@xona-labs/xpay 0.1.31 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -6,6 +6,47 @@ versioning follows [Semantic Versioning](https://semver.org/).
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## [0.2.1] – 2026-06-24
10
+
11
+ ### Docs
12
+ - **Documented the Bento intent firewall as an optional security layer.** README
13
+ gains a "Security" section (enable / status / disable, no API key, one-time
14
+ on-chain wallet registration, and the ALLOW / BLOCKED / ESCALATED verdicts),
15
+ the MCP tool list re-includes `xpay_bento_status` / `xpay_bento_enable` /
16
+ `xpay_bento_disable`, and SKILL.md re-adds the tools plus a safety note. No
17
+ code change — the firewall shipped in 0.1.28; this release publishes the docs
18
+ to npm.
19
+
20
+ ## [0.2.0] – 2026-06-23
21
+
22
+ Milestone release consolidating the 0.1.24–0.1.31 line into four themes.
23
+
24
+ ### Easiest onboarding
25
+ - **Zero-config wallet provisioning.** Drop the MCP server into any agent host
26
+ with no env — the agent is given its own persistent wallet on first boot
27
+ (address printed to stderr to fund). Bring-your-own-key and existing profiles
28
+ still take precedence.
29
+ - **`SKILL.md`** — a framework-agnostic guide so any agent (Claude, Codex,
30
+ OpenAI, Gemini, custom) can drive xPay's tools, kept current with this release.
31
+
32
+ ### Smart pay routing
33
+ - **Balance-aware network selection.** When a service accepts multiple networks,
34
+ `use` / `do` pay from the first network whose balance covers the cost (a $0
35
+ Base wallet falls through to a funded Solana one). When none can cover it, the
36
+ call fails fast with a clear per-network balance error instead of a raw 402.
37
+ - **Broader x402 compatibility.** The payment payload is sent under both
38
+ `X-PAYMENT` and `Payment-Signature`, so providers that read the latter
39
+ (e.g. Nansen) now settle.
40
+
41
+ ### Spending guardrail
42
+ - Surfaced as a first-class feature: per-tx / per-day USD caps, allowed-host
43
+ list, and an approval threshold, all enforced **before signing**. Two-step
44
+ confirmation guards MCP transfers.
45
+
46
+ ### Reporting
47
+ - Comprehensive on-chain USDC usage report (daily / weekly / monthly) via
48
+ OrbitX402 — summary, timeline, top counterparties, and biggest transactions.
49
+
9
50
  ## [0.1.31] – 2026-06-23
10
51
 
11
52
  ### Fixed
package/README.md CHANGED
@@ -1,5 +1,10 @@
1
1
  # @xona-labs/xpay
2
2
 
3
+ [![npm](https://img.shields.io/npm/v/@xona-labs/xpay)](https://www.npmjs.com/package/@xona-labs/xpay)
4
+ [![downloads](https://img.shields.io/npm/dm/@xona-labs/xpay)](https://www.npmjs.com/package/@xona-labs/xpay)
5
+ [![license](https://img.shields.io/npm/l/@xona-labs/xpay)](https://github.com/xona-labs/xpay/blob/main/LICENSE)
6
+ ![node](https://img.shields.io/badge/node-%3E%3D18-brightgreen)
7
+
3
8
  > **Agentic-commerce wallet.** Multi-network USDC wallet, x402 payments, and discovery across 20,000+ services — as a CLI, an SDK, and an MCP server.
4
9
 
5
10
  ```bash
@@ -155,7 +160,7 @@ That's the whole setup. The generated wallet's **Solana address is printed to
155
160
  stderr on first run** — fund it with USDC and the agent can pay. It persists
156
161
  under `~/.xpay` and is reused on every later boot, so the address is stable.
157
162
 
158
- The host sees the core tools: `xpay_discover`, `xpay_use`, `xpay_do`, `xpay_transfer`, `xpay_balance`, `xpay_report`, `xpay_guardrail`, plus `xpay_bento_status` / `xpay_bento_enable` / `xpay_bento_disable` to manage the [Bento intent firewall](#guardrail). If you've linked a Sana key (see below), eight additional `sana_*` tools are also registered automatically.
163
+ The host sees the core tools: `xpay_discover`, `xpay_use`, `xpay_do`, `xpay_transfer`, `xpay_balance`, `xpay_report`, `xpay_guardrail`, plus `xpay_bento_status` / `xpay_bento_enable` / `xpay_bento_disable` to manage the [intent firewall](#security--bento-intent-firewall-optional). If you've linked a Sana key (see below), eight additional `sana_*` tools are also registered automatically.
159
164
 
160
165
  **Bring your own wallet instead** — the wallet source order is *existing profile → key env → auto-generate*, so any of these overrides the generated wallet:
161
166
 
@@ -221,6 +226,8 @@ xpay guardrail set \
221
226
  --allowed-hosts 'api.payai.network,*.xona-agent.com'
222
227
  ```
223
228
 
229
+ - **`maxPerTx` / `maxPerDay`** — apply to every paid call *and* direct transfers.
230
+ - **`allowedHosts`** — apply only to x402 calls (transfers go to addresses, not hosts).
224
231
  - **`maxPerTx` / `maxPerDay`** — apply to every paid call *and* direct transfers.
225
232
  - **`allowedHosts`** — apply only to x402 calls (transfers go to addresses, not hosts).
226
233
  - **`requireApprovalAbove`** — calls ≥ threshold need explicit approval. In the CLI this is a
@@ -229,6 +236,34 @@ xpay guardrail set \
229
236
  surfaces as a system dialog you physically approve. In the SDK, wire the
230
237
  `onApprovalRequired` hook to whatever you like — push notification, biometric, webhook.
231
238
 
