Skip to content

feat: add CDP (Coinbase Developer Platform) MPC wallet support#58

Open
skingem1 wants to merge 1 commit intoBlockRunAI:mainfrom
skingem1:feat/cdp-wallet-support
Open

feat: add CDP (Coinbase Developer Platform) MPC wallet support#58
skingem1 wants to merge 1 commit intoBlockRunAI:mainfrom
skingem1:feat/cdp-wallet-support

Conversation

@skingem1
Copy link

@skingem1 skingem1 commented Feb 26, 2026

CDP Wallet Support for ClawRouter

Adds Coinbase Developer Platform (CDP) MPC wallets as an alternative to raw private keys for x402 payments.

Why?

  • MPC-based — no single private key to leak or lose
  • Enterprise-grade — Coinbase-managed backup and recovery
  • Agent-native — programmatic wallet creation via API
  • Fully backward compatible — raw private key still works exactly as before

Changes

New files

  • src/wallet-signer.tsWalletSigner interface (abstract signing layer)
  • src/wallet-cdp.ts — CDP MPC wallet implementation using @coinbase/coinbase-sdk
  • src/wallet-pk.ts — Raw private key wrapper (satisfies WalletSigner)
  • docs/cdp-wallet.md — Full setup documentation

Updated files

  • src/x402.tscreatePaymentFetch() now accepts WalletSigner | 0x${string}``
  • src/proxy.tsProxyOptions accepts optional walletSigner
  • src/index.ts — Auto-detects CDP env vars at startup, falls back to raw key
  • src/auth.ts — New cdpWalletAuth (wizard) + cdpEnvAuth (env vars) methods

Usage

# Set CDP credentials
export BLOCKRUN_CDP_API_KEY_NAME="organizations/xxx/apiKeys/yyy"
export BLOCKRUN_CDP_PRIVATE_KEY="-----BEGIN EC PRIVATE KEY-----\n..."

# ClawRouter auto-detects and uses CDP wallet on startup
openclaw gateway restart

Build

  • ESM ✅
  • DTS ✅
  • Zero breaking changes

feat: add CDP (Coinbase Developer Platform) MPC wallet support
601f7e7 
- Add WalletSigner interface abstraction (wallet-signer.ts)
  Decouples x402 payment signing from key management strategy

- Add CdpWalletSigner (wallet-cdp.ts)
  Uses @coinbase/coinbase-sdk for MPC wallet creation/loading
  Signs EIP-712 typed data via CDP's signHash
  Persists wallet to ~/.openclaw/blockrun/cdp/wallet.json

- Add PrivateKeyWalletSigner (wallet-pk.ts)
  Wraps existing viem signTypedData — no behavior change

- Refactor x402.ts to use WalletSigner interface
  createPaymentFetch() now accepts WalletSigner | `0x${string}`
  Fully backward compatible — raw private key still works

- Refactor proxy.ts to accept optional walletSigner in ProxyOptions
  Falls back to raw key if no signer provided

- Update index.ts to detect CDP credentials at startup
  Env vars: BLOCKRUN_CDP_API_KEY_NAME + BLOCKRUN_CDP_PRIVATE_KEY
  CDP takes precedence over raw key; graceful fallback on error

- Add CDP auth methods to auth.ts (cdpWalletAuth + cdpEnvAuth)

- Add docs/cdp-wallet.md

Build: ESM + DTS clean
@1bcMax
Copy link
Member

1bcMax commented Feb 27, 2026

Thank you for your suggestion. let me think about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@skingem1 @1bcMax