@xona-labs/xpay 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/README.md +37 -2
- package/SKILL.md +9 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,17 @@ versioning follows [Semantic Versioning](https://semver.org/).
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## [0.2.1] – 2026-06-24
|
|
10
|
+
|
|
11
|
+
### Docs
|
|
12
|
+
- **Documented the Bento intent firewall as an optional security layer.** README
|
|
13
|
+
gains a "Security" section (enable / status / disable, no API key, one-time
|
|
14
|
+
on-chain wallet registration, and the ALLOW / BLOCKED / ESCALATED verdicts),
|
|
15
|
+
the MCP tool list re-includes `xpay_bento_status` / `xpay_bento_enable` /
|
|
16
|
+
`xpay_bento_disable`, and SKILL.md re-adds the tools plus a safety note. No
|
|
17
|
+
code change — the firewall shipped in 0.1.28; this release publishes the docs
|
|
18
|
+
to npm.
|
|
19
|
+
|
|
9
20
|
## [0.2.0] – 2026-06-23
|
|
10
21
|
|
|
11
22
|
Milestone release consolidating the 0.1.24–0.1.31 line into four themes.
|
package/README.md
CHANGED
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
# @xona-labs/xpay
|
|
2
2
|
|
|
3
|
+
[](https://www.npmjs.com/package/@xona-labs/xpay)
|
|
4
|
+
[](https://www.npmjs.com/package/@xona-labs/xpay)
|
|
5
|
+
[](https://github.com/xona-labs/xpay/blob/main/LICENSE)
|
|
6
|
+

|
|
7
|
+
|
|
3
8
|
> **Agentic-commerce wallet.** Multi-network USDC wallet, x402 payments, and discovery across 20,000+ services — as a CLI, an SDK, and an MCP server.
|
|
4
9
|
|
|
5
10
|
```bash
|
|
@@ -155,7 +160,7 @@ That's the whole setup. The generated wallet's **Solana address is printed to
|
|
|
155
160
|
stderr on first run** — fund it with USDC and the agent can pay. It persists
|
|
156
161
|
under `~/.xpay` and is reused on every later boot, so the address is stable.
|
|
157
162
|
|
|
158
|
-
The host sees
|
|
163
|
+
The host sees the core tools: `xpay_discover`, `xpay_use`, `xpay_do`, `xpay_transfer`, `xpay_balance`, `xpay_report`, `xpay_guardrail`, plus `xpay_bento_status` / `xpay_bento_enable` / `xpay_bento_disable` to manage the [intent firewall](#security--bento-intent-firewall-optional). If you've linked a Sana key (see below), eight additional `sana_*` tools are also registered automatically.
|
|
159
164
|
|
|
160
165
|
**Bring your own wallet instead** — the wallet source order is *existing profile → key env → auto-generate*, so any of these overrides the generated wallet:
|
|
161
166
|
|
|
@@ -221,6 +226,8 @@ xpay guardrail set \
|
|
|
221
226
|
--allowed-hosts 'api.payai.network,*.xona-agent.com'
|
|
222
227
|
```
|
|
223
228
|
|
|
229
|
+
- **`maxPerTx` / `maxPerDay`** — apply to every paid call *and* direct transfers.
|
|
230
|
+
- **`allowedHosts`** — apply only to x402 calls (transfers go to addresses, not hosts).
|
|
224
231
|
- **`maxPerTx` / `maxPerDay`** — apply to every paid call *and* direct transfers.
|
|
225
232
|
- **`allowedHosts`** — apply only to x402 calls (transfers go to addresses, not hosts).
|
|
226
233
|
- **`requireApprovalAbove`** — calls ≥ threshold need explicit approval. In the CLI this is a
|
|
@@ -229,6 +236,34 @@ xpay guardrail set \
|
|
|
229
236
|
surfaces as a system dialog you physically approve. In the SDK, wire the
|
|
230
237
|
`onApprovalRequired` hook to whatever you like — push notification, biometric, webhook.
|
|
231
238
|
|
|
239
|
+
## Security — Bento intent firewall (optional)
|
|
240
|
+
|
|
241
|
+
Spend caps stop an agent spending *too much* — they can't tell a legitimate payment from a
|
|
242
|
+
prompt-injected one. The optional [Bento](https://app.bentoguard.xyz/) layer adds an **AI intent
|
|
243
|
+
firewall**: every paid call and transfer is screened for malicious intent (prompt-injection,
|
|
244
|
+
wallet-drain, intent-vs-execution mismatch) *before signing*. It runs inside the guardrail, right
|
|
245
|
+
after the local caps pass.
