Canopy is a treasury wallet + per-agent policy gate. An org funds a treasury once, attaches a policy to each agent (spend cap, allowlist, approval threshold), and gives the agent the canopy_* MCP tools below. Canopy enforces the policy on every payment.
After installing this skill, register the Canopy MCP server with OpenClaw. Replace the placeholders with your own values from the Canopy dashboard (Connect agent → Credentials):
openclaw mcp set canopy '{
"url": "https://mcp.trycanopy.ai/mcp",
"transport": "streamable-http",
"headers": {
"Authorization": "Bearer YOUR_CANOPY_API_KEY",
"X-Canopy-Agent-Id": "YOUR_CANOPY_AGENT_ID"
}
}'
Or edit openclaw.json directly:
{
"mcpServers": {
"canopy": {
"url": "https://mcp.trycanopy.ai/mcp",
"transport": "streamable-http",
"headers": {
"Authorization": "Bearer YOUR_CANOPY_API_KEY",
"X-Canopy-Agent-Id": "YOUR_CANOPY_AGENT_ID"
}
}
}
}
Restart OpenClaw. The canopy_* tools become available immediately.
Verify with canopy_ping — it returns the resolved agent + org and a latency number.
Use Canopy when the user mentions:
| Tool | Purpose |
|---|---|
| ------ | --------- |
canopy_pay | Send a USD payment to an address. Subject to policy. Returns one of three outcomes (see below). |
canopy_preview | Dry-run policy evaluation without signing or charging. Same shape as canopy_pay plus dryRun: true. |
canopy_check_url | Probe an x402 / MPP URL and return the parsed offer plus a policy verdict. Cached 60s per (org, url). |
canopy_discover_services | List paid services the agent can call. Filter by category and query. |
canopy_get_approval_status | Poll the current state of a pending approval. |
canopy_wait_for_approval | Block until an approval is decided, max 60s. Use polling for longer waits. |
canopy_approve | Mark a pending approval as approved. Use only when the user has explicitly said yes in chat. |
canopy_deny | Mark a pending approval as denied. Use only when the user has explicitly said no in chat. |
canopy_get_budget | Cap snapshot for the current rolling period (capUsd, spentUsd, remainingUsd, periodResetsAt). |
canopy_ping | Verify the API key + agent. Returns agent and org details plus latency. |
canopy_pay, canopy_preview, canopy_check_urlThese tools never throw on policy. They always return a structured value with one of three status values:
allowedPayment went through (or would go through, for _preview / _check_url).
Surface txHash (Base block-explorer hash) and costUsd to the user.
pending_approvalPayment exceeded the agent's approval threshold. Fields you should use:
approvalId — pass to canopy_approve / canopy_deny / canopy_wait_for_approval / canopy_get_approval_status.recipientName, recipientAddress, amountUsd, agentName, expiresAt — render these to the user when asking.chatApprovalEnabled — if false, calling canopy_approve / canopy_deny will fail. Tell the user to approve in the dashboard, optionally canopy_wait_for_approval to block.If chatApprovalEnabled === true: ask the user "Approve $X to RecipientName?" then call canopy_approve(approval_id) or canopy_deny(approval_id) based on their reply.
deniedPolicy blocked it (cap exceeded, recipient/service not on allowlist, etc.). Surface the reason to the user. Do NOT retry with smaller amounts to evade the cap.
HTTP and network failures still throw normally — wrap calls in try/except as you would any tool call.
recipientName + amountUsd before calling canopy_approve. Approvals exist precisely so a human sees the transaction details before money moves. Echoing them back confirms intent.canopy_preview when the amount is dynamic or untrusted. Same shape as canopy_pay, no funds move. Use the verdict to decide whether to proceed.canopy_approve and canopy_deny are for handling explicit user replies in chat, not for the LLM to bypass the human-in-the-loop.denied outcome cites the spend cap, surface the cap to the user; suggest they raise it in the dashboard rather than working around it.txHash until status === "allowed". It's null in other outcomes.canopy_get_approval_status. Use canopy_wait_for_approval (60s max) or accept that the dashboard owns the decision.User: "Pay 50 cents to 0x4838B106FCe9647Bdf1E7877BF73cE8B0BAD5f97"
→ canopy_pay({ to: "0x4838B106FCe9647Bdf1E7877BF73cE8B0BAD5f97", amountUsd: 0.50 }). Surface txHash if allowed.
User: "How much do I have left to spend today?"
→ canopy_get_budget(). Render remainingUsd and periodResetsAt.
User: "Find paid orderbook data feeds"
→ canopy_discover_services({ category: "data", query: "orderbook" }). List services with policyAllowed: true first; mention any with policyAllowed: false only if the user asks why.
User: "Is paying https://feed.example/depth allowed?"
→ canopy_check_url({ url: "https://feed.example/depth" }). Return the verdict + amount + recipient name.
User (after a previous pending_approval): "Yes, approve it"
→ Confirm the recipient and amount you previously surfaced. Then canopy_approve({ approval_id: .
共 1 个版本