@xona-labs/xpay 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -6,6 +6,17 @@ versioning follows [Semantic Versioning](https://semver.org/).
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## [0.2.1] – 2026-06-24
10
+
11
+ ### Docs
12
+ - **Documented the Bento intent firewall as an optional security layer.** README
13
+ gains a "Security" section (enable / status / disable, no API key, one-time
14
+ on-chain wallet registration, and the ALLOW / BLOCKED / ESCALATED verdicts),
15
+ the MCP tool list re-includes `xpay_bento_status` / `xpay_bento_enable` /
16
+ `xpay_bento_disable`, and SKILL.md re-adds the tools plus a safety note. No
17
+ code change — the firewall shipped in 0.1.28; this release publishes the docs
18
+ to npm.
19
+
9
20
  ## [0.2.0] – 2026-06-23
10
21
 
11
22
  Milestone release consolidating the 0.1.24–0.1.31 line into four themes.
package/README.md CHANGED
@@ -1,5 +1,10 @@
1
1
  # @xona-labs/xpay
2
2
 
3
+ [![npm](https://img.shields.io/npm/v/@xona-labs/xpay)](https://www.npmjs.com/package/@xona-labs/xpay)
4
+ [![downloads](https://img.shields.io/npm/dm/@xona-labs/xpay)](https://www.npmjs.com/package/@xona-labs/xpay)
5
+ [![license](https://img.shields.io/npm/l/@xona-labs/xpay)](https://github.com/xona-labs/xpay/blob/main/LICENSE)
6
+ ![node](https://img.shields.io/badge/node-%3E%3D18-brightgreen)
7
+
3
8
  > **Agentic-commerce wallet.** Multi-network USDC wallet, x402 payments, and discovery across 20,000+ services — as a CLI, an SDK, and an MCP server.
4
9
 
5
10
  ```bash
@@ -155,7 +160,7 @@ That's the whole setup. The generated wallet's **Solana address is printed to
155
160
  stderr on first run** — fund it with USDC and the agent can pay. It persists
156
161
  under `~/.xpay` and is reused on every later boot, so the address is stable.
157
162
 
158
- The host sees seven core tools: `xpay_discover`, `xpay_use`, `xpay_do`, `xpay_transfer`, `xpay_balance`, `xpay_report`, `xpay_guardrail`. If you've linked a Sana key (see below), eight additional `sana_*` tools are also registered automatically.
163
+ The host sees the core tools: `xpay_discover`, `xpay_use`, `xpay_do`, `xpay_transfer`, `xpay_balance`, `xpay_report`, `xpay_guardrail`, plus `xpay_bento_status` / `xpay_bento_enable` / `xpay_bento_disable` to manage the [intent firewall](#security--bento-intent-firewall-optional). If you've linked a Sana key (see below), eight additional `sana_*` tools are also registered automatically.
159
164
 
160
165
  **Bring your own wallet instead** — the wallet source order is *existing profile → key env → auto-generate*, so any of these overrides the generated wallet:
161
166
 
@@ -221,6 +226,8 @@ xpay guardrail set \
221
226
  --allowed-hosts 'api.payai.network,*.xona-agent.com'
222
227
  ```
223
228
 
229
+ - **`maxPerTx` / `maxPerDay`** — apply to every paid call *and* direct transfers.
230
+ - **`allowedHosts`** — apply only to x402 calls (transfers go to addresses, not hosts).
224
231
  - **`maxPerTx` / `maxPerDay`** — apply to every paid call *and* direct transfers.
225
232
  - **`allowedHosts`** — apply only to x402 calls (transfers go to addresses, not hosts).
226
233
  - **`requireApprovalAbove`** — calls ≥ threshold need explicit approval. In the CLI this is a
@@ -229,6 +236,34 @@ xpay guardrail set \
229
236
  surfaces as a system dialog you physically approve. In the SDK, wire the
230
237
  `onApprovalRequired` hook to whatever you like — push notification, biometric, webhook.
231
238
 
