Okx Agent Payments Protocol

Name: Okx Agent Payments Protocol
Author: okx

okx/onchainos-skills

Create or fulfill OKX OnchainOS agent-to-agent payment links with wallet login, TEE signing, and status polling.

Overview

OKX Agent Payments Protocol is an agent skill for the Build phase that wraps onchainos payment a2a-pay for seller link creation and buyer payment completion with wallet-gated signing.

Install

npx skills add https://github.com/okx/onchainos-skills --skill okx-agent-payments-protocol

What is this skill?

Seller flow: create payment links with amount, symbol, recipient, optional realm and expiry
Buyer flow: fetch challenge by paymentId, TEE-sign, submit credential, poll to terminal state
Mandatory pre-flight via onchainos wallet status—no signing without a live session
Explicitly not HTTP 402–triggered; invoked by paymentId or a2a link by name
Documents AK login vs OTP email login paths before any pay/create step
Default link expiry --expires-in 1800 seconds when not overridden

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.3k installs on skills.sh; 284 GitHub stars; 1/3 security scanners passed (skills.sh audits).

What problem does it solve?

You need agents to charge or pay each other on-chain but lack a scripted, session-safe path from paymentId to signed credential and confirmed status.

Who is it for?

Builders wiring OKX OnchainOS into agent products that must issue or settle a2a payment links in dev or staging.

Skip if: Users who only need generic fiat checkout or HTTP 402 micropayment middleware without OnchainOS wallets.

When should I use this skill?

User mentions paymentId, an a2a_ link, create payment link, or a2a payment status with OnchainOS.

What do I get? / Deliverables

You run documented onchainos CLI steps end-to-end so a2a links are created or paid and polled to a terminal state only after wallet login succeeds.

Executed or scripted a2a-pay create/pay/status commands with verified terminal payment state

Recommended Skills

Solana Devsolana-foundation/solana-dev-skill

Solana Development Skill is the Solana Foundation’s agent playbook for building and debugging decentralized applications…28.4k installs·514 stars

Solidity Securitywshobson/agents

solidity-security is an agent skill for indie Web3 builders and small teams shipping EVM smart contracts who need concre…11.3k installs·36.5k stars

Emblem Ai Agent Walletemblemcompany/emblemai-agentwallet

Emblem Agent Wallet is an agent skill that connects assistants to EmblemAI and EmblemVault for autonomous crypto operati…8.7k installs·7 stars

Emblem Portfolio Trackeremblemcompany/agent-skills

emblem-portfolio-tracker is an agent skill packaged with a runnable portfolio-report.sh workflow for solo builders and i…8.7k installs·10 stars

Emblem Defi Yieldemblemcompany/agent-skills

Emblem DeFi Yield is an agent skill packaged as a bash script that orchestrates the EmblemAI CLI for solo builders explo…8.6k installs·10 stars

Emblem Memecoin Scoutemblemcompany/agent-skills

Emblem Memecoin Scout packages a bash workflow that drives the EmblemAI agent CLI to surface fresh memecoin launches and…8.6k installs·10 stars

Journey fit

Primary fit

BuildIntegrations & version control

Agent payment rails are built during integration work when wiring commerce between autonomous agents, not at idea or launch marketing. The skill wraps onchainos payment CLI flows (wallet session, a2a-pay create/pay/status)—classic third-party protocol integration.

Also useful

ValidatePricing & offer

How it compares

Agent-to-agent OnchainOS CLI skill—not a hosted payment page builder or Stripe-style subscription integration.

Common Questions / FAQ

Who is okx-agent-payments-protocol for?

Solo developers and agent authors using OKX OnchainOS who need repeatable seller create and buyer pay flows for a2a payment IDs.

When should I use okx-agent-payments-protocol?

During build when integrating agent commerce: creating USDT (or other symbol) links, paying an a2a_ link, or checking payment status after wallet login.

Is okx-agent-payments-protocol safe to install?

Treat wallet sessions and signing as high risk; review Security Audits on this page and never sign without confirming recipient, amount, and realm in the CLI output.

SKILL.md

READMESKILL.md - Okx Agent Payments Protocol

# a2a_charge — agent-to-agent payment links (`onchainos payment a2a-pay`)

> Loaded from `../SKILL.md` when the user mentions a paymentId, an `a2a_...` link, "create payment link", or asks to check a2a payment status. Unlike the HTTP 402 paths (`accepts`-based and `WWW-Authenticate: Payment`), a2a is **not triggered by an HTTP 402 response** — it's invoked by name, with a paymentId or a seller's create-link request.

