SOLANA_NETWORK BLOCK: CL-001

Your AI agent can't pay for anything.

Wallets weren't built for autonomous agents.
We fix that.

VERSION: 1.0.0 SYS_INIT
// WHAT CLPAY DOES

Give Claude a Solana wallet with built-in risk control — every payment validated before execution.

One MCP server. Validator agent + risk engine + spending limits + audit trail → autonomous payments. No manual approval.

NODE: ACTIVE
• AUTONOMOUS AI PAYMENTS • PRE-EXECUTION VALIDATION • 6-SIGNAL RISK ENGINE • SPENDING LIMITS • FULL AUDIT TRAIL • MCP COMPATIBLE • SOLANA DEVNET + MAINNET • • AUTONOMOUS AI PAYMENTS • PRE-EXECUTION VALIDATION • 6-SIGNAL RISK ENGINE • SPENDING LIMITS • FULL AUDIT TRAIL • MCP COMPATIBLE • SOLANA DEVNET + MAINNET •
TRANSACTION_FLOW LIVE DEMO
clpay — transaction
claude ▸ I need GPT-4 API access for comparison analysis
⟡ CLPAY Initiating payment validation...
Simulating transaction: 0.02 SOL → OpenAI merchant
Contract verified — no malicious patterns
Risk score: 0.12 / 1.00 — LOW
Necessity: HIGH — required for current task
◈ APPROVED tx: 5Kj9...mR2x
PROTOCOL_SEQUENCE

HOW IT WORKS

STEP_01 01

INSTALL

$ npm install && node generate-wallet.js

Creates a Solana wallet, airdrops devnet SOL, sets up the MCP server. 30 seconds.

BLOCK: CL-001
STEP_02 02

CONNECT

$ cp mcp.example.json .kiro/settings/mcp.json

Add CLPAY to your Kiro or Claude Desktop MCP config. The AI agent gets 4 payment tools instantly.

BLOCK: CL-002
STEP_03 03

PAY

claude: "Pay 0.02 SOL for API access"

The agent requests payment. CLPAY simulates, validates, risk-checks, and executes — fully autonomous, fully audited.

BLOCK: CL-003
CAPABILITIES_MATRIX

FEATURES

SYS_001

Solana Wallet

Native Solana integration with SPL token support. Sub-second transactions, minimal fees. Private keys isolated in sandboxed module.

MODULE: SYS_001
SYS_002

Pre-Execution Validation

Every transaction is simulated on-chain before real SOL moves. The validator agent checks contracts, recipients, state changes.

MODULE: SYS_002
SYS_003

Risk Analysis

6-signal composite risk scoring: recipient reputation, contract verification, transaction patterns, simulation results, history, network health.

MODULE: SYS_003
SYS_004

Necessity Evaluation

AI evaluates whether the purchase is truly needed for the current task. Blocks unnecessary spending before it happens.

MODULE: SYS_004
SYS_005

Spending Limits

Hard per-transaction and daily caps enforced at wallet level. The AI cannot override these — they're outside its control.

MODULE: SYS_005
SYS_006

Full Audit Trail

Every transaction logged with reasoning, risk score, necessity level, and on-chain signature. Complete transparency, always.

MODULE: SYS_006
DATA_READOUT

BY THE NUMBERS

4Validation stages per transactionPIPELINE_DEPTH
6Risk signals analyzed in parallelSIGNAL_COUNT
19Test cases — all passingTEST_COVERAGE
<400msAverage validation latencyLATENCY_AVG
0Direct key access by AI agentKEY_EXPOSURE
Custom stages supportedEXTENSIBILITY
VALIDATION_PIPELINE

INSIDE THE PIPELINE

Every payment passes through 4 sequential stages. If any stage fails, the transaction is blocked immediately. No exceptions.

01
STAGE: SIMULATION

Transaction Simulation

Dry-run on Solana. Captures success/failure, token movements, state changes, compute units, errors. Failed simulation → instant block.

OUTPUT: success | logs | balanceChange | unitsConsumed | error
02
STAGE: SECURITY

Security & Risk Analysis

Recipient checked against allowlist/blocklist. Risk engine evaluates 6 weighted signals → composite score 0–1. Blocklisted = instant reject.

OUTPUT: riskScore | riskLevel | flags[] | details{}
03
STAGE: NECESSITY

Necessity Evaluation

Analyzes reason + task context. Classifies as HIGH / MEDIUM / LOW / NONE. NONE = blocked. The agent must justify every payment.

