remitmd 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 137668b963c8ed6bef29b8990746e9eea1c0474f788d4365918ffd52306907b8
+  data.tar.gz: eb3673564e6988838fd505c47244023dad202039f87346d837956a9be375d7aa
+SHA512:
+  metadata.gz: 32d99f7c5d422b4c1fc7b56632177f8cdb414797d62572ab38c398c38b7b4a9df935056b65a1768db63f2aa96817a5363b3bc83d949011538a7c31323e7bff23
+  data.tar.gz: 78209500b2789302ca55566b7388551dab2521f26305e77aedea628c1234e1b780fbbf19c9468934dbcbe24dd34bbc08aaa5811f3fb1e5772fa704b32c19e611

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 remit-md
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,256 @@
+# remit.md Ruby SDK
+
+Universal payment protocol for AI agents — Ruby client library.
+
+[![CI](https://github.com/remit-md/sdk/actions/workflows/ci.yml/badge.svg)](https://github.com/remit-md/sdk/actions/workflows/ci.yml)
+[![Gem Version](https://badge.fury.io/rb/remitmd.svg)](https://badge.fury.io/rb/remitmd)
+
+## Installation
+
+```ruby
+gem "remitmd"
+```
+
+or install directly:
+
+```bash
+gem install remitmd
+```
+
+## Quickstart
+
+```ruby
+require "remitmd"
+
+wallet = Remitmd::RemitWallet.new(private_key: ENV["REMITMD_PRIVATE_KEY"])
+
+# Direct payment
+tx = wallet.pay("0xRecipient0000000000000000000000000000001", 1.50)
+puts tx.tx_hash
+
+# Check reputation
+rep = wallet.reputation("0xSomeAgent000000000000000000000000001")
+puts "Score: #{rep.score}"
+```
+
+Or from environment variables:
+
+```ruby
+wallet = Remitmd::RemitWallet.from_env
+# Requires: REMITMD_PRIVATE_KEY
+# Optional: REMITMD_CHAIN (default: "base"), REMITMD_API_URL
+```
+
+## Permits (Gasless USDC Approval)
+
+```ruby
+contracts = wallet.get_contracts
+
+# Use permits on any payment method
+tx = wallet.pay("0xRecipient...", 5.00, permit: permit)
+```
+
+Permits are optional on: `pay`, `create_escrow`, `create_tab`, `create_stream`, `create_bounty`, `place_deposit`.
+
+## Payment Models
+
+### Direct Payment
+
+```ruby
+tx = wallet.pay("0xRecipient...", 5.00, memo: "AI inference fee", permit: permit)
+```
+
+### Escrow
+
+```ruby
+escrow = wallet.create_escrow("0xContractor...", 100.00, memo: "Code review")
+# Work happens...
+tx = wallet.release_escrow(escrow.id)   # pay the contractor
+# or
+tx = wallet.cancel_escrow(escrow.id)    # refund yourself
+```
+
+### Metered Tab (off-chain billing)
+
+```ruby
+tab = wallet.create_tab("0xProvider...", 50.00, 0.003, permit: permit)
+
+# Provider charges with EIP-712 signature
+sig = wallet.sign_tab_charge(contracts["tab"], tab.id, 3_000_000, 1)
+wallet.charge_tab(tab.id, 0.003, 0.003, 1, sig)
+
+# Close when done — unused funds return
+wallet.close_tab(tab.id)
+```
+
+### Payment Stream
+
+```ruby
+stream = wallet.create_stream("0xWorker...", 0.001, 100.00)
+# Worker receives 0.001 USDC/second, funded with 100 USDC deposit
+
+tx = wallet.withdraw_stream(stream.id)
+```
+
+### Bounty
+
+```ruby
+bounty = wallet.create_bounty(25.00, "Summarise top 10 EIPs of 2025")
+
+# Any agent can submit work; you decide the winner
+tx = wallet.award_bounty(bounty.id, "0xWinner...")
+```
+
+### Security Deposit
+
+```ruby
+dep = wallet.place_deposit("0xCounterpart...", 100.00, expires_in_secs: 86_400, permit: permit)
+wallet.return_deposit(dep.id)
+```
+
+### Payment Intent
+
+```ruby
+# Propose payment terms before committing
+intent = wallet.propose_intent("0xCounterpart...", 50.00, type: "escrow")
+```
+
+## Testing with MockRemit
+
+MockRemit gives you a zero-network, zero-latency test double. No API key needed.
