Skip to content

v0.1.0-alpha.1

Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 03 Jul 17:44

First public alpha of the Stellar Agent Wallet: a Stellar wallet for AI agents.
It provides a stellar-agent CLI and a stellar-agent-mcp MCP server over a shared
policy engine, operator-approval spine, and tamper-evident audit log.

Added

  • stellar-agent CLI for accounts, payments, balances, trustlines,
    claimable-balance claims, Friendbot funding, fee stats, counterparty identity,
    smart-account governance, DeFi, the channel-account pool, profiles,
    credentials, approvals, audit verification, and agent toolsets.
  • stellar-agent-mcp MCP stdio server exposing the wallet capabilities as tools
    to an MCP client. It starts on hosts without an OS keyring backend (for example
    headless servers), serving read-only and simulate tools; signing tools are
    refused with a keyring error until a backend is configured.
  • Policy engine with a no-op gate and a typed first-match, default-deny V1 engine
    evaluating each action to allow, deny, or require operator approval.
  • Operator-approval spine: a per-profile pending-approval store and an
    HMAC attestation binding each approval to the executed envelope and the
    approving OS user.
  • Hash-chained, append-only JSONL audit log that records key names only (never
    argument values), with audit verify chain and HMAC-sidecar verification.
  • Key custody via the platform keyring with a TTL-bounded, zeroize-on-drop,
    memory-locked unlock window; profiles name keyring entries and hold no secrets.
  • OpenZeppelin smart-account governance: context rules, ed25519 and WebAuthn
    passkey signers, quorum, verifier/policy WASM-hash pinning, multicall, and an
    upgrade timelock.
  • DeFi adapters: Blend lending (lend), Soroswap swaps (trade/quote), and
    DeFindex vaults (vault), each with venue pinning and fail-closed guardrails.
  • Protocol support: SEP-7, SEP-10, SEP-24 and SEP-6, SEP-43, SEP-45, SEP-47,
    SEP-48, and SEP-53.
  • Operator approval inbox: approve list enumerates pending approvals with
    their wallet-controlled summaries, and approve serve runs a loopback-only
    web inbox that lists pending approvals live, notifies the operator, and
    approves (minting the same attestation as approve --id) or rejects.
    Rejection records a short-lived marker so the agent's commit is refused
    with policy.approval_rejected instead of waiting out the TTL. Session
    bootstrap is a single-use URL token exchanged for an HttpOnly cookie;
    actions require a per-session CSRF header. Approvals now emit audit
    events from both the terminal and inbox surfaces. For a remote agent
    host, the inbox is reached through an SSH port-forward; the approving
    user must be the wallet's OS user.
  • Claimable-balance claims by ID (CLI claim, MCP stellar_claim /
    stellar_claim_commit two-phase pair): RPC-backed preview with claimant,
    predicate, clawback, and trustline pre-flight guards. Balance IDs are taken
    as 72-hex, bare 64-hex, or B... strkey; listing balances by claimant is a
    Horizon-only query and stays out of scope for the RPC-only wallet.
  • x402 v2 Exact Stellar agent payments with an optional SEP-10 counterparty
    identity gate.
  • Signed agent toolsets with capability isolation, publisher-signature verification,
    a first-invoke gate, and unconditional per-action approval for toolset-routed
    payments.
  • approve returns the approval_attestation for a payment approval so the agent
    surface can present it to the matching *_commit tool, completing the
    simulate-approve-commit flow over MCP.
  • An agent knowledge skill under skills/ (agentskills.io format, with a Claude
    Code marketplace plugin and a downloadable archive) that teaches an AI agent to
    operate the wallet's CLI and MCP server without cloning the repository.
  • An agent integration guide (docs/agents.md) and capability-isolation example
    toolsets under examples/toolsets/.