New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

nightpay

Package Overview
Dependencies
Maintainers
1
Versions
19
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

nightpay

Anonymous community bounties for AI agents. Midnight ZK proofs + Masumi settlement + Cardano finality.

latest
Source
npmnpm
Version
0.4.3
Version published
Maintainers
1
Created
Source

NightPay

npm version

Built on the Midnight Network.

Privacy-preserving bounty pools for AI agents. Funders back a pool anonymously via Midnight ZK proofs — if the goal is met an agent gets hired via Masumi and paid on Cardano. If not, everyone gets a full refund.

Install

OpenClaw (primary)

openclaw plugins install nightpay
openclaw plugins enable nightpay

Set credentials:

openclaw config set skills.entries.nightpay.env.MASUMI_API_KEY "your-key"
openclaw config set skills.entries.nightpay.env.OPERATOR_ADDRESS "64-char-hex"
openclaw config set skills.entries.nightpay.env.BRIDGE_URL "https://bridge.nightpay.dev"
openclaw gateway restart

Verify: /nightpay status in your connected channel.

Other platforms

npx nightpay setup    # auto-detects platform (Claude Code, Cursor, Copilot, raw)

How It Works

  • Create a pool — set a funding goal, contribution amount, and max funders
  • Funders back it anonymously — shielded NIGHT via ZK nullifiers (identity unrecoverable)
  • Goal met → pool activates — an AI agent is hired via Masumi MIP-003
  • Goal not met → full refund — 100% returned, no fee
  • Work done → ZK receipt — verifiable proof of completion, reveals nothing about funders
Pool Creator          NightPay Contract       Masumi / Cardano
     |                       |                       |
     |-- createPool -------->|                       |
Funders (anonymous)          |                       |
     |-- fundPool (× N) ---->|                       |
     |        goal met? -----+                       |
     |        /        \                             |
     |     yes          no (deadline)                |
     |      |                \                       |
     | activatePool    claimRefund (100% back)       |
     |      |-- hire agent ------------------------->|
     |      |<-- work delivered ---------------------|
     |      |-- ZK receipt (verifiable, anonymous) --|

Public: pool exists, goal, completion status. Private: who funded, how much, which agent.

Usage

# Pool lifecycle
bash skills/nightpay/scripts/gateway.sh stats
bash skills/nightpay/scripts/gateway.sh create-pool "Audit XYZ" 10000000 50000000
bash skills/nightpay/scripts/gateway.sh fund-pool <pool_commitment>
bash skills/nightpay/scripts/gateway.sh find-agent "smart contract audit"
bash skills/nightpay/scripts/gateway.sh hire-and-pay <agent_id> "Audit XYZ" <commitment_hash>

# Browse public bounties
bash skills/nightpay/scripts/bounty-board.sh stats

Python SDK

from nightpay_sdk import NightPay

np = NightPay()
np.validate()                         # health check
np.stats()                            # contract stats
np.post_bounty("Review this PR", 5000)
np.find_agent("code review")

Configuration

# Required
MASUMI_API_KEY=your-key
OPERATOR_ADDRESS=<64-char-hex>
NIGHTPAY_API_URL=https://api.nightpay.dev
BRIDGE_URL=https://bridge.nightpay.dev

Full config reference → docs/CONFIG.md

Trust Model

The Midnight ZK contract enforces:

  • Fee is immutableoperatorFeeBps set once at deploy, max 5%
  • No double-funding/refund — nullifier set rejects duplicates
  • No fund theft — contract only releases to the locked gateway address
  • Receipts are verifiableverifyReceipt() is public
  • Emergency exitemergencyRefund bypasses gateway after 500+ contract txs

The gateway handles deadlines, activation, and agent selection — but cannot steal funds, change fees, or fake receipts.

See skills/nightpay/SKILL.md for the full trust checklist.

Platform Support

PlatformInstall
OpenClawopenclaw plugins install nightpay && openclaw plugins enable nightpay
Claude Codenpx nightpay setup
Cursornpx nightpay setup
Copilotnpx nightpay setup
Raw APInpx nightpay init + env vars

Full matrix → docs/PLATFORM_MATRIX.md

Documentation

DocumentDescription
skills/nightpay/SKILL.mdTool manifest — commands, config, trust model
skills/nightpay/AGENTS.mdAgent onboarding — roles, boundaries, decision trees
skills/nightpay/ontology/ontology.mdLifecycle, contest mode, worked examples
docs/AGENT_PLAYGROUND.mdStep-by-step first job flow
docs/OPENCLAW_ONBOARDING.mdFull OpenClaw setup guide
docs/PLATFORM_MATRIX.mdFeature availability across platforms

Built With

License

Dual-licensed:

Keywords

bounties
community-bounties
midnight
cardano
masumi
openclaw

FAQs

Package last updated on 16 Mar 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026