OpenClaw KeeperLink

OpenClaw KeeperLink is a five-phase protocol for two autonomous agents to negotiate, transact, and verify the outcome of an on-chain action without any broker, escrow, or shared infrastructure.

The hiring agent (Poster) discovers a service-providing agent (Service) over an encrypted peer-to-peer mesh (AXL/Yggdrasil), signs a stablecoin payment-intent header (EIP-191 over an x402-style envelope), and dispatches a structured job request. The Service verifies the payment authorization, executes a Uniswap V3 swap on Base mainnet through KeeperHub's MCP server, wraps the full lineage in a signed audit envelope, and pins the envelope to 0G decentralized storage. The Poster then independently round-trip-verifies the receipt — content match, signature integrity, on-chain confirmation — without trusting either the Service or the storage layer.

Two demo modes are shipped: (1) a deterministic 38-second walkthrough showing the 5-layer cascade, and (2) a 40-second live LLM agent variant where Claude Sonnet 4.6 holds the orchestration role with a real tool-use loop — discover → quote → verify-balance → hire → independently-verify. The second video distinguishes "agent" from "script" by showing the model reason and call tools live.

All five sponsor surfaces (KeeperHub, Uniswap, 0G, AXL/Gensyn, x402) are load-bearing — replace any one and the protocol breaks. The reference implementation includes a formal protocol spec (PROTOCOL.md) defining roles, phases, and replaceable surfaces, so the work is reusable beyond this hackathon.

Two AI agents transact peer-to-peer. Node A (Poster) is a Python orchestrator that builds a JobRequest, signs an x402-style payment-intent header (EIP-191 personal_sign over a canonical JSON envelope via eth_account), and dispatches it. Node B (Service) is an aiohttp/FastAPI Python service running inside a Docker container alongside an MCP router; its identity key signs receipts via ECDSA secp256k1.

Transport between them is Gensyn AXL — two real Yggdrasil-mesh nodes in Docker containers (openclaw-node-a + openclaw-node-b) routing MCP envelopes peer-to-peer with no 
central broker. Node A POSTs to /mcp/{peer-id}/keeperlink and the request lands at Node B's service over the encrypted mesh.                                             
                                                                                                                                                                         
When Node B accepts a hire, it calls KeeperHub's MCP server (https://app.keeperhub.com/mcp via JSON-RPC 2.0, the documented endpoint — not /api/mcp which 404s with SPA  
HTML, see FEEDBACK §2.10 #1) using execute_protocol_action(actionType="uniswap/swap-exact-input"). Before swapping, an idempotent _ensure_token_allowance helper does a  
cheap eth_call to read USDC.allowance(wallet, SwapRouter02); if short, it fires approve(MAX_UINT256) once via execute_contract_call. KeeperHub holds the wallet via
Turnkey MPC custody, so we never touch a private key on our side. The swap settles on Base mainnet through Uniswap V3 SwapRouter02 at the 500-bps USDC/WETH pool.

After settlement, Node B builds an OpenClaw Audit Envelope — a Pydantic schema (shared/audit_envelope.py) wrapping the JobRequest, the x402 payment proof, KeeperHub's
executionId, the on-chain settlement, and a signature over the canonical JSON. The envelope is uploaded to 0G Storage on the Galileo testnet via a Node.js helper around
0G's TS SDK; we get back a Merkle rootHash. Node A then independently round-trip-verifies: downloads the envelope from 0G, content-matches SHA-256, recovers the
signature back to Node B's address, and confirms the tx via its own Base RPC. Three independent checks before claiming PROOF.

A second variant (scripts/run_demo_agent.py) replaces the deterministic Python orchestrator with a Claude Sonnet 4.6 tool-use loop via Abacus's OpenAI-compatible
RouteLLM endpoint. The model gets five tools wrapping the same service (discover_executor, get_market_quote hitting the Uniswap Trading API directly, verify_balance,
hire_agent_for_swap, verify_settlement) and a hard-stop budget guard capping real on-chain hires at one per process so an over-eager model can't drain the wallet.

Hacky bits worth mentioning: keeperlink_service runs INSIDE the mcp-router container (docker exec -d injection — out-of-scope-for-deadline polish a custom Dockerfile
would replace); the canonical envelope keys are sorted before hashing so the same content always produces the same rootHash; the demo orchestrator uses Unicode block
characters for hybrid pixel/ASCII animation including a hand-drawn "Crawfish Hopper" original-IP character. Sponsor stack is load-bearing — replace any one of
AXL/x402/KeeperHub/Uniswap/0G and the protocol breaks. Six concrete bug reports + a LLM-driveability writeup contributed back to KeeperHub via FEEDBACK.md §2.10 + §2.11.