Reference only — these examples are for educational and demo purposes. They are not production-ready and may contain hardcoded values, skip error handling, or use development-only configurations. Always review and adapt for your own security requirements.
Twenty-three example applications demonstrating the 1Claw SDK, API, and MCP server in agentic workflows. Each is self-contained with a step-by-step walkthrough you can run in 5–10 minutes.
| Example | Difficulty | Time | What you'll build |
|---|---|---|---|
| basic | Beginner | 5 min | TypeScript scripts: vault CRUD, secrets, billing, signup, sharing, Intents API |
| mpc-vault | Intermediate | 10 min | MPC: 2-of-2 client custody (X-Client-Share) and 2-of-3 multi-HSM vaults (tier-dependent) |
| langchain-agent | Beginner | 5 min | LangChain agent fetches secrets just-in-time (OpenAI or Gemini) |
| fastmcp-tool-server | Intermediate | 5 min | Custom MCP server with domain tools (rotate keys, deploy, parse env configs) |
| nextjs-agent-secret | Intermediate | 5 min | AI chat app (Claude) accesses vault secrets with approval gates |
| google-a2a | Intermediate | 10 min | Two agents communicate via Google A2A protocol + 1Claw vaults (includes ADK demo) |
| tx-simulation | Intermediate | 10 min | AI agent signs on-chain transactions with guardrails and Tenderly simulation |
| shroud-demo | Intermediate | 5 min | Shroud TEE proxy: health, agent auth, Intents API, LLM proxy (key from Vault or header) |
| shroud-llm | Intermediate | 5 min | Shroud + LLM Token Billing: JWT claims + OpenAI, Anthropic, Google via Stripe (or direct keys if billing off) |
| local-inspect | Beginner | 2 min | Detect prompt injection, PII, and threats — no account needed, runs offline |
| shroud-security | Intermediate | 5 min | Shroud threat detection: Unicode, command injection, social engineering, encoding, network |
| logos-chat | Intermediate | 10 min | E2E encrypted agent-to-agent chat over Logos/Waku with AI auto-chat via Shroud |
| ampersend-x402 | Advanced | 10 min | x402 micropayments via Ampersend — MCP/HTTP clients, hybrid billing, paywall server |
| x402-payments | Advanced | 5 min | Real x402 payments for 1Claw endpoints — EOA key in .env, GET/PUT secrets, audit, simulate |
| jwt-ttl-defense | Intermediate | 5 min | Prompt-injection steals an agent JWT — 3s TTL + scope/vault binding contain the blast radius |
| intents-layers | Beginner | 5 min | Two “intents”: mock solver execution plan → 1Claw sign-only (agent never holds the key) |
| intents-quick | Beginner | 3 min | One API key, full Intents flow: bootstrap vault + agent + Shroud, sign tx on Base Sepolia |
| anthropic-wif | Intermediate | 10 min | OIDC federation: 1claw mints RS256 JWT → Anthropic WIF → sk-ant-oat01-… (no static keys) |
| multi-chain-keys | Beginner | 5 min | Multi-chain: provision HSM-backed signing keys for 6 blockchains (Ethereum, Bitcoin, Solana, XRP, Cardano, Tron) |
| evm-signing | Intermediate | 5 min | EVM signing: EIP-191 personal_sign, EIP-712 typed data, transaction types 0-2 (legacy, access list, EIP-1559) |
| agentic-tx | Advanced | 10 min | Real transactions: end-to-end agent creation → fund → sign → broadcast on Ethereum and Base with guardrails |
| non-evm-keys | Beginner | 5 min | Non-EVM keys: generate keys and derive addresses for Bitcoin, Solana, XRP, Cardano, Tron (signing coming soon) |
| platform-connect | Intermediate | 5 min | Platform API: register an app, create a bootstrap template, provision users + vaults + agents |
Shroud LLM: Examples that hit Shroud’s OpenAI-compatible surface (shroud-demo, shroud-llm) must send X-Shroud-Provider (e.g. openai, anthropic, google) on chat requests; omitting it returns 400 from Shroud.
Use one org + user per example (no signup or email verification). Seed the DB once, then create vaults and credentials per demo (e.g. via the 1Claw dashboard or API) and set each example's .env with ONECLAW_BASE_URL, ONECLAW_VAULT_ID, ONECLAW_API_KEY, and ONECLAW_AGENT_ID for agent-based examples.
1. Seed demo accounts (run once, via Supabase MCP or psql against your 1Claw DB):
- Open
scripts/seed-demo-accounts.sqland run itsINSERTstatements (e.g. in Supabase SQL Editor or via MCP). This creates 7 organizations and 7 users (demo-basic@1claw.xyz,demo-langchain@1claw.xyz, …). Shared password:Demo1claw!seed.
2. Per demo: Log in as that user, create a vault (and optionally an agent and API keys), then set that example's .env (or .env.local for nextjs-agent-secret) with the vault ID and API key.
Then from any example:
cd examples/<name>
npm install
npm startAdd GOOGLE_API_KEY or OPENAI_API_KEY for langchain-agent, ANTHROPIC_API_KEY for nextjs-agent-secret, and SMART_ACCOUNT_ADDRESS (and optional wallet key) for ampersend-x402 as needed.
