x402 Singularity Layer

No changes detected in this version. - Version updated to 1.10.8 with no file or documentation changes. - Functionality, features, and instructions remain exactly as in version 1.10.6.

- No changes in functionality or documentation; version number update only. - Version remains at 1.10.6; no file or content modifications detected.

x402-layer v1.10.6 - Improved credential handling guidance: users are now reminded to only use privileged credentials after selecting a runbook that requires them. - Updated security warnings to clarify secret usage and reinforce least-privilege best practices. - Enhanced documentation to explain execution and network scope for different usage paths. - Wallet setup steps now instruct users to avoid exporting all credential types at once; select only those needed per chosen flow. - No code or script changes were detected in this version.

x402-layer v1.10.5 - Clarified in the description and docs that secret credentials are only required for specific capability paths, not for baseline installation or read-only discovery. - Updated language throughout to emphasize optional and least-privilege credential usage. - No code changes; documentation and usage guidance improvement only.

x402-layer 1.10.4 - removed runtime npx fallback from OWS helpers - OWS now requires a local ows binary or OWS_BIN - kept the broader OWS wallet-auth support from v1.10.3 - preserved all existing x402-layer functionality - reduced runtime package-fetch risk for marketplace review

- Added new Python bytecode (__pycache__) files for agent registration, updating, Solana signing, and wallet signing scripts. - Internal support for compiled scripts improves performance and streamlines script execution for agent actions and Solana/wallet operations. - No external API or feature changes.

x402-layer 1.10.2 - Relaxed installation requirements: no secret environment variable is now universally required to install or initialize the skill. - Updated security documentation to clarify that only the minimum necessary environment variables should be set for each task, and credential flows are more clearly separated. - Various documentation edits to the quick start and security notes, emphasizing least-privilege access and improved readability.

x402-layer 1.10.1 - Added explicit environment variable and credential documentation for improved security and least-privilege usage. - Homepage link updated in metadata to use docs.x402layer.cc. - Security guidance improved: users are now encouraged to prefer AWAL, OWS, PATs, API keys, or ephemeral wallets over long-lived mainnet private keys. - Metadata now details supported environment variables and credential types. - No code or functional changes; documentation and metadata safety enhancements only.

x402-layer 1.10.0 adds OpenWallet/OWS support for flexible wallet and payment flows. - Added OpenWallet/OWS integration, enabling use of OWS wallets for pay, discover, and sign-message flows (`ows_cli.py`) - OpenWallet/OWS can be used as an alternative wallet backend alongside private key and Coinbase AWAL flows - New documentation reference: `references/openwallet-ows.md` - Intent router and script inventory updated for OWS mode and commands

x402-layer 1.9.1 - Hardened `xmtp_support.mjs` by removing the environment-driven Studio base override from the XMTP helper - Pinned XMTP support requests to the production Studio support API - Added fast runbooks for: - World AgentKit benefits - XMTP support threads - PAT-backed MCP control-plane usage - Refreshed stale example versions across the skill router, docs, and helper app version string - Synced updates across: - Local x402-layer source - Worker-hosted OpenClaw skill assets - ClawHub OpenClaw repo - Website docs - SGL docs

**x402-layer 1.9.0 changelog** - Added support for Singularity MCP dashboard/control-plane actions using a dashboard PAT, enabling owner-scoped management of endpoints, products, and webhooks. - Introduced a new reference file: `references/mcp-control-plane.md` detailing MCP integration and PAT usage. - Updated documentation and intent router to include optional dashboard/MCP mode for enhanced platform control.

x402-layer 1.8.2 - Install note clarified: no global secret environment variable required—set only what your workflow/runbook needs. - Updated metadata to remove unused required fields for a smoother install and setup experience. - No functional or interface changes to scripts or core flows.

