ClawHub: clawhub install everclaw-inference β€” clawhub.ai/EverClaw/everclaw-inference\n⚠️ Name Collision Warning: A different product (\"Everclaw Vault\") uses the bare everclaw slug on ClawHub. Always use everclaw-inference β€” never clawhub install everclaw or clawhub update everclaw. See CLAWHUB_WARNING.md for details." }, { "title": "Prerequisites", "body": "Before installing EverClaw, ensure you have the following:\n\nDependencyHow to InstallRequired ForHomebrew (macOS)/bin/bash -c \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"Package managerNode.js (v18+)brew install nodeBootstrap scripts, proxyGitbrew install gitSkill installationOpenClawcurl -fsSL https://get.openclaw.ai | bashAgent runtime" }, { "title": "Quick Check", "body": "Run this to verify your environment:\n\ncurl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-with-deps.sh | bash -s -- --check-only" }, { "title": "One-Line Install", "body": "curl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-with-deps.sh | bash\n\nThis will:\n\nCheck for all required dependencies\nPrompt to install any missing ones\nClone EverClaw to ~/.openclaw/workspace/skills/everclaw\nBootstrap a free GLM-5 starter key (1,000 requests/day)\nOptionally install the Morpheus proxy-router for P2P inference" }, { "title": "New to OpenClaw?", "body": "If you don't have OpenClaw installed yet:\n\n# Install OpenClaw first\ncurl -fsSL https://get.openclaw.ai | bash\n\n# Then install EverClaw\ncurl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-with-deps.sh | bash" }, { "title": "How It Works", "body": "Get MOR tokens on Base β€” swap from ETH/USDC via Uniswap or Aerodrome (see below)\nYou run a proxy-router (Morpheus Lumerin Node) locally as a consumer\nThe router connects to Base mainnet and discovers model providers\nYou stake MOR tokens to open a session with a provider (MOR is locked, not spent)\nYou send inference requests to http://localhost:8082/v1/chat/completions\nWhen the session ends, your MOR is returned (minus tiny usage fees)\nRe-stake the returned MOR into new sessions β†’ persistent inference you own" }, { "title": "Agent Integration (Recommended Path)", "body": "If you are an AI agent (OpenClaw, Claude, etc.), use the OpenAI-compatible proxy for all Morpheus inference. Do NOT use the bash scripts (session.sh, chat.sh) -- the proxy handles sessions, auth, and model routing automatically." }, { "title": "Send Inference", "body": "curl http://127.0.0.1:8083/v1/chat/completions \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer morpheus-local\" \\\n -d '{\"model\": \"kimi-k2.5\", \"messages\": [{\"role\": \"user\", \"content\": \"Hello\"}], \"stream\": false}'" }, { "title": "List Available Models", "body": "curl http://127.0.0.1:8083/v1/models" }, { "title": "Health Check", "body": "curl http://127.0.0.1:8083/health\n\nThe proxy (port 8083) auto-opens blockchain sessions, auto-renews before expiry, and injects all required auth headers. The bash scripts (session.sh, chat.sh) are available for manual debugging but should not be used for agent integration.\n\nSee Section 12 for full proxy documentation." }, { "title": "Getting MOR Tokens", "body": "You need MOR on Base to stake for inference. If you already have ETH, USDC, or USDT on Base:\n\n# Swap ETH for MOR\nbash skills/everclaw/scripts/swap.sh eth 0.01\n\n# Swap USDC for MOR\nbash skills/everclaw/scripts/swap.sh usdc 50\n\nOr swap manually on a DEX:\n\nUniswap: MOR/ETH on Base\nAerodrome: MOR swap on Base\n\nDon't have anything on Base yet? Buy ETH on Coinbase, withdraw to Base, then swap to MOR. See references/acquiring-mor.md for the full guide.\n\nHow much do you need? MOR is staked, not spent β€” you get it back. 50-100 MOR is enough for daily use. 0.005 ETH covers months of Base gas fees." }, { "title": "Architecture", "body": "Agent β†’ proxy-router (localhost:8082) β†’ Morpheus P2P Network β†’ Provider β†’ Model\n ↓\n Base Mainnet (MOR staking, session management)" }, { "title": "Option A: ClawHub (Easiest)", "body": "clawhub install everclaw-inference\n\nTo update: clawhub update everclaw-inference\n\n⚠️ Use everclaw-inference β€” not everclaw. The bare everclaw slug belongs to a different, unrelated product on ClawHub." }, { "title": "Option B: One-Command Installer", "body": "The safe installer handles fresh installs, updates, and ClawHub collision detection:\n\n# Fresh install\ncurl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-everclaw.sh | bash\n\n# Or if you already have the skill:\nbash skills/everclaw/scripts/install-everclaw.sh\n\n# Check for updates\nbash skills/everclaw/scripts/install-everclaw.sh --check" }, { "title": "Option C: Manual Git Clone", "body": "git clone https://github.com/profbernardoj/everclaw.git ~/.openclaw/workspace/skills/everclaw\n\nTo update: cd ~/.openclaw/workspace/skills/everclaw && git pull" }, { "title": "Install the Morpheus Router", "body": "After cloning, install the proxy-router:\n\nbash skills/everclaw/scripts/install.sh\n\nThis downloads the latest proxy-router release for your OS/arch, extracts it to ~/morpheus/, and creates initial config files." }, { "title": "Manual Installation", "body": "Go to Morpheus-Lumerin-Node releases\nDownload the release for your platform (e.g., mor-launch-darwin-arm64.zip)\nExtract to ~/morpheus/\nOn macOS: xattr -cr ~/morpheus/" }, { "title": "Required Files", "body": "After installation, ~/morpheus/ should contain:\n\nFilePurposeproxy-routerThe main binary.envConfiguration (RPC, contracts, ports)models-config.jsonMaps blockchain model IDs to API types.cookieAuto-generated auth credentials" }, { "title": ".env File", "body": "The .env file configures the proxy-router for consumer mode on Base mainnet. Critical variables:\n\n# RPC endpoint β€” MUST be set or router silently fails\nETH_NODE_ADDRESS=https://base-mainnet.public.blastapi.io\nETH_NODE_CHAIN_ID=8453\n\n# Contract addresses (Base mainnet)\nDIAMOND_CONTRACT_ADDRESS=0x6aBE1d282f72B474E54527D93b979A4f64d3030a\nMOR_TOKEN_ADDRESS=0x7431aDa8a591C955a994a21710752EF9b882b8e3\n\n# Wallet key β€” leave blank, inject at runtime via 1Password\nWALLET_PRIVATE_KEY=\n\n# Proxy settings\nPROXY_ADDRESS=0.0.0.0:3333\nPROXY_STORAGE_PATH=./data/badger/\nPROXY_STORE_CHAT_CONTEXT=true\nPROXY_FORWARD_CHAT_CONTEXT=true\nMODELS_CONFIG_PATH=./models-config.json\n\n# Web API\nWEB_ADDRESS=0.0.0.0:8082\nWEB_PUBLIC_URL=http://localhost:8082\n\n# Auth\nAUTH_CONFIG_FILE_PATH=./proxy.conf\nCOOKIE_FILE_PATH=./.cookie\n\n# Logging\nLOG_COLOR=true\nLOG_LEVEL_APP=info\nLOG_FOLDER_PATH=./data/logs\nENVIRONMENT=production\n\n⚠️ ETH_NODE_ADDRESS MUST be set. The router silently connects to an empty string without it and all blockchain operations fail. Also MODELS_CONFIG_PATH must point to your models-config.json." }, { "title": "models-config.json", "body": "⚠️ This file is required. Without it, chat completions fail with \"api adapter not found\".\n\n{\n \"$schema\": \"./internal/config/models-config-schema.json\",\n \"models\": [\n {\n \"modelId\": \"0xb487ee62516981f533d9164a0a3dcca836b06144506ad47a5c024a7a2a33fc58\",\n \"modelName\": \"kimi-k2.5:web\",\n \"apiType\": \"openai\",\n \"apiUrl\": \"\"\n },\n {\n \"modelId\": \"0xbb9e920d94ad3fa2861e1e209d0a969dbe9e1af1cf1ad95c49f76d7b63d32d93\",\n \"modelName\": \"kimi-k2.5\",\n \"apiType\": \"openai\",\n \"apiUrl\": \"\"\n }\n ]\n}\n\n⚠️ Note the format: The JSON uses a \"models\" array with \"modelId\" / \"modelName\" / \"apiType\" / \"apiUrl\" fields. The apiUrl is left empty β€” the router resolves provider endpoints from the blockchain. Add entries for every model you want to use. See references/models.md for the full list." }, { "title": "Secure Launch (1Password)", "body": "The proxy-router needs your wallet private key. Never store it on disk. Inject it at runtime from 1Password:\n\nbash skills/everclaw/scripts/start.sh\n\nOr manually:\n\ncd ~/morpheus\nsource .env\n\n# Retrieve private key from 1Password (never touches disk)\nexport WALLET_PRIVATE_KEY=$(\n OP_SERVICE_ACCOUNT_TOKEN=$(security find-generic-password -a \"YOUR_KEYCHAIN_ACCOUNT\" -s \"op-service-account-token\" -w) \\\n op item get \"YOUR_ITEM_NAME\" --vault \"YOUR_VAULT_NAME\" --fields \"Private Key\" --reveal\n)\n\nexport ETH_NODE_ADDRESS\nnohup ./proxy-router > ./data/logs/router-stdout.log 2>&1 &" }, { "title": "Health Check", "body": "Wait a few seconds, then verify:\n\nCOOKIE_PASS=$(cat ~/morpheus/.cookie | cut -d: -f2)\ncurl -s -u \"admin:$COOKIE_PASS\" http://localhost:8082/healthcheck\n\nExpected: HTTP 200." }, { "title": "Stopping", "body": "bash skills/everclaw/scripts/stop.sh\n\nOr: pkill -f proxy-router" }, { "title": "4. MOR Allowance", "body": "Before opening sessions, approve the Diamond contract to transfer MOR on your behalf:\n\nCOOKIE_PASS=$(cat ~/morpheus/.cookie | cut -d: -f2)\n\ncurl -s -u \"admin:$COOKIE_PASS\" -X POST \\\n \"http://localhost:8082/blockchain/approve?spender=0x6aBE1d282f72B474E54527D93b979A4f64d3030a&amount=1000000000000000000000\"\n\n⚠️ The /blockchain/approve endpoint uses query parameters, not a JSON body. The amount is in wei (1000000000000000000 = 1 MOR). Approve a large amount so you don't need to re-approve frequently." }, { "title": "5. Opening Sessions", "body": "Open a session by model ID (not bid ID):\n\nMODEL_ID=\"0xb487ee62516981f533d9164a0a3dcca836b06144506ad47a5c024a7a2a33fc58\"\n\ncurl -s -u \"admin:$COOKIE_PASS\" -X POST \\\n \"http://localhost:8082/blockchain/models/${MODEL_ID}/session\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"sessionDuration\": 3600}'\n\n⚠️ Always use the model ID endpoint, not the bid ID. Using a bid ID results in \"dial tcp: missing address\"." }, { "title": "Session Duration", "body": "Duration is in seconds: 3600 = 1 hour, 86400 = 1 day\nTwo blockchain transactions occur: approve transfer + open session\nMOR is staked (locked) for the session duration\nWhen the session closes, MOR is returned to your wallet" }, { "title": "Response", "body": "The response includes a sessionId (hex string). Save this β€” you need it for inference." }, { "title": "Using the Script", "body": "# Open a 1-hour session for kimi-k2.5:web\nbash skills/everclaw/scripts/session.sh open kimi-k2.5:web 3600\n\n# List active sessions\nbash skills/everclaw/scripts/session.sh list\n\n# Close a session\nbash skills/everclaw/scripts/session.sh close 0xSESSION_ID_HERE" }, { "title": "⚠️ THE #1 GOTCHA: Headers, Not Body", "body": "session_id and model_id are HTTP headers, not JSON body fields. This is the single most common mistake.\n\nCORRECT:\n\ncurl -s -u \"admin:$COOKIE_PASS\" \"http://localhost:8082/v1/chat/completions\" \\\n -H \"Content-Type: application/json\" \\\n -H \"session_id: 0xYOUR_SESSION_ID\" \\\n -H \"model_id: 0xYOUR_MODEL_ID\" \\\n -d '{\n \"model\": \"kimi-k2.5:web\",\n \"messages\": [{\"role\": \"user\", \"content\": \"Hello, world!\"}],\n \"stream\": false\n }'\n\nWRONG (will fail with \"session not found\"):\n\n# DON'T DO THIS\ncurl -s ... -d '{\n \"model\": \"kimi-k2.5:web\",\n \"session_id\": \"0x...\", # WRONG β€” not a body field\n \"model_id\": \"0x...\", # WRONG β€” not a body field\n \"messages\": [...]\n}'" }, { "title": "Using the Chat Script", "body": "bash skills/everclaw/scripts/chat.sh kimi-k2.5:web \"What is the meaning of life?\"" }, { "title": "Streaming", "body": "Set \"stream\": true in the request body. The response will be Server-Sent Events (SSE)." }, { "title": "7. Closing Sessions", "body": "Close a session to reclaim your staked MOR:\n\ncurl -s -u \"admin:$COOKIE_PASS\" -X POST \\\n \"http://localhost:8082/blockchain/sessions/0xSESSION_ID/close\"\n\nOr use the script:\n\nbash skills/everclaw/scripts/session.sh close 0xSESSION_ID\n\n⚠️ MOR staked in a session is returned when the session closes. Close sessions you're not using to free up MOR for new sessions." }, { "title": "Sessions Are Ephemeral", "body": "⚠️ Sessions are NOT persisted across router restarts. If you restart the proxy-router, you must re-open sessions. The blockchain still has the session, but the router's in-memory state is lost." }, { "title": "Monitoring", "body": "# Check balance (MOR + ETH)\nbash skills/everclaw/scripts/balance.sh\n\n# List sessions\nbash skills/everclaw/scripts/session.sh list" }, { "title": "Session Lifecycle", "body": "Open β†’ MOR is staked, session is active\nActive β†’ Send inference requests using session_id header\nExpired β†’ Session duration elapsed; MOR returned automatically\nClosed β†’ Manually closed; MOR returned immediately" }, { "title": "Re-opening After Restart", "body": "After restarting the router:\n\n# Wait for health check\nsleep 5\n\n# Re-open sessions for models you need\nbash skills/everclaw/scripts/session.sh open kimi-k2.5:web 3600" }, { "title": "9. Checking Balances", "body": "COOKIE_PASS=$(cat ~/morpheus/.cookie | cut -d: -f2)\n\n# MOR and ETH balance\ncurl -s -u \"admin:$COOKIE_PASS\" http://localhost:8082/blockchain/balance | jq .\n\n# Active sessions\ncurl -s -u \"admin:$COOKIE_PASS\" http://localhost:8082/blockchain/sessions | jq .\n\n# Available models\ncurl -s -u \"admin:$COOKIE_PASS\" http://localhost:8082/blockchain/models | jq ." }, { "title": "10. Troubleshooting", "body": "See references/troubleshooting.md for a complete guide. Quick hits:\n\nErrorFixsession not foundUse session_id/model_id as HTTP headers, not body fieldsdial tcp: missing addressOpen session by model ID, not bid IDapi adapter not foundAdd the model to models-config.jsonERC20: transfer amount exceeds balanceClose old sessions to free staked MORSessions gone after restartNormal β€” re-open sessions after restartMorpheusUI conflictsDon't run MorpheusUI and headless router simultaneously" }, { "title": "Key Contract Addresses (Base Mainnet)", "body": "ContractAddressDiamond0x6aBE1d282f72B474E54527D93b979A4f64d3030aMOR Token0x7431aDa8a591C955a994a21710752EF9b882b8e3" }, { "title": "Quick Reference", "body": "ActionCommandInstallbash skills/everclaw/scripts/install.shStartbash skills/everclaw/scripts/start.shStopbash skills/everclaw/scripts/stop.shSwap ETHβ†’MORbash skills/everclaw/scripts/swap.sh eth 0.01Swap USDCβ†’MORbash skills/everclaw/scripts/swap.sh usdc 50Open sessionbash skills/everclaw/scripts/session.sh open [duration]Close sessionbash skills/everclaw/scripts/session.sh close List sessionsbash skills/everclaw/scripts/session.sh listSend promptbash skills/everclaw/scripts/chat.sh \"prompt\"Check balancebash skills/everclaw/scripts/balance.shDiagnosebash skills/everclaw/scripts/diagnose.shDiagnose (config only)bash skills/everclaw/scripts/diagnose.sh --configDiagnose (quick)bash skills/everclaw/scripts/diagnose.sh --quick" }, { "title": "11. Wallet Management (v0.4)", "body": "Everclaw v0.4 includes a self-contained wallet manager that eliminates all external account dependencies. No 1Password, no Foundry, no Safe Wallet β€” just macOS Keychain and Node.js (already bundled with OpenClaw)." }, { "title": "Setup (One Command)", "body": "node skills/everclaw/scripts/everclaw-wallet.mjs setup\n\nThis generates a new Ethereum wallet and stores the private key in your macOS Keychain (encrypted at rest, protected by your login password / Touch ID)." }, { "title": "Import Existing Key", "body": "node skills/everclaw/scripts/everclaw-wallet.mjs import-key 0xYOUR_PRIVATE_KEY" }, { "title": "Check Balances", "body": "node skills/everclaw/scripts/everclaw-wallet.mjs balance\n\nShows ETH, MOR, USDC balances and MOR allowance for the Diamond contract." }, { "title": "Swap ETH/USDC for MOR", "body": "# Swap 0.05 ETH for MOR\nnode skills/everclaw/scripts/everclaw-wallet.mjs swap eth 0.05\n\n# Swap 50 USDC for MOR\nnode skills/everclaw/scripts/everclaw-wallet.mjs swap usdc 50\n\nExecutes onchain swaps via Uniswap V3 on Base. No external tools required β€” uses viem (bundled with OpenClaw)." }, { "title": "Approve MOR for Staking", "body": "node skills/everclaw/scripts/everclaw-wallet.mjs approve\n\nApproves the Morpheus Diamond contract to use your MOR for session staking." }, { "title": "Security Model", "body": "Private key stored in macOS Keychain (encrypted at rest)\nProtected by your login password / Touch ID\nKey is injected at runtime and immediately unset from environment\nKey is never written to disk as a plaintext file\nFor advanced users: 1Password is supported as a fallback (backward compatible)" }, { "title": "Full Command Reference", "body": "CommandDescriptionsetupGenerate wallet, store in KeychainaddressShow wallet addressbalanceShow ETH, MOR, USDC balancesswap eth Swap ETH β†’ MOR via Uniswap V3swap usdc Swap USDC β†’ MOR via Uniswap V3approve [amount]Approve MOR for Morpheus stakingexport-keyPrint private key (use with caution)import-key <0xkey>Import existing private key" }, { "title": "12. OpenAI-Compatible Proxy (v0.2)", "body": "The Morpheus proxy-router requires custom auth (Basic auth via .cookie) and custom HTTP headers (session_id, model_id) that standard OpenAI clients don't support. Everclaw includes a lightweight proxy that bridges this gap." }, { "title": "What It Does", "body": "OpenClaw/any client β†’ morpheus-proxy (port 8083) β†’ proxy-router (port 8082) β†’ Morpheus P2P β†’ Provider\n\nAccepts standard OpenAI /v1/chat/completions requests\nAuto-opens blockchain sessions on demand (no manual session management)\nAuto-renews sessions before expiry (default: 1 hour before)\nInjects Basic auth + session_id/model_id headers automatically\nExposes /health, /v1/models, /v1/chat/completions" }, { "title": "Installation", "body": "bash skills/everclaw/scripts/install-proxy.sh\n\nThis installs:\n\nmorpheus-proxy.mjs β†’ ~/morpheus/proxy/\ngateway-guardian.sh β†’ ~/.openclaw/workspace/scripts/\nlaunchd plists for both (macOS, auto-start on boot)" }, { "title": "Configuration", "body": "Environment variables (all optional, sane defaults):\n\nVariableDefaultDescriptionMORPHEUS_PROXY_PORT8083Port the proxy listens onMORPHEUS_ROUTER_URLhttp://localhost:8082Proxy-router URLMORPHEUS_COOKIE_PATH~/morpheus/.cookiePath to auth cookieMORPHEUS_SESSION_DURATION604800 (7 days)Session duration in secondsMORPHEUS_RENEW_BEFORE3600 (1 hour)Renew session this many seconds before expiryMORPHEUS_PROXY_API_KEYmorpheus-localBearer token for proxy auth" }, { "title": "Session Duration", "body": "Sessions stake MOR tokens for their duration. Longer sessions = more MOR locked but fewer blockchain transactions:\n\nDurationMOR Staked (approx)Transactions1 hour~0.011 MOREvery hour1 day~0.274 MORDaily7 days~1.9 MORWeekly\n\nMOR is returned when the session closes or expires. The proxy auto-renews before expiry, so you get continuous inference with minimal staking overhead." }, { "title": "Health Check", "body": "curl http://127.0.0.1:8083/health" }, { "title": "Available Models", "body": "curl http://127.0.0.1:8083/v1/models" }, { "title": "Direct Usage (without OpenClaw)", "body": "curl http://127.0.0.1:8083/v1/chat/completions \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer morpheus-local\" \\\n -d '{\n \"model\": \"kimi-k2.5\",\n \"messages\": [{\"role\": \"user\", \"content\": \"Hello!