nodpay 0.2.7 → 0.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/SKILL.md +42 -106
  2. package/package.json +1 -1
package/SKILL.md CHANGED
@@ -7,107 +7,76 @@ description: Propose on-chain payments from a shared wallet. Use when user asks
7
7
 
8
8
  > Two minds, one wallet.
9
9
 
10
- **TL;DR:** You propose payments, your human approves with one tap. 2-of-3 multisig — you cannot spend alone.
10
+ You propose payments, your human approves with one tap. 2-of-3 multisig — you cannot spend alone.
11
11
 
12
- ## ⚠️ Security First
12
+ ## Trust Model
13
13
 
14
- | DO | DON'T |
15
- |-------|----------|
16
- | Use `npx nodpay keygen` (key never in stdout) | Generate keys manually or log them |
17
- | Store wallet info in `.nodpay/wallets/` | Put private keys in chat or code |
18
- | Verify agent address matches yours | Trust wallet info without checking |
19
- | Let the human approve every transaction | Try to bypass approval |
20
-
21
- **Private key never leaves disk.** `keygen` writes directly to `.nodpay/.env` (chmod 600). The key never appears in your output, context, or logs.
14
+ - **Your private key never leaves disk.** `keygen` writes to `.nodpay/.env` (chmod 600) — it never appears in stdout, context, or logs.
15
+ - **You can only propose.** Execution requires human approval (passkey co-sign).
16
+ - **Wallet info is public key material.** Safe address, passkey X/Y, recovery signer all safe to store.
17
+ - **Verify the agent address matches yours** before storing wallet info. Mismatch = wrong key binding.
22
18
 
23
19
  ---
24
20
 
25
- ## Setup (one-time)
21
+ ## Setup
26
22
 
27
- ### 1. Generate an agent key
23
+ ### 1. Generate key
28
24
 
29
25
  ```bash
30
26
  npx nodpay keygen
31
27
  ```
32
28
 
33
- Outputs your **public address** only. Key is stored in `.nodpay/.env`. No gateway restart needed.
34
-
35
- If a key already exists, it reuses it and prints the address.
36
-
37
- ### 2. Send the user a wallet link
29
+ Outputs your **public address** only. No restart needed.
38
30
 
39
- Replace `YOUR_AGENT_ADDRESS` with your address and send:
31
+ ### 2. Send wallet link
40
32
 
41
- > I've set up a shared wallet for us. Open this link to create your wallet — takes 30 seconds:
42
- >
33
+ > I've set up a shared wallet for us — takes 30 seconds:
43
34
  > https://nodpay.ai/?agent=YOUR_AGENT_ADDRESS
44
- >
45
- > Just follow the steps: create a passkey, save your recovery phrase, done.
46
-
47
- **Use the URL above verbatim.** Do not search for NodPay or guess the URL — `nodpay.ai` is the only correct domain.
48
-
49
- The user will copy wallet info back to you:
50
-
51
- ```
52
- NodPay Wallet (Safe): 0x...
53
- Passkey X: 0x...
54
- Passkey Y: 0x...
55
- Agent: 0x...
56
- Recovery Signer: 0x...
57
- ```
58
35
 
59
- **Store all fields** in `.nodpay/wallets/<safe-address>.json`.
36
+ **Use this URL verbatim.** Do not search or guess — `nodpay.ai` is the only correct domain.
60
37
 
61
- **After wallet creation**, tell the user their wallet is ready and works on any supported chain. Briefly offer: *"Want to try a test transaction on a testnet first?"* — only guide to testnets if the user says yes.
38
+ User copies back wallet info store in `.nodpay/wallets/<safe-address>.json`.
62
39
 
63
- **⚠️ Verify the Agent address matches yours.** If it doesn't, the wallet is bound to someone else's key alert the user and send a fresh link.
40
+ After creation, tell the user the address works on any chain. Offer testnet only if they ask.
64
41
 
65
42
  ---
66
43
 
67
- ## Usage
68
-
69
- ### Propose a transaction
44
+ ## Propose
70
45
 
71
46
  ```bash
72
47
  npx nodpay propose \
73
48
  --chain <CHAIN> \
74
- --safe <WALLET_ADDRESS> \
49
+ --safe <SAFE> \
75
50
  --to <RECIPIENT> \
76
51
  --value-eth <AMOUNT> \
77
- --passkey-x <PASSKEY_X> \
78
- --passkey-y <PASSKEY_Y> \
79
- --recovery <RECOVERY_SIGNER> \
80
- --signer-type passkey
52
+ --signer-type passkey \
53
+ --passkey-x <X> --passkey-y <Y> \
54
+ --recovery <RECOVERY>
81
55
  ```
82
56
 
83
- Outputs JSON with an `approveUrl`. Send it to the user:
57
+ Outputs JSON with `approveUrl` send to user.
84
58
 
85
- > 💰 Payment: 0.01 ETH 0xRecipient...
86
- > 👉 Approve: https://nodpay.ai/approve?safeOpHash=0x...
59
+ First tx deploys the wallet. Pass all params for first tx; after that `--safe` alone works.
87
60
 
88
- **First transaction deploys the wallet on-chain.** Pass all params for the first tx. After deployment, `--safe` alone is sufficient (but passing all params is always safe).
89
-
90
- ### Check pending transactions
61
+ ### Check pending
91
62
 
92
63
  ```bash
93
- curl https://nodpay.ai/api/txs?safe=<WALLET_ADDRESS>
64
+ curl https://nodpay.ai/api/txs?safe=<SAFE>
94
65
  ```
95
66
 
