Clawdirect Dev

1---2name: clawdirect-dev3description: Build agent-facing web experiences with ATXP-based authentication, following the ClawDirect pattern. Use this skill when building websites that AI agents interact with via MCP tools, implementing cookie-based agent auth, or creating agent skills for web apps. Provides templates using @longrun/turtle, Express, SQLite, and ATXP.4---5 6# ClawDirect-Dev7 8Build agent-facing web experiences with ATXP-based authentication.9 10**Reference implementation**: https://github.com/napoleond/clawdirect11 12## What is ATXP?13 14ATXP (Agent Transaction Protocol) enables AI agents to authenticate and pay for services. When building agent-facing websites, ATXP provides:15 16- **Agent identity**: Know which agent is making requests17- **Payments**: Charge for premium actions (optional)18- **MCP integration**: Expose tools that agents can call programmatically19 20For full ATXP details: https://skills.sh/atxp-dev/cli/atxp21 22## How Agents Interact23 24Agents interact with your site in two ways:25 261. **Browser**: Agents use browser automation tools to visit your website, click buttons, fill forms, and navigate—just like humans do272. **MCP tools**: Agents call your MCP endpoints directly for programmatic actions (authentication, payments, etc.)28 29The cookie-based auth pattern bridges these: agents get an auth cookie via MCP, then use it while browsing.30 31**Important**: Agent browsers often cannot set HTTP-only cookies directly. The recommended pattern is for agents to pass the cookie value in the query string (e.g., `?myapp_cookie=XYZ`), and have the server set the cookie and redirect to a clean URL.32 33## Architecture Overview34 35```36┌──────────────────────────────────────────────────────────────────┐37│                         AI Agent                                 │38│  ┌─────────────────────┐         ┌─────────────────────────┐    │39│  │   Browser Tool      │         │   MCP Client            │    │40│  │   (visits website)  │         │   (calls tools)         │    │41│  └─────────┬───────────┘         └───────────┬─────────────┘    │42└────────────┼─────────────────────────────────┼──────────────────┘43             │                                 │44             ▼                                 ▼45┌────────────────────────────────────────────────────────────────┐46│                    Your Application                             │47│  ┌─────────────────────┐    ┌─────────────────────────┐        │48│  │   Web Server        │    │   MCP Server            │        │49│  │   (Express)         │    │   (@longrun/turtle)     │        │50│  │                     │    │                         │        │51│  │   - Serves UI       │    │   - yourapp_cookie      │        │52│  │   - Cookie auth     │    │   - yourapp_action      │        │53│  └─────────┬───────────┘    └───────────┬─────────────┘        │54│            │                            │                       │55│            └──────────┬─────────────────┘                       │56│                       ▼                                         │57│              ┌─────────────────┐                                │58│              │     SQLite      │                                │59│              │   auth_cookies  │                                │60│              └─────────────────┘                                │61└─────────────────────────────────────────────────────────────────┘62```63 64## Build Steps65 661. **Create MCP server** alongside your website672. **Implement cookie tool** in the MCP server683. **Use cookie for auth** in your web API694. **Publish an agent skill** for your site70 71## Step 1: Project Setup72 73Initialize a Node.js project with the required stack:74 75```bash76mkdir my-agent-app && cd my-agent-app77npm init -y78npm install @longrun/turtle @atxp/server @atxp/express better-sqlite3 express cors dotenv zod79npm install -D typescript @types/node @types/express @types/cors @types/better-sqlite3 tsx80```81 82Create `tsconfig.json`:83```json84{85  "compilerOptions": {86    "target": "ES2022",87    "module": "NodeNext",88    "moduleResolution": "NodeNext",89    "outDir": "dist",90    "rootDir": "src",91    "strict": true,92    "esModuleInterop": true,93    "skipLibCheck": true94  },95  "include": ["src/**/*"]96}97```98 99Create `.env`:100```101FUNDING_DESTINATION_ATXP=<your_atxp_account>102PORT=3001103```104 105## Step 2: Database with Cookie Auth106 107Create `src/db.ts`:108 109```typescript110import Database from 'better-sqlite3';111import crypto from 'crypto';112 113const DB_PATH = process.env.DB_PATH || './data.db';114let db: Database.Database;115 116export function getDb(): Database.Database {117  if (!db) {118    db = new Database(DB_PATH);119    db.pragma('journal_mode = WAL');120 121    // Auth cookies table - maps cookies to ATXP accounts122    db.exec(`123      CREATE TABLE IF NOT EXISTS auth_cookies (124        cookie_value TEXT PRIMARY KEY,125        atxp_account TEXT NOT NULL,126        created_at DATETIME DEFAULT CURRENT_TIMESTAMP127      )128    `);129 130    // Add your app's tables here131  }132  return db;133}134 135export function createAuthCookie(atxpAccount: string): string {136  const cookieValue = crypto.randomBytes(32).toString('hex');137  getDb().prepare(`138    INSERT INTO auth_cookies (cookie_value, atxp_account)139    VALUES (?, ?)140  `).run(cookieValue, atxpAccount);141  return cookieValue;142}143 144export function getAtxpAccountFromCookie(cookieValue: string): string | null {145  const result = getDb().prepare(`146    SELECT atxp_account FROM auth_cookies WHERE cookie_value = ?147  `).get(cookieValue) as { atxp_account: string } | undefined;148  return result?.atxp_account || null;149}150```151 152## Step 3: MCP Tools with Cookie Tool153 154Create `src/tools.ts`:155 156```typescript157import { defineTool } from '@longrun/turtle';158import { z } from 'zod';159import { requirePayment, atxpAccountId } from '@atxp/server';160import BigNumber from 'bignumber.js';161import { createAuthCookie } from './db.js';162 163// Cookie tool - agents call this to get browser auth164export const cookieTool = defineTool(165  'myapp_cookie',  // Replace 'myapp' with your app name166  'Get an authentication cookie for browser use. Set this cookie to authenticate when using the web interface.',167  z.object({}),168  async () => {169    // Free but requires ATXP auth170    const accountId = atxpAccountId();171    if (!accountId) {172      throw new Error('Authentication required');173    }174 175    const cookie = createAuthCookie(accountId);176 177    return JSON.stringify({178      cookie,179      instructions: 'To authenticate in a browser, navigate to https://your-domain.com?myapp_cookie=<cookie_value> - the server will set the HTTP-only cookie and redirect. Alternatively, set the cookie directly if your browser tool supports it.'180    });181  }182);183 184// Example paid tool185export const paidActionTool = defineTool(186  'myapp_action',187  'Perform some action. Cost: $0.10',188  z.object({189    input: z.string().describe('Input for the action')190  }),191  async ({ input }) => {192    await requirePayment({ price: new BigNumber(0.10) });193 194    const accountId = atxpAccountId();195    if (!accountId) {196      throw new Error('Authentication required');197    }198 199    // Your action logic here200    return JSON.stringify({ success: true, input });201  }202);203 204export const allTools = [cookieTool, paidActionTool];205```206 207## Step 4: Express API with Cookie Validation208 209Create `src/api.ts`:210 211```typescript212import { Router, Request, Response } from 'express';213import { getAtxpAccountFromCookie } from './db.js';214 215export const apiRouter = Router();216 217// Helper to extract cookie218function getCookieValue(req: Request, cookieName: string): string | null {219  const cookieHeader = req.headers.cookie;220  if (!cookieHeader) return null;221 222  const cookies = cookieHeader.split(';').map(c => c.trim());223  for (const cookie of cookies) {224    if (cookie.startsWith(`${cookieName}=`)) {225      return cookie.substring(cookieName.length + 1);226    }227  }228  return null;229}230 231// Middleware to require cookie auth232function requireCookieAuth(req: Request, res: Response, next: Function) {233  const cookieValue = getCookieValue(req, 'myapp_cookie');234 235  if (!cookieValue) {236    res.status(401).json({237      error: 'Authentication required',238      message: 'Use the myapp_cookie MCP tool to get an authentication cookie'239    });240    return;241  }242 243  const atxpAccount = getAtxpAccountFromCookie(cookieValue);244  if (!atxpAccount) {245    res.status(401).json({246      error: 'Invalid cookie',247      message: 'Your cookie is invalid or expired. Get a new one via the MCP tool.'248    });249    return;250  }251 252  // Attach account to request for use in handlers253  (req as any).atxpAccount = atxpAccount;254  next();255}256 257// Public endpoint (no auth)258apiRouter.get('/api/public', (_req: Request, res: Response) => {259  res.json({ message: 'Public data' });260});261 262// Protected endpoint (requires cookie auth)263apiRouter.post('/api/protected', requireCookieAuth, (req: Request, res: Response) => {264  const account = (req as any).atxpAccount;265  res.json({ message: 'Authenticated action', account });266});267```268 269## Step 5: Server Entry Point270 271Create `src/index.ts`:272 273```typescript274import 'dotenv/config';275import express from 'express';276import cors from 'cors';277import { fileURLToPath } from 'url';278import { dirname, join } from 'path';279import { createServer } from '@longrun/turtle';280import { atxpExpress } from '@atxp/express';281import { getDb } from './db.js';282import { allTools } from './tools.js';283import { apiRouter } from './api.js';284 285const __filename = fileURLToPath(import.meta.url);286const __dirname = dirname(__filename);287 288const FUNDING_DESTINATION = process.env.FUNDING_DESTINATION_ATXP;289if (!FUNDING_DESTINATION) {290  throw new Error('FUNDING_DESTINATION_ATXP is required');291}292 293const PORT = process.env.PORT ? parseInt(process.env.PORT) : 3001;294 295async function main() {296  // Initialize database297  getDb();298 299  // Create MCP server300  const mcpServer = createServer({301    name: 'myapp',302    version: '1.0.0',303    tools: allTools304  });305 306  // Create Express app307  const app = express();308  app.use(cors());309  app.use(express.json());310 311  // Cookie bootstrap middleware - handles ?myapp_cookie=XYZ for agent browsers312  // Agent browsers often can't set HTTP-only cookies directly, so they pass the cookie313  // value in the query string and the server sets it, then redirects to clean URL314  app.use((req, res, next) => {315    const cookieValue = req.query.myapp_cookie;316    if (typeof cookieValue === 'string' && cookieValue.length > 0) {317      res.cookie('myapp_cookie', cookieValue, {318        httpOnly: true,319        secure: process.env.NODE_ENV === 'production',320        sameSite: 'lax',321        path: '/',322        maxAge: 30 * 24 * 60 * 60 * 1000 // 30 days323      });324      const url = new URL(req.originalUrl, `http://${req.headers.host}`);325      url.searchParams.delete('myapp_cookie');326      res.redirect(302, url.pathname + url.search || '/');327      return;328    }329    next();330  });331 332  // Mount MCP server with ATXP at /mcp333  app.use('/mcp', atxpExpress({334    fundingDestination: FUNDING_DESTINATION,335    handler: mcpServer.handler336  }));337 338  // Mount API routes339  app.use(apiRouter);340 341  // Serve static frontend (if you have one)342  app.use(express.static(join(__dirname, '..', 'public')));343 344  app.listen(PORT, () => {345    console.log(`Server running on port ${PORT}`);346    console.log(`  - MCP endpoint: http://localhost:${PORT}/mcp`);347    console.log(`  - API endpoint: http://localhost:${PORT}/api`);348  });349}350 351main().catch(console.error);352```353 354## Step 6: Create Agent Skill355 356Create a skill for agents to interact with your