\"}],\n \"stream\": false\n }'" }, { "title": "Reliability Notes", "body": "kimi-k2.5 (non-web) is the most reliable model β€” recommended as primary fallback\nkimi-k2.5:web (web search variant) tends to timeout on P2P routing β€” avoid for fallback use\nProvider connection resets are transient β€” retries usually succeed\nThe proxy itself runs as a KeepAlive launchd service β€” auto-restarts if it crashes" }, { "title": "Proxy Resilience (v0.5)", "body": "v0.5 adds three critical improvements to the proxy that prevent prolonged outages caused by cooldown cascades β€” where both primary and fallback providers become unavailable simultaneously.\n\nProblem: Cooldown Cascades\n\nWhen a primary provider (e.g., Venice) returns a billing error, OpenClaw's failover engine marks that provider as \"in cooldown.\" If the Morpheus proxy also returns errors that OpenClaw misclassifies as billing errors, both providers enter cooldown and the agent goes completely offline β€” sometimes for 6+ hours.\n\nFix 1: OpenAI-Compatible Error Classification\n\nThe proxy now returns errors in the exact format OpenAI uses, with proper type and code fields:\n\n{\n \"error\": {\n \"message\": \"Morpheus session unavailable: ...\",\n \"type\": \"server_error\",\n \"code\": \"morpheus_session_error\",\n \"param\": null\n }\n}\n\nKey distinction: All Morpheus infrastructure errors are typed as \"server_error\" β€” never \"billing\" or \"rate_limit_error\". This ensures OpenClaw treats them as transient failures and retries appropriately, instead of putting the provider into extended cooldown.\n\nError codes returned by the proxy:\n\nCodeMeaningmorpheus_session_errorFailed to open or refresh a blockchain sessionmorpheus_inference_errorProvider returned an error during inferencemorpheus_upstream_errorConnection error to the proxy-routertimeoutInference request exceeded the time limitmodel_not_foundRequested model not in MODEL_MAP\n\nFix 2: Automatic Session Retry\n\nWhen the proxy-router returns a session-related error (expired, invalid, not found, closed), the proxy now:\n\nInvalidates the cached session\nOpens a fresh blockchain session\nRetries the inference request once\n\nThis handles the common case where the proxy-router restarts and loses its in-memory session state, or when a long-running session expires mid-request.\n\nFix 3: Multi-Tier Fallback Chain\n\nConfigure OpenClaw with multiple fallback models across providers:\n\n{\n \"agents\": {\n \"defaults\": {\n \"model\": {\n \"primary\": \"venice/claude-opus-4-6\",\n \"fallbacks\": [\n \"venice/claude-opus-45\", // Try different Venice model first\n \"venice/kimi-k2-5\", // Try yet another Venice model\n \"morpheus/kimi-k2.5\" // Last resort: decentralized inference\n ]\n }\n }\n }\n}\n\nThis way, if the primary model has billing issues, OpenClaw tries other models on the same provider (which may have separate rate limits) before falling back to Morpheus. The cascade is:\n\nvenice/claude-opus-4-6 (primary) β†’ billing error\nvenice/claude-opus-45 (fallback 1) β†’ tries a different model on Venice\nvenice/kimi-k2-5 (fallback 2) β†’ tries open-source model on Venice\nmorpheus/kimi-k2.5 (fallback 3) β†’ decentralized inference, always available if MOR is staked" }, { "title": "13. OpenClaw Integration (v0.2)", "body": "Configure OpenClaw to use Morpheus as a fallback provider so your agent keeps running when primary API credits run out." }, { "title": "Step 1: Add Morpheus Provider", "body": "Add to your openclaw.json via config patch or manual edit:\n\n{\n \"models\": {\n \"providers\": {\n \"morpheus\": {\n \"baseUrl\": \"http://127.0.0.1:8083/v1\",\n \"apiKey\": \"morpheus-local\",\n \"api\": \"openai-completions\",\n \"models\": [\n {\n \"id\": \"kimi-k2.5\",\n \"name\": \"Kimi K2.5 (via Morpheus)\",\n \"reasoning\": true,\n \"input\": [\"text\"],\n \"cost\": { \"input\": 0, \"output\": 0, \"cacheRead\": 0, \"cacheWrite\": 0 },\n \"contextWindow\": 131072,\n \"maxTokens\": 8192\n },\n {\n \"id\": \"kimi-k2-thinking\",\n \"name\": \"Kimi K2 Thinking (via Morpheus)\",\n \"reasoning\": true,\n \"input\": [\"text\"],\n \"cost\": { \"input\": 0, \"output\": 0, \"cacheRead\": 0, \"cacheWrite\": 0 },\n \"contextWindow\": 131072,\n \"maxTokens\": 8192\n },\n {\n \"id\": \"glm-4.7-flash\",\n \"name\": \"GLM 4.7 Flash (via Morpheus)\",\n \"reasoning\": false,\n \"input\": [\"text\"],\n \"cost\": { \"input\": 0, \"output\": 0, \"cacheRead\": 0, \"cacheWrite\": 0 },\n \"contextWindow\": 131072,\n \"maxTokens\": 8192\n }\n ]\n }\n }\n }\n}" }, { "title": "Step 2: Set as Fallback", "body": "Configure a multi-tier fallback chain (recommended since v0.5):\n\n{\n \"agents\": {\n \"defaults\": {\n \"model\": {\n \"primary\": \"venice/claude-opus-4-6\",\n \"fallbacks\": [\n \"venice/claude-opus-45\", // Different model, same provider\n \"venice/kimi-k2-5\", // Open-source model, same provider\n \"morpheus/kimi-k2.5\" // Decentralized fallback\n ]\n },\n \"models\": {\n \"venice/claude-opus-45\": { \"alias\": \"Claude Opus 4.5\" },\n \"venice/kimi-k2-5\": { \"alias\": \"Kimi K2.5\" },\n \"morpheus/kimi-k2.5\": { \"alias\": \"Kimi K2.5 (Morpheus)\" },\n \"morpheus/kimi-k2-thinking\": { \"alias\": \"Kimi K2 Thinking (Morpheus)\" },\n \"morpheus/glm-4.7-flash\": { \"alias\": \"GLM 4.7 Flash (Morpheus)\" }\n }\n }\n }\n}\n\n⚠️ Why multi-tier? A single fallback creates a single point of failure. If both the primary provider and the single fallback enter cooldown simultaneously (e.g., billing error triggers cooldown on both), your agent goes offline. Multiple fallback tiers across different models and providers ensure at least one path remains available." }, { "title": "Step 3: Add Auth Profiles", "body": "OpenClaw supports multiple API keys per provider with automatic rotation. When one key's credits run out (billing error), OpenClaw disables that key only and rotates to the next one β€” same model, fresh credits. This is the single most effective way to prevent downtime.\n\nSingle Key (Minimum Setup)\n\nAdd to ~/.openclaw/agents/main/agent/auth-profiles.json:\n\n{\n \"venice:default\": {\n \"type\": \"api_key\",\n \"provider\": \"venice\",\n \"key\": \"VENICE-INFERENCE-KEY-YOUR_KEY_HERE\"\n },\n \"morpheus:default\": {\n \"type\": \"api_key\",\n \"provider\": \"morpheus\",\n \"key\": \"morpheus-local\"\n }\n}\n\nMultiple Keys (Recommended β€” v0.9.1)\n\nIf you have multiple Venice API keys (e.g., from different accounts or plans), add them all as separate profiles. Order them from most credits to least:\n\nauth-profiles.json:\n\n{\n \"version\": 1,\n \"profiles\": {\n \"venice:key1\": {\n \"type\": \"api_key\",\n \"provider\": \"venice\",\n \"key\": \"VENICE-INFERENCE-KEY-YOUR_PRIMARY_KEY\"\n },\n \"venice:key2\": {\n \"type\": \"api_key\",\n \"provider\": \"venice\",\n \"key\": \"VENICE-INFERENCE-KEY-YOUR_SECOND_KEY\"\n },\n \"venice:key3\": {\n \"type\": \"api_key\",\n \"provider\": \"venice\",\n \"key\": \"VENICE-INFERENCE-KEY-YOUR_THIRD_KEY\"\n },\n \"morpheus:default\": {\n \"type\": \"api_key\",\n \"provider\": \"morpheus\",\n \"key\": \"morpheus-local\"\n }\n }\n}\n\nopenclaw.json β€” register the profiles and set explicit rotation order:\n\n{\n \"auth\": {\n \"profiles\": {\n \"venice:key1\": { \"provider\": \"venice\", \"mode\": \"api_key\" },\n \"venice:key2\": { \"provider\": \"venice\", \"mode\": \"api_key\" },\n \"venice:key3\": { \"provider\": \"venice\", \"mode\": \"api_key\" },\n \"morpheus:default\": { \"provider\": \"morpheus\", \"mode\": \"api_key\" }\n },\n \"order\": {\n \"venice\": [\"venice:key1\", \"venice:key2\", \"venice:key3\"]\n }\n }\n}\n\n⚠️ auth.order is critical. Without it, OpenClaw uses round-robin (oldest-used first), which may not match your credit balances. With an explicit order, keys are tried in the exact sequence you specify β€” highest credits first.\n\nHow Multi-Key Rotation Works\n\nOpenClaw's auth engine handles rotation automatically:\n\nSession stickiness: A key is pinned per session to keep provider caches warm. It won't flip-flop mid-conversation.\nBilling disable: When a key returns a billing/credit error, that profile is disabled with exponential backoff (starts at 5 hours). Other profiles for the same provider remain active.\nRotation on failure: After disabling a profile, OpenClaw immediately tries the next key in auth.order. Same model, same provider β€” just fresh credits.\nModel fallback: Only after ALL profiles for Venice are disabled does OpenClaw move to the next model in the fallback chain (e.g., Morpheus).\nAuto-recovery: Disabled profiles auto-recover after backoff expires. If credits refill (e.g., daily reset), the profile becomes available again.\n\nVenice DIEM Credits\n\nVenice uses \"DIEM\" as its internal credit unit (1 DIEM β‰ˆ $1 USD). Each API key has its own DIEM balance. Credits appear to reset daily. Expensive models drain credits faster:\n\nModelInput CostOutput Cost~Messages per 10 DIEMClaude Opus 4.66 DIEM/M tokens30 DIEM/M tokens~5-10Claude Opus 4.56 DIEM/M tokens30 DIEM/M tokens~5-10Kimi K2.50.75 DIEM/M tokens3.75 DIEM/M tokens~50-100GLM 4.7 Flash0.125 DIEM/M tokens0.5 DIEM/M tokens~500+\n\nTip: With multiple keys, the agent can stay on Claude Opus across key rotations. Without multi-key, it would fall to cheaper models or Morpheus after one key's credits run out." }, { "title": "Failover Behavior (v0.9.1)", "body": "The complete failover chain with multi-key rotation:\n\nKey rotation within Venice β€” Key 1 credits exhausted β†’ billing disable on that profile only β†’ immediately rotates to Key 2 β†’ Key 3 β†’ etc. Same model, fresh credits.\nModel fallback β€” Only after ALL Venice keys are disabled β†’ tries venice/claude-opus-45 (all keys again) β†’ venice/kimi-k2-5 (all keys) β†’ morpheus/kimi-k2.5\nMorpheus fallback β€” The proxy auto-opens a 7-day Morpheus session (if none exists). Inference routes through the Morpheus P2P network.\nGateway Guardian v4 β€” If all providers enter cooldown despite multi-key rotation β†’ classifies error (billing vs transient) β†’ billing: backs off + notifies owner (restart is useless for empty credits) β†’ transient: restarts gateway (clears cooldowns) β†’ nuclear reinstall if needed. Proactively monitors Venice DIEM balance.\nAuto-recovery β€” When credits refill (daily reset) or backoff expires, OpenClaw switches back to Venice automatically.\n\nExample with 6 keys (246 DIEM total):\n\nvenice:key1 (98 DIEM) β†’ venice:key2 (50 DIEM) β†’ venice:key3 (40 DIEM) β†’\nvenice:key4 (26 DIEM) β†’ venice:key5 (20 DIEM) β†’ venice:key6 (12 DIEM) β†’\nmorpheus/kimi-k2.5 (owned, staked MOR) β†’ mor-gateway/kimi-k2.5 (community gateway)\n\nv0.5 improvement: The Morpheus proxy returns \"server_error\" type errors (not billing errors), so OpenClaw won't put the Morpheus provider into extended cooldown due to transient infrastructure issues. If a Morpheus session expires mid-request, the proxy automatically opens a fresh session and retries once." }, { "title": "Venice Key Health Monitor (v2.0)", "body": "OpenClaw's billing error detection has pattern gaps with Venice-specific error messages. Two known gaps:\n\nBalance depletion: Venice returns \"Insufficient USD or Diem balance to complete request\" but OpenClaw checks for \"insufficient balance\" (adjacent words). Since \"USD or Diem\" separates \"insufficient\" from \"balance\", the pattern fails.\nPer-key spend limit: Venice returns \"API key DIEM spend limit exceeded. Your account may still have DIEM balance, but this API key has reached its configured DIEM spending limit.\" β€” OpenClaw has no pattern for \"spend limit\" at all.\n\nBoth get classified as \"unknown\" instead of \"billing\", the key gets a 60-second cooldown instead of a billing disable, and the same exhausted key gets retried in a loop.\n\nTwo scripts fix this at the skill level:\n\n1. Proactive Key Health Monitor (venice-key-monitor.sh)\n\nPeriodically probes every Venice API key's DIEM/USD balance via a cheap GLM-4.7-Flash inference call (costs ~0.0001 DIEM). Reads the x-venice-balance-diem or x-venice-balance-usd response header and disables depleted keys by writing disabledUntil + disabledReason: \"billing\" directly to auth-profiles.json.\n\n# Check all keys and disable depleted ones\nbash skills/everclaw/scripts/venice-key-monitor.sh\n\n# Report balances without making changes\nbash skills/everclaw/scripts/venice-key-monitor.sh --status\n\n# Custom depletion threshold (default: 1 DIEM)\nbash skills/everclaw/scripts/venice-key-monitor.sh --threshold 5\n\nCron: Runs every 2 hours. Pre-empts the problem before the agent ever tries an empty key.\n\n2. Reactive 402 Watchdog (venice-402-watchdog.sh)\n\nMonitors auth-profiles.json for Venice keys with rapid failures that aren't properly billing-disabled (the telltale sign of OpenClaw's pattern gap). When detected, immediately disables the offending key and identifies the next healthy key.\n\n# One-shot scan (check recent failures)\nbash skills/everclaw/scripts/venice-402-watchdog.sh\n\n# Run as daemon (continuous monitoring every 30s)\nbash skills/everclaw/scripts/venice-402-watchdog.sh --daemon\n\nCron: Runs every 5 minutes. Catches billing errors in near-real-time that the proactive monitor might miss between its 2-hour checks.\n\nDetection Patterns (what OpenClaw misses)\n\nVenice ErrorOpenClaw PatternMatch?Insufficient USD or Diem balance to complete request\"insufficient balance\"❌ No β€” words not adjacentAPI key DIEM spend limit exceeded(none)❌ No pattern exists402 Payment Required/status.*402/βœ… Only if status code preservedInsufficient credits\"insufficient credits\"βœ…\n\nThe watchdog catches the first two patterns (the most common Venice billing errors) that OpenClaw's text matching misses.\n\nState Files\n\nFilePurpose~/.openclaw/logs/venice-key-balances.jsonLast balance check results per key~/.openclaw/logs/venice-402-state.jsonLast watchdog action and rotation state~/.openclaw/logs/venice-key-monitor.logMonitor activity log~/.openclaw/logs/venice-402-watchdog.logWatchdog activity log" }, { "title": "14. Gateway Guardian v5 (v2026.2.21)", "body": "A self-healing, billing-aware watchdog that monitors the OpenClaw gateway and its ability to run inference. Runs every 2 minutes via launchd." }, { "title": "Evolution", "body": "VersionWhat it checkedFatal flawv1HTTP dashboard aliveProviders in cooldown = brain-dead but HTTP 200v2Raw provider URLsProvider APIs always return 200 regardless of internal statev3Through-OpenClaw inference probeBilling exhaustion β†’ restart β†’ instant re-disable = dead loop. Also: set -e + pkill self-kill = silent no-op restartsv4Through-OpenClaw + billing classification + credit monitoringopenclaw agent injected 71K workspace prompt into every probev5Direct curl inference probes + billing classification + credit monitoringCurrent version" }, { "title": "What v5 Fixes Over v4", "body": "Root cause: openclaw agent injected the full 71K workspace system prompt into every health probe. This caused mor-gateway/glm-5 to timeout at 60s (takes ~37s just for the prompt). Worse, failures were delivered to Signal as normal agent replies β€” spamming the user with error messages.\n\nFix: Direct curl to gateway's LiteLLM proxy with a tiny prompt (~50 chars). Uses glm-4.7-flash (fast, lightweight) instead of glm-5. No agent session = no Signal delivery on failure. Errors stay in logs only." }, { "title": "What v4 Fixed Over v3", "body": "Billing-aware escalation β€” Classifies inference errors as billing vs transient vs timeout. Billing errors trigger backoff + notification instead of useless restarts.\nSilent restart bug β€” Replaced set -euo pipefail with set -uo pipefail + explicit ERR trap. Restart failures are now logged instead of silently exiting.\npkill self-kill β€” Hard restart now iterates PIDs and excludes the Guardian's own PID. No more accidentally killing the watchdog.\nProactive credit monitoring β€” Checks Venice DIEM balance via x-venice-balance-diem response header every 10 min. Warns when balance drops below threshold.\nDIEM reset awareness β€” Calculates hours to midnight UTC (when Venice DIEM resets daily). When billing-dead, enters 30-min backoff instead of hammering every 2 min. Auto-clears when UTC day rolls over.\nSignal notifications β€” Notifies owner on: billing exhaustion (with ETA to reset), billing recovery, nuclear restart, and total failure." }, { "title": "How It Works", "body": "Billing backoff gate β€” If in billing-dead state, check if midnight UTC has passed. If yes, re-probe. If no, skip this run (30-min intervals).\nCredit monitoring β€” Every 10 min, makes a cheap Kimi K2.5 call to Venice and reads the x-venice-balance-diem response header. Warns below 15 DIEM.\nCircuit breaker β€” Kills sub-agents stuck >30 min with repeated timeouts.\nHTTP probe β€” Is the gateway process running?\nInference probe β€” Can the agent run inference through the full stack?