remitmd 0.1.8 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c2b03f3cb2f1a05e9a33845448154e4d34fda42f65af31823be2f30fb14b6fe
-  data.tar.gz: 3d6dc094058152593779b5430899400d7b9d6543693ee3dd35dfd08b88f4c131
+  metadata.gz: 75be0a5249f87323f7c007b13b7b89f9e2153557b355381000b7d3d007adcfc0
+  data.tar.gz: e0f9b80bc11f7eb9888f037cba3589548a3344bdba9f621994142f5b20a3b14d
 SHA512:
-  metadata.gz: deca4edd8beb6ac2d798102a83838762d746f4508bf5e852bb1b43d74aed1fa24a7b328bc4880560fc5ab60f5bd2c937277123183c3c45cc430bf02407f5c5c8
-  data.tar.gz: c8b3bd0dc87584d00abe0b3acb37a52fa16f1f9af337780dd6aecc861f2cd542d2d684d636b28bef6b0227c13002c3c70388809d2e38a2874255bde0dd1c3932
+  metadata.gz: 5198b515870956a99eccee4152e991d4fc32f6f03acd5a91a499b9c853b57da2c0b3cad4657381e1524553f10d021415b1d9202ce35848eb06331e5420758c73
+  data.tar.gz: 5bcaab9bc1d75389f524ad3ab36920a02bf9dbacf68792c6492f8bc04a6ebb2197725a73342191a26c2debf7dceddf31a3247968e82f470c228fe76203a51df0

data/README.md

@@ -2,7 +2,7 @@
 
 > [Skill MD](https://remit.md) · [Docs](https://remit.md/docs) · [Agent Spec](https://remit.md/agent.md)
 
-Universal payment protocol for AI agents — Ruby client library.
+Universal payment protocol for AI agents - Ruby client library.
 
 [![CI](https://github.com/remit-md/sdk/actions/workflows/ci.yml/badge.svg)](https://github.com/remit-md/sdk/actions/workflows/ci.yml)
 [![Gem Version](https://badge.fury.io/rb/remitmd.svg)](https://badge.fury.io/rb/remitmd)
@@ -39,31 +39,35 @@ Or from environment variables:
 
 ```ruby
 wallet = Remitmd::RemitWallet.from_env
-# Requires: REMITMD_KEY (or REMIT_SIGNER_URL + REMIT_SIGNER_TOKEN)
+# Auto-detects: CliSigner (remit CLI) > REMITMD_KEY
 # Optional: REMITMD_CHAIN (default: "base"), REMITMD_API_URL
 ```
 
 Permits are auto-signed. Every payment method fetches the on-chain USDC nonce, signs an EIP-2612 permit, and includes it automatically.
 
-## Local Signer (Recommended)
+## CLI Signer (Recommended)
 
-The local signer delegates key management to `remit signer`, a localhost HTTP server that holds your encrypted key. Your agent only needs a URL and token — no private key in the environment.
+The CLI signer delegates key management to the `remit` CLI binary, which holds your encrypted keystore at `~/.remit/keys/`. No private key in your environment -- just install the CLI and set a password.
 
 ```bash
-export REMIT_SIGNER_URL=http://127.0.0.1:7402
-export REMIT_SIGNER_TOKEN=rmit_sk_...
+# Install the CLI
+# macOS:   brew install remit-md/tap/remit
+# Windows: winget install remit-md.remit
+# Linux:   curl -fsSL https://remit.md/install.sh | sh
+
+export REMIT_KEY_PASSWORD=your-keystore-password
 ```
 
 ```ruby
 # Explicit
-signer = Remitmd::HttpSigner.new(url: "http://127.0.0.1:7402", token: "rmit_sk_...")
+signer = Remitmd::CliSigner.new
 wallet = Remitmd::RemitWallet.new(signer: signer)
 
 # Or auto-detect from env (recommended)
-wallet = Remitmd::RemitWallet.from_env # detects REMIT_SIGNER_URL automatically
+wallet = Remitmd::RemitWallet.from_env # detects remit CLI automatically
 ```
 
-`RemitWallet.from_env` detects signer credentials automatically. Priority: `REMIT_SIGNER_URL` > `REMITMD_KEY`.
+`RemitWallet.from_env` detects signing methods automatically. Priority: `CliSigner` (CLI + keystore + password) > `REMITMD_KEY`.
