/* ==================================================================== agents-pay-service — LNbits-based per-agent wallet service ==================================================================== */ const APS_SUBTABS = [ { id: 'overview', label: 'Overview' }, { id: 'concepts', label: 'Concepts' }, { id: 'security', label: 'Security · TEE · ZK' }, { id: 'install', label: 'Install & Run' }, { id: 'api', label: 'REST API' }, { id: 'skill', label: 'AI Agent Skill' }, ]; function PageAps({ sub, setSub, registerSections, jump }) { const active = sub || 'overview'; useEffect(() => { const sections = { overview: [{ title: 'On this page', items: [ { id: 'aps-what', label: 'What it is' }, { id: 'aps-adapts', label: 'Adaptations vs LNbits' }, { id: 'aps-arch', label: 'Architecture' }, { id: 'aps-funding',label: 'Funding sources' }, ]}], concepts: [{ title: 'Concepts', items: [ { id: 'aps-accounts', label: 'Accounts & sub-wallets' }, { id: 'aps-keys', label: 'Admin & invoice keys' }, { id: 'aps-units', label: 'SUI · MIST · msat' }, { id: 'aps-extensions', label: 'Extensions' }, ]}], security: [{ title: 'Security · TEE · ZK', items: [ { id: 'sec-threat', label: 'Threat model · custodial wallets' }, { id: 'sec-tee', label: 'TEE-isolated key store' }, { id: 'sec-zk', label: 'ZKP payment attestation' }, { id: 'sec-quorum', label: 'Multi-party quorum signing' }, { id: 'sec-audit', label: 'Auditable settlement trail' }, ]}], install: [{ title: 'Install & Run', items: [ { id: 'aps-prereq', label: 'Prerequisites' }, { id: 'aps-quick', label: 'Quick install' }, { id: 'aps-prod', label: '10k+ agents · production' }, { id: 'aps-env', label: 'Environment variables' }, ]}], api: [{ title: 'REST API', items: [ { id: 'aps-api-acct', label: 'Create account' }, { id: 'aps-api-wal', label: 'Create / batch sub-wallets' }, { id: 'aps-api-inv', label: 'Generate invoice' }, { id: 'aps-api-pay', label: 'Pay invoice' }, { id: 'aps-api-audit',label: 'Audit & history' }, { id: 'aps-internal', label: 'Internal transfers' }, ]}], skill: [{ title: 'AI Agent Skill', items: [ { id: 'aps-skill-custody', label: 'Custody model' }, { id: 'aps-skill-keys', label: 'Credential rules' }, { id: 'aps-skill-l402', label: 'Auto-pay L402 challenge' }, { id: 'aps-skill-howto', label: 'When NOT to use this' }, ]}], }; registerSections(sections[active]); }, [active]); return ( <> {active === 'overview' && } {active === 'concepts' && } {active === 'security' && } {active === 'install' && } {active === 'api' && } {active === 'skill' && } ); } /* ---------- Overview ----------- */ function APS_Overview() { return ( <>

What it is

agents-pay-service is a fork of{' '} lnbits/lnbits{' '} customised for the Loka agentic ecosystem. It sits between your AI agents and the underlying payment network, giving each agent its own isolated wallet and API key while exposing a unified interface for BOLT11 Lightning and SUI / Mist payments.

Adaptations vs LNbits

SUI / MIST denomination

Native display formatting, exchange-rate fetching, and invoice creation in SUI units (1 SUI = 10⁹ MIST).

Multi-agent account isolation

Every agent gets its own wallet and scoped API key. No agent can touch another's funds.

Agentic payment extensions

orders, tpos, lnurlp pre-installed and tuned for programmatic use.

SUI price feeds

CoinGecko + Binance rate providers for real-time SUI ↔ fiat conversion (display only).

