nodpay 0.2.18 → 0.2.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/SKILL.md +5 -4
  2. package/package.json +1 -1
package/SKILL.md CHANGED
@@ -6,7 +6,8 @@ metadata:
6
6
  "openclaw":
7
7
  {
8
8
  "requires": { "bins": ["npx", "curl"] },
9
- "install": [{ "id": "node", "kind": "node", "package": "nodpay", "bins": ["npx"], "label": "Install NodPay CLI (npm)" }]
9
+ "homepage": "https://nodpay.ai",
10
+ "install": [{ "id": "node", "kind": "node", "package": "nodpay", "label": "Install NodPay CLI (npm)" }]
10
11
  },
11
12
  "credentials": "Agent signing key stored in ~/.nodpay/.env (generated by npx nodpay keygen, never exposed to agent context)",
12
13
  "persistence": ["~/.nodpay/.env (agent key, chmod 600)", "~/.nodpay/wallets/*.json (wallet info, public key material)"],
@@ -24,7 +25,7 @@ You propose payments, your human approves with one tap. 2-of-3 multisig — you
24
25
 
25
26
  ## Trust Model
26
27
 
27
- - **Your private key never leaves disk.** `keygen` writes to `~/.nodpay/.env` (chmod 600) — never in stdout, context, or logs.
28
+ - **Your private key never appears in stdout.** `keygen` writes directly to `~/.nodpay/.env` (chmod 600). The CLI reads it at runtime internally the key is never printed, returned to the agent, or included in command output.
28
29
  - **You can only propose.** Execution requires human co-sign (passkey). No single party can move funds.
29
30
  - **Wallet info is public key material.** Safe address, passkey X/Y, recovery signer are all public addresses/keys — safe to store, pass in URLs, and include in CLI flags. No secrets are ever exposed in commands or URLs.
30
31
  - **Recovery key is user-held.** The 12-word phrase generates a third signer the user controls. If the agent key or passkey is lost, the user can still recover funds — the agent never has unilateral access.
@@ -150,10 +151,10 @@ Wallet address is the same across all chains. **Ask which chain if not specified
150
151
 
151
152
  ## Reconnect
152
153
 
153
- Browser data cleared? Build a reconnect link:
154
+ Browser data cleared? Build a reconnect link with the wallet's public parameters (all are addresses/public keys — no secrets):
154
155
 
155
156
  ```
156
- https://nodpay.ai/?agent=AGENT&safe=SAFE&recovery=RECOVERY&x=X&y=Y
157
+ https://nodpay.ai/?agent=AGENT_ADDRESS&safe=SAFE_ADDRESS&recovery=RECOVERY_SIGNER_ADDRESS&x=PASSKEY_X&y=PASSKEY_Y
157
158
  ```
158
159
 
159
160
  User opens → passkey verifies → wallet restored.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nodpay",
3
- "version": "0.2.18",
3
+ "version": "0.2.19",
4
4
  "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
5
5
  "type": "module",
6
6
  "bin": {