nodpay 0.2.25 → 0.2.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/SKILL.md +3 -3
  2. package/package.json +1 -1
package/SKILL.md CHANGED
@@ -9,9 +9,9 @@ metadata:
9
9
  "homepage": "https://nodpay.ai",
10
10
  "install": [{ "id": "node", "kind": "node", "package": "nodpay", "label": "Install NodPay CLI (npm)" }]
11
11
  },
12
- "credentials": "Agent signing key stored in ~/.nodpay/.env (generated by npx nodpay keygen, never exposed to agent context)",
12
+ "credentials": "Agent signing key stored in ~/.nodpay/.env (generated by npx nodpay keygen). CLI reads key via file I/O at runtime; key does not appear in stdout or CLI output.",
13
13
  "persistence": ["~/.nodpay/.env (agent key, chmod 600)", "~/.nodpay/wallets/*.json (wallet info, public key material)"],
14
- "network": ["nodpay.ai (op-store relay + wallet creation UI)", "Public RPC endpoints via --chain"]
14
+ "network": ["nodpay.ai/api — receives signed (partial) UserOps for storage and bundler relay; no private keys are sent", "Public RPC endpoints resolved via --chain (chainlist-grade public RPCs)"]
15
15
  }
16
16
  ---
17
17
 
@@ -30,7 +30,7 @@ You propose payments, your human approves with one tap. 2-of-3 multisig — you
30
30
  | **Threshold Security** | **Elimination of single point of failure:** authority keys are distributed between the agent, human, and a recovery signer (2-of-3 multisig). Ensures non-custodial control — the agent cannot move funds unilaterally. |
31
31
  | **Zero Trust** | **End-to-end verification:** no party is implicitly trusted. Server validates signatures; client and CLI independently verify server responses (decode calldata → recompute hash → recover signer → check owner set). The blockchain serves as the canonical source of truth. |
32
32
  | **Disaster Recovery** | **Key redundancy & continuity:** uses a locally-stored 12-word mnemonic as recovery signer. Any two of the three signers can reconstruct authority to unlock the wallet, ensuring the user is never locked out by a single lost credential. |
33
- | **Hardened Key Isolation** | `keygen` writes directly to `~/.nodpay/.env` (chmod 600). The CLI loads the key at runtime via file read — the key does not pass through CLI arguments, environment variables, or stdout. **Runtime Isolation:** only the public address is returned to the caller. |
33
+ | **Hardened Key Isolation** | `keygen` writes to `~/.nodpay/.env` (chmod 600); `propose` reads it via file I/O at runtime. The key does not pass through CLI arguments, environment variables, or stdout only the public address is returned. Note: filesystem-level access control depends on the agent runtime/sandbox. |
34
34
  | **Keyless & Non-Custodial Server** | **Stateless relayer:** the server stores no private keys and maintains no session state that could compromise assets. All signing happens locally. Funds stay on-chain if the server goes offline. |
35
35
 
36
36
  All wallet parameters (Safe address, passkey X/Y, recovery signer address) are public key material — safe to store, pass in URLs, and include in CLI flags.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nodpay",
3
- "version": "0.2.25",
3
+ "version": "0.2.26",
4
4
  "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
5
5
  "type": "module",
6
6
  "bin": {