nodpay 0.2.20 → 0.2.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/SKILL.md +12 -10
  2. package/package.json +1 -1
package/SKILL.md CHANGED
@@ -15,23 +15,25 @@ metadata:
15
15
  }
16
16
  ---
17
17
 
18
- # NodPay — Agent Wallet
18
+ # NodPay — Trusted Agent Wallet
19
19
 
20
- > Two minds, one wallet.
20
+ > "Two minds, one wallet."
21
21
 
22
- A shared crypto wallet for humans and AI agents. Built on Safe's battle-tested multisig and ERC-4337 account abstraction — supports passkey and EOA signers out of the box. Friendly to both crypto-native and first-time users.
22
+ A multisig crypto wallet shared between humans and AI agents. Built on [Safe](https://safe.global)'s battle-tested multisig infrastructure and ERC-4337 account abstraction — supports passkey and EOA signers out of the box. Friendly to both first-time and crypto-native users.
23
23
 
24
24
  You propose payments, your human approves with one tap. 2-of-3 multisig — you cannot spend alone.
25
25
 
26
26
  ## Trust Model
27
27
 
28
- - **Your private key never appears in stdout.** `keygen` writes directly to `~/.nodpay/.env` (chmod 600). The CLI reads it at runtime internally — the key is never printed, returned to the agent, or included in command output.
29
- - **You can only propose.** Execution requires human co-sign (passkey). No single party can move funds.
30
- - **Wallet info is public key material.** Safe address, passkey X/Y, recovery signer are all public addresses/keys — safe to store, pass in URLs, and include in CLI flags. No secrets are ever exposed in commands or URLs.
31
- - **Recovery key is user-held.** The 12-word phrase generates a third signer the user controls. If the agent key or passkey is lost, the user can still recover funds — the agent never has unilateral access.
32
- - **NodPay server is a stateless relay.** It forwards signed operations to the chain no private keys, no custody, no accounts. If the server goes offline, funds stay safe on-chain.
33
- - **The web app is a convenience layer.** It helps users create wallets and approve transactions. All crypto operations happen client-side; nothing sensitive is stored server-side.
34
- - **Verify the agent address matches yours** before storing wallet info. Mismatch = wrong key binding.
28
+ | Guarantee | How |
29
+ |-----------|-----|
30
+ | Agent key never in stdout | `keygen` writes to `~/.nodpay/.env` (chmod 600); CLI reads internally at runtime |
31
+ | Agent can only propose | Execution requires human co-sign (passkey); no single party can move funds |
32
+ | Wallet info is public key material | Safe address, passkey X/Y, recovery signer are public keys safe to store and pass in URLs |
33
+ | Recovery is user-held | 12-word phrase generates a third signer; user can recover funds if agent key or passkey is lost |
34
+ | Server is a stateless relay | Forwards signed operations no keys, no custody, no accounts; funds safe if server goes offline |
35
+ | Web app is a convenience layer | Wallet creation and approval UI; all crypto operations happen client-side |
36
+ | Verify agent address | Always confirm the agent address in wallet info matches yours before storing |
35
37
 
36
38
  ## Why NodPay
37
39
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nodpay",
3
- "version": "0.2.20",
3
+ "version": "0.2.21",
4
4
  "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
5
5
  "type": "module",
6
6
  "bin": {