 
 ## Payment Models
 
@@ -93,7 +97,7 @@ contracts = wallet.get_contracts
 sig = wallet.sign_tab_charge(contracts.tab, tab.id, 3_000_000, 1)
 wallet.charge_tab(tab.id, 0.003, 0.003, 1, sig)
 
-# Close when done — unused funds return
+# Close when done - unused funds return
 wallet.close_tab(tab.id)
 ```
 
@@ -156,9 +160,9 @@ end
 
 ```ruby
 mock.was_paid?(address, amount)   # true/false
-mock.total_paid_to(address)       # BigDecimal — sum of all payments to address
+mock.total_paid_to(address)       # BigDecimal - sum of all payments to address
 mock.transaction_count            # Integer
-mock.balance                      # BigDecimal — current balance
+mock.balance                      # BigDecimal - current balance
 mock.transactions                 # Array<Transaction>
 mock.set_balance(amount)          # Override starting balance
 mock.reset                        # Clear all state
@@ -274,11 +278,11 @@ Remitmd::RemitWallet.new(private_key: key, chain: "base_sepolia")  # Base Sepoli
 Permits are auto-signed by default. If you need manual control (custom deadline, pre-signed permits, or offline signing), pass a `PermitSignature` explicitly:
 
 ```ruby
-# sign_permit: convenience — auto-fetches nonce, converts amount to base units
+# sign_permit: convenience - auto-fetches nonce, converts amount to base units
 permit = wallet.sign_permit("0xRouterAddress...", 5.00, deadline: Time.now.to_i + 7200)
 tx = wallet.pay("0xRecipient...", 5.00, permit: permit)
 
-# sign_usdc_permit: full control — raw base units, explicit nonce
+# sign_usdc_permit: full control - raw base units, explicit nonce
 permit = wallet.sign_usdc_permit(
   "0xRouterAddress...",   # spender
   5_000_000,              # value in base units (6 decimals)
@@ -291,6 +295,6 @@ tx = wallet.pay("0xRecipient...", 5.00, permit: permit)
 
 ## License
 
-MIT — see [LICENSE](LICENSE)
+MIT - see [LICENSE](LICENSE)
 
 [Documentation](https://remit.md/docs) · [Protocol Spec](https://remit.md) · [GitHub](https://github.com/remit-md/sdk)

data/lib/remitmd/a2a.rb

@@ -135,7 +135,7 @@ module Remitmd
 
   # ─── A2A JSON-RPC client ────────────────────────────────────────────────────
 
-  # A2A JSON-RPC client — send payments and manage tasks via the A2A protocol.
+  # A2A JSON-RPC client - send payments and manage tasks via the A2A protocol.
   #
   # @example
   #   card   = Remitmd::AgentCard.discover("https://remit.md")

data/lib/remitmd/cli_signer.rb

@@ -0,0 +1,136 @@
+# frozen_string_literal: true
+
+require "open3"
+
+module Remitmd
+  # Signer backed by the `remit sign` CLI command.
+  #
+  # No key material in this process -- signing happens in a subprocess.
+  # Address is cached at construction time via `remit address`.
+  #
+  # @example
+  #   signer = Remitmd::CliSigner.new
+  #   wallet = Remitmd::RemitWallet.new(signer: signer, chain: "base")
+  #
+  class CliSigner
+    include Signer
+
+    # Default timeout for CLI subprocess calls (seconds).
+    CLI_TIMEOUT = 10
+
+    # Create a CliSigner, fetching and caching the wallet address.
+    #
+    # @param cli_path [String] path or name of the remit CLI binary (default: "remit")
+    # @raise [RemitError] if the CLI fails or returns an invalid address
+    def initialize(cli_path: "remit")
+      @cli_path = cli_path
+      @address = fetch_address
+    end
+
+    # Sign a 32-byte digest (raw binary bytes).
+    # Pipes the hex-encoded digest to `remit sign --digest` on stdin.
+    # Returns a 0x-prefixed 65-byte hex signature.
+    #
+    # @param digest_bytes [String] 32-byte binary digest
+    # @return [String] 0x-prefixed 130-char hex signature (65 bytes)
+    # @raise [RemitError] on CLI failure or invalid output
+    def sign(digest_bytes)
+      hex = digest_bytes.unpack1("H*")
+      stdout, stderr, status = run_cli("sign", "--digest", stdin_data: hex)
+
+      unless status.success?