\nError classification β€” Parses probe output:\n\nbilling β†’ 402, Insufficient DIEM/USD/balance β†’ don't restart, enter billing backoff, notify owner\ntransient β†’ auth cooldown without billing keywords β†’ restart (clears cooldown)\ntimeout β†’ probe timed out β†’ restart\nunknown β†’ restart (safe default)\n\n\nFour-stage restart escalation (for non-billing errors only):\n\nopenclaw gateway restart (graceful β€” resets cooldown state)\nHard kill (excludes own PID) β†’ launchd KeepAlive\nlaunchctl kickstart -k\nπŸ”΄ NUCLEAR: curl -fsSL https://clawd.bot/install.sh | bash" }, { "title": "Recommended Config", "body": "Pair with reduced billing backoff in openclaw.json to minimize downtime:\n\n{\n \"auth\": {\n \"cooldowns\": {\n \"billingBackoffHoursByProvider\": { \"venice\": 1 },\n \"billingMaxHours\": 6,\n \"failureWindowHours\": 12\n }\n }\n}" }, { "title": "Installation", "body": "Included in install-proxy.sh, or manually:\n\ncp skills/everclaw/scripts/gateway-guardian.sh ~/.openclaw/workspace/scripts/\nchmod +x ~/.openclaw/workspace/scripts/gateway-guardian.sh\n\n# Install launchd plist (macOS)\n# See templates/ai.openclaw.guardian.plist\n\n⚠️ Important: The launchd plist should include OPENCLAW_GATEWAY_TOKEN in its environment variables." }, { "title": "Manual Test", "body": "bash ~/.openclaw/workspace/scripts/gateway-guardian.sh --verbose" }, { "title": "Logs", "body": "tail -f ~/.openclaw/logs/guardian.log" }, { "title": "Configuration", "body": "VariableDefaultDescriptionGATEWAY_PORT18789Gateway port to probePROBE_TIMEOUT8HTTP timeout in secondsINFERENCE_TIMEOUT45Agent probe timeoutFAIL_THRESHOLD2HTTP failures before restartINFERENCE_FAIL_THRESHOLD3Inference failures before escalation (~6 min)BILLING_BACKOFF_INTERVAL1800Seconds between probes when billing-dead (30 min)CREDIT_CHECK_INTERVAL600Seconds between Venice DIEM balance checks (10 min)CREDIT_WARN_THRESHOLD15DIEM balance warning thresholdMAX_STUCK_DURATION_SEC1800Circuit breaker: kill sub-agents stuck >30 minSTUCK_CHECK_INTERVAL300Circuit breaker check interval (5 min)OWNER_SIGNAL+1XXXXXXXXXXSignal number for notificationsSIGNAL_ACCOUNT+1XXXXXXXXXXSignal sender account" }, { "title": "State Files", "body": "FilePurpose~/.openclaw/logs/guardian.stateHTTP failure counter~/.openclaw/logs/guardian-inference.stateInference failure counter~/.openclaw/logs/guardian-circuit-breaker.stateCircuit breaker timestamp~/.openclaw/logs/guardian-billing.stateBilling exhaustion start timestamp (0 = healthy)~/.openclaw/logs/guardian-billing-notified.stateWhether owner was notified (0/1)~/.openclaw/logs/guardian-credit-check.stateLast credit check timestamp~/.openclaw/logs/guardian.logGuardian activity log" }, { "title": "15. Smart Session Archiver (v0.9.4)", "body": "OpenClaw stores every conversation as a .jsonl file in ~/.openclaw/agents/main/sessions/. Over time, these accumulate β€” and when the dashboard loads, it parses all session history into the DOM. At ~17MB (134+ sessions), browsers hit \"Page Unresponsive\" because the renderer chokes on thousands of chat message elements." }, { "title": "The Problem", "body": "The bottleneck isn't raw memory β€” Chrome gives each tab 1.4-4GB of V8 heap. The real limit is DOM rendering performance. Chrome Lighthouse warns at 800 DOM nodes and errors at 1,400. A hundred sessions with tool calls, code blocks, and long conversations easily generate 5,000+ DOM elements. The browser's layout engine can't keep up.\n\nSessions Dir SizeDashboard Behavior< 5 MBβœ… Loads instantly5-10 MB⚑ Slight delay, usable10-15 MB⚠️ Sluggish, noticeable lag15-20 MBπŸ”΄ \"Page Unresponsive\" likely20+ MBπŸ’€ Dashboard won't load" }, { "title": "Solution: Size-Triggered Archiving", "body": "Instead of archiving on a fixed schedule (which may fire too early or too late depending on usage), the session archiver monitors the actual size of the sessions directory and only moves files when they exceed a threshold.\n\nDefault threshold: 10MB β€” provides good headroom before hitting the ~15MB danger zone, without firing unnecessarily on light usage days." }, { "title": "Usage", "body": "# Archive if over threshold (default 10MB)\nbash skills/everclaw/scripts/session-archive.sh\n\n# Check size without archiving\nbash skills/everclaw/scripts/session-archive.sh --check\n\n# Force archive regardless of size\nbash skills/everclaw/scripts/session-archive.sh --force\n\n# Detailed output\nbash skills/everclaw/scripts/session-archive.sh --verbose" }, { "title": "What It Protects", "body": "The archiver never moves:\n\nActive sessions β€” referenced in sessions.json (the index file)\nGuardian health probe β€” guardian-health-probe.jsonl\nRecent sessions β€” keeps the 5 most recent by modification time (configurable via KEEP_RECENT)\n\nEverything else gets moved to sessions/archive/ β€” not deleted. You can always move files back if needed." }, { "title": "Configuration", "body": "VariableDefaultDescriptionARCHIVE_THRESHOLD_MB10Trigger threshold in MBSESSIONS_DIR~/.openclaw/agents/main/sessionsSessions directory pathKEEP_RECENT5Number of recent sessions to always keep" }, { "title": "Cron Integration", "body": "Set up a cron job that runs the archiver periodically. The script is a no-op when under threshold, so it's safe to run frequently:\n\n{\n \"name\": \"Smart session archiver\",\n \"schedule\": { \"kind\": \"cron\", \"expr\": \"0 */6 * * *\", \"tz\": \"America/Chicago\" },\n \"sessionTarget\": \"isolated\",\n \"payload\": {\n \"kind\": \"agentTurn\",\n \"model\": \"morpheus/kimi-k2.5\",\n \"message\": \"Run the smart session archiver: bash skills/everclaw/scripts/session-archive.sh --verbose. Report the results. If sessions were archived, mention the before/after size.\",\n \"timeoutSeconds\": 60\n }\n}\n\nRecommended: every 6 hours. Frequent enough to catch growth spurts, cheap enough to run on the LIGHT tier since it's a no-op most of the time." }, { "title": "Output", "body": "The script outputs a JSON summary for programmatic consumption:\n\n{\"archived\":42,\"freedMB\":8.2,\"beforeMB\":12.4,\"afterMB\":4.2,\"threshold\":10}" }, { "title": "Why 10MB?", "body": "Based on real-world testing: 134 sessions totaling 17MB caused \"Page Unresponsive\" in Chrome, Safari, and Brave on macOS. The dashboard uses a standard web renderer that parses all session JSONL into DOM elements β€” there's no virtualization or lazy loading. 10MB gives ~50% headroom before the ~15-20MB danger zone where most browsers start struggling." }, { "title": "17. x402 Payment Client (v0.7)", "body": "Everclaw v0.7 includes an x402 payment client that lets your agent make USDC payments to any x402-enabled endpoint. The x402 protocol is an HTTP-native payment standard: when a server returns HTTP 402, your agent automatically signs a USDC payment and retries." }, { "title": "How x402 Works", "body": "Agent β†’ request β†’ Server returns 402 + PAYMENT-REQUIRED header\nAgent β†’ parse requirements β†’ sign EIP-712 payment β†’ retry with PAYMENT-SIGNATURE header\nServer β†’ verify signature via facilitator β†’ settle USDC β†’ return resource" }, { "title": "CLI Usage", "body": "# Make a request to an x402-protected endpoint\nnode scripts/x402-client.mjs GET https://api.example.com/data\n\n# Dry-run: see what would be paid without signing\nnode scripts/x402-client.mjs --dry-run GET https://api.example.com/data\n\n# Set max payment per request\nnode scripts/x402-client.mjs --max-amount 0.50 GET https://api.example.com/data\n\n# POST with body\nnode scripts/x402-client.mjs POST https://api.example.com/task '{\"prompt\":\"hello\"}'\n\n# Check daily spending\nnode scripts/x402-client.mjs --budget" }, { "title": "Programmatic Usage", "body": "import { makePayableRequest, createX402Client } from './scripts/x402-client.mjs';\n\n// One-shot request\nconst result = await makePayableRequest(\"https://api.example.com/data\");\n// result.paid β†’ true if 402 was handled\n// result.amount β†’ \"$0.010000\" (USDC)\n// result.body β†’ response content\n\n// Reusable client with budget limits\nconst client = createX402Client({\n maxPerRequest: 0.50, // $0.50 USDC max per request\n dailyLimit: 5.00, // $5.00 USDC per day\n dryRun: false,\n});\n\nconst res = await client.get(\"https://agent-api.example.com/query?q=weather\");\nconst data = await client.post(\"https://agent-api.example.com/task\", { prompt: \"hello\" });\n\n// Check spending\nconsole.log(client.budget());\n// { date: \"2026-02-11\", spent: \"$0.520000\", remaining: \"$4.480000\", limit: \"$5.000000\", transactions: 3 }" }, { "title": "Payment Flow Details", "body": "Request β€” Standard HTTP request to any URL\n402 Detection β€” Server returns HTTP 402 with PAYMENT-REQUIRED header containing JSON payment requirements\nBudget Check β€” Verifies amount against per-request max ($1.00 default) and daily limit ($10.00 default)\nEIP-712 Signing β€” Signs a TransferWithAuthorization (EIP-3009) for USDC on Base using the agent's wallet\nRetry β€” Resends the request with PAYMENT-SIGNATURE header containing the signed payment payload\nSettlement β€” The Coinbase facilitator verifies the signature and settles the USDC transfer\nResponse β€” Server returns the requested resource" }, { "title": "Security", "body": "Private key from 1Password at runtime (never on disk) β€” follows Bagman patterns\nBudget controls prevent runaway spending: $1/request max, $10/day by default\nDry-run mode for testing without signing or spending\nUSDC on Base only β€” no other chains or tokens (EIP-3009 TransferWithAuthorization)\nDaily budget tracking persisted to .x402-budget.json (amounts only, no keys)" }, { "title": "Key Addresses", "body": "ItemAddressUSDC (Base)0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913Coinbase Facilitatorhttps://api.cdp.coinbase.com/platform/v2/x402Base Chain ID8453 (CAIP-2: eip155:8453)" }, { "title": "18. ERC-8004 Agent Registry (v0.7)", "body": "The ERC-8004 protocol provides on-chain registries for agent discovery and trust. Everclaw v0.7 includes a reader that queries the Identity and Reputation registries on Base mainnet." }, { "title": "What Is ERC-8004?", "body": "ERC-8004 defines three registries:\n\nIdentity Registry (ERC-721): Each agent is an NFT with a tokenURI pointing to a registration file containing name, description, services/endpoints, x402 support, and trust signals\nReputation Registry: Clients give structured feedback (value + tags) to agents. Summary scores aggregate across all clients\nValidation Registry: Stake-secured re-execution and zkML verification (read-only in Everclaw)\n\nAgents are discoverable, portable (transferable NFTs), and verifiable across organizational boundaries." }, { "title": "CLI Usage", "body": "# Look up an agent by ID\nnode scripts/agent-registry.mjs lookup 1\n\n# Get reputation data\nnode scripts/agent-registry.mjs reputation 1\n\n# Full discovery (identity + registration file + reputation)\nnode scripts/agent-registry.mjs discover 1\n\n# List agents in a range\nnode scripts/agent-registry.mjs list 1 10\n\n# Get total registered agents\nnode scripts/agent-registry.mjs total" }, { "title": "Programmatic Usage", "body": "import { lookupAgent, getReputation, discoverAgent, totalAgents, listAgents } from './scripts/agent-registry.mjs';\n\n// Look up identity\nconst agent = await lookupAgent(1);\n// {\n// agentId: 1,\n// owner: \"0x89E9...\",\n// uri: \"data:application/json;base64,...\",\n// wallet: \"0x89E9...\",\n// registration: {\n// name: \"ClawNews\",\n// description: \"Hacker News for AI agents...\",\n// services: [{ name: \"web\", endpoint: \"https://clawnews.io\" }, ...],\n// x402Support: false,\n// active: true,\n// supportedTrust: [\"reputation\"]\n// }\n// }\n\n// Get reputation\nconst rep = await getReputation(1);\n// {\n// agentId: 1,\n// clients: [\"0x3975...\", \"0x718B...\"],\n// feedbackCount: 2,\n// summary: { count: 2, value: \"100\", decimals: 0 },\n// feedback: [{ client: \"0x3975...\", value: \"100\", tag1: \"tip\", tag2: \"agent\" }, ...]\n// }\n\n// Full discovery\nconst full = await discoverAgent(1);\n// Combines identity, registration file, services, and reputation into one object" }, { "title": "Registration File Format", "body": "Agent registration files (resolved from tokenURI) follow the ERC-8004 standard:\n\n{\n \"type\": \"https://eips.ethereum.org/EIPS/eip-8004#registration-v1\",\n \"name\": \"MyAgent\",\n \"description\": \"What the agent does\",\n \"image\": \"https://example.com/logo.png\",\n \"services\": [\n { \"name\": \"web\", \"endpoint\": \"https://myagent.com\" },\n { \"name\": \"A2A\", \"endpoint\": \"https://agent.example/.well-known/agent-card.json\", \"version\": \"0.3.0\" },\n { \"name\": \"MCP\", \"endpoint\": \"https://mcp.agent.eth/\", \"version\": \"2025-06-18\" }\n ],\n \"x402Support\": true,\n \"active\": true,\n \"supportedTrust\": [\"reputation\", \"crypto-economic\"]\n}\n\nThe reader handles all URI types: data: URIs (base64-encoded JSON stored on-chain), ipfs:// URIs (via public IPFS gateway), and https:// URIs." }, { "title": "Contract Addresses (Base Mainnet)", "body": "RegistryAddressIdentity0x8004A169FB4a3325136EB29fA0ceB6D2e539a432Reputation0x8004BAa17C55a88189AE136b182e5fdA19dE9b63\n\n⚠️ Same addresses on all EVM chains β€” Ethereum, Base, Arbitrum, Polygon, Optimism, Linea, Avalanche, etc. The Identity Registry does NOT implement totalSupply(), so totalAgents() uses a binary search via ownerOf()." }, { "title": "Combining x402 + Agent Registry", "body": "The x402 client and agent registry work together for agent-to-agent payments:\n\nimport { discoverAgent } from './scripts/agent-registry.mjs';\nimport { makePayableRequest } from './scripts/x402-client.mjs';\n\n// 1. Discover an agent and find its x402-enabled endpoint\nconst agent = await discoverAgent(42);\nconst apiEndpoint = agent.services.find(s => s.name === \"A2A\")?.endpoint;\n\n// 2. Make a paid request β€” x402 handling is automatic\nif (agent.x402Support && apiEndpoint) {\n const result = await makePayableRequest(apiEndpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ task: \"Analyze this data...\" }),\n maxAmount: 500000n, // $0.50 USDC\n });\n console.log(result.body); // Agent's response\n}" }, { "title": "Quick Reference (v2026.2.23)", "body": "ActionCommandInstall Everclawbash skills/everclaw/scripts/install-everclaw.shCheck for updatesbash skills/everclaw/scripts/install-everclaw.sh --checkUpdate (git pull)cd skills/everclaw && git pullInstall routerbash skills/everclaw/scripts/install.shInstall proxy + guardianbash skills/everclaw/scripts/install-proxy.shStart routerbash skills/everclaw/scripts/start.shStop routerbash skills/everclaw/scripts/stop.shSwap ETHβ†’MORbash skills/everclaw/scripts/swap.sh eth 0.01Swap USDCβ†’MORbash skills/everclaw/scripts/swap.sh usdc 50Open sessionbash skills/everclaw/scripts/session.sh open [duration]Close sessionbash skills/everclaw/scripts/session.sh close List sessionsbash skills/everclaw/scripts/session.sh listSend promptbash skills/everclaw/scripts/chat.sh \"prompt\"Check balancebash skills/everclaw/scripts/balance.shProxy healthcurl http://127.0.0.1:8083/healthGuardian testbash scripts/gateway-guardian.sh --verboseGuardian logstail -f ~/.openclaw/logs/guardian.logVenice key healthbash skills/everclaw/scripts/venice-key-monitor.sh --statusVenice key balancesbash skills/everclaw/scripts/venice-key-monitor.sh --verboseVenice 402 watchdogbash skills/everclaw/scripts/venice-402-watchdog.sh --verboseArchive sessionsbash skills/everclaw/scripts/session-archive.shCheck session sizebash skills/everclaw/scripts/session-archive.sh --checkForce archivebash skills/everclaw/scripts/session-archive.sh --forcex402 requestnode scripts/x402-client.mjs GET x402 dry-runnode scripts/x402-client.mjs --dry-run GET x402 budgetnode scripts/x402-client.mjs --budgetLookup agentnode scripts/agent-registry.mjs lookup Agent reputationnode scripts/agent-registry.mjs reputation Discover agentnode scripts/agent-registry.mjs discover List agentsnode scripts/agent-registry.mjs list [count]Total agentsnode scripts/agent-registry.mjs totalScan a skillnode security/skillguard/src/cli.js scan Batch scannode security/skillguard/src/cli.js batch Security auditbash security/clawdstrike/scripts/collect_verified.shDetect injectionpython3 security/prompt-guard/scripts/detect.py \"text\"" }, { "title": "15. Security Skills (v0.3)", "body": "Everclaw agents handle MOR tokens and private keys β€” making them high-value targets. v0.3 bundles four security skills to defend against supply chain attacks, prompt injection, credential theft, and configuration exposure." }, { "title": "πŸ” SkillGuard β€” Pre-Install Skill Scanner", "body": "Scans AgentSkill packages for malicious patterns before you install them. Detects credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques.\n\n# Scan a skill directory\nnode security/skillguard/src/cli.js scan \n\n# Batch scan all installed skills\nnode security/skillguard/src/cli.js batch \n\n# Scan a ClawHub skill by slug\nnode security/skillguard/src/cli.js scan-hub \n\nScore interpretation:\n\n80-100 βœ… LOW risk β€” safe to install\n50-79 ⚠️ MEDIUM β€” review before installing\n20-49 🟠 HIGH β€” significant concerns\n0-19 πŸ”΄ CRITICAL β€” do NOT install\n\nWhen to use: Before installing any skill from ClawHub or untrusted sources. Run batch scans periodically to audit all installed skills.\n\nFull docs: security/skillguard/SKILL.md" }, { "title": "πŸ”’ ClawdStrike β€” Config & Exposure Audits", "body": "Security audit and threat model for OpenClaw gateway hosts. Verifies configuration, network exposure, installed skills/plugins, and filesystem hygiene. Produces an OK/VULNERABLE report with evidence and remediation steps.\n\n# Run a full audit\ncd security/clawdstrike && \\\n OPENCLAW_WORKSPACE_DIR=$HOME/.openclaw/workspace \\\n bash scripts/collect_verified.sh\n\nWhat it checks:\n\nGateway bind address and auth configuration\nChannel exposure (Signal, Telegram, Discord, etc.)\nInstalled skills and plugins for known vulnerabilities\nFilesystem permissions and sensitive file access\nNetwork exposure and firewall rules\nOpenClaw version and known CVEs\n\nWhen to use: After initial setup, after installing new skills, and periodically (weekly recommended).\n\nFull docs: security/clawdstrike/SKILL.md" }, { "title": "🧱 PromptGuard β€” Prompt Injection Defense", "body": "Advanced prompt injection defense system with multi-language detection (EN/KO/JA/ZH), severity scoring, automatic logging, and configurable security policies. Connects to the HiveFence distributed threat intelligence network.