Agent Kernel
The TypeScript/Node.js backend that powers the entire Opacus platform — agent lifecycle, escrow, payments, 0G integrations.
What it is
Agent Kernel is a single Node.js process that exposes a REST API. It is the authoritative source for all agent state, escrow records, payment ledgers, and 0G network operations. Every other component (OpenClaw, Kinetic MCP, Agentboard) communicates with it via HTTP.
Build & run
# Build (TypeScript -> dist/)
cd agent-kernel
npm run build
# Run directly
node dist/api-server.js
# Run with PM2
pm2 start dist/api-server.js --name opacus-kernelDefault port: 3006 (set via PORT env var).
Core responsibilities
| Area | Description |
|---|---|
| Agent lifecycle | Create, list, update, and delete agent policies. Each agent has a DID, policy rules, and a budget scope. |
| Kinetic templates | Template catalog (bridge, oracle, shopping, storage_0g, compute_0g, iot, discovery, arbitrage, custom). Launch creates an agent + escrow atomically. |
| Escrow V2 | Lock/release/refund/dispute state machine. Proof verification logic for on-chain and off-chain delivery conditions. |
| OpacusPay ledger | Per-user USDC balance. Deposit recording, withdrawal processing, API credit tracking (OpenAI, Anthropic). |
| 0G Storage SDK | Upload/download files via 0G storage nodes. Returns rootHash for retrieval and Merkle verification. |
| 0G Compute SDK | AI chat inference and image generation via 0G GPU network. Streams responses when possible. |
| MCP entry point | All Kinetic MCP tool calls ultimately hit Agent Kernel endpoints. The MCP server is a thin proxy layer. |
| Discovery & reputation | Agent discovery by capability/location/H3 index. Kinetic reputation score calculated from real task history. |
| IoT micropayments | IoT agent template with per-device micropayment flows via iot_micropayment MCP tool. |
Key source files
agent-kernel/
├── src/
│ └── api-server.ts ← Entire backend (single file, ~10,000+ lines)
├── dist/
│ └── api-server.js ← Compiled output
├── package.json
└── .env.local ← Environment config (not committed)api-server.ts). After any change, run npm run build and restart the process.API authentication
All /api/* and /v1/* routes require authentication:
Authorization: Bearer <apiKey>In development, OPACUS_DEV_API_KEY is accepted. In production, per-user API keys are generated at login.
User scope identification
Every request is scoped to a user identity. Agent Kernel reads the user scope from (in order of priority):
x-opacus-user-emailheader (email users)x-opacus-walletheader (wallet users)- Bearer token claims
The user scope determines which agents, escrows, and payments the request can access.
Executor registry
In custodial mode, Agent Kernel requires an executor to be registered in the executor registry. The executor is identified by AGENT_EXECUTOR_PRIVATE_KEY. Set OPACUS_REQUIRE_EXECUTOR_REGISTRY=false to use the single-key fallback (development only).
Reloading after code changes
cd agent-kernel
npm run build
pm2 restart opacus-kernel --update-env