239
+ ## Security — Bento intent firewall (optional)
240
+
241
+ Spend caps stop an agent spending *too much* — they can't tell a legitimate payment from a
242
+ prompt-injected one. The optional [Bento](https://app.bentoguard.xyz/) layer adds an **AI intent
243
+ firewall**: every paid call and transfer is screened for malicious intent (prompt-injection,
244
+ wallet-drain, intent-vs-execution mismatch) *before signing*. It runs inside the guardrail, right
245
+ after the local caps pass.
246
+
247
+ ```bash
248
+ xpay bento enable # prints the agent wallet address to register
249
+ xpay bento status # whether screening is active
250
+ xpay bento disable # turn off — falls back to local caps only
251
+ ```
252
+
253
+ There's **no API key** — Bento authenticates with the wallet's own key. The one manual step is a
254
+ **one-time, on-chain registration** of the agent wallet at
255
+ [app.bentoguard.xyz](https://app.bentoguard.xyz/) (log in with your owner wallet; until the agent
256
+ wallet is registered, payments are rejected with `Agent not found`).
257
+
258
+ Each screened call returns a verdict:
259
+
260
+ - **`ALLOW`** — cleared; xPay signs as normal.
261
+ - **`BLOCKED`** — flagged as a critical threat; xPay throws before signing, no funds move.
262
+ - **`ESCALATED`** — ambiguous; xPay defers to your `onApprovalRequired` hook, or fails closed.
263
+
264
+ Agents can manage it over MCP too: `xpay_bento_status`, `xpay_bento_enable`, `xpay_bento_disable`
265
+ (disable is the escape hatch when the wallet isn't registered yet).
266
+
232
267
  ## Sana agent wallet card (optional)
233
268
 
234
269
  xPay supports an optional integration with [Sana](https://sana.bot) — an agent-native card that lets your AI spend at the point of sale, anywhere Visa is accepted.
@@ -314,7 +349,7 @@ Public RPCs work for development but rate-limit hard. Production deployments sho
314
349
  **v0.1 (current):**
315
350
  - ✅ CLI: init, accounts, balance, discover, pay, transfer, report, guardrail, mcp
316
351
  - ✅ SDK: full parity with CLI; tool exporters for Claude / OpenAI / Gemini
317
- - ✅ MCP server on stdio with 10 core tools (incl. Bento firewall controls)
352
+ - ✅ MCP server on stdio with 10 tools (incl. the Bento intent firewall)
318
353
  - ✅ Solana + Base mainnet with disk caching
319
354
  - ✅ Optional Sana agent card integration (`xpay sana link`) — 8 additional `sana_*` tools
320
355
 
package/SKILL.md CHANGED
@@ -56,6 +56,12 @@ of a cent to a few cents per call). `xpay_use` / `xpay_do` settle the payment
56
56
  and call the service in one round-trip — the agent just receives the result. A
57
57
  small platform fee ($0.01 USDC) applies per paid call.
58
58
 
59
+ When a service accepts more than one network (e.g. Base **and** Solana), xPay
60
+ **routes automatically to a funded network** — it pays from the first one whose
61
+ balance covers the cost, so a $0 Base wallet falls through to a funded Solana
62
+ one. If no network has the funds, the call fails fast with a clear
63
+ "insufficient balance" message naming each network's balance.
64
+
59
65
  The agent pays from its own wallet, so **it must be funded first**. If a call
60
66
  fails for lack of funds, ask the user to send USDC to the address from
61
67
  `xpay_balance` (Solana mainnet or Base).
@@ -68,12 +74,12 @@ fails for lack of funds, ask the user to send USDC to the address from
68
74
  - **Transfers need confirmation.** `xpay_transfer` only *stages* a transfer; it
69
75
  returns a code. Show the user the amount + destination and only call
70
76
  `xpay_transfer_confirm` after they approve. Never move funds unprompted.
71
- - **Bento intent firewall (optional).** When enabled, every payment is screened
72
- for malicious intent (prompt-injection, wallet-drain) before signing. A
73
- `BLOCKED` result means stop. Toggle with `xpay_bento_enable` /
74
- `xpay_bento_disable`; it requires a one-time wallet registration at
75
- app.bentoguard.xyz, and until then payments are rejected — disable it to fall
76
- back to local caps if you don't want to register.
77
+ - **Bento intent firewall (optional security layer).** When enabled, every
78
+ payment is screened for malicious intent (prompt-injection, wallet-drain)
79
+ before signing. A `BLOCKED` result means stop. Toggle with
80
+ `xpay_bento_enable` / `xpay_bento_disable`; it needs a one-time wallet
81
+ registration at app.bentoguard.xyz, and until then payments are rejected —
82
+ disable it to fall back to local caps if you don't want to register.
77
83
 
78
84
  ## Recipes
79
85
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@xona-labs/xpay",
3
- "version": "0.1.31",
3
+ "version": "0.2.1",
4
4
  "description": "Discovery and usage layer for agentic commerce — multi-network wallet, x402 payments, 20k+ services via PayAI and other catalogs",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",