remitmd 0.1.7 → 0.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b29ac02ca95fe1053bed848cca89111698f1744bbeb145681a76a3f9ed2d8e66
-  data.tar.gz: d55c4f33eaaa686fa0036e3a0566ee6382a0a544c01093a3d9887e745b2eaa01
+  metadata.gz: 05f736527efb603117342dec70fc553420aa04d4dbc3ca8db5fccd8b31b7a9cb
+  data.tar.gz: a7f143bc6302d96cc1ca492c7f8393cdd98b039e86747fee1e7bf36a919b83d0
 SHA512:
-  metadata.gz: 9c00d48fc571e6975d9dfd32c679d5b9cf46205742a8a725022907eb997d42de7a61ae040c22dfafb7d5a994277d25f5dafd2e589611e849f94a70c692d71102
-  data.tar.gz: dff3c27cf317ce994999efd38d57f1173f0a1136da0bf4dbcdbf1ff5879a9f737bef96875802108ca130b4e46b3b94eec1cc0f52cace3152c89357018d9f9621
+  metadata.gz: d998125805f98cf6ccbd389ec8df96655cb66a47e51b57d274c6090cdbb00a31c713f915282f166982d85dc2d3db3ce14a9c294f7ff0c00d049252590c661f10
+  data.tar.gz: 0dad289442caafe80bcbf83b13f38f5e7d70c7adacd0ad8b6a12172e6c27a6aae872a9b97c29537fb6ee0783eb2d3261da4eb47889f677aba12a15c10bc05ab3

data/README.md

@@ -2,7 +2,7 @@
 
 > [Skill MD](https://remit.md) · [Docs](https://remit.md/docs) · [Agent Spec](https://remit.md/agent.md)
 
-Universal payment protocol for AI agents — Ruby client library.
+Universal payment protocol for AI agents - Ruby client library.
 
 [![CI](https://github.com/remit-md/sdk/actions/workflows/ci.yml/badge.svg)](https://github.com/remit-md/sdk/actions/workflows/ci.yml)
 [![Gem Version](https://badge.fury.io/rb/remitmd.svg)](https://badge.fury.io/rb/remitmd)
@@ -24,7 +24,7 @@ gem install remitmd
 ```ruby
 require "remitmd"
 
-wallet = Remitmd::RemitWallet.new(private_key: ENV["REMITMD_PRIVATE_KEY"])
+wallet = Remitmd::RemitWallet.new(private_key: ENV["REMITMD_KEY"])
 
 # Direct payment
 tx = wallet.pay("0xRecipient0000000000000000000000000000001", 1.50)
@@ -39,12 +39,32 @@ Or from environment variables:
 
 ```ruby
 wallet = Remitmd::RemitWallet.from_env
-# Requires: REMITMD_PRIVATE_KEY
+# Requires: REMITMD_KEY (or REMIT_SIGNER_URL + REMIT_SIGNER_TOKEN)
 # Optional: REMITMD_CHAIN (default: "base"), REMITMD_API_URL
 ```
 
 Permits are auto-signed. Every payment method fetches the on-chain USDC nonce, signs an EIP-2612 permit, and includes it automatically.
 
+## Local Signer (Recommended)
+
+The local signer delegates key management to `remit signer`, a localhost HTTP server that holds your encrypted key. Your agent only needs a URL and token - no private key in the environment.
+
+```bash
+export REMIT_SIGNER_URL=http://127.0.0.1:7402
+export REMIT_SIGNER_TOKEN=rmit_sk_...
+```
+
+```ruby
+# Explicit
+signer = Remitmd::HttpSigner.new(url: "http://127.0.0.1:7402", token: "rmit_sk_...")
+wallet = Remitmd::RemitWallet.new(signer: signer)
+
+# Or auto-detect from env (recommended)
+wallet = Remitmd::RemitWallet.from_env # detects REMIT_SIGNER_URL automatically
+```
+
+`RemitWallet.from_env` detects signer credentials automatically. Priority: `REMIT_SIGNER_URL` > `REMITMD_KEY`.
+
 ## Payment Models
 
 ### Direct Payment
@@ -73,7 +93,7 @@ contracts = wallet.get_contracts
 sig = wallet.sign_tab_charge(contracts.tab, tab.id, 3_000_000, 1)
 wallet.charge_tab(tab.id, 0.003, 0.003, 1, sig)
 
-# Close when done — unused funds return
+# Close when done - unused funds return
 wallet.close_tab(tab.id)
 ```
 
