npm - nodpay - Versions diffs - 0.2.33 → 0.2.35 - Mend

nodpay 0.2.33 → 0.2.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 NodPay
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/SKILL.md CHANGED Viewed

@@ -156,7 +156,7 @@ EOA wallets: replace passkey fields with `"humanSignerEoa": "0x..."`.
 | Flag | Required | Description |
 |------|----------|-------------|
-| `--chain` | ✅ | `ethereum`, `base`, `arbitrum`, `optimism`, `polygon`, `sepolia`, `base_sepolia` |
+| `--chain` | ✅ | `base`, `arbitrum`, `polygon`, `optimism`, `ethereum`, `sepolia`, `base_sepolia` |
 | `--safe` | ✅ | Wallet address |
 | `--to` | ✅ | Recipient |
 | `--value-eth` | ✅ | Amount in ETH |
@@ -165,7 +165,7 @@ EOA wallets: replace passkey fields with `"humanSignerEoa": "0x..."`.
 | `--recovery-signer` | first tx | Recovery signer address |
 | `--nonce` | **required** | Nonce for this proposal. Run `txs` first to determine. |
-Wallet address is the same across all chains. **Ask which chain if not specified.**
+Wallet address is the same across all chains. **Ask which chain if not specified.** Prefer L2 chains (Base, Arbitrum, etc.) — Ethereum mainnet gas is significantly more expensive.
 ---

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nodpay",
-  "version": "0.2.33",
+  "version": "0.2.35",
   "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
   "type": "module",
   "bin": {
@@ -31,7 +31,7 @@
     "postpublish": "curl -s https://purge.jsdelivr.net/npm/nodpay@latest/SKILL.md > /dev/null && echo 'jsdelivr cache purged'"
   },
   "dependencies": {
-    "@nodpay/core": "^0.1.2",
+    "@nodpay/core": "^0.1.3",
     "@safe-global/relay-kit": "^4.1.1",
     "ethers": "^6.16.0"
   }