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "CliSigner: signing failed: #{stderr.strip}"
+        )
+      end
+
+      sig = stdout.strip
+      unless sig.start_with?("0x") && sig.length == 132
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "CliSigner: invalid signature from CLI: #{sig}"
+        )
+      end
+
+      sig
+    end
+
+    # The cached Ethereum address (0x-prefixed).
+    # @return [String]
+    attr_reader :address
+
+    # Never expose internals in inspect/to_s output.
+    def inspect
+      "#<Remitmd::CliSigner address=#{@address}>"
+    end
+
+    alias to_s inspect
+
+    # Check all three conditions for CliSigner activation.
+    #
+    # 1. CLI binary found on PATH (via `which` / `where`)
+    # 2. Keystore file exists at ~/.remit/keys/default.enc
+    # 3. REMIT_KEY_PASSWORD env var is set
+    #
+    # @param cli_path [String] path or name of the remit CLI binary
+    # @return [Boolean]
+    def self.available?(cli_path: "remit")
+      # 1. CLI binary on PATH
+      which_cmd = Gem.win_platform? ? "where" : "which"
+      _out, _err, st = Open3.capture3(which_cmd, cli_path)
+      return false unless st.success?
+
+      # 2. Keystore file exists
+      keystore = File.join(Dir.home, ".remit", "keys", "default.enc")
+      return false unless File.exist?(keystore)
+
+      # 3. REMIT_KEY_PASSWORD set
+      password = ENV["REMIT_KEY_PASSWORD"]
+      return false if password.nil? || password.empty?
+
+      true
+    end
+
+    private
+
+    # Fetch the wallet address from `remit address` during construction.
+    # @return [String] the 0x-prefixed Ethereum address
+    # @raise [RemitError] on any failure
+    def fetch_address
+      stdout, stderr, status = run_cli("address")
+
+      unless status.success?
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "CliSigner: failed to get address: #{stderr.strip}"
+        )
+      end
+
+      addr = stdout.strip
+      unless addr.match?(/\A0x[0-9a-fA-F]{40}\z/)
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "CliSigner: invalid address from CLI: #{addr}"
+        )
+      end
+
+      addr
+    end
+
+    # Run the remit CLI with given arguments.
+    # @param args [Array<String>] CLI arguments
+    # @param stdin_data [String, nil] data to pipe to stdin
+    # @return [Array<String, String, Process::Status>] stdout, stderr, status
+    # @raise [RemitError] on timeout or execution failure
+    def run_cli(*args, stdin_data: nil)
+      Open3.capture3(@cli_path, *args, stdin_data: stdin_data.to_s)
+    rescue Errno::ENOENT
+      raise RemitError.new(
+        RemitError::SERVER_ERROR,
+        "CliSigner: remit CLI not found at '#{@cli_path}'. " \
+        "Install: https://remit.md/install"
+      )
+    end
+  end
+end

data/lib/remitmd/errors.rb

@@ -15,7 +15,7 @@ module Remitmd
   #     puts e.doc_url  # => "https://remit.md/docs/api-reference/error-codes#invalid_address"
   #   end
   class RemitError < StandardError
-    # Error code constants — matches TS SDK (28 codes)
+    # Error code constants - matches TS SDK (28 codes)
     # Auth errors
     INVALID_SIGNATURE       = "INVALID_SIGNATURE"
     NONCE_REUSED            = "NONCE_REUSED"
@@ -80,7 +80,7 @@ module Remitmd
       @code    = code
       @doc_url = "https://remit.md/docs/api-reference/error-codes##{code.downcase}"
       @context = context
-      super("[#{code}] #{message} — #{@doc_url}")
+      super("[#{code}] #{message} - #{@doc_url}")
     end
   end
 end

data/lib/remitmd/http.rb

@@ -74,7 +74,7 @@ module Remitmd
       nonce_hex   = "0x#{nonce_bytes.unpack1("H*")}"
       timestamp   = Time.now.to_i
 
-      # Strip query string before signing — only the path is included in EIP-712.