|
|
246
|
+
|
|
247
|
+
```bash
|
|
248
|
+
xpay bento enable # prints the agent wallet address to register
|
|
249
|
+
xpay bento status # whether screening is active
|
|
250
|
+
xpay bento disable # turn off — falls back to local caps only
|
|
251
|
+
```
|
|
252
|
+
|
|
253
|
+
There's **no API key** — Bento authenticates with the wallet's own key. The one manual step is a
|
|
254
|
+
**one-time, on-chain registration** of the agent wallet at
|
|
255
|
+
[app.bentoguard.xyz](https://app.bentoguard.xyz/) (log in with your owner wallet; until the agent
|
|
256
|
+
wallet is registered, payments are rejected with `Agent not found`).
|
|
257
|
+
|
|
258
|
+
Each screened call returns a verdict:
|
|
259
|
+
|
|
260
|
+
- **`ALLOW`** — cleared; xPay signs as normal.
|
|
261
|
+
- **`BLOCKED`** — flagged as a critical threat; xPay throws before signing, no funds move.
|
|
262
|
+
- **`ESCALATED`** — ambiguous; xPay defers to your `onApprovalRequired` hook, or fails closed.
|
|
263
|
+
|
|
264
|
+
Agents can manage it over MCP too: `xpay_bento_status`, `xpay_bento_enable`, `xpay_bento_disable`
|
|
265
|
+
(disable is the escape hatch when the wallet isn't registered yet).
|
|
266
|
+
|
|
232
267
|
## Sana agent wallet card (optional)
|
|
233
268
|
|
|
234
269
|
xPay supports an optional integration with [Sana](https://sana.bot) — an agent-native card that lets your AI spend at the point of sale, anywhere Visa is accepted.
|
|
@@ -314,7 +349,7 @@ Public RPCs work for development but rate-limit hard. Production deployments sho
|
|
|
314
349
|
**v0.1 (current):**
|
|
315
350
|
- ✅ CLI: init, accounts, balance, discover, pay, transfer, report, guardrail, mcp
|
|
316
351
|
- ✅ SDK: full parity with CLI; tool exporters for Claude / OpenAI / Gemini
|
|
317
|
-
- ✅ MCP server on stdio with
|
|
352
|
+
- ✅ MCP server on stdio with 10 tools (incl. the Bento intent firewall)
|
|
318
353
|
- ✅ Solana + Base mainnet with disk caching
|
|
319
354
|
- ✅ Optional Sana agent card integration (`xpay sana link`) — 8 additional `sana_*` tools
|
|
320
355
|
|
package/SKILL.md
CHANGED
|
@@ -45,6 +45,9 @@ the MCP `env`. To require an explicit wallet (no auto-generation), set
|
|
|
45
45
|
| `xpay_balance` | The wallet's balance per network, plus its addresses (use this to tell the user where to send funds). |
|
|
46
46
|
| `xpay_report` | Spending/income report (daily / weekly / monthly). |
|
|
47
47
|
| `xpay_guardrail` | Read the active spending caps (per-tx, per-day, allowed hosts, approval threshold). |
|
|
48
|
+
| `xpay_bento_status` | Check whether the Bento intent firewall is on (read-only). |
|
|
49
|
+
| `xpay_bento_enable` | Turn the Bento intent firewall on. Returns the agent wallet address to register at app.bentoguard.xyz. |
|
|
50
|
+
| `xpay_bento_disable` | Turn the Bento firewall off — use if the wallet isn't registered and payments are rejected. |
|
|
48
51
|
|
|
49
52
|
## How payment works
|
|
50
53
|
|
|
@@ -71,6 +74,12 @@ fails for lack of funds, ask the user to send USDC to the address from
|
|
|
71
74
|
- **Transfers need confirmation.** `xpay_transfer` only *stages* a transfer; it
|
|
72
75
|
returns a code. Show the user the amount + destination and only call
|
|
73
76
|
`xpay_transfer_confirm` after they approve. Never move funds unprompted.
|
|
77
|
+
- **Bento intent firewall (optional security layer).** When enabled, every
|
|
78
|
+
payment is screened for malicious intent (prompt-injection, wallet-drain)
|
|
79
|
+
before signing. A `BLOCKED` result means stop. Toggle with
|
|
80
|
+
`xpay_bento_enable` / `xpay_bento_disable`; it needs a one-time wallet
|
|
81
|
+
registration at app.bentoguard.xyz, and until then payments are rejected —
|
|
82
|
+
disable it to fall back to local caps if you don't want to register.
|
|
74
83
|
|
|
75
84
|
## Recipes
|
|
76
85
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@xona-labs/xpay",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.1",
|
|
4
4
|
"description": "Discovery and usage layer for agentic commerce — multi-network wallet, x402 payments, 20k+ services via PayAI and other catalogs",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|