@xona-labs/xpay 0.1.31 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +41 -0
- package/README.md +37 -2
- package/SKILL.md +12 -6
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,47 @@ versioning follows [Semantic Versioning](https://semver.org/).
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## [0.2.1] – 2026-06-24
|
|
10
|
+
|
|
11
|
+
### Docs
|
|
12
|
+
- **Documented the Bento intent firewall as an optional security layer.** README
|
|
13
|
+
gains a "Security" section (enable / status / disable, no API key, one-time
|
|
14
|
+
on-chain wallet registration, and the ALLOW / BLOCKED / ESCALATED verdicts),
|
|
15
|
+
the MCP tool list re-includes `xpay_bento_status` / `xpay_bento_enable` /
|
|
16
|
+
`xpay_bento_disable`, and SKILL.md re-adds the tools plus a safety note. No
|
|
17
|
+
code change — the firewall shipped in 0.1.28; this release publishes the docs
|
|
18
|
+
to npm.
|
|
19
|
+
|
|
20
|
+
## [0.2.0] – 2026-06-23
|
|
21
|
+
|
|
22
|
+
Milestone release consolidating the 0.1.24–0.1.31 line into four themes.
|
|
23
|
+
|
|
24
|
+
### Easiest onboarding
|
|
25
|
+
- **Zero-config wallet provisioning.** Drop the MCP server into any agent host
|
|
26
|
+
with no env — the agent is given its own persistent wallet on first boot
|
|
27
|
+
(address printed to stderr to fund). Bring-your-own-key and existing profiles
|
|
28
|
+
still take precedence.
|
|
29
|
+
- **`SKILL.md`** — a framework-agnostic guide so any agent (Claude, Codex,
|
|
30
|
+
OpenAI, Gemini, custom) can drive xPay's tools, kept current with this release.
|
|
31
|
+
|
|
32
|
+
### Smart pay routing
|
|
33
|
+
- **Balance-aware network selection.** When a service accepts multiple networks,
|
|
34
|
+
`use` / `do` pay from the first network whose balance covers the cost (a $0
|
|
35
|
+
Base wallet falls through to a funded Solana one). When none can cover it, the
|
|
36
|
+
call fails fast with a clear per-network balance error instead of a raw 402.
|
|
37
|
+
- **Broader x402 compatibility.** The payment payload is sent under both
|
|
38
|
+
`X-PAYMENT` and `Payment-Signature`, so providers that read the latter
|
|
39
|
+
(e.g. Nansen) now settle.
|
|
40
|
+
|
|
41
|
+
### Spending guardrail
|
|
42
|
+
- Surfaced as a first-class feature: per-tx / per-day USD caps, allowed-host
|
|
43
|
+
list, and an approval threshold, all enforced **before signing**. Two-step
|
|
44
|
+
confirmation guards MCP transfers.
|
|
45
|
+
|
|
46
|
+
### Reporting
|
|
47
|
+
- Comprehensive on-chain USDC usage report (daily / weekly / monthly) via
|
|
48
|
+
OrbitX402 — summary, timeline, top counterparties, and biggest transactions.
|
|
49
|
+
|
|
9
50
|
## [0.1.31] – 2026-06-23
|
|
10
51
|
|
|
11
52
|
### Fixed
|
package/README.md
CHANGED
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
# @xona-labs/xpay
|
|
2
2
|
|
|
3
|
+
[](https://www.npmjs.com/package/@xona-labs/xpay)
|
|
4
|
+
[](https://www.npmjs.com/package/@xona-labs/xpay)
|
|
5
|
+
[](https://github.com/xona-labs/xpay/blob/main/LICENSE)
|
|
6
|
+

|
|
7
|
+
|
|
3
8
|
> **Agentic-commerce wallet.** Multi-network USDC wallet, x402 payments, and discovery across 20,000+ services — as a CLI, an SDK, and an MCP server.
|
|
4
9
|
|
|
5
10
|
```bash
|
|
@@ -155,7 +160,7 @@ That's the whole setup. The generated wallet's **Solana address is printed to
|
|
|
155
160
|
stderr on first run** — fund it with USDC and the agent can pay. It persists
|
|
156
161
|
under `~/.xpay` and is reused on every later boot, so the address is stable.