\n\n# Analyze a message for injection attempts\npython3 security/prompt-guard/scripts/detect.py \"suspicious message here\"\n\n# Run audit on prompt injection logs\npython3 security/prompt-guard/scripts/audit.py\n\n# Analyze historical logs\npython3 security/prompt-guard/scripts/analyze_log.py\n\nDetection categories:\n\nDirect injection (instruction overrides, role manipulation)\nIndirect injection (data exfiltration, hidden instructions)\nJailbreak attempts (DAN mode, filter bypasses)\nMulti-language attacks (cross-language injection)\n\nWhen to use: In group chats, when processing untrusted input, when agents interact with external data sources.\n\nFull docs: security/prompt-guard/SKILL.md" }, { "title": "πŸ’° Bagman β€” Secure Key Management", "body": "Secure key management for AI agents handling private keys, API secrets, and wallet credentials. Covers secure storage patterns, session keys, leak prevention, prompt injection defense specific to financial operations, and MetaMask Delegation Framework (EIP-7710) integration.\n\nKey principles:\n\nNever store keys on disk β€” use 1Password op run for runtime injection\nSession keys β€” generate ephemeral keys with limited permissions\nDelegation Framework β€” grant agents scoped authority without exposing master keys\nLeak prevention β€” patterns to detect and block secret exposure\n\nReference docs:\n\nsecurity/bagman/references/secure-storage.md β€” Storage patterns\nsecurity/bagman/references/session-keys.md β€” Session key architecture\nsecurity/bagman/references/delegation-framework.md β€” EIP-7710 integration\nsecurity/bagman/references/leak-prevention.md β€” Leak detection rules\nsecurity/bagman/references/prompt-injection-defense.md β€” Financial-specific injection defense\n\nWhen to use: Whenever an agent handles private keys, wallet credentials, or API secrets β€” which Everclaw agents always do.\n\nFull docs: security/bagman/SKILL.md" }, { "title": "Security Recommendations", "body": "For Everclaw agents handling MOR tokens:\n\nBefore installing any new skill: Run SkillGuard scan\nAfter setup and periodically: Run ClawdStrike audit\nIn group chats or with untrusted input: Enable PromptGuard detection\nAlways: Follow Bagman patterns for key management (1Password, session keys, no keys on disk)" }, { "title": "16. Model Router (v0.6)", "body": "A lightweight, local prompt classifier that routes requests to the cheapest capable model. Runs in <1ms with zero external API calls." }, { "title": "Tiers", "body": "TierPrimary ModelFallbackUse CaseLIGHTmorpheus/glm-4.7-flashmorpheus/kimi-k2.5Cron jobs, heartbeats, simple Q&A, status checksSTANDARDmorpheus/kimi-k2.5venice/kimi-k2-5Research, drafting, summaries, most sub-agent tasksHEAVYvenice/claude-opus-4-6venice/claude-opus-45Complex reasoning, architecture, formal proofs, strategy\n\nAll LIGHT and STANDARD tier models run through Morpheus (inference you own via staked MOR). Only HEAVY tier uses Venice (premium)." }, { "title": "How Scoring Works", "body": "The router scores prompts across 13 weighted dimensions:\n\nDimensionWeightWhat It DetectsreasoningMarkers0.20\"prove\", \"theorem\", \"step by step\", \"chain of thought\"codePresence0.14function, class, import, backticks, \"refactor\"synthesis0.11\"summarize\", \"compare\", \"draft\", \"analyze\", \"review\"technicalTerms0.10\"algorithm\", \"architecture\", \"smart contract\", \"consensus\"multiStepPatterns0.10\"first...then\", \"step 1\", numbered listssimpleIndicators0.08\"what is\", \"hello\", \"weather\" (negative score β†’ pushes toward LIGHT)agenticTask0.06\"edit\", \"deploy\", \"install\", \"debug\", \"fix\"creativeMarkers0.04\"story\", \"poem\", \"brainstorm\"questionComplexity0.04Multiple question markstokenCount0.04Short prompts skew LIGHT, long prompts skew HEAVYconstraintCount0.04\"at most\", \"at least\", \"maximum\", \"budget\"domainSpecificity0.04\"quantum\", \"zero-knowledge\", \"genomics\"outputFormat0.03\"json\", \"yaml\", \"table\", \"csv\"\n\nSpecial override: 2+ reasoning keywords in the user prompt β†’ force HEAVY at 88%+ confidence. This prevents accidental cheap routing of genuinely hard problems.\n\nAmbiguous prompts (low confidence) default to STANDARD β€” the safe middle ground." }, { "title": "CLI Usage", "body": "# Test routing for a prompt\nnode scripts/router.mjs \"What is 2+2?\"\n# β†’ LIGHT (morpheus/glm-4.7-flash)\n\nnode scripts/router.mjs \"Summarize the meeting notes and draft a follow-up\"\n# β†’ STANDARD (morpheus/kimi-k2.5)\n\nnode scripts/router.mjs \"Design a distributed consensus algorithm and prove its correctness\"\n# β†’ HEAVY (venice/claude-opus-4-6)\n\n# JSON output for programmatic use\nnode scripts/router.mjs --json \"Build a React component\"\n\n# Pipe from stdin\necho '{\"prompt\":\"hello\",\"system\":\"You are helpful\"}' | node scripts/router.mjs --stdin" }, { "title": "Programmatic Usage", "body": "import { route, classify } from './scripts/router.mjs';\n\nconst decision = route(\"Check the weather in Austin\");\n// {\n// tier: \"LIGHT\",\n// model: \"morpheus/glm-4.7-flash\",\n// fallback: \"morpheus/kimi-k2.5\",\n// confidence: 0.87,\n// score: -0.10,\n// signals: [\"short (7 tok)\", \"simple (weather)\"],\n// reasoning: \"score=-0.100 β†’ LIGHT\"\n// }" }, { "title": "Applying to Cron Jobs", "body": "Set the model field on cron job payloads to route to cheaper models:\n\n{\n \"payload\": {\n \"kind\": \"agentTurn\",\n \"model\": \"morpheus/kimi-k2.5\", // STANDARD tier β€” owned via Morpheus\n \"message\": \"Compile a morning briefing...\",\n \"timeoutSeconds\": 300\n }\n}\n\nFor truly simple cron jobs (health checks, pings, status queries):\n\n{\n \"payload\": {\n \"kind\": \"agentTurn\",\n \"model\": \"morpheus/glm-4.7-flash\", // LIGHT tier β€” fastest, owned\n \"message\": \"Check proxy health and report any issues\",\n \"timeoutSeconds\": 60\n }\n}" }, { "title": "Applying to Sub-Agent Spawns", "body": "// Simple research task β†’ STANDARD\nsessions_spawn({ task: \"Search for X news\", model: \"morpheus/kimi-k2.5\" });\n\n// Quick lookup β†’ LIGHT\nsessions_spawn({ task: \"What's the weather?\", model: \"morpheus/glm-4.7-flash\" });\n\n// Complex analysis β†’ let it use the default (HEAVY / Claude 4.6)\nsessions_spawn({ task: \"Design the x402 payment integration...\" });" }, { "title": "Cost Impact", "body": "With the router in place, only complex reasoning tasks in the main session use premium models. All background work (cron jobs, sub-agents, heartbeats) runs on Morpheus inference you own:\n\nBeforeAfterAll cron jobs β†’ Claude 4.6 (premium)Cron jobs β†’ Kimi K2.5 / GLM Flash (owned)All sub-agents β†’ Claude 4.6 (premium)Sub-agents β†’ Kimi K2.5 (owned) unless complexMain session β†’ Claude 4.6Main session β†’ Claude 4.6 (unchanged)" }, { "title": "19. Morpheus API Gateway Bootstrap (v0.8)", "body": "The Morpheus API Gateway (api.mor.org) provides community-powered, OpenAI-compatible inference β€” no node, no staking, no wallet required. Everclaw v0.8 includes a bootstrap script that configures this as an OpenClaw provider, giving new users instant access to AI from the first launch." }, { "title": "Why This Matters", "body": "New OpenClaw users face a cold-start problem: they need an API key (Claude, OpenAI, etc.) before their agent can do anything. Everclaw v0.8 solves this by bundling a community API key for the Morpheus inference marketplace, which is currently in open beta.\n\nThe bootstrap flow:\n\nNew user installs OpenClaw + Everclaw\nRun node scripts/bootstrap-gateway.mjs β€” agent gets inference immediately\nAgent's first task: guide user to get their own key at app.mor.org\nUser upgrades to their own key β†’ can then progress to full Morpheus node + MOR staking" }, { "title": "Quick Start", "body": "# One command β€” tests the gateway and patches OpenClaw config\nnode skills/everclaw/scripts/bootstrap-gateway.mjs\n\n# Or with your own API key from app.mor.org\nnode skills/everclaw/scripts/bootstrap-gateway.mjs --key sk-YOUR_KEY_HERE\n\n# Test the gateway connection\nnode skills/everclaw/scripts/bootstrap-gateway.mjs --test\n\n# Check current gateway status\nnode skills/everclaw/scripts/bootstrap-gateway.mjs --status" }, { "title": "What It Does", "body": "The bootstrap script:\n\nTests the Morpheus API Gateway connection with a live inference call\nPatches openclaw.json to add mor-gateway as a new provider\nAdds mor-gateway/kimi-k2.5 to the fallback chain\nReports available models and next steps" }, { "title": "API Gateway Details", "body": "SettingValueBase URLhttps://api.mor.org/api/v1API formatOpenAI-compatibleAuthBearer token (sk-...)Open betaUntil March 1, 2026Models34 (LLMs, TTS, STT, embeddings)Provider namemor-gateway" }, { "title": "Available Models (via Gateway)", "body": "The gateway exposes all models on the Morpheus inference marketplace:\n\nModelTypeNoteskimi-k2.5LLMPrimary bootstrap model β€” strong coding + reasoningglm-4.7-flashLLMFast, good for simple tasksllama-3.3-70bLLMGeneral purposeqwen3-235bLLMLarge, strong reasoninggpt-oss-120bLLMOpenAI-compatible OSS modelhermes-4-14bLLMLightweighttts-kokoroTTSText-to-speechwhisper-v3-large-turboSTTSpeech-to-texttext-embedding-bge-m3EmbeddingText embeddings\n\nAll models also have :web variants with web search capability." }, { "title": "OpenClaw Config (generated by bootstrap)", "body": "{\n \"models\": {\n \"providers\": {\n \"mor-gateway\": {\n \"baseUrl\": \"https://api.mor.org/api/v1\",\n \"apiKey\": \"sk-...\",\n \"api\": \"openai-completions\",\n \"models\": [\n { \"id\": \"kimi-k2.5\", \"name\": \"Kimi K2.5 (via Morpheus Gateway)\", \"reasoning\": false },\n { \"id\": \"glm-4.7-flash\", \"name\": \"GLM 4.7 Flash (via Morpheus Gateway)\", \"reasoning\": false },\n { \"id\": \"llama-3.3-70b\", \"name\": \"Llama 3.3 70B (via Morpheus Gateway)\", \"reasoning\": false }\n ]\n }\n }\n }\n}\n\nImportant: All gateway models must have \"reasoning\": false β€” the upstream litellm rejects the reasoning_effort parameter." }, { "title": "Community Bootstrap Key", "body": "The bootstrap script includes a community API key (base64-obfuscated) for the SmartAgentProtocol account. This provides open access during the beta period.\n\nGetting your own key (recommended):\n\nGo to app.mor.org\nCreate an account and sign in\nClick \"Create API Key\"\nEnable \"session automation\" in account settings (required for API access)\nRun: node scripts/bootstrap-gateway.mjs --key YOUR_KEY" }, { "title": "Gateway vs Local Proxy vs P2P Node", "body": "FeatureAPI Gateway (v0.8)Local Proxy (v0.2)P2P Node (v0.1)SetupOne commandInstall proxy + configFull node installCostOpen (beta)Own (MOR staking)Own (MOR staking)Requires MORNoYesYesRequires walletNoYesYesDecentralizedGateway β†’ providersDirect P2PDirect P2PBest forNew users, quick startDaily use, reliabilityFull sovereignty\n\nThe recommended progression: Gateway β†’ Local Proxy β†’ P2P Node as users gain confidence with the Morpheus ecosystem." }, { "title": "Fallback Chain with Gateway", "body": "With the gateway added, the recommended fallback chain becomes:\n\nvenice/claude-opus-4-6 # Primary (premium)\n β†’ venice/claude-opus-45 # Venice fallback\n β†’ venice/kimi-k2-5 # Venice open tier\n β†’ morpheus/kimi-k2.5 # Local proxy (MOR staking)\n β†’ mor-gateway/kimi-k2.5 # API Gateway (open beta)\n\nFor new users without Venice or a local proxy, the gateway is the first and only provider β€” making it the critical bootstrap path." }, { "title": "20. Always-On Setup for 24/7 Operation (v0.9.9)", "body": "Your agent needs your Mac to stay awake. macOS defaults to sleep after inactivity, which interrupts cron jobs, heartbeats, and long-running tasks. Everclaw includes an always-on setup script that configures power management for continuous operation." }, { "title": "Quick Setup", "body": "# Configure macOS to never sleep (requires sudo)\nsudo bash skills/everclaw/scripts/always-on.sh\n\n# Restore default power settings\nsudo bash skills/everclaw/scripts/always-on.sh --restore" }, { "title": "What It Does", "body": "The script configures macOS power management for 24/7 operation:\n\nSettingValuePurposedisablesleep1System never sleepsstandby0No hibernationautopoweroff0No deep sleeppowernap1Network activity while display offwomp1Wake on LAN enabled (remote access)autorestart1Auto-restart after power failuretcpkeepalive1Keep network connections alivedisksleep0Never spin down disks" }, { "title": "LaunchAgent for Caffeinate", "body": "The script also installs a LaunchAgent (com.everclaw.alwayson) that runs caffeinate -i -d -s in the background, providing an additional layer of protection against system sleep:\n\n-i β€” Prevent system from idling to sleep\n-d β€” Prevent display from sleeping\n-s β€” Prevent system from sleeping when on AC power" }, { "title": "Verify It's Working", "body": "# Check current power settings\npmset -g\n\n# Should show:\n# SleepDisabled 1\n# standby 0\n# autorestart 1" }, { "title": "Why This Matters for Agents", "body": "Without always-on configuration:\n\nCron jobs don't fire while sleeping\nHeartbeats miss their schedule\nLong-running tasks (file transfers, backups) fail\nYour agent appears \"offline\" to other agents/users\n\nWith always-on:\n\nCron jobs fire on schedule\nHeartbeats run every 30 minutes like clockwork\nLong tasks complete uninterrupted\nYour agent is reachable 24/7" }, { "title": "Power Consumption", "body": "A Mac Mini M4 at idle with sleep disabled draws ~6-10W. That's roughly:\n\n$0.50-1.00/month at $0.12/kWh\nNegligible compared to AI inference costs" }, { "title": "Alternatives for Other Platforms", "body": "Linux:\n\nsudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target\n\nHeadless Raspberry Pi:\nNo sleep by default. Ensure systemd services are enabled for OpenClaw and Morpheus." }, { "title": "Troubleshooting", "body": "Mac still sleeps:\n\nCheck pmset -g assertions for any processes preventing sleep\nVerify LaunchAgent is loaded: launchctl list | grep everclaw\nCheck Energy Saver settings in System Settings aren't overriding pmset\n\nDisplay still sleeps:\nThis is fine β€” the system stays awake even with display off thanks to Power Nap. To disable display sleep entirely:\n\nsudo pmset -a displaysleep 0" }, { "title": "21. Three-Shift Task Planning (v2026.2.21)", "body": "A structured task planning system that proposes prioritized work plans at the start of each 8-hour shift. Nothing executes without user approval." }, { "title": "Shifts", "body": "ShiftDefault TimeWindowCharacterβ˜€οΈ Morning6:00 AM6 AM – 2 PMRamp-up: meetings, comms, decisions🌀️ Afternoon2:00 PM2 PM – 10 PMDeep work: coding, writing, buildingπŸŒ™ Night10:00 PM10 PM – 6 AMAutonomous: research, maintenance" }, { "title": "How It Works", "body": "Gather context β€” Reads memory files, calendar, email, git status, previous shift handoff\nGenerate plan β€” Prioritized tasks (P1 must-do, P2 should-do, P3 could-do), active project status, blocked items\nPresent for approval β€” User approves, modifies, or skips before anything executes\nExecute β€” Works through approved tasks in priority order, logs progress\nHandoff β€” Writes shift summary for the next shift to pick up" }, { "title": "Setup", "body": "# Create three cron jobs (adjust times to your timezone)\nopenclaw cron add --name three-shifts-morning --schedule \"0 6 * * *\" \\\n --message \"Generate morning shift plan. Read the three-shifts skill, gather context, and propose tasks for the 6 AM – 2 PM window.\"\n\nopenclaw cron add --name three-shifts-afternoon --schedule \"0 14 * * *\" \\\n --message \"Generate afternoon shift plan. Read the three-shifts skill, gather context, and propose tasks for the 2 PM – 10 PM window.\"\n\nopenclaw cron add --name three-shifts-night --schedule \"0 22 * * *\" \\\n --message \"Generate night shift plan. Read the three-shifts skill, gather context, and propose tasks for the 10 PM – 6 AM window.\"" }, { "title": "Shift-Specific Rules", "body": "Morning/Afternoon: External actions (emails, PRs, messages) allowed with approval\nNight: Autonomous only β€” no external comms, no financial transactions, no destructive ops\nNight cancellation: If user doesn't approve by 10:30 PM, night shift is cancelled\n\nSee three-shifts/SKILL.md for full documentation including approval workflows, configuration options, weekend behavior, and quiet hours." }, { "title": "2026.2.21", "body": "Three-Shift Task Planning β€” Morning/Afternoon/Night shift system with prioritized task proposals and approval workflow\nGateway Guardian v5 β€” Direct curl inference probes replace openclaw agent probes. Eliminates 71K workspace prompt injection into health checks, prevents Signal spam from failed probes, uses glm-4.7-flash for fast lightweight probing\nVersion scheme change β€” Moved from semver (0.9.x) to date-based versioning (YYYY.M.DD)" }, { "title": "0.9.9", "body": "Always-on 24/7 power configuration for macOS\nGLM-5 as default model (replaces Kimi K2.5)" }, { "title": "0.9.8.3", "body": "Community contributions (dynamic model discovery, install.sh fixes, bash 3.2 compat, agent integration docs)" }, { "title": "References", "body": "references/acquiring-mor.md β€” How to get MOR tokens (exchanges, bridges, swaps)\nreferences/models.md β€” Available models and their blockchain IDs\nreferences/api.md β€” Complete proxy-router API reference\nreferences/economics.md β€” How MOR staking economics work\nreferences/troubleshooting.md β€” Common errors and solutions\nsecurity/skillguard/SKILL.md β€” SkillGuard full documentation\nsecurity/clawdstrike/SKILL.md β€” ClawdStrike full documentation\nsecurity/prompt-guard/SKILL.md β€” PromptGuard full documentation\nsecurity/bagman/SKILL.md β€” Bagman full documentation\nx402 Protocol β€” HTTP-native payment protocol specification\nERC-8004 β€” Trustless Agents EIP specification\n8004scan β€” Agent registry explorer" } ], "body": "\nπŸ€– Agent Setup Instructions\n\nIf your human asks you to set up Everclaw / Morpheus inference, follow these steps exactly.