+      # Strip query string before signing - only the path is included in EIP-712.
       sign_path   = full_path.split("?").first
       http_method = method.to_s.upcase
       digest      = eip712_hash(http_method, sign_path, timestamp, nonce_bytes)
@@ -100,7 +100,7 @@ module Remitmd
     # Domain: name="remit.md", version="0.1", chainId, verifyingContract
     # Struct: APIRequest(string method, string path, uint256 timestamp, bytes32 nonce)
     def eip712_hash(method, path, timestamp, nonce_bytes)
-      # Type hashes (string constants — keccak256 of the type string)
+      # Type hashes (string constants - keccak256 of the type string)
       domain_type_hash  = keccak256_bytes(
         "EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"
       )
@@ -162,7 +162,7 @@ module Remitmd
         raise RemitError.new(code, err["message"] || "Bad request", context: parsed)
       when 401
         raise RemitError.new(RemitError::UNAUTHORIZED,
-                             "Authentication failed — check your private key and chain ID")
+                             "Authentication failed - check your private key and chain ID")
       when 429
         raise RemitError.new(RemitError::RATE_LIMITED,
                              "Rate limit exceeded. See https://remit.md/docs/api-reference/rate-limits")

data/lib/remitmd/keccak.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Remitmd
-  # Pure-Ruby Keccak-256 (Ethereum variant — NOT SHA-3).
+  # Pure-Ruby Keccak-256 (Ethereum variant - NOT SHA-3).
   #
   # SHA-3 uses different padding (0x06 instead of 0x01).
   # This implementation matches Ethereum's keccak256.

data/lib/remitmd/mock.rb

@@ -175,7 +175,7 @@ module Remitmd
         @state[:pending_invoices][id] = b
         { "id" => id, "status" => "pending" }
 
-      # Escrow create (step 2 — fund with invoice_id)
+      # Escrow create (step 2 - fund with invoice_id)
       in ["POST", "/escrows"]
         invoice_id = fetch!(b, :invoice_id)
         inv = @state[:pending_invoices].delete(invoice_id)

data/lib/remitmd/signer.rb

@@ -4,12 +4,12 @@ require "openssl"
 require "securerandom"
 
 module Remitmd
-  # secp256k1 field prime p (constant — never changes)
+  # secp256k1 field prime p (constant - never changes)
   SECP256K1_P = OpenSSL::BN.new(
     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 16
   ).freeze
 
-  # Precomputed (p + 1) / 4 — the modular square root exponent for p ≡ 3 (mod 4).
+  # Precomputed (p + 1) / 4 - the modular square root exponent for p ≡ 3 (mod 4).
   # Avoids BN division at runtime (which returns Integer on some OpenSSL versions).
   SECP256K1_SQRT_EXP = OpenSSL::BN.new(
     "3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFFFFF0C", 16
@@ -66,7 +66,7 @@ module Remitmd
       group = @key.group
       n     = group.order
 
-      # ECDSA sign — dsa_sign_asn1 uses the input directly as the hash (no pre-hashing)
+      # ECDSA sign - dsa_sign_asn1 uses the input directly as the hash (no pre-hashing)
       der  = @key.dsa_sign_asn1(digest_bytes)
       asn1 = OpenSSL::ASN1.decode(der)
       bn_r = asn1.value[0].value
@@ -104,7 +104,7 @@ module Remitmd
           break
         end
       end
-      raise "Could not determine recovery ID — key or hash may be invalid" if v.nil?
+      raise "Could not determine recovery ID - key or hash may be invalid" if v.nil?
