·
8 commits
to main
since this release
Immutable
release. Only release title and notes can be modified.
Security hardening release. Closes a transaction-validation gap in v0.2.0. See SECURITY.md and CHANGELOG.md for full details.
Key changes:
- Signer restricts to PaymentTxn with strict validation policy.
- Rejects rekey_to, close_remainder_to, group, and lease fields.
- Bounds fee to 1000 microALGO and notes to 1024 bytes.
- Implements Google's recommended fail-closed KMS integrity verification.
- Forces flat_fee in build_transaction so algod per-byte rates work in production.
- Adds py.typed marker, docs/INTEGRATION.md, docs/ANCHOR_BACKENDS.md.
- Release workflow now runs the test suite before publishing to PyPI.
Reviewed in three adversarial rounds (ChatGPT, May 2026). All findings addressed.