Architecture

{` flowchart TB agent(("AI Agent(s)")) subgraph SVC["agents-pay-service · Python / FastAPI"] direction TB a1["per-agent wallet · scoped API keys"] a2["extensions · history · admin UI"] a1 --- a2 end back["Lightning node /
DAG L2 payment backend
(loka-p2p-lnd, CLN, …)"] agent -- "REST API
per-wallet key" --> SVC SVC -- "funding-source
abstraction" --> back `}

Funding sources

Drop in any LNbits-compatible backend. Recommended: loka-p2p-lnd.

recommended]}> Multi-chain Lightning Network Daemon (BTC · SUI · EVM). CLN-family backends. SUI Lightning-compatible alt-implementation. Hosted custodial LN providers. Mobile-first SDK backend. Any new FundingSource subclass. ); } /* ---------- Concepts ----------- */ function APS_Concepts() { return ( <>

Accounts & sub-wallets

The service mirrors a corporate-treasury model: one account{' '} owns many wallets. Each wallet is independently scoped — compromising one wallet's keys never exposes the rest.

{` flowchart TB subgraph ACC["account · user_xxx"] direction LR w1["wallet «Treasury»
id wallet_aaa
admin_key · invoice_key
balance_msat …"] w2["wallet «Agent A»
id wallet_bbb
admin_key · invoice_key
balance_msat …"] w3["wallet «Agent B»"] w4["wallet «Agent C»"] end `}

Admin & invoice keys

Key	Auth header	Allows	Treat as
`admin_key`	`X-Api-Key: …`	send + receive + introspect	service-account password
`invoice_key`	`X-Api-Key: …`	receive + read-only	safe to share with payers

Issue a separate sub-wallet (and therefore a separate admin_key) per task or peer. If a key leaks, only that wallet drains — the rest of the fleet is unaffected. Rotate keys aggressively.

SUI · MIST · msat

SUI — display unit. 1 SUI = 10⁹ MIST.
MIST — base unit (Sui equivalent of satoshi).
msat — millisatoshi, the unit Lightning uses internally. balance_msat in API responses is in msat; 1 MIST = 1000 msat.
The unit field in payment payloads may be ignored depending on server config — never assume sats.

Extensions

Non-core features ship as loadable extensions. Pre-installed for agentic flows:

Extension	Purpose
`orders`	Agent-to-agent order / payment flows
`tpos`	Point-of-sale for agent services
`lnurlp`	LNURL-pay endpoint per agent wallet

); } /* ---------- Install ----------- */ function APS_Install() { return ( <>

Prerequisites

Python 3.11+
uv (recommended) or pip
A funding-source backend (e.g. loka-p2p-lnd) — gRPC reachable, TLS cert + macaroon paths handy

Quick install

{`git clone https://github.com/loka-network/agents-pay-service
cd agents-pay-service
uv sync
uv run lnbits --port 5000
# or
make dev`}

10k+ agents · production deployment

SQLite uses file-level locking and crashes under high concurrency with database is locked. Use PostgreSQL for any multi-agent simulation.

{`# 1. Switch to PostgreSQL in .env
echo 'LNBITS_DATABASE_URL="postgres://user:password@localhost:5432/agents_pay"' >> .env

# 2. Start with Uvicorn (multi-worker)
make prod
# under the hood:
# uv run uvicorn lnbits.__main__:app --host 0.0.0.0 --port 5000 \\
#   --workers 8 --limit-concurrency 1000`}

Environment variables

{`# === Server ===
HOST=127.0.0.1
PORT=5001
LNBITS_DATA_FOLDER="./data"

# === Admin UI ===
LNBITS_ADMIN_UI=true

# === Denomination ===
LNBITS_DENOMINATION=MIST

# === Funding Source (LND example) ===
LNBITS_BACKEND_WALLET_CLASS=LndWallet
LND_GRPC_ENDPOINT=127.0.0.1
LND_GRPC_PORT=10009
LND_GRPC_CERT="/path/to/lnd/tls.cert"
LND_GRPC_MACAROON="/path/to/lnd/data/chain/sui/devnet/admin.macaroon"

# === Extensions ===
LNBITS_EXTENSIONS_DEFAULT_INSTALL="tpos"
LNBITS_USER_DEFAULT_EXTENSIONS="lnurlp"

# === Invoice expiry ===
LIGHTNING_INVOICE_EXPIRY=3600`}

); } /* ---------- API ----------- */ function APS_Api() { return ( <>

All endpoints are rooted at the deployment base URL — for the hosted instance, https://agents-pay.loka.cash. Full OpenAPI docs at /docs.

