v0.1.0-alpha.1
Pre-release
Pre-release
First public alpha of the Stellar Agent Wallet: a Stellar wallet for AI agents.
It provides a stellar-agent CLI and a stellar-agent-mcp MCP server over a shared
policy engine, operator-approval spine, and tamper-evident audit log.
Added
stellar-agentCLI for accounts, payments, balances, trustlines,
claimable-balance claims, Friendbot funding, fee stats, counterparty identity,
smart-account governance, DeFi, the channel-account pool, profiles,
credentials, approvals, audit verification, and agent toolsets.stellar-agent-mcpMCP stdio server exposing the wallet capabilities as tools
to an MCP client. It starts on hosts without an OS keyring backend (for example
headless servers), serving read-only and simulate tools; signing tools are
refused with a keyring error until a backend is configured.- Policy engine with a no-op gate and a typed first-match, default-deny V1 engine
evaluating each action to allow, deny, or require operator approval. - Operator-approval spine: a per-profile pending-approval store and an
HMAC attestation binding each approval to the executed envelope and the
approving OS user. - Hash-chained, append-only JSONL audit log that records key names only (never
argument values), withaudit verifychain and HMAC-sidecar verification. - Key custody via the platform keyring with a TTL-bounded, zeroize-on-drop,
memory-locked unlock window; profiles name keyring entries and hold no secrets. - OpenZeppelin smart-account governance: context rules, ed25519 and WebAuthn
passkey signers, quorum, verifier/policy WASM-hash pinning, multicall, and an
upgrade timelock. - DeFi adapters: Blend lending (
lend), Soroswap swaps (trade/quote), and
DeFindex vaults (vault), each with venue pinning and fail-closed guardrails. - Protocol support: SEP-7, SEP-10, SEP-24 and SEP-6, SEP-43, SEP-45, SEP-47,
SEP-48, and SEP-53. - Operator approval inbox:
approve listenumerates pending approvals with
their wallet-controlled summaries, andapprove serveruns a loopback-only
web inbox that lists pending approvals live, notifies the operator, and
approves (minting the same attestation asapprove --id) or rejects.
Rejection records a short-lived marker so the agent's commit is refused
withpolicy.approval_rejectedinstead of waiting out the TTL. Session
bootstrap is a single-use URL token exchanged for an HttpOnly cookie;
actions require a per-session CSRF header. Approvals now emit audit
events from both the terminal and inbox surfaces. For a remote agent
host, the inbox is reached through an SSH port-forward; the approving
user must be the wallet's OS user. - Claimable-balance claims by ID (CLI
claim, MCPstellar_claim/
stellar_claim_committwo-phase pair): RPC-backed preview with claimant,
predicate, clawback, and trustline pre-flight guards. Balance IDs are taken
as 72-hex, bare 64-hex, orB...strkey; listing balances by claimant is a
Horizon-only query and stays out of scope for the RPC-only wallet. - x402 v2 Exact Stellar agent payments with an optional SEP-10 counterparty
identity gate. - Signed agent toolsets with capability isolation, publisher-signature verification,
a first-invoke gate, and unconditional per-action approval for toolset-routed
payments. approvereturns theapproval_attestationfor a payment approval so the agent
surface can present it to the matching*_committool, completing the
simulate-approve-commit flow over MCP.- An agent knowledge skill under
skills/(agentskills.io format, with a Claude
Code marketplace plugin and a downloadable archive) that teaches an AI agent to
operate the wallet's CLI and MCP server without cloning the repository. - An agent integration guide (
docs/agents.md) and capability-isolation example
toolsets underexamples/toolsets/.