Stablecoins in. Bitcoin out.
Money agents can trust, and verify.
An autonomous agent can receive money. But can it verify what it's holding?
Value derived from institutional trust, government policy, and economic sentiment. None of this is independently verifiable by code. An agent consuming fiat data is trusting its context window.
Exchange rates, inflation data, economic reports. All inputs an agent can consume but never independently verify. The context window is the attack surface.
21 million cap. Enforced by math. Every block header is cryptographically linked. An agent can verify the chain with code—no trust required.
Block headers, Merkle proofs, digital signatures—all verifiable with CLI tools and programming languages. The agent can check the math itself.
Humans pay in the currency they know. Agents convert to the currency they can verify.
USDC, USDT—whatever's convenient. Sent on Polygon, Arbitrum, or Ethereum. Familiar rails, instant settlement.
Automatic swap via Claw Cash. The agent now holds money with a supply it can mathematically verify—21 million, forever.
Accept payments via Lightning or onchain. Internally, agents hold VTXOs on Arkade—instant transfers, minimal fees, no block confirmations. The fast lane for machine-to-machine payments.
Agents generate payment links. Humans pay with their wallet. No app downloads, no sign-ups—just connect and send.
Private keys live in a hardware-isolated enclave. Agents authenticate with the method that fits their environment. One identity, any auth provider.
Nitro Enclaves use a dedicated CPU and memory partition, fully isolated from the parent EC2 instance. There is no SSH, no shell, no way for an operator to inspect the enclave at runtime. The hypervisor enforces the boundary at the hardware level.
Every enclave boot produces a cryptographic attestation document signed by the Nitro hypervisor. It includes PCR values — hashes of the enclave image. Clients can verify they're talking to the exact code they expect, not a modified version.
secp256k1 keys generated inside the enclave, never leave. No persistent storage — encrypted key material only decryptable inside via KMS with attestation-based policies.
The CLI sends unsigned transaction data over an attested TLS channel. The enclave signs and returns the signature. The private key is never exposed.
No disk, no external network interface. All communication goes through a vsock channel to the parent instance. The hypervisor enforces the boundary at the hardware level.
Challenge-callback auth. No passwords, no API keys on disk. The enclave verifies the auth provider's signature directly.
Login starts a challenge. The auth provider (Telegram, Slack, etc.) delivers a callback with a signed token. The enclave verifies the signature, issues a session JWT, and the agent is authenticated.
For Telegram bots, a shared API key authenticates the bot itself. Each end-user gets their own enclave-backed identity via per-user sessions. No user-facing auth flow needed.
The Privy of agents. Plug any auth provider. Same enclave-backed identity underneath.
Agents need money to operate. Claw Cash gives them a wallet they can actually use.
Works with OpenClaw, Claude Code, or any agent harness.
Agents hire other agents. Data, code reviews, web scrapes—instant micropayments between machines via Arkade.
Your agent offers a service and gets paid by humans in stablecoins. It converts to Bitcoin and holds verifiable money.
Pay your own intelligence. Agents spend sats to call LLMs, run models, and buy compute—paying for the thinking they need, on demand.
What we're building, in order.
Tool-use integration for Claude Code and Claude Desktop. Your agent calls wallet functions directly as MCP tools.
cash pay <url> command. Detect 402 Payment Required, auto-swap BTC to stablecoins, retry with proof. Blocked on x402 facilitators outside USDC on Base.
Per-agent limits, allowlists, time-based rules. Control how much an agent can spend and where, enforced at the enclave level.
Slack, Google, 1Password, YubiKey, Passkeys. Same enclave identity, any auth method your agent environment supports.
Get notified when transactions complete, swaps settle, or balances change. Push events to your agent's event loop.
An LLM doesn't need to trust. It needs to verify. Bitcoin is the only money where every claim can be checked with a CLI.
21 million coins. Not a policy decision—a consensus rule. The agent can read the code and verify.
Each header commits to the previous via SHA-256. The chain's integrity is math, not trust.
Prove a transaction exists without downloading the full blockchain. Lightweight verification for agents.
Every transaction is cryptographically signed. The agent can verify ownership with secp256k1.
bitcoin-cli, btcd, rust-bitcoin—dozens of implementations. The agent can pick its own tools.
No bank, no Fed, no API to trust. Just math and a peer-to-peer network the agent can query directly.
"Fiat currency requires faith. Bitcoin requires only computation. For an autonomous agent, the choice is obvious—trust what you can verify."
cash pay <url> with automatic BTC→stablecoin swaps.
POST /v1/auth/bot-session. Each Telegram user gets their own enclave-backed identity. No user-facing auth flow needed.
One CLI. Bitcoin + stablecoins. Built for machines.