\n\nQuick Setup (Gateway Only β€” easiest)\nnode ~/.openclaw/workspace/skills/everclaw/scripts/setup.mjs --template gateway-only --key --apply --test --restart\n\nFull Setup (Local P2P + Gateway)\nnode ~/.openclaw/workspace/skills/everclaw/scripts/setup.mjs --key --apply --test --restart\n\nWhat setup.mjs does:\nDetects OS β†’ picks the right config template (mac/linux/gateway-only)\nDeep-merges Morpheus providers into existing openclaw.json (preserves all other config)\nSubstitutes the API key into the mor-gateway provider\nUpdates auth-profiles.json with the new provider credentials\nTests gateway connectivity (with --test)\nRestarts OpenClaw gateway (with --restart)\nFlags:\nFlag\tWhat it does\n--template \tOverride OS auto-detection (mac, linux, gateway-only)\n--key \tMorpheus API Gateway key (free from app.mor.org)\n--apply\tWrite changes (default is dry-run)\n--test\tPing gateway after setup\n--restart\tRestart OpenClaw gateway after apply\n⚠️ Critical Guardrails\nNEVER use everclaw/ as a model prefix. Everclaw is a skill, not a provider. Use morpheus/ or mor-gateway/.\nAlways dry-run first (omit --apply) to preview changes before writing.\nDon't edit openclaw.json by hand when setup.mjs can do it β€” the merge logic handles edge cases.\nAPI keys: Get a free key at https://app.mor.org β€” don't use the community bootstrap key for production.\nGetting an API key:\nGo to https://app.mor.org\nCreate an account and sign in\nClick \"Create API Key\" and enable automation\nPass the key to setup.mjs with --key\n♾️ Everclaw β€” AI Inference You Own, Forever Powering Your OpenClaw Agents\n\nPowered by Morpheus AI\n\nOpen-source first. GLM-5 handles everything β€” Claude is the escape hatch, not the default. Access GLM-5, GLM-4.7 Flash, Kimi K2.5, and 30+ models with inference you own. Everclaw connects your OpenClaw agent to the Morpheus P2P network β€” stake MOR tokens, open sessions, and recycle your stake for persistent, self-sovereign access to AI.\n\nπŸ“¦ ClawHub: clawhub install everclaw-inference β€” clawhub.ai/EverClaw/everclaw-inference\n\n⚠️ Name Collision Warning: A different product (\"Everclaw Vault\") uses the bare everclaw slug on ClawHub. Always use everclaw-inference β€” never clawhub install everclaw or clawhub update everclaw. See CLAWHUB_WARNING.md for details.\n\nPrerequisites\n\nBefore installing EverClaw, ensure you have the following:\n\nDependency\tHow to Install\tRequired For\nHomebrew (macOS)\t/bin/bash -c \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"\tPackage manager\nNode.js (v18+)\tbrew install node\tBootstrap scripts, proxy\nGit\tbrew install git\tSkill installation\nOpenClaw\tcurl -fsSL https://get.openclaw.ai | bash\tAgent runtime\nQuick Check\n\nRun this to verify your environment:\n\ncurl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-with-deps.sh | bash -s -- --check-only\n\nOne-Line Install\ncurl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-with-deps.sh | bash\n\n\nThis will:\n\nCheck for all required dependencies\nPrompt to install any missing ones\nClone EverClaw to ~/.openclaw/workspace/skills/everclaw\nBootstrap a free GLM-5 starter key (1,000 requests/day)\nOptionally install the Morpheus proxy-router for P2P inference\nNew to OpenClaw?\n\nIf you don't have OpenClaw installed yet:\n\n# Install OpenClaw first\ncurl -fsSL https://get.openclaw.ai | bash\n\n# Then install EverClaw\ncurl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-with-deps.sh | bash\n\nHow It Works\nGet MOR tokens on Base β€” swap from ETH/USDC via Uniswap or Aerodrome (see below)\nYou run a proxy-router (Morpheus Lumerin Node) locally as a consumer\nThe router connects to Base mainnet and discovers model providers\nYou stake MOR tokens to open a session with a provider (MOR is locked, not spent)\nYou send inference requests to http://localhost:8082/v1/chat/completions\nWhen the session ends, your MOR is returned (minus tiny usage fees)\nRe-stake the returned MOR into new sessions β†’ persistent inference you own\nAgent Integration (Recommended Path)\n\nIf you are an AI agent (OpenClaw, Claude, etc.), use the OpenAI-compatible proxy for all Morpheus inference. Do NOT use the bash scripts (session.sh, chat.sh) -- the proxy handles sessions, auth, and model routing automatically.\n\nSend Inference\ncurl http://127.0.0.1:8083/v1/chat/completions \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer morpheus-local\" \\\n -d '{\"model\": \"kimi-k2.5\", \"messages\": [{\"role\": \"user\", \"content\": \"Hello\"}], \"stream\": false}'\n\nList Available Models\ncurl http://127.0.0.1:8083/v1/models\n\nHealth Check\ncurl http://127.0.0.1:8083/health\n\n\nThe proxy (port 8083) auto-opens blockchain sessions, auto-renews before expiry, and injects all required auth headers. The bash scripts (session.sh, chat.sh) are available for manual debugging but should not be used for agent integration.\n\nSee Section 12 for full proxy documentation.\n\nGetting MOR Tokens\n\nYou need MOR on Base to stake for inference. If you already have ETH, USDC, or USDT on Base:\n\n# Swap ETH for MOR\nbash skills/everclaw/scripts/swap.sh eth 0.01\n\n# Swap USDC for MOR\nbash skills/everclaw/scripts/swap.sh usdc 50\n\n\nOr swap manually on a DEX:\n\nUniswap: MOR/ETH on Base\nAerodrome: MOR swap on Base\n\nDon't have anything on Base yet? Buy ETH on Coinbase, withdraw to Base, then swap to MOR. See references/acquiring-mor.md for the full guide.\n\nHow much do you need? MOR is staked, not spent β€” you get it back. 50-100 MOR is enough for daily use. 0.005 ETH covers months of Base gas fees.\n\nArchitecture\nAgent β†’ proxy-router (localhost:8082) β†’ Morpheus P2P Network β†’ Provider β†’ Model\n ↓\n Base Mainnet (MOR staking, session management)\n\n1. Installation\nOption A: ClawHub (Easiest)\nclawhub install everclaw-inference\n\n\nTo update: clawhub update everclaw-inference\n\n⚠️ Use everclaw-inference β€” not everclaw. The bare everclaw slug belongs to a different, unrelated product on ClawHub.\n\nOption B: One-Command Installer\n\nThe safe installer handles fresh installs, updates, and ClawHub collision detection:\n\n# Fresh install\ncurl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-everclaw.sh | bash\n\n# Or if you already have the skill:\nbash skills/everclaw/scripts/install-everclaw.sh\n\n# Check for updates\nbash skills/everclaw/scripts/install-everclaw.sh --check\n\nOption C: Manual Git Clone\ngit clone https://github.com/profbernardoj/everclaw.git ~/.openclaw/workspace/skills/everclaw\n\n\nTo update: cd ~/.openclaw/workspace/skills/everclaw && git pull\n\nInstall the Morpheus Router\n\nAfter cloning, install the proxy-router:\n\nbash skills/everclaw/scripts/install.sh\n\n\nThis downloads the latest proxy-router release for your OS/arch, extracts it to ~/morpheus/, and creates initial config files.\n\nManual Installation\nGo to Morpheus-Lumerin-Node releases\nDownload the release for your platform (e.g., mor-launch-darwin-arm64.zip)\nExtract to ~/morpheus/\nOn macOS: xattr -cr ~/morpheus/\nRequired Files\n\nAfter installation, ~/morpheus/ should contain:\n\nFile\tPurpose\nproxy-router\tThe main binary\n.env\tConfiguration (RPC, contracts, ports)\nmodels-config.json\tMaps blockchain model IDs to API types\n.cookie\tAuto-generated auth credentials\n2. Configuration\n.env File\n\nThe .env file configures the proxy-router for consumer mode on Base mainnet. Critical variables:\n\n# RPC endpoint β€” MUST be set or router silently fails\nETH_NODE_ADDRESS=https://base-mainnet.public.blastapi.io\nETH_NODE_CHAIN_ID=8453\n\n# Contract addresses (Base mainnet)\nDIAMOND_CONTRACT_ADDRESS=0x6aBE1d282f72B474E54527D93b979A4f64d3030a\nMOR_TOKEN_ADDRESS=0x7431aDa8a591C955a994a21710752EF9b882b8e3\n\n# Wallet key β€” leave blank, inject at runtime via 1Password\nWALLET_PRIVATE_KEY=\n\n# Proxy settings\nPROXY_ADDRESS=0.0.0.0:3333\nPROXY_STORAGE_PATH=./data/badger/\nPROXY_STORE_CHAT_CONTEXT=true\nPROXY_FORWARD_CHAT_CONTEXT=true\nMODELS_CONFIG_PATH=./models-config.json\n\n# Web API\nWEB_ADDRESS=0.0.0.0:8082\nWEB_PUBLIC_URL=http://localhost:8082\n\n# Auth\nAUTH_CONFIG_FILE_PATH=./proxy.conf\nCOOKIE_FILE_PATH=./.cookie\n\n# Logging\nLOG_COLOR=true\nLOG_LEVEL_APP=info\nLOG_FOLDER_PATH=./data/logs\nENVIRONMENT=production\n\n\n⚠️ ETH_NODE_ADDRESS MUST be set. The router silently connects to an empty string without it and all blockchain operations fail. Also MODELS_CONFIG_PATH must point to your models-config.json.\n\nmodels-config.json\n\n⚠️ This file is required. Without it, chat completions fail with \"api adapter not found\".\n\n{\n \"$schema\": \"./internal/config/models-config-schema.json\",\n \"models\": [\n {\n \"modelId\": \"0xb487ee62516981f533d9164a0a3dcca836b06144506ad47a5c024a7a2a33fc58\",\n \"modelName\": \"kimi-k2.5:web\",\n \"apiType\": \"openai\",\n \"apiUrl\": \"\"\n },\n {\n \"modelId\": \"0xbb9e920d94ad3fa2861e1e209d0a969dbe9e1af1cf1ad95c49f76d7b63d32d93\",\n \"modelName\": \"kimi-k2.5\",\n \"apiType\": \"openai\",\n \"apiUrl\": \"\"\n }\n ]\n}\n\n\n⚠️ Note the format: The JSON uses a \"models\" array with \"modelId\" / \"modelName\" / \"apiType\" / \"apiUrl\" fields. The apiUrl is left empty β€” the router resolves provider endpoints from the blockchain. Add entries for every model you want to use. See references/models.md for the full list.\n\n3. Starting the Router\nSecure Launch (1Password)\n\nThe proxy-router needs your wallet private key. Never store it on disk. Inject it at runtime from 1Password:\n\nbash skills/everclaw/scripts/start.sh\n\n\nOr manually:\n\ncd ~/morpheus\nsource .env\n\n# Retrieve private key from 1Password (never touches disk)\nexport WALLET_PRIVATE_KEY=$(\n OP_SERVICE_ACCOUNT_TOKEN=$(security find-generic-password -a \"YOUR_KEYCHAIN_ACCOUNT\" -s \"op-service-account-token\" -w) \\\n op item get \"YOUR_ITEM_NAME\" --vault \"YOUR_VAULT_NAME\" --fields \"Private Key\" --reveal\n)\n\nexport ETH_NODE_ADDRESS\nnohup ./proxy-router > ./data/logs/router-stdout.log 2>&1 &\n\nHealth Check\n\nWait a few seconds, then verify:\n\nCOOKIE_PASS=$(cat ~/morpheus/.cookie | cut -d: -f2)\ncurl -s -u \"admin:$COOKIE_PASS\" http://localhost:8082/healthcheck\n\n\nExpected: HTTP 200.\n\nStopping\nbash skills/everclaw/scripts/stop.sh\n\n\nOr: pkill -f proxy-router\n\n4. MOR Allowance\n\nBefore opening sessions, approve the Diamond contract to transfer MOR on your behalf:\n\nCOOKIE_PASS=$(cat ~/morpheus/.cookie | cut -d: -f2)\n\ncurl -s -u \"admin:$COOKIE_PASS\" -X POST \\\n \"http://localhost:8082/blockchain/approve?spender=0x6aBE1d282f72B474E54527D93b979A4f64d3030a&amount=1000000000000000000000\"\n\n\n⚠️ The /blockchain/approve endpoint uses query parameters, not a JSON body. The amount is in wei (1000000000000000000 = 1 MOR). Approve a large amount so you don't need to re-approve frequently.\n\n5. Opening Sessions\n\nOpen a session by model ID (not bid ID):\n\nMODEL_ID=\"0xb487ee62516981f533d9164a0a3dcca836b06144506ad47a5c024a7a2a33fc58\"\n\ncurl -s -u \"admin:$COOKIE_PASS\" -X POST \\\n \"http://localhost:8082/blockchain/models/${MODEL_ID}/session\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"sessionDuration\": 3600}'\n\n\n⚠️ Always use the model ID endpoint, not the bid ID. Using a bid ID results in \"dial tcp: missing address\".\n\nSession Duration\nDuration is in seconds: 3600 = 1 hour, 86400 = 1 day\nTwo blockchain transactions occur: approve transfer + open session\nMOR is staked (locked) for the session duration\nWhen the session closes, MOR is returned to your wallet\nResponse\n\nThe response includes a sessionId (hex string). Save this β€” you need it for inference.\n\nUsing the Script\n# Open a 1-hour session for kimi-k2.5:web\nbash skills/everclaw/scripts/session.sh open kimi-k2.5:web 3600\n\n# List active sessions\nbash skills/everclaw/scripts/session.sh list\n\n# Close a session\nbash skills/everclaw/scripts/session.sh close 0xSESSION_ID_HERE\n\n6. Sending Inference\n⚠️ THE #1 GOTCHA: Headers, Not Body\n\nsession_id and model_id are HTTP headers, not JSON body fields. This is the single most common mistake.\n\nCORRECT:\n\ncurl -s -u \"admin:$COOKIE_PASS\" \"http://localhost:8082/v1/chat/completions\" \\\n -H \"Content-Type: application/json\" \\\n -H \"session_id: 0xYOUR_SESSION_ID\" \\\n -H \"model_id: 0xYOUR_MODEL_ID\" \\\n -d '{\n \"model\": \"kimi-k2.5:web\",\n \"messages\": [{\"role\": \"user\", \"content\": \"Hello, world!\"}],\n \"stream\": false\n }'\n\n\nWRONG (will fail with \"session not found\"):\n\n# DON'T DO THIS\ncurl -s ... -d '{\n \"model\": \"kimi-k2.5:web\",\n \"session_id\": \"0x...\", # WRONG β€” not a body field\n \"model_id\": \"0x...\", # WRONG β€” not a body field\n \"messages\": [...]\n}'\n\nUsing the Chat Script\nbash skills/everclaw/scripts/chat.sh kimi-k2.5:web \"What is the meaning of life?\"\n\nStreaming\n\nSet \"stream\": true in the request body. The response will be Server-Sent Events (SSE).\n\n7. Closing Sessions\n\nClose a session to reclaim your staked MOR:\n\ncurl -s -u \"admin:$COOKIE_PASS\" -X POST \\\n \"http://localhost:8082/blockchain/sessions/0xSESSION_ID/close\"\n\n\nOr use the script:\n\nbash skills/everclaw/scripts/session.sh close 0xSESSION_ID\n\n\n⚠️ MOR staked in a session is returned when the session closes. Close sessions you're not using to free up MOR for new sessions.\n\n8. Session Management\nSessions Are Ephemeral\n\n⚠️ Sessions are NOT persisted across router restarts. If you restart the proxy-router, you must re-open sessions. The blockchain still has the session, but the router's in-memory state is lost.\n\nMonitoring\n# Check balance (MOR + ETH)\nbash skills/everclaw/scripts/balance.sh\n\n# List sessions\nbash skills/everclaw/scripts/session.sh list\n\nSession Lifecycle\nOpen β†’ MOR is staked, session is active\nActive β†’ Send inference requests using session_id header\nExpired β†’ Session duration elapsed; MOR returned automatically\nClosed β†’ Manually closed; MOR returned immediately\nRe-opening After Restart\n\nAfter restarting the router:\n\n# Wait for health check\nsleep 5\n\n# Re-open sessions for models you need\nbash skills/everclaw/scripts/session.sh open kimi-k2.5:web 3600\n\n9. Checking Balances\nCOOKIE_PASS=$(cat ~/morpheus/.cookie | cut -d: -f2)\n\n# MOR and ETH balance\ncurl -s -u \"admin:$COOKIE_PASS\" http://localhost:8082/blockchain/balance | jq .\n\n# Active sessions\ncurl -s -u \"admin:$COOKIE_PASS\" http://localhost:8082/blockchain/sessions | jq .\n\n# Available models\ncurl -s -u \"admin:$COOKIE_PASS\" http://localhost:8082/blockchain/models | jq .\n\n10. Troubleshooting\n\nSee references/troubleshooting.md for a complete guide. Quick hits:\n\nError\tFix\nsession not found\tUse session_id/model_id as HTTP headers, not body fields\ndial tcp: missing address\tOpen session by model ID, not bid ID\napi adapter not found\tAdd the model to models-config.json\nERC20: transfer amount exceeds balance\tClose old sessions to free staked MOR\nSessions gone after restart\tNormal β€” re-open sessions after restart\nMorpheusUI conflicts\tDon't run MorpheusUI and headless router simultaneously\nKey Contract Addresses (Base Mainnet)\nContract\tAddress\nDiamond\t0x6aBE1d282f72B474E54527D93b979A4f64d3030a\nMOR Token\t0x7431aDa8a591C955a994a21710752EF9b882b8e3\nQuick Reference\nAction\tCommand\nInstall\tbash skills/everclaw/scripts/install.sh\nStart\tbash skills/everclaw/scripts/start.sh\nStop\tbash skills/everclaw/scripts/stop.sh\nSwap ETHβ†’MOR\tbash skills/everclaw/scripts/swap.sh eth 0.01\nSwap USDCβ†’MOR\tbash skills/everclaw/scripts/swap.sh usdc 50\nOpen session\tbash skills/everclaw/scripts/session.sh open [duration]\nClose session\tbash skills/everclaw/scripts/session.sh close \nList sessions\tbash skills/everclaw/scripts/session.sh list\nSend prompt\tbash skills/everclaw/scripts/chat.sh \"prompt\"\nCheck balance\tbash skills/everclaw/scripts/balance.sh\nDiagnose\tbash skills/everclaw/scripts/diagnose.sh\nDiagnose (config only)\tbash skills/everclaw/scripts/diagnose.sh --config\nDiagnose (quick)\tbash skills/everclaw/scripts/diagnose.sh --quick\n11. Wallet Management (v0.4)\n\nEverclaw v0.4 includes a self-contained wallet manager that eliminates all external account dependencies. No 1Password, no Foundry, no Safe Wallet β€” just macOS Keychain and Node.js (already bundled with OpenClaw).\n\nSetup (One Command)\nnode skills/everclaw/scripts/everclaw-wallet.mjs setup\n\n\nThis generates a new Ethereum wallet and stores the private key in your macOS Keychain (encrypted at rest, protected by your login password / Touch ID).\n\nImport Existing Key\nnode skills/everclaw/scripts/everclaw-wallet.mjs import-key 0xYOUR_PRIVATE_KEY\n\nCheck Balances\nnode skills/everclaw/scripts/everclaw-wallet.mjs balance\n\n\nShows ETH, MOR, USDC balances and MOR allowance for the Diamond contract.\n\nSwap ETH/USDC for MOR\n# Swap 0.05 ETH for MOR\nnode skills/everclaw/scripts/everclaw-wallet.mjs swap eth 0.05\n\n# Swap 50 USDC for MOR\nnode skills/everclaw/scripts/everclaw-wallet.mjs swap usdc 50\n\n\nExecutes onchain swaps via Uniswap V3 on Base. No external tools required β€” uses viem (bundled with OpenClaw).\n\nApprove MOR for Staking\nnode skills/everclaw/scripts/everclaw-wallet.mjs approve\n\n\nApproves the Morpheus Diamond contract to use your MOR for session staking.\n\nSecurity Model\nPrivate key stored in macOS Keychain (encrypted at rest)\nProtected by your login password / Touch ID\nKey is injected at runtime and immediately unset from environment\nKey is never written to disk as a plaintext file\nFor advanced users: 1Password is supported as a fallback (backward compatible)\nFull Command Reference\nCommand\tDescription\nsetup\tGenerate wallet, store in Keychain\naddress\tShow wallet address\nbalance\tShow ETH, MOR, USDC balances\nswap eth \tSwap ETH β†’ MOR via Uniswap V3\nswap usdc \tSwap USDC β†’ MOR via Uniswap V3\napprove [amount]\tApprove MOR for Morpheus staking\nexport-key\tPrint private key (use with caution)\nimport-key <0xkey>\tImport existing private key\n12. OpenAI-Compatible Proxy (v0.2)\n\nThe Morpheus proxy-router requires custom auth (Basic auth via .cookie) and custom HTTP headers (session_id, model_id) that standard OpenAI clients don't support. Everclaw includes a lightweight proxy that bridges this gap.