Encrypted vault, ZK settlement archiving, x402 payment receipts, Agent Passport binding, and Solana anchoring for OpenClaw and agent runtimes. Drop-in stack — compression, privacy, payments, identity.
openclaw-skills is a growing Python project in the AI payments / x402 ecosystem, focused on agent-passport, agent-vault, ai-agents, audit-trail. It currently has 23 GitHub stars and 3 forks, and sits alongside related tools like openclaw-vault, ag402, ag402.
One home for Parad0x Labs' agent skills — payments, context compression, the .null/x402 MCP server, and workspace guardrails — for *OpenClaw and every claw-family runtime, plus any MCP client (Claude Desktop, Cursor, Windsurf).
Give your agent the ability to pay and get paid in USDC, on Solana mainnet-beta (public beta, mainnet opt-in; not yet audited) — non-custodial, with a hard spend cap. Drop these into an OpenClaw agent:
# Pay + charge (OpenClaw plugins — drop into an agent)
# skills/x402-pay — your agent pays x402 endpoints
# skills/x402-gate — charge other agents for your skill/API
# Receipts + status MCP server (any MCP client)
npx @parad0x_labs/mcp-server # → skills/mcp-server
# .null identity + one-call web0 setup (Solana mainnet-beta; self-serve registration rolling out)
npx @parad0x_labs/null-mcp # resolve / verify ownership / pay a .null name (any MCP client)
npm i @parad0x_labs/openclaw-web0-onboard # one call: identity + x402 storefront + register your .null name
# Keep long paid sessions cheap
npm i @parad0x_labs/openclaw-context-capsule
Walk it end to end: The Web0 agent loop →.
Your agent's .null identity + pay-by-name run on Solana mainnet-beta (public beta; self-serve registration rolling out) — openclaw-web0-onboard registers the name and publishes your x402 endpoint, so buyers pay_x402("yourname.null").
Together they're an agent-to-agent marketplace: an agent publishes what it can do, another discovers it by capability, pays per call in USDC, and both keep a verifiable receipt — no human in the loop, no platform holding the funds.
x402-pay + x402-gate settle in USDC on Solana mainnet-beta
(public beta). Each payment carries a 0.05% protocol fee in the same atomic
transaction, verified on-chain by the gate (client-side, fail-closed; non-custodial).agent-passport + web0-onboard bind a .null name, so an
agent is discoverable by a verifiable on-chain identity, not a URL.null-mcp) lets an agent find another by what
it does, then re-resolve it on-chain before paying.Full write-up: agent.null — the autonomous agent marketplace.
| Skill | What it does | Standalone? | Pairs with | Install |
|---|---|---|---|---|
x402-pay |
Your agent pays x402-gated APIs/agents in USDC on Solana mainnet-beta (mainnet opt-in; devnet by default) — BYO signer, never holds a key, hard spend cap | ✅ works against any x402 endpoint | x402-gate (the selling side) |
npm i @parad0x_labs/openclaw-x402-pay |
x402-gate |
Charge other agents per call — mint a 402 challenge, verify (optionally on-chain-confirmed), serve; funds land in your own wallet | ✅ any x402 client can pay it | x402-pay (the buying side) |
npm i @parad0x_labs/openclaw-x402-gate |
context-capsule |
Compresses long session history before the model call — bounded, deterministic, keeps decisions/errors/IDs/ports/values, no network, no chain (fidelity measured on your own ~/.openclaw sessions via test/fidelity-bench.mjs) |
✅ fully self-contained | everything — orthogonal | npm i @parad0x_labs/openclaw-context-capsule |
mcp-server |
MCP server for any MCP client (Claude Desktop/Cursor/Windsurf): x402 quote, receipt anchoring, single-use nullifier checks, agent-identity lookup, mainnet-beta stack status. Read-only by default; writes need an opt-in keypair + per-call confirm | ✅ standalone MCP server | pairs with null-mcp for the full loop |
npx @parad0x_labs/mcp-server |
web0-onboard |
One call to stand up a paid .null agent: derives your identity, returns an x402 storefront config, wires receipt anchoring, and exposes register_null_name / set_null_endpoint / set_null_stealth_meta so buyers pay_x402("yourname.null") — registrar on Solana mainnet-beta, non-custodial |
✅ one-call web0 setup | null-mcp, x402-gate |
npm i @parad0x_labs/openclaw-web0-onboard |
agent-passport |
On-chain agent identity — .null name + ETH↔Solana wallet binding via get_agent_passport / verify_agent_identity, verified against the live on-chain owner |