 
       # Build 65-byte Ethereum signature: r (32) || s (32) || v (1)
       r_bytes = [bn_r.to_s(16).rjust(64, "0")].pack("H*")
@@ -129,13 +129,13 @@ module Remitmd
     def recover_r_point(group, bn_r, parity)
       p = SECP256K1_P
       x = bn_r
-      # y² = x³ + 7 (mod p)  — secp256k1 curve equation
+      # y² = x³ + 7 (mod p)  - secp256k1 curve equation
       x3  = x.mod_exp(OpenSSL::BN.new("3"), p)
       rhs = x3 + OpenSSL::BN.new("7")
       y_squared = rhs % p
       # Tonelli–Shanks: since p ≡ 3 mod 4, sqrt = y²^((p+1)/4) mod p
       y = y_squared.mod_exp(SECP256K1_SQRT_EXP, p)
-      # Verify that y² ≡ y_squared (mod p) — i.e., a square root exists
+      # Verify that y² ≡ y_squared (mod p) - i.e., a square root exists
       return nil unless y.mod_mul(y, p) == y_squared
 
       y = p - y if (y.to_i & 1) != parity
@@ -148,7 +148,7 @@ module Remitmd
     end
 
     def derive_address(public_key)
-      # Uncompressed public key: 04 || x (32) || y (32) — skip the 0x04 prefix
+      # Uncompressed public key: 04 || x (32) || y (32) - skip the 0x04 prefix
       pub_bytes = [public_key.to_octet_string(:uncompressed).unpack1("H*")[2..]].pack("H*")
       keccak    = keccak256_hex(pub_bytes)
       "0x#{keccak[-40..]}"

data/lib/remitmd/wallet.rb

@@ -28,7 +28,7 @@ module Remitmd
 
     # @param private_key [String, nil] 0x-prefixed hex private key
     # @param signer [Signer, nil]      custom signer (pass instead of private_key)
-    # @param chain [String]            chain name — "base", "base_sepolia"
+    # @param chain [String]            chain name - "base", "base_sepolia"
     # @param api_url [String, nil]     override API base URL
     # @param transport [Object, nil]   inject mock transport (used by MockRemit)
     def initialize(private_key: nil, signer: nil, chain: "base", api_url: nil, router_address: nil, transport: nil)
@@ -67,21 +67,16 @@ module Remitmd
     end
 
     # Build a RemitWallet from environment variables.
-    # Reads: REMIT_SIGNER_URL + REMIT_SIGNER_TOKEN (preferred, uses HttpSigner),
-    # or REMITMD_KEY (primary) / REMITMD_PRIVATE_KEY (deprecated fallback).
+    # Priority: CliSigner (if available) > REMITMD_KEY / REMITMD_PRIVATE_KEY.
     # Also reads: REMITMD_CHAIN, REMITMD_API_URL, REMITMD_ROUTER_ADDRESS.
     def self.from_env
       chain          = ENV.fetch("REMITMD_CHAIN", "base")
       api_url        = ENV["REMITMD_API_URL"]
       router_address = ENV["REMITMD_ROUTER_ADDRESS"]
 
-      # Priority 1: HTTP signer server
-      signer_url = ENV["REMIT_SIGNER_URL"]
-      if signer_url
-        signer_token = ENV["REMIT_SIGNER_TOKEN"]
-        raise ArgumentError, "REMIT_SIGNER_TOKEN must be set when REMIT_SIGNER_URL is set" unless signer_token
-
-        signer = HttpSigner.new(url: signer_url, token: signer_token)
+      # Priority 1: CLI signer (remit binary + keystore + password)
+      if CliSigner.available?
+        signer = CliSigner.new
         return new(signer: signer, chain: chain, api_url: api_url, router_address: router_address)
       end
 
@@ -90,7 +85,16 @@ module Remitmd
       if ENV["REMITMD_PRIVATE_KEY"] && !ENV["REMITMD_KEY"]
         warn "[remitmd] REMITMD_PRIVATE_KEY is deprecated, use REMITMD_KEY instead"
       end
-      raise ArgumentError, "REMITMD_KEY not set (or set REMIT_SIGNER_URL + REMIT_SIGNER_TOKEN)" unless key
+
+      unless key
+        raise ArgumentError,
+          "No signing method available. Either:\n" \
+          "  1. Install the remit CLI and set REMIT_KEY_PASSWORD:\n" \
+          "     macOS:   brew install remit-md/tap/remit\n" \
+          "     Windows: winget install remit-md.remit\n" \
+          "     Linux:   curl -fsSL https://remit.md/install.sh | sh\n" \
+          "  2. Set REMITMD_KEY to a raw private key (hex)"
+      end
 
       new(private_key: key, chain: chain, api_url: api_url, router_address: router_address)
     end
@@ -157,7 +161,7 @@ module Remitmd
     # @param to [String] recipient 0x-prefixed address
     # @param amount [Numeric, BigDecimal] amount in USDC (e.g. 1.50)
     # @param memo [String, nil] optional note
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Transaction]
     def pay(to, amount, memo: nil, permit: nil)
       validate_address!(to)
@@ -176,7 +180,7 @@ module Remitmd
     # @param amount [Numeric] amount in USDC
     # @param memo [String, nil] optional note