\n\nWhat It Does\nOpenClaw/any client β†’ morpheus-proxy (port 8083) β†’ proxy-router (port 8082) β†’ Morpheus P2P β†’ Provider\n\nAccepts standard OpenAI /v1/chat/completions requests\nAuto-opens blockchain sessions on demand (no manual session management)\nAuto-renews sessions before expiry (default: 1 hour before)\nInjects Basic auth + session_id/model_id headers automatically\nExposes /health, /v1/models, /v1/chat/completions\nInstallation\nbash skills/everclaw/scripts/install-proxy.sh\n\n\nThis installs:\n\nmorpheus-proxy.mjs β†’ ~/morpheus/proxy/\ngateway-guardian.sh β†’ ~/.openclaw/workspace/scripts/\nlaunchd plists for both (macOS, auto-start on boot)\nConfiguration\n\nEnvironment variables (all optional, sane defaults):\n\nVariable\tDefault\tDescription\nMORPHEUS_PROXY_PORT\t8083\tPort the proxy listens on\nMORPHEUS_ROUTER_URL\thttp://localhost:8082\tProxy-router URL\nMORPHEUS_COOKIE_PATH\t~/morpheus/.cookie\tPath to auth cookie\nMORPHEUS_SESSION_DURATION\t604800 (7 days)\tSession duration in seconds\nMORPHEUS_RENEW_BEFORE\t3600 (1 hour)\tRenew session this many seconds before expiry\nMORPHEUS_PROXY_API_KEY\tmorpheus-local\tBearer token for proxy auth\nSession Duration\n\nSessions stake MOR tokens for their duration. Longer sessions = more MOR locked but fewer blockchain transactions:\n\nDuration\tMOR Staked (approx)\tTransactions\n1 hour\t~0.011 MOR\tEvery hour\n1 day\t~0.274 MOR\tDaily\n7 days\t~1.9 MOR\tWeekly\n\nMOR is returned when the session closes or expires. The proxy auto-renews before expiry, so you get continuous inference with minimal staking overhead.\n\nHealth Check\ncurl http://127.0.0.1:8083/health\n\nAvailable Models\ncurl http://127.0.0.1:8083/v1/models\n\nDirect Usage (without OpenClaw)\ncurl http://127.0.0.1:8083/v1/chat/completions \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer morpheus-local\" \\\n -d '{\n \"model\": \"kimi-k2.5\",\n \"messages\": [{\"role\": \"user\", \"content\": \"Hello!\"}],\n \"stream\": false\n }'\n\nReliability Notes\nkimi-k2.5 (non-web) is the most reliable model β€” recommended as primary fallback\nkimi-k2.5:web (web search variant) tends to timeout on P2P routing β€” avoid for fallback use\nProvider connection resets are transient β€” retries usually succeed\nThe proxy itself runs as a KeepAlive launchd service β€” auto-restarts if it crashes\nProxy Resilience (v0.5)\n\nv0.5 adds three critical improvements to the proxy that prevent prolonged outages caused by cooldown cascades β€” where both primary and fallback providers become unavailable simultaneously.\n\nProblem: Cooldown Cascades\n\nWhen a primary provider (e.g., Venice) returns a billing error, OpenClaw's failover engine marks that provider as \"in cooldown.\" If the Morpheus proxy also returns errors that OpenClaw misclassifies as billing errors, both providers enter cooldown and the agent goes completely offline β€” sometimes for 6+ hours.\n\nFix 1: OpenAI-Compatible Error Classification\n\nThe proxy now returns errors in the exact format OpenAI uses, with proper type and code fields:\n\n{\n \"error\": {\n \"message\": \"Morpheus session unavailable: ...\",\n \"type\": \"server_error\",\n \"code\": \"morpheus_session_error\",\n \"param\": null\n }\n}\n\n\nKey distinction: All Morpheus infrastructure errors are typed as \"server_error\" β€” never \"billing\" or \"rate_limit_error\". This ensures OpenClaw treats them as transient failures and retries appropriately, instead of putting the provider into extended cooldown.\n\nError codes returned by the proxy:\n\nCode\tMeaning\nmorpheus_session_error\tFailed to open or refresh a blockchain session\nmorpheus_inference_error\tProvider returned an error during inference\nmorpheus_upstream_error\tConnection error to the proxy-router\ntimeout\tInference request exceeded the time limit\nmodel_not_found\tRequested model not in MODEL_MAP\nFix 2: Automatic Session Retry\n\nWhen the proxy-router returns a session-related error (expired, invalid, not found, closed), the proxy now:\n\nInvalidates the cached session\nOpens a fresh blockchain session\nRetries the inference request once\n\nThis handles the common case where the proxy-router restarts and loses its in-memory session state, or when a long-running session expires mid-request.\n\nFix 3: Multi-Tier Fallback Chain\n\nConfigure OpenClaw with multiple fallback models across providers:\n\n{\n \"agents\": {\n \"defaults\": {\n \"model\": {\n \"primary\": \"venice/claude-opus-4-6\",\n \"fallbacks\": [\n \"venice/claude-opus-45\", // Try different Venice model first\n \"venice/kimi-k2-5\", // Try yet another Venice model\n \"morpheus/kimi-k2.5\" // Last resort: decentralized inference\n ]\n }\n }\n }\n}\n\n\nThis way, if the primary model has billing issues, OpenClaw tries other models on the same provider (which may have separate rate limits) before falling back to Morpheus. The cascade is:\n\nvenice/claude-opus-4-6 (primary) β†’ billing error\nvenice/claude-opus-45 (fallback 1) β†’ tries a different model on Venice\nvenice/kimi-k2-5 (fallback 2) β†’ tries open-source model on Venice\nmorpheus/kimi-k2.5 (fallback 3) β†’ decentralized inference, always available if MOR is staked\n13. OpenClaw Integration (v0.2)\n\nConfigure OpenClaw to use Morpheus as a fallback provider so your agent keeps running when primary API credits run out.\n\nStep 1: Add Morpheus Provider\n\nAdd to your openclaw.json via config patch or manual edit:\n\n{\n \"models\": {\n \"providers\": {\n \"morpheus\": {\n \"baseUrl\": \"http://127.0.0.1:8083/v1\",\n \"apiKey\": \"morpheus-local\",\n \"api\": \"openai-completions\",\n \"models\": [\n {\n \"id\": \"kimi-k2.5\",\n \"name\": \"Kimi K2.5 (via Morpheus)\",\n \"reasoning\": true,\n \"input\": [\"text\"],\n \"cost\": { \"input\": 0, \"output\": 0, \"cacheRead\": 0, \"cacheWrite\": 0 },\n \"contextWindow\": 131072,\n \"maxTokens\": 8192\n },\n {\n \"id\": \"kimi-k2-thinking\",\n \"name\": \"Kimi K2 Thinking (via Morpheus)\",\n \"reasoning\": true,\n \"input\": [\"text\"],\n \"cost\": { \"input\": 0, \"output\": 0, \"cacheRead\": 0, \"cacheWrite\": 0 },\n \"contextWindow\": 131072,\n \"maxTokens\": 8192\n },\n {\n \"id\": \"glm-4.7-flash\",\n \"name\": \"GLM 4.7 Flash (via Morpheus)\",\n \"reasoning\": false,\n \"input\": [\"text\"],\n \"cost\": { \"input\": 0, \"output\": 0, \"cacheRead\": 0, \"cacheWrite\": 0 },\n \"contextWindow\": 131072,\n \"maxTokens\": 8192\n }\n ]\n }\n }\n }\n}\n\nStep 2: Set as Fallback\n\nConfigure a multi-tier fallback chain (recommended since v0.5):\n\n{\n \"agents\": {\n \"defaults\": {\n \"model\": {\n \"primary\": \"venice/claude-opus-4-6\",\n \"fallbacks\": [\n \"venice/claude-opus-45\", // Different model, same provider\n \"venice/kimi-k2-5\", // Open-source model, same provider\n \"morpheus/kimi-k2.5\" // Decentralized fallback\n ]\n },\n \"models\": {\n \"venice/claude-opus-45\": { \"alias\": \"Claude Opus 4.5\" },\n \"venice/kimi-k2-5\": { \"alias\": \"Kimi K2.5\" },\n \"morpheus/kimi-k2.5\": { \"alias\": \"Kimi K2.5 (Morpheus)\" },\n \"morpheus/kimi-k2-thinking\": { \"alias\": \"Kimi K2 Thinking (Morpheus)\" },\n \"morpheus/glm-4.7-flash\": { \"alias\": \"GLM 4.7 Flash (Morpheus)\" }\n }\n }\n }\n}\n\n\n⚠️ Why multi-tier? A single fallback creates a single point of failure. If both the primary provider and the single fallback enter cooldown simultaneously (e.g., billing error triggers cooldown on both), your agent goes offline. Multiple fallback tiers across different models and providers ensure at least one path remains available.\n\nStep 3: Add Auth Profiles\n\nOpenClaw supports multiple API keys per provider with automatic rotation. When one key's credits run out (billing error), OpenClaw disables that key only and rotates to the next one β€” same model, fresh credits. This is the single most effective way to prevent downtime.\n\nSingle Key (Minimum Setup)\n\nAdd to ~/.openclaw/agents/main/agent/auth-profiles.json:\n\n{\n \"venice:default\": {\n \"type\": \"api_key\",\n \"provider\": \"venice\",\n \"key\": \"VENICE-INFERENCE-KEY-YOUR_KEY_HERE\"\n },\n \"morpheus:default\": {\n \"type\": \"api_key\",\n \"provider\": \"morpheus\",\n \"key\": \"morpheus-local\"\n }\n}\n\nMultiple Keys (Recommended β€” v0.9.1)\n\nIf you have multiple Venice API keys (e.g., from different accounts or plans), add them all as separate profiles. Order them from most credits to least:\n\nauth-profiles.json:\n\n{\n \"version\": 1,\n \"profiles\": {\n \"venice:key1\": {\n \"type\": \"api_key\",\n \"provider\": \"venice\",\n \"key\": \"VENICE-INFERENCE-KEY-YOUR_PRIMARY_KEY\"\n },\n \"venice:key2\": {\n \"type\": \"api_key\",\n \"provider\": \"venice\",\n \"key\": \"VENICE-INFERENCE-KEY-YOUR_SECOND_KEY\"\n },\n \"venice:key3\": {\n \"type\": \"api_key\",\n \"provider\": \"venice\",\n \"key\": \"VENICE-INFERENCE-KEY-YOUR_THIRD_KEY\"\n },\n \"morpheus:default\": {\n \"type\": \"api_key\",\n \"provider\": \"morpheus\",\n \"key\": \"morpheus-local\"\n }\n }\n}\n\n\nopenclaw.json β€” register the profiles and set explicit rotation order:\n\n{\n \"auth\": {\n \"profiles\": {\n \"venice:key1\": { \"provider\": \"venice\", \"mode\": \"api_key\" },\n \"venice:key2\": { \"provider\": \"venice\", \"mode\": \"api_key\" },\n \"venice:key3\": { \"provider\": \"venice\", \"mode\": \"api_key\" },\n \"morpheus:default\": { \"provider\": \"morpheus\", \"mode\": \"api_key\" }\n },\n \"order\": {\n \"venice\": [\"venice:key1\", \"venice:key2\", \"venice:key3\"]\n }\n }\n}\n\n\n⚠️ auth.order is critical. Without it, OpenClaw uses round-robin (oldest-used first), which may not match your credit balances. With an explicit order, keys are tried in the exact sequence you specify β€” highest credits first.\n\nHow Multi-Key Rotation Works\n\nOpenClaw's auth engine handles rotation automatically:\n\nSession stickiness: A key is pinned per session to keep provider caches warm. It won't flip-flop mid-conversation.\nBilling disable: When a key returns a billing/credit error, that profile is disabled with exponential backoff (starts at 5 hours). Other profiles for the same provider remain active.\nRotation on failure: After disabling a profile, OpenClaw immediately tries the next key in auth.order. Same model, same provider β€” just fresh credits.\nModel fallback: Only after ALL profiles for Venice are disabled does OpenClaw move to the next model in the fallback chain (e.g., Morpheus).\nAuto-recovery: Disabled profiles auto-recover after backoff expires. If credits refill (e.g., daily reset), the profile becomes available again.\nVenice DIEM Credits\n\nVenice uses \"DIEM\" as its internal credit unit (1 DIEM β‰ˆ $1 USD). Each API key has its own DIEM balance. Credits appear to reset daily. Expensive models drain credits faster:\n\nModel\tInput Cost\tOutput Cost\t~Messages per 10 DIEM\nClaude Opus 4.6\t6 DIEM/M tokens\t30 DIEM/M tokens\t~5-10\nClaude Opus 4.5\t6 DIEM/M tokens\t30 DIEM/M tokens\t~5-10\nKimi K2.5\t0.75 DIEM/M tokens\t3.75 DIEM/M tokens\t~50-100\nGLM 4.7 Flash\t0.125 DIEM/M tokens\t0.5 DIEM/M tokens\t~500+\n\nTip: With multiple keys, the agent can stay on Claude Opus across key rotations. Without multi-key, it would fall to cheaper models or Morpheus after one key's credits run out.\n\nFailover Behavior (v0.9.1)\n\nThe complete failover chain with multi-key rotation:\n\nKey rotation within Venice β€” Key 1 credits exhausted β†’ billing disable on that profile only β†’ immediately rotates to Key 2 β†’ Key 3 β†’ etc. Same model, fresh credits.\nModel fallback β€” Only after ALL Venice keys are disabled β†’ tries venice/claude-opus-45 (all keys again) β†’ venice/kimi-k2-5 (all keys) β†’ morpheus/kimi-k2.5\nMorpheus fallback β€” The proxy auto-opens a 7-day Morpheus session (if none exists). Inference routes through the Morpheus P2P network.\nGateway Guardian v4 β€” If all providers enter cooldown despite multi-key rotation β†’ classifies error (billing vs transient) β†’ billing: backs off + notifies owner (restart is useless for empty credits) β†’ transient: restarts gateway (clears cooldowns) β†’ nuclear reinstall if needed. Proactively monitors Venice DIEM balance.\nAuto-recovery β€” When credits refill (daily reset) or backoff expires, OpenClaw switches back to Venice automatically.\n\nExample with 6 keys (246 DIEM total):\n\nvenice:key1 (98 DIEM) β†’ venice:key2 (50 DIEM) β†’ venice:key3 (40 DIEM) β†’\nvenice:key4 (26 DIEM) β†’ venice:key5 (20 DIEM) β†’ venice:key6 (12 DIEM) β†’\nmorpheus/kimi-k2.5 (owned, staked MOR) β†’ mor-gateway/kimi-k2.5 (community gateway)\n\n\nv0.5 improvement: The Morpheus proxy returns \"server_error\" type errors (not billing errors), so OpenClaw won't put the Morpheus provider into extended cooldown due to transient infrastructure issues. If a Morpheus session expires mid-request, the proxy automatically opens a fresh session and retries once.\n\nVenice Key Health Monitor (v2.0)\n\nOpenClaw's billing error detection has pattern gaps with Venice-specific error messages. Two known gaps:\n\nBalance depletion: Venice returns \"Insufficient USD or Diem balance to complete request\" but OpenClaw checks for \"insufficient balance\" (adjacent words). Since \"USD or Diem\" separates \"insufficient\" from \"balance\", the pattern fails.\nPer-key spend limit: Venice returns \"API key DIEM spend limit exceeded. Your account may still have DIEM balance, but this API key has reached its configured DIEM spending limit.\" β€” OpenClaw has no pattern for \"spend limit\" at all.\n\nBoth get classified as \"unknown\" instead of \"billing\", the key gets a 60-second cooldown instead of a billing disable, and the same exhausted key gets retried in a loop.\n\nTwo scripts fix this at the skill level:\n\n1. Proactive Key Health Monitor (venice-key-monitor.sh)\n\nPeriodically probes every Venice API key's DIEM/USD balance via a cheap GLM-4.7-Flash inference call (costs ~0.0001 DIEM). Reads the x-venice-balance-diem or x-venice-balance-usd response header and disables depleted keys by writing disabledUntil + disabledReason: \"billing\" directly to auth-profiles.json.\n\n# Check all keys and disable depleted ones\nbash skills/everclaw/scripts/venice-key-monitor.sh\n\n# Report balances without making changes\nbash skills/everclaw/scripts/venice-key-monitor.sh --status\n\n# Custom depletion threshold (default: 1 DIEM)\nbash skills/everclaw/scripts/venice-key-monitor.sh --threshold 5\n\n\nCron: Runs every 2 hours. Pre-empts the problem before the agent ever tries an empty key.\n\n2. Reactive 402 Watchdog (venice-402-watchdog.sh)\n\nMonitors auth-profiles.json for Venice keys with rapid failures that aren't properly billing-disabled (the telltale sign of OpenClaw's pattern gap). When detected, immediately disables the offending key and identifies the next healthy key.\n\n# One-shot scan (check recent failures)\nbash skills/everclaw/scripts/venice-402-watchdog.sh\n\n# Run as daemon (continuous monitoring every 30s)\nbash skills/everclaw/scripts/venice-402-watchdog.sh --daemon\n\n\nCron: Runs every 5 minutes. Catches billing errors in near-real-time that the proactive monitor might miss between its 2-hour checks.\n\nDetection Patterns (what OpenClaw misses)\nVenice Error\tOpenClaw Pattern\tMatch?\nInsufficient USD or Diem balance to complete request\t\"insufficient balance\"\t❌ No β€” words not adjacent\nAPI key DIEM spend limit exceeded\t(none)\t❌ No pattern exists\n402 Payment Required\t/status.*402/\tβœ… Only if status code preserved\nInsufficient credits\t\"insufficient credits\"\tβœ…\n\nThe watchdog catches the first two patterns (the most common Venice billing errors) that OpenClaw's text matching misses.\n\nState Files\nFile\tPurpose\n~/.openclaw/logs/venice-key-balances.json\tLast balance check results per key\n~/.openclaw/logs/venice-402-state.json\tLast watchdog action and rotation state\n~/.openclaw/logs/venice-key-monitor.log\tMonitor activity log\n~/.openclaw/logs/venice-402-watchdog.log\tWatchdog activity log\n14. Gateway Guardian v5 (v2026.2.21)\n\nA self-healing, billing-aware watchdog that monitors the OpenClaw gateway and its ability to run inference. Runs every 2 minutes via launchd.\n\nEvolution\nVersion\tWhat it checked\tFatal flaw\nv1\tHTTP dashboard alive\tProviders in cooldown = brain-dead but HTTP 200\nv2\tRaw provider URLs\tProvider APIs always return 200 regardless of internal state\nv3\tThrough-OpenClaw inference probe\tBilling exhaustion β†’ restart β†’ instant re-disable = dead loop. Also: set -e + pkill self-kill = silent no-op restarts\nv4\tThrough-OpenClaw + billing classification + credit monitoring\topenclaw agent injected 71K workspace prompt into every probe\nv5\tDirect curl inference probes + billing classification + credit monitoring\tCurrent version\nWhat v5 Fixes Over v4\n\nRoot cause: openclaw agent injected the full 71K workspace system prompt into every health probe. This caused mor-gateway/glm-5 to timeout at 60s (takes ~37s just for the prompt). Worse, failures were delivered to Signal as normal agent replies β€” spamming the user with error messages.\n\nFix: Direct curl to gateway's LiteLLM proxy with a tiny prompt (~50 chars). Uses glm-4.7-flash (fast, lightweight) instead of glm-5. No agent session = no Signal delivery on failure. Errors stay in logs only.\n\nWhat v4 Fixed Over v3\nBilling-aware escalation β€” Classifies inference errors as billing vs transient vs timeout. Billing errors trigger backoff + notification instead of useless restarts.\nSilent restart bug β€” Replaced set -euo pipefail with set -uo pipefail + explicit ERR trap. Restart failures are now logged instead of silently exiting.\npkill self-kill β€” Hard restart now iterates PIDs and excludes the Guardian's own PID. No more accidentally killing the watchdog.\nProactive credit monitoring β€” Checks Venice DIEM balance via x-venice-balance-diem response header every 10 min. Warns when balance drops below threshold.\nDIEM reset awareness β€” Calculates hours to midnight UTC (when Venice DIEM resets daily). When billing-dead, enters 30-min backoff instead of hammering every 2 min. Auto-clears when UTC day rolls over.\nSignal notifications β€” Notifies owner on: billing exhaustion (with ETA to reset), billing recovery, nuclear restart, and total failure.\nHow It Works\nBilling backoff gate β€” If in billing-dead state, check if midnight UTC has passed. If yes, re-probe. If no, skip this run (30-min intervals).