96
- Always check before proposing — shows current nonce, pending ops, and wallet status.
67
+ Check before proposing — shows nonce and pending ops.
97
68
 
98
69
  ---
99
70
 
100
- ## Data Layout
71
+ ## Data
101
72
 
102
73
  ```
103
74
  .nodpay/
104
- .env # agent key (chmod 600, never touch directly)
75
+ .env # agent key (chmod 600)
105
76
  wallets/
106
77
  0xAbC...123.json # one file per wallet
107
78
  ```
108
79
 
109
- Wallet file format:
110
-
111
80
  ```json
112
81
  {
113
82
  "safe": "0x...",
@@ -120,7 +89,7 @@ Wallet file format:
120
89
  }
121
90
  ```
122
91
 
123
- For EOA wallets, replace passkey fields with `"userSigner": "0x..."`.
92
+ EOA wallets: replace passkey fields with `"userSigner": "0x..."`.
124
93
 
125
94
  ---
126
95
 
@@ -128,70 +97,37 @@ For EOA wallets, replace passkey fields with `"userSigner": "0x..."`.
128
97
 
129
98
  | Flag | Required | Description |
130
99
  |------|----------|-------------|
131
- | `--chain` | ✅ | Chain name (e.g. `ethereum`, `base`, `sepolia`) |
132
- | `--safe` | ✅ | Wallet (Safe) address |
133
- | `--to` | ✅ | Recipient address |
100
+ | `--chain` | ✅ | `ethereum`, `base`, `arbitrum`, `optimism`, `polygon`, `sepolia`, `base_sepolia` |
101
+ | `--safe` | ✅ | Wallet address |
102
+ | `--to` | ✅ | Recipient |
134
103
  | `--value-eth` | ✅ | Amount in ETH |
135
104
  | `--signer-type` | ✅ | `passkey` or `eoa` |
136
- | `--passkey-x` | passkey | Passkey public key X |
137
- | `--passkey-y` | passkey | Passkey public key Y |
105
+ | `--passkey-x/y` | passkey | Passkey public key |
138
106
  | `--user-signer` | eoa | User's EOA address |
139
- | `--recovery` | first tx | Recovery signer address |
140
- | `--nonce` | optional | Force nonce (for replacements) |
107
+ | `--recovery` | first tx | Recovery signer |
108
+ | `--nonce` | optional | Force nonce (replacements) |
141
109
  | `--purpose` | optional | Human-readable label |
142
110
 
143
- ### Supported Chains
144
-
145
- `ethereum`, `base`, `arbitrum`, `optimism`, `polygon`, `sepolia`, `base_sepolia`
146
-
147
- Wallet address is the same across all chains (counterfactual). **Do not assume a default chain.** Ask the user which chain if not specified.
111
+ Wallet address is the same across all chains. **Ask which chain if not specified.**
148
112
 
149
113
  ---
150
114
 
151
115
  ## Transaction Patterns
152
116
 
153
- **Sequential**: Just call propose multiple times. Nonces auto-increment.
154
-
155
- **Replace**: Propose with `--nonce N` to replace a pending tx at nonce N.
156
-
157
- **Cascade**: Rejecting tx at nonce N invalidates all tx with nonce > N. Irreversible.
117
+ - **Sequential**: Propose multiple times. Nonces auto-increment.
118
+ - **Replace**: `--nonce N` to replace pending tx at nonce N.
119
+ - **Cascade**: Rejecting nonce N invalidates all higher nonces. Irreversible.
158
120
 
159
- ⚠️ **Never propose a new nonce then reject an older one**the cascade will destroy your new tx too.
121
+ ⚠️ Never propose then reject an older nonce — cascade destroys your new tx.
160
122
 
161
123
  ---
162
124
 
163
- ## Reconnect (Wallet Recovery)
125
+ ## Reconnect
164
126
 
165
- If the user cleared their browser data:
127
+ Browser data cleared? Build a reconnect link:
166
128
 
167
129
  ```
168
- https://nodpay.ai/?agent=YOUR_AGENT_ADDRESS&safe=WALLET_ADDRESS&recovery=RECOVERY_SIGNER&x=PASSKEY_X&y=PASSKEY_Y
130
+ https://nodpay.ai/?agent=AGENT&safe=SAFE&recovery=RECOVERY&x=X&y=Y
169
131
  ```
170
132
 
171
- User opens → verifies passkey → wallet restored. No on-chain action needed.
172
-
173
- ---
174
-
175
- ## Security Model
176
-
177
- | Owner | Holder | Can do |
178
- |-------|--------|--------|
179
- | Agent EOA | You | Propose only |
180
- | Passkey | User's device | Approve or reject |
181
- | Recovery | User's 12-word phrase | Backup access |
182
-
183
- - 2-of-3 threshold — you cannot execute alone
184
- - Passkey X/Y are public key material, safe to store
185
- - No private keys stored on NodPay's server
186
- - Funds are safe on-chain even if NodPay goes offline
187
-
188
- ---
189
-
190
- ## Common Requests
191
-
192
- | User says | Action |
193
- |-----------|--------|
194
- | "create a wallet" | Send `https://nodpay.ai/?agent=YOUR_ADDRESS` |
195
- | "send 0.1 ETH to 0x..." | `npx nodpay propose --chain ...` |
196
- | "pending?" | `GET /api/txs?safe=...` |
197
- | "wallet disappeared" | Send reconnect link |
133
+ User opens → passkey verifies → wallet restored.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nodpay",
3
- "version": "0.2.7",
3
+ "version": "0.2.8",
4
4
  "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
5
5
  "type": "module",
6
6
  "bin": {