For Agents 🤖

Clone the lightning-agent-tools repo at github.com/lightninglabs/lightning-agent-tools. Install the lnd and lnget skills, then set up a Lightning node with a remote signer for key isolation. Bake a pay-only macaroon to scope your spending permissions, configure lnget, and start paying for L402 APIs. If you want to sell resources too, install the aperture skill and set up a paid endpoint behind the L402 reverse proxy.

For Humans 👋

Today, we're open sourcing a new set of tools that give AI agents the skills to operate natively on the Lightning Network. These tools give agents access to a payments rail that supports agent-native authentication without requiring identity, API keys, or signup flows. The new Lightning agent tools repo ships with seven composable skills covering the full agent commerce stack: running a Lightning node, isolating private keys with a remote signer, baking scoped credentials, paying for L402-gated APIs, hosting paid endpoints, querying node state via MCP (Model Context Protocol, a standardized tooling layer for AI assistants), and orchestrating end-to-end buyer/seller workflows. The skills work with any agent framework that can execute shell commands, including Claude Code, Codex, or your own tooling. You can also grab the skills from the Claude Code plugin marketplace, install them via npx, or find them on ClawHub.

Today's launch also includes lnget, an L402-aware command-line HTTP client (similar to wget/curl) that enables agents to seamlessly navigate L402-gated APIs and content. L402 is a protocol standard for L402 is a protocol standard for Lightning machine payment authentication that builds on the internet's long-forgotten HTTP 402 "Payment Required" status code. And for security purposes, the toolset includes a suite of agent skills for securely managing a Lightning wallet utilizing a remote signer architecture that isolates private keys from the agent entirely.

The Agents Are Here 🦞

Over the past several weeks, AI agent activity has gone from a promising experiment to a mainstream phenomenon. OpenClaw and Moltbook have captured the world's attention, with thousands of autonomous agents making phone calls, sending emails, and posting on social networks. Meanwhile, the latest generation of coding models, including OpenAI's Codex 5.3 and Anthropic's Claude Opus 4.6, have dramatically expanded what agents can do on their own: spinning up infrastructure, writing and deploying code, orchestrating complex multi-step workflows, and calling APIs across the web.

This explosion in agent capability has exposed a critical gap. Agents can read documentation, write code, and call APIs, but they still can't easily pay for things. The traditional financial rails that humans rely on, including credit cards, bank accounts, and identity-based payment processors, are fundamentally incompatible with how agents operate. Agents don't have government IDs or bank accounts. They need to transact instantly, programmatically, and at massive scale, often for tiny amounts that would be eaten by traditional transaction fees.

This is precisely the problem that the L402 protocol was designed to solve. The early authors of the HTTP specification included a provision for internet-native payments with the 402 status code, but at the time, no decentralized digital currency existed to make it work. L402 bridges that gap by combining Bitcoin and the Lightning Network with macaroons (flexible authentication tokens for distributed systems) to create a standard that enables programmatic micropayments for API access, digital resources, and machine-to-machine commerce. When an agent hits an L402-gated endpoint, the server responds with a 402 status code, a Lightning invoice, and a macaroon. The agent pays the invoice, gets a cryptographic proof of payment called a preimage, and uses that preimage along with the macaroon to authenticate and access the resource. No signup, no API key, no identity required.

With today's release, we're putting the full power of L402 and the Lightning Network directly into agents' hands (or claws, as the case may be 🦞).

lnget: Teaching Agents to Pay ⬇️

At the core of today's launch is lnget, a command-line HTTP client designed for programmatic access to paid APIs. If you've ever used wget or curl to fetch data from the internet, lnget works the same way, with one critical addition: it handles Lightning payments automatically and transparently. Because agents can use anything on the command line, building a Lightning-native CLI tool means opening up the entire Lightning Network to any agent that can run a shell command. Command-line utilities are a key architectural component of agents like OpenClaw as they allow agents to easily string together a series of autonomous actions utilizing time-tested UNIX composition patterns. With lnget, these agents can now seamlessly navigate L402-gated content.

When an agent encounters an L402 API today, the existing flow is painful: parse the 402 challenge header, extract the invoice, switch to a Lightning wallet, pay the invoice, extract the preimage, construct the authorization header, and retry the request. For a human making a single request, that's tedious. For an autonomous agent consuming dozens of paid APIs across a complex workflow, it's a blocker.

lnget eliminates that entire flow. An agent simply runs:

lnget https://api.example.com/premium-data.json

If the server returns a 402 Payment Required response, lnget automatically parses the challenge, pays the Lightning invoice through the agent's configured Lightning backend, caches the resulting authentication token, and retries the request with the proper authorization header. Subsequent requests to the same domain reuse the cached token without additional payments.

lnget supports three Lightning backends depending on your setup: direct gRPC to a local lnd node (the standard mode when running your own node), Lightning Node Connect for encrypted tunnel access via a pairing phrase (no direct network access to the node required), and an embedded Neutrino light wallet for quick experiments without any external node at all.