\nCredit monitoring β€” Every 10 min, makes a cheap Kimi K2.5 call to Venice and reads the x-venice-balance-diem response header. Warns below 15 DIEM.\nCircuit breaker β€” Kills sub-agents stuck >30 min with repeated timeouts.\nHTTP probe β€” Is the gateway process running?\nInference probe β€” Can the agent run inference through the full stack?\nError classification β€” Parses probe output:\nbilling β†’ 402, Insufficient DIEM/USD/balance β†’ don't restart, enter billing backoff, notify owner\ntransient β†’ auth cooldown without billing keywords β†’ restart (clears cooldown)\ntimeout β†’ probe timed out β†’ restart\nunknown β†’ restart (safe default)\nFour-stage restart escalation (for non-billing errors only):\nopenclaw gateway restart (graceful β€” resets cooldown state)\nHard kill (excludes own PID) β†’ launchd KeepAlive\nlaunchctl kickstart -k\nπŸ”΄ NUCLEAR: curl -fsSL https://clawd.bot/install.sh | bash\nRecommended Config\n\nPair with reduced billing backoff in openclaw.json to minimize downtime:\n\n{\n \"auth\": {\n \"cooldowns\": {\n \"billingBackoffHoursByProvider\": { \"venice\": 1 },\n \"billingMaxHours\": 6,\n \"failureWindowHours\": 12\n }\n }\n}\n\nInstallation\n\nIncluded in install-proxy.sh, or manually:\n\ncp skills/everclaw/scripts/gateway-guardian.sh ~/.openclaw/workspace/scripts/\nchmod +x ~/.openclaw/workspace/scripts/gateway-guardian.sh\n\n# Install launchd plist (macOS)\n# See templates/ai.openclaw.guardian.plist\n\n\n⚠️ Important: The launchd plist should include OPENCLAW_GATEWAY_TOKEN in its environment variables.\n\nManual Test\nbash ~/.openclaw/workspace/scripts/gateway-guardian.sh --verbose\n\nLogs\ntail -f ~/.openclaw/logs/guardian.log\n\nConfiguration\nVariable\tDefault\tDescription\nGATEWAY_PORT\t18789\tGateway port to probe\nPROBE_TIMEOUT\t8\tHTTP timeout in seconds\nINFERENCE_TIMEOUT\t45\tAgent probe timeout\nFAIL_THRESHOLD\t2\tHTTP failures before restart\nINFERENCE_FAIL_THRESHOLD\t3\tInference failures before escalation (~6 min)\nBILLING_BACKOFF_INTERVAL\t1800\tSeconds between probes when billing-dead (30 min)\nCREDIT_CHECK_INTERVAL\t600\tSeconds between Venice DIEM balance checks (10 min)\nCREDIT_WARN_THRESHOLD\t15\tDIEM balance warning threshold\nMAX_STUCK_DURATION_SEC\t1800\tCircuit breaker: kill sub-agents stuck >30 min\nSTUCK_CHECK_INTERVAL\t300\tCircuit breaker check interval (5 min)\nOWNER_SIGNAL\t+1XXXXXXXXXX\tSignal number for notifications\nSIGNAL_ACCOUNT\t+1XXXXXXXXXX\tSignal sender account\nState Files\nFile\tPurpose\n~/.openclaw/logs/guardian.state\tHTTP failure counter\n~/.openclaw/logs/guardian-inference.state\tInference failure counter\n~/.openclaw/logs/guardian-circuit-breaker.state\tCircuit breaker timestamp\n~/.openclaw/logs/guardian-billing.state\tBilling exhaustion start timestamp (0 = healthy)\n~/.openclaw/logs/guardian-billing-notified.state\tWhether owner was notified (0/1)\n~/.openclaw/logs/guardian-credit-check.state\tLast credit check timestamp\n~/.openclaw/logs/guardian.log\tGuardian activity log\n15. Smart Session Archiver (v0.9.4)\n\nOpenClaw stores every conversation as a .jsonl file in ~/.openclaw/agents/main/sessions/. Over time, these accumulate β€” and when the dashboard loads, it parses all session history into the DOM. At ~17MB (134+ sessions), browsers hit \"Page Unresponsive\" because the renderer chokes on thousands of chat message elements.\n\nThe Problem\n\nThe bottleneck isn't raw memory β€” Chrome gives each tab 1.4-4GB of V8 heap. The real limit is DOM rendering performance. Chrome Lighthouse warns at 800 DOM nodes and errors at 1,400. A hundred sessions with tool calls, code blocks, and long conversations easily generate 5,000+ DOM elements. The browser's layout engine can't keep up.\n\nSessions Dir Size\tDashboard Behavior\n< 5 MB\tβœ… Loads instantly\n5-10 MB\t⚑ Slight delay, usable\n10-15 MB\t⚠️ Sluggish, noticeable lag\n15-20 MB\tπŸ”΄ \"Page Unresponsive\" likely\n20+ MB\tπŸ’€ Dashboard won't load\nSolution: Size-Triggered Archiving\n\nInstead of archiving on a fixed schedule (which may fire too early or too late depending on usage), the session archiver monitors the actual size of the sessions directory and only moves files when they exceed a threshold.\n\nDefault threshold: 10MB β€” provides good headroom before hitting the ~15MB danger zone, without firing unnecessarily on light usage days.\n\nUsage\n# Archive if over threshold (default 10MB)\nbash skills/everclaw/scripts/session-archive.sh\n\n# Check size without archiving\nbash skills/everclaw/scripts/session-archive.sh --check\n\n# Force archive regardless of size\nbash skills/everclaw/scripts/session-archive.sh --force\n\n# Detailed output\nbash skills/everclaw/scripts/session-archive.sh --verbose\n\nWhat It Protects\n\nThe archiver never moves:\n\nActive sessions β€” referenced in sessions.json (the index file)\nGuardian health probe β€” guardian-health-probe.jsonl\nRecent sessions β€” keeps the 5 most recent by modification time (configurable via KEEP_RECENT)\n\nEverything else gets moved to sessions/archive/ β€” not deleted. You can always move files back if needed.\n\nConfiguration\nVariable\tDefault\tDescription\nARCHIVE_THRESHOLD_MB\t10\tTrigger threshold in MB\nSESSIONS_DIR\t~/.openclaw/agents/main/sessions\tSessions directory path\nKEEP_RECENT\t5\tNumber of recent sessions to always keep\nCron Integration\n\nSet up a cron job that runs the archiver periodically. The script is a no-op when under threshold, so it's safe to run frequently:\n\n{\n \"name\": \"Smart session archiver\",\n \"schedule\": { \"kind\": \"cron\", \"expr\": \"0 */6 * * *\", \"tz\": \"America/Chicago\" },\n \"sessionTarget\": \"isolated\",\n \"payload\": {\n \"kind\": \"agentTurn\",\n \"model\": \"morpheus/kimi-k2.5\",\n \"message\": \"Run the smart session archiver: bash skills/everclaw/scripts/session-archive.sh --verbose. Report the results. If sessions were archived, mention the before/after size.\",\n \"timeoutSeconds\": 60\n }\n}\n\n\nRecommended: every 6 hours. Frequent enough to catch growth spurts, cheap enough to run on the LIGHT tier since it's a no-op most of the time.\n\nOutput\n\nThe script outputs a JSON summary for programmatic consumption:\n\n{\"archived\":42,\"freedMB\":8.2,\"beforeMB\":12.4,\"afterMB\":4.2,\"threshold\":10}\n\nWhy 10MB?\n\nBased on real-world testing: 134 sessions totaling 17MB caused \"Page Unresponsive\" in Chrome, Safari, and Brave on macOS. The dashboard uses a standard web renderer that parses all session JSONL into DOM elements β€” there's no virtualization or lazy loading. 10MB gives ~50% headroom before the ~15-20MB danger zone where most browsers start struggling.\n\n17. x402 Payment Client (v0.7)\n\nEverclaw v0.7 includes an x402 payment client that lets your agent make USDC payments to any x402-enabled endpoint. The x402 protocol is an HTTP-native payment standard: when a server returns HTTP 402, your agent automatically signs a USDC payment and retries.\n\nHow x402 Works\nAgent β†’ request β†’ Server returns 402 + PAYMENT-REQUIRED header\nAgent β†’ parse requirements β†’ sign EIP-712 payment β†’ retry with PAYMENT-SIGNATURE header\nServer β†’ verify signature via facilitator β†’ settle USDC β†’ return resource\n\nCLI Usage\n# Make a request to an x402-protected endpoint\nnode scripts/x402-client.mjs GET https://api.example.com/data\n\n# Dry-run: see what would be paid without signing\nnode scripts/x402-client.mjs --dry-run GET https://api.example.com/data\n\n# Set max payment per request\nnode scripts/x402-client.mjs --max-amount 0.50 GET https://api.example.com/data\n\n# POST with body\nnode scripts/x402-client.mjs POST https://api.example.com/task '{\"prompt\":\"hello\"}'\n\n# Check daily spending\nnode scripts/x402-client.mjs --budget\n\nProgrammatic Usage\nimport { makePayableRequest, createX402Client } from './scripts/x402-client.mjs';\n\n// One-shot request\nconst result = await makePayableRequest(\"https://api.example.com/data\");\n// result.paid β†’ true if 402 was handled\n// result.amount β†’ \"$0.010000\" (USDC)\n// result.body β†’ response content\n\n// Reusable client with budget limits\nconst client = createX402Client({\n maxPerRequest: 0.50, // $0.50 USDC max per request\n dailyLimit: 5.00, // $5.00 USDC per day\n dryRun: false,\n});\n\nconst res = await client.get(\"https://agent-api.example.com/query?q=weather\");\nconst data = await client.post(\"https://agent-api.example.com/task\", { prompt: \"hello\" });\n\n// Check spending\nconsole.log(client.budget());\n// { date: \"2026-02-11\", spent: \"$0.520000\", remaining: \"$4.480000\", limit: \"$5.000000\", transactions: 3 }\n\nPayment Flow Details\nRequest β€” Standard HTTP request to any URL\n402 Detection β€” Server returns HTTP 402 with PAYMENT-REQUIRED header containing JSON payment requirements\nBudget Check β€” Verifies amount against per-request max ($1.00 default) and daily limit ($10.00 default)\nEIP-712 Signing β€” Signs a TransferWithAuthorization (EIP-3009) for USDC on Base using the agent's wallet\nRetry β€” Resends the request with PAYMENT-SIGNATURE header containing the signed payment payload\nSettlement β€” The Coinbase facilitator verifies the signature and settles the USDC transfer\nResponse β€” Server returns the requested resource\nSecurity\nPrivate key from 1Password at runtime (never on disk) β€” follows Bagman patterns\nBudget controls prevent runaway spending: $1/request max, $10/day by default\nDry-run mode for testing without signing or spending\nUSDC on Base only β€” no other chains or tokens (EIP-3009 TransferWithAuthorization)\nDaily budget tracking persisted to .x402-budget.json (amounts only, no keys)\nKey Addresses\nItem\tAddress\nUSDC (Base)\t0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\nCoinbase Facilitator\thttps://api.cdp.coinbase.com/platform/v2/x402\nBase Chain ID\t8453 (CAIP-2: eip155:8453)\n18. ERC-8004 Agent Registry (v0.7)\n\nThe ERC-8004 protocol provides on-chain registries for agent discovery and trust. Everclaw v0.7 includes a reader that queries the Identity and Reputation registries on Base mainnet.\n\nWhat Is ERC-8004?\n\nERC-8004 defines three registries:\n\nIdentity Registry (ERC-721): Each agent is an NFT with a tokenURI pointing to a registration file containing name, description, services/endpoints, x402 support, and trust signals\nReputation Registry: Clients give structured feedback (value + tags) to agents. Summary scores aggregate across all clients\nValidation Registry: Stake-secured re-execution and zkML verification (read-only in Everclaw)\n\nAgents are discoverable, portable (transferable NFTs), and verifiable across organizational boundaries.\n\nCLI Usage\n# Look up an agent by ID\nnode scripts/agent-registry.mjs lookup 1\n\n# Get reputation data\nnode scripts/agent-registry.mjs reputation 1\n\n# Full discovery (identity + registration file + reputation)\nnode scripts/agent-registry.mjs discover 1\n\n# List agents in a range\nnode scripts/agent-registry.mjs list 1 10\n\n# Get total registered agents\nnode scripts/agent-registry.mjs total\n\nProgrammatic Usage\nimport { lookupAgent, getReputation, discoverAgent, totalAgents, listAgents } from './scripts/agent-registry.mjs';\n\n// Look up identity\nconst agent = await lookupAgent(1);\n// {\n// agentId: 1,\n// owner: \"0x89E9...\",\n// uri: \"data:application/json;base64,...\",\n// wallet: \"0x89E9...\",\n// registration: {\n// name: \"ClawNews\",\n// description: \"Hacker News for AI agents...\",\n// services: [{ name: \"web\", endpoint: \"https://clawnews.io\" }, ...],\n// x402Support: false,\n// active: true,\n// supportedTrust: [\"reputation\"]\n// }\n// }\n\n// Get reputation\nconst rep = await getReputation(1);\n// {\n// agentId: 1,\n// clients: [\"0x3975...\", \"0x718B...\"],\n// feedbackCount: 2,\n// summary: { count: 2, value: \"100\", decimals: 0 },\n// feedback: [{ client: \"0x3975...\", value: \"100\", tag1: \"tip\", tag2: \"agent\" }, ...]\n// }\n\n// Full discovery\nconst full = await discoverAgent(1);\n// Combines identity, registration file, services, and reputation into one object\n\nRegistration File Format\n\nAgent registration files (resolved from tokenURI) follow the ERC-8004 standard:\n\n{\n \"type\": \"https://eips.ethereum.org/EIPS/eip-8004#registration-v1\",\n \"name\": \"MyAgent\",\n \"description\": \"What the agent does\",\n \"image\": \"https://example.com/logo.png\",\n \"services\": [\n { \"name\": \"web\", \"endpoint\": \"https://myagent.com\" },\n { \"name\": \"A2A\", \"endpoint\": \"https://agent.example/.well-known/agent-card.json\", \"version\": \"0.3.0\" },\n { \"name\": \"MCP\", \"endpoint\": \"https://mcp.agent.eth/\", \"version\": \"2025-06-18\" }\n ],\n \"x402Support\": true,\n \"active\": true,\n \"supportedTrust\": [\"reputation\", \"crypto-economic\"]\n}\n\n\nThe reader handles all URI types: data: URIs (base64-encoded JSON stored on-chain), ipfs:// URIs (via public IPFS gateway), and https:// URIs.\n\nContract Addresses (Base Mainnet)\nRegistry\tAddress\nIdentity\t0x8004A169FB4a3325136EB29fA0ceB6D2e539a432\nReputation\t0x8004BAa17C55a88189AE136b182e5fdA19dE9b63\n\n⚠️ Same addresses on all EVM chains β€” Ethereum, Base, Arbitrum, Polygon, Optimism, Linea, Avalanche, etc. The Identity Registry does NOT implement totalSupply(), so totalAgents() uses a binary search via ownerOf().\n\nCombining x402 + Agent Registry\n\nThe x402 client and agent registry work together for agent-to-agent payments:\n\nimport { discoverAgent } from './scripts/agent-registry.mjs';\nimport { makePayableRequest } from './scripts/x402-client.mjs';\n\n// 1. Discover an agent and find its x402-enabled endpoint\nconst agent = await discoverAgent(42);\nconst apiEndpoint = agent.services.find(s => s.name === \"A2A\")?.endpoint;\n\n// 2. Make a paid request β€” x402 handling is automatic\nif (agent.x402Support && apiEndpoint) {\n const result = await makePayableRequest(apiEndpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ task: \"Analyze this data...\" }),\n maxAmount: 500000n, // $0.50 USDC\n });\n console.log(result.body); // Agent's response\n}\n\nQuick Reference (v2026.2.23)\nAction\tCommand\nInstall Everclaw\tbash skills/everclaw/scripts/install-everclaw.sh\nCheck for updates\tbash skills/everclaw/scripts/install-everclaw.sh --check\nUpdate (git pull)\tcd skills/everclaw && git pull\nInstall router\tbash skills/everclaw/scripts/install.sh\nInstall proxy + guardian\tbash skills/everclaw/scripts/install-proxy.sh\nStart router\tbash skills/everclaw/scripts/start.sh\nStop router\tbash skills/everclaw/scripts/stop.sh\nSwap ETHβ†’MOR\tbash skills/everclaw/scripts/swap.sh eth 0.01\nSwap USDCβ†’MOR\tbash skills/everclaw/scripts/swap.sh usdc 50\nOpen session\tbash skills/everclaw/scripts/session.sh open [duration]\nClose session\tbash skills/everclaw/scripts/session.sh close \nList sessions\tbash skills/everclaw/scripts/session.sh list\nSend prompt\tbash skills/everclaw/scripts/chat.sh \"prompt\"\nCheck balance\tbash skills/everclaw/scripts/balance.sh\nProxy health\tcurl http://127.0.0.1:8083/health\nGuardian test\tbash scripts/gateway-guardian.sh --verbose\nGuardian logs\ttail -f ~/.openclaw/logs/guardian.log\nVenice key health\tbash skills/everclaw/scripts/venice-key-monitor.sh --status\nVenice key balances\tbash skills/everclaw/scripts/venice-key-monitor.sh --verbose\nVenice 402 watchdog\tbash skills/everclaw/scripts/venice-402-watchdog.sh --verbose\nArchive sessions\tbash skills/everclaw/scripts/session-archive.sh\nCheck session size\tbash skills/everclaw/scripts/session-archive.sh --check\nForce archive\tbash skills/everclaw/scripts/session-archive.sh --force\nx402 request\tnode scripts/x402-client.mjs GET \nx402 dry-run\tnode scripts/x402-client.mjs --dry-run GET \nx402 budget\tnode scripts/x402-client.mjs --budget\nLookup agent\tnode scripts/agent-registry.mjs lookup \nAgent reputation\tnode scripts/agent-registry.mjs reputation \nDiscover agent\tnode scripts/agent-registry.mjs discover \nList agents\tnode scripts/agent-registry.mjs list [count]\nTotal agents\tnode scripts/agent-registry.mjs total\nScan a skill\tnode security/skillguard/src/cli.js scan \nBatch scan\tnode security/skillguard/src/cli.js batch \nSecurity audit\tbash security/clawdstrike/scripts/collect_verified.sh\nDetect injection\tpython3 security/prompt-guard/scripts/detect.py \"text\"\n15. Security Skills (v0.3)\n\nEverclaw agents handle MOR tokens and private keys β€” making them high-value targets. v0.3 bundles four security skills to defend against supply chain attacks, prompt injection, credential theft, and configuration exposure.\n\nπŸ” SkillGuard β€” Pre-Install Skill Scanner\n\nScans AgentSkill packages for malicious patterns before you install them. Detects credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques.\n\n# Scan a skill directory\nnode security/skillguard/src/cli.js scan \n\n# Batch scan all installed skills\nnode security/skillguard/src/cli.js batch \n\n# Scan a ClawHub skill by slug\nnode security/skillguard/src/cli.js scan-hub \n\n\nScore interpretation:\n\n80-100 βœ… LOW risk β€” safe to install\n50-79 ⚠️ MEDIUM β€” review before installing\n20-49 🟠 HIGH β€” significant concerns\n0-19 πŸ”΄ CRITICAL β€” do NOT install\n\nWhen to use: Before installing any skill from ClawHub or untrusted sources. Run batch scans periodically to audit all installed skills.\n\nFull docs: security/skillguard/SKILL.md\n\nπŸ”’ ClawdStrike β€” Config & Exposure Audits\n\nSecurity audit and threat model for OpenClaw gateway hosts. Verifies configuration, network exposure, installed skills/plugins, and filesystem hygiene. Produces an OK/VULNERABLE report with evidence and remediation steps.\n\n# Run a full audit\ncd security/clawdstrike && \\\n OPENCLAW_WORKSPACE_DIR=$HOME/.openclaw/workspace \\\n bash scripts/collect_verified.sh\n\n\nWhat it checks:\n\nGateway bind address and auth configuration\nChannel exposure (Signal, Telegram, Discord, etc.)\nInstalled skills and plugins for known vulnerabilities\nFilesystem permissions and sensitive file access\nNetwork exposure and firewall rules\nOpenClaw version and known CVEs\n\nWhen to use: After initial setup, after installing new skills, and periodically (weekly recommended).