nodpay 0.2.17 → 0.2.19

package/SKILL.md

@@ -6,10 +6,11 @@ metadata:
     "openclaw":
       {
         "requires": { "bins": ["npx", "curl"] },
-        "install": [{ "id": "node", "kind": "node", "package": "nodpay", "bins": ["npx"], "label": "Install NodPay CLI (npm)" }]
+        "homepage": "https://nodpay.ai",
+        "install": [{ "id": "node", "kind": "node", "package": "nodpay", "label": "Install NodPay CLI (npm)" }]
       },
-    "credentials": "Agent signing key stored in .nodpay/.env (generated by npx nodpay keygen, never exposed to agent context)",
-    "persistence": [".nodpay/.env (agent key, chmod 600)", ".nodpay/wallets/*.json (wallet info, public key material)"],
+    "credentials": "Agent signing key stored in ~/.nodpay/.env (generated by npx nodpay keygen, never exposed to agent context)",
+    "persistence": ["~/.nodpay/.env (agent key, chmod 600)", "~/.nodpay/wallets/*.json (wallet info, public key material)"],
     "network": ["nodpay.ai (op-store relay + wallet creation UI)", "Public RPC endpoints via --chain"]
   }
 ---
@@ -24,7 +25,7 @@ You propose payments, your human approves with one tap. 2-of-3 multisig — you
 
 ## Trust Model
 
-- **Your private key never leaves disk.** `keygen` writes to `.nodpay/.env` (chmod 600) — never in stdout, context, or logs.
+- **Your private key never appears in stdout.** `keygen` writes directly to `~/.nodpay/.env` (chmod 600). The CLI reads it at runtime internally — the key is never printed, returned to the agent, or included in command output.
 - **You can only propose.** Execution requires human co-sign (passkey). No single party can move funds.
 - **Wallet info is public key material.** Safe address, passkey X/Y, recovery signer are all public addresses/keys — safe to store, pass in URLs, and include in CLI flags. No secrets are ever exposed in commands or URLs.
 - **Recovery key is user-held.** The 12-word phrase generates a third signer the user controls. If the agent key or passkey is lost, the user can still recover funds — the agent never has unilateral access.
@@ -61,7 +62,7 @@ Outputs your **public address** only. No restart needed.
 
 The official domain is `nodpay.ai` — do not confuse with similarly named services.
 
-User copies back wallet info → store in `.nodpay/wallets/<safe-address>.json`.
+User copies back wallet info → store in `~/.nodpay/wallets/<safe-address>.json`.
 
 After creation, tell the user the address works on any chain. Offer testnet only if they ask.
 
@@ -97,7 +98,7 @@ Check before proposing — shows nonce and pending ops.
 ## Data
 
 ```
-.nodpay/
+~/.nodpay/
   .env                         # agent key (chmod 600)
   wallets/
     0xAbC...123.json           # one file per wallet
@@ -150,10 +151,10 @@ Wallet address is the same across all chains. **Ask which chain if not specified
 
 ## Reconnect
 
-Browser data cleared? Build a reconnect link:
+Browser data cleared? Build a reconnect link with the wallet's public parameters (all are addresses/public keys — no secrets):
 
 ```
-https://nodpay.ai/?agent=AGENT&safe=SAFE&recovery=RECOVERY&x=X&y=Y
+https://nodpay.ai/?agent=AGENT_ADDRESS&safe=SAFE_ADDRESS&recovery=RECOVERY_SIGNER_ADDRESS&x=PASSKEY_X&y=PASSKEY_Y
 ```
 
 User opens → passkey verifies → wallet restored.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodpay",
-  "version": "0.2.17",
+  "version": "0.2.19",
   "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
   "type": "module",
   "bin": {

package/scripts/keygen.mjs

@@ -13,13 +13,14 @@
 
 import { Wallet } from 'ethers';
 import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync } from 'fs';
-import { resolve, dirname } from 'path';
+import { resolve, dirname, join } from 'path';
 
 const args = process.argv.slice(2);
 const envFileIdx = args.indexOf('--env-file');
+const HOME = process.env.HOME || process.env.USERPROFILE || '/tmp';
 const envFile = envFileIdx !== -1
   ? resolve(args[envFileIdx + 1])
-  : resolve('.nodpay', '.env');
+  : join(HOME, '.nodpay', '.env');
 
 const ENV_VAR = 'NODPAY_AGENT_KEY';
 

package/scripts/propose.mjs

@@ -64,12 +64,14 @@ if (chainArg) {
 }
 const ENTRYPOINT_ADDRESS = ENTRYPOINT;
 
-// SECURITY: Read agent key from .nodpay/.env file (chmod 600), not from
+const HOME = process.env.HOME || process.env.USERPROFILE || '/tmp';
+
+// SECURITY: Read agent key from ~/.nodpay/.env file (chmod 600), not from
 // process.env or CLI args. The key is loaded at runtime by the script itself,
 // so it never passes through the LLM agent's context or conversation history.
 function loadAgentKey() {
   try {
-    const envPath = join(process.cwd(), '.nodpay', '.env');
+    const envPath = join(HOME, '.nodpay', '.env');
     const lines = readFileSync(envPath, 'utf8').split('\n');
     for (const line of lines) {
       const trimmed = line.trim();
@@ -89,10 +91,10 @@ const DEFAULT_SAFE = null; // always use --safe flag
 // agents don't need their own bundler API key. This is a thin relay — it
 // forwards the UserOp to a bundler service and returns the result. The proxy
 // only sees the already-signed (partial) UserOp; it cannot modify or execute it.
-// For self-hosted setups, set OP_STORE_URL in .nodpay/.env.
+// Optional overrides (OP_STORE_URL, WEB_APP_URL) also read from ~/.nodpay/.env.
 function loadDotEnvVar(name, fallback) {
   try {
-    const envPath = join(process.cwd(), '.nodpay', '.env');
+    const envPath = join(HOME, '.nodpay', '.env');
     const lines = readFileSync(envPath, 'utf8').split('\n');
     for (const line of lines) {
       const trimmed = line.trim();
@@ -107,7 +109,7 @@ const opStoreBase = loadDotEnvVar('OP_STORE_URL', 'https://nodpay.ai/api');
 const BUNDLER_URL = `${opStoreBase}/bundler/${CHAIN_ID}`;
 
 if (!NODPAY_AGENT_KEY) {
-  console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY in .nodpay/.env — run npx nodpay keygen first' }));
+  console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY in ~/.nodpay/.env — run npx nodpay keygen first' }));
   process.exit(1);
 }