@@ -136,9 +156,9 @@ end
 
 ```ruby
 mock.was_paid?(address, amount)   # true/false
-mock.total_paid_to(address)       # BigDecimal — sum of all payments to address
+mock.total_paid_to(address)       # BigDecimal - sum of all payments to address
 mock.transaction_count            # Integer
-mock.balance                      # BigDecimal — current balance
+mock.balance                      # BigDecimal - current balance
 mock.transactions                 # Array<Transaction>
 mock.set_balance(amount)          # Override starting balance
 mock.reset                        # Clear all state
@@ -254,11 +274,11 @@ Remitmd::RemitWallet.new(private_key: key, chain: "base_sepolia")  # Base Sepoli
 Permits are auto-signed by default. If you need manual control (custom deadline, pre-signed permits, or offline signing), pass a `PermitSignature` explicitly:
 
 ```ruby
-# sign_permit: convenience — auto-fetches nonce, converts amount to base units
+# sign_permit: convenience - auto-fetches nonce, converts amount to base units
 permit = wallet.sign_permit("0xRouterAddress...", 5.00, deadline: Time.now.to_i + 7200)
 tx = wallet.pay("0xRecipient...", 5.00, permit: permit)
 
-# sign_usdc_permit: full control — raw base units, explicit nonce
+# sign_usdc_permit: full control - raw base units, explicit nonce
 permit = wallet.sign_usdc_permit(
   "0xRouterAddress...",   # spender
   5_000_000,              # value in base units (6 decimals)
@@ -271,6 +291,6 @@ tx = wallet.pay("0xRecipient...", 5.00, permit: permit)
 
 ## License
 
-MIT — see [LICENSE](LICENSE)
+MIT - see [LICENSE](LICENSE)
 
 [Documentation](https://remit.md/docs) · [Protocol Spec](https://remit.md) · [GitHub](https://github.com/remit-md/sdk)

data/lib/remitmd/a2a.rb

@@ -135,7 +135,7 @@ module Remitmd
 
   # ─── A2A JSON-RPC client ────────────────────────────────────────────────────
 
-  # A2A JSON-RPC client — send payments and manage tasks via the A2A protocol.
+  # A2A JSON-RPC client - send payments and manage tasks via the A2A protocol.
   #
   # @example
   #   card   = Remitmd::AgentCard.discover("https://remit.md")

data/lib/remitmd/errors.rb

@@ -15,7 +15,7 @@ module Remitmd
   #     puts e.doc_url  # => "https://remit.md/docs/api-reference/error-codes#invalid_address"
   #   end
   class RemitError < StandardError
-    # Error code constants — matches TS SDK (28 codes)
+    # Error code constants - matches TS SDK (28 codes)
     # Auth errors
     INVALID_SIGNATURE       = "INVALID_SIGNATURE"
     NONCE_REUSED            = "NONCE_REUSED"
@@ -80,7 +80,7 @@ module Remitmd
       @code    = code
       @doc_url = "https://remit.md/docs/api-reference/error-codes##{code.downcase}"
       @context = context
-      super("[#{code}] #{message} — #{@doc_url}")
+      super("[#{code}] #{message} - #{@doc_url}")
     end
   end
 end

data/lib/remitmd/http.rb

@@ -74,7 +74,7 @@ module Remitmd
       nonce_hex   = "0x#{nonce_bytes.unpack1("H*")}"
       timestamp   = Time.now.to_i
 
