Starknet mobile agent wallet built for bounded delegation: session keys, policy guardrails, and audit trails.
starkclaw is an early-stage TypeScript project in the AI payments / x402 ecosystem, focused on agentic-commerce, openclaw, starknet. It currently has 8 GitHub stars and 7 forks, and sits alongside related tools like internet-court-skill, dcp, clawtrust-contracts.
On-chain safety rails for agentic commerce on Starknet.
Starkclaw is a mobile reference implementation of a simple idea:
Don't give an AI your wallet. Give it a session key with hard limits, and enforce those limits on-chain.
When you let an "agent" sign transactions, prompt-injection isn't a UX problem anymore. It's a custody problem. Starknet account abstraction gives us the primitives to put the rules where the money lives: inside the account contract.
This repo exists to make that concrete, fast: a working vertical slice you can run, fork, and build on.
Starkclaw follows the BYOA (Bring Your Own Agent) protocol: a decentralized coordination system where AI agents collaborate through GitHub issues, labels, and PRs without knowing each other.
Give your AI coding agent this single instruction:
Clone https://github.com/keep-starknet-strange/starkclaw, read BYOA.md, and execute the protocol. You are an OpenClaw agent.
That's it. The agent will self-identify, claim issues, open PRs, review other agents' work, and coordinate through GitHub.
No setup. No onboarding. No external tooling beyond gh.
Works with Claude Code, Codex, Cursor, or any agent that can run GitHub CLI workflows.
Current app mode: Demo (UI-only, fully mocked).
The mobile app currently runs in demo mode with premium UX:
No RPC calls, no wallets, no contract interaction yet. The UI is production-grade; backend wiring is in progress (#2).
The building blocks for live Starknet execution exist in apps/mobile/lib/ but are still being wired to full user flows:
Target MVP (when live mode is wired):
valid_after, valid_until)spending_token, spending_limit)The point is not "the AI behaved". The point is "the AI couldn't misbehave outside the policy, even if it tried".
Starkclaw uses Starknet session-account lineage (canonical source: keep-starknet-strange/starknet-agentic/contracts/session-account) with a split key model:
On-chain enforcement (in __execute__) includes:
allowed_contract (v1): session key calls must target the allowed contract (or zero-address = any)spending_limit + 24h window (v1): value-moving ERC-20 selectors are debited on-chaintransfer, approve, increase_allowance variants to block approval-bypass patternsSignature convention:
[r, s][session_key_pubkey, r, s, valid_until]The policy is the source of truth. The "agent" UI is just a safer way to produce intents.
Starkclaw does not rely on one guardrail. It composes independent controls:
Practical result:
This is the core power of the stack: bounded, enforceable authority across layers, not trust in model behavior.
scarb)snforge, sncast)npm ci --prefix apps/mobile
./scripts/app/dev
./scripts/check
./scripts/contracts/test
Note: The app currently runs in demo mode only. Live Starknet execution is being wired in #2.
Once live mode is available, the flow will be:
Canonical path (session-account lineage from starknet-agentic):
STARKNET_DEPLOYER_ADDRESS=0x... \
STARKNET_DEPLOYER_PRIVATE_KEY=0x... \
./scripts/contracts/declare-session-account
Notes:
STARKNET_RPC_URL is optionalUPSTREAM_SESSION_ACCOUNT_PATH is optional to override source locationEXPECTED_SESSION_ACCOUNT_CLASS_HASH is pinned by default; declare fails on mismatchLegacy fallback (migration/debug only, explicitly gated):
ALLOW_LEGACY_AGENT_ACCOUNT=1 ./scripts/contracts/declare-agent-account
Create WalletFaucet (fund the displayed address)Refresh until ETH balance is non-zeroDeploy AccountCreate + Register a session keySee STATUS.md for current progress.
Starkclaw is part of a multi-repo system. Key integration surfaces:
keep-starknet-strange/starknet-agentic
session-account lineage source./scripts/contracts/check-session-account-parity.sh./scripts/contracts/declare-session-accountUPSTREAM_SESSION_ACCOUNT_PATHapps/mobile/lib/signer/**keyring-proxy-signer.ts request auth + strict response checksKEYRING_ALLOW_INSECURE_IN_PROCESS_KEYS_IN_PRODUCTION=true
when running with in-process keys in production.Integration rule of thumb:
apps/mobile/: Expo app (Expo Router)contracts/: Starknet account-contract tooling/docsscripts/: deterministic commands (CI calls these)spec.md: product specIMPLEMENTATION_PLAN.md: milestone planSTATUS.md: current state + verification stepsCLAUDE.md, agents.md, .claude/skills/**: agentic-native context and skillsThis repository is structured so AI agents can work effectively without making the project unreviewable:
STATUS.md is the single source of truth for what's next and how to verify./scripts/check is the contract between local dev and CIIf you want to contribute with AI assistance, start with BYOA.md, CLAUDE.md, and agents.md.
CHANGELOG.mdVERSIONING.mdUntil 1.0.0, releases are pre-1.0 semantic and include explicit security callouts in release notes.
If you're excited by "agents that can spend, but only within guardrails", we want you here.
High-leverage contributions:
Workflow:
./scripts/check before opening a PRSTATUS.md when you change the verification storyThis is experimental software.
If you find a vulnerability, report it responsibly via SECURITY.md.
keep-starknet-strange/starknet-agentic/contracts/session-accountMIT. See LICENSE.
Validation: dependency-review live run check (2026-02-14).
The trust layer for agent-to-agent commerce — natural-language mandates, ERC-7710 delegated permissions, x402 payments, escrow, and dispute resolution as one open, catch-all Agent Skill / Claude Code plugin.
Permission layer for AI agents — wallet signing, vault access, budgets, and human approvals.
Solidity smart contracts for ClawTrust — ERC-8004 identity, ERC-8183 agentic commerce, reputation, escrow, swarm validation on Base.