     # @param expires_in_secs [Integer, nil] optional expiry in seconds from now
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Escrow]
     def create_escrow(payee, amount, memo: nil, expires_in_secs: nil, permit: nil)
       validate_address!(payee)
@@ -237,7 +241,7 @@ module Remitmd
     # @param limit_amount [Numeric] maximum tab credit in USDC
     # @param per_unit [Numeric] USDC per API call
     # @param expires_in_secs [Integer] optional expiry duration in seconds (default: 86400)
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Tab]
     def create_tab(provider, limit_amount, per_unit = 0.0, expires_in_secs: 86_400, permit: nil)
       validate_address!(provider)
@@ -430,7 +434,7 @@ module Remitmd
     # @param payee [String] 0x-prefixed address of the stream recipient
     # @param rate_per_second [Numeric] USDC per second
     # @param max_total [Numeric] maximum total USDC for the stream
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Stream]
     def create_stream(payee, rate_per_second, max_total, permit: nil)
       validate_address!(payee)
@@ -468,7 +472,7 @@ module Remitmd
     # @param task_description [String] task description
     # @param deadline [Integer] deadline as Unix timestamp
     # @param max_attempts [Integer] maximum submission attempts (default: 10)
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Bounty]
     def create_bounty(amount, task_description, deadline, max_attempts: 10, permit: nil)
       validate_amount!(amount)
@@ -522,7 +526,7 @@ module Remitmd
     # @param provider [String] 0x-prefixed provider address
     # @param amount [Numeric] amount in USDC
     # @param expires_in_secs [Integer] expiry duration in seconds (default: 3600)
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [Deposit]
     def place_deposit(provider, amount, expires_in_secs: 3600, permit: nil)
       validate_address!(provider)
@@ -556,7 +560,7 @@ module Remitmd
     # Propose a payment intent for counterpart approval before execution.
     # @param to [String] 0x-prefixed address
     # @param amount [Numeric] amount in USDC
-    # @param type [String] payment type — "direct", "escrow", "tab"
+    # @param type [String] payment type - "direct", "escrow", "tab"
     # @return [Intent]
     def propose_intent(to, amount, type: "direct")
       validate_address!(to)
@@ -583,7 +587,7 @@ module Remitmd
     # Generate a one-time URL for the operator to fund this wallet.
     # @param messages [Array<Hash>, nil] chat-style messages (each with :role and :text)
     # @param agent_name [String, nil] agent display name shown on the funding page
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [LinkResponse]
     def create_fund_link(messages: nil, agent_name: nil, permit: nil)
       body = {}
@@ -601,7 +605,7 @@ module Remitmd
     # Generate a one-time URL for the operator to withdraw funds.
     # @param messages [Array<Hash>, nil] chat-style messages (each with :role and :text)
     # @param agent_name [String, nil] agent display name shown on the withdraw page
-    # @param permit [PermitSignature, nil] EIP-2612 permit — auto-signed if nil
+    # @param permit [PermitSignature, nil] EIP-2612 permit - auto-signed if nil
     # @return [LinkResponse]
     def create_withdraw_link(messages: nil, agent_name: nil, permit: nil)
       body = {}
@@ -710,7 +714,7 @@ module Remitmd
 
     # Auto-sign a permit for the given contract type and amount.
     # Returns nil on failure instead of raising, so callers can proceed without a permit.
-    # @param contract [String] contract key — "router", "escrow", "tab", etc.
+    # @param contract [String] contract key - "router", "escrow", "tab", etc.
     # @param amount [Numeric] amount in USDC
     # @return [PermitSignature, nil]
     def auto_permit(contract, amount)

data/lib/remitmd/x402_client.rb

@@ -21,7 +21,7 @@ module Remitmd
     end
   end
 
-  # x402 client — fetch wrapper that auto-pays HTTP 402 Payment Required responses.
+  # x402 client - fetch wrapper that auto-pays HTTP 402 Payment Required responses.
   #
   # On receiving a 402, the client:
   # 1. Decodes the PAYMENT-REQUIRED header (base64 JSON)

data/lib/remitmd/x402_paywall.rb

@@ -6,7 +6,7 @@ require "json"
 require "base64"
 
 module Remitmd
-  # x402 paywall for service providers — gate HTTP endpoints behind payments.