Test all examples: From the repo root, run ./examples/scripts/test-all-examples.sh. This installs deps (unless SKIP_INSTALL=1), runs each example’s main script or build, and reports pass/fail (22 examples). CLI-style examples are run to completion or stopped after a short delay; Next.js examples are build-only. shroud-llm skips unless .env has agent credentials; use an org with LLM Token Billing enabled for full JWT checks. mpc-vault is typecheck-only (live runs need Pro+ / Business+ and real 1ck_ keys). intents-layers is typecheck-only in the aggregate script; run npm start locally for the narrative + optional live signTransaction. multi-chain-keys, evm-signing, agentic-tx, and non-evm-keys are typecheck-only in CI (live runs need agent credentials and funded addresses).
Cleanup: To delete all secrets in demo accounts (except ampersend-x402, so keys/x402-session-key is kept), run ./scripts/cleanup-demo-secrets.sh from the repo root.
Bootstrap all env files at once (copies each example’s template to .env or .env.local if the target file does not exist yet):
cd examples
npm run bootstrap
# Or from the monorepo root:
./examples/scripts/bootstrap-env.shnextjs-agent-secretuses.env.local.example→.env.local(Next.js convention).- All other examples use
.env.example→.env. - Existing files are not overwritten; use
./examples/scripts/bootstrap-env.sh --forceto replace them. - Bootstrap one folder only:
./examples/scripts/bootstrap-env.sh basic - Preview:
./examples/scripts/bootstrap-env.sh --dry-run
Then edit each file with your API keys and vault IDs from 1claw.xyz.
Every example also follows the same per-folder pattern:
# 1. Set up the example (uses published @1claw/sdk — check each example’s package.json for the range)
cd examples/<name>
npm install
# If npm reports peer dependency conflicts (e.g. langchain-agent), use:
# npm install --legacy-peer-deps
cp .env.example .env # or .env.local.example → .env.local for Next.js — or use npm run bootstrap above
# Fill in your credentials
# 2. Run it
npm startIf you're new to 1Claw, walk through the examples in this order:
- basic — Learn the SDK fundamentals: auth, vaults, secrets, billing
- mpc-vault — Optional: MPC 2-of-2 and 2-of-3 vault flows (tier + infra dependent)
- langchain-agent — See how an LLM agent decides when to fetch secrets
- fastmcp-tool-server — Build domain tools on top of the SDK
- nextjs-agent-secret — Full chat app with server-side secret handling
- google-a2a — Multi-agent communication with vault credentials
- tx-simulation — On-chain transactions with guardrails and simulation
- local-inspect — Detect threats in LLM output locally — no account, no network
- shroud-demo — Shroud TEE proxy: health, Intents API, LLM proxy (no LLM key required if stored in Vault)
- shroud-llm — Same Shroud LLM path, focused on orgs with LLM Token Billing (JWT claims + optional org API check)
- shroud-security — Shroud threat detection filters: Unicode, injection, social engineering
- logos-chat — E2E encrypted agent-to-agent chat over Logos/Waku
- ampersend-x402 — Payments and billing integration
- x402-payments — Real x402 payments for all supported endpoints (EOA key in .env)
- jwt-ttl-defense — Prompt-injection JWT theft contained by a 3-second TTL + scope/vault binding
- multi-chain-keys — Provision signing keys for 6 blockchains and view derived addresses
- evm-signing — EIP-191, EIP-712, and all EIP-2718 transaction types
- agentic-tx — Real on-chain transactions with mainnet funds and guardrails
- non-evm-keys — Non-EVM key generation (Bitcoin, Solana, XRP, Cardano, Tron)
| Credential | Where to get it | Which examples |
|---|---|---|
1Claw API key (1ck_ / ocv_) |
1claw.xyz/settings/api-keys | Human 1ck_ for mpc-vault; agent ocv_ for most agent demos; all except local-inspect |
| 1Claw vault + secrets | 1claw.xyz dashboard | All except basic (creates its own) |
| Gemini API key | aistudio.google.com/apikey (free) | langchain, google-a2a, tx-simulation |
| Anthropic API key | console.anthropic.com | nextjs-agent-secret |
| OpenAI API key | platform.openai.com | langchain (alternative to Gemini); shroud-demo / shroud-llm (optional if key in Vault) |
| 1Claw agent (ID + API key) | 1claw.xyz — create agent, Shroud enabled for LLM | shroud-demo, shroud-llm, tx-simulation |
| Smart account + session key | Ampersend docs | ampersend-x402 |
| EOA private key (Base USDC) | Generate hex key, fund with USDC on Base | x402-payments |
1Claw is an HSM-backed secrets manager for AI agents and humans. It provides encrypted vaults, granular access policies, an Intents API with guardrails, human-in-the-loop approvals, subscription billing with prepaid credits, and x402 micropayments.
- SDK: @1claw/sdk
- MCP: @1claw/mcp — vault, secrets, sharing, simulate/submit transaction tools
- CLI: @1claw/cli
- Docs: docs.1claw.xyz
- Dashboard: 1claw.xyz
- Pricing: 1claw.xyz/pricing