|
|
157
162
|
|
|
158
|
-
The host sees the core tools: `xpay_discover`, `xpay_use`, `xpay_do`, `xpay_transfer`, `xpay_balance`, `xpay_report`, `xpay_guardrail`, plus `xpay_bento_status` / `xpay_bento_enable` / `xpay_bento_disable` to manage the [
|
|
163
|
+
The host sees the core tools: `xpay_discover`, `xpay_use`, `xpay_do`, `xpay_transfer`, `xpay_balance`, `xpay_report`, `xpay_guardrail`, plus `xpay_bento_status` / `xpay_bento_enable` / `xpay_bento_disable` to manage the [intent firewall](#security--bento-intent-firewall-optional). If you've linked a Sana key (see below), eight additional `sana_*` tools are also registered automatically.
|
|
159
164
|
|
|
160
165
|
**Bring your own wallet instead** — the wallet source order is *existing profile → key env → auto-generate*, so any of these overrides the generated wallet:
|
|
161
166
|
|
|
@@ -221,6 +226,8 @@ xpay guardrail set \
|
|
|
221
226
|
--allowed-hosts 'api.payai.network,*.xona-agent.com'
|
|
222
227
|
```
|
|
223
228
|
|
|
229
|
+
- **`maxPerTx` / `maxPerDay`** — apply to every paid call *and* direct transfers.
|
|
230
|
+
- **`allowedHosts`** — apply only to x402 calls (transfers go to addresses, not hosts).
|
|
224
231
|
- **`maxPerTx` / `maxPerDay`** — apply to every paid call *and* direct transfers.
|
|
225
232
|
- **`allowedHosts`** — apply only to x402 calls (transfers go to addresses, not hosts).
|
|
226
233
|
- **`requireApprovalAbove`** — calls ≥ threshold need explicit approval. In the CLI this is a
|
|
@@ -229,6 +236,34 @@ xpay guardrail set \
|
|
|
229
236
|
surfaces as a system dialog you physically approve. In the SDK, wire the
|
|
230
237
|
`onApprovalRequired` hook to whatever you like — push notification, biometric, webhook.
|
|
231
238
|
|
|
239
|
+
## Security — Bento intent firewall (optional)
|
|
240
|
+
|
|
241
|
+
Spend caps stop an agent spending *too much* — they can't tell a legitimate payment from a
|
|
242
|
+
prompt-injected one. The optional [Bento](https://app.bentoguard.xyz/) layer adds an **AI intent
|
|
243
|
+
firewall**: every paid call and transfer is screened for malicious intent (prompt-injection,
|
|
244
|
+
wallet-drain, intent-vs-execution mismatch) *before signing*. It runs inside the guardrail, right
|
|
245
|
+
after the local caps pass.
|
|
246
|
+
|
|
247
|
+
```bash
|
|
248
|
+
xpay bento enable # prints the agent wallet address to register
|
|
249
|
+
xpay bento status # whether screening is active
|
|
250
|
+
xpay bento disable # turn off — falls back to local caps only
|
|
251
|
+
```
|
|
252
|
+
|
|
253
|
+
There's **no API key** — Bento authenticates with the wallet's own key. The one manual step is a
|
|
254
|
+
**one-time, on-chain registration** of the agent wallet at
|
|
255
|
+
[app.bentoguard.xyz](https://app.bentoguard.xyz/) (log in with your owner wallet; until the agent
|
|
256
|
+
wallet is registered, payments are rejected with `Agent not found`).
|
|
257
|
+
|
|
258
|
+
Each screened call returns a verdict:
|
|
259
|
+
|
|
260
|
+
- **`ALLOW`** — cleared; xPay signs as normal.
|
|
261
|
+
- **`BLOCKED`** — flagged as a critical threat; xPay throws before signing, no funds move.
|
|
262
|
+
- **`ESCALATED`** — ambiguous; xPay defers to your `onApprovalRequired` hook, or fails closed.