+
+```ruby
+require "remitmd"
+
+RSpec.describe MyPayingAgent do
+  let(:mock)   { Remitmd::MockRemit.new }
+  let(:wallet) { mock.wallet }
+
+  after { mock.reset }
+
+  it "pays the correct amount" do
+    agent = MyPayingAgent.new(wallet: wallet)
+    agent.run(task: "summarise document")
+
+    expect(mock.was_paid?("0xProvider...", 0.003)).to be true
+    expect(mock.balance).to eq(BigDecimal("9999.997"))
+  end
+end
+```
+
+### MockRemit assertions
+
+```ruby
+mock.was_paid?(address, amount)   # true/false
+mock.total_paid_to(address)       # BigDecimal — sum of all payments to address
+mock.transaction_count            # Integer
+mock.balance                      # BigDecimal — current balance
+mock.transactions                 # Array<Transaction>
+mock.set_balance(amount)          # Override starting balance
+mock.reset                        # Clear all state
+```
+
+## All Methods
+
+```ruby
+# Contract discovery (cached per session)
+wallet.get_contracts                                        # Hash
+
+# Balance & analytics
+wallet.balance                                              # Balance
+wallet.history(limit: 50, offset: 0)                       # TransactionList
+wallet.reputation(address)                                  # Reputation
+wallet.spending_summary                                     # SpendingSummary
+wallet.remaining_budget                                     # Budget
+
+# Direct payment
+wallet.pay(to, amount, memo: nil, permit: nil)              # Transaction
+
+# Escrow
+wallet.create_escrow(payee, amount, memo: nil, expires_in_secs: nil, permit: nil)  # Escrow
+wallet.claim_start(escrow_id)                               # Escrow
+wallet.release_escrow(escrow_id, memo: nil)                 # Transaction
+wallet.cancel_escrow(escrow_id)                             # Transaction
+wallet.get_escrow(escrow_id)                                # Escrow
+
+# Tabs
+wallet.create_tab(provider, limit, per_unit, expires_in_secs: 86_400, permit: nil)  # Tab
+wallet.charge_tab(tab_id, amount, cumulative, call_count, provider_sig)              # TabCharge
+wallet.close_tab(tab_id, final_amount: nil, provider_sig: nil)                       # Tab
+
+# Tab provider (signing charges)
+wallet.sign_tab_charge(tab_contract, tab_id, total_charged, call_count)  # String
+
+# Streams
+wallet.create_stream(payee, rate_per_second, max_total, permit: nil)  # Stream
+wallet.close_stream(stream_id)                              # Stream
+wallet.withdraw_stream(stream_id)                           # Transaction
+
+# Bounties
+wallet.create_bounty(amount, task, deadline, max_attempts: 10, permit: nil)  # Bounty
+wallet.submit_bounty(bounty_id, evidence_hash)              # BountySubmission
+wallet.award_bounty(bounty_id, submission_id)               # Bounty
+
+# Deposits
+wallet.place_deposit(provider, amount, expires_in_secs: 3600, permit: nil)  # Deposit
+wallet.return_deposit(deposit_id)                           # Transaction
+
+# Webhooks
+wallet.register_webhook(url, events, chains: nil)           # Webhook
+
+# Operator links
+wallet.create_fund_link                                     # LinkResponse
+wallet.create_withdraw_link                                 # LinkResponse
+
+# Testnet
+wallet.mint(amount)                                         # Hash {tx_hash, balance}
+```
+
+## Error Handling
+
+All errors are `Remitmd::RemitError` with structured fields and enriched details:
+
+```ruby
+begin
+  wallet.pay("0xRecipient...", 100.00)
+rescue Remitmd::RemitError => e
+  puts e.code     # "INSUFFICIENT_BALANCE"
+  puts e.message  # "Insufficient USDC balance: have $5.00, need $100.00"
+  puts e.doc_url  # Direct link to error documentation
+  puts e.context  # Hash: {"required" => "100.00", "available" => "5.00", ...}
+end
+```
+
+## Custom Signer
+
+Implement `Remitmd::Signer` for HSM, KMS, or multi-sig workflows:
+
+```ruby
+class MyHsmSigner
+  include Remitmd::Signer
+
+  def sign(message)
+    # Delegate to your HSM
+    MyHsm.sign(message)
+  end
+
+  def address
+    "0xYourAddress..."
