The allowance system for your AI agent.
Your agent shouldn't have your credit card without a spending limit. Open-source credential wallet for OpenClaw, Claude Code, Cursor, and any MCP-compatible agent.
checkout.md is an open-source, MCP-native credential wallet that gives AI agents a secure, scoped, and auditable way to carry and present credentials on behalf of their human owners. Rather than competing with enterprise protocols (Stripe ACP, Google UCP), checkout.md targets the grassroots agent ecosystem where the credential security problem is urgent, unserved, and dangerous.
Install: npm install -g @checkoutmd/wallet | License: Apache 2.0
Agents are acting, not just talking. Their credential model is broken.
OpenClaw hit 116,000+ GitHub stars. Users run agents 24/7 — sending emails, making purchases, deploying code autonomously. But today's credential handling is alarmingly primitive.
The Problem (Today)
# Agent config
credentials:
STRIPE_KEY: sk_live_4eC39...
GITHUB_PAT: ghp_xxxx...
# Every skill sees EVERYTHING
# No scoping, no audit, no revocation
The Solution (With checkout.md)
# checkout.policies.yaml
policies:
- name: stripe-shopping
credential: stripe-key
grant_to:
agent_id: "*"
skill_id: "shopping"
actions: [charge, refund]
budget:
max_per_transaction: 50
max_per_month: 200
approval_threshold: 25
ttl: 300
- Each skill gets only the actions it needs
- AES-256-GCM encrypted vault with Argon2id key derivation
- Append-only audit log in separate SQLite database
Security by architecture
Zero-Trust Toward Skills
Skills never receive raw credentials. They get scoped, short-lived tokens (default 5min TTL) through MCP tools.
Local-First Encryption
AES-256-GCM vault with Argon2id key derivation. Credentials never leave your machine unencrypted.
Budget & Approval Controls
Per-transaction and monthly spending caps. Configurable approval thresholds for high-value actions.
Full Audit Trail
Every credential request logged in an append-only SQLite audit database. Queryable via CLI.
MCP-Native Protocol
4 tools: request_credential, list_policies, check_budget, report_usage. Any MCP-compatible agent connects instantly.
How it works
Step 1: Initialize & add credentials
npm install -g @checkoutmd/wallet
checkout-wallet init
CHECKOUT_PASSPHRASE=*** checkout-wallet add-credential \
--name stripe-key --type api_key --value sk_live_****
Step 2: Define policies per credential
policies:
- name: stripe-shopping
credential: stripe-key
actions: [charge, refund]
budget:
max_per_transaction: 50
max_per_month: 200
approval_threshold: 25
ttl: 300
Step 3: Agent requests via MCP
Agent calls request_credential. Policy engine evaluates grants, deny lists, budgets, CEL conditions.
Step 4: Use, report, audit
Agent uses scoped token, calls report_usage. Everything logged to append-only audit DB.
Credential once, authorize everywhere
One wallet works across every MCP-compatible agent. No more pasting API keys into five config files.
- OpenClaw — 116k+ stars. Ships as a ClawHub skill. Phase 1.
- Claude Code — MCP-native. Attach as an MCP server. Phase 2.
- Cursor / Windsurf — Any MCP-compatible coding agent. Phase 2.
- Any MCP Agent — Standard MCP server interface. Day 1.
Set the rules. Agents follow them.
Like giving a child an allowance — with constraints, limits, and oversight.
- Shopping — Budget-Limited — $50/tx cap, $200/month. Approval above $25.
- GitHub — Read Only — Read actions only. Deny list for malicious agents.
- Email — Scoped — Inbox read for daily briefing. No sent mail.
- DevOps — Action-Scoped — Specific actions only. CEL conditions for custom logic.
- Calendar — Managed — Create and read. Cannot delete existing.
Your credentials. Your rules. Their allowance.
Because your AI shouldn't have your credit card without a spending limit.
Open-source under Apache 2.0. Free forever.
Install: npm install -g @checkoutmd/wallet
GitHub: github.com/gitlevo/checkoutmd