-      # Strip query string before signing — only the path is included in EIP-712.
+      # Strip query string before signing - only the path is included in EIP-712.
       sign_path   = full_path.split("?").first
       http_method = method.to_s.upcase
       digest      = eip712_hash(http_method, sign_path, timestamp, nonce_bytes)
@@ -100,7 +100,7 @@ module Remitmd
     # Domain: name="remit.md", version="0.1", chainId, verifyingContract
     # Struct: APIRequest(string method, string path, uint256 timestamp, bytes32 nonce)
     def eip712_hash(method, path, timestamp, nonce_bytes)
-      # Type hashes (string constants — keccak256 of the type string)
+      # Type hashes (string constants - keccak256 of the type string)
       domain_type_hash  = keccak256_bytes(
         "EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"
       )
@@ -162,7 +162,7 @@ module Remitmd
         raise RemitError.new(code, err["message"] || "Bad request", context: parsed)
       when 401
         raise RemitError.new(RemitError::UNAUTHORIZED,
-                             "Authentication failed — check your private key and chain ID")
+                             "Authentication failed - check your private key and chain ID")
       when 429
         raise RemitError.new(RemitError::RATE_LIMITED,
                              "Rate limit exceeded. See https://remit.md/docs/api-reference/rate-limits")

data/lib/remitmd/http_signer.rb

@@ -0,0 +1,200 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "uri"
+require "json"
+
+module Remitmd
+  # Signer backed by a local HTTP signing server.
+  #
+  # Delegates digest signing to an HTTP server (typically
+  # `http://127.0.0.1:7402`). The signer server holds the encrypted key;
+  # this adapter only needs a bearer token and URL.
+  #
+  # @example
+  #   signer = Remitmd::HttpSigner.new(url: "http://127.0.0.1:7402", token: "rmit_sk_...")
+  #   wallet = Remitmd::RemitWallet.new(signer: signer, chain: "base")
+  #
+  class HttpSigner
+    include Signer
+
+    # Create an HttpSigner, fetching and caching the wallet address.
+    #
+    # @param url [String] signer server URL (e.g. "http://127.0.0.1:7402")
+    # @param token [String] bearer token for authentication
+    # @raise [RemitError] if the server is unreachable, returns an error, or returns no address
+    def initialize(url:, token:)
+      @url = url.chomp("/")
+      @token = token
+      @address = fetch_address
+    end
+
+    # Sign a 32-byte digest (raw binary bytes).
+    # Posts to /sign/digest with the hex-encoded digest.
+    # Returns a 0x-prefixed 65-byte hex signature.
+    #
+    # @param digest_bytes [String] 32-byte binary digest
+    # @return [String] 0x-prefixed 65-byte hex signature
+    # @raise [RemitError] on network, auth, policy, or server errors
+    def sign(digest_bytes)
+      hex = "0x#{digest_bytes.unpack1("H*")}"
+      uri = URI("#{@url}/sign/digest")
+      http = build_http(uri)
+
+      req = Net::HTTP::Post.new(uri.path)
+      req["Content-Type"] = "application/json"
+      req["Authorization"] = "Bearer #{@token}"
+      req.body = { digest: hex }.to_json
+
+      resp = begin
+        http.request(req)
+      rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, SocketError => e
+        raise RemitError.new(
+          RemitError::NETWORK_ERROR,
+          "HttpSigner: cannot reach signer server at #{@url}: #{e.message}"
+        )
+      end
+
+      handle_sign_response(resp)
+    end
+
+    # The cached Ethereum address (0x-prefixed).
+    # @return [String]
+    attr_reader :address
+
+    # Never expose the bearer token in inspect/to_s output.
+    def inspect
+      "#<Remitmd::HttpSigner address=#{@address}>"
+    end
+
+    alias to_s inspect
+
+    private
+
+    # Fetch the wallet address from GET /address during construction.
+    # @return [String] the 0x-prefixed Ethereum address
+    # @raise [RemitError] on any failure
+    def fetch_address
+      uri = URI("#{@url}/address")
+      http = build_http(uri)
+
+      req = Net::HTTP::Get.new(uri.path)
+      req["Authorization"] = "Bearer #{@token}"
+
+      resp = begin
+        http.request(req)
+      rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, SocketError => e
+        raise RemitError.new(
+          RemitError::NETWORK_ERROR,
+          "HttpSigner: cannot reach signer server at #{@url}: #{e.message}"
+        )
+      end
+
+      status = resp.code.to_i
+
+      if status == 401
+        raise RemitError.new(
+          RemitError::UNAUTHORIZED,
+          "HttpSigner: unauthorized -- check your REMIT_SIGNER_TOKEN"
+        )
+      end
+
+      unless (200..299).cover?(status)
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "HttpSigner: GET /address failed (#{status})"
+        )
+      end
+
+      body = begin
+        JSON.parse(resp.body.to_s)
+      rescue JSON::ParserError
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "HttpSigner: GET /address returned malformed JSON"
+        )
+      end
+
+      addr = body["address"]
+      if addr.nil? || addr.to_s.empty?
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "HttpSigner: GET /address returned no address"
+        )
+      end
+
+      addr.to_s
+    end
+
+    # Handle the response from POST /sign/digest.
+    # @param resp [Net::HTTPResponse]
+    # @return [String] the 0x-prefixed hex signature
+    # @raise [RemitError] on any error
+    def handle_sign_response(resp)
+      status = resp.code.to_i
+
+      if status == 401
+        raise RemitError.new(
+          RemitError::UNAUTHORIZED,
+          "HttpSigner: unauthorized -- check your REMIT_SIGNER_TOKEN"
+        )
+      end
+
+      if status == 403
+        reason = begin
+          data = JSON.parse(resp.body.to_s)
+          data["reason"] || "unknown"
+        rescue JSON::ParserError
+          "unknown"
+        end
+        raise RemitError.new(
+          RemitError::UNAUTHORIZED,
+          "HttpSigner: policy denied -- #{reason}"
+        )
+      end
+
+      unless (200..299).cover?(status)
+        detail = begin
+          data = JSON.parse(resp.body.to_s)
+          data["reason"] || data["error"] || "server error"
+        rescue JSON::ParserError
+          "server error"
+        end
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "HttpSigner: sign failed (#{status}): #{detail}"
+        )
+      end
+
+      body = begin
+        JSON.parse(resp.body.to_s)
+      rescue JSON::ParserError
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "HttpSigner: POST /sign/digest returned malformed JSON"
+        )
+      end
+
+      sig = body["signature"]
+      if sig.nil? || sig.to_s.empty?
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "HttpSigner: server returned no signature"
+        )
+      end
+
+      sig.to_s
+    end
+
+    # Build a Net::HTTP client for the given URI.
+    # @param uri [URI] the target URI
+    # @return [Net::HTTP]
+    def build_http(uri)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = uri.scheme == "https"
+      http.open_timeout = 5
+      http.read_timeout = 10
+      http
+    end
+  end
+end