OUTPUT: level (high|medium|low|none) | explanation
04
STAGE: LIMITS

Spending Limits

Per-transaction and 24h rolling daily caps. Set by human operator, enforced at wallet level. AI cannot override. Exceeding = blocked.

OUTPUT: spent | limit | remaining | resetsAt
RISK_ENGINE_V1

RISK SIGNALS

Composite score from 6 independently evaluated signals.

SignalWeightChecks
RECIPIENT_REPUTATION25%Allowlisted → 0.0 | Unknown → 0.5 | Blocklisted → 1.0
CONTRACT_VERIFICATION20%Verified source, audit status, program ownership
TRANSACTION_PATTERN15%Unusual amounts, rapid-fire txs, timing anomalies
SIMULATION_RESULT20%Unexpected failures, state changes, compute overuse
HISTORICAL_BEHAVIOR10%Past interactions, success rate with recipient
NETWORK_CONDITIONS10%Congestion, fee spikes, network anomalies
0.0 — 0.3LOW RISKPROCEED
0.3 — 0.6MEDIUMCAUTION
0.6 — 1.0HIGH RISKBLOCKED
USE_CASES

WHAT CAN YOUR AGENT PAY FOR?

UC_001

API Access

GPT-4 for comparison, specialized data APIs for research. CLPAY validates the merchant and logs the reason.

UC_002

Cloud Resources

GPU instances, storage, compute. The agent pays only what's needed for the current task.

UC_003

SaaS Subscriptions

Monitoring, analytics, databases. Recurring payments with daily limit protection.

UC_004

Data Purchases

Datasets, market feeds, premium content. Necessity evaluator ensures it's actually needed.

UC_005

Service Fees

Translation, image generation, code review. Any Solana-payable service becomes accessible.

UC_006

Multi-Agent Payments

Agent-to-agent payments. Same pipeline, same security, same audit trail.

DISTRIBUTION_NETWORK

NETWORKS

NET_DEV

DEVNET

Free SOL via airdrop. Perfect for testing. No real money at risk.

FreeRECOMMENDED FOR TESTING
NET_MAIN

MAINNET-BETA

Real SOL, real transactions. Same code, different config. Lower limits recommended.

Real fundsPRODUCTION READY
THREAT_MODEL

ATTACK VECTORS

THREAT_001

Prompt Injection

Validator agent is independent — runs its own logic, not the AI's. Compromised AI can't bypass it.

THREAT_002

Malicious Merchant

Blocklist + unknown recipient flagging + contract verification. Multi-layer defense.

THREAT_003

Excessive Spending

Hard limits at wallet level. Human-set, AI-unmodifiable. Per-tx + daily caps.

THREAT_004

Transaction Manipulation

Simulation detects unexpected state changes before execution.

THREAT_005

Key Theft

#private fields, memory zeroing on destroy(), optional HSM support.

THREAT_006

Rapid-Fire Drain

Pattern analysis flags >3 txs/minute. RAPID_TRANSACTIONS flag → elevated risk.

CONFIG_REFERENCE

ENVIRONMENT VARIABLES

VariableDefaultDescription
CLPAY_WALLET./keys/dev-wallet.jsonPath to keypair
CLPAY_NETWORKdevnetdevnet | testnet | mainnet-beta
CLPAY_RISK_THRESHOLD0.5Max risk score (0–1)
CLPAY_PER_TX_LIMIT0.1Max SOL per transaction
CLPAY_DAILY_LIMIT1.0Max SOL per 24h
CLPAY_ALLOWLIST(empty)Comma-separated trusted addresses
SECURITY_PROTOCOL

TRUST, BUT VERIFY

Sandboxed Keys

Private keys live in #private class fields. The AI agent never sees them — only the wallet module can sign.

Independent Validator

The validator agent runs its own pipeline. Prompt injection can't bypass it — it's a separate decision-maker.

Allowlist / Blocklist

Define trusted merchants. Unknown recipients trigger elevated validation. Blocklisted addresses are auto-rejected.

MCP_INTERFACE

TOOLS

clpay_pay

Full validation pipeline → execute or reject

clpay_simulate

Dry-run transaction, no SOL moves

clpay_balance

Wallet balance + daily spending status

clpay_history

Transaction log with filtering

DOCUMENTATION

GETTING STARTED

Read the Docs View on GitHub
MCP Server Solana Devnet / Mainnet