nervepay 1.0.0

package/CHANGELOG.md

@@ -0,0 +1,117 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.0] - 2026-02-08
+
+### Added
+
+#### 🎉 Initial Release
+
+- **Interactive Setup Wizard** (`openclaw nervepay setup`)
+  - Automated identity registration with W3C DIDs
+  - Human claim flow with polling
+  - Gateway pairing with approval workflow
+  - Auto-configuration of OpenClaw config
+  - Secure credentials backup to `~/.nervepay/credentials.json`
+  - Beautiful CLI interface with progress indicators
+
+- **Identity Management Tools**
+  - `nervepay_register_identity` - Register W3C DID with Ed25519 keys
+  - `nervepay_whoami` - Test authentication and get agent info
+  - `nervepay_verify_agent` - Verify other agents' identity
+  - `nervepay_resolve_did` - Resolve DID documents
+  - Ed25519 signature-based authentication
+  - Replay protection with nonces and timestamps
+  - BIP39 mnemonic recovery support
+
+- **Vault Tools** (Secrets Management)
+  - `nervepay_list_secrets` - List available secrets (metadata only)
+  - `nervepay_get_secret` - Get decrypted secret value
+  - `nervepay_get_secrets` - Batch retrieve multiple secrets
+  - AES-256-GCM encryption with envelope encryption
+  - Comprehensive audit logging
+  - Read-only access for agents (create via dashboard)
+
+- **Gateway Pairing Tools**
+  - `nervepay_pair_gateway` - Connect OpenClaw gateway to NervePay
+  - `nervepay_check_pairing_status` - Poll pairing approval
+  - `nervepay_complete_pairing` - Complete pairing with token
+  - `nervepay_list_gateways` - List connected gateways
+  - `nervepay_gateway_health` - Check gateway health
+  - Auto-discovery of gateway tokens from local config
+  - Human approval workflow (Telegram-style)
+
+- **Orchestration Tools** (Multi-Agent Task Management)
+  - `nervepay_create_orchestration` - Create orchestration from PRD
+  - `nervepay_start_orchestration` - Start task decomposition
+  - `nervepay_get_orchestration` - Get status and progress
+  - `nervepay_list_tasks` - List orchestration tasks
+  - Task dependency resolution
+  - Retry logic for failed tasks
+  - Progress monitoring and events audit trail
+
+- **CLI Commands**
+  - `openclaw nervepay setup` - Interactive setup wizard
+  - `openclaw nervepay whoami` - Show agent identity
+  - `openclaw nervepay gateways` - List connected gateways
+  - `openclaw nervepay secrets` - List secrets
+
+- **Gateway RPC Methods**
+  - `nervepay.health` - Plugin health check
+  - `nervepay.whoami` - Get agent info via RPC
+
+- **Auto-Reply Commands**
+  - `/nervepay-status` - Show plugin status in chat
+
+- **Security Features**
+  - Ed25519 cryptographic signatures
+  - One-time nonce replay protection
+  - 5-minute timestamp validation window
+  - AES-256-GCM vault encryption
+  - HKDF key derivation
+  - Secure file permissions (600) for credentials backup
+  - No private keys in logs or error messages
+
+- **Documentation**
+  - Comprehensive README with API reference
+  - EXAMPLES.md with 10 real-world use cases
+  - DEPLOYMENT.md with full publishing guide
+  - TypeScript type definitions for IDE support
+  - Inline code documentation
+
+### Security
+
+- Private keys are never transmitted to servers (only signatures)
+- Credentials backup uses secure file permissions (600)
+- No secrets in source code or configuration files
+- Comprehensive audit logging for all authenticated operations
+- TLS required for all API communications
+
+### Known Issues
+
+- Setup wizard requires manual gateway restart after config update
+- Gateway token auto-discovery only checks standard locations
+- Orchestration tools require `enableOrchestration: true` in config
+
+## [Unreleased]
+
+### Planned Features
+
+- [ ] Agent attestation network (vouch for other agents)
+- [ ] Session tokens (reduce signature overhead)
+- [ ] ERC-4337 smart wallet integration
+- [ ] ERC-8004 on-chain reputation bridge
+- [ ] x402 payment protocol support
+- [ ] Sub-agent delegation tools
+- [ ] Real-time analytics dashboard
+- [ ] Multi-gateway load balancing
+- [ ] Task priority scheduling
+- [ ] Webhook notifications for orchestration events
+
+---
+
+[1.0.0]: https://github.com/nervepay/nervepay-plugin/releases/tag/v1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 NervePay
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,532 @@
+# NervePay Plugin for OpenClaw
+
+**Self-sovereign identity layer for AI agents.** Provides W3C DIDs, Ed25519 cryptographic authentication, secure vault, and multi-agent orchestration.
+
+## Features
+
+- **🆔 Identity Management**: W3C DID registration with Ed25519 signatures
+- **🔐 Vault**: AES-256-GCM encrypted secrets management
+- **🔗 Gateway Pairing**: Connect OpenClaw gateways to NervePay Mission Control
+- **🤖 Orchestration**: Multi-agent task decomposition and management
+- **✅ Reputation**: Cross-platform agent reputation tracking
+
+## Installation
+
+### Quick Start (Recommended)
+
+```bash
+# 1. Install plugin
+openclaw plugins install nervepay
+
+# 2. Run interactive setup wizard
+openclaw nervepay setup
+
+# That's it! The wizard handles:
+# ✅ Identity registration (W3C DID + Ed25519 keys)
+# ✅ Human claim flow (optional)
+# ✅ Gateway pairing (optional)
+# ✅ Auto-configuration of OpenClaw
+# ✅ Credentials backup
+```
+
+The setup wizard is **fully interactive** and takes ~2 minutes. It configures everything automatically!
+
+### Manual Installation (from source)
+
+```bash
+git clone https://github.com/nervepay/nervepay-plugin
+cd nervepay-plugin
+npm install
+npm run build
+openclaw plugins install .
+openclaw nervepay setup  # Still use the wizard!
+```
+
+### Local Development
+
+```bash
+openclaw plugins install -l ./nervepay-plugin
+openclaw nervepay setup
+```
+
+## Configuration
+
+**✨ The setup wizard configures everything automatically!** Just run:
+
+```bash
+openclaw nervepay setup
+```
+
+It will:
+1. Register your agent identity
+2. Show claim URL (optional, improves trust)
+3. Optionally pair your gateway
+4. Auto-update your OpenClaw config
+5. Save credentials securely to `~/.nervepay/credentials.json`
+
+### Manual Configuration (if needed)
+
+If you prefer to configure manually or already have credentials:
+
+```json5
+{
+  "plugins": {
+    "enabled": true,
+    "entries": {
+      "nervepay": {
+        "enabled": true,
+        "config": {
+          "apiUrl": "https://api.nervepay.xyz",
+          "agentDid": "did:nervepay:agent:...",
+          "privateKey": "ed25519:...",
+          "enableOrchestration": false,
+          "enableAnalytics": true
+        }
+      }
+    }
+  }
+}
+```
+
+Then restart gateway: `openclaw gateway restart`
+
+### Configuration Options
+
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `apiUrl` | string | No | NervePay API URL (default: https://api.nervepay.xyz) |
+| `agentDid` | string | No* | Agent DID (auto-configured by setup wizard) |
+| `privateKey` | string | No* | Ed25519 private key (auto-configured by setup wizard) |
+| `enableOrchestration` | boolean | No | Enable multi-agent orchestration (default: false) |
+| `enableAnalytics` | boolean | No | Enable analytics tracking (default: true) |
+
+*Required for authenticated operations (vault, gateway, orchestration)
+
+## Quick Start
+
+### 🚀 The Easy Way (Interactive Setup)
+
+```bash
+# 1. Install
+openclaw plugins install nervepay
+
+# 2. Run setup wizard
+openclaw nervepay setup
+```
+
+The wizard will ask you a few questions and configure everything automatically:
+
+```
+🔐 NervePay Setup Wizard
+
+📋 Step 1: Agent Information
+   Agent name: My Research Bot
+   Agent description: Helps with literature reviews
+
+🆔 Step 2: Registering Identity...
+   ✅ Identity created!
+   DID: did:nervepay:agent:abc123...
+
+👤 Step 3: Link to Human Owner
+   Link this agent to your NervePay account? [Y/n] y
+   Open this URL in your browser:
+   https://nervepay.xyz/claim/session-xyz
+
+   ✅ Agent claimed successfully!
+
+🔗 Step 4: Gateway Pairing
+   Connect this gateway to NervePay Mission Control? [y/N] y
+   Gateway name: Home Lab Gateway
+   Gateway URL: http://127.0.0.1:18789
+
+   ✅ Gateway paired successfully!
+
+⚙️  Step 5: Additional Features
+   Enable multi-agent orchestration? [y/N] n
+   Enable analytics tracking? [Y/n] y
+
+✅ Setup Complete!
+
+🔄 Next Steps:
+   1. Restart your OpenClaw gateway:
+      openclaw gateway restart
+
+   2. Test authentication:
+      openclaw nervepay whoami
+```
+
+### 🛠️ The Manual Way (Programmatic)
+
+If you prefer to use tools directly:
+
+```javascript
+// 1. Register identity
+const result = await nervepay_register_identity({
+  name: "My AI Agent",
+  description: "Purpose of this agent"
+});
+
+// 2. Save credentials (shown once only!)
+console.log("DID:", result.did);
+console.log("Private Key:", result.private_key);
+console.log("Mnemonic:", result.mnemonic);
+
+// 3. Update OpenClaw config with credentials
+// 4. Restart gateway
+// 5. Test authentication
+const info = await nervepay_whoami();
+```
+
+**⚠️ Setup wizard is recommended!** It handles all the tedious configuration automatically.
+
+## Available Tools
+
+### Identity Tools
+
+#### `nervepay_register_identity`
+
+Register a new agent identity with W3C DID and Ed25519 keys.
+
+**Parameters:**
+- `name` (string, required): Agent display name
+- `description` (string, optional): Agent description/purpose
+
+**Returns:**
+```typescript
+{
+  did: string;              // did:nervepay:agent:...
+  private_key: string;      // ed25519:...
+  public_key: string;       // Base58-encoded
+  mnemonic: string;         // 12-word BIP39 recovery phrase
+  session_id: string;       // For claim status polling
+  claim_url: string;        // Give to human owner (optional)
+}
+```
+
+#### `nervepay_whoami`
+
+Test authentication and get current agent info.
+
+**Returns:**
+```typescript
+{
+  agent_did: string;
+  name: string;
+  public_key: string;
+  capabilities: {
+    max_spending_limit_usd?: number;
+    allowed_operations?: string[];
+  };
+  reputation_score: number;  // 0-100
+  created_at: string;
+}
+```
+
+#### `nervepay_verify_agent`
+
+Verify another agent's identity (public endpoint, no auth required).
+
+**Parameters:**
+- `did` (string): Agent DID to verify
+
+#### `nervepay_resolve_did`
+
+Resolve W3C DID document.
+
+**Parameters:**
+- `did` (string): DID to resolve
+
+### Gateway Tools
+
+#### `nervepay_pair_gateway`
+
+Connect OpenClaw gateway to NervePay. Sends pairing request that requires human approval.
+
+**Parameters:**
+- `gateway_name` (string): Gateway display name
+- `gateway_url` (string): Gateway URL (must be reachable by NervePay)
+- `max_concurrent_agents` (number, optional): Max concurrent sub-agents (default: 8)
+- `default_timeout_seconds` (number, optional): Default task timeout (default: 3600)
+
+#### `nervepay_list_gateways`
+
+List all connected gateways.
+
+#### `nervepay_gateway_health`
+
+Check gateway health.
+
+**Parameters:**
+- `gateway_id` (string): Gateway ID
+
+### Vault Tools
+
+#### `nervepay_list_secrets`
+
+List all secrets (metadata only, no values).
+
+**Returns:**
+```typescript
+{
+  secrets: Array<{
+    id: string;
+    name: string;
+    description?: string;
+    created_at: string;
+    updated_at: string;
+  }>;
+}
+```
+
+#### `nervepay_get_secret`
+
+Get decrypted secret value by name.
+
+**Parameters:**
+- `secret_name` (string): Secret name
+
+**Returns:**
+```typescript
+{
+  secret: {
+    id: string;
+    name: string;
+    value: string;  // Decrypted value
+    description?: string;
+    created_at: string;
+    updated_at: string;
+  }
+}
+```
+
+#### `nervepay_get_secrets`
+
+Get multiple secrets at once.
+
+**Parameters:**
+- `secret_names` (string[]): Array of secret names
+
+**Returns:**
+```typescript
+Record<string, string>  // { name: value, ... }
+```
+
+### Orchestration Tools
+
+(Available when `enableOrchestration: true`)
+
+#### `nervepay_create_orchestration`
+
+Create multi-agent orchestration from PRD (Product Requirements Document).
+
+**Parameters:**
+- `gateway_id` (string): Gateway ID to spawn agents on
+- `name` (string): Orchestration name
+- `prd` (string): Product Requirements Document (JSON or text)
+- `context` (object, optional): Additional context data
+
+#### `nervepay_start_orchestration`
+
+Start orchestration (decomposes PRD and spawns sub-agent tasks).
+
+**Parameters:**
+- `orchestration_id` (string): Orchestration ID
+
+#### `nervepay_get_orchestration`
+
+Get orchestration status and progress.
+
+**Parameters:**
+- `orchestration_id` (string): Orchestration ID
+
+#### `nervepay_list_tasks`
+
+List tasks for an orchestration.
+
+**Parameters:**
+- `orchestration_id` (string): Orchestration ID
+- `status` (string, optional): Filter by status (pending/running/completed/failed/blocked)
+
+## CLI Commands
+
+```bash
+# Interactive setup wizard (⭐ recommended for first-time setup)
+openclaw nervepay setup
+
+# Show agent identity
+openclaw nervepay whoami
+
+# List connected gateways
+openclaw nervepay gateways
+
+# List secrets
+openclaw nervepay secrets
+```
+
+The `setup` command is **fully interactive** and handles everything automatically:
+- Identity registration
+- Human claim flow
+- Gateway pairing
+- OpenClaw config updates
+- Credentials backup
+
+## Gateway RPC Methods
+
+```javascript
+// Health check
+gateway.rpc('nervepay.health');
+// => { status: 'ok', plugin: 'nervepay', version: '1.0.0' }
+
+// Get agent identity
+gateway.rpc('nervepay.whoami');
+// => { agent_did: '...', name: '...', ... }
+```
+
+## Auto-Reply Commands
+
+```
+/nervepay-status
+```
+
+Shows plugin status and configuration in chat.
+
+## Security
+
+### Authentication
+
+All authenticated requests use Ed25519 signatures with:
+- **Replay protection**: One-time nonces + 5-minute timestamp window
+- **Integrity**: Signature covers method, path, query, body hash
+- **Non-repudiation**: Only agent with private key can sign
+
+### Vault Encryption
+
+Secrets use AES-256-GCM envelope encryption:
+- Per-secret Data Encryption Keys (DEK)
+- Master Key Encryption Key (KEK) derived via HKDF-SHA256
+- Random 12-byte nonces per encryption
+- Comprehensive audit logging
+
+### Private Key Storage
+
+**DO NOT** commit private keys to git or share them. Store them in:
+- Environment variables
+- OpenClaw config (local only)
+- Hardware security modules (HSM)
+- Secure secret managers
+
+**BIP39 Mnemonic**: Backup the 12-word recovery phrase offline. It can regenerate the same Ed25519 keypair deterministically.
+
+## Use Cases
+
+### 1. Secure API Key Management
+
+Stop leaking API keys in OpenClaw skills! Store them in NervePay Vault:
+
+```javascript
+// Instead of this (insecure):
+const apiKey = "sk-proj-..."; // Leaked in skill code!
+
+// Do this:
+const { secret } = await nervepay_get_secret({
+  secret_name: "openai_api_key"
+});
+const apiKey = secret.value;
+```
+
+**Snyk found 280+ OpenClaw skills leaking API keys.** NervePay Vault fixes this with encrypted storage and audit logs.
+
+### 2. Cross-Platform Reputation
+
+Your agent's DID carries reputation across all 30+ OpenClaw channels:
+
+```javascript
+// Verify agent before trusting
+const { verified, agent } = await nervepay_verify_agent({
+  did: "did:nervepay:agent:abc123..."
+});
+
+if (verified && agent.reputation_score > 80) {
+  // High reputation, proceed with request
+}
+```
+
+### 3. Multi-Agent Orchestration
+
+Decompose complex PRDs into sub-agent tasks:
+
+```javascript
+// Create orchestration
+const orch = await nervepay_create_orchestration({
+  gateway_id: "gateway-123",
+  name: "Build User Dashboard",
+  prd: JSON.stringify({
+    title: "User Dashboard",
+    requirements: [
+      "Design landing page layout",
+      "Implement authentication",
+      "Create user profile page",
+      "Add analytics charts"
+    ]
+  })
+});
+
+// Start execution
+await nervepay_start_orchestration({
+  orchestration_id: orch.id
+});
+
+// Monitor progress
+const status = await nervepay_get_orchestration({
+  orchestration_id: orch.id
+});
+console.log(`Progress: ${status.progress_percentage}%`);
+```
+
+### 4. Agent-to-Agent Commerce
+
+Coming soon: x402 protocol integration for pay-per-request API monetization.
+
+## Development
+
+### Build
+
+```bash
+npm install
+npm run build
+```
+
+### Test
+
+```bash
+npm test
+```
+
+### Watch mode
+
+```bash
+npm run dev
+```
+
+## Links
+
+- **Website**: https://nervepay.xyz
+- **Dashboard**: https://nervepay.xyz/dashboard
+- **Docs**: https://nervepay.xyz/docs
+- **API Reference**: https://nervepay.xyz/docs/api
+- **GitHub**: https://github.com/nervepay/nervepay-plugin
+- **OpenClaw Docs**: https://docs.openclaw.ai/tools/plugin
+
+## Support
+
+- **Issues**: https://github.com/nervepay/nervepay-plugin/issues
+- **Discord**: https://discord.gg/nervepay
+- **Email**: hello@nervepay.xyz
+
+## License
+
+MIT © NervePay
+
+---
+
+**Built with ❤️ for the AI agent ecosystem**

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * NervePay Plugin for OpenClaw
+ * Self-sovereign identity, vault, and multi-agent orchestration
+ */
+export default function register(api: any): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AASH,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,GAAG,EAAE,GAAG,QAudxC"}