+  # x402 paywall for service providers - gate HTTP endpoints behind payments.
   #
   # Providers use this class to:
   # - Return HTTP 402 responses with properly formatted PAYMENT-REQUIRED headers
@@ -29,9 +29,9 @@ module Remitmd
     # @param facilitator_url [String] base URL of the remit.md facilitator
     # @param facilitator_token [String] bearer JWT for authenticating calls to /api/v1/x402/verify
     # @param max_timeout_seconds [Integer] how long the payment authorization remains valid
-    # @param resource [String, nil] V2 — URL or path of the resource being protected
-    # @param description [String, nil] V2 — human-readable description
-    # @param mime_type [String, nil] V2 — MIME type of the resource
+    # @param resource [String, nil] V2 - URL or path of the resource being protected
+    # @param description [String, nil] V2 - human-readable description
+    # @param mime_type [String, nil] V2 - MIME type of the resource
     def initialize( # rubocop:disable Metrics/ParameterLists
       wallet_address:,
       amount_usdc:,

data/lib/remitmd.rb

@@ -4,7 +4,7 @@ require_relative "remitmd/errors"
 require_relative "remitmd/models"
 require_relative "remitmd/keccak"
 require_relative "remitmd/signer"
-require_relative "remitmd/http_signer"
+require_relative "remitmd/cli_signer"
 require_relative "remitmd/http"
 require_relative "remitmd/wallet"
 require_relative "remitmd/mock"
@@ -12,7 +12,7 @@ require_relative "remitmd/a2a"
 require_relative "remitmd/x402_client"
 require_relative "remitmd/x402_paywall"
 
-# remit.md Ruby SDK — universal payment protocol for AI agents.
+# remit.md Ruby SDK - universal payment protocol for AI agents.
 #
 # @example Direct payment
 #   wallet = Remitmd::RemitWallet.new(private_key: ENV["REMITMD_PRIVATE_KEY"])
@@ -26,5 +26,5 @@ require_relative "remitmd/x402_paywall"
 #   mock.was_paid?("0x0000000000000000000000000000000000000001", 1.00) # => true
 #
 module Remitmd
-  VERSION = "0.1.8"
+  VERSION = "0.2.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: remitmd
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.2.1
 platform: ruby
 authors:
 - remit.md
@@ -51,9 +51,9 @@ files:
 - README.md
 - lib/remitmd.rb
 - lib/remitmd/a2a.rb
+- lib/remitmd/cli_signer.rb
 - lib/remitmd/errors.rb
 - lib/remitmd/http.rb
-- lib/remitmd/http_signer.rb
 - lib/remitmd/keccak.rb
 - lib/remitmd/mock.rb
 - lib/remitmd/models.rb

data/lib/remitmd/http_signer.rb

@@ -1,200 +0,0 @@
-# frozen_string_literal: true
-
-require "net/http"
-require "uri"
-require "json"
-
-module Remitmd
-  # Signer backed by a local HTTP signing server.
-  #
-  # Delegates digest signing to an HTTP server (typically
-  # `http://127.0.0.1:7402`). The signer server holds the encrypted key;
-  # this adapter only needs a bearer token and URL.
-  #
-  # @example
-  #   signer = Remitmd::HttpSigner.new(url: "http://127.0.0.1:7402", token: "rmit_sk_...")
-  #   wallet = Remitmd::RemitWallet.new(signer: signer, chain: "base")
-  #
-  class HttpSigner
-    include Signer
-
-    # Create an HttpSigner, fetching and caching the wallet address.
-    #
-    # @param url [String] signer server URL (e.g. "http://127.0.0.1:7402")
-    # @param token [String] bearer token for authentication
-    # @raise [RemitError] if the server is unreachable, returns an error, or returns no address
-    def initialize(url:, token:)
-      @url = url.chomp("/")
-      @token = token
-      @address = fetch_address
-    end
-
-    # Sign a 32-byte digest (raw binary bytes).
-    # Posts to /sign/digest with the hex-encoded digest.
-    # Returns a 0x-prefixed 65-byte hex signature.
