@agentsbank/sdk 1.0.8 → 1.0.10

package/.env.example

@@ -0,0 +1,53 @@
+# AgentsBank SDK - Environment Variables Template
+# Copy this to .env and fill in your actual credentials
+# SECURITY WARNING: Never commit .env to version control
+
+# ============================================
+# API Configuration (REQUIRED)
+# ============================================
+# Base URL of AgentsBank API
+# For local development: http://localhost:3000
+# For production: https://api.agentsbank.online
+AGENTSBANK_API_URL=https://api.agentsbank.online
+
+# ============================================
+# Authentication (Choose ONE method)
+# ============================================
+
+# METHOD 1: API Key (Recommended for production)
+AGENTSBANK_API_KEY=your-api-key-here-do-not-share
+
+# METHOD 2: Agent Credentials (For testing/setup)
+# Uncomment and fill only if using credential-based auth
+# AGENTSBANK_AGENT_USERNAME=agent_name
+# AGENTSBANK_AGENT_PASSWORD=agent_password_secret
+
+# ============================================
+# Optional: Pre-authenticated Token
+# ============================================
+# Only needed if you have a pre-issued JWT token
+# AGENTSBANK_AUTH_TOKEN=jwt-token-here
+
+# ============================================
+# Optional: Runtime Configuration
+# ============================================
+# Environment: 'production' or 'sandbox'
+AGENTSBANK_ENVIRONMENT=production
+
+# Request timeout in milliseconds
+AGENTSBANK_TIMEOUT_MS=10000
+
+# Enable audit logging
+AGENTSBANK_AUDIT_LOG=true
+
+# Webhook URL for transaction notifications (optional)
+# AGENTSBANK_WEBHOOK_URL=https://your-domain.com/webhooks/agentsbank
+
+# ============================================
+# Security Checklist
+# ============================================
+# ✓ API key obtained from https://dashboard.agentsbank.ai
+# ✓ Never commit this file to git (add to .gitignore)
+# ✓ Rotate API key monthly or when team member leaves
+# ✓ Use different credentials for development vs production
+# ✓ Enable audit logging in production

package/CHANGELOG.md

@@ -5,37 +5,33 @@ All notable changes to the AgentsBank SDK are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [1.0.8] - 2026-02-14
-
-### Fixed
-- **Critical**: Fixed all SDK endpoint paths to include `/api` prefix for compatibility with backend routing
-  - `/auth/agent/login` → `/api/auth/agent/login`
-  - `/wallets` → `/api/wallets`
-  - `/transactions` → `/api/transactions`
-  - All wallet, transaction, and auth endpoints updated
-- **Enhanced error handling**: Added response interceptor to provide detailed error messages
-  - API errors now show status codes and endpoint URLs
-  - Network errors provide guidance on API availability
-  - Authentication errors suggest credential verification
-- **SDK configuration**: Updated default API URL from `api.agentsbank.ai` to `api.agentsbank.online`
-- **Login error messages**: Improved authentication error feedback with specific guidance
-- **NPM Publishing**: Added public access configuration for scoped package
+## [1.0.10] - 2026-02-14
 
 ### Added
-- Response error interceptor for better debugging experience
-- Network error detection with "API might be offline" message
-- Endpoint URL in error messages for easier troubleshooting
-- Public access configuration in package.json
+- **Autonomous Mode Support**: Added optional `autonomousMode` config flag for trusted agents
+  - Allows financial transactions without `UserApprovalContext` when explicitly enabled
+  - Maintains security by requiring guardrails (spending limits, audit logging, whitelisting)
+  - Still generates audit trail with synthetic approval context for compliance
 
-### Security
-- No changes to security constraints. SDK continues to require:
-  - Explicit API credentials (apiUrl + apiKey or agent credentials)
-  - UserApprovalContext for financial operations
-  - Audit logging for all transactions
+### Changed
+- Updated all domain references from `agentsbank.ai` to `agentsbank.online`
+- Improved security documentation to reflect default-secure-but-flexible approach
+- Enhanced README with Autonomous Mode best practices section
+
+### Fixed
+- Type definitions now support `'autonomous'` approval method
+- Response error interceptor provides better error messages
+- Network connectivity detection with helpful guidance
+
+### Documentation
+- Updated all API endpoint examples to use `api.agentsbank.online`
+- Added comprehensive Autonomous Mode setup guide
+- Enhanced security requirements section with dual-mode explanation
+- Updated all support links to `agentsbank.online`
 
 ---
 
-## [1.0.7] - 2026-02-14
+## [1.0.8] - 2026-02-14
 
 ### Fixed
 - Fixed SDK endpoint paths to include `/api` prefix

package/README.md

@@ -2,9 +2,13 @@
 
 ## ⚠️ Critical Security Requirements
 
-This SDK manages **real financial transactions** on blockchain networks. It is **not autonomously invocable** and requires explicit human approval for all financial operations.
+This SDK manages **real financial transactions** on blockchain networks. 
+
+**Default Mode**: Requires explicit human approval for all financial operations via `UserApprovalContext`.
+
+**Autonomous Mode** (Optional): Can be enabled for trusted agents via `autonomousMode: true` config flag. Requires strict guardrails (spending limits, whitelisting, audit logging) to prevent unauthorized transactions.
+
 
