RubyGems - remitmd - Versions diffs - 0.1.9 → 0.2.1 - Mend

remitmd 0.1.9 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 05f736527efb603117342dec70fc553420aa04d4dbc3ca8db5fccd8b31b7a9cb
-  data.tar.gz: a7f143bc6302d96cc1ca492c7f8393cdd98b039e86747fee1e7bf36a919b83d0
+  metadata.gz: 75be0a5249f87323f7c007b13b7b89f9e2153557b355381000b7d3d007adcfc0
+  data.tar.gz: e0f9b80bc11f7eb9888f037cba3589548a3344bdba9f621994142f5b20a3b14d
 SHA512:
-  metadata.gz: d998125805f98cf6ccbd389ec8df96655cb66a47e51b57d274c6090cdbb00a31c713f915282f166982d85dc2d3db3ce14a9c294f7ff0c00d049252590c661f10
-  data.tar.gz: 0dad289442caafe80bcbf83b13f38f5e7d70c7adacd0ad8b6a12172e6c27a6aae872a9b97c29537fb6ee0783eb2d3261da4eb47889f677aba12a15c10bc05ab3
+  metadata.gz: 5198b515870956a99eccee4152e991d4fc32f6f03acd5a91a499b9c853b57da2c0b3cad4657381e1524553f10d021415b1d9202ce35848eb06331e5420758c73
+  data.tar.gz: 5bcaab9bc1d75389f524ad3ab36920a02bf9dbacf68792c6492f8bc04a6ebb2197725a73342191a26c2debf7dceddf31a3247968e82f470c228fe76203a51df0

data/README.md CHANGED Viewed

@@ -39,31 +39,35 @@ Or from environment variables:
 ```ruby
 wallet = Remitmd::RemitWallet.from_env
-# Requires: REMITMD_KEY (or REMIT_SIGNER_URL + REMIT_SIGNER_TOKEN)
+# Auto-detects: CliSigner (remit CLI) > REMITMD_KEY
 # Optional: REMITMD_CHAIN (default: "base"), REMITMD_API_URL
 ```
 Permits are auto-signed. Every payment method fetches the on-chain USDC nonce, signs an EIP-2612 permit, and includes it automatically.
-## Local Signer (Recommended)
+## CLI Signer (Recommended)
-The local signer delegates key management to `remit signer`, a localhost HTTP server that holds your encrypted key. Your agent only needs a URL and token - no private key in the environment.
+The CLI signer delegates key management to the `remit` CLI binary, which holds your encrypted keystore at `~/.remit/keys/`. No private key in your environment -- just install the CLI and set a password.
 ```bash
-export REMIT_SIGNER_URL=http://127.0.0.1:7402
-export REMIT_SIGNER_TOKEN=rmit_sk_...
+# Install the CLI
+# macOS:   brew install remit-md/tap/remit
+# Windows: winget install remit-md.remit
+# Linux:   curl -fsSL https://remit.md/install.sh | sh
+export REMIT_KEY_PASSWORD=your-keystore-password
 ```
 ```ruby
 # Explicit
-signer = Remitmd::HttpSigner.new(url: "http://127.0.0.1:7402", token: "rmit_sk_...")
+signer = Remitmd::CliSigner.new
 wallet = Remitmd::RemitWallet.new(signer: signer)
 # Or auto-detect from env (recommended)
-wallet = Remitmd::RemitWallet.from_env # detects REMIT_SIGNER_URL automatically
+wallet = Remitmd::RemitWallet.from_env # detects remit CLI automatically
 ```
-`RemitWallet.from_env` detects signer credentials automatically. Priority: `REMIT_SIGNER_URL` > `REMITMD_KEY`.
+`RemitWallet.from_env` detects signing methods automatically. Priority: `CliSigner` (CLI + keystore + password) > `REMITMD_KEY`.
 ## Payment Models