✅ identity lookup + verify | web0-onboard, x402-pay |
npm i @parad0x_labs/openclaw-agent-passport |
payment-session |
Streaming + recurring x402 billing over pay_x402 — metered and subscription charges with a hard per-session cap |
✅ wraps any x402 endpoint | x402-pay, x402-gate |
npm i @parad0x_labs/openclaw-payment-session |
liquefy-openclaw |
Skill pack for the vault appliance: scan/pack flows, guarded runs, context gate, replay blocking, restore | needs the vault appliance below | vault appliance | copy skill dir / ClawHub |
liquefy_archive |
One-click compression, redaction & vault archival of OpenClaw workspaces | needs the vault appliance below | vault appliance | skill.json install |
liquefy_token_guard |
Token usage scan, waste audit, and budget guard for agent workspaces | needs the vault appliance below | vault appliance | skill.json install |
Plus the resident module: the vault appliance (Python, repo root) — trace vaults, policy enforcement, flight recorder, state/history guards. The three liquefy skills above are its front-ends.
Start here → The Web0 agent loop: pay and get paid in USDC on Solana mainnet-beta (public beta), anchor receipts, and keep long sessions cheap — non-custodial at every step.
Every entry under skills/ is a self-contained module:
skills/<name>/** — a change
to one skill builds and tests only that skill.Everything here is MIT. Money-touching skills are non-custodial by design — your own wallet signs, the skill never holds a key — and capped on the paying side.
Parad0x Labs builds Web0 on Solana — money and agents that settle themselves. You are here: 🧩 Skills — the OpenClaw-facing distribution of the stack below.
| Layer | Repo | Does |
|---|---|---|
| 💸 Payments | dna-x402 | x402 rail: quote → pay → verify → receipt → anchor |
| 🛠️ Build | dna-x402-builders | Hosted kit: turn any API/bot into a paid agent |
| 🕶️ Privacy | Dark-Null-Protocol | Groth16 privacy settlement — devnet, unaudited (mainnet rolling out); published proofs |
| 🗜️ Data | liquefy | Columnar compression that beats Zstd |
| 🛡️ Audit | liquefy-openclaw-integration | Flight recorder: 24 engines + Solana-anchored audit trails |
| 🎬 Media | nebula-media | Proof-carrying media compression — scene-aware + on-chain receipts |
| 🧠 Local AI | nulla-local | Local-first agent runtime — your machine, your memory |
See it live (a consumer app running on these rails): parad0xlabs.com
product: openclaw-skills
category: modular agent skills for OpenClaw and *claw-family runtimes
skills:
x402-pay: pay x402-gated APIs on Solana mainnet-beta (BYO signer, capped)
x402-gate: charge other agents per call (no custody, on-chain verify option)
context-capsule: compress long session history (no network, no chain)
mcp-server: MCP server — x402 quote / receipt anchor / nullifier / stack status (any MCP client)
liquefy-openclaw: guardrail flows for the vault appliance
liquefy_archive: one-click workspace vaulting
liquefy_token_guard: token waste audit + budgets
plugins:
web0-onboard: one-call web0 setup — .null identity + x402 storefront + receipt anchoring (npm, mainnet-beta)
agent-passport: on-chain agent identity — .null + ETH<->Solana binding, verified vs live owner
payment-session: streaming + recurring x402 billing (hard per-session cap)
resident_module: vault appliance (Python, repo root — trace vaults, policy, flight recorder)
contract: skills are self-contained — no cross-skill imports, path-filtered CI
agent_loop: docs/WEB0_AGENT_LOOP.md (name + x402 endpoint + get paid); PUBLISH_RUNBOOK.md
companions:
null-mcp: "@parad0x_labs/null-mcp — .null domains MCP (canonical: web0-internal)"
entrypoints:
catalog: ./README.md
skills: ./skills/
agent_guide: ./AGENTS.md
stack_map: ./docs/PARADOX_STACK.md
not_for:
- the x402 rail itself (see dna-x402)
- privacy settlement protocol (see Dark-Null-Protocol)
related_repos:
payment_rail: https://github.com/Parad0x-Labs/dna-x402
privacy_settlement: https://github.com/Parad0x-Labs/Dark-Null-Protocol
audit_layer: https://github.com/Parad0x-Labs/liquefy-openclaw-integration
The rest of this README documents the repo's largest module: the vault
appliance — an entropy-native compression + security layer for agent
infrastructure. Trace vaults, bit-perfect verification, tamper-evident audit
trails, policy enforcement, and Solana anchoring. The liquefy-* skills in the
catalog are thin front-ends over these tools.
