nodpay 0.2.37 → 0.2.39

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodpay",
-  "version": "0.2.37",
+  "version": "0.2.39",
   "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
   "type": "module",
   "bin": {

package/scripts/propose.mjs

@@ -6,7 +6,7 @@
  * The agent signs first (1 of 2). The serialized SafeOperation is
  * output so the web app can have the user co-sign and submit.
  *
- * Agent key: from process.env.NODPAY_AGENT_KEY (real env > ~/.nodpay/.env file > --remote-signer).
+ * Agent key: from process.env.NODPAY_AGENT_KEY (real env > ~/.nodpay/.env file), or remote_wallet proxy.
  * Chain config: resolved via --chain from @nodpay/core networks registry.
  * Bundler: NodPay public proxy (override with OP_STORE_URL for self-hosted).
  *
@@ -17,7 +17,6 @@
  *   --safe <address>         - Wallet (Safe) address
  *   --counterfactual         - Safe not yet deployed; include deployment in UserOp
  *   --human-signer-eoa <address>  - Human's EOA signer address (for EOA mode)
- *   --remote-signer <url>    - SafeClaw proxy URL for remote signing (mutually exclusive with --human-signer-eoa)
  *   --salt <nonce>           - Salt nonce (required for counterfactual)
  *   --reuse-gas-from <shortHash>  - Reuse gas values from a previous op (shortHash prefix of safeOpHash)
  *   --nonce <n>              - Required. Use `txs` to find current nonce.
@@ -32,6 +31,7 @@ import { join, dirname } from 'path';
 import { fileURLToPath } from 'url';
 import { computeUserOpHash, ENTRYPOINT } from '@nodpay/core';
 import { loadDotEnv, env, HOME } from './env.mjs';
+import { loadConfig } from './config.mjs';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const PENDING_DIR = join(__dirname, '..', '.pending-txs');
@@ -85,30 +85,36 @@ const DEFAULT_SAFE = null; // always use --safe flag
 const opStoreBase = env('OP_STORE_URL', 'https://nodpay.ai/api');
 const BUNDLER_URL = `${opStoreBase}/bundler/${CHAIN_ID}`;
 
-// --- Agent key: remote signer (SafeClaw proxy) or local key (~/.nodpay/.env) ---
-const _remoteSignerUrl = process.argv.includes('--remote-signer')
-  ? process.argv[process.argv.indexOf('--remote-signer') + 1]
-  : undefined;
+// --- Agent key resolution: remote_wallet (config.json) or local key ---
+const _config = loadConfig();
+const _remoteWalletUrl = _config.remote_wallet || null;
 
 let AGENT_ADDRESS;
 let signHash;
 let _localAgentKey; // only set in local mode, used for SDK init (EOA signer)
+let _remoteWalletsCache = null; // cached wallets from remote_wallet fetch
 
-if (_remoteSignerUrl) {
-  // Remote signer mode: get address + signing from SafeClaw proxy
-  const addrRes = await fetch(`${_remoteSignerUrl}/address`);
-  if (!addrRes.ok) {
-    const err = await addrRes.json().catch(() => ({}));
+if (_remoteWalletUrl) {
+  // remote_wallet mode (config.json): get agent address from wallets, sign via proxy
+  const walletsRes = await fetch(`${_remoteWalletUrl.replace(/\/$/, '')}/wallets`);
+  if (!walletsRes.ok) {
+    const err = await walletsRes.json().catch(() => ({}));
     console.error(JSON.stringify({
-      error: err.error || 'Failed to get agent address from remote signer',
-      code: err.code || 'REMOTE_SIGNER_ERROR'
+      error: err.error || 'Failed to get wallets from remote_wallet',
+      code: err.code || 'REMOTE_WALLET_ERROR'
     }));
     process.exit(1);
   }
-  AGENT_ADDRESS = (await addrRes.json()).address;
+  const wallets = await walletsRes.json();
+  _remoteWalletsCache = wallets;
+  if (!wallets.length || !wallets[0].agentSigner) {
+    console.error(JSON.stringify({ error: 'No wallets found on remote_wallet' }));
+    process.exit(1);
+  }
+  AGENT_ADDRESS = wallets[0].agentSigner;
 
   signHash = async (hash) => {
-    const signRes = await fetch(`${_remoteSignerUrl}/sign/${AGENT_ADDRESS}`, {
+    const signRes = await fetch(`${_remoteWalletUrl.replace(/\/$/, '')}/sign`, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({ hash })
@@ -123,7 +129,7 @@ if (_remoteSignerUrl) {
   // Local mode: read key from process.env (loaded from real env or ~/.nodpay/.env)
   const NODPAY_AGENT_KEY = env('NODPAY_AGENT_KEY');
   if (!NODPAY_AGENT_KEY) {
-    console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY — set env var, add to ~/.nodpay/.env, or use --remote-signer' }));
+    console.error(JSON.stringify({ error: 'Missing NODPAY_AGENT_KEY — set env var, add to ~/.nodpay/.env, or set remote_wallet in ~/.nodpay/config.json' }));
     process.exit(1);
   }
   _localAgentKey = NODPAY_AGENT_KEY;
@@ -160,9 +166,9 @@ const passkeyVerifier = getArg('--passkey-verifier') || '0x445a0683e494ea0c5AF3E
 const recoverySigner = getArg('--recovery-signer');
 const isPasskey = !!(passkeyX && passkeyY);
 
-// Phase 1: --remote-signer + --human-signer-eoa is not supported
-if (_remoteSignerUrl && humanSigner) {
-  console.error(JSON.stringify({ error: '--remote-signer and --human-signer-eoa cannot be combined. Remote signer mode only supports passkey wallets.' }));
+// remote_wallet + --human-signer-eoa is not supported
+if (_remoteWalletUrl && humanSigner) {
+  console.error(JSON.stringify({ error: 'remote_wallet and --human-signer-eoa cannot be combined. Remote mode only supports passkey wallets.' }));
   process.exit(1);
 }
 
@@ -179,8 +185,13 @@ if (!ethers.isAddress(to)) {
 const SAFE_ADDRESS = safeOverride || DEFAULT_SAFE;
 
 // Read optional wallet JSON for rpId (SafeClaw cross-origin passkey support)
+// In remote_wallet mode, wallets were already fetched — use that data.
 let walletRpId = null;
-if (SAFE_ADDRESS) {
+if (SAFE_ADDRESS && _remoteWalletUrl && _remoteWalletsCache) {
+  const match = _remoteWalletsCache.find(w => w.safe?.toLowerCase() === SAFE_ADDRESS.toLowerCase());
+  if (match?.rpId) walletRpId = match.rpId;
+}
+if (!walletRpId && SAFE_ADDRESS) {
   const walletJsonPath = join(HOME, '.nodpay', 'wallets', `${SAFE_ADDRESS}.json`);
   if (existsSync(walletJsonPath)) {
     try {