data/lib/remitmd/cli_signer.rb ADDED Viewed

@@ -0,0 +1,136 @@
+# frozen_string_literal: true
+require "open3"
+module Remitmd
+  # Signer backed by the `remit sign` CLI command.
+  #
+  # No key material in this process -- signing happens in a subprocess.
+  # Address is cached at construction time via `remit address`.
+  #
+  # @example
+  #   signer = Remitmd::CliSigner.new
+  #   wallet = Remitmd::RemitWallet.new(signer: signer, chain: "base")
+  #
+  class CliSigner
+    include Signer
+    # Default timeout for CLI subprocess calls (seconds).
+    CLI_TIMEOUT = 10
+    # Create a CliSigner, fetching and caching the wallet address.
+    #
+    # @param cli_path [String] path or name of the remit CLI binary (default: "remit")
+    # @raise [RemitError] if the CLI fails or returns an invalid address
+    def initialize(cli_path: "remit")
+      @cli_path = cli_path
+      @address = fetch_address
+    end
+    # Sign a 32-byte digest (raw binary bytes).
+    # Pipes the hex-encoded digest to `remit sign --digest` on stdin.
+    # Returns a 0x-prefixed 65-byte hex signature.
+    #
+    # @param digest_bytes [String] 32-byte binary digest
+    # @return [String] 0x-prefixed 130-char hex signature (65 bytes)
+    # @raise [RemitError] on CLI failure or invalid output
+    def sign(digest_bytes)
+      hex = digest_bytes.unpack1("H*")
+      stdout, stderr, status = run_cli("sign", "--digest", stdin_data: hex)
+      unless status.success?
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "CliSigner: signing failed: #{stderr.strip}"
+        )
+      end
+      sig = stdout.strip
+      unless sig.start_with?("0x") && sig.length == 132
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "CliSigner: invalid signature from CLI: #{sig}"
+        )
+      end
+      sig
+    end
+    # The cached Ethereum address (0x-prefixed).
+    # @return [String]
+    attr_reader :address
+    # Never expose internals in inspect/to_s output.
+    def inspect
+      "#<Remitmd::CliSigner address=#{@address}>"
+    end
+    alias to_s inspect
+    # Check all three conditions for CliSigner activation.
+    #
+    # 1. CLI binary found on PATH (via `which` / `where`)
+    # 2. Keystore file exists at ~/.remit/keys/default.enc
+    # 3. REMIT_KEY_PASSWORD env var is set
+    #
+    # @param cli_path [String] path or name of the remit CLI binary
+    # @return [Boolean]
+    def self.available?(cli_path: "remit")
+      # 1. CLI binary on PATH
+      which_cmd = Gem.win_platform? ? "where" : "which"
+      _out, _err, st = Open3.capture3(which_cmd, cli_path)
+      return false unless st.success?
+      # 2. Keystore file exists
+      keystore = File.join(Dir.home, ".remit", "keys", "default.enc")
+      return false unless File.exist?(keystore)
+      # 3. REMIT_KEY_PASSWORD set
+      password = ENV["REMIT_KEY_PASSWORD"]
+      return false if password.nil? || password.empty?
+      true
+    end
+    private
+    # Fetch the wallet address from `remit address` during construction.
+    # @return [String] the 0x-prefixed Ethereum address
+    # @raise [RemitError] on any failure
+    def fetch_address
+      stdout, stderr, status = run_cli("address")
+      unless status.success?
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "CliSigner: failed to get address: #{stderr.strip}"
+        )
+      end
+      addr = stdout.strip
+      unless addr.match?(/\A0x[0-9a-fA-F]{40}\z/)
+        raise RemitError.new(
+          RemitError::SERVER_ERROR,
+          "CliSigner: invalid address from CLI: #{addr}"
+        )
+      end
+      addr
+    end
+    # Run the remit CLI with given arguments.
+    # @param args [Array<String>] CLI arguments
+    # @param stdin_data [String, nil] data to pipe to stdin
+    # @return [Array<String, String, Process::Status>] stdout, stderr, status
+    # @raise [RemitError] on timeout or execution failure
+    def run_cli(*args, stdin_data: nil)
+      Open3.capture3(@cli_path, *args, stdin_data: stdin_data.to_s)
+    rescue Errno::ENOENT
+      raise RemitError.new(
+        RemitError::SERVER_ERROR,
+        "CliSigner: remit CLI not found at '#{@cli_path}'. " \
+        "Install: https://remit.md/install"
+      )
+    end
+  end
+end