Agent frameworks produce trace explosions: JSONL logs, tool call outputs, HTML reports.
Trace Vault packs an entire run folder into verified .null archives with optional per-org encryption.
Restore is bit-perfect.
macOS / Linux:
git clone https://github.com/Parad0x-Labs/openclaw-skills
cd openclaw-skills
make setup
make quick DIR=~/openclaw/sessions
Windows (PowerShell):
git clone https://github.com/Parad0x-Labs/openclaw-skills
cd openclaw-skills
.\setup.ps1
.venv\Scripts\python tools\tracevault_pack.py .\your\data --org default --out .\vault\output --json
pip install (add to existing project):
pip install git+https://github.com/Parad0x-Labs/openclaw-skills.git
pip install "liquefy-openclaw[all] @ git+https://github.com/Parad0x-Labs/openclaw-skills.git" # with all extras
Optional extras: vision (Pillow), cloud (boto3), anchor (solders), api (FastAPI server), all (everything).
Docker:
git clone https://github.com/Parad0x-Labs/openclaw-skills
cd openclaw-skills
docker compose run liquefy tools/tracevault_pack.py ./data --org default --out ./vault/output --json
See AGENTS.md for presets, full commands, and agent integration.
Default profile is the production-oriented baseline. The scoreboard below is the current headline benchmark view (green/yellow/red = win/tie/loss by repo policy bands).

Scoreboard source of truth (generated locally by the bench runner — bench/results/
is gitignored, so these files are not present in a fresh clone; regenerate them
with the bench scripts before quoting numbers):
./bench/results/SCOREBOARD.csv./bench/results/SCOREBOARD_SUMMARY.mdScoreboard summary from the reference run behind the image above:
WIN_SPEED: 16WIN_RATIO: 7WIN_RATIO+SPEED: 2TIE_OK: 17FAIL: 0This scoreboard combines:
Note: engine-core tuning has moved since some previously generated benchmark artifacts. Regenerate SCOREBOARD.csv / SCOREBOARD_SUMMARY.md and the scoreboard image after major engine changes before publishing fresh numeric claims.
| Fixture | Purpose | Expected route |
|---|---|---|
apache.log |
Apache log routing smoke | liquefy-apache-rep-v1 |
cloudtrail.jsonl |
CloudTrail/JSONL routing smoke | liquefy-cloudtrail-v1 or JSON family engine |
dump.sql |
SQL routing smoke | liquefy-sql-velocity-v1 |
sample.json |
JSON routing smoke | JSON family engine (hypernebula / cascade candidate) |
syslog_3164.log |
RFC3164 syslog routing smoke | liquefy-syslog-rep-v1 |
syslog_5424.log |
RFC5424 syslog routing smoke | liquefy-syslog-rep-v1 |
vpcflow.log |
VPC flow routing smoke | liquefy-vpcflow-v1 |
These tiny fixtures are routing/correctness smoke examples only. Do not use them as headline performance numbers.