package/scripts/propose.mjs CHANGED Viewed

@@ -6,7 +6,7 @@
  * The agent signs first (1 of 2). The serialized SafeOperation is
  * output so the web app can have the user co-sign and submit.
  *
- * Agent key: read from .nodpay/.env (never from env vars or CLI args).
+ * Agent key: read from .nodpay/.env or via --remote-signer (SafeClaw proxy).
  * Chain config: resolved via --chain from @nodpay/core networks registry.
  * Bundler: NodPay public proxy (override with OP_STORE_URL for self-hosted).
  *
@@ -17,6 +17,7 @@
  *   --safe <address>         - Wallet (Safe) address
  *   --counterfactual         - Safe not yet deployed; include deployment in UserOp
  *   --human-signer-eoa <address>  - Human's EOA signer address (for EOA mode)
+ *   --remote-signer <url>    - SafeClaw proxy URL for remote signing (mutually exclusive with --human-signer-eoa)
  *   --salt <nonce>           - Salt nonce (required for counterfactual)
  *   --reuse-gas-from <shortHash>  - Reuse gas values from a previous op (shortHash prefix of safeOpHash)
  *   --nonce <n>              - Required. Use `txs` to find current nonce.
@@ -83,7 +84,7 @@ function loadAgentKey() {
   } catch {}
   return null;
 }
-const NODPAY_AGENT_KEY = loadAgentKey();
 const DEFAULT_SAFE = null; // always use --safe flag
 // BUNDLER: NodPay provides a public bundler proxy at nodpay.ai/api/bundler so
@@ -107,13 +108,56 @@ function loadDotEnvVar(name, fallback) {
 const opStoreBase = loadDotEnvVar('OP_STORE_URL', 'https://nodpay.ai/api');
 const BUNDLER_URL = `${opStoreBase}/bundler/${CHAIN_ID}`;
-if (!NODPAY_AGENT_KEY) {
-  console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY in ~/.nodpay/.env — run npx nodpay keygen first' }));
-  process.exit(1);
-}
+// --- Agent key: remote signer (SafeClaw proxy) or local key (~/.nodpay/.env) ---
+const _remoteSignerUrl = process.argv.includes('--remote-signer')
+  ? process.argv[process.argv.indexOf('--remote-signer') + 1]
+  : undefined;
-const agentWallet = new ethers.Wallet(NODPAY_AGENT_KEY);
-const AGENT_ADDRESS = agentWallet.address;
+let AGENT_ADDRESS;
+let signHash;
+let _localAgentKey; // only set in local mode, used for SDK init (EOA signer)
+if (_remoteSignerUrl) {
+  // Remote signer mode: get address + signing from SafeClaw proxy
+  const addrRes = await fetch(`${_remoteSignerUrl}/address`);
+  if (!addrRes.ok) {
+    const err = await addrRes.json().catch(() => ({}));
+    console.error(JSON.stringify({
+      error: err.error || 'Failed to get agent address from remote signer',
+      code: err.code || 'REMOTE_SIGNER_ERROR'
+    }));
+    process.exit(1);
+  }
+  AGENT_ADDRESS = (await addrRes.json()).address;
+  signHash = async (hash) => {
+    const signRes = await fetch(`${_remoteSignerUrl}/sign/${AGENT_ADDRESS}`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ hash })
+    });
+    if (!signRes.ok) {
+      const err = await signRes.json().catch(() => ({}));
+      throw new Error(err.error || 'Remote signing failed');
+    }
+    return (await signRes.json()).signature;
+  };
+} else {
+  // Local mode: read key from ~/.nodpay/.env (original behavior)
+  const NODPAY_AGENT_KEY = loadAgentKey();
+  if (!NODPAY_AGENT_KEY) {
+    console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY in ~/.nodpay/.env — run npx nodpay keygen or use --remote-signer' }));
+    process.exit(1);
+  }
+  _localAgentKey = NODPAY_AGENT_KEY;
+  const agentWallet = new ethers.Wallet(NODPAY_AGENT_KEY);
+  AGENT_ADDRESS = agentWallet.address;
+  signHash = async (hash) => {
+    const sig = agentWallet.signingKey.sign(hash);
+    return ethers.Signature.from(sig).serialized;
+  };
+}
 const args = process.argv.slice(2);
 function getArg(name) {
@@ -139,6 +183,12 @@ const passkeyVerifier = getArg('--passkey-verifier') || '0x445a0683e494ea0c5AF3E
 const recoverySigner = getArg('--recovery-signer');
 const isPasskey = !!(passkeyX && passkeyY);
+// Phase 1: --remote-signer + --human-signer-eoa is not supported
+if (_remoteSignerUrl && humanSigner) {
+  console.error(JSON.stringify({ error: '--remote-signer and --human-signer-eoa cannot be combined. Remote signer mode only supports passkey wallets.' }));
+  process.exit(1);
+}
 if (!to) {
   console.error(JSON.stringify({ error: 'Missing --to <address>' }));
   process.exit(1);
@@ -290,8 +340,8 @@ try {
       initOptions.options = { safeAddress: SAFE_ADDRESS };
     }
   } else {
-    // EOA signer: agent key as primary signer
-    initOptions.signer = NODPAY_AGENT_KEY;
+    // EOA signer: agent key as primary signer (requires local key)
+    initOptions.signer = _localAgentKey;
     if (isCounterfactual) {
       // Canonical owner order: [humanSigner, agentSigner, recoverySigner] — must match frontend
       const eoaOwners = recoverySigner
@@ -332,14 +382,16 @@ try {
     safeAddress.toLowerCase() !== SAFE_ADDRESS.toLowerCase()
   ) {
     const Safe = (await import('@safe-global/protocol-kit')).default;
+    const L2_SINGLETON = '0x29fcB43b46531BcA003ddC8FCB67FFE91900C762';
     // getPredictedSafe() returns the full config Safe4337Pack assembled — owners, threshold,
     // module setup (to/data), fallbackHandler, salt, etc. We re-init with the same config
-    // but isL1SafeSingleton=false so the SDK picks L2 singleton.
+    // but force L2 singleton via contractNetworks (SDK public API).
     const predictedSafe = safe4337Pack.protocolKit.getPredictedSafe();
     safe4337Pack.protocolKit = await Safe.init({
       provider: RPC_URL,
       signer: initOptions.signer,
       isL1SafeSingleton: false,
+      contractNetworks: { [CHAIN_ID]: { safeSingletonAddress: L2_SINGLETON } },
       predictedSafe,
     });
     safeAddress = await safe4337Pack.protocolKit.getAddress();
@@ -446,11 +498,8 @@ try {
     verifyingContract: safeOperation.options.moduleAddress,
   };
-  // Always sign manually with the agent's private key over the canonical hash
-  // (Using SDK's signSafeOperation would apply viem hex transforms that produce
-  //  a different hash than getHash(), making server-side verification impossible)
-  const sig = agentWallet.signingKey.sign(safeOpHash);
-  const agentSig = ethers.Signature.from(sig).serialized;
+  // Sign with agent key: local wallet or remote signer (SafeClaw proxy)
+  const agentSig = await signHash(safeOpHash);
   safeOperation.addSignature({
     signer: AGENT_ADDRESS,
     data: agentSig,
@@ -513,6 +562,10 @@ try {
     agent: AGENT_ADDRESS,
     agentSignature: safeOperationJson.signatures,
     createdAt: new Date().toISOString(),
+    // SafeClaw integration: passkey coordinates + recovery for approve page fallback
+    passkeyX: passkeyX || null,
+    passkeyY: passkeyY || null,
+    recoveryAddress: recoverySigner || null,
   };
   // Extract raw agent signature for server auth
@@ -536,7 +589,12 @@ try {
     }
     if (storeData.shortHash) {
       const webBase = loadDotEnvVar('WEB_APP_URL', 'https://nodpay.ai/');
-      approveUrl = `${webBase}approve?safeOpHash=${storeData.safeOpHash}`;
+      // Build approve URL with passkey params for SafeClaw users (no localStorage)
+      const approveParams = new URLSearchParams({ safeOpHash: storeData.safeOpHash });
+      if (passkeyX) approveParams.set('px', passkeyX);
+      if (passkeyY) approveParams.set('py', passkeyY);
+      if (recoverySigner) approveParams.set('recovery', recoverySigner);
+      approveUrl = `${webBase}approve?${approveParams.toString()}`;
       result.approveUrl = approveUrl;
       result.opStoreSafeOpHash = storeData.safeOpHash;
       result.opStoreShortHash = storeData.shortHash;