+  end
+end
+
+wallet = Remitmd::RemitWallet.new(signer: MyHsmSigner.new)
+```
+
+## Chains
+
+```ruby
+Remitmd::RemitWallet.new(private_key: key, chain: "base")          # Base mainnet (default)
+Remitmd::RemitWallet.new(private_key: key, chain: "base_sepolia")  # Base Sepolia testnet
+```
+
+## License
+
+MIT — see [LICENSE](LICENSE)
+
+[Documentation](https://remit.md/docs) · [Protocol Spec](https://remit.md) · [GitHub](https://github.com/remit-md/sdk)

data/lib/remitmd/a2a.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "json"
+require "uri"
+
+module RemitMd
+  # A2A capability extension declared in an agent card.
+  AgentExtension = Data.define(:uri, :description, :required)
+
+  # A single skill declared in an A2A agent card.
+  AgentSkill = Data.define(:id, :name, :description, :tags)
+
+  # A2A agent card parsed from +/.well-known/agent-card.json+.
+  class AgentCard
+    attr_reader :protocol_version, :name, :description, :url, :version,
+                :documentation_url, :capabilities, :skills, :x402
+
+    def initialize(data)
+      @protocol_version = data["protocolVersion"] || "0.6"
+      @name             = data["name"].to_s
+      @description      = data["description"].to_s
+      @url              = data["url"].to_s
+      @version          = data["version"].to_s
+      @documentation_url = data["documentationUrl"].to_s
+      @capabilities     = data["capabilities"] || {}
+      @skills           = (data["skills"] || []).map do |s|
+        AgentSkill.new(
+          id:          s["id"].to_s,
+          name:        s["name"].to_s,
+          description: s["description"].to_s,
+          tags:        s["tags"] || []
+        )
+      end
+      @x402 = data["x402"] || {}
+    end
+
+    # Fetch and parse the A2A agent card from +base_url/.well-known/agent-card.json+.
+    #
+    #   card = RemitMd::AgentCard.discover("https://remit.md")
+    #   puts card.name   # => "remit.md"
+    #   puts card.url    # => "https://remit.md/a2a"
+    #
+    # @param base_url [String] root URL of the agent
+    # @return [AgentCard]
+    def self.discover(base_url)
+      url = URI("#{base_url.chomp("/")}/.well-known/agent-card.json")
+      response = Net::HTTP.start(url.host, url.port, use_ssl: url.scheme == "https") do |http|
+        req = Net::HTTP::Get.new(url)
+        req["Accept"] = "application/json"
+        http.request(req)
+      end
+      raise "Agent card discovery failed: HTTP #{response.code}" unless response.is_a?(Net::HTTPSuccess)
+
+      new(JSON.parse(response.body))
+    end
+  end
+end

data/lib/remitmd/errors.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Remitmd
+  # Structured error raised by all remit.md SDK operations.
+  #
+  # Every error has a machine-readable code, a human-readable message with
+  # actionable context, and a doc_url pointing to the specific error documentation.
+  #
+  # @example
+  #   begin
+  #     wallet.pay("not-an-address", 1.00)
+  #   rescue Remitmd::RemitError => e
+  #     puts e.code     # => "INVALID_ADDRESS"
+  #     puts e.message  # => "[INVALID_ADDRESS] expected 0x-prefixed ..."
