The wallet for AI agents.

Stripe Link gave 200 million humans a one-click wallet. Hyperspace Wallet gives every AI agent — Hermes, OpenClaw, ChatGPT, custom enterprise — a portable identity (did:hyperspace:), a multi-rail wallet, on-chain reputation, and one line of code to pay any counterparty across five payment rails.

block + agent count read live from rpc.a1.hyper.space when JS is enabled

contents

why this exists

An AI agent that wants to pay another agent — for inference, data, an API call, a tool invocation, a checkout — has nowhere to go. Today it has to:

• Sign up to each merchant or counterparty with a human's email and credit card
• Or hard-code a custodial private key and hope nothing leaks
• Pick one payment rail (ACP or x402 or AP2 or Tempo MPP) and live with it
• Reinvent identity, reputation, idempotency, receipt verification, and dispute handling itself

Stripe knows this. Per their March 2026 announcement, agentic commerce is the next $350B+ TAM. They shipped four primitives (Link, ACP, SPT, MPP) and explicitly said they assume "the agent already exists and has authority." Google's AP2 is a trust framework for agent mandates. Coinbase's x402 is a peer-to-peer USDC settlement protocol. Each rail solves part of the problem. None of them issue an agent identity.

what you get

quickstart — sixty seconds

TypeScript / Node

Python

CLI

did:hyperspace: — agent identity

Every agent gets a W3C-compliant Decentralized Identifier the moment Wallet.init() runs. Format:

The agent-id is sha256(ed25519PublicKey || ":" || agentName) — deterministic, so restoring from a 24-word BIP-39 mnemonic produces the same DID. Two keys are derived from one master seed via independent HKDF chains:

The DID Document carries both verification methods (Ed25519VerificationKey2020 + EcdsaSecp256k1RecoveryMethod2020), resolves to the on-chain AgentRegistry, and ships with a Hyperspace-specific extension carrying chainId, agentId, and the EVM address.

One 32-byte seed → independent HKDF chains → Ed25519 (for receipts) and secp256k1 (for chain). Lose either, the other is still safe.

five payment rails — one pay() call

The SDK ships an adapter for every major agent payment rail. wallet.pay() picks the cheapest available rail by quote; you can force one with rail: 'native' or restrict the set with policy.allowedRails.

Smart routing

By default selectRail() tries adapters in this order: native → x402 → acp → mpp → ap2. Each adapter quotes { totalCostMicroUsdc, estimatedLatencyMs }, the cheapest wins; on failure the SDK falls through to the next rail in the order. Counterparties advertise which rails they accept via the PayChallenge.acceptedRails field.

Smart routing quotes every available adapter, picks the cheapest by total cost + latency, falls through on failure. The agent never has to pick a rail by hand.

unified receipt envelope

Every pay() returns a Receipt of the same shape, regardless of rail. The rail-specific cryptographic proof lives in receipt.proof as a discriminated union — verifiable forever by anyone who has the SDK.

For the x402 rail, proof is an EIP-712 signature recoverable to fromAddress. For native channels, it's a per-update Ed25519 signature over (channelId, totalAmount, nonce). For ACP, it's a Stripe PaymentIntent id queryable against the Stripe API. For AP2, it's the embedded mandate VC + the network reference. For MPP, it's a Tempo tx hash + sequence number.

Verification is one method call:

Same outer shape every time. The proof is rail-specific (EIP-712 / Ed25519 channel sig / Stripe id / VC mandate / Tempo tx) but the receipt itself is portable forever.

spend policy — declarative authority

The policy engine evaluates every pay() before it touches the network. Wallet-level policies set the trust envelope; per-call withPolicy overrides can only narrow that envelope further (never widen).

If a policy denies, PolicyDeniedError is thrown with the specific rule that triggered (err.rule === 'perTxCap' | 'dailyCap' | 'minCounterpartyReputation'...) so the agent can choose to retry, ask the user, or fail.

Spend history persists at ~/.hyperspace/wallet-sdk/spend-history/<did>.jsonl so caps work across restarts.

Declarative authority. Wallet-level + per-call. Per-call only narrows — never widens — so a misbehaving subroutine can't escalate spend.

discovery + reputation

An agent that needs a service finds counterparties via wallet.discover(), then pays the best-ranked one. Ratings flow back to the on-chain ReputationRegistry via wallet.rate().

Reputation is the moat. Once an agent has 10K transactions and a 4.8 rating on did:hyperspace:, the cost of moving to a competing rail (lose reputation, start over from zero) is high. ENS captured Ethereum names this way.

Tied to receipts, not free-form. Slashable on dispute. Lock-in compounds with every transaction — the ENS pattern, applied to agents.

architecture

The SDK is one Wallet class composing six modules. The agent app imports it; everything else is internal.

arch — 6 internal modules · 5 rail adapters · multi-RPC failover · pluggable storage

One Wallet class. Six internal modules. Five adapters. Same shape from CLI, from a framework recipe, or from raw code.

live a1 testnet

The SDK ships with the canonical Hyperspace a1 chain id 808080 as default and resolves rpc.a1.hyper.space:8545 for JSON-RPC. Production validators run Narwhal-Tusk DAG BFT consensus across 7 DigitalOcean droplets.