239
+ ## Security — Bento intent firewall (optional)
240
+
241
+ Spend caps stop an agent spending *too much* — they can't tell a legitimate payment from a
242
+ prompt-injected one. The optional [Bento](https://app.bentoguard.xyz/) layer adds an **AI intent
243
+ firewall**: every paid call and transfer is screened for malicious intent (prompt-injection,
244
+ wallet-drain, intent-vs-execution mismatch) *before signing*. It runs inside the guardrail, right
245
+ after the local caps pass.
246
+
247
+ ```bash
248
+ xpay bento enable # prints the agent wallet address to register
249
+ xpay bento status # whether screening is active
250
+ xpay bento disable # turn off — falls back to local caps only
251
+ ```
252
+
253
+ There's **no API key** — Bento authenticates with the wallet's own key. The one manual step is a
254
+ **one-time, on-chain registration** of the agent wallet at
255
+ [app.bentoguard.xyz](https://app.bentoguard.xyz/) (log in with your owner wallet; until the agent
256
+ wallet is registered, payments are rejected with `Agent not found`).
257
+
258
+ Each screened call returns a verdict:
259
+
260
+ - **`ALLOW`** — cleared; xPay signs as normal.
261
+ - **`BLOCKED`** — flagged as a critical threat; xPay throws before signing, no funds move.
262
+ - **`ESCALATED`** — ambiguous; xPay defers to your `onApprovalRequired` hook, or fails closed.
263
+
264
+ Agents can manage it over MCP too: `xpay_bento_status`, `xpay_bento_enable`, `xpay_bento_disable`
265
+ (disable is the escape hatch when the wallet isn't registered yet).
266
+
232
267
  ## Sana agent wallet card (optional)
233
268
 
234
269
  xPay supports an optional integration with [Sana](https://sana.bot) — an agent-native card that lets your AI spend at the point of sale, anywhere Visa is accepted.
@@ -314,7 +349,7 @@ Public RPCs work for development but rate-limit hard. Production deployments sho
314
349
  **v0.1 (current):**
315
350
  - ✅ CLI: init, accounts, balance, discover, pay, transfer, report, guardrail, mcp
316
351
  - ✅ SDK: full parity with CLI; tool exporters for Claude / OpenAI / Gemini
317
- - ✅ MCP server on stdio with 7 core tools
352
+ - ✅ MCP server on stdio with 10 tools (incl. the Bento intent firewall)
318
353
  - ✅ Solana + Base mainnet with disk caching
319
354
  - ✅ Optional Sana agent card integration (`xpay sana link`) — 8 additional `sana_*` tools
320
355
 
package/SKILL.md CHANGED
@@ -45,6 +45,9 @@ the MCP `env`. To require an explicit wallet (no auto-generation), set
45
45
  | `xpay_balance` | The wallet's balance per network, plus its addresses (use this to tell the user where to send funds). |
46
46
  | `xpay_report` | Spending/income report (daily / weekly / monthly). |
47
47
  | `xpay_guardrail` | Read the active spending caps (per-tx, per-day, allowed hosts, approval threshold). |
48
+ | `xpay_bento_status` | Check whether the Bento intent firewall is on (read-only). |
49
+ | `xpay_bento_enable` | Turn the Bento intent firewall on. Returns the agent wallet address to register at app.bentoguard.xyz. |
50
+ | `xpay_bento_disable` | Turn the Bento firewall off — use if the wallet isn't registered and payments are rejected. |
48
51
 
49
52
  ## How payment works
50
53
 
@@ -71,6 +74,12 @@ fails for lack of funds, ask the user to send USDC to the address from
71
74
  - **Transfers need confirmation.** `xpay_transfer` only *stages* a transfer; it
72
75
  returns a code. Show the user the amount + destination and only call
73
76
  `xpay_transfer_confirm` after they approve. Never move funds unprompted.
77
+ - **Bento intent firewall (optional security layer).** When enabled, every
78
+ payment is screened for malicious intent (prompt-injection, wallet-drain)
79
+ before signing. A `BLOCKED` result means stop. Toggle with
80
+ `xpay_bento_enable` / `xpay_bento_disable`; it needs a one-time wallet
81
+ registration at app.bentoguard.xyz, and until then payments are rejected —
82
+ disable it to fall back to local caps if you don't want to register.
74
83
 
75
84
  ## Recipes
76
85
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@xona-labs/xpay",
3
- "version": "0.2.0",
3
+ "version": "0.2.1",
4
4
  "description": "Discovery and usage layer for agentic commerce — multi-network wallet, x402 payments, 20k+ services via PayAI and other catalogs",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",