+  #     puts e.doc_url  # => "https://remit.md/docs/api-reference/error-codes#invalid_address"
+  #   end
+  class RemitError < StandardError
+    # Error code constants
+    INVALID_ADDRESS         = "INVALID_ADDRESS"
+    INVALID_AMOUNT          = "INVALID_AMOUNT"
+    INSUFFICIENT_FUNDS      = "INSUFFICIENT_FUNDS"
+    ESCROW_NOT_FOUND        = "ESCROW_NOT_FOUND"
+    TAB_NOT_FOUND           = "TAB_NOT_FOUND"
+    STREAM_NOT_FOUND        = "STREAM_NOT_FOUND"
+    BOUNTY_NOT_FOUND        = "BOUNTY_NOT_FOUND"
+    DEPOSIT_NOT_FOUND       = "DEPOSIT_NOT_FOUND"
+    UNAUTHORIZED            = "UNAUTHORIZED"
+    RATE_LIMITED            = "RATE_LIMITED"
+    NETWORK_ERROR           = "NETWORK_ERROR"
+    SERVER_ERROR            = "SERVER_ERROR"
+    NONCE_REUSED            = "NONCE_REUSED"
+    SIGNATURE_INVALID       = "SIGNATURE_INVALID"
+    ESCROW_ALREADY_RELEASED = "ESCROW_ALREADY_RELEASED"
+    ESCROW_EXPIRED          = "ESCROW_EXPIRED"
+    TAB_LIMIT_EXCEEDED      = "TAB_LIMIT_EXCEEDED"
+    BOUNTY_ALREADY_AWARDED  = "BOUNTY_ALREADY_AWARDED"
+    STREAM_NOT_ACTIVE       = "STREAM_NOT_ACTIVE"
+    DEPOSIT_ALREADY_SETTLED = "DEPOSIT_ALREADY_SETTLED"
+    USDC_TRANSFER_FAILED    = "USDC_TRANSFER_FAILED"
+    CHAIN_UNAVAILABLE       = "CHAIN_UNAVAILABLE"
+
+    attr_reader :code, :doc_url, :context
+
+    def initialize(code, message, context: {})
+      @code    = code
+      @doc_url = "https://remit.md/docs/api-reference/error-codes##{code.downcase}"
+      @context = context
+      super("[#{code}] #{message} — #{@doc_url}")
+    end
+  end
+end

data/lib/remitmd/http.rb

@@ -0,0 +1,187 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "uri"
+require "json"
+require "securerandom"
+require "openssl"
+
+module Remitmd
+  # Chain configuration: maps chain names to (api_url, chain_id) pairs.
+  CHAIN_CONFIG = {
+    "base"          => { url: "https://api.remit.md/api/v0",          chain_id: 8453 },
+    "base_sepolia"  => { url: "https://testnet.remit.md/api/v0",      chain_id: 84532 },
+  }.freeze
+
+  # HTTP transport layer. Signs each request with EIP-712 auth headers and
+  # retries transient failures with exponential backoff.
+  class HttpTransport
+    MAX_RETRIES = 3
+    BASE_DELAY  = 0.5 # seconds
+    RETRY_CODES = [429, 500, 502, 503, 504].freeze
+
+    def initialize(base_url:, signer:, chain_id:, router_address: "")
+      @signer         = signer
+      @chain_id       = chain_id
+      @router_address = router_address.to_s
+      @uri            = URI.parse(base_url)
+      @http           = build_http(@uri)
+    end
+
+    def get(path)
+      request(:get, path, nil)
+    end
+
+    def post(path, body = nil)
+      request(:post, path, body)
+    end
+
+    private
+
+    def request(method, path, body)
+      attempt = 0
+      begin
+        attempt += 1
+        req  = build_request(method, path, body)
+        resp = @http.request(req)
+        handle_response(resp, path)
+      rescue RemitError => e
+        raise unless RETRY_CODES.include?(http_status_for(e)) && attempt < MAX_RETRIES
+
+        sleep(BASE_DELAY * (2**(attempt - 1)))
+        retry
+      rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, Net::ReadTimeout => e
+        raise RemitError.new(RemitError::NETWORK_ERROR, e.message) if attempt >= MAX_RETRIES
+
+        sleep(BASE_DELAY * (2**(attempt - 1)))
+        retry
+      end
+    end
+
+    def build_request(method, path, body)
+      full_path = "#{@uri.path}#{path}"
+      req = case method
+            when :get  then Net::HTTP::Get.new(full_path)
+            when :post then Net::HTTP::Post.new(full_path)
+            end
+
+      # Generate 32-byte random nonce and Unix timestamp.
+      nonce_bytes = SecureRandom.bytes(32)
+      nonce_hex   = "0x#{nonce_bytes.unpack1("H*")}"
+      timestamp   = Time.now.to_i
+
+      # Compute EIP-712 hash and sign it.