Wraps `onchainos payment a2a-pay` end-to-end for both seller and buyer roles. Buyer-side trust is **delegated to the upstream caller** — when invoked with a `paymentId`, the skill fetches the on-server challenge, TEE-signs it as-is, submits the credential, and auto-polls payment status to a terminal state.

## Pre-flight

Both seller (`create`) and buyer (`pay`) require an authenticated wallet session. Before invoking either:

```bash
onchainos wallet status
```

- **Logged in** → proceed.
- **Not logged in** → ask the user to log in via `onchainos wallet login` (AK login, no email) or `onchainos wallet login <email>` (OTP login). **Do NOT attempt to sign without a live session.**

`status` does not require additional pre-flight beyond what the CLI itself enforces.

---

## Seller — Create a Payment Link

**Inputs**:
- **Required**: `--amount` (decimal, e.g. `"0.01"`), `--symbol` (e.g. `"USDT"`), `--recipient` (0x... EVM address — seller wallet)
- **Optional**: `--description`, `--realm`, `--expires-in` (seconds, default 1800)

**Steps**:

1. Run pre-flight (see above).
2. Shell out:
   ```bash
   onchainos payment a2a-pay create \
     --amount <amount> --symbol <symbol> --recipient <recipient> \
     [--description <text> --realm <domain> --expires-in <seconds>]
   ```
3. Parse the response — only `payment_id` and `deliveries.url` (optional) are present. The CLI no longer returns `amount` / `currency`; echo the seller's input args back for display.
4. Display:

   > Payment link created.
   > • paymentId: `<id>`
   > • Amount: `<amount input> <symbol input>` (decimal as you submitted)
   > • Recipient: `<recipient input>`
   > • Share with buyer: `<deliveries.url>` (if returned by the server) or `paymentId=<id>`

5. Suggest next: poll status anytime with `onchainos payment a2a-pay status --payment-id <id>` once the buyer is expected to have paid.

---

## Buyer — Pay a Payment Link

**Required input**: `paymentId` only. The CLI fetches the seller-issued challenge from the server and signs whatever amount / currency / recipient the challenge declares.

> **Trust model**: the buyer signs the seller's challenge as-is. Verifying that the challenge matches what the buyer agreed to pay is the **upstream caller's responsibility** — the user (or the upstream skill) MUST cross-check the seller's `paymentId` / `deliveries.url` against their out-of-band agreement (chat, task spec, prior negotiation) **before** calling this skill. Once invoked, the skill signs whatever the on-server challenge declares.

### Step 1 — Sign and submit

The skill does not run its own preview / yes-no gate; trust is delegated upstream. Shell out directly:

```bash
onchainos payment a2a-pay pay --payment-id <paymentId>
```

The CLI fetches the on-server challenge, TEE-signs the EIP-3009 authorization, and submits the credential. Two outcomes:

**Accepted** — `ok:true`, exit code 0:

```json
{
  "ok": true,
  "data": {
    "payment_id":   "a2a_xxx",
    "status":       "<status>",
    "tx_hash":      "<hash or null>",
    "valid_after":  0,
    "valid_before": 1746000000,
    "signature":    "0x..."
  }
}
```

Proceed to Step 2 (auto-poll).

**Rejected** — server returned `data.success:false` (e.g. `errorReason:"insufficient_balance"`). CLI surfaces it as a hard failure: `ok:false`, exit code 1, message embeds the reason verbatim:

```json
{
  "ok": false,
  "error": "payment a2a_xxx rejected (reason=<errorReason>)"
}
```

**Treat as terminal — do NOT retry `pay`.** Every retry produces a fresh EIP-3009 nonce + signature; if the reason is `insuffi

What is this skill?

Seller flow: create payment links with amount, symbol, recipient, optional realm and expiry

Buyer flow: fetch challenge by paymentId, TEE-sign, submit credential, poll to terminal state

Mandatory pre-flight via onchainos wallet status—no signing without a live session

Explicitly not HTTP 402–triggered; invoked by paymentId or a2a link by name

Documents AK login vs OTP email login paths before any pay/create step

Default link expiry --expires-in 1800 seconds when not overridden

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.3k installs on skills.sh; 284 GitHub stars; 1/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

BuildIntegrations & version control

Also useful

ValidatePricing & offer

SKILL.md

READMESKILL.md - Okx Agent Payments Protocol

# a2a_charge — agent-to-agent payment links (`onchainos payment a2a-pay`)

> Loaded from `../SKILL.md` when the user mentions a paymentId, an `a2a_...` link, "create payment link", or asks to check a2a payment status. Unlike the HTTP 402 paths (`accepts`-based and `WWW-Authenticate: Payment`), a2a is **not triggered by an HTTP 402 response** — it's invoked by name, with a paymentId or a seller's create-link request.