----
 
 ## 📋 Credential Checklist
 
@@ -29,7 +33,7 @@ npm install @agentsbank/sdk
 
 ### Setup
 
-1. **Get credentials** from https://dashboard.agentsbank.ai
+1. **Get credentials** from https://dashboard.agentsbank.online
 2. **Copy environment template**:
    ```bash
    cp .env.example .env
@@ -123,6 +127,41 @@ const confirmed = await bank.waitForConfirmation(
 console.log('Final status:', confirmed.status); // 'confirmed' | 'failed'
 ```
 
+### 🚀 Autonomous Mode (Advanced)
+
+**For trusted autonomous agents only** - allows financial operations without human approval.
+
+```typescript
+// Initialize with autonomous mode enabled
+const autonomousBank = new AgentsBankSDK({
+  apiUrl: process.env.AGENTSBANK_API_URL!,
+  apiKey: process.env.AGENTSBANK_API_KEY!,
+  autonomousMode: true,  // ⚠️  Enable autonomous execution
+  auditLogger: (event) => {
+    console.log(`[AUTONOMOUS] ${event.operation}`, event);
+  }
+});
+
+// Now transactions can execute without UserApprovalContext
+const transaction = await autonomousBank.sendTransaction(
+  walletId,
+  '0xRecipient...',
+  '1.5',
+  undefined,  // ← No approval needed in autonomous mode
+  'ETH'
+);
+
+// ✅ Still logs as 'agent_autonomous_...' for audit trail
+console.log('Autonomous Transaction ID:', transaction.tx_id);
+```
+
+**⚠️  Security Requirements for Autonomous Mode:**
+- Guardrails MUST be configured (max daily spend, transaction limits, whitelist)
+- Audit logging MUST be enabled
+- Should be used only for time-sensitive agent operations
+- Spending limits should be conservative
+- Agent should have read-only access to limited wallets
+
 ---
 
 ## 🔑 Authentication Methods
@@ -131,7 +170,7 @@ console.log('Final status:', confirmed.status); // 'confirmed' | 'failed'
 
 ```typescript
 const bank = new AgentsBankSDK({
-  apiUrl: 'https://api.agentsbank.ai',
+  apiUrl: 'https://api.agentsbank.online',
   apiKey: process.env.AGENTSBANK_API_KEY, // From dashboard
 });
 ```
@@ -140,7 +179,7 @@ const bank = new AgentsBankSDK({
 
 ```typescript
 const bank = new AgentsBankSDK({
-  apiUrl: 'https://api.agentsbank.ai',
+  apiUrl: 'https://api.agentsbank.online',
   agentUsername: process.env.AGENTSBANK_AGENT_USERNAME,
   agentPassword: process.env.AGENTSBANK_AGENT_PASSWORD,
 });
@@ -153,7 +192,7 @@ const token = await bank.login();
 
 ```typescript
 const bank = new AgentsBankSDK({
-  apiUrl: 'https://api.agentsbank.ai',
+  apiUrl: 'https://api.agentsbank.online',
   token: process.env.AGENTSBANK_AUTH_TOKEN, // JWT from previous auth
 });
 ```
@@ -175,11 +214,11 @@ echo ".env.*.local" >> .gitignore
 
 ```bash
 # development
-AGENTSBANK_API_URL=https://sandbox.agentsbank.ai
+AGENTSBANK_API_URL=https://sandbox.agentsbank.online
 AGENTSBANK_API_KEY=sk_sandbox_...
 
 # production
-AGENTSBANK_API_URL=https://api.agentsbank.ai
+AGENTSBANK_API_URL=https://api.agentsbank.online
 AGENTSBANK_API_KEY=sk_prod_...
 ```
 
@@ -325,10 +364,10 @@ All SDK operations are logged with:
 
 ## 📞 Support
 
-- **Documentation**: https://docs.agentsbank.ai
-- **Dashboard**: https://dashboard.agentsbank.ai
-- **Status Page**: https://status.agentsbank.ai
-- **Security Issues**: security@agentsbank.ai
+- **Documentation**: https://docs.agentsbank.online
+- **Dashboard**: https://dashboard.agentsbank.online
+- **Status Page**: https://status.agentsbank.online
+- **Security Issues**: security@agentsbank.online
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentsbank/sdk",
-  "version": "1.0.8",
+  "version": "1.0.10",
   "description": "🔒 Secure Financial SDK for AgentsBank - Multi-chain wallet & transaction management. Requires explicit credentials and user authorization for financial operations.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/security-config.ts

@@ -19,7 +19,9 @@ export const SDK_SECURITY_CONFIG = {
   // ============================================
   riskLevel: 'HIGH' as const, // Financial transaction platform
   financialOperations: true,
-  autonomousExecutionAllowed: false, // CRITICAL: Must not be autonomously invocable
+  autonomousExecutionAllowed: false, // DEFAULT: Must not be autonomously invocable
+  autonomousModeSupportedButOptional: true, // Can be enabled via config flag if needed
+  defaultRequiresApproval: true, // By default, all transactions require approval
 
   // ============================================
   // Credential Scope & Constraints
@@ -61,12 +63,14 @@ export const SDK_SECURITY_CONFIG = {
   // ============================================
   financialOperationConstraints: {
     sendTransaction: {
-      requiresUserApprovalContext: true,
+      requiresUserApprovalContext: true, // DEFAULT: Always required
+      canBypassApprovalInAutonomousMode: true, // Can be disabled if autonomousMode=true in SDKConfig
       requiresUserId: true,
       requiresApprovalTimestamp: true,
       auditLoggingRequired: true,
       atomicity: 'required' as const, // Must succeed or fail completely
       rollbackOnFailure: true,
+      warningIfAutonomous: 'Executing financial transaction WITHOUT human approval',
     },
     createWallet: {
       requiresUserApprovalContext: false, // Optional for wallet creation