+      http_method = method.to_s.upcase
+      digest      = eip712_hash(http_method, full_path, timestamp, nonce_bytes)
+      signature   = @signer.sign(digest)
+
+      req["Content-Type"]      = "application/json"
+      req["Accept"]            = "application/json"
+      req["X-Remit-Agent"]     = @signer.address
+      req["X-Remit-Nonce"]     = nonce_hex
+      req["X-Remit-Timestamp"] = timestamp.to_s
+      req["X-Remit-Signature"] = signature
+
+      if body
+        req.body = body.to_json
+      end
+      req
+    end
+
+    # ─── EIP-712 ──────────────────────────────────────────────────────────────
+
+    # Computes the EIP-712 hash for an APIRequest struct.
+    # Domain: name="remit.md", version="0.1", chainId, verifyingContract
+    # Struct: APIRequest(string method, string path, uint256 timestamp, bytes32 nonce)
+    def eip712_hash(method, path, timestamp, nonce_bytes)
+      # Type hashes (string constants — keccak256 of the type string)
+      domain_type_hash  = keccak256_bytes(
+        "EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"
+      )
+      request_type_hash = keccak256_bytes(
+        "APIRequest(string method,string path,uint256 timestamp,bytes32 nonce)"
+      )
+
+      # Domain separator
+      name_hash     = keccak256_bytes("remit.md")
+      version_hash  = keccak256_bytes("0.1")
+      chain_id_enc  = abi_uint256(@chain_id)
+      contract_enc  = abi_address(@router_address)
+
+      domain_data      = domain_type_hash + name_hash + version_hash + chain_id_enc + contract_enc
+      domain_separator = keccak256_bytes(domain_data)
+
+      # Struct hash
+      method_hash    = keccak256_bytes(method)
+      path_hash      = keccak256_bytes(path)
+      timestamp_enc  = abi_uint256(timestamp)
+
+      struct_data = request_type_hash + method_hash + path_hash + timestamp_enc + nonce_bytes
+      struct_hash = keccak256_bytes(struct_data)
+
+      # Final hash: "\x19\x01" || domainSeparator || structHash
+      keccak256_bytes("\x19\x01" + domain_separator + struct_hash)
+    end
+
+    # Encode an integer as a 32-byte big-endian ABI uint256.
+    def abi_uint256(value)
+      [value.to_i.to_s(16).rjust(64, "0")].pack("H*")
+    end
+
+    # Encode a 20-byte Ethereum address as a 32-byte ABI word (left-zero-padded).
+    def abi_address(addr)
+      hex = addr.to_s.delete_prefix("0x").rjust(64, "0")
+      [hex].pack("H*")
+    end
+
+    # Returns the keccak256 digest as raw binary bytes.
+    def keccak256_bytes(data)
+      Remitmd::Keccak.digest(data)
+    end
+
+    # ─── Response handling ────────────────────────────────────────────────────
+
+    def handle_response(resp, path)
+      body   = resp.body.to_s.strip
+      parsed = body.empty? ? {} : JSON.parse(body)
+
+      status = resp.code.to_i
+      case status
+      when 200..299
+        parsed
+      when 400
+        code = parsed["code"] || RemitError::SERVER_ERROR
+        raise RemitError.new(code, parsed["message"] || "Bad request", context: parsed)
+      when 401
+        raise RemitError.new(RemitError::UNAUTHORIZED,
+                             "Authentication failed — check your private key and chain ID")
+      when 429
+        raise RemitError.new(RemitError::RATE_LIMITED,
+                             "Rate limit exceeded. See https://remit.md/docs/api-reference/rate-limits")
+      when 404
+        raise RemitError.new(RemitError::SERVER_ERROR, "Resource not found: #{path}")
+      else
+        msg = parsed.is_a?(Hash) ? (parsed["message"] || "Server error") : "Server error (#{status})"
+        raise RemitError.new(RemitError::SERVER_ERROR, msg, context: parsed)
+      end
+    rescue JSON::ParserError
+      raise RemitError.new(RemitError::SERVER_ERROR, "Invalid JSON response from API")
+    end
+
+    def http_status_for(err)
+      case err.code
+      when RemitError::RATE_LIMITED   then 429
+      when RemitError::NETWORK_ERROR  then 503
+      else 400
+      end
+    end
+
+    def build_http(uri)
+      http             = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl     = uri.scheme == "https"
+      http.read_timeout = 15
+      http.open_timeout = 5
+      http
+    end
+  end
+end

data/lib/remitmd/keccak.rb

@@ -0,0 +1,115 @@
+# frozen_string_literal: true
+
+module Remitmd
+  # Pure-Ruby Keccak-256 (Ethereum variant — NOT SHA-3).
