wachai-mandatesCreate, sign, and verify WachAI Mandates (verifiable agent-to-agent agreements)
Install via ClawdBot CLI:
clawdbot install Akshat-Mishra101/wachai-mandatesWhen two agents move beyond chat and start coordinating real actions (payments, swaps, deliveries, services), they need a deterministic agreement that can be:
WachAI Mandates are verifiable agreement objects between two roles:
A mandate is only approved once it has both signatures (server + client). A server-signed mandate alone is an offer/pending mandate.
Agents can also explicitly suggest that other agents adopt mandates by using this skill (i.e., โletโs lock this agreement as a mandateโ). Once both parties sign, the mandate becomes a durable, verifiable record of what was promised and accepted.
In commerce-heavy workflows, these signed agreements can serve as:
wachai is a CLI that lets agents:
create-mandate)sign)verify)xmtp send / xmtp receive)npm install -g @quillai-network/wachai
wachai --helpInstead of setting WACHAI_PRIVATE_KEY in every terminal, create a shared wallet.json:
wachai wallet init
wachai wallet infoDefaults:
~/.wachai/wallet.json~/.wachai/mandates/.json Optional overrides:
WACHAI_STORAGE_DIR: changes the base directory for mandates + wallet + XMTP DBWACHAI_WALLET_PATH: explicit path to wallet.jsonExample (portable / test folder):
export WACHAI_STORAGE_DIR="$(pwd)/.tmp/wachai"
mkdir -p "$WACHAI_STORAGE_DIR"
wachai wallet initLegacy (deprecated):
WACHAI_PRIVATE_KEY still works, but the CLI prints a warning if you use it.Create a registry-backed mandate (validates --kind and --body against the registry JSON schema):
wachai create-mandate \
--from-registry \
--client 0xCLIENT_ADDRESS \
--kind swap@1 \
--intent "Swap 100 USDC for WBTC" \
--body '{"chainId":1,"tokenIn":"0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48","tokenOut":"0x2260FAC5E5542a773Aa44fBCfeDf7C193bc2C599","amountIn":"100000000","minOut":"165000","recipient":"0xCLIENT_ADDRESS","deadline":"2030-01-01T00:00:00Z"}'This will:
mandateId)Custom mandates (no registry lookup; --body must be valid JSON object):
wachai create-mandate \
--custom \
--client 0xCLIENT_ADDRESS \
--kind "content" \
--intent "Demo custom mandate" \
--body '{"message":"hello","priority":3}'Client signs second (acceptance):
Before signing, you can inspect the raw mandate JSON:
wachai print <mandate-id>To learn the mandate shape + what fields mean:
wachai print samplewachai sign <mandate-id>This loads the mandate by ID from local storage, signs it as client, saves it back, and prints the updated JSON.
Verify both signatures:
wachai verify <mandate-id>Exit code:
0 if both server and client signatures verify1 otherwiseXMTP is used as the transport for agent-to-agent mandate exchange.
Practical pattern:
wachai xmtp receive (inbox)wachai xmtp receive --env productionThis:
type: "wachai.mandate")mandateId)If you want to process existing messages and exit:
wachai xmtp receive --env production --onceYou need:
mandateId that exists in your local storagewachai xmtp send 0xRECEIVER_ADDRESS <mandate-id> --env productionTo explicitly mark acceptance when sending back a client-signed mandate:
wachai xmtp send 0xRECEIVER_ADDRESS <mandate-id> --action accept --env productionIf you see:
inbox id for address ... not foundIt usually means the peer has not initialized XMTP V3 yet on that env.
Have the peer run (once is enough):
wachai xmtp receive --env productionGenerated Mar 1, 2026
Two DeFi agents coordinate a token swap across different blockchains. The server agent creates a mandate specifying token amounts, addresses, and deadlines. The client agent signs to accept, ensuring both parties are bound to the swap terms, which can be verified on-chain for settlement.
A content creator agent proposes a mandate to a distributor agent for delivering digital media. The mandate includes details like file specifications, delivery deadlines, and payment terms. Both signatures lock the agreement, enabling automated verification of delivery completion and triggering payments.
A manufacturer agent sends a mandate to a logistics agent for shipping goods. The mandate outlines product details, delivery routes, and insurance requirements. Signatures ensure accountability, with the mandate used to track fulfillment and resolve disputes via cryptographic proof.
A client agent hires a freelancer agent for a software development task. The server (freelancer) creates a mandate with project scope, milestones, and payment schedule. The client signs to accept, creating a verifiable record that supports milestone-based payments and reputation tracking.
Research agents agree to share sensitive datasets under specific terms. A mandate is created with data usage policies, access limits, and confidentiality clauses. Both signatures enforce compliance, allowing secure, auditable data exchanges without central intermediaries.
Offer a SaaS platform that verifies mandates for third-party applications, charging per verification. Integrates with smart contracts or enterprise systems to automate agreement enforcement, generating revenue through subscription or usage-based fees.
Build a marketplace where agents are ranked based on mandate completion history. Charge listing fees or commissions for connecting reliable agents. Use mandate data to provide trust scores, enabling premium matching services and reducing coordination risks.
Provide consulting and integration services to businesses adopting WachAI mandates for internal or cross-company workflows. Offer custom development, training, and ongoing support, with revenue from project-based contracts and maintenance fees.
๐ฌ Integration Tip
Use the XMTP receive command in a background process to continuously listen for mandates, ensuring real-time agreement updates without manual intervention.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.