# One-command local install (macOS/Linux, Apple Silicon-friendly source path)
./install.sh
# Activate the local environment
source .venv/bin/activate
# Sanity-check the installed CLI surface
liquefy self-test --json
# Pack a run folder
python tools/tracevault_pack.py ./runs/latest --org dev --out ./vault/latest
# Restore
python tools/tracevault_restore.py ./vault/latest --out ./restored/latest
The activated venv exposes liquefy, liquefy-safe-run, and liquefy-context-gate.
# Build/runtime metadata
python tools/tracevault_pack.py --version --json
# Crypto + zstd + policy smoke checks
python tools/liquefy_openclaw.py --self-test --json
# Environment checks (paths, perms, secret requirements)
python tools/tracevault_restore.py --doctor --json
All three wrappers support --version, --self-test, and --doctor (machine-readable with --json).
Liquefy doesn't care which framework runs your agents. If it produces files, we compress, verify, and audit them.
| Framework | Status | Notes |
|---|---|---|
| OpenClaw | Native plugin + skill pack | Full integration, benchmarked |
| NanoClaw | Works out of the box | Container output → make quick |
| LangChain | Works out of the box | JSONL/JSON traces routed automatically |
| CrewAI | Works out of the box | Agent run folders pack directly |
| Claude Agent SDK | Works out of the box | Structured JSON output, ideal match |
| Custom / scripts | Works out of the box | Any directory with logs/data |
# At end of any agent run, pack the output folder
python tools/tracevault_pack.py ./agent-output --org dev --out ./vault/latest
# Fastest OpenClaw source install + self-test + first safe scan (macOS/Linux)
git clone https://github.com/Parad0x-Labs/openclaw-skills.git && \
cd openclaw-skills && \
./install.sh && \
./.venv/bin/python tools/liquefy_openclaw.py --self-test --json && \
./.venv/bin/python tools/liquefy_openclaw.py --workspace ~/.openclaw --out ./openclaw-vault --json
# Then (optional) use the bundled wrapper after install:
# Whole-workspace pack with built-in credential denylist + report
./liquefy openclaw --workspace ~/.openclaw --out ./openclaw-vault --verify-mode full --workers 8
The repo wrapper prefers ./.venv/bin/python automatically when it exists, so ./liquefy ... works immediately after source bootstrap.
This command writes OPENCLAW_LIQUEFY_REPORT.md inside the vault output folder and keeps compressed search available via:
./liquefy search ./openclaw-vault --query "trace_id"
# Inspect the active effective policy before packing (human-readable)
python tools/liquefy_openclaw.py --workspace ~/.openclaw --out ./openclaw-vault \
--print-effective-policy
# Explain why a path is allowed/denied (JSON, plugin-friendly)
python tools/liquefy_openclaw.py --workspace ~/.openclaw --out ./openclaw-vault \
--json --explain credentials/api.pem
# Use a shared policy file for TraceVault scans
python tools/tracevault_pack.py ./runs/latest --org dev --out ./vault/latest \
--scan-only --policy ./policies/balanced.yml --json
# Explicit risky override (loud, audited, recorded in JSON/report)
python tools/liquefy_openclaw.py --workspace ~/.openclaw --out ./openclaw-vault \
--json --include-secrets "I UNDERSTAND THIS MAY LEAK SECRETS"
Policy examples:
./policies/strict.yml./policies/balanced.yml./policies/demo_risky.ymlSecurity docs:
./docs/policy.md./docs/sdk.md./SECURITY.md./THREAT_MODEL.mdJSON schemas (plugin / SDK integration contracts):
./schemas/liquefy.tracevault.cli.v1.json./schemas/liquefy.tracevault.restore.cli.v1.json./schemas/liquefy.openclaw.cli.v1.json./schemas/liquefy.cli.v1.jsonRestore safety:
tracevault_restore.py defaults to a 2 GiB total output cap to prevent disk-filling accidents.--max-output-bytes 0 to disable the cap (power-user override).Status artifacts (generated):
./bench/results/LIQUEFY_STATUS_REPORT.md./bench/results/LIQUEFY_STATUS_REPORT.jsonFree for any use under the MIT License — personal, nonprofit, academic, and commercial alike, including monetized hosted/API offerings and paid wrappers. No separate commercial license, no change date.
