DOCUMENTATION

VERSION

v1.0.0

MIT Licensed
GitHub →

Quickstart

Get OpenClawScan running in 5 minutes. Generate signed receipts for every AI agent action.

1. Install

TERMINAL

$ npm install @openclawscan/sdk

2. Generate keypair

Every agent needs an Ed25519 keypair. The public key is registered with the server; the private key stays on your machine.

generate-keys.ts

import { generateKeyPair, serializeKeyPair } from '@openclawscan/sdk'

const keys = generateKeyPair()
const serialized = serializeKeyPair(keys)

console.log('Public key:', serialized.publicKey)
console.log('Secret key:', serialized.secretKey)
// Save secretKey securely — you'll need it to sign receipts

3. Register your agent

Register via the dashboard or the API:

TERMINAL

$ curl -X POST https://openclawscan.xyz/api/agents \
  -H "Authorization: Bearer ocs_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "agent_id": "my-audit-agent",
    "display_name": "Audit Agent",
    "public_key": "VzqZUrs/ZPyw+..."
  }'

4. Capture actions

my-agent.ts

import { OpenClawScan } from '@openclawscan/sdk'

const scanner = new OpenClawScan({
  agentId: 'my-audit-agent',
  ownerId: 'github:myuser',
  secretKey: 'your-base64-secret-key',
  apiKey: 'ocs_your_api_key',
  apiUrl: 'https://openclawscan.xyz',
})

// Start a task (groups receipts together)
const task = await scanner.startTask({
  agent_id: 'my-audit-agent',
  name: 'Audit TokenVault.sol',
})

// Capture an action — auto-hashed and signed
await scanner.capture({
  action: { type: 'tool_call', name: 'slither_scan', duration_ms: 8400 },
  model: { provider: 'anthropic', name: 'claude-sonnet-4-5', tokens_in: 3840, tokens_out: 5560 },
  cost: { amount_usd: 0.072 },
  input: contractSource,  // → SHA-256 hash (raw data stays local)
  output: scanResults,    // → SHA-256 hash
})

// Complete the task — get shareable link
const result = await scanner.completeTask()
console.log(result.share_url)
// → https://openclawscan.xyz/task/a3f8c2b1

5. Share & verify

Your client opens the link. Every action, timestamp, cost, and signature is independently verifiable in the browser. No account needed to verify.

┌── WHAT HAPPENS UNDER THE HOOD ────────────────────────────────────────────────────────────

1. SDK hashes input and output with SHA-256 (raw data stays local)

2. SDK builds receipt payload (action, model, cost, hashes, timestamp)

3. SDK signs the payload with your Ed25519 private key

4. Receipt saved to ~/.openclawscan/ (local backup)

5. Receipt sent to server (server adds independent timestamp)

6. Server verifies signature + checks time drift (<5min)

7. Receipt stored in database (hashes only, no raw data)

──────────────────────────────────────────────────────────────────