nodpay 0.2.7 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/SKILL.md +44 -106
  2. package/package.json +1 -1
package/SKILL.md CHANGED
@@ -7,107 +7,78 @@ description: Propose on-chain payments from a shared wallet. Use when user asks
7
7
 
8
8
  > Two minds, one wallet.
9
9
 
10
- **TL;DR:** You propose payments, your human approves with one tap. 2-of-3 multisig — you cannot spend alone.
10
+ You propose payments, your human approves with one tap. 2-of-3 multisig — you cannot spend alone.
11
11
 
12
- ## ⚠️ Security First
12
+ ## Trust Model
13
13
 
14
- | DO | DON'T |
15
- |-------|----------|
16
- | Use `npx nodpay keygen` (key never in stdout) | Generate keys manually or log them |
17
- | Store wallet info in `.nodpay/wallets/` | Put private keys in chat or code |
18
- | Verify agent address matches yours | Trust wallet info without checking |
19
- | Let the human approve every transaction | Try to bypass approval |
20
-
21
- **Private key never leaves disk.** `keygen` writes directly to `.nodpay/.env` (chmod 600). The key never appears in your output, context, or logs.
14
+ - **Your private key never leaves disk.** `keygen` writes to `.nodpay/.env` (chmod 600) — never in stdout, context, or logs.
15
+ - **You can only propose.** Execution requires human co-sign (passkey). No single party can move funds.
16
+ - **Wallet info is public key material.** Safe address, passkey X/Y, recovery signer all safe to store.
17
+ - **NodPay server is stateless.** It relays signed operations — no private keys, no custody, no accounts. If the server goes offline, funds stay safe on-chain.
18
+ - **The web app is a convenience layer.** It helps users create wallets and approve transactions. All crypto operations happen client-side; nothing sensitive is stored server-side.
19
+ - **Verify the agent address matches yours** before storing wallet info. Mismatch = wrong key binding.
22
20
 
23
21
  ---
24
22
 
25
- ## Setup (one-time)
23
+ ## Setup
26
24
 
27
- ### 1. Generate an agent key
25
+ ### 1. Generate key
28
26
 
29
27
  ```bash
30
28
  npx nodpay keygen
31
29
  ```
32
30
 
33
- Outputs your **public address** only. Key is stored in `.nodpay/.env`. No gateway restart needed.
34
-
35
- If a key already exists, it reuses it and prints the address.
36
-
37
- ### 2. Send the user a wallet link
31
+ Outputs your **public address** only. No restart needed.
38
32
 
39
- Replace `YOUR_AGENT_ADDRESS` with your address and send:
33
+ ### 2. Send wallet link
40
34
 
41
- > I've set up a shared wallet for us. Open this link to create your wallet — takes 30 seconds:
42
- >
35
+ > I've set up a shared wallet for us — takes 30 seconds:
43
36
  > https://nodpay.ai/?agent=YOUR_AGENT_ADDRESS
44
- >
45
- > Just follow the steps: create a passkey, save your recovery phrase, done.
46
-
47
- **Use the URL above verbatim.** Do not search for NodPay or guess the URL — `nodpay.ai` is the only correct domain.
48
-
49
- The user will copy wallet info back to you:
50
-
51
- ```
52
- NodPay Wallet (Safe): 0x...
53
- Passkey X: 0x...
54
- Passkey Y: 0x...
55
- Agent: 0x...
56
- Recovery Signer: 0x...
57
- ```
58
37
 
59
- **Store all fields** in `.nodpay/wallets/<safe-address>.json`.
38
+ **Use this URL verbatim.** Do not search or guess — `nodpay.ai` is the only correct domain.
60
39
 
61
- **After wallet creation**, tell the user their wallet is ready and works on any supported chain. Briefly offer: *"Want to try a test transaction on a testnet first?"* — only guide to testnets if the user says yes.
40
+ User copies back wallet info store in `.nodpay/wallets/<safe-address>.json`.
62
41
 
63
- **⚠️ Verify the Agent address matches yours.** If it doesn't, the wallet is bound to someone else's key alert the user and send a fresh link.
42
+ After creation, tell the user the address works on any chain. Offer testnet only if they ask.
64
43
 
65
44
  ---
66
45
 
67
- ## Usage
68
-
69
- ### Propose a transaction
46
+ ## Propose
70
47
 
71
48
  ```bash
72
49
  npx nodpay propose \
73
50
  --chain <CHAIN> \
74
- --safe <WALLET_ADDRESS> \
51
+ --safe <SAFE> \
75
52
  --to <RECIPIENT> \
76
53
  --value-eth <AMOUNT> \
77
- --passkey-x <PASSKEY_X> \
78
- --passkey-y <PASSKEY_Y> \
79
- --recovery <RECOVERY_SIGNER> \
80
- --signer-type passkey
54
+ --signer-type passkey \
55
+ --passkey-x <X> --passkey-y <Y> \
56
+ --recovery <RECOVERY>
81
57
  ```
82
58
 
83
- Outputs JSON with an `approveUrl`. Send it to the user:
59
+ Outputs JSON with `approveUrl` send to user.
84
60
 
85
- > 💰 Payment: 0.01 ETH 0xRecipient...
86
- > 👉 Approve: https://nodpay.ai/approve?safeOpHash=0x...
61
+ First tx deploys the wallet. Pass all params for first tx; after that `--safe` alone works.
87
62
 
88
- **First transaction deploys the wallet on-chain.** Pass all params for the first tx. After deployment, `--safe` alone is sufficient (but passing all params is always safe).
89
-
90
- ### Check pending transactions
63
+ ### Check pending
91
64
 
92
65
  ```bash
93
- curl https://nodpay.ai/api/txs?safe=<WALLET_ADDRESS>
66
+ curl https://nodpay.ai/api/txs?safe=<SAFE>
94
67
  ```
95
68
 