|
|
263
|
+
|
|
264
|
+
Agents can manage it over MCP too: `xpay_bento_status`, `xpay_bento_enable`, `xpay_bento_disable`
|
|
265
|
+
(disable is the escape hatch when the wallet isn't registered yet).
|
|
266
|
+
|
|
232
267
|
## Sana agent wallet card (optional)
|
|
233
268
|
|
|
234
269
|
xPay supports an optional integration with [Sana](https://sana.bot) — an agent-native card that lets your AI spend at the point of sale, anywhere Visa is accepted.
|
|
@@ -314,7 +349,7 @@ Public RPCs work for development but rate-limit hard. Production deployments sho
|
|
|
314
349
|
**v0.1 (current):**
|
|
315
350
|
- ✅ CLI: init, accounts, balance, discover, pay, transfer, report, guardrail, mcp
|
|
316
351
|
- ✅ SDK: full parity with CLI; tool exporters for Claude / OpenAI / Gemini
|
|
317
|
-
- ✅ MCP server on stdio with 10
|
|
352
|
+
- ✅ MCP server on stdio with 10 tools (incl. the Bento intent firewall)
|
|
318
353
|
- ✅ Solana + Base mainnet with disk caching
|
|
319
354
|
- ✅ Optional Sana agent card integration (`xpay sana link`) — 8 additional `sana_*` tools
|
|
320
355
|
|
package/SKILL.md
CHANGED
|
@@ -56,6 +56,12 @@ of a cent to a few cents per call). `xpay_use` / `xpay_do` settle the payment
|
|
|
56
56
|
and call the service in one round-trip — the agent just receives the result. A
|
|
57
57
|
small platform fee ($0.01 USDC) applies per paid call.
|
|
58
58
|
|
|
59
|
+
When a service accepts more than one network (e.g. Base **and** Solana), xPay
|
|
60
|
+
**routes automatically to a funded network** — it pays from the first one whose
|
|
61
|
+
balance covers the cost, so a $0 Base wallet falls through to a funded Solana
|
|
62
|
+
one. If no network has the funds, the call fails fast with a clear
|
|
63
|
+
"insufficient balance" message naming each network's balance.
|
|
64
|
+
|
|
59
65
|
The agent pays from its own wallet, so **it must be funded first**. If a call
|
|
60
66
|
fails for lack of funds, ask the user to send USDC to the address from
|
|
61
67
|
`xpay_balance` (Solana mainnet or Base).
|
|
@@ -68,12 +74,12 @@ fails for lack of funds, ask the user to send USDC to the address from
|
|
|
68
74
|
- **Transfers need confirmation.** `xpay_transfer` only *stages* a transfer; it
|
|
69
75
|
returns a code. Show the user the amount + destination and only call
|
|
70
76
|
`xpay_transfer_confirm` after they approve. Never move funds unprompted.
|
|
71
|
-
- **Bento intent firewall (optional).** When enabled, every
|
|
72
|
-
for malicious intent (prompt-injection, wallet-drain)
|
|
73
|
-
`BLOCKED` result means stop. Toggle with
|
|
74
|
-
`xpay_bento_disable`; it
|
|
75
|
-
app.bentoguard.xyz, and until then payments are rejected —
|
|
76
|
-
back to local caps if you don't want to register.
|
|
77
|
+
- **Bento intent firewall (optional security layer).** When enabled, every
|
|
78
|
+
payment is screened for malicious intent (prompt-injection, wallet-drain)
|
|
79
|
+
before signing. A `BLOCKED` result means stop. Toggle with
|
|
80
|
+
`xpay_bento_enable` / `xpay_bento_disable`; it needs a one-time wallet
|
|
81
|
+
registration at app.bentoguard.xyz, and until then payments are rejected —
|
|
82
|
+
disable it to fall back to local caps if you don't want to register.
|
|
77
83
|
|
|
78
84
|
## Recipes
|
|
79
85
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@xona-labs/xpay",
|
|
3
|
-
"version": "0.1
|
|
3
|
+
"version": "0.2.1",
|
|
4
4
|
"description": "Discovery and usage layer for agentic commerce — multi-network wallet, x402 payments, 20k+ services via PayAI and other catalogs",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|