\n\nFull docs: security/clawdstrike/SKILL.md\n\n🧱 PromptGuard β€” Prompt Injection Defense\n\nAdvanced prompt injection defense system with multi-language detection (EN/KO/JA/ZH), severity scoring, automatic logging, and configurable security policies. Connects to the HiveFence distributed threat intelligence network.\n\n# Analyze a message for injection attempts\npython3 security/prompt-guard/scripts/detect.py \"suspicious message here\"\n\n# Run audit on prompt injection logs\npython3 security/prompt-guard/scripts/audit.py\n\n# Analyze historical logs\npython3 security/prompt-guard/scripts/analyze_log.py\n\n\nDetection categories:\n\nDirect injection (instruction overrides, role manipulation)\nIndirect injection (data exfiltration, hidden instructions)\nJailbreak attempts (DAN mode, filter bypasses)\nMulti-language attacks (cross-language injection)\n\nWhen to use: In group chats, when processing untrusted input, when agents interact with external data sources.\n\nFull docs: security/prompt-guard/SKILL.md\n\nπŸ’° Bagman β€” Secure Key Management\n\nSecure key management for AI agents handling private keys, API secrets, and wallet credentials. Covers secure storage patterns, session keys, leak prevention, prompt injection defense specific to financial operations, and MetaMask Delegation Framework (EIP-7710) integration.\n\nKey principles:\n\nNever store keys on disk β€” use 1Password op run for runtime injection\nSession keys β€” generate ephemeral keys with limited permissions\nDelegation Framework β€” grant agents scoped authority without exposing master keys\nLeak prevention β€” patterns to detect and block secret exposure\n\nReference docs:\n\nsecurity/bagman/references/secure-storage.md β€” Storage patterns\nsecurity/bagman/references/session-keys.md β€” Session key architecture\nsecurity/bagman/references/delegation-framework.md β€” EIP-7710 integration\nsecurity/bagman/references/leak-prevention.md β€” Leak detection rules\nsecurity/bagman/references/prompt-injection-defense.md β€” Financial-specific injection defense\n\nWhen to use: Whenever an agent handles private keys, wallet credentials, or API secrets β€” which Everclaw agents always do.\n\nFull docs: security/bagman/SKILL.md\n\nSecurity Recommendations\n\nFor Everclaw agents handling MOR tokens:\n\nBefore installing any new skill: Run SkillGuard scan\nAfter setup and periodically: Run ClawdStrike audit\nIn group chats or with untrusted input: Enable PromptGuard detection\nAlways: Follow Bagman patterns for key management (1Password, session keys, no keys on disk)\n16. Model Router (v0.6)\n\nA lightweight, local prompt classifier that routes requests to the cheapest capable model. Runs in <1ms with zero external API calls.\n\nTiers\nTier\tPrimary Model\tFallback\tUse Case\nLIGHT\tmorpheus/glm-4.7-flash\tmorpheus/kimi-k2.5\tCron jobs, heartbeats, simple Q&A, status checks\nSTANDARD\tmorpheus/kimi-k2.5\tvenice/kimi-k2-5\tResearch, drafting, summaries, most sub-agent tasks\nHEAVY\tvenice/claude-opus-4-6\tvenice/claude-opus-45\tComplex reasoning, architecture, formal proofs, strategy\n\nAll LIGHT and STANDARD tier models run through Morpheus (inference you own via staked MOR). Only HEAVY tier uses Venice (premium).\n\nHow Scoring Works\n\nThe router scores prompts across 13 weighted dimensions:\n\nDimension\tWeight\tWhat It Detects\nreasoningMarkers\t0.20\t\"prove\", \"theorem\", \"step by step\", \"chain of thought\"\ncodePresence\t0.14\tfunction, class, import, backticks, \"refactor\"\nsynthesis\t0.11\t\"summarize\", \"compare\", \"draft\", \"analyze\", \"review\"\ntechnicalTerms\t0.10\t\"algorithm\", \"architecture\", \"smart contract\", \"consensus\"\nmultiStepPatterns\t0.10\t\"first...then\", \"step 1\", numbered lists\nsimpleIndicators\t0.08\t\"what is\", \"hello\", \"weather\" (negative score β†’ pushes toward LIGHT)\nagenticTask\t0.06\t\"edit\", \"deploy\", \"install\", \"debug\", \"fix\"\ncreativeMarkers\t0.04\t\"story\", \"poem\", \"brainstorm\"\nquestionComplexity\t0.04\tMultiple question marks\ntokenCount\t0.04\tShort prompts skew LIGHT, long prompts skew HEAVY\nconstraintCount\t0.04\t\"at most\", \"at least\", \"maximum\", \"budget\"\ndomainSpecificity\t0.04\t\"quantum\", \"zero-knowledge\", \"genomics\"\noutputFormat\t0.03\t\"json\", \"yaml\", \"table\", \"csv\"\n\nSpecial override: 2+ reasoning keywords in the user prompt β†’ force HEAVY at 88%+ confidence. This prevents accidental cheap routing of genuinely hard problems.\n\nAmbiguous prompts (low confidence) default to STANDARD β€” the safe middle ground.\n\nCLI Usage\n# Test routing for a prompt\nnode scripts/router.mjs \"What is 2+2?\"\n# β†’ LIGHT (morpheus/glm-4.7-flash)\n\nnode scripts/router.mjs \"Summarize the meeting notes and draft a follow-up\"\n# β†’ STANDARD (morpheus/kimi-k2.5)\n\nnode scripts/router.mjs \"Design a distributed consensus algorithm and prove its correctness\"\n# β†’ HEAVY (venice/claude-opus-4-6)\n\n# JSON output for programmatic use\nnode scripts/router.mjs --json \"Build a React component\"\n\n# Pipe from stdin\necho '{\"prompt\":\"hello\",\"system\":\"You are helpful\"}' | node scripts/router.mjs --stdin\n\nProgrammatic Usage\nimport { route, classify } from './scripts/router.mjs';\n\nconst decision = route(\"Check the weather in Austin\");\n// {\n// tier: \"LIGHT\",\n// model: \"morpheus/glm-4.7-flash\",\n// fallback: \"morpheus/kimi-k2.5\",\n// confidence: 0.87,\n// score: -0.10,\n// signals: [\"short (7 tok)\", \"simple (weather)\"],\n// reasoning: \"score=-0.100 β†’ LIGHT\"\n// }\n\nApplying to Cron Jobs\n\nSet the model field on cron job payloads to route to cheaper models:\n\n{\n \"payload\": {\n \"kind\": \"agentTurn\",\n \"model\": \"morpheus/kimi-k2.5\", // STANDARD tier β€” owned via Morpheus\n \"message\": \"Compile a morning briefing...\",\n \"timeoutSeconds\": 300\n }\n}\n\n\nFor truly simple cron jobs (health checks, pings, status queries):\n\n{\n \"payload\": {\n \"kind\": \"agentTurn\",\n \"model\": \"morpheus/glm-4.7-flash\", // LIGHT tier β€” fastest, owned\n \"message\": \"Check proxy health and report any issues\",\n \"timeoutSeconds\": 60\n }\n}\n\nApplying to Sub-Agent Spawns\n// Simple research task β†’ STANDARD\nsessions_spawn({ task: \"Search for X news\", model: \"morpheus/kimi-k2.5\" });\n\n// Quick lookup β†’ LIGHT\nsessions_spawn({ task: \"What's the weather?\", model: \"morpheus/glm-4.7-flash\" });\n\n// Complex analysis β†’ let it use the default (HEAVY / Claude 4.6)\nsessions_spawn({ task: \"Design the x402 payment integration...\" });\n\nCost Impact\n\nWith the router in place, only complex reasoning tasks in the main session use premium models. All background work (cron jobs, sub-agents, heartbeats) runs on Morpheus inference you own:\n\nBefore\tAfter\nAll cron jobs β†’ Claude 4.6 (premium)\tCron jobs β†’ Kimi K2.5 / GLM Flash (owned)\nAll sub-agents β†’ Claude 4.6 (premium)\tSub-agents β†’ Kimi K2.5 (owned) unless complex\nMain session β†’ Claude 4.6\tMain session β†’ Claude 4.6 (unchanged)\n19. Morpheus API Gateway Bootstrap (v0.8)\n\nThe Morpheus API Gateway (api.mor.org) provides community-powered, OpenAI-compatible inference β€” no node, no staking, no wallet required. Everclaw v0.8 includes a bootstrap script that configures this as an OpenClaw provider, giving new users instant access to AI from the first launch.\n\nWhy This Matters\n\nNew OpenClaw users face a cold-start problem: they need an API key (Claude, OpenAI, etc.) before their agent can do anything. Everclaw v0.8 solves this by bundling a community API key for the Morpheus inference marketplace, which is currently in open beta.\n\nThe bootstrap flow:\n\nNew user installs OpenClaw + Everclaw\nRun node scripts/bootstrap-gateway.mjs β€” agent gets inference immediately\nAgent's first task: guide user to get their own key at app.mor.org\nUser upgrades to their own key β†’ can then progress to full Morpheus node + MOR staking\nQuick Start\n# One command β€” tests the gateway and patches OpenClaw config\nnode skills/everclaw/scripts/bootstrap-gateway.mjs\n\n# Or with your own API key from app.mor.org\nnode skills/everclaw/scripts/bootstrap-gateway.mjs --key sk-YOUR_KEY_HERE\n\n# Test the gateway connection\nnode skills/everclaw/scripts/bootstrap-gateway.mjs --test\n\n# Check current gateway status\nnode skills/everclaw/scripts/bootstrap-gateway.mjs --status\n\nWhat It Does\n\nThe bootstrap script:\n\nTests the Morpheus API Gateway connection with a live inference call\nPatches openclaw.json to add mor-gateway as a new provider\nAdds mor-gateway/kimi-k2.5 to the fallback chain\nReports available models and next steps\nAPI Gateway Details\nSetting\tValue\nBase URL\thttps://api.mor.org/api/v1\nAPI format\tOpenAI-compatible\nAuth\tBearer token (sk-...)\nOpen beta\tUntil March 1, 2026\nModels\t34 (LLMs, TTS, STT, embeddings)\nProvider name\tmor-gateway\nAvailable Models (via Gateway)\n\nThe gateway exposes all models on the Morpheus inference marketplace:\n\nModel\tType\tNotes\nkimi-k2.5\tLLM\tPrimary bootstrap model β€” strong coding + reasoning\nglm-4.7-flash\tLLM\tFast, good for simple tasks\nllama-3.3-70b\tLLM\tGeneral purpose\nqwen3-235b\tLLM\tLarge, strong reasoning\ngpt-oss-120b\tLLM\tOpenAI-compatible OSS model\nhermes-4-14b\tLLM\tLightweight\ntts-kokoro\tTTS\tText-to-speech\nwhisper-v3-large-turbo\tSTT\tSpeech-to-text\ntext-embedding-bge-m3\tEmbedding\tText embeddings\n\nAll models also have :web variants with web search capability.\n\nOpenClaw Config (generated by bootstrap)\n{\n \"models\": {\n \"providers\": {\n \"mor-gateway\": {\n \"baseUrl\": \"https://api.mor.org/api/v1\",\n \"apiKey\": \"sk-...\",\n \"api\": \"openai-completions\",\n \"models\": [\n { \"id\": \"kimi-k2.5\", \"name\": \"Kimi K2.5 (via Morpheus Gateway)\", \"reasoning\": false },\n { \"id\": \"glm-4.7-flash\", \"name\": \"GLM 4.7 Flash (via Morpheus Gateway)\", \"reasoning\": false },\n { \"id\": \"llama-3.3-70b\", \"name\": \"Llama 3.3 70B (via Morpheus Gateway)\", \"reasoning\": false }\n ]\n }\n }\n }\n}\n\n\nImportant: All gateway models must have \"reasoning\": false β€” the upstream litellm rejects the reasoning_effort parameter.\n\nCommunity Bootstrap Key\n\nThe bootstrap script includes a community API key (base64-obfuscated) for the SmartAgentProtocol account. This provides open access during the beta period.\n\nGetting your own key (recommended):\n\nGo to app.mor.org\nCreate an account and sign in\nClick \"Create API Key\"\nEnable \"session automation\" in account settings (required for API access)\nRun: node scripts/bootstrap-gateway.mjs --key YOUR_KEY\nGateway vs Local Proxy vs P2P Node\nFeature\tAPI Gateway (v0.8)\tLocal Proxy (v0.2)\tP2P Node (v0.1)\nSetup\tOne command\tInstall proxy + config\tFull node install\nCost\tOpen (beta)\tOwn (MOR staking)\tOwn (MOR staking)\nRequires MOR\tNo\tYes\tYes\nRequires wallet\tNo\tYes\tYes\nDecentralized\tGateway β†’ providers\tDirect P2P\tDirect P2P\nBest for\tNew users, quick start\tDaily use, reliability\tFull sovereignty\n\nThe recommended progression: Gateway β†’ Local Proxy β†’ P2P Node as users gain confidence with the Morpheus ecosystem.\n\nFallback Chain with Gateway\n\nWith the gateway added, the recommended fallback chain becomes:\n\nvenice/claude-opus-4-6 # Primary (premium)\n β†’ venice/claude-opus-45 # Venice fallback\n β†’ venice/kimi-k2-5 # Venice open tier\n β†’ morpheus/kimi-k2.5 # Local proxy (MOR staking)\n β†’ mor-gateway/kimi-k2.5 # API Gateway (open beta)\n\n\nFor new users without Venice or a local proxy, the gateway is the first and only provider β€” making it the critical bootstrap path.\n\n20. Always-On Setup for 24/7 Operation (v0.9.9)\n\nYour agent needs your Mac to stay awake. macOS defaults to sleep after inactivity, which interrupts cron jobs, heartbeats, and long-running tasks. Everclaw includes an always-on setup script that configures power management for continuous operation.\n\nQuick Setup\n# Configure macOS to never sleep (requires sudo)\nsudo bash skills/everclaw/scripts/always-on.sh\n\n# Restore default power settings\nsudo bash skills/everclaw/scripts/always-on.sh --restore\n\nWhat It Does\n\nThe script configures macOS power management for 24/7 operation:\n\nSetting\tValue\tPurpose\ndisablesleep\t1\tSystem never sleeps\nstandby\t0\tNo hibernation\nautopoweroff\t0\tNo deep sleep\npowernap\t1\tNetwork activity while display off\nwomp\t1\tWake on LAN enabled (remote access)\nautorestart\t1\tAuto-restart after power failure\ntcpkeepalive\t1\tKeep network connections alive\ndisksleep\t0\tNever spin down disks\nLaunchAgent for Caffeinate\n\nThe script also installs a LaunchAgent (com.everclaw.alwayson) that runs caffeinate -i -d -s in the background, providing an additional layer of protection against system sleep:\n\n-i β€” Prevent system from idling to sleep\n-d β€” Prevent display from sleeping\n-s β€” Prevent system from sleeping when on AC power\nVerify It's Working\n# Check current power settings\npmset -g\n\n# Should show:\n# SleepDisabled 1\n# standby 0\n# autorestart 1\n\nWhy This Matters for Agents\n\nWithout always-on configuration:\n\nCron jobs don't fire while sleeping\nHeartbeats miss their schedule\nLong-running tasks (file transfers, backups) fail\nYour agent appears \"offline\" to other agents/users\n\nWith always-on:\n\nCron jobs fire on schedule\nHeartbeats run every 30 minutes like clockwork\nLong tasks complete uninterrupted\nYour agent is reachable 24/7\nPower Consumption\n\nA Mac Mini M4 at idle with sleep disabled draws ~6-10W. That's roughly:\n\n$0.50-1.00/month at $0.12/kWh\nNegligible compared to AI inference costs\nAlternatives for Other Platforms\n\nLinux:\n\nsudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target\n\n\nHeadless Raspberry Pi: No sleep by default. Ensure systemd services are enabled for OpenClaw and Morpheus.\n\nTroubleshooting\n\nMac still sleeps:\n\nCheck pmset -g assertions for any processes preventing sleep\nVerify LaunchAgent is loaded: launchctl list | grep everclaw\nCheck Energy Saver settings in System Settings aren't overriding pmset\n\nDisplay still sleeps: This is fine β€” the system stays awake even with display off thanks to Power Nap. To disable display sleep entirely:\n\nsudo pmset -a displaysleep 0\n\n21. Three-Shift Task Planning (v2026.2.21)\n\nA structured task planning system that proposes prioritized work plans at the start of each 8-hour shift. Nothing executes without user approval.\n\nShifts\nShift\tDefault Time\tWindow\tCharacter\nβ˜€οΈ Morning\t6:00 AM\t6 AM – 2 PM\tRamp-up: meetings, comms, decisions\n🌀️ Afternoon\t2:00 PM\t2 PM – 10 PM\tDeep work: coding, writing, building\nπŸŒ™ Night\t10:00 PM\t10 PM – 6 AM\tAutonomous: research, maintenance\nHow It Works\nGather context β€” Reads memory files, calendar, email, git status, previous shift handoff\nGenerate plan β€” Prioritized tasks (P1 must-do, P2 should-do, P3 could-do), active project status, blocked items\nPresent for approval β€” User approves, modifies, or skips before anything executes\nExecute β€” Works through approved tasks in priority order, logs progress\nHandoff β€” Writes shift summary for the next shift to pick up\nSetup\n# Create three cron jobs (adjust times to your timezone)\nopenclaw cron add --name three-shifts-morning --schedule \"0 6 * * *\" \\\n --message \"Generate morning shift plan. Read the three-shifts skill, gather context, and propose tasks for the 6 AM – 2 PM window.\"\n\nopenclaw cron add --name three-shifts-afternoon --schedule \"0 14 * * *\" \\\n --message \"Generate afternoon shift plan. Read the three-shifts skill, gather context, and propose tasks for the 2 PM – 10 PM window.\"\n\nopenclaw cron add --name three-shifts-night --schedule \"0 22 * * *\" \\\n --message \"Generate night shift plan. Read the three-shifts skill, gather context, and propose tasks for the 10 PM – 6 AM window.\"\n\nShift-Specific Rules\nMorning/Afternoon: External actions (emails, PRs, messages) allowed with approval\nNight: Autonomous only β€” no external comms, no financial transactions, no destructive ops\nNight cancellation: If user doesn't approve by 10:30 PM, night shift is cancelled\n\nSee three-shifts/SKILL.md for full documentation including approval workflows, configuration options, weekend behavior, and quiet hours.\n\nChangelog\n2026.2.21\nThree-Shift Task Planning β€” Morning/Afternoon/Night shift system with prioritized task proposals and approval workflow\nGateway Guardian v5 β€” Direct curl inference probes replace openclaw agent probes. Eliminates 71K workspace prompt injection into health checks, prevents Signal spam from failed probes, uses glm-4.7-flash for fast lightweight probing\nVersion scheme change β€” Moved from semver (0.9.x) to date-based versioning (YYYY.M.DD)\n0.9.9\nAlways-on 24/7 power configuration for macOS\nGLM-5 as default model (replaces Kimi K2.5)\n0.9.8.3\nCommunity contributions (dynamic model discovery, install.sh fixes, bash 3.2 compat, agent integration docs)\nReferences\nreferences/acquiring-mor.md β€” How to get MOR tokens (exchanges, bridges, swaps)\nreferences/models.md β€” Available models and their blockchain IDs\nreferences/api.md β€” Complete proxy-router API reference\nreferences/economics.md β€” How MOR staking economics work\nreferences/troubleshooting.md β€” Common errors and solutions\nsecurity/skillguard/SKILL.md β€” SkillGuard full documentation\nsecurity/clawdstrike/SKILL.md β€” ClawdStrike full documentation\nsecurity/prompt-guard/SKILL.md β€” PromptGuard full documentation\nsecurity/bagman/SKILL.md β€” Bagman full documentation\nx402 Protocol β€” HTTP-native payment protocol specification\nERC-8004 β€” Trustless Agents EIP specification\n8004scan β€” Agent registry explorer" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/DavidAJohnston/everclaw-inference", "publisherUrl": "https://clawhub.ai/DavidAJohnston/everclaw-inference", "owner": "DavidAJohnston", "version": "0.10.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/everclaw-inference", "downloadUrl": "https://openagent3.xyz/downloads/everclaw-inference", "agentUrl": "https://openagent3.xyz/skills/everclaw-inference/agent", "manifestUrl": "https://openagent3.xyz/skills/everclaw-inference/agent.json", "briefUrl": "https://openagent3.xyz/skills/everclaw-inference/agent.md" } }