Stellar Agent v0.4.4

0.4.4

• Hardened payment policy evaluation so Mainnet requests remain marked as real-funds and fail closed when evaluated with a mismatched policy network.
• Added a local default policy and local policy filename so local-profile payment quotes do not reuse a Testnet-labeled policy.
• Tightened local x402 and MPP resource binding to include URL query strings.
• Hardened the local approval bridge by keeping bearer tokens out of unauthenticated HTML, removing remote Freighter script loading, and requiring explicit acknowledgement for non-loopback binds.
• Updated Mainnet safety, x402/MPP, approval bridge, CLI, and policy docs for the tightened behavior.
• Updated Aquarius Mainnet AQUA metadata, client-side pool limiting, and JSON parse-error handling for Aquarius CLI preflight.

Artifacts

• npm package tarballs for every publishable @stellar-agent/* workspace package.
• Codex plugin artifact: stellar-agent-codex-plugin-v0.4.4.tgz.
• release-manifest.json with artifact SHA-256 checksums and source commit.

Verification

• pnpm release:preflight
• Fresh install from generated npm tarballs
• Bundled Codex plugin validation from the generated plugin tarball

Boundaries

• npm publication is queued through the separate protected Publish npm workflow and requires npm-production approval.
• Testnet remains the default.
• Mainnet local auto-signing and Mainnet secret-key storage remain blocked.