agentwallet-sdk 3.4.0 → 3.4.1

package/README.md

@@ -283,6 +283,65 @@ Server verifies payment → returns 200 + data
 
 Your agent's keys never leave the non-custodial wallet. All payments respect on-chain spend limits set by the wallet owner.
 
+## Why Non-Custodial Beats Exchange Wallets
+
+OKX OnchainOS supports 60+ chains. Coinbase Agentic Wallets are backed by a trillion-dollar exchange. Both look impressive on paper. Here's the problem: **they hold your agent's keys.**
+
+That's not a minor implementation detail. It's the entire trust model.
+
+### What custody actually means
+
+When you use an exchange-based agent wallet, your agent's private key lives on their servers. Every transaction your agent signs goes through their infrastructure. They can:
+- Freeze your agent's wallet for any reason (KYC, compliance, a bad week)
+- Be subpoenaed for your agent's transaction history
+- Get hacked — and your agent's keys go with it
+- Change their API, deprecate their SDK, sunset the product
+
+This isn't theoretical. Exchange platforms shut down products, freeze accounts, and go dark. It's happened before. It'll happen again.
+
+### The non-custodial difference
+
+With `agentwallet-sdk`:
+- Your agent's private key is generated locally and **never transmitted anywhere**
+- The wallet contract lives on-chain — no server to shut down
+- Spend limits are enforced by EVM bytecode, not an API policy
+- You can self-host, self-audit, and self-custody everything
+
+```typescript
+// Your keys stay in your environment
+const wallet = createWallet({
+  accountAddress: '0xYOUR_CONTRACT',
+  walletClient: createWalletClient({
+    account: privateKeyToAccount(process.env.AGENT_KEY), // lives here, not on OKX
+    transport: http('https://mainnet.base.org'),
+  }),
+  chain: 'base',
+});
+```
+
+The spend limits (`$25/tx`, `$500/day`) are enforced by the contract itself — not by an exchange API that can change its terms. An agent running over-limit? The contract queues it. No custodian involved.
+
+### When exchange wallets make sense
+
+If you're building a quick demo, need zero infrastructure setup, or are already deep in the Coinbase or OKX ecosystem — their hosted products are fast to integrate. No judgment.
+
+But if you're building production agents that handle real funds, run autonomously, or need to survive beyond a single platform's product lifecycle, you want the keys under your own control.
+
+That's what this SDK is for.
+
+### x402 without custody
+
+The x402 protocol is becoming the standard for AI agent payments. Stripe validated it in February 2026. Coinbase built it into Base. Abstract launched their delegated facilitator model this week.
+
+Every x402 implementation in `agentwallet-sdk` is non-custodial by design:
+- Solana x402: direct signing from your local keypair
+- Base x402: USDC transfer via your on-chain contract
+- Abstract x402: EIP-712 delegated permit, signed locally — the facilitator executes it, but your key authorizes it
+
+OKX OnchainOS supports x402 too — through their custody layer. Your call which model you trust.
+
+---
+
 ## How It Works
 
 1. **Deploy** an AgentAccountV2 (ERC-6551 token-bound account tied to an NFT)

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "agentwallet-sdk",
-  "version": "3.4.0",
-  "description": "Non-custodial TypeScript SDK for AI agent wallets \u2014 x402 payments (Solana, Base, Abstract, Polygon), CCTP cross-chain, token swaps. Private keys never leave your environment.",
+  "version": "3.4.1",
+  "description": "Non-custodial TypeScript SDK for AI agent wallets — x402 payments (Solana, Base, Abstract, Polygon), CCTP cross-chain, token swaps. Private keys never leave your environment.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "files": [