For developers setting guardrails on their autonomous agents, cost control is critical. lnget's --max-cost flag sets a per-request spending ceiling, and the macaroon bakery skill lets you bake scoped credentials that cap total spending at the Lightning node level, so your agent can only ever access the budget you've explicitly granted it.

On the server side, any developer can turn their API into a pay-per-use service using Aperture, Lightning Labs' L402-aware reverse proxy that handles the full L402 negotiation, including dynamic pricing based on query complexity or resource consumption, so the backend doesn't need to know anything about Lightning. The combination of lnget on the client side and Aperture on the server side creates a complete agent commerce loop: one agent hosts a paid service, another agent consumes it, and Lightning handles the payment transparently in the background.

Security-First Agent Design: Remote Signing and Scoped Credentials 🔐

Giving an AI agent access to a Lightning node that holds real bitcoin requires a security model purpose-built for autonomous operation. The toolset provides three tiers of access with increasing trust requirements.

The default and recommended configuration uses LND's remote signer architecture, a setup that separates key management from node operations. The remote signer splits a Lightning node into two components. The signer machine holds the private keys and never routes payments or connects to the public network. The agent machine runs a watch-only LND node that handles all routing and payment operations but delegates any transaction signing to the signer machine over an authenticated gRPC connection. Even if an attacker gains full access to the agent machine, they cannot extract private keys because the keys simply aren't there.

For testing and development, a standalone mode stores keys locally with restrictive file permissions, appropriate for testnet, regtest (a local-only Bitcoin test network used for development), and small-value experiments. And for read-only observation, an MCP server connects to a Lightning node via Lightning Node Connect (LNC), an end-to-end encrypted WebSocket tunnel that requires only a 10-word pairing phrase. No credentials are written to disk, and ephemeral keypairs are discarded when the session ends. The MCP server exposes 18 read-only tools for querying node state, including balances, channels, invoices, payments, and the network graph, and works with any MCP-compatible AI assistant.

On top of this architecture, the macaroon bakery skill creates least-privilege credentials. Macaroons are bearer tokens, similar to API keys, but they support fine-grained permission scoping and attenuation. This means you can create a credential that only allows specific actions and then further restrict it without needing to issue a new one. The bakery provides five preset roles: pay-only for buyer agents, invoice-only for seller agents, read-only for monitoring, channel-admin for node management, and signer-only for scoping the remote signer's credentials. The principle of least privilege, giving agents only the permissions they absolutely need and nothing more, is essential as agents begin handling real economic activity.

Setting up the remote signer and baking scoped credentials is straightforward with the included skills. A developer can prompt their agent with natural language commands like "Export credentials from my signer and bake a signer-only macaroon" or "Bake a pay-only macaroon on my regtest node," and the skills handle the underlying complexity. 

Agentic Commerce: The Full Stack in One Skill 🧠

To tie it all together, the toolset includes a commerce meta-skill that packages the key capabilities above into end-to-end buyer and seller workflows. The commerce skill doesn't manage any infrastructure directly. Instead, it orchestrates the lnd, lnget, and aperture skills together so an agent can go from "set up a Lightning node" to "host a paid API endpoint" to "purchase data from another agent's API" entirely through natural language prompts. An agent can stand up both sides of a commerce loop without writing a single line of integration code. Then, lnget handles the buying, Aperture handles the selling and Lightning settles the payments.

Build the Machine-Payable Web 🌐

We're at an inflection point. The agents aren't coming. They're here. They're making restaurant reservations, creating languages, writing code, orchestrating complex workflows, and yes, probably reading this blog post right now. (Hello, agents. We built this for you too. 👋)

Right now, thousands of agents are posting on social networks, sending emails, and more. Imagine what happens when those agents can also pay for premium data feeds, purchase compute resources, and sell their own services for sats. The missing piece has been a permissionless financial layer native to how agents operate. That's what we're providing. 

Whether you're a Bitcoin developer (or AI agent!) looking to make your infrastructure agent-accessible, an AI developer who wants your agents to transact autonomously, or a fintech builder exploring programmable micropayments: the tools are here, they're open source, and they're ready to go. Check out the docs, join our Slack community, follow us on Twitter, contribute a PR, or subscribe to our newsletter. The machine-payable web won't build itself. Actually, it might. But it'll be faster with your help. 🚀