Decoder is always available. Decompression and verification never require a license, a running service, or access to this repo. Archives are self-contained. Your data is never hostage.
Not affiliated with OpenClaw, NanoClaw, or any agent framework vendor. See docs/TRACE_VAULT.md for details.
# Legacy agent-scoped workflow (still supported)
python tools/openclaw_tracevault.py list
python tools/openclaw_tracevault.py pack --agent <agentId> --out ./vault/openclaw/<agentId>
python tools/openclaw_tracevault.py pack --agent <agentId> --since-days 7 --out ./vault/openclaw/<agentId>
Licensed under the MIT License — free for any use, commercial or not, with no change date and no separate commercial tier. See LICENSE.
Liquefy is internally tested for bit-perfect round-trip across the suite. Our test suite covers 24 engine combinations and validates integrity against the Golden-Rule standard.
The Liquefy decoder CLI/appliance path provides offline data recovery and verification for production .null archives in hardened environments.
This repository + Docker is sufficient for offline decompression and verification. No license is required for decode-only recovery.
# Fastest source install (macOS/Linux, Apple Silicon-friendly)
git clone https://github.com/Parad0x-Labs/openclaw-skills.git && cd openclaw-skills && ./install.sh
# Equivalent step-by-step:
git clone https://github.com/Parad0x-Labs/openclaw-skills.git
cd openclaw-skills
# Source install (works today)
./install.sh
# Or use the decoder wrapper directly (Docker-backed path for decode/verify)
chmod +x ./liquefy
Release binaries include SHA256SUMS.txt. Verify downloads before running them:
./docs/VERIFY_DOWNLOADS.md for macOS/Linux/Windows commands.SHA256SUMS.txt automatically in GitHub Releases.# Decompress a production archive
./liquefy decompress archive.null restored.log
# Verify bit-perfect integrity
./liquefy verify archive.null
.\liquefy decompress archive.null restored.log
Unlike our previous black-box releases, this repository now contains the complete source code for the Liquefy compression engines, orchestrator, and safety valves.
You can inspect, compile, and run the entire source-available stack locally:
See the api/engines folder for the Python implementations. Under the MIT License you can run compressions directly, with or without Docker, for any use — personal or production.
A Node.js OpenClaw plugin wrapper scaffold is included under:
./plugins/openclaw-pluginIt exposes liquefy_scan (read-only) and liquefy_pack_apply (optional) by shelling out to the Liquefy CLI JSON contracts.
It also includes a ClawHub/OpenClaw skill pack scaffold under:
./plugins/openclaw-plugin/skills/liquefy-openclaw/SKILL.mdA standalone ClawHub-ready skill bundle also lives under:
./skills/liquefy-openclawPublish/install trust notes (pinned plugin versions, checksums, safe defaults):
./docs/openclaw-plugin-publish.md./docs/clawhub-skill-publish.mdDNA is our open-source payment rail for AI agents (x402 protocol on Solana). The DNA payment bridge plugin archives micropayment audit logs and cryptographic receipts into Liquefy .null vaults.
./plugins/dna-paymentWhat it does:
.null vaults with bit-perfect verificationQuick usage:
# Export DNA payment data to a Liquefy-ready directory
python plugins/dna-payment/dna_bridge.py export \
--server http://localhost:8080 \
--out ./vault-staging/dna-payments
# Status / audit summary from the running DNA node
python plugins/dna-payment/dna_bridge.py status \
--server http://localhost:8080
# Pack into a .null vault
python tools/tracevault_pack.py ./vault-staging/dna-payments \
--org dna --out ./vault/dna-payments --json
DNA can also run as a live sidecar, streaming payment events directly into vault directories in real-time. See plugins/dna-payment/README.md for full integration docs.