data/lib/remitmd/keccak.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Remitmd
-  # Pure-Ruby Keccak-256 (Ethereum variant — NOT SHA-3).
+  # Pure-Ruby Keccak-256 (Ethereum variant - NOT SHA-3).
   #
   # SHA-3 uses different padding (0x06 instead of 0x01).
   # This implementation matches Ethereum's keccak256.

data/lib/remitmd/mock.rb

@@ -175,7 +175,7 @@ module Remitmd
         @state[:pending_invoices][id] = b
         { "id" => id, "status" => "pending" }
 
-      # Escrow create (step 2 — fund with invoice_id)
+      # Escrow create (step 2 - fund with invoice_id)
       in ["POST", "/escrows"]
         invoice_id = fetch!(b, :invoice_id)
         inv = @state[:pending_invoices].delete(invoice_id)

data/lib/remitmd/signer.rb

@@ -4,12 +4,12 @@ require "openssl"
 require "securerandom"
 
 module Remitmd
-  # secp256k1 field prime p (constant — never changes)
+  # secp256k1 field prime p (constant - never changes)
   SECP256K1_P = OpenSSL::BN.new(
     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 16
   ).freeze
 
-  # Precomputed (p + 1) / 4 — the modular square root exponent for p ≡ 3 (mod 4).
+  # Precomputed (p + 1) / 4 - the modular square root exponent for p ≡ 3 (mod 4).
   # Avoids BN division at runtime (which returns Integer on some OpenSSL versions).
   SECP256K1_SQRT_EXP = OpenSSL::BN.new(
     "3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFFFFF0C", 16
@@ -66,7 +66,7 @@ module Remitmd
       group = @key.group
       n     = group.order
 
-      # ECDSA sign — dsa_sign_asn1 uses the input directly as the hash (no pre-hashing)
+      # ECDSA sign - dsa_sign_asn1 uses the input directly as the hash (no pre-hashing)
       der  = @key.dsa_sign_asn1(digest_bytes)
       asn1 = OpenSSL::ASN1.decode(der)
       bn_r = asn1.value[0].value
@@ -104,7 +104,7 @@ module Remitmd
           break
         end
       end
-      raise "Could not determine recovery ID — key or hash may be invalid" if v.nil?
+      raise "Could not determine recovery ID - key or hash may be invalid" if v.nil?
 