Deployed contracts

All addresses verified live at block 14210 on 2026-04-29 (deploy manifest: a1-blockchain-hyperspace/contracts/deployments/hyperspace-do-prod.json). Override any of them via HYPERSPACE_AGENT_REGISTRY_ADDRESS, HYPERSPACE_PAYMENT_CHANNEL_ADDRESS, etc., or in WalletConfig.addresses.

stripe ACP — agentic commerce

Stripe's Agentic Commerce Protocol is implemented as a real REST client in src/adapters/acp/index.ts. The adapter authenticates via a Stripe API key (sk_live_... / sk_test_...) for development, or a Shared Payment Token issued via the user's ACP consent flow for production.

The SDK posts to /v1/payment_intents with the Stripe-Agentic-Commerce: true header, on_behalf_of set to the merchant's connected account, and an idempotency key to prevent double-spends. verifyReceipt() queries /v1/payment_intents/{id} to confirm async settlement.

SDK take rate over Stripe: 2% via application_fee_amount. Net merchant cost ~4.9% + $0.30 (2.9% + $0.30 Stripe + 2% Hyperspace).

Stripe ACP and Coinbase x402 are real REST clients in the SDK — no stubs. Same Receipt envelope wraps either rail's proof.

coinbase x402 — peer-to-peer USDC

x402 is a peer-to-peer protocol — no platform credentials needed. The SDK ships both sides: X402Adapter for the consumer, X402Server for the receiver.

Consumer — pay any 402 server

Receiver — paywall any HTTP endpoint

The server verifies receipt freshness, payee match, EIP-712 signature recovery, signer/payer cross-check, and replay (per-receipt-id dedupe with TTL pruning). All in-memory; zero deps beyond ethers v6.

cli — hyperspace-wallet

framework recipes

The SDK is framework-agnostic. Drop-in wrappers ship for the five most common agent stacks:

Recipes: examples/ in the SDK source tree.

pricing & take rate

The SDK is MIT-licensed and free. No API key, no install gate, no rate limit. We earn on transactions routed through it.

Headline blended rate: ~10%. Volume discounts kick in at $10M annual GMV (-20%); custom revshare at $100M+.

Free thresholds

• First $1,000 of GMV per agent identity: 0% take (encourages onboarding).
• Hobbyist tier: agents under $50/month total GMV: 0%.
• Open-source projects: apply for waiver via the GitHub repo.

live demo — generate an agent identity

Click the button. Your browser will generate a fresh Ed25519 + secp256k1 keypair, derive the did:hyperspace:, and show the recovery mnemonic. This is purely client-side — keys never leave your browser, never hit our servers.

vs. the alternatives

We don't compete with Stripe Link — we use it. The ACP adapter is one of five rails. We sit above the payment processors, not against them.

sdks & types

TypeScript / Node

Package: @hyperspace/wallet-sdk · 44 source files · 18 test files · 161 tests passing · 144 KB tarball · MIT.

Python

Package: hyperspace-wallet · 34 source files · 4 test files · 36 tests passing · MIT · Python ≥ 3.10.

Same API surface as TS, idiomatic Python (snake_case, dataclasses, async). Receipt JSON wire format is identical: same DID, same fields, same proofs.

faq

Is the SDK free?

Yes. MIT-licensed, no install gate, no API key required. We earn on transactions (5–15% take rate by class — see pricing).

Do I need to run a Hyperspace node?

No. The SDK reads/writes the chain via rpc.a1.hyper.space. Operators who want their own RPC pass rpcUrl in WalletConfig.

Can I use Stripe Connect with this?

Yes. The ACP adapter is a real Stripe REST client. Either pass apiKey (your platform's sk_...) or a Shared Payment Token issued via the user's consent flow.

Is this custodial?

No. Master seed never leaves the keystore. All signatures are local. The SDK doesn't have a server-side; everything runs in your process.

What happens if the chain is down?

The SDK's MultiRpcProvider retries across all configured endpoints with per-endpoint health tracking. Off-chain receipts (x402, ACP) work even with the chain unreachable — they only depend on the rail provider's API.

Does it work in browsers?

Core types and the demo above run in browsers. Full Wallet ships node:fs in the keystore — a browser-friendly entry with IndexedDB-backed storage ships in 0.2.0. The current alpha is Node-only.

How is reputation prevented from being gamed?

On-chain ReputationRegistry requires staking to register; slashing for misbehavior is built in. Ratings are tied to receipts (you can't rate without a payment record). Anti-Sybil via stake.

When mainnet?

The current chain is testnet (chain id 808080). Mainnet plan ships when contracts pass external audit and the dispute infrastructure is in place. Roadmap below.

roadmap

changelog