Wraps `onchainos payment a2a-pay` end-to-end for both seller and buyer roles. Buyer-side trust is **delegated to the upstream caller** — when invoked with a `paymentId`, the skill fetches the on-server challenge, TEE-signs it as-is, submits the credential, and auto-polls payment status to a terminal state.

## Pre-flight

Both seller (`create`) and buyer (`pay`) require an authenticated wallet session. Before invoking either:

```bash
onchainos wallet status
```

- **Logged in** → proceed.
- **Not logged in** → ask the user to log in via `onchainos wallet login` (AK login, no email) or `onchainos wallet login <email>` (OTP login). **Do NOT attempt to sign without a live session.**

`status` does not require additional pre-flight beyond what the CLI itself enforces.

---

## Seller — Create a Payment Link

**Inputs**:
- **Required**: `--amount` (decimal, e.g. `"0.01"`), `--symbol` (e.g. `"USDT"`), `--recipient` (0x... EVM address — seller wallet)
- **Optional**: `--description`, `--realm`, `--expires-in` (seconds, default 1800)

**Steps**:

1. Run pre-flight (see above).
2. Shell out:
   ```bash
   onchainos payment a2a-pay create \
     --amount <amount> --symbol <symbol> --recipient <recipient> \
     [--description <text> --realm <domain> --expires-in <seconds>]
   ```
3. Parse the response — only `payment_id` and `deliveries.url` (optional) are present. The CLI no longer returns `amount` / `currency`; echo the seller's input args back for display.
4. Display:

   > Payment link created.
   > • paymentId: `<id>`
   > • Amount: `<amount input> <symbol input>` (decimal as you submitted)
   > • Recipient: `<recipient input>`
   > • Share with buyer: `<deliveries.url>` (if returned by the server) or `paymentId=<id>`

5. Suggest next: poll status anytime with `onchainos payment a2a-pay status --payment-id <id>` once the buyer is expected to have paid.

---

## Buyer — Pay a Payment Link

**Required input**: `paymentId` only. The CLI fetches the seller-issued challenge from the server and signs whatever amount / currency / recipient the challenge declares.

> **Trust model**: the buyer signs the seller's challenge as-is. Verifying that the challenge matches what the buyer agreed to pay is the **upstream caller's responsibility** — the user (or the upstream skill) MUST cross-check the seller's `paymentId` / `deliveries.url` against their out-of-band agreement (chat, task spec, prior negotiation) **before** calling this skill. Once invoked, the skill signs whatever the on-server challenge declares.

### Step 1 — Sign and submit

The skill does not run its own preview / yes-no gate; trust is delegated upstream. Shell out directly:

```bash
onchainos payment a2a-pay pay --payment-id <paymentId>
```

The CLI fetches the on-server challenge, TEE-signs the EIP-3009 authorization, and submits the credential. Two outcomes:

**Accepted** — `ok:true`, exit code 0:

```json
{
  "ok": true,
  "data": {
    "payment_id":   "a2a_xxx",
    "status":       "<status>",
    "tx_hash":      "<hash or null>",
    "valid_after":  0,
    "valid_before": 1746000000,
    "signature":    "0x..."
  }
}
```

Proceed to Step 2 (auto-poll).

**Rejected** — server returned `data.success:false` (e.g. `errorReason:"insufficient_balance"`). CLI surfaces it as a hard failure: `ok:false`, exit code 1, message embeds the reason verbatim:

```json
{
  "ok": false,
  "error": "payment a2a_xxx rejected (reason=<errorReason>)"
}
```

**Treat as terminal — do NOT retry `pay`.** Every retry produces a fresh EIP-3009 nonce + signature; if the reason is `insuffi

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is okx-agent-payments-protocol for?

When should I use okx-agent-payments-protocol?

Is okx-agent-payments-protocol safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is okx-agent-payments-protocol for?

When should I use okx-agent-payments-protocol?

Is okx-agent-payments-protocol safe to install?

SKILL.md