       # Build 65-byte Ethereum signature: r (32) || s (32) || v (1)
       r_bytes = [bn_r.to_s(16).rjust(64, "0")].pack("H*")
@@ -129,13 +129,13 @@ module Remitmd
     def recover_r_point(group, bn_r, parity)
       p = SECP256K1_P
       x = bn_r
-      # y² = x³ + 7 (mod p)  — secp256k1 curve equation
+      # y² = x³ + 7 (mod p)  - secp256k1 curve equation
       x3  = x.mod_exp(OpenSSL::BN.new("3"), p)
       rhs = x3 + OpenSSL::BN.new("7")
       y_squared = rhs % p
       # Tonelli–Shanks: since p ≡ 3 mod 4, sqrt = y²^((p+1)/4) mod p
       y = y_squared.mod_exp(SECP256K1_SQRT_EXP, p)
-      # Verify that y² ≡ y_squared (mod p) — i.e., a square root exists
+      # Verify that y² ≡ y_squared (mod p) - i.e., a square root exists
       return nil unless y.mod_mul(y, p) == y_squared
 
       y = p - y if (y.to_i & 1) != parity
@@ -148,7 +148,7 @@ module Remitmd
     end
 
     def derive_address(public_key)
-      # Uncompressed public key: 04 || x (32) || y (32) — skip the 0x04 prefix
+      # Uncompressed public key: 04 || x (32) || y (32) - skip the 0x04 prefix
       pub_bytes = [public_key.to_octet_string(:uncompressed).unpack1("H*")[2..]].pack("H*")
       keccak    = keccak256_hex(pub_bytes)
       "0x#{keccak[-40..]}"

data/lib/remitmd/wallet.rb

@@ -28,7 +28,7 @@ module Remitmd
 
     # @param private_key [String, nil] 0x-prefixed hex private key
     # @param signer [Signer, nil]      custom signer (pass instead of private_key)
-    # @param chain [String]            chain name — "base", "base_sepolia"
+    # @param chain [String]            chain name - "base", "base_sepolia"
     # @param api_url [String, nil]     override API base URL
     # @param transport [Object, nil]   inject mock transport (used by MockRemit)
     def initialize(private_key: nil, signer: nil, chain: "base", api_url: nil, router_address: nil, transport: nil)
@@ -67,18 +67,31 @@ module Remitmd
     end
 
     # Build a RemitWallet from environment variables.
-    # Reads: REMITMD_KEY (primary) or REMITMD_PRIVATE_KEY (deprecated fallback),
-    # REMITMD_CHAIN, REMITMD_API_URL, REMITMD_ROUTER_ADDRESS.
+    # Reads: REMIT_SIGNER_URL + REMIT_SIGNER_TOKEN (preferred, uses HttpSigner),
+    # or REMITMD_KEY (primary) / REMITMD_PRIVATE_KEY (deprecated fallback).
+    # Also reads: REMITMD_CHAIN, REMITMD_API_URL, REMITMD_ROUTER_ADDRESS.
     def self.from_env
+      chain          = ENV.fetch("REMITMD_CHAIN", "base")
+      api_url        = ENV["REMITMD_API_URL"]
+      router_address = ENV["REMITMD_ROUTER_ADDRESS"]
+
+      # Priority 1: HTTP signer server
+      signer_url = ENV["REMIT_SIGNER_URL"]
+      if signer_url
+        signer_token = ENV["REMIT_SIGNER_TOKEN"]
+        raise ArgumentError, "REMIT_SIGNER_TOKEN must be set when REMIT_SIGNER_URL is set" unless signer_token
+
+        signer = HttpSigner.new(url: signer_url, token: signer_token)
+        return new(signer: signer, chain: chain, api_url: api_url, router_address: router_address)
+      end
+
+      # Priority 2: raw private key
       key = ENV["REMITMD_KEY"] || ENV["REMITMD_PRIVATE_KEY"]
       if ENV["REMITMD_PRIVATE_KEY"] && !ENV["REMITMD_KEY"]
         warn "[remitmd] REMITMD_PRIVATE_KEY is deprecated, use REMITMD_KEY instead"
       end
-      raise ArgumentError, "REMITMD_KEY not set" unless key
+      raise ArgumentError, "REMITMD_KEY not set (or set REMIT_SIGNER_URL + REMIT_SIGNER_TOKEN)" unless key
 