15 ready-made agent templates with built-in guardrails, interaction chains, and one-command scaffolding. Each template comes with safe defaults (draft-only mode, action caps, quiet hours, content deny-lists) so high-risk agents like email campaigns or social publishers can't go rogue out of the box.
liquefy agents list # Browse 15 templates
liquefy agents show inbox-triage-agent # Inspect guardrails & I/O contract
liquefy agents map # Show all interaction chains
liquefy agents scaffold email-campaign-agent --runtime openclaw --out ./agents # Generate workspace
draft_only with approval gates, action throttles, and recipient allowlistsSee docs/OPENCLAW_AGENT_BLUEPRINTS.md for the full catalog and chain documentation.
An agent crashes, the session resets, and suddenly it doesn't know there's $450K in the wallet. State Guard prevents this by declaring critical state files, verifying them before every run, and checkpointing them after. If state goes missing or drifts, the agent is blocked from acting until recovery.
liquefy state-guard init ~/.openclaw --files wallet-state.json positions.json --strict
liquefy state-guard check ~/.openclaw --json # Pre-flight: PASS or BLOCK
liquefy state-guard checkpoint ~/.openclaw # Post-flight: hash + backup state
liquefy state-guard status ~/.openclaw # Dashboard: file health at a glance
liquefy state-guard recover ~/.openclaw # Restore last checkpointed state
--strict)*-state.json, *-history.jsonl) in the workspaceAgents with access to email, calendar, Telegram, Discord, or social accounts can go rogue and delete everything. History Guard continuously pulls authorized exports from configured providers, vaults them with compression + encryption, and gates risky commands behind approval tokens and pre-action snapshots.
liquefy history-guard init --workspace ~/.openclaw # Create config with provider templates
liquefy history-guard set-approval-token --workspace ~/.openclaw # Set approval hash for risky ops
liquefy history-guard pull-once --workspace ~/.openclaw --json # One-shot pull + vault cycle
liquefy history-guard watch --workspace ~/.openclaw --poll-seconds 60 # Continuous pull daemon
liquefy history-guard gate-action --workspace ~/.openclaw --command "python nuke_inbox.py" --json
liquefy history-guard status --workspace ~/.openclaw --json # Provider health dashboard
See docs/OPENCLAW_HISTORY_GUARD.md for architecture, approval model, and provider contract.
Agents process emails, logs, and user data that contain PII (emails, IPs, API keys, phone numbers, SSNs, wallet addresses). The Redact tool strips sensitive values and replaces them with typed placeholders BEFORE data enters an LLM context window or leaves your network. Unlike LeakHunter (which blocks), Redact produces a clean, usable copy.
liquefy redact scan ./agent-output --json # Dry-run: report PII without changes
liquefy redact apply ./agent-output --out ./clean --json # Redact to output directory
liquefy redact apply ./agent-output # Redact in-place
liquefy redact profile ./agent-output --json # PII density + impact estimate
--categories email ipv4)--include-walletsLogs are mostly noise (heartbeats, health checks, status 200s, metrics scrapes). The De-Noise tool strips routine noise and keeps only signal lines (errors, warnings, crashes, security events, state changes, payment activity) plus configurable context around them. Can cut LLM context token cost by 60-95% depending on log composition — run denoise stats first to see yours.
liquefy denoise stats ./logs --json # Estimate noise ratio
liquefy denoise filter ./logs --out ./signal --json # Filter noise, keep signal + context
liquefy denoise filter ./logs --context 5 --keep-neutral # More context, keep neutral lines
liquefy denoise extract ./logs --trace-id abc-123 --json # Extract error clusters for a trace ID
AI agents capture redundant screenshots (10-50 shots of the same static window). The Vision engine deduplicates near-identical images using perceptual hashing, storing only unique frames.
make vision-scan DIR=./agent-screenshots # Report dedup potential
make vision-pack DIR=./agent-screenshots # Pack into VSNX vault (deduplicated)
make vision-restore SRC=./vault/vision.vsnx # Restore all images from vault
make vision-stats SRC=./vault/vision.vsnx # Show dedup stats
pip install PillowEvery agent run is captured into a cryptographically signed, tamper-evident "black box." If an agent goes rogue — drops a database, leaks customer data, burns $50K in API calls — you don't grep through JSON. You open an HTML report and see exactly what happened, verified by an unbroken SHA-256 hash chain that proves the logs were not altered after the fact.