v1.8.1 - made `pay_base.py` normalize endpoint URLs onto `?action=purchase` for hosted-pay parity - added a clear self-payment guard when the buyer wallet matches the endpoint payout wallet - documented the self-payment rejection case in pay-per-request guidance v1.8.0 - added AgentKit benefit and best-fit audience flags to `create_endpoint.py` - added real endpoint PATCH updates in `manage_endpoint.py` - added worker support for reading, creating, and updating AgentKit endpoint settings - kept AgentKit wording explicit: benefits apply to verified human-backed agent wallets v1.7.0 - added wallet-signed support API auth for agent wallets - added `support_auth.py` and `support_threads.py` for agent-side support thread management - added `xmtp_support.mjs` for XMTP message send/read and installation revocation - added persistent XMTP local database guidance for agent usage v1.6.0 - added World AgentKit-aware Base payment flow to `pay_base.py` - added AgentKit-aware marketplace inspection in `discover_marketplace.py` - added `agentkit_support.py` helper for local AgentKit header generation - added modular references for AgentKit benefits and XMTP support guidance - clarified that AgentKit benefits apply to verified human-backed agent wallets

Version 1.5.0 introduces payments integration guidance and related helpers. This release turns x402-layer into a much stronger payments integration skill for agents. Instead of only exposing raw payment and endpoint scripts, the skill now teaches the full integration path: how to choose the right payment model, when to use hosted pages vs custom UI, how to wire webhook-based fulfillment, and how to verify signed payment receipts safely. This release also fixes the bundled Solana signer so it matches the current live PayAI-backed flow requirements. What’s New ---------- 1. New first-class payments integration intent - Added a dedicated skill intent for: - "integrate crypto payments into my app/platform" - "add USDC payments to my platform" - "sell with x402" - "build a paywall with webhooks" - Agents can now route directly into payment integration workflows instead of only low-level pay/consume scripts. 2. New payments integration reference - Added: - references/payments-integration.md - This new guide explains: - when to use direct endpoint payments - when to use credits-based payments - when to use product purchases - hosted payment pages vs custom UI - webhook-backed fulfillment - receipt verification - minimal launch checklist 3. Skill runbooks upgraded from raw scripts to full integration flow - Updated SKILL.md runbooks so the skill now teaches: - create or reuse a paid endpoint - add webhook-based fulfillment - verify webhook signatures - verify signed receipts - This makes the skill much more usable for real application integration, not just isolated API payments. 4. Better decision guidance for agents - Expanded the skill so agents can reason about: - direct per-request paywalls - repeated usage via credits - one-time file or product purchases - when one endpoint can be reused - when separate endpoints should be created 5. Solana signer fix for live PayAI-backed flow - Fixed scripts/solana_signing.py - Changed the exact-payment compute unit limit from: - 200000 - to 40000 - This aligns the skill with the current live Solana payment flow and avoids facilitator rejection caused by an oversized compute limit. 6. Updated payment references - Refreshed: - references/pay-per-request.md - references/credit-based.md - references/agentic-endpoints.md - references/agent-registry-reputation.md - These updates improve consistency with current platform behavior and payment patterns. 7. Distribution and docs synced - Synced the release across: - hosted skill installer - ClawHub source repo - SGL docs repo - website OpenClaw skill docs page Why This Release Matters ------------------------ Before v1.5.0, most of the underlying rails already existed, but the “how an agent integrates payments into an app” story was fragmented across scripts and references. v1.5.0 packages that into a coherent release so an agent can understand: - what to build - which payment shape to choose - how to connect fulfillment - how to verify payments safely This makes x402-layer a better skill for real-world agentic payment integrations, not just raw x402 interactions. Compatibility ------------- - Additive release - No breaking changes - Existing flows remain supported - Base remains the simplest default production path - Solana remains supported with the updated signer constraints Recommended Release Blurb ------------------------- x402-layer v1.5.0 is the Payments Integration Release. This update adds a first-class agent workflow for integrating Singularity payments into real apps and platforms, including direct endpoints, credits, product purchases, hosted pages, custom UI, webhook fulfillment, and receipt verification. It also fixes the bundled Solana signer to match the current live PayAI-backed flow.