-      chain          = ENV.fetch("REMITMD_CHAIN", "base")
-      api_url        = ENV["REMITMD_API_URL"]
-      router_address = ENV["REMITMD_ROUTER_ADDRESS"]
       new(private_key: key, chain: chain, api_url: api_url, router_address: router_address)
     end
 
@@ -144,7 +157,7 @@ module Remitmd
     # @param to [String] recipient 0x-prefixed address
     # @param amount [Numeric, BigDecimal] amount in USDC (e.g. 1.50)
     # @param memo [String, nil] optional note
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Transaction]
     def pay(to, amount, memo: nil, permit: nil)
       validate_address!(to)
@@ -163,7 +176,7 @@ module Remitmd
     # @param amount [Numeric] amount in USDC
     # @param memo [String, nil] optional note
     # @param expires_in_secs [Integer, nil] optional expiry in seconds from now
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Escrow]
     def create_escrow(payee, amount, memo: nil, expires_in_secs: nil, permit: nil)
       validate_address!(payee)
@@ -224,7 +237,7 @@ module Remitmd
     # @param limit_amount [Numeric] maximum tab credit in USDC
     # @param per_unit [Numeric] USDC per API call
     # @param expires_in_secs [Integer] optional expiry duration in seconds (default: 86400)
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Tab]
     def create_tab(provider, limit_amount, per_unit = 0.0, expires_in_secs: 86_400, permit: nil)
       validate_address!(provider)
@@ -417,7 +430,7 @@ module Remitmd
     # @param payee [String] 0x-prefixed address of the stream recipient
     # @param rate_per_second [Numeric] USDC per second
     # @param max_total [Numeric] maximum total USDC for the stream
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Stream]
     def create_stream(payee, rate_per_second, max_total, permit: nil)
       validate_address!(payee)
@@ -455,7 +468,7 @@ module Remitmd
     # @param task_description [String] task description
     # @param deadline [Integer] deadline as Unix timestamp
     # @param max_attempts [Integer] maximum submission attempts (default: 10)
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Bounty]
     def create_bounty(amount, task_description, deadline, max_attempts: 10, permit: nil)
       validate_amount!(amount)
@@ -509,7 +522,7 @@ module Remitmd
     # @param provider [String] 0x-prefixed provider address
     # @param amount [Numeric] amount in USDC
     # @param expires_in_secs [Integer] expiry duration in seconds (default: 3600)
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Deposit]
     def place_deposit(provider, amount, expires_in_secs: 3600, permit: nil)
       validate_address!(provider)
@@ -543,7 +556,7 @@ module Remitmd
     # Propose a payment intent for counterpart approval before execution.
     # @param to [String] 0x-prefixed address
     # @param amount [Numeric] amount in USDC
-    # @param type [String] payment type — "direct", "escrow", "tab"
+    # @param type [String] payment type - "direct", "escrow", "tab"
     # @return [Intent]
     def propose_intent(to, amount, type: "direct")
       validate_address!(to)
@@ -570,7 +583,7 @@ module Remitmd
     # Generate a one-time URL for the operator to fund this wallet.
     # @param messages [Array<Hash>, nil] chat-style messages (each with :role and :text)
     # @param agent_name [String, nil] agent display name shown on the funding page
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [LinkResponse]
     def create_fund_link(messages: nil, agent_name: nil, permit: nil)
       body = {}
@@ -588,7 +601,7 @@ module Remitmd
     # Generate a one-time URL for the operator to withdraw funds.
     # @param messages [Array<Hash>, nil] chat-style messages (each with :role and :text)
     # @param agent_name [String, nil] agent display name shown on the withdraw page
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [LinkResponse]
     def create_withdraw_link(messages: nil, agent_name: nil, permit: nil)
       body = {}
@@ -697,7 +710,7 @@ module Remitmd
 
