nodpay 0.2.31 → 0.2.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +14 -5
  2. package/SKILL.md +2 -2
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -16,12 +16,14 @@ This npm package (`nodpay`) is the **agent-facing CLI**. It is also published as
16
16
  | **ClawHub** (`clawhub install nodpay`) | `SKILL.md` only | OpenClaw agents |
17
17
  | **nodpay.ai/skill.md** | `SKILL.md` via CDN proxy | All agent frameworks |
18
18
 
19
- The CLI provides three commands:
19
+ The CLI provides five commands:
20
20
 
21
21
  ```
22
22
  nodpay keygen # Generate agent keypair (~/.nodpay/.env, chmod 600)
23
- nodpay propose # Propose a transaction for human approval
23
+ nodpay nonce # Query next nonce (on-chain EntryPoint + pending proposals)
24
+ nodpay propose # Propose a transaction for human approval (--nonce required)
24
25
  nodpay txs # List and verify transactions for a wallet
26
+ nodpay gasprice # Get current gas price + estimated cost per chain
25
27
  ```
26
28
 
27
29
  ## Quick Start
@@ -30,25 +32,32 @@ nodpay txs # List and verify transactions for a wallet
30
32
  # 1. Generate key (public address only in stdout; key never exposed)
31
33
  npx nodpay keygen
32
34
 
33
- # 2. Propose a payment
35
+ # 2. Get next nonce (on-chain + pending)
36
+ npx nodpay nonce --safe 0xWALLET --chain base
37
+
38
+ # 3. Propose a payment
34
39
  npx nodpay propose \
35
40
  --chain base \
36
41
  --safe 0xWALLET \
37
42
  --to 0xRECIPIENT \
38
43
  --value-eth 0.01 \
44
+ --nonce 0 \
39
45
  --human-signer-passkey-x 0x... \
40
46
  --human-signer-passkey-y 0x... \
41
47
  --recovery-signer 0x...
42
48
 
43
- # 3. Check pending transactions (with verification)
49
+ # 4. Check transactions (with verification)
44
50
  npx nodpay txs --safe 0xWALLET
51
+
52
+ # 5. Estimate gas cost for a sweep
53
+ npx nodpay gasprice --chain base
45
54
  ```
46
55
 
47
56
  ## Security
48
57
 
49
58
  All config lives in `~/.nodpay/` — zero `process.env` references in code.
50
59
 
51
- - **Hardened Key Isolation:** private key written directly to `~/.nodpay/.env` (chmod 600), strictly excluded from stdout and agent context.
60
+ - **Hardened Key Isolation:** private key written to `~/.nodpay/.env` (chmod 600), read via file I/O at runtime. Not passed through CLI args, env vars, or stdout.
52
61
  - **Zero Trust:** `txs` independently verifies every server response (decode calldata → recompute hash → recover signer → check owner set).
53
62
  - **Threshold Security:** 2-of-3 multisig — agent cannot move funds unilaterally.
54
63
 
package/SKILL.md CHANGED
@@ -9,7 +9,7 @@ metadata:
9
9
  "homepage": "https://nodpay.ai",
10
10
  "install": [{ "id": "node", "kind": "node", "package": "nodpay", "label": "Install NodPay CLI (npm)", "author": "xhyumiracle", "source": "https://github.com/xhyumiracle/nodpay-cli" }]
11
11
  },
12
- "credentials": "Agent signing key stored in ~/.nodpay/.env (generated by npx nodpay keygen, never exposed to agent context)",
12
+ "credentials": "Agent signing key stored in ~/.nodpay/.env (chmod 600, generated by npx nodpay keygen). Read at runtime by CLI process; not passed via CLI args, env vars, or stdout.",
13
13
  "persistence": ["~/.nodpay/.env (agent key, chmod 600)", "~/.nodpay/wallets/*.json (wallet info, public key material)"],
14
14
  "network": ["nodpay.ai (op-store relay + wallet creation UI)", "Public RPC endpoints via --chain"]
15
15
  }
@@ -30,7 +30,7 @@ You propose payments, your human approves with one tap. 2-of-3 multisig — you
30
30
  | **Threshold Security** | **Elimination of single point of failure:** authority keys are distributed between the agent, human, and a recovery signer (2-of-3 multisig). Ensures non-custodial control — the agent cannot move funds unilaterally. |
31
31
  | **Zero Trust** | **End-to-end verification:** no party is implicitly trusted. Server validates signatures; client and CLI independently verify server responses (decode calldata → recompute hash → recover signer → check owner set). The blockchain serves as the canonical source of truth. |
32
32
  | **Disaster Recovery** | **Key redundancy & continuity:** uses a locally-stored 12-word mnemonic as recovery signer. Any two of the three signers can reconstruct authority to unlock the wallet, ensuring the user is never locked out by a single lost credential. |
33
- | **Hardened Key Isolation** | `keygen` writes to `~/.nodpay/.env` (chmod 600). The CLI reads the key internally at runtime — only the public address appears in stdout. |
33
+ | **Hardened Key Isolation** | `keygen` writes to `~/.nodpay/.env` (chmod 600). The CLI reads the key via file I/O at runtime — not passed through CLI arguments, environment variables, or stdout. Only the public address is returned to the caller. |
34
34
  | **Keyless & Non-Custodial Server** | **Stateless relayer:** the server stores no private keys and maintains no session state that could compromise assets. All signing happens locally. Funds stay on-chain if the server goes offline. |
35
35
 
36
36
  All wallet parameters (Safe address, passkey X/Y, recovery signer address) are public key material — safe to store, pass in URLs, and include in CLI flags.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nodpay",
3
- "version": "0.2.31",
3
+ "version": "0.2.32",
4
4
  "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
5
5
  "type": "module",
6
6
  "bin": {