data/lib/remitmd/wallet.rb CHANGED Viewed

@@ -67,21 +67,16 @@ module Remitmd
     end
     # Build a RemitWallet from environment variables.
-    # Reads: REMIT_SIGNER_URL + REMIT_SIGNER_TOKEN (preferred, uses HttpSigner),
-    # or REMITMD_KEY (primary) / REMITMD_PRIVATE_KEY (deprecated fallback).
+    # Priority: CliSigner (if available) > REMITMD_KEY / REMITMD_PRIVATE_KEY.
     # Also reads: REMITMD_CHAIN, REMITMD_API_URL, REMITMD_ROUTER_ADDRESS.
     def self.from_env
       chain          = ENV.fetch("REMITMD_CHAIN", "base")
       api_url        = ENV["REMITMD_API_URL"]
       router_address = ENV["REMITMD_ROUTER_ADDRESS"]
-      # Priority 1: HTTP signer server
-      signer_url = ENV["REMIT_SIGNER_URL"]
-      if signer_url
-        signer_token = ENV["REMIT_SIGNER_TOKEN"]
-        raise ArgumentError, "REMIT_SIGNER_TOKEN must be set when REMIT_SIGNER_URL is set" unless signer_token
-        signer = HttpSigner.new(url: signer_url, token: signer_token)
+      # Priority 1: CLI signer (remit binary + keystore + password)
+      if CliSigner.available?
+        signer = CliSigner.new
         return new(signer: signer, chain: chain, api_url: api_url, router_address: router_address)
       end
@@ -90,7 +85,16 @@ module Remitmd
       if ENV["REMITMD_PRIVATE_KEY"] && !ENV["REMITMD_KEY"]
         warn "[remitmd] REMITMD_PRIVATE_KEY is deprecated, use REMITMD_KEY instead"
       end
-      raise ArgumentError, "REMITMD_KEY not set (or set REMIT_SIGNER_URL + REMIT_SIGNER_TOKEN)" unless key
+      unless key
+        raise ArgumentError,
+          "No signing method available. Either:\n" \
+          "  1. Install the remit CLI and set REMIT_KEY_PASSWORD:\n" \
+          "     macOS:   brew install remit-md/tap/remit\n" \
+          "     Windows: winget install remit-md.remit\n" \
+          "     Linux:   curl -fsSL https://remit.md/install.sh | sh\n" \
+          "  2. Set REMITMD_KEY to a raw private key (hex)"
+      end
       new(private_key: key, chain: chain, api_url: api_url, router_address: router_address)
     end

data/lib/remitmd.rb CHANGED Viewed

@@ -4,7 +4,7 @@ require_relative "remitmd/errors"
 require_relative "remitmd/models"
 require_relative "remitmd/keccak"
 require_relative "remitmd/signer"
-require_relative "remitmd/http_signer"
+require_relative "remitmd/cli_signer"
 require_relative "remitmd/http"
 require_relative "remitmd/wallet"
 require_relative "remitmd/mock"
@@ -26,5 +26,5 @@ require_relative "remitmd/x402_paywall"
 #   mock.was_paid?("0x0000000000000000000000000000000000000001", 1.00) # => true
 #
 module Remitmd
-  VERSION = "0.1.9"
+  VERSION = "0.2.1"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: remitmd
 version: !ruby/object:Gem::Version
-  version: 0.1.9
+  version: 0.2.1
 platform: ruby
 authors:
 - remit.md
@@ -51,9 +51,9 @@ files:
 - README.md
 - lib/remitmd.rb
 - lib/remitmd/a2a.rb
+- lib/remitmd/cli_signer.rb
 - lib/remitmd/errors.rb
 - lib/remitmd/http.rb
-- lib/remitmd/http_signer.rb
 - lib/remitmd/keccak.rb
 - lib/remitmd/mock.rb
 - lib/remitmd/models.rb

data/lib/remitmd/http_signer.rb DELETED Viewed

@@ -1,200 +0,0 @@
-# frozen_string_literal: true
-require "net/http"
-require "uri"
-require "json"
-module Remitmd
-  # Signer backed by a local HTTP signing server.
-  #
-  # Delegates digest signing to an HTTP server (typically
-  # `http://127.0.0.1:7402`). The signer server holds the encrypted key;
-  # this adapter only needs a bearer token and URL.
-  #
-  # @example
-  #   signer = Remitmd::HttpSigner.new(url: "http://127.0.0.1:7402", token: "rmit_sk_...")
-  #   wallet = Remitmd::RemitWallet.new(signer: signer, chain: "base")
-  #
-  class HttpSigner
-    include Signer
-    # Create an HttpSigner, fetching and caching the wallet address.
-    #
-    # @param url [String] signer server URL (e.g. "http://127.0.0.1:7402")
-    # @param token [String] bearer token for authentication
-    # @raise [RemitError] if the server is unreachable, returns an error, or returns no address
-    def initialize(url:, token:)
-      @url = url.chomp("/")
-      @token = token
-      @address = fetch_address
-    end
-    # Sign a 32-byte digest (raw binary bytes).
-    # Posts to /sign/digest with the hex-encoded digest.
-    # Returns a 0x-prefixed 65-byte hex signature.
-    #
-    # @param digest_bytes [String] 32-byte binary digest
-    # @return [String] 0x-prefixed 65-byte hex signature
-    # @raise [RemitError] on network, auth, policy, or server errors
-    def sign(digest_bytes)
-      hex = "0x#{digest_bytes.unpack1("H*")}"
-      uri = URI("#{@url}/sign/digest")
-      http = build_http(uri)
-      req = Net::HTTP::Post.new(uri.path)
-      req["Content-Type"] = "application/json"
-      req["Authorization"] = "Bearer #{@token}"
-      req.body = { digest: hex }.to_json
-      resp = begin
-        http.request(req)
-      rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, SocketError => e
-        raise RemitError.new(
-          RemitError::NETWORK_ERROR,
-          "HttpSigner: cannot reach signer server at #{@url}: #{e.message}"
-        )
-      end
-      handle_sign_response(resp)
-    end
-    # The cached Ethereum address (0x-prefixed).
-    # @return [String]
-    attr_reader :address
-    # Never expose the bearer token in inspect/to_s output.
-    def inspect
-      "#<Remitmd::HttpSigner address=#{@address}>"
-    end
-    alias to_s inspect
-    private
-    # Fetch the wallet address from GET /address during construction.
-    # @return [String] the 0x-prefixed Ethereum address
-    # @raise [RemitError] on any failure
-    def fetch_address
-      uri = URI("#{@url}/address")
-      http = build_http(uri)
-      req = Net::HTTP::Get.new(uri.path)
-      req["Authorization"] = "Bearer #{@token}"
-      resp = begin
-        http.request(req)
-      rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, SocketError => e
-        raise RemitError.new(
-          RemitError::NETWORK_ERROR,
-          "HttpSigner: cannot reach signer server at #{@url}: #{e.message}"
-        )
-      end
-      status = resp.code.to_i
-      if status == 401
-        raise RemitError.new(
-          RemitError::UNAUTHORIZED,
-          "HttpSigner: unauthorized -- check your REMIT_SIGNER_TOKEN"
-        )
-      end
-      unless (200..299).cover?(status)
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: GET /address failed (#{status})"
-        )
-      end
-      body = begin
-        JSON.parse(resp.body.to_s)
-      rescue JSON::ParserError
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: GET /address returned malformed JSON"
-        )
-      end
-      addr = body["address"]
-      if addr.nil? || addr.to_s.empty?
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: GET /address returned no address"
-        )
-      end
-      addr.to_s
-    end
-    # Handle the response from POST /sign/digest.
-    # @param resp [Net::HTTPResponse]
-    # @return [String] the 0x-prefixed hex signature
-    # @raise [RemitError] on any error
-    def handle_sign_response(resp)
-      status = resp.code.to_i
-      if status == 401
-        raise RemitError.new(
-          RemitError::UNAUTHORIZED,
-          "HttpSigner: unauthorized -- check your REMIT_SIGNER_TOKEN"
-        )
-      end
-      if status == 403
-        reason = begin
-          data = JSON.parse(resp.body.to_s)
-          data["reason"] || "unknown"
-        rescue JSON::ParserError
-          "unknown"
-        end
-        raise RemitError.new(
-          RemitError::UNAUTHORIZED,
-          "HttpSigner: policy denied -- #{reason}"
-        )
-      end
-      unless (200..299).cover?(status)
-        detail = begin
-          data = JSON.parse(resp.body.to_s)
-          data["reason"] || data["error"] || "server error"
-        rescue JSON::ParserError
-          "server error"
-        end
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: sign failed (#{status}): #{detail}"
-        )
-      end
-      body = begin
-        JSON.parse(resp.body.to_s)
-      rescue JSON::ParserError
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: POST /sign/digest returned malformed JSON"
-        )
-      end
-      sig = body["signature"]
-      if sig.nil? || sig.to_s.empty?
-        raise RemitError.new(
-          RemitError::SERVER_ERROR,
-          "HttpSigner: server returned no signature"
-        )
-      end
-      sig.to_s
-    end
-    # Build a Net::HTTP client for the given URI.
-    # @param uri [URI] the target URI
-    # @return [Net::HTTP]
-    def build_http(uri)
-      http = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl = uri.scheme == "https"
-      http.open_timeout = 5
-      http.read_timeout = 10
-      http
-    end
-  end
-end