VyapaarClaw is a Governance-as-a-Service framework that transforms AI agents into financially governed entities. It acts as an autonomous financial firewall between AI agents and real payment infrastructure (Razorpay X), enforcing budgets, verifying vendors, scoring risk, and keeping humans in the loop — so AI agents can handle real money without uncontrolled spending.
### The Problem
We're entering the era of autonomous AI agents executing real-world financial tasks. The gap isn't intelligence — it's trust. Giving an AI agent a credit card is like giving a new hire the company chequebook on Day 1 with no spending policy. Without governance, agents can hallucinate and drain wallets, pay fraudulent vendors, or leave zero audit trail.
### The Solution — A 6-Layer Governance Pipeline
Every transaction passes through six layers of verification:
1. Webhook Signature Verification — Razorpay HMAC-SHA256 validation
2. Agent Policy Enforcement — Per-agent daily limits, per-txn caps, domain restrictions
3. Vendor Reputation Check — Google Safe Browsing threat analysis
4. Entity Verification — GLEIF legal entity lookup (fully FOSS)
5. ML Anomaly Detection — Isolation Forest on transaction patterns (scikit-learn)
6. Composite Risk Scoring — Automatic decision routing (APPROVE / REJECT / HOLD for human review)
### 25 MCP Governance Tools
Exposed via the Model Context Protocol (MCP): Budget Control, Vendor Verification, Risk & Anomaly Scoring, Compliance Reporting, Payment Processing, Slack/Telegram/ntfy Human-in-the-Loop Approvals, Cash Flow Forecasting, and more.
### Tech Stack
| Layer | Technologies |
|-------|-------------|
| Backend | Python 3.12, FastMCP, Redis (atomic budget locking), PostgreSQL (audit logs), asyncpg, httpx |
| Frontend | Next.js web dashboard — budget utilisation bars, risk heatmaps, AI CFO chat interface, searchable audit log, cron job management |
| Payments | Razorpay X integration (webhook + polling modes, Go MCP sidecar) |
| ML / AI | scikit-learn IsolationForest anomaly detection, Azure OpenAI / local MLX LLM, Dual-LLM quarantine security pattern |
| Notifications | Slack, Telegram, ntfy (FOSS) — human-in-the-loop approval workflows |
| CLI | npx vyapaarclaw bootstrap & npx vyapaarclaw start — zero-config setup wizard |
| Security | HMAC-SHA256 webhook verification, atomic Redis INCRBY (no race conditions), circuit breakers, fail-closed design |
| Infra | Docker, GitHub Actions CI/CD, PyPI + GHCR publishing |
### Testing & Quality
- 214 tests — unit, integration, and end-to-end
- Strict mypy type checking
- All amounts in paise (integers) — never floats for money
### FOSS Highlights
- GLEIF vendor verification (free, open API — no paid service needed)
- ntfy push notifications (fully self-hostable FOSS alternative to Slack)
- scikit-learn ML anomaly detection
- AGPL-3.0 licensed
### OpenClaw Integration
Built as a fully managed OpenClaw Framework — integrates with cron jobs (morning financial briefs, budget alarms, weekly compliance), webhooks, multi-agent delegation, canvas dashboards, and AI CFO skills.