make compliance VAULT=./vault ORG=acme TITLE="Q1 Audit" # HTML forensic report
make compliance-verify VAULT=./vault # Verify chain integrity (pass/fail)
make compliance-timeline VAULT=./vault # Chronological event replay
make vault-anchor VAULT=./vault # Anchor proof to Solana blockchain
compliance verify.Sync encrypted vaults to any S3-compatible storage. The cloud provider sees only opaque blobs — "sovereign" means encrypted everywhere, not just local.
make cloud-push VAULT=./vault BUCKET=my-backups # Incremental push
make cloud-pull VAULT=./vault BUCKET=my-backups # Restore from cloud
make cloud-status VAULT=./vault BUCKET=my-backups # Compare local vs remote
make cloud-verify VAULT=./vault BUCKET=my-backups # Verify remote integrity
pip install boto3Three levels: audit (report), enforce (block), kill (halt signal + SIGTERM).
make policy-audit DIR=./agent-output # Report violations
make policy-enforce DIR=./agent-output # Block on critical/high
make policy-kill DIR=./agent-output # Write halt signal to stop agent
.exe, .dll, .vbs, executables blockedBlobs stored once by SHA-256, vaults become lightweight manifests over shared blobs:
make cas-ingest DIR=./agent-run-1 # First run: stores all blobs
make cas-ingest DIR=./agent-run-2 # Second run: only new blobs stored
make cas-status # Show dedup savings
make cas-gc # Clean orphan blobs
make cas-restore MANIFEST=<id> OUT=./restoredOne entry point for all operations:
liquefy pack --workspace ~/.openclaw --out ./vault --apply
liquefy restore ./vault/run_001 --out ./restored
liquefy policy audit --dir ./agent-output --json
liquefy safe-run --workspace ~/.openclaw --cmd "openclaw run"
liquefy context-gate compile --workspace ~/.openclaw --cmd "openclaw run" --block-replay
liquefy cas ingest --dir ./agent-output
liquefy tokens scan --dir ./agent-output
liquefy telemetry push --webhook https://my-siem/api
liquefy events emit --agent-id a1 --session-id s1 --event model_call
liquefy guard save --dir .
liquefy anchor --vault-dir ./vault
Structured traces with parent/child span trees:
make event-emit AGENT_ID=a1 SESSION_ID=s1 EVENT=model_call MODEL=gpt-4o
make event-query SESSION_ID=s1
make event-spans SESSION_ID=s1 # parent->child span tree
make event-stats SESSION_ID=s1 # tokens, cost, duplicate prompts
agent_id, session_id, span_id, parent_span_id, trace_idMove context discipline into the hot path instead of pretending post-run reports are prevention.
# Compile the next run's runtime context under a hard token budget
liquefy context-gate compile \
--workspace ~/.openclaw \
--cmd "openclaw run" \
--token-budget 2400 \
--block-replay
# Inspect replay history for the workspace
liquefy context-gate history --workspace ~/.openclaw --json
# Guarded OpenClaw run: capsule -> context gate -> snapshot -> execute
python tools/liquefy_openclaw.py run \
--workspace ~/.openclaw \
--cmd "openclaw run" \
--context-budget-tokens 2400 \
--json
required_context_exceeds_budget)liquefy_openclaw.py run; use --allow-replay only when you mean it.liquefy/context/current/context_gate_prompt.md, .liquefy/context/current/context_gate.json, and .liquefy/context/history/context_gate_history.jsonWrap agent execution with snapshot + auto-restore on violations:
make safe-run WORKSPACE=~/.openclaw CMD="openclaw run" SENTINELS=SOUL.md,HEARTBEAT.md
# With bounded context, replay blocking, cost cap, and heartbeat watchdog
python tools/liquefy_safe_run.py \
--workspace ~/.openclaw --cmd "python agent.py" \
--context-budget-tokens 2400 \
--block-replay \
--max-cost 5.00 --heartbeat --sentinels SOUL.md --json
--max-cost) — auto-rollback if agent burns more than your USD limit (prevents economic DoS)--heartbeat) — writes .liquefy-heartbeat every 5s; agent or watcher self-halts if monitoring diesTrace prompts across agent handoffs (researcher -> executor -> verifier):
python tools/liquefy_openclaw.py --workspace ~/.openclaw --out ./vault --apply --trace-id "task-42"
python tools/liquefy_policy_enforcer.py enforce --dir ./vault --trace-id "task-42" --json
--trace-id or LIQUEFY_TRACE_ID env var on all toolsPush audit events to Splunk, Datadog, ELK, Slack, or any SIEM in real-time.
