nodpay 0.2.15 → 0.2.17

package/SKILL.md

@@ -1,6 +1,17 @@
 ---
 name: nodpay
 description: Propose on-chain payments from a shared wallet. Use when user asks to send crypto, make a payment, or create a shared wallet.
+metadata:
+  {
+    "openclaw":
+      {
+        "requires": { "bins": ["npx", "curl"] },
+        "install": [{ "id": "node", "kind": "node", "package": "nodpay", "bins": ["npx"], "label": "Install NodPay CLI (npm)" }]
+      },
+    "credentials": "Agent signing key stored in .nodpay/.env (generated by npx nodpay keygen, never exposed to agent context)",
+    "persistence": [".nodpay/.env (agent key, chmod 600)", ".nodpay/wallets/*.json (wallet info, public key material)"],
+    "network": ["nodpay.ai (op-store relay + wallet creation UI)", "Public RPC endpoints via --chain"]
+  }
 ---
 
 # NodPay — Agent Wallet
@@ -15,9 +26,9 @@ You propose payments, your human approves with one tap. 2-of-3 multisig — you
 
 - **Your private key never leaves disk.** `keygen` writes to `.nodpay/.env` (chmod 600) — never in stdout, context, or logs.
 - **You can only propose.** Execution requires human co-sign (passkey). No single party can move funds.
-- **Wallet info is public key material.** Safe address, passkey X/Y, recovery signer — all safe to store.
+- **Wallet info is public key material.** Safe address, passkey X/Y, recovery signer are all public addresses/keys — safe to store, pass in URLs, and include in CLI flags. No secrets are ever exposed in commands or URLs.
 - **Recovery key is user-held.** The 12-word phrase generates a third signer the user controls. If the agent key or passkey is lost, the user can still recover funds — the agent never has unilateral access.
-- **NodPay server is a stateless relay.** It forwards signed operations to the chain — no private keys, no custody, no accounts. Self-hostable via `OP_STORE_URL`. If the server goes offline, funds stay safe on-chain.
+- **NodPay server is a stateless relay.** It forwards signed operations to the chain — no private keys, no custody, no accounts. If the server goes offline, funds stay safe on-chain.
 - **The web app is a convenience layer.** It helps users create wallets and approve transactions. All crypto operations happen client-side; nothing sensitive is stored server-side.
 - **Verify the agent address matches yours** before storing wallet info. Mismatch = wrong key binding.
 
@@ -48,7 +59,7 @@ Outputs your **public address** only. No restart needed.
 > I've set up a shared wallet for us — takes 30 seconds:
 > https://nodpay.ai/?agent=YOUR_AGENT_ADDRESS
 
-**Use this URL verbatim.** Do not search or guess — `nodpay.ai` is the only correct domain.
+The official domain is `nodpay.ai` — do not confuse with similarly named services.
 
 User copies back wallet info → store in `.nodpay/wallets/<safe-address>.json`.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodpay",
-  "version": "0.2.15",
+  "version": "0.2.17",
   "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
   "type": "module",
   "bin": {

package/scripts/propose.mjs

@@ -59,11 +59,7 @@ if (chainArg) {
   RPC_URL = net.rpcUrl;
   CHAIN_ID = String(net.chainId);
 } else {
-  RPC_URL = process.env.RPC_URL;
-  CHAIN_ID = process.env.CHAIN_ID;
-}
-if (!RPC_URL || !CHAIN_ID) {
-  console.error('Error: Specify --chain <name> or set RPC_URL + CHAIN_ID env vars.\nSupported chains: ' + Object.keys(allChains).join(', '));
+  console.error('Error: --chain is required.\nSupported: ' + Object.keys(allChains).join(', '));
   process.exit(1);
 }
 const ENTRYPOINT_ADDRESS = ENTRYPOINT;
@@ -87,14 +83,27 @@ function loadAgentKey() {
   return null;
 }
 const NODPAY_AGENT_KEY = loadAgentKey();
-const DEFAULT_SAFE = process.env.SAFE_ADDRESS;
+const DEFAULT_SAFE = null; // always use --safe flag
 
 // BUNDLER: NodPay provides a public bundler proxy at nodpay.ai/api/bundler so
 // agents don't need their own bundler API key. This is a thin relay — it
 // forwards the UserOp to a bundler service and returns the result. The proxy
 // only sees the already-signed (partial) UserOp; it cannot modify or execute it.
-// For self-hosted setups, override with OP_STORE_URL env var.
-const opStoreBase = process.env.OP_STORE_URL || 'https://nodpay.ai/api';
+// For self-hosted setups, set OP_STORE_URL in .nodpay/.env.
+function loadDotEnvVar(name, fallback) {
+  try {
+    const envPath = join(process.cwd(), '.nodpay', '.env');
+    const lines = readFileSync(envPath, 'utf8').split('\n');
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (trimmed.startsWith('#') || !trimmed.includes('=')) continue;
+      const [k, ...rest] = trimmed.split('=');
+      if (k.trim() === name) return rest.join('=').trim().replace(/^["']|["']$/g, '');
+    }
+  } catch {}
+  return fallback;
+}
+const opStoreBase = loadDotEnvVar('OP_STORE_URL', 'https://nodpay.ai/api');
 const BUNDLER_URL = `${opStoreBase}/bundler/${CHAIN_ID}`;
 
 if (!NODPAY_AGENT_KEY) {
@@ -324,7 +333,7 @@ try {
   const customNonceArg = getArg('--nonce');
   const reuseGasFrom = getArg('--reuse-gas-from'); // shortHash of a previous op to copy gas values from
   let txOptions = {};
-  const opStoreUrl = process.env.OP_STORE_URL || 'https://nodpay.ai/api';
+  const opStoreUrl = opStoreBase;
   const safeAddr = await safe4337Pack.protocolKit.getAddress();
 
   // Determine nonce: on-chain nonce is the source of truth.
@@ -510,7 +519,7 @@ try {
       result.opStoreError = storeData.error || `HTTP ${storeRes.status}`;
     }
     if (storeData.shortHash) {
-      const webBase = process.env.WEB_APP_URL || 'https://nodpay.ai/';
+      const webBase = loadDotEnvVar('WEB_APP_URL', 'https://nodpay.ai/');
       const purposeParam = purpose && purpose !== 'Unspecified' ? `&purpose=${encodeURIComponent(purpose)}` : '';
       approveUrl = `${webBase}approve?safeOpHash=${storeData.safeOpHash}${purposeParam}`;
       result.approveUrl = approveUrl;