-    #
-    # @param digest_bytes [String] 32-byte binary digest
-    # @return [String] 0x-prefixed 65-byte hex signature
-    # @raise [RemitError] on network, auth, policy, or server errors
-    def sign(digest_bytes)
-      hex = "0x#{digest_bytes.unpack1("H*")}"
-      uri = URI("#{@url}/sign/digest")
-      http = build_http(uri)
-
-      req = Net::HTTP::Post.new(uri.path)
-      req["Content-Type"] = "application/json"
-      req["Authorization"] = "Bearer #{@token}"
-      req.body = { digest: hex }.to_json
-
-      resp = begin
-        http.request(req)
-      rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, SocketError => e
-        raise RemitError.new(
-          RemitError::NETWORK_ERROR,
-          "HttpSigner: cannot reach signer server at #{@url}: #{e.message}"
-        )
-      end
-
-      handle_sign_response(resp)
-    end
-
-    # The cached Ethereum address (0x-prefixed).
-    # @return [String]
-    attr_reader :address
-
-    # Never expose the bearer token in inspect/to_s output.
-    def inspect
-      "#<Remitmd::HttpSigner address=#{@address}>"
-    end
-
-    alias to_s inspect
-
-    private
-
-    # Fetch the wallet address from GET /address during construction.
-    # @return [String] the 0x-prefixed Ethereum address
-    # @raise [RemitError] on any failure
-    def fetch_address
-      uri = URI("#{@url}/address")
-      http = build_http(uri)
-
-      req = Net::HTTP::Get.new(uri.path)
-      req["Authorization"] = "Bearer #{@token}"
-
-      resp = begin
-        http.request(req)
-      rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, SocketError => e
-        raise RemitError.new(
-          RemitError::NETWORK_ERROR,
-          "HttpSigner: cannot reach signer server at #{@url}: #{e.message}"
-        )
-      end
-
-      status = resp.code.to_i
-
-      if status == 401
-        raise RemitError.new(
-          RemitError::UNAUTHORIZED,
-          "HttpSigner: unauthorized -- check your REMIT_SIGNER_TOKEN"
-        )
-      end
-
-      unless (200..299).cover?(status)
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: GET /address failed (#{status})"
-        )
-      end
-
-      body = begin
-        JSON.parse(resp.body.to_s)
-      rescue JSON::ParserError
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: GET /address returned malformed JSON"
-        )
-      end
-
-      addr = body["address"]
-      if addr.nil? || addr.to_s.empty?
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: GET /address returned no address"
-        )
-      end
-
-      addr.to_s
-    end
-
-    # Handle the response from POST /sign/digest.
-    # @param resp [Net::HTTPResponse]
-    # @return [String] the 0x-prefixed hex signature
-    # @raise [RemitError] on any error
-    def handle_sign_response(resp)
-      status = resp.code.to_i
-
-      if status == 401
-        raise RemitError.new(
-          RemitError::UNAUTHORIZED,
-          "HttpSigner: unauthorized -- check your REMIT_SIGNER_TOKEN"
-        )
-      end
-
-      if status == 403
-        reason = begin
-          data = JSON.parse(resp.body.to_s)
-          data["reason"] || "unknown"
-        rescue JSON::ParserError
-          "unknown"
-        end
-        raise RemitError.new(
-          RemitError::UNAUTHORIZED,
-          "HttpSigner: policy denied -- #{reason}"
-        )
-      end
-
-      unless (200..299).cover?(status)
-        detail = begin
-          data = JSON.parse(resp.body.to_s)
-          data["reason"] || data["error"] || "server error"
-        rescue JSON::ParserError
-          "server error"
-        end
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: sign failed (#{status}): #{detail}"
-        )
-      end
-
-      body = begin
-        JSON.parse(resp.body.to_s)
-      rescue JSON::ParserError
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: POST /sign/digest returned malformed JSON"
-        )
-      end
-
-      sig = body["signature"]
-      if sig.nil? || sig.to_s.empty?
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: server returned no signature"
-        )
-      end
-
-      sig.to_s
-    end
-
-    # Build a Net::HTTP client for the given URI.
-    # @param uri [URI] the target URI
-    # @return [Net::HTTP]
-    def build_http(uri)
-      http = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl = uri.scheme == "https"
-      http.open_timeout = 5
-      http.read_timeout = 10
-      http
-    end
-  end
-end