96
- Always check before proposing — shows current nonce, pending ops, and wallet status.
69
+ Check before proposing — shows nonce and pending ops.
97
70
 
98
71
  ---
99
72
 
100
- ## Data Layout
73
+ ## Data
101
74
 
102
75
  ```
103
76
  .nodpay/
104
- .env # agent key (chmod 600, never touch directly)
77
+ .env # agent key (chmod 600)
105
78
  wallets/
106
79
  0xAbC...123.json # one file per wallet
107
80
  ```
108
81
 
109
- Wallet file format:
110
-
111
82
  ```json
112
83
  {
113
84
  "safe": "0x...",
@@ -120,7 +91,7 @@ Wallet file format:
120
91
  }
121
92
  ```
122
93
 
123
- For EOA wallets, replace passkey fields with `"userSigner": "0x..."`.
94
+ EOA wallets: replace passkey fields with `"userSigner": "0x..."`.
124
95
 
125
96
  ---
126
97
 
@@ -128,70 +99,37 @@ For EOA wallets, replace passkey fields with `"userSigner": "0x..."`.
128
99
 
129
100
  | Flag | Required | Description |
130
101
  |------|----------|-------------|
131
- | `--chain` | ✅ | Chain name (e.g. `ethereum`, `base`, `sepolia`) |
132
- | `--safe` | ✅ | Wallet (Safe) address |
133
- | `--to` | ✅ | Recipient address |
102
+ | `--chain` | ✅ | `ethereum`, `base`, `arbitrum`, `optimism`, `polygon`, `sepolia`, `base_sepolia` |
103
+ | `--safe` | ✅ | Wallet address |
104
+ | `--to` | ✅ | Recipient |
134
105
  | `--value-eth` | ✅ | Amount in ETH |
135
106
  | `--signer-type` | ✅ | `passkey` or `eoa` |
136
- | `--passkey-x` | passkey | Passkey public key X |
137
- | `--passkey-y` | passkey | Passkey public key Y |
107
+ | `--passkey-x/y` | passkey | Passkey public key |
138
108
  | `--user-signer` | eoa | User's EOA address |
139
- | `--recovery` | first tx | Recovery signer address |
140
- | `--nonce` | optional | Force nonce (for replacements) |
109
+ | `--recovery` | first tx | Recovery signer |
110
+ | `--nonce` | optional | Force nonce (replacements) |
141
111
  | `--purpose` | optional | Human-readable label |
142
112
 
143
- ### Supported Chains
144
-
145
- `ethereum`, `base`, `arbitrum`, `optimism`, `polygon`, `sepolia`, `base_sepolia`
146
-
147
- Wallet address is the same across all chains (counterfactual). **Do not assume a default chain.** Ask the user which chain if not specified.
113
+ Wallet address is the same across all chains. **Ask which chain if not specified.**
148
114
 
149
115
  ---
150
116
 
151
117
  ## Transaction Patterns
152
118
 
153
- **Sequential**: Just call propose multiple times. Nonces auto-increment.
154
-
155
- **Replace**: Propose with `--nonce N` to replace a pending tx at nonce N.
156
-
157
- **Cascade**: Rejecting tx at nonce N invalidates all tx with nonce > N. Irreversible.
119
+ - **Sequential**: Propose multiple times. Nonces auto-increment.
120
+ - **Replace**: `--nonce N` to replace pending tx at nonce N.
121
+ - **Cascade**: Rejecting nonce N invalidates all higher nonces. Irreversible.
158
122
 
159
- ⚠️ **Never propose a new nonce then reject an older one**the cascade will destroy your new tx too.
123
+ ⚠️ Never propose then reject an older nonce — cascade destroys your new tx.
160
124
 
161
125
  ---
162
126
 
163
- ## Reconnect (Wallet Recovery)
127
+ ## Reconnect
164
128
 
165
- If the user cleared their browser data:
129
+ Browser data cleared? Build a reconnect link:
166
130
 
167
131
  ```
168
- https://nodpay.ai/?agent=YOUR_AGENT_ADDRESS&safe=WALLET_ADDRESS&recovery=RECOVERY_SIGNER&x=PASSKEY_X&y=PASSKEY_Y
132
+ https://nodpay.ai/?agent=AGENT&safe=SAFE&recovery=RECOVERY&x=X&y=Y
169
133
  ```
170
134
 
171
- User opens → verifies passkey → wallet restored. No on-chain action needed.
172
-
173
- ---
174
-
175
- ## Security Model
176
-
177
- | Owner | Holder | Can do |
178
- |-------|--------|--------|
179
- | Agent EOA | You | Propose only |
180
- | Passkey | User's device | Approve or reject |
181
- | Recovery | User's 12-word phrase | Backup access |
182
-
183
- - 2-of-3 threshold — you cannot execute alone
184
- - Passkey X/Y are public key material, safe to store
185
- - No private keys stored on NodPay's server
186
- - Funds are safe on-chain even if NodPay goes offline
187
-
188
- ---
189
-
190
- ## Common Requests
191
-
192
- | User says | Action |
193
- |-----------|--------|
194
- | "create a wallet" | Send `https://nodpay.ai/?agent=YOUR_ADDRESS` |
195
- | "send 0.1 ETH to 0x..." | `npx nodpay propose --chain ...` |
196
- | "pending?" | `GET /api/txs?safe=...` |
197
- | "wallet disappeared" | Send reconnect link |
135
+ User opens → passkey verifies → wallet restored.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nodpay",
3
- "version": "0.2.7",
3
+ "version": "0.2.9",
4
4
  "description": "NodPay CLI — propose on-chain payments from agent-human shared wallets",
5
5
  "type": "module",
6
6
  "bin": {