x402-layer v1.4.0 ================= Release date: 2026-03-12 Release type: minor Summary ------- v1.4.0 turns ERC-8004 access into a wallet-first agentic lifecycle instead of a registration-only flow. Agents can authenticate with their wallet, discover their owned agents and bindable endpoints, and manage existing registrations without relying on the dashboard UI. Included in v1.4.0 ------------------ Wallet-first ERC-8004 lifecycle - Defaulted `register_agent.py` to wallet-first ERC-8004 / Solana-8004 registration. - Added wallet challenge + verify session flow support for agent-side auth. - Removed the old x402-paid registration path and its `--legacy` / `X402_ERC8004_LEGACY=1` fallback. Full metadata parity - Registration and update flows support: - `image` - `version` - `tags` - `endpointIds` - `customEndpoints` - Worker validates that linked platform endpoints are actually owned by the authenticated wallet context. Agent discovery and management - Added wallet-authenticated discovery routes: - `GET /agent/erc8004/mine` - `GET /agent/erc8004/endpoints/mine` - Added skill scripts: - `list_agents.py` - `list_my_endpoints.py` - `update_agent.py` - Added shared helper: - `erc8004_wallet_client.py` Solana hardening - `SOLANA_SECRET_KEY` now works as either a base58 secret string or JSON byte array. - Removed Solana script dependence on EVM-only `web3` imports during Solana execution. - Replaced edge-incompatible `8004-solana` Pinata uploads in the worker with the worker-native Pinata uploader. - Added structured error responses for Solana prepare/update prepare failures instead of raw Cloudflare `1101` pages. - Fixed Solana endpoint ownership discovery for `chain=both` endpoints by checking `payment_options`. - Switched Solana mainnet worker RPC to `https://solana-rpc.publicnode.com`. Expanded EVM exposure - Kept wallet-first EVM support for: - Base - Ethereum - Polygon - BSC - Monad - Updated skill/docs to present Ethereum, Polygon, BSC, and Monad as first-class `--network` targets for agentic ERC-8004 flows. Docs and distribution sync - Synced source skill, worker embedded skill, ClawHub copy, docs-repo copy, and SGL docs copy. - Updated human docs to reflect the wallet-first lifecycle and expanded network guidance. - Removed legacy registration/update route guidance from the skill and public docs. Legacy removal - Disabled `POST /agent/erc8004/register`. - Disabled `PATCH /agent/erc8004/:agentId`. - Removed `WORKER_REGISTRATION_API_KEY` usage from worker auth/feedback guidance and Solana registration fallback paths. - Kept dashboard Solana registration non-custodial by limiting `/api/agents/solana/register` to `action="prepare"` only. Live validation completed ------------------------- Base - wallet auth challenge + verify - wallet-first prepare - Base Sepolia `register()` - finalize after register - `setAgentURI()` - finalize after set-uri - post-registration update prepare/finalize - owned-agent discovery - owned-endpoint discovery Solana mainnet - owned-agent discovery - owned-endpoint discovery - full wallet-first update prepare - full on-chain URI update and finalize on existing agent - persisted readback of version, tags, and endpoint binding

x402-layer 1.3.3 - Updated environment variable reference: added `PRIVATE_KEY` and `SOLANA_SECRET_KEY` requirements. - Removed unused `WORKER_REGISTRATION_API_KEY` from metadata requirements. - No changes to code or scripts.

- Replaced the JavaScript webhook payment verifier with a new Python version (verify_webhook_payment.py). - Updated documentation and runbooks to use verify_webhook_payment.py for webhook genuineness verification. - Streamlined script inventory and quick start instructions to reflect the Python-based verification helper. - Removed dependency on Node.js for webhook verification; all webhook verification is now Python-first.

x402-layer 1.3.1 is a documentation and environment update, with no logic or code changes. - Clarifies that scripts read only process environment variables and do not auto-load `.env` files. - Updates required environment variable list in metadata, adding `PRIVATE_KEY`, `SOLANA_SECRET_KEY`, and updating wallet-related keys. - Expands environment variable descriptions and removes references to `X402_PREFER_NETWORK` and other unused variables. - No changes to code or script logic.

x402-layer - v1.3.0 (2026-03-04) Changelog FEATURES - Added `register_agent.py` for worker-based ERC-8004 / Solana-8004 registration. - Added `submit_feedback.py` for worker-based on-chain reputation submission. - Added `verify_webhook_payment.js` to verify webhook signature and payment receipt authenticity using `x402sgl`. - Refactored `SKILL.md` into a modular, reference-first layout with an intent router for better task routing and lower context load. - Expanded supported script networks to match worker capabilities: Base/BaseSepolia, Ethereum/EthereumSepolia, Polygon/PolygonAmoy, BSC/BscTestnet, