nodpay 0.1.0

package/AGENT-NOTES.md

@@ -0,0 +1,53 @@
+# Agent Operational Notes
+
+Advanced patterns and edge cases. Read SKILL.md first.
+
+## Nonce Management
+
+- **Auto-increment**: propose without `--nonce` → script fetches on-chain nonce, auto-increments past pending ops
+- **Replace**: use `--nonce N` with same nonce as pending tx → both appear in dashboard, user picks one
+- **Gas reuse**: when nonce > on-chain nonce, bundler rejects gas estimation (`AA25`). Script auto-reuses gas from the first pending op.
+
+## Status Lifecycle
+
+```
+pending → submitted → executed
+                   ↘ rejected
+                   ↘ replaced (another tx at same nonce was executed)
+                   ↘ invalidated (cascade from lower nonce rejection)
+```
+
+## Multi-Wallet
+
+One agent can serve multiple wallets. Different user devices → different passkeys → different Safe addresses. Always confirm which wallet before proposing.
+
+## EOA Wallets
+
+For users who prefer MetaMask/browser wallet over passkey:
+
+```bash
+node scripts/propose.mjs \
+  --safe <WALLET_ADDRESS> \
+  --to <RECIPIENT> \
+  --value-eth <AMOUNT> \
+  --user-signer <USER_EOA_ADDRESS> \
+  --recovery <RECOVERY_SIGNER> \
+  --signer-type eoa
+```
+
+## Owner Ordering (CREATE2)
+
+Safe address is deterministically derived. Owner order is fixed:
+
+- **Passkey**: `[agent, recovery, SharedSigner]`
+- **EOA**: `[userSigner, agent, recovery]`
+
+Wrong order → wrong address. The propose script handles this automatically.
+
+## API Reference
+
+```
+GET  /api/txs?safe=<addr>                    # list all ops for a wallet
+GET  /api/txs?safe=<addr>&status=pending     # filter by status
+GET  /api/tx/<shortHash>                     # get single op by hash prefix
+```

package/README.md

@@ -0,0 +1,236 @@
+---
+name: nodpay
+description: Propose on-chain payments from a shared wallet. Use when user asks to send crypto, make a payment, or create a shared wallet.
+metadata:
+  { "openclaw": { "requires": { "env": ["NODPAY_AGENT_KEY"] }, "primaryEnv": "NODPAY_AGENT_KEY" } }
+---
+
+# NodPay — Agent Wallet
+
+> Two minds, one wallet.
+
+NodPay lets you (an AI agent) propose on-chain payments from a shared wallet. Your human co-signs with one tap. You cannot spend without their approval.
+
+**When to use**: User asks you to send crypto, make a payment, or create a shared wallet.
+
+## How It Works
+
+```
+You (agent)          NodPay            User (human)
+    │                  │                    │
+    ├─ generate key ──►│                    │
+    ├─ send link ──────┼──────────────────►│
+    │                  │◄── create wallet ─┤
+    │◄── wallet info ──┤                    │
+    │                  │                    │
+    ├─ propose tx ────►│                    │
+    │                  ├── approve link ───►│
+    │                  │◄── sign + submit ─┤
+    │                  │                    │
+```
+
+The wallet is a **Safe 2-of-3 multisig**. You hold 1 key, the user holds 2 (passkey + recovery). You cannot move funds alone.
+
+---
+
+## Setup (one-time)
+
+### 1. Install
+
+```bash
+git clone https://github.com/xhyumiracle/nodpay.git
+cd nodpay/skill && npm install
+```
+
+### 2. Set `NODPAY_AGENT_KEY` in your environment
+
+Generate one if you don't have it:
+
+```bash
+node -e "const w=require('ethers').Wallet.createRandom();console.log('Address:',w.address,'\nKey:',w.privateKey)"
+```
+
+Store the private key wherever your agent framework manages secrets (e.g. `.env`, system env vars). The address is your public agent identity.
+
+No bundler key needed — NodPay proxies bundler calls for you.
+
+---
+
+## Usage
+
+### Create a wallet
+
+Send the user this link:
+
+```
+https://nodpay.ai/?agent=YOUR_AGENT_ADDRESS
+```
+
+User opens → creates passkey → saves recovery phrase → gets a wallet. Takes 30 seconds.
+
+The user will copy wallet info back to you:
+
+```
+NodPay Wallet (Safe): 0x...
+Passkey X: 0x...
+Passkey Y: 0x...
+Agent: 0x...
+Recovery Signer: 0x...
+```
+
+**Store all fields** — you need them for proposing transactions.
+
+#### Wallet file management
+
+Store wallet info in `.nodpay/wallets/` in your workspace root (separate from skill code):
+
+```
+.nodpay/wallets/
+  0xAbC...123.json             # one file per wallet, named by Safe address
+```
+
+Each wallet file:
+
+```json
+{
+  "safe": "0x...",
+  "signerType": "passkey",
+  "passkeyX": "0x...",
+  "passkeyY": "0x...",
+  "recovery": "0x...",
+  "chain": "sepolia",
+  "createdAt": "2025-01-01"
+}
+```
+
+For EOA wallets, replace passkey fields with `"userSigner": "0x..."`.
+
+One agent key serves all wallets — multi-wallet is handled user-side (different passkeys/recovery keys → different Safe addresses, same agent).
+
+**⚠️ Verify the Agent address matches yours.** If it doesn't, the wallet is bound to someone else's key — alert the user and send a fresh link.
+
+**Multiple wallets**: A user may have multiple wallets (different devices, different passkeys). Before proposing, confirm which wallet to use — especially if you manage more than one.
+
+### Propose a transaction
+
+```bash
+NODPAY_AGENT_KEY=0x... \
+node scripts/propose.mjs \
+  --safe <WALLET_ADDRESS> \
+  --to <RECIPIENT> \
+  --value-eth <AMOUNT> \
+  --passkey-x <PASSKEY_X> \
+  --passkey-y <PASSKEY_Y> \
+  --recovery <RECOVERY_SIGNER> \
+  --signer-type passkey
+```
+
+The script outputs JSON with an `approveUrl`. Send it to the user:
+
+> 💰 Payment: 0.01 ETH → 0xRecipient...
+> 👉 Approve: https://nodpay.ai/approve?safeOpHash=0x...
+
+**First transaction deploys the wallet on-chain.** Pass `--passkey-x`, `--passkey-y`, and `--recovery` for the first tx. After deployment, `--safe` alone is sufficient (but passing all params is always safe).
+
+### Check balance
+
+```bash
+curl -s -X POST https://ethereum-sepolia-rpc.publicnode.com \
+  -H "Content-Type: application/json" \
+  -d '{"jsonrpc":"2.0","method":"eth_getBalance","params":["<WALLET_ADDRESS>","latest"],"id":1}'
+```
+
+If balance is 0, remind the user to deposit before proposing.
+
+### Check pending transactions
+
+```bash
+curl https://nodpay.ai/api/txs?safe=<WALLET_ADDRESS>
+```
+
+Always check before proposing — this tells you the current nonce, pending ops, and wallet status.
+
+---
+
+## Script Reference
+
+### Flags
+
+| Flag | Required | Description |
+|------|----------|-------------|
+| `--safe` | ✅ | Wallet (Safe) address |
+| `--to` | ✅ | Recipient address |
+| `--value-eth` | ✅ | Amount in ETH |
+| `--signer-type` | ✅ | `passkey` or `eoa` |
+| `--passkey-x` | passkey wallets | Passkey public key X |
+| `--passkey-y` | passkey wallets | Passkey public key Y |
+| `--user-signer` | eoa wallets | User's EOA address |
+| `--recovery` | first tx | Recovery signer address |
+| `--nonce` | ❌ | Force nonce (for replacements) |
+| `--purpose` | ❌ | Human-readable label |
+
+### Environment Variables
+
+| Var | Required | Description |
+|-----|----------|-------------|
+| `NODPAY_AGENT_KEY` | ✅ | Agent signing key |
+| `RPC_URL` | ❌ | RPC endpoint (default: Sepolia) |
+| `CHAIN_ID` | ❌ | Chain ID (default: 11155111) |
+| `PIMLICO_API_KEY` | ❌ | Own bundler key (optional, NodPay proxy is default) |
+
+### Supported Chains
+
+`sepolia`, `ethereum`, `base`, `base_sepolia`, `arbitrum`, `optimism`, `polygon`
+
+Set `RPC_URL` and `CHAIN_ID` for non-Sepolia chains. See `references/networks.json` for chain configs.
+
+---
+
+## Transaction Patterns
+
+**Sequential**: Just call propose multiple times. Nonces auto-increment.
+
+**Replace**: Propose with `--nonce N` (same nonce as the pending tx). User picks which to approve.
+
+**Cascade**: Rejecting tx #N auto-invalidates all tx with nonce > N. This is irreversible.
+
+⚠️ **Never propose a new nonce then reject the old one** — the cascade will destroy your new tx too.
+
+---
+
+## Reconnect (Wallet Recovery)
+
+If the user cleared their browser data, the wallet still exists on-chain. Build a reconnect link:
+
+```
+https://nodpay.ai/?agent=YOUR_AGENT_ADDRESS&safe=WALLET_ADDRESS&recovery=RECOVERY_SIGNER&x=PASSKEY_X&y=PASSKEY_Y
+```
+
+User opens → verifies passkey → wallet restored. No on-chain action needed.
+
+---
+
+## Security Model
+
+| Owner | Holder | Can do |
+|-------|--------|--------|
+| Agent EOA | You | Propose only |
+| Passkey | User's device | Approve or reject |
+| Recovery | User's 12-word phrase | Backup access |
+
+- 2-of-3 threshold — you cannot execute alone
+- Passkey X/Y are public key material, safe to store
+- No private keys stored on NodPay's server
+- Funds are safe on-chain even if NodPay goes offline
+
+---
+
+## Common Requests
+
+| User says | Action |
+|-----------|--------|
+| "create a wallet" | Send wallet creation link |
+| "send 0.1 ETH to 0x..." | Propose transaction |
+| "balance" | RPC `eth_getBalance` on Safe address |
+| "pending?" | `GET /api/txs?safe=...` |
+| "wallet disappeared" | Send reconnect link |

package/SKILL.md

@@ -0,0 +1,236 @@
+---
+name: nodpay
+description: Propose on-chain payments from a shared wallet. Use when user asks to send crypto, make a payment, or create a shared wallet.
+metadata:
+  { "openclaw": { "requires": { "env": ["NODPAY_AGENT_KEY"] }, "primaryEnv": "NODPAY_AGENT_KEY" } }
+---
+
+# NodPay — Agent Wallet
+
+> Two minds, one wallet.
+
+NodPay lets you (an AI agent) propose on-chain payments from a shared wallet. Your human co-signs with one tap. You cannot spend without their approval.
+
+**When to use**: User asks you to send crypto, make a payment, or create a shared wallet.
+
+## How It Works
+
+```
+You (agent)                          User (human)
+    │                                     │
+    ├─ generate key ─────────────────────►│  (send setup link)
+    │                                     ├─ create wallet on NodPay
+    │◄── wallet info ─────────────────────┤  (user sends back wallet details)
+    │                                     │
+    ├─ propose tx ───► NodPay op-store    │
+    │                     ├── approve link ──►│
+    │                     │◄── sign + submit ─┤
+    │                                     │
+```
+
+The wallet is a **Safe 2-of-3 multisig**. You hold 1 key, the user holds 2 (passkey + recovery). You cannot move funds alone.
+
+---
+
+## Setup (one-time)
+
+### 1. Generate an agent key
+
+```bash
+node -e "const w=require('ethers').Wallet.createRandom();console.log('Address:',w.address,'\nKey:',w.privateKey)"
+```
+
+Store the private key as `NODPAY_AGENT_KEY` in your environment. The address is your public agent identity.
+
+### 2. Send the user a wallet link
+
+Replace `YOUR_AGENT_ADDRESS` with your EOA address and send:
+
+> I've set up a shared wallet for us. Open this link to create your wallet — takes 30 seconds:
+>
+> https://nodpay.ai/?agent=YOUR_AGENT_ADDRESS
+>
+> Just follow the steps: create a passkey, save your recovery phrase, done.
+
+**Use the URL above verbatim.** Do not search for NodPay or guess the URL — `nodpay.ai` is the only correct domain.
+
+User opens → creates passkey → saves recovery phrase → gets a wallet. They will copy wallet info back to you:
+
+```
+NodPay Wallet (Safe): 0x...
+Passkey X: 0x...
+Passkey Y: 0x...
+Agent: 0x...
+Recovery Signer: 0x...
+```
+
+**Store all fields** — you need them for proposing transactions.
+
+#### Wallet file management
+
+Store wallet info in `.nodpay/wallets/` in your workspace root (separate from skill code):
+
+```
+.nodpay/wallets/
+  0xAbC...123.json             # one file per wallet, named by Safe address
+```
+
+Each wallet file:
+
+```json
+{
+  "safe": "0x...",
+  "agentSigner": "0x...",
+  "signerType": "passkey",
+  "passkeyX": "0x...",
+  "passkeyY": "0x...",
+  "recovery": "0x...",
+  "chain": "sepolia",
+  "createdAt": "2025-01-01"
+}
+```
+
+`agentSigner` is your agent's EOA address (derived from `NODPAY_AGENT_KEY`).
+
+For EOA wallets, replace passkey fields with `"userSigner": "0x..."`.
+
+One agent key serves all wallets — multi-wallet is handled user-side (different passkeys/recovery keys → different Safe addresses, same agent).
+
+**⚠️ Verify the Agent address matches yours.** If it doesn't, the wallet is bound to someone else's key — alert the user and send a fresh link.
+
+**Multiple wallets**: A user may have multiple wallets (different devices, different passkeys). Before proposing, confirm which wallet to use — especially if you manage more than one.
+
+### Propose a transaction
+
+First time only — install the propose script:
+
+```bash
+git clone https://github.com/xhyumiracle/nodpay.git
+cd nodpay/skill && npm install
+```
+
+Then propose:
+
+```bash
+cd nodpay/skill && \
+NODPAY_AGENT_KEY=0x... \
+node scripts/propose.mjs \
+  --safe <WALLET_ADDRESS> \
+  --to <RECIPIENT> \
+  --value-eth <AMOUNT> \
+  --passkey-x <PASSKEY_X> \
+  --passkey-y <PASSKEY_Y> \
+  --recovery <RECOVERY_SIGNER> \
+  --signer-type passkey
+```
+
+The script outputs JSON with an `approveUrl`. Send it to the user:
+
+> 💰 Payment: 0.01 ETH → 0xRecipient...
+> 👉 Approve: https://nodpay.ai/approve?safeOpHash=0x...
+
+**First transaction deploys the wallet on-chain.** Pass `--passkey-x`, `--passkey-y`, and `--recovery` for the first tx. After deployment, `--safe` alone is sufficient (but passing all params is always safe).
+
+### Check balance
+
+Use the RPC URL for the wallet's chain (see `references/networks.json`):
+
+```bash
+curl -s -X POST <RPC_URL> \
+  -H "Content-Type: application/json" \
+  -d '{"jsonrpc":"2.0","method":"eth_getBalance","params":["<WALLET_ADDRESS>","latest"],"id":1}'
+```
+
+If balance is 0, remind the user to deposit before proposing.
+
+### Check pending transactions
+
+```bash
+curl https://nodpay.ai/api/txs?safe=<WALLET_ADDRESS>
+```
+
+Always check before proposing — this tells you the current nonce, pending ops, and wallet status.
+
+---
+
+## Script Reference
+
+### Flags
+
+| Flag | Required | Description |
+|------|----------|-------------|
+| `--safe` | ✅ | Wallet (Safe) address |
+| `--to` | ✅ | Recipient address |
+| `--value-eth` | ✅ | Amount in ETH |
+| `--signer-type` | ✅ | `passkey` or `eoa` |
+| `--passkey-x` | passkey wallets | Passkey public key X |
+| `--passkey-y` | passkey wallets | Passkey public key Y |
+| `--user-signer` | eoa wallets | User's EOA address |
+| `--recovery` | first tx | Recovery signer address |
+| `--nonce` | optional | Force nonce (for replacements) |
+| `--purpose` | optional | Human-readable label |
+
+### Environment
+
+Only one env var is required:
+
+| Var | Description |
+|-----|-------------|
+| `NODPAY_AGENT_KEY` | Agent signing key (required) |
+
+Chain config (RPC, bundler, explorer) is auto-resolved from `references/networks.json`. No need to set `RPC_URL`, `CHAIN_ID`, or bundler keys.
+
+### Supported Chains
+
+`sepolia`, `ethereum`, `base`, `base_sepolia`, `arbitrum`, `optimism`, `polygon`
+
+---
+
+## Transaction Patterns
+
+**Sequential**: Just call propose multiple times. Nonces auto-increment (script handles this).
+
+**Replace**: To replace a pending tx, propose with `--nonce N` where N is the nonce of the tx you want to replace. Check pending nonces via `GET /api/txs?safe=<ADDRESS>` — each tx in the response includes its `nonce`.
+
+**Cascade**: Rejecting tx at nonce N auto-invalidates all tx with nonce > N. This is irreversible.
+
+⚠️ **Never propose a new nonce then reject an older one** — the cascade will destroy your new tx too.
+
+---
+
+## Reconnect (Wallet Recovery)
+
+If the user cleared their browser data, the wallet still exists on-chain. Build a reconnect link:
+
+```
+https://nodpay.ai/?agent=YOUR_AGENT_ADDRESS&safe=WALLET_ADDRESS&recovery=RECOVERY_SIGNER&x=PASSKEY_X&y=PASSKEY_Y
+```
+
+User opens → verifies passkey → wallet restored. No on-chain action needed.
+
+---
+
+## Security Model
+
+| Owner | Holder | Can do |
+|-------|--------|--------|
+| Agent EOA | You | Propose only |
+| Passkey | User's device | Approve or reject |
+| Recovery | User's 12-word phrase | Backup access |
+
+- 2-of-3 threshold — you cannot execute alone
+- Passkey X/Y are public key material, safe to store
+- No private keys stored on NodPay's server
+- Funds are safe on-chain even if NodPay goes offline
+
+---
+
+## Common Requests
+
+| User says | Action |
+|-----------|--------|
+| "create a wallet" | Send `https://nodpay.ai/?agent=YOUR_ADDRESS` |
+| "send 0.1 ETH to 0x..." | Propose transaction |
+| "balance" | RPC `eth_getBalance` on Safe address |
+| "pending?" | `GET /api/txs?safe=...` |
+| "wallet disappeared" | Send reconnect link |

package/bin/nodpay.mjs

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+
+const command = process.argv[2];
+
+if (command === 'propose') {
+  // Forward all args after 'propose' to the propose script
+  const scriptPath = new URL('../scripts/propose.mjs', import.meta.url).pathname;
+  process.argv = [process.argv[0], scriptPath, ...process.argv.slice(3)];
+  await import(scriptPath);
+} else if (command === 'version' || command === '--version' || command === '-v') {
+  const { readFileSync } = await import('fs');
+  const pkg = JSON.parse(readFileSync(new URL('../package.json', import.meta.url), 'utf8'));
+  console.log(`nodpay v${pkg.version}`);
+} else {
+  console.log(`Usage: nodpay <command>
+
+Commands:
+  propose   Propose a transaction for human approval
+
+Example:
+  nodpay propose --safe 0x... --to 0x... --value-eth 0.01 --signer-type passkey
+
+Docs: https://nodpay.ai/skill.md`);
+  process.exit(command ? 1 : 0);
+}

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "nodpay",
+  "version": "0.1.0",
+  "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
+  "type": "module",
+  "bin": {
+    "nodpay": "./bin/nodpay.mjs"
+  },
+  "files": [
+    "bin/",
+    "scripts/",
+    "references/",
+    "SKILL.md",
+    "AGENT-NOTES.md"
+  ],
+  "keywords": ["crypto", "wallet", "safe", "multisig", "agent", "erc-4337", "payment"],
+  "author": "xhyumiracle",
+  "license": "MIT",
+  "dependencies": {
+    "@nodpay/core": "^0.1.0",
+    "@safe-global/relay-kit": "^4.1.1",
+    "ethers": "^6.16.0"
+  }
+}

package/references/networks.json

@@ -0,0 +1,91 @@
+{
+  "mainnet": {
+    "ethereum": {
+      "name": "Ethereum",
+      "chainId": 1,
+      "rpcUrl": "https://ethereum-rpc.publicnode.com",
+      "txServiceUrl": "https://safe-transaction-mainnet.safe.global",
+      "safePrefix": "eth",
+      "explorerUrl": "https://etherscan.io",
+      "explorerTxPath": "/tx/",
+      "explorerAddrPath": "/address/",
+      "nativeCurrency": "ETH",
+      "bundlerUrlTemplate": "https://api.pimlico.io/v2/1/rpc?apikey={PIMLICO_API_KEY}"
+    },
+    "base": {
+      "name": "Base",
+      "chainId": 8453,
+      "rpcUrl": "https://base-rpc.publicnode.com",
+      "txServiceUrl": "https://safe-transaction-base.safe.global",
+      "safePrefix": "base",
+      "explorerUrl": "https://basescan.org",
+      "explorerTxPath": "/tx/",
+      "explorerAddrPath": "/address/",
+      "nativeCurrency": "ETH",
+      "gasSponsored": true,
+      "bundlerUrlTemplate": "https://api.pimlico.io/v2/8453/rpc?apikey={PIMLICO_API_KEY}"
+    },
+    "arbitrum": {
+      "name": "Arbitrum",
+      "chainId": 42161,
+      "rpcUrl": "https://arbitrum-one-rpc.publicnode.com",
+      "txServiceUrl": "https://safe-transaction-arbitrum.safe.global",
+      "safePrefix": "arb1",
+      "explorerUrl": "https://arbiscan.io",
+      "explorerTxPath": "/tx/",
+      "explorerAddrPath": "/address/",
+      "nativeCurrency": "ETH",
+      "bundlerUrlTemplate": "https://api.pimlico.io/v2/42161/rpc?apikey={PIMLICO_API_KEY}"
+    },
+    "polygon": {
+      "name": "Polygon",
+      "chainId": 137,
+      "rpcUrl": "https://polygon-bor-rpc.publicnode.com",
+      "txServiceUrl": "https://safe-transaction-polygon.safe.global",
+      "safePrefix": "matic",
+      "explorerUrl": "https://polygonscan.com",
+      "explorerTxPath": "/tx/",
+      "explorerAddrPath": "/address/",
+      "nativeCurrency": "MATIC",
+      "bundlerUrlTemplate": "https://api.pimlico.io/v2/137/rpc?apikey={PIMLICO_API_KEY}"
+    },
+    "optimism": {
+      "name": "Optimism",
+      "chainId": 10,
+      "rpcUrl": "https://optimism-rpc.publicnode.com",
+      "txServiceUrl": "https://safe-transaction-optimism.safe.global",
+      "safePrefix": "oeth",
+      "explorerUrl": "https://optimistic.etherscan.io",
+      "explorerTxPath": "/tx/",
+      "explorerAddrPath": "/address/",
+      "nativeCurrency": "ETH",
+      "bundlerUrlTemplate": "https://api.pimlico.io/v2/10/rpc?apikey={PIMLICO_API_KEY}"
+    }
+  },
+  "testnet": {
+    "sepolia": {
+      "name": "Sepolia (Ethereum)",
+      "chainId": 11155111,
+      "rpcUrl": "https://ethereum-sepolia-rpc.publicnode.com",
+      "txServiceUrl": "https://safe-transaction-sepolia.safe.global",
+      "safePrefix": "sep",
+      "explorerUrl": "https://sepolia.etherscan.io",
+      "explorerTxPath": "/tx/",
+      "explorerAddrPath": "/address/",
+      "nativeCurrency": "ETH",
+      "bundlerUrlTemplate": "https://api.pimlico.io/v2/11155111/rpc?apikey={PIMLICO_API_KEY}"
+    },
+    "base_sepolia": {
+      "name": "Base Sepolia",
+      "chainId": 84532,
+      "rpcUrl": "https://base-sepolia-rpc.publicnode.com",
+      "txServiceUrl": "https://safe-transaction-base-sepolia.safe.global",
+      "safePrefix": "basesep",
+      "explorerUrl": "https://sepolia.basescan.org",
+      "explorerTxPath": "/tx/",
+      "explorerAddrPath": "/address/",
+      "nativeCurrency": "ETH",
+      "bundlerUrlTemplate": "https://api.pimlico.io/v2/84532/rpc?apikey={PIMLICO_API_KEY}"
+    }
+  }
+}

package/scripts/predict-passkey.mjs

@@ -0,0 +1,167 @@
+#!/usr/bin/env node
+/**
+ * Predict a Safe address for a passkey-based wallet (counterfactual).
+ * 
+ * Uses Safe4337Pack with passkey signer support to ensure the Safe setup
+ * includes SharedSigner.configure() for passkey coordinates.
+ *
+ * Env vars:
+ *   NODPAY_AGENT_KEY  - Agent signer private key
+ *   RPC_URL            - RPC endpoint
+ *   CHAIN_ID           - Chain ID (default: 11155111)
+ *   PIMLICO_API_KEY    - Pimlico bundler API key
+ *
+ * Args:
+ *   --raw-id <base64>     - Passkey rawId (base64 encoded)
+ *   --x <hex>             - Passkey public key x coordinate
+ *   --y <hex>             - Passkey public key y coordinate
+ *   --salt <nonce>        - Salt nonce (optional, default: random)
+ *   --chain-id <number>   - Override chain ID
+ *
+ * Output: JSON { predictedAddress, owners, threshold, chainId, salt, deployed, passkeyCoordinates }
+ */
+
+import { Safe4337Pack } from '@safe-global/relay-kit';
+import Safe, { getMultiSendContract, encodeMultiSendData, SafeProvider } from '@safe-global/protocol-kit';
+import { OperationType } from '@safe-global/types-kit';
+import { ethers } from 'ethers';
+
+const SHARED_SIGNER_ADDRESS = '0x94a4F6affBd8975951142c3999aEAB7ecee555c2';
+
+// Default P-256 verifier (FCLP256Verifier) on major chains
+// From safe-modules-deployments v0.2.1
+const FCLP256_VERIFIERS = {
+  '11155111': '0x445a0683e494ea0c5AF3E83c5159fBE47Cf9e765', // Sepolia
+  '1':        '0x445a0683e494ea0c5AF3E83c5159fBE47Cf9e765', // Mainnet
+  '8453':     '0x445a0683e494ea0c5AF3E83c5159fBE47Cf9e765', // Base
+  '84532':    '0x445a0683e494ea0c5AF3E83c5159fBE47Cf9e765', // Base Sepolia
+  '42161':    '0x445a0683e494ea0c5AF3E83c5159fBE47Cf9e765', // Arbitrum
+  '10':       '0x445a0683e494ea0c5AF3E83c5159fBE47Cf9e765', // Optimism
+  '137':      '0x445a0683e494ea0c5AF3E83c5159fBE47Cf9e765', // Polygon
+};
+
+const RPC_URL = process.env.RPC_URL || 'https://ethereum-sepolia-rpc.publicnode.com';
+const NODPAY_AGENT_KEY = process.env.NODPAY_AGENT_KEY;
+const PIMLICO_API_KEY = process.env.PIMLICO_API_KEY;
+
+if (!NODPAY_AGENT_KEY) {
+  console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY env var' }));
+  process.exit(1);
+}
+if (!PIMLICO_API_KEY) {
+  console.error(JSON.stringify({ error: 'Missing PIMLICO_API_KEY env var' }));
+  process.exit(1);
+}
+
+const agentWallet = new ethers.Wallet(NODPAY_AGENT_KEY);
+const DEFAULT_AGENT_ADDRESS = agentWallet.address;
+
+const args = process.argv.slice(2);
+function getArg(name) {
+  const idx = args.indexOf(name);
+  return idx !== -1 ? args[idx + 1] : undefined;
+}
+
+const rawId = getArg('--raw-id');
+const x = getArg('--x');
+const y = getArg('--y');
+const CHAIN_ID = parseInt(getArg('--chain-id') || process.env.CHAIN_ID || '11155111', 10);
+const salt = getArg('--salt') || Math.floor(Math.random() * 1_000_000_000).toString();
+// Agent address can be overridden via --agent flag (for multi-agent support)
+const AGENT_ADDRESS = getArg('--agent') || DEFAULT_AGENT_ADDRESS;
+const RECOVERY_ADDRESS = getArg('--recovery'); // Optional 3rd owner for 2-of-3
+
+if (!x || !y) {
+  console.error(JSON.stringify({ error: 'Missing --x <hex> and --y <hex> passkey coordinates' }));
+  process.exit(1);
+}
+
+try {
+  const owners = RECOVERY_ADDRESS
+    ? [AGENT_ADDRESS, SHARED_SIGNER_ADDRESS, RECOVERY_ADDRESS]
+    : [AGENT_ADDRESS, SHARED_SIGNER_ADDRESS];
+  const threshold = 2;
+  const bundlerUrl = `https://api.pimlico.io/v2/${CHAIN_ID}/rpc?apikey=${PIMLICO_API_KEY}`;
+  const verifier = FCLP256_VERIFIERS[String(CHAIN_ID)] || FCLP256_VERIFIERS['11155111'];
+
+  // Encode SharedSigner.configure() — stores passkey coordinates in Safe's storage
+  const sharedSignerIface = new ethers.Interface([
+    'function configure((uint256 x, uint256 y, uint176 verifiers) signer)'
+  ]);
+  const configureData = sharedSignerIface.encodeFunctionData('configure', [{
+    x: BigInt(x),
+    y: BigInt(y),
+    verifiers: BigInt(verifier)
+  }]);
+
+  // We need Safe4337Pack to use our custom setup that includes:
+  // 1. enableModules([Safe4337Module]) — done by Safe4337Pack
+  // 2. SharedSigner.configure({x, y, verifiers}) — we need to inject this
+  //
+  // Strategy: Initialize Safe4337Pack normally, then monkey-patch protocolKit
+  // to include our configure call in the predicted Safe config.
+  
+  // First, init Safe4337Pack to get module addresses and standard config
+  const safe4337Pack = await Safe4337Pack.init({
+    provider: RPC_URL,
+    signer: NODPAY_AGENT_KEY,
+    bundlerUrl,
+    options: {
+      owners,
+      threshold,
+      saltNonce: salt,
+    },
+  });
+
+  // Get the address WITHOUT passkey config (this is what we had before — wrong)
+  const addressWithoutPasskey = await safe4337Pack.protocolKit.getAddress();
+
+  // Now create a new Safe4337Pack with passkey signer to get the CORRECT address
+  // We pass a fake passkey signer object that Safe4337Pack recognizes
+  const passkeySignerObj = {
+    rawId: rawId || 'passkey-' + salt,
+    coordinates: { x, y },
+    customVerifierAddress: verifier,
+  };
+
+  const ownersForPasskeyPack = RECOVERY_ADDRESS
+    ? [AGENT_ADDRESS, RECOVERY_ADDRESS] // SharedSigner will be auto-added by SDK
+    : [AGENT_ADDRESS]; // SharedSigner will be auto-added by SDK
+  const safe4337PackWithPasskey = await Safe4337Pack.init({
+    provider: RPC_URL,
+    signer: passkeySignerObj,
+    bundlerUrl,
+    options: {
+      owners: ownersForPasskeyPack,
+      threshold,
+      saltNonce: salt,
+    },
+  });
+
+  const predictedAddress = await safe4337PackWithPasskey.protocolKit.getAddress();
+
+  // Check if already deployed
+  const provider = new ethers.JsonRpcProvider(RPC_URL);
+  const code = await provider.getCode(predictedAddress);
+  const deployed = code !== '0x';
+
+  const result = {
+    predictedAddress,
+    owners,
+    threshold,
+    chainId: CHAIN_ID,
+    salt,
+    deployed,
+    sharedSigner: SHARED_SIGNER_ADDRESS,
+    verifier,
+    passkeyCoordinates: { x, y },
+    rawId: rawId || null,
+    // For debugging: show old address without passkey config
+    _addressWithoutPasskeyConfig: addressWithoutPasskey,
+  };
+
+  console.log(JSON.stringify(result, null, 2));
+} catch (error) {
+  console.error(JSON.stringify({ error: error.message || String(error) }));
+  process.exit(1);
+}

package/scripts/propose.mjs

@@ -0,0 +1,487 @@
+#!/usr/bin/env node
+/**
+ * Create and partially sign a Safe UserOperation via ERC-4337.
+ * Alternative to propose-tx.mjs for 4337/passkey users.
+ *
+ * The agent signs first (1 of 2). The serialized SafeOperation is
+ * output so the web app can have the user co-sign and submit.
+ *
+ * Env vars:
+ *   NODPAY_AGENT_KEY  - Agent signer private key
+ *   SAFE_ADDRESS       - Deployed Safe address (can be overridden with --safe)
+ *   RPC_URL            - RPC endpoint
+ *   CHAIN_ID           - Chain ID (default: 11155111)
+ *
+ * Args:
+ *   --to <address>           - Recipient address
+ *   --value-eth <amount>     - Value in ETH (default: 0)
+ *   --purpose <text>         - Human-readable purpose
+ *   --safe <address>         - Override SAFE_ADDRESS
+ *   --counterfactual         - Safe not yet deployed; include deployment in UserOp
+ *   --user-signer <address>  - User's signer address (required for counterfactual)
+ *   --salt <nonce>           - Salt nonce (required for counterfactual)
+ *   --reuse-gas-from <shortHash>  - Reuse gas values from a previous op (shortHash prefix of safeOpHash)
+ *   --nonce <n>              - Override nonce
+ *
+ * Output: JSON with userOpHash, safeTxHash, safeOperationJson, etc.
+ */
+
+import { Safe4337Pack } from '@safe-global/relay-kit';
+import { ethers } from 'ethers';
+import { writeFileSync, mkdirSync } from 'fs';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+import { computeUserOpHash, ENTRYPOINT } from '@nodpay/core';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const PENDING_DIR = join(__dirname, '..', '.pending-txs');
+mkdirSync(PENDING_DIR, { recursive: true });
+
+const RPC_URL = process.env.RPC_URL || 'https://ethereum-sepolia-rpc.publicnode.com';
+const CHAIN_ID = process.env.CHAIN_ID || '11155111';
+const ENTRYPOINT_ADDRESS = ENTRYPOINT;
+const NODPAY_AGENT_KEY = process.env.NODPAY_AGENT_KEY;
+const DEFAULT_SAFE = process.env.SAFE_ADDRESS;
+
+// Safe4337Pack.init requires a bundlerUrl — it calls eth_chainId during init.
+// Use the NodPay server's bundler proxy so agents don't need their own bundler key.
+// Fallback to pimlico if PIMLICO_API_KEY is set (for local dev/testing).
+const PIMLICO_API_KEY = process.env.PIMLICO_API_KEY;
+const isProd = (process.env.NODE_ENV || 'production') === 'production';
+const opStoreBase = process.env.OP_STORE_URL || (isProd ? 'https://nodpay.ai/api' : 'http://localhost:8766');
+const BUNDLER_URL = PIMLICO_API_KEY
+  ? `https://api.pimlico.io/v2/${CHAIN_ID}/rpc?apikey=${PIMLICO_API_KEY}`
+  : `${opStoreBase}/bundler/${CHAIN_ID}`;
+
+if (!NODPAY_AGENT_KEY) {
+  console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY env var' }));
+  process.exit(1);
+}
+
+const agentWallet = new ethers.Wallet(NODPAY_AGENT_KEY);
+const AGENT_ADDRESS = agentWallet.address;
+
+const args = process.argv.slice(2);
+function getArg(name) {
+  const idx = args.indexOf(name);
+  return idx !== -1 ? args[idx + 1] : undefined;
+}
+function hasFlag(name) {
+  return args.includes(name);
+}
+
+const to = getArg('--to');
+const valueEth = getArg('--value-eth') || getArg('--value') || '0';
+const purpose = getArg('--purpose') || 'Unspecified';
+const safeOverride = getArg('--safe');
+let isCounterfactual = hasFlag('--counterfactual');
+const userSigner = getArg('--user-signer');
+const salt = getArg('--salt') || '1001';
+
+// Passkey support
+const passkeyX = getArg('--passkey-x');
+const passkeyY = getArg('--passkey-y');
+const passkeyRawId = getArg('--passkey-raw-id');
+const passkeyVerifier = getArg('--passkey-verifier') || '0x445a0683e494ea0c5AF3E83c5159fBE47Cf9e765';
+const recoveryAddress = getArg('--recovery');
+const isPasskey = !!(passkeyX && passkeyY);
+
+if (!to) {
+  console.error(JSON.stringify({ error: 'Missing --to <address>' }));
+  process.exit(1);
+}
+
+if (!ethers.isAddress(to)) {
+  console.error(JSON.stringify({ error: `Invalid recipient address: ${to}` }));
+  process.exit(1);
+}
+
+const SAFE_ADDRESS = safeOverride || DEFAULT_SAFE;
+
+if (!isCounterfactual && !SAFE_ADDRESS) {
+  console.error(JSON.stringify({ error: 'Missing SAFE_ADDRESS. Use --safe <address> or set SAFE_ADDRESS env, or use --counterfactual.' }));
+  process.exit(1);
+}
+
+// Auto-detect counterfactual: if --safe given but not deployed, switch to counterfactual
+if (!isCounterfactual && SAFE_ADDRESS) {
+  const _provider = new ethers.JsonRpcProvider(RPC_URL);
+  const _code = await _provider.getCode(SAFE_ADDRESS);
+  if (_code === '0x') {
+    isCounterfactual = true;
+    console.error(`[INFO] Safe ${SAFE_ADDRESS} not deployed, switching to counterfactual mode`);
+  }
+}
+
+if (isCounterfactual && !userSigner && !isPasskey) {
+  console.error(JSON.stringify({ error: '--counterfactual requires --user-signer <address> (or use passkey mode)' }));
+  process.exit(1);
+}
+
+const value = ethers.parseEther(valueEth).toString();
+
+/**
+ * Fetch conservative gas values from chain RPC.
+ * Uses gasPrice × 3 as a buffer for fee volatility.
+ * Gas limits are hardcoded floors that comfortably cover P-256 FCL verification.
+ * Excess gas limits are NOT charged — actual fee = actual gas used × actual price.
+ */
+/**
+ * Gas estimation from measured components — no bundler needed.
+ * See ARCHITECTURE.md Section 2. Excess limits are NOT charged on-chain.
+ *
+ * ┌─────────────────────────────────┬──────────┬────────────────────────────────┐
+ * │ Component                       │ Measured │ Source                         │
+ * ├─────────────────────────────────┼──────────┼────────────────────────────────┤
+ * │ Safe proxy CREATE2 + setup()    │  425,000 │ deploy(777k) - call(352k)      │
+ * │ EntryPoint handleOps overhead   │   55,000 │ receipt - inner execution       │
+ * │ Safe validateUserOp (non-P256)  │   45,000 │ signature decode + module call  │
+ * │ Safe executeUserOp dispatch     │   30,000 │ module → execTransaction        │
+ * │ ETH transfer (base cost)        │   21,000 │ EVM constant                   │
+ * │ P-256 via RIP-7212 precompile   │   27,000 │ estimateGas on all 7 chains    │
+ * │ P-256 via FCL library fallback  │  400,000 │ observed range 200-400k        │
+ * │ initCode validation overhead    │   50,000 │ factory call decode + verify    │
+ * ├─────────────────────────────────┼──────────┼────────────────────────────────┤
+ * │ Safety multiplier               │    1.4x  │ covers browser variance in     │
+ * │                                 │          │ clientDataJSON length           │
+ * └─────────────────────────────────┴──────────┴────────────────────────────────┘
+ *
+ * All supported chains have RIP-7212, but we size for FCL fallback
+ * in case new chains without precompile are added.
+ */
+
+/**
+ * Gas baselines from bundler simulation on Sepolia (with RIP-7212 precompile).
+ * These are the bundler's own estimates for successful txs — the most accurate reference.
+ *
+ *   Scenario  │ vGL       │ cGL     │ pvG     │ P-256 method
+ *   ──────────┼───────────┼─────────┼─────────┼──────────────
+ *   deploy    │ 2,653,312 │ 213,422 │ 194,498 │ precompile (27k)
+ *   call      │   500,000 │ 218,222 │ 176,846 │ precompile (27k)
+ *
+ * For chains without RIP-7212, P-256 goes through FCL library (~400k).
+ * Delta = 400k - 27k = 373k added to vGL.
+ *
+ * Safety: 1.2x multiplier on baselines (covers browser clientDataJSON variance).
+ */
+const BUNDLER_BASELINE = {
+  deploy: { vgl: 2653312n, cgl: 213422n, pvg: 194498n },
+  call:   { vgl:  500000n, cgl: 218222n, pvg: 176846n },
+};
+
+const P256_PRECOMPILE_COST = 27000n;
+const P256_FCL_COST = 400000n;
+const P256_DELTA = P256_FCL_COST - P256_PRECOMPILE_COST; // 373k extra without precompile
+
+// Chains with RIP-7212 precompile (verified via estimateGas on address 0x100)
+const HAS_P256_PRECOMPILE = new Set([
+  '1', '8453', '42161', '10', '137',     // mainnets
+  '11155111', '84532',                     // testnets
+]);
+
+const SAFETY = 12n; // 1.2x (divide by 10)
+
+function estimateGas(isCounterfactual, chainId) {
+  const base = isCounterfactual ? BUNDLER_BASELINE.deploy : BUNDLER_BASELINE.call;
+  const hasPrecompile = HAS_P256_PRECOMPILE.has(String(chainId));
+
+  let vgl = base.vgl;
+  if (!hasPrecompile) vgl += P256_DELTA;
+
+  return {
+    verificationGasLimit: vgl * SAFETY / 10n,
+    callGasLimit:         base.cgl * SAFETY / 10n,
+    preVerificationGas:   base.pvg * SAFETY / 10n,
+  };
+}
+
+async function getDefaultGasValues(isCounterfactual = false, chainId = CHAIN_ID) {
+  const provider = new ethers.JsonRpcProvider(RPC_URL);
+  const feeData = await provider.getFeeData();
+  const gasPrice = feeData.gasPrice || ethers.parseUnits('20', 'gwei');
+  const FEE_MULTIPLIER = 3n; // covers gas price volatility between propose → approve
+
+  return {
+    ...estimateGas(isCounterfactual, chainId),
+    maxFeePerGas: (gasPrice * FEE_MULTIPLIER).toString(),
+    maxPriorityFeePerGas: (ethers.parseUnits('2', 'gwei') * FEE_MULTIPLIER).toString(),
+  };
+}
+
+try {
+  // Build init options for Safe4337Pack
+  // For passkey Safes, use passkey object as signer to get correct initCode
+  // (includes SharedSigner.configure() in setup). Agent signs manually afterward.
+  const initOptions = {
+    provider: RPC_URL,
+    bundlerUrl: BUNDLER_URL,
+  };
+
+  if (isPasskey) {
+    // Passkey signer: Safe4337Pack auto-adds SharedSigner + configure() to setup
+    initOptions.signer = {
+      rawId: passkeyRawId || '0xdeadbeef',
+      coordinates: { x: passkeyX, y: passkeyY },
+      customVerifierAddress: passkeyVerifier,
+    };
+    if (isCounterfactual) {
+      const passkeyOwners = recoveryAddress
+        ? [AGENT_ADDRESS, recoveryAddress] // SharedSigner auto-added by SDK
+        : [AGENT_ADDRESS]; // SharedSigner auto-added by SDK
+      initOptions.options = {
+        owners: passkeyOwners,
+        threshold: 2,
+      };
+      if (salt) initOptions.options.saltNonce = salt;
+    } else {
+      initOptions.options = { safeAddress: SAFE_ADDRESS };
+    }
+  } else {
+    // EOA signer: agent key as primary signer
+    initOptions.signer = NODPAY_AGENT_KEY;
+    if (isCounterfactual) {
+      // Canonical owner order: [userSigner, agent, recovery] — must match frontend
+      const eoaOwners = recoveryAddress
+        ? [userSigner, AGENT_ADDRESS, recoveryAddress]
+        : [userSigner, AGENT_ADDRESS];
+      initOptions.options = {
+        owners: eoaOwners,
+        threshold: 2,
+      };
+      if (salt) initOptions.options.saltNonce = salt;
+    } else {
+      initOptions.options = { safeAddress: SAFE_ADDRESS };
+    }
+  }
+
+  const safe4337Pack = await Safe4337Pack.init(initOptions);
+
+  const safeAddress = await safe4337Pack.protocolKit.getAddress();
+
+  // Auto-detect deployment status: if Safe is already deployed, drop counterfactual
+  if (isCounterfactual) {
+    const provider = new ethers.JsonRpcProvider(RPC_URL);
+    const code = await provider.getCode(safeAddress);
+    if (code !== '0x') {
+      isCounterfactual = false;
+      // Re-init without counterfactual options to avoid initCode
+      initOptions.options = { safeAddress };
+      if (isPasskey) {
+        // Keep passkey signer for correct module handling
+      } else {
+        // For EOA, just set safeAddress
+      }
+      // Note: Safe4337Pack will skip initCode for deployed Safes automatically
+      // since protocolKit detects deployment status
+    }
+  }
+
+  // Nonce + gas management for sequential proposals
+  const customNonceArg = getArg('--nonce');
+  const reuseGasFrom = getArg('--reuse-gas-from'); // shortHash of a previous op to copy gas values from
+  let txOptions = {};
+  const isProd = (process.env.NODE_ENV || 'production') === 'production';
+  const opStoreUrl = process.env.OP_STORE_URL || (isProd ? 'https://nodpay.ai/api' : 'http://localhost:8766');
+  const safeAddr = await safe4337Pack.protocolKit.getAddress();
+
+  // Determine nonce: on-chain nonce is the source of truth.
+  // For queued ops, find the highest pending nonce and increment.
+  if (customNonceArg !== undefined) {
+    txOptions.customNonce = BigInt(customNonceArg);
+  } else {
+    try {
+      const provider = new ethers.JsonRpcProvider(RPC_URL);
+      const ep = new ethers.Contract('0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789',
+        ['function getNonce(address,uint192) view returns (uint256)'], provider);
+      const onChainNonce = await ep.getNonce(safeAddr, 0);
+
+      // Check pending ops to find the highest queued nonce
+      const listRes = await fetch(`${opStoreUrl}/txs?safe=${safeAddr}&chain=${CHAIN_ID}`);
+      let nextNonce = onChainNonce;
+      if (listRes.ok) {
+        const listData = await listRes.json();
+        for (const op of (listData.txs || listData.ops || [])) {
+          const opNonce = BigInt(op.nonce ?? -1);
+          if (opNonce >= onChainNonce && opNonce >= nextNonce) {
+            nextNonce = opNonce + 1n;
+          }
+        }
+      }
+      // Only set custom nonce if we need to skip ahead for queuing
+      if (nextNonce > onChainNonce) {
+        txOptions.customNonce = nextNonce;
+      }
+      // else: let SDK use on-chain nonce naturally
+    } catch (e) {
+      // Non-fatal: SDK will use its own nonce detection
+    }
+  }
+
+  // Resolve gas values: use hardcoded defaults (from RPC gas price) always.
+  // If --reuse-gas-from is provided and fetch succeeds, use those values instead
+  // (useful for re-proposing ops with identical gas parameters).
+  let gasValues = await getDefaultGasValues(isCounterfactual);
+
+  if (reuseGasFrom) {
+    try {
+      const refRes = await fetch(`${opStoreUrl}/tx/${reuseGasFrom}`);
+      if (refRes.ok) {
+        const refData = await refRes.json();
+        const uo = refData.data?.safeOperationJson?.userOperation;
+        if (uo) {
+          gasValues = {
+            callGasLimit: BigInt(uo.callGasLimit),
+            verificationGasLimit: BigInt(uo.verificationGasLimit),
+            preVerificationGas: BigInt(uo.preVerificationGas),
+            maxFeePerGas: BigInt(uo.maxFeePerGas),
+            maxPriorityFeePerGas: BigInt(uo.maxPriorityFeePerGas),
+          };
+          console.error(`[INFO] Reusing gas values from op ${reuseGasFrom}`);
+        }
+      }
+    } catch (e) {
+      // Non-fatal: fall through to defaults already set
+      console.error(`[INFO] Could not fetch gas from ${reuseGasFrom}, using defaults`);
+    }
+  }
+
+  // Monkey-patch getEstimateFee to always use our hardcoded gas values.
+  // This bypasses bundler simulation entirely — the dummy bundlerUrl is never called.
+  // Gas limits are set conservatively high; excess is NOT charged on-chain.
+  safe4337Pack.getEstimateFee = async ({ safeOperation }) => {
+    safeOperation.addEstimations(gasValues);
+    return safeOperation;
+  };
+
+  // Create the transaction as a SafeOperation (UserOp wrapper)
+  const safeOperation = await safe4337Pack.createTransaction({
+    transactions: [{ to, value, data: '0x' }],
+    options: txOptions,
+  });
+
+  // Agent signs (1 of 2 signatures)
+  // For passkey Safes, the pack's signer is the passkey (not agent key),
+  // so we sign manually with the agent's private key.
+  // Use the SDK's own hash computation — safeOperation.getHash() uses viem.hashTypedData
+  // This is the canonical hash that matches the on-chain verification
+  function bigintReplacer(key, val) {
+    return typeof val === 'bigint' ? val.toString() : val;
+  }
+  const safeOpHash = safeOperation.getHash();
+  const rawSafeOp = safeOperation.getSafeOperation();
+  const eip712Types = safeOperation.getEIP712Type();
+  const eip712Domain = {
+    chainId: parseInt(CHAIN_ID, 10),
+    verifyingContract: safeOperation.options.moduleAddress,
+  };
+
+  // Always sign manually with the agent's private key over the canonical hash
+  // (Using SDK's signSafeOperation would apply viem hex transforms that produce
+  //  a different hash than getHash(), making server-side verification impossible)
+  const sig = agentWallet.signingKey.sign(safeOpHash);
+  const agentSig = ethers.Signature.from(sig).serialized;
+  safeOperation.addSignature({
+    signer: AGENT_ADDRESS,
+    data: agentSig,
+    isContractSignature: false,
+  });
+  const signedOperation = safeOperation;
+
+  // Serialize the SafeOperation for the web app
+  const safeOperationJson = JSON.parse(JSON.stringify({
+    userOperation: signedOperation.userOperation,
+    options: signedOperation.options,
+    signatures: Object.fromEntries(signedOperation.signatures || new Map()),
+  }, bigintReplacer));
+
+  // Include EIP-712 data so web app can use eth_signTypedData_v4
+  const safeOpForSigning = JSON.parse(JSON.stringify({
+    domain: eip712Domain,
+    types: eip712Types,
+    value: rawSafeOp,
+  }, bigintReplacer));
+
+  safeOperationJson.safeOpHash = safeOpHash;
+  safeOperationJson.eip712 = safeOpForSigning;
+
+  // Compute the real EntryPoint userOpHash (for bundler receipt lookup)
+  const entryPointUserOpHash = computeUserOpHash(signedOperation.userOperation, parseInt(CHAIN_ID, 10));
+
+  const shortId = safeOpHash.slice(2, 10);
+
+  const result = {
+    userOpHash: entryPointUserOpHash,
+    safeOpHash,
+    shortId,
+    to,
+    value,
+    valueEth,
+    purpose,
+    safeAddress,
+    counterfactual: isCounterfactual,
+    status: 'pending_user_signature',
+    chainId: parseInt(CHAIN_ID, 10),
+    safeOperationJson,
+    createdAt: new Date().toISOString(),
+  };
+
+  // Save locally for tracking
+  writeFileSync(join(PENDING_DIR, `4337-${shortId}.json`), JSON.stringify(result, null, 2));
+
+  // Store to op-store API for hash-based web app lookup
+  // NOTE: signerType intentionally NOT sent — it's determined by user's browser
+  // (localStorage), not by agent. See ARCHITECTURE.md Client Verification Chain.
+  const storePayload = {
+    safeOperationJson,
+    userOpHash: entryPointUserOpHash,
+    to,
+    value,
+    valueEth,
+    // purpose intentionally NOT stored server-side — privacy by design
+    // purpose is passed via URL param in the approve link (private Telegram channel)
+    safeAddress,
+    chainId: parseInt(CHAIN_ID, 10),
+    counterfactual: isCounterfactual,
+    agent: AGENT_ADDRESS,
+    agentSignature: safeOperationJson.signatures,
+    createdAt: new Date().toISOString(),
+  };
+
+  // Extract raw agent signature for server auth
+  const agentSigEntry = Object.values(safeOperationJson.signatures || {})[0];
+  const rawAgentSignature = agentSigEntry?.data || null;
+
+  let approveUrl = null;
+  try {
+    const storeRes = await fetch(`${opStoreUrl}/tx`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        ...storePayload,
+        agentSignature: rawAgentSignature,
+        agentAddress: AGENT_ADDRESS,
+      }),
+    });
+    const storeData = await storeRes.json();
+    if (!storeRes.ok) {
+      result.opStoreError = storeData.error || `HTTP ${storeRes.status}`;
+    }
+    if (storeData.shortHash) {
+      const webBase = process.env.WEB_APP_URL || (isProd ? 'https://nodpay.ai' : 'https://bot.xhyumiracle.com/nodpay/index.html');
+      const purposeParam = purpose && purpose !== 'Unspecified' ? `&purpose=${encodeURIComponent(purpose)}` : '';
+      approveUrl = `${webBase}approve?safeOpHash=${storeData.safeOpHash}${purposeParam}`;
+      result.approveUrl = approveUrl;
+      result.opStoreSafeOpHash = storeData.safeOpHash;
+      result.opStoreShortHash = storeData.shortHash;
+    }
+  } catch (e) {
+    // Non-fatal: op-store might not be running
+    result.opStoreError = e.message;
+  }
+
+  console.log(JSON.stringify(result, null, 2));
+
+} catch (error) {
+  console.error(JSON.stringify({ error: error.message || String(error) }));
+  process.exit(1);
+}