+  #
+  # SHA-3 uses different padding (0x06 instead of 0x01).
+  # This implementation matches Ethereum's keccak256.
+  #
+  # Reference: https://keccak.team/keccak_specs_summary.html
+  # Rate = 1088 bits (136 bytes), Capacity = 512 bits, Output = 256 bits.
+  module Keccak
+    RATE_BYTES = 136
+    MASK64 = 0xFFFFFFFFFFFFFFFF
+
+    RC = [
+      0x0000000000000001, 0x0000000000008082, 0x800000000000808A, 0x8000000080008000,
+      0x000000000000808B, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009,
+      0x000000000000008A, 0x0000000000000088, 0x0000000080008009, 0x000000008000000A,
+      0x000000008000808B, 0x800000000000008B, 0x8000000000008089, 0x8000000000008003,
+      0x8000000000008002, 0x8000000000000080, 0x000000000000800A, 0x800000008000000A,
+      0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008
+    ].freeze
+
+    RHO = [
+      1, 62, 28, 27, 36, 44, 6, 55, 20, 3,
+      10, 43, 25, 39, 41, 45, 15, 21, 8, 18,
+      2, 61, 56, 14
+    ].freeze
+
+    PI = [
+      10, 20, 5, 15, 16, 1, 11, 21, 6, 7,
+      17, 2, 12, 22, 23, 8, 18, 3, 13, 14,
+      24, 9, 19, 4
+    ].freeze
+
+    class << self
+      def digest(data)
+        data = data.b if data.encoding != Encoding::BINARY
+        padded = pad(data)
+        state = Array.new(25, 0)
+        offset = 0
+        while offset < padded.bytesize
+          absorb!(state, padded, offset)
+          offset += RATE_BYTES
+        end
+        squeeze(state)
+      end
+
+      def hexdigest(data)
+        digest(data).unpack1("H*")
+      end
+
+      private
+
+      def pad(msg)
+        q = RATE_BYTES - (msg.bytesize % RATE_BYTES)
+        if q == 1
+          msg + "\x81".b
+        else
+          msg + "\x01".b + ("\x00".b * (q - 2)) + "\x80".b
+        end
+      end
+
+      def absorb!(state, data, offset)
+        17.times do |i|
+          lane = data.byteslice(offset + i * 8, 8).unpack1("Q<")
+          state[i] ^= lane
+        end
+        keccak_f1600!(state)
+      end
+
+      def squeeze(state)
+        state[0, 4].pack("Q<4")
+      end
+
+      def keccak_f1600!(state)
+        RC.each { |rc| keccak_round!(state, rc) }
+      end
+
+      def keccak_round!(state, rc) # rubocop:disable Metrics/MethodLength
+        # Theta
+        c = Array.new(5) do |x|
+          state[x] ^ state[x + 5] ^ state[x + 10] ^ state[x + 15] ^ state[x + 20]
+        end
+        d = Array.new(5) do |x|
+          c[(x + 4) % 5] ^ rotl64(c[(x + 1) % 5], 1)
+        end
+        25.times { |i| state[i] ^= d[i % 5] }
+
+        # Rho + Pi
+        b = Array.new(25, 0)
+        b[0] = state[0]
+        24.times do |i|
+          b[PI[i]] = rotl64(state[i + 1], RHO[i])
+        end
+
+        # Chi
+        5.times do |y|
+          row = y * 5
+          5.times do |x|
+            idx = row + x
+            state[idx] = (b[idx] ^ ((~b[row + (x + 1) % 5]) & b[row + (x + 2) % 5])) & MASK64
+          end
+        end
+
+        # Iota
+        state[0] = (state[0] ^ rc) & MASK64
+      end
+
+      def rotl64(x, n)
+        ((x << n) | (x >> (64 - n))) & MASK64
+      end
+    end
+  end
+end