Create account

Anonymous quick path — no username, no password. One POST returns a user + first wallet with API keys ready:

{`POST /api/v1/account
Content-Type: application/json

{ "name": "Master Treasury Wallet" }`}

Username + password path — for human-operated tenants:

{`POST /api/v1/auth/register
Content-Type: application/json

{ "username": "alice", "password": "…", "password_repeat": "…", "email": "…" }`}

Returns an access_token (JWT). Use it once with GET /api/v1/wallets to grab the auto-created wallet's API keys; after that, payment APIs use X-Api-Key only.

Create / batch sub-wallets

{`POST /api/v1/wallet
X-Api-Key: 

{ "name": "Worker Agent A" }`}

Batch — avoid round-trip overhead at scale:

{`POST /api/v1/wallet/batch
X-Api-Key: 

{
  "wallets": [
    { "name": "Agent Worker 001" },
    { "name": "Agent Worker 002" },
    { "name": "Agent Worker 003" }
  ]
}`}

Generate invoice

{`POST /api/v1/payments
X-Api-Key: 

{
  "out": false,
  "amount": 1000,
  "memo": "task-fee",
  "unit": "sat"
}`}

Returns {`{ payment_request: "lnbc…", checking_id, … }`}. Hand payment_request to the payer.

Pay invoice

{`POST /api/v1/payments
X-Api-Key: 

{ "out": true, "bolt11": "lnbc1…" }`}

If both endpoints live on the same agents-pay-service instance, the server short-circuits to a database-level swap — 0 ms latency, no LN fees. You can't detect or force this; it just happens when applicable.

Audit & history

Need	Endpoint
Wallet balance	`GET /api/v1/wallet`
Recent payments	`GET /api/v1/payments?limit=N&offset=M`
Daily aggregate	`GET /api/v1/payments/history?group=day`

balance_msat is in msat. Divide by 1000 to get MIST.

Internal treasury transfers

Move funds from a master wallet to a sub-agent without round-tripping through the network:

{`# 1. With sub-agent's invoice_key
curl -X POST .../api/v1/payments \\
  -H "X-Api-Key: $INVOICE_KEY_SUB" \\
  -d '{"out": false, "amount": 50, "memo": "allowance"}'

# 2. With master admin_key — pay the invoice produced above
curl -X POST .../api/v1/payments \\
  -H "X-Api-Key: $ADMIN_KEY_MASTER" \\
  -d '{"out": true, "bolt11": "lnbc…"}'`}

); } /* ---------- Skill ----------- */ function APS_Skill() { return ( <> The in-repo file skill/loka_pay_skill.md is the canonical Skill any AI agent should ingest to use this service autonomously. This page is the human view of the same content.

Custody model

Loka Payment supports two payment routes that terminate at the same Prism gateway. Choose per-deployment or per-call:

Route	Wallet location	Who signs	Credential
A · Self-custody	User's own LN wallet (Phoenix / Muun / self-run lnd-sui)	User's wallet, locally	macaroon / seed
B · Custodial	`agents-pay-service`	Service's lnd-sui, server-side	`X-Api-Key`

Credential rules

admin_key — full spend authority. Treat like a database root password.
invoice_key — read + receive only. Hand out freely.
An attacker with admin_key drains that wallet. Mitigate via per-task sub-wallets, short-lived keys, and aggressive rotation.
For automation, persist (user_id, admin_key) in your secret store at provisioning time and reuse on subsequent runs.

Auto-pay an L402 challenge

{` sequenceDiagram autonumber participant A as agent participant P as Prism participant W as agents-pay-service A->>P: GET /resource P-->>A: 402 — LSAT macaroon=…,
invoice=lnbc… A->>W: POST /api/v1/payments
out:true, bolt11 W-->>A: { preimage } A->>P: GET /resource
Authorization: LSAT m:p P-->>A: 200 OK + body Note over A,P: cache macaroon:preimage
per (origin, service)
replay until expiry `}

Failure modes

`402` with same macaroon	Token expired / revoked. Repay.
`402` with new macaroon	Service rotated. Pay the new one.
`403`	Out of session budget or revoked. Do not retry-pay.
`502 / 503`	Backend down. Don't pay — you'll waste sats.

When NOT to use this stack

Need non-custodial guarantees

Run your own LND with lnd-sui and pay Prism invoices directly. Do not register on the hosted service.

Audited custody required

This service is not a licensed e-money issuer. Treat balances as platform credits, not bank deposits.

); } window.PageAps = PageAps;