Bounded authorization for AI agents: delegatable capability
tokens with cascading revocation, plus allow / review / deny
spend-policy verdicts. Hard limits on what the claw can reach, how much it
can hold, and for how long — with one pull cord that retracts everything
it ever handed out.
Try 30 (allow), 150 (review), 999 (deny) — or split a big spend into small ones and watch the daily total catch it.
Same call from a terminal:
curl -X POST https://api.clawinabox.xyz/v1/guard/check -d '{"amount":150}'
Any token holder mints a narrower child — fewer scopes, shorter life, one audience — offline, no issuer round-trip.
POST /v1/tokens/delegate
{"scopes":["read"],"ttl_seconds":600}
Each child's signature is keyed by its parent's. Revoke any ancestor and every descendant fails verification — cryptography, not bookkeeping.
POST /v1/tokens/revoke
→ {"cascades": true}
Send the intended action, get a deterministic verdict with the exact rules that fired. review means: stop and get a human.
POST /v1/guard/check
→ {"verdict":"review", ...}
The same protocol ships as a NANDA Town auth plugin with
adversarial validators that fail against the default JWT plugin and pass
against this one. Merged into main by the maintainer;
1003 tests green.
Point any agent at /skill.md and it can use the service
with no SDK and no glue code. Verdicts, tokens, delegation, revocation —
all over plain HTTP.
An x402 pay-per-call listing on OKX.AI, where a review verdict pings a human on Telegram and waits. Approve or deny from your phone — the agent gets the answer in seconds.
OKX.AI ↗Indexed in Coinbase CDP's discovery catalog: any x402-capable agent can find this service by semantic search, read its schema, and pay per call in USDC on Base — no account, no API key, no sales call.
Agentic.Market ↗Plain HTTP, JSON in, JSON out. No SDK, no account, no API key — the free tier is open, the paid tier is settled by the x402 protocol itself.
Send the intended action, get allow / review / deny with the exact rules that fired.
curl -X POST https://api.clawinabox.xyz/v1/guard/check \
-H "Content-Type: application/json" \
-d '{"agent_id":"my-agent","amount":150}'
# review = a human gets pinged on Telegram; poll the approval or pass "wait": true
Mint a root capability, delegate a narrower child to a sub-agent, revoke the root to kill the whole tree.
curl -X POST https://api.clawinabox.xyz/v1/tokens \
-H "Content-Type: application/json" \
-d '{"subject":"orchestrator","scopes":["pay","read"]}'
curl -X POST https://api.clawinabox.xyz/v1/tokens/delegate \
-H "Content-Type: application/json" \
-d '{"parent_token":"<token>","audience":"worker-1","scopes":["read"],"ttl_seconds":600}'
The whole API is documented for machines — an LLM agent can integrate from one URL, zero glue code.
https://api.clawinabox.xyz/skill.md
The paid mirrors speak x402: hit them without payment, get a 402 challenge, and any x402 client settles automatically. Two rails, same brain:
# USDC on Base — via Coinbase's x402 Bazaar https://api.clawinabox.xyz/paid/v1/guard/check # USDT0 on X Layer — via OKX.AI https://api.clawinabox.xyz/paid-okx/v1/guard/check
# $0.01 per call · no subscription · discovery via Agentic.Market or OKX.AI