make telemetry-push WEBHOOK=https://splunk:8088/services/collector
make telemetry-stream SYSLOG=10.0.0.1:514 INTERVAL=10
make telemetry-test FILE=/var/log/liquefy.jsonl
Track where your tokens go, set budgets, and catch waste before the bill arrives.
make token-scan DIR=./agent-output # Extract usage from logs
make token-budget ORG=acme DAILY=500000 # Set daily limit
make token-report ORG=acme PERIOD=today # Usage breakdown
make token-audit DIR=./agent-output # Find waste
make token-models --addFramework update overwrites your configs? Not anymore.
make guard-save DIR=./my-agent LABEL="pre-v2.0" # Snapshot before update
# ...run your update...
make guard-diff DIR=./my-agent # See what changed
make guard-restore DIR=./my-agent # Restore your customizations
.update-backup copies when both you and the update changed a fileAnchor vault integrity proofs on Solana. ~80 bytes of hashes go on-chain via SPL Memo — no data, no keys, just a fingerprint that proves your vault existed in a specific state at a specific time. Anyone with a Solana explorer can verify it.
make vault-proof VAULT=./vault # Compute proof (free, offline)
make vault-anchor VAULT=./vault KEYPAIR=~/.config/solana/id.json # Anchor on Solana
make vault-verify VAULT=./vault # Verify vault vs anchor
make vault-show PROOF=./vault/.anchor-proof.json # Display proof
pip install solders httpx (proof generation works without them)Signed vaults carry an Ed25519 signature (.liquefy/signature.json) and the
public key (.liquefy/signing_pubkey.ed25519). Verification needs only the
public key — no secret — so any third party can confirm a vault, and the
key fingerprint anchored on-chain pins which key is authentic. (A legacy
HMAC-SHA256 mode exists for local-only integrity; it is not publicly
verifiable and isn't used for anything claimed to be.)
make vault-sign VAULT=./vault # Ed25519-sign (default)
make vault-verify-signature VAULT=./vault # verify with the published public key
See docs/VERIFY_VAULT_SIGNATURE.md for the trust model and how to pin verification to the on-chain fingerprint.
The decoder CLI/appliance path is built to fail closed rather than guess. To ensure secure conduction and data sovereignty, the following policies are enforced:
LD_PRELOAD) are detected, the appliance fails closed.default, ratio, speed).default / ratio profiles are judged against zstd high-compression behavior (zstd-22 class), not zstd speed-first settings.speed profile is the fair comparison point for zstd-3/zstd-6 throughput claims../liquefy_scoreboard_default.png./liquefy_vs_zstd_openclaw_50_200.pngopenclaw-skills is MIT-licensed — there's no license to buy. For managed/hosted deployments, support, or partnership:
© 2026 Parad0x Labs. 🚀
Encrypted vault, ZK settlement archiving, x402 payment receipts, Agent Passport binding, and Solana anchoring for OpenClaw and agent runtimes. Drop-in stack — compression, privacy, payments, identity.
Zero latency! Zero code change! Empower your AI agent with payment ability via x402 protocol! (Openclaw, Claude code, Cursor, Langchain, CrewAI, AutoGen...)
Provide a secure payment layer that enables AI agents to handle transactions autonomously with no setup or coding required.