     # Auto-sign a permit for the given contract type and amount.
     # Returns nil on failure instead of raising, so callers can proceed without a permit.
-    # @param contract [String] contract key — "router", "escrow", "tab", etc.
+    # @param contract [String] contract key - "router", "escrow", "tab", etc.
     # @param amount [Numeric] amount in USDC
     # @return [PermitSignature, nil]
     def auto_permit(contract, amount)

data/lib/remitmd/x402_client.rb

@@ -21,7 +21,7 @@ module Remitmd
     end
   end
 
-  # x402 client — fetch wrapper that auto-pays HTTP 402 Payment Required responses.
+  # x402 client - fetch wrapper that auto-pays HTTP 402 Payment Required responses.
   #
   # On receiving a 402, the client:
   # 1. Decodes the PAYMENT-REQUIRED header (base64 JSON)

data/lib/remitmd/x402_paywall.rb

@@ -6,7 +6,7 @@ require "json"
 require "base64"
 
 module Remitmd
-  # x402 paywall for service providers — gate HTTP endpoints behind payments.
+  # x402 paywall for service providers - gate HTTP endpoints behind payments.
   #
   # Providers use this class to:
   # - Return HTTP 402 responses with properly formatted PAYMENT-REQUIRED headers
@@ -29,9 +29,9 @@ module Remitmd
     # @param facilitator_url [String] base URL of the remit.md facilitator
     # @param facilitator_token [String] bearer JWT for authenticating calls to /api/v1/x402/verify
     # @param max_timeout_seconds [Integer] how long the payment authorization remains valid
-    # @param resource [String, nil] V2 — URL or path of the resource being protected
-    # @param description [String, nil] V2 — human-readable description
-    # @param mime_type [String, nil] V2 — MIME type of the resource
+    # @param resource [String, nil] V2 - URL or path of the resource being protected
+    # @param description [String, nil] V2 - human-readable description
+    # @param mime_type [String, nil] V2 - MIME type of the resource
     def initialize( # rubocop:disable Metrics/ParameterLists
       wallet_address:,
       amount_usdc:,

data/lib/remitmd.rb

@@ -4,6 +4,7 @@ require_relative "remitmd/errors"
 require_relative "remitmd/models"
 require_relative "remitmd/keccak"
 require_relative "remitmd/signer"
+require_relative "remitmd/http_signer"
 require_relative "remitmd/http"
 require_relative "remitmd/wallet"
 require_relative "remitmd/mock"
@@ -11,7 +12,7 @@ require_relative "remitmd/a2a"
 require_relative "remitmd/x402_client"
 require_relative "remitmd/x402_paywall"
 
-# remit.md Ruby SDK — universal payment protocol for AI agents.
+# remit.md Ruby SDK - universal payment protocol for AI agents.
 #
 # @example Direct payment
 #   wallet = Remitmd::RemitWallet.new(private_key: ENV["REMITMD_PRIVATE_KEY"])
@@ -25,5 +26,5 @@ require_relative "remitmd/x402_paywall"
 #   mock.was_paid?("0x0000000000000000000000000000000000000001", 1.00) # => true
 #
 module Remitmd
-  VERSION = "0.1.7"
+  VERSION = "0.1.9"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: remitmd
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.1.9
 platform: ruby
 authors:
 - remit.md
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-25 00:00:00.000000000 Z
+date: 2026-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -53,6 +53,7 @@ files:
 - lib/remitmd/a2a.rb
 - lib/remitmd/errors.rb
 - lib/remitmd/http.rb
+- lib/remitmd/http_signer.rb
 - lib/remitmd/keccak.rb
 - lib/remitmd/mock.rb
 - lib/remitmd/models.rb