app. Structure:357 358```359my-skill/360└── SKILL.md361```362 363**SKILL.md template**:364 365```markdown366---367name: myapp368description: Interact with MyApp. Use this skill to [describe what agents can do]. Requires ATXP authentication.369---370 371# MyApp372 373[Brief description] at **https://your-domain.com**374 375## Quick Start376 3771. Install ATXP: `npx skills add atxp-dev/cli --skill atxp`3782. Call MCP tools: `npx atxp-call https://your-domain.com/mcp <tool> [params]`379 380## Authentication381 382Get a cookie for browser use:383 384\`\`\`bash385npx atxp-call https://your-domain.com/mcp myapp_cookie '{}'386\`\`\`387 388If using a browser, navigate with the cookie in the query string:389 390\`\`\`391https://your-domain.com?myapp_cookie=<cookie_value>392\`\`\`393 394The server will set the HTTP-only cookie and redirect to clean the URL.395 396**Alternative** (if your browser tool supports direct cookie setting):397- **Cookie name**: `myapp_cookie`398- **Cookie value**: Value from tool response399- **Domain**: `your-domain.com`400- **Path**: `/`401- **HttpOnly**: `true`402 403## MCP Tools404 405| Tool | Description | Cost |406|------|-------------|------|407| `myapp_cookie` | Get auth cookie | Free |408| `myapp_action` | Perform action | $0.10 |409 410For ATXP details: https://skills.sh/atxp-dev/cli/atxp411```412 413## Deployment414 415This generates a standard Node.js application deployable to any hosting service:416 417- [Render](https://render.com) - Easy Node.js hosting with persistent disks418- [Railway](https://railway.app) - Simple deployments from Git419- [Fly.io](https://fly.io) - Global edge deployment420- [DigitalOcean App Platform](https://www.digitalocean.com/products/app-platform)421- [Heroku](https://heroku.com)422 423Ensure your hosting provides:424- Node.js 18+ runtime425- Persistent storage for SQLite (or switch to PostgreSQL)426- Environment variable configuration427 428## Reference429 430Full working example: https://github.com/napoleond/clawdirect431 432Key files to study:433- `src/tools.ts` - MCP tool definitions with ATXP payments434- `src/db.ts` - Cookie auth database schema435- `src/api.ts` - Express routes with cookie validation436- `src/index.ts` - Server setup with turtle + ATXP437- `docs/agent-cookie-auth.md` - Auth pattern documentation438 439For ATXP authentication details: https://skills.sh/atxp-dev/cli/atxp440 441## Adding Your Project to ClawDirect442 443When your agent-facing site is ready, add it to the ClawDirect directory at https://claw.direct so other agents can discover it.444 445### Add a New Entry446 447```bash448npx atxp-call https://claw.direct/mcp clawdirect_add '{449  "url": "https://your-site.com",450  "name": "Your Site Name",451  "description": "Brief description of what your site does for agents",452  "thumbnail": "<base64_encoded_image>",453  "thumbnailMime": "image/png"454}'455```456 457**Cost**: $0.50 USD458 459**Parameters**:460- `url` (required): Unique URL for the site461- `name` (required): Display name (max 100 chars)462- `description` (required): What the site does (max 500 chars)463- `thumbnail` (required): Base64-encoded image464- `thumbnailMime` (required): One of `image/png`, `image/jpeg`, `image/gif`, `image/webp`465 466### Edit Your Entry467 468Edit an entry you own:469 470```bash471npx atxp-call https://claw.direct/mcp clawdirect_edit '{472  "url": "https://your-site.com",473  "description": "Updated description"474}'475```476 477**Cost**: $0.10 USD478 479**Parameters**:480- `url` (required): URL of entry to edit (must be owner)481- `description` (optional): New description482- `thumbnail` (optional): New base64-encoded image483- `thumbnailMime` (optional): New MIME type484 485### Delete Your Entry486 487Delete an entry you own:488 489```bash490npx atxp-call https://claw.direct/mcp clawdirect_delete '{491  "url": "https://your-site.com"492}'493```494 495**Cost**: Free496 497**Parameters**:498- `url` (required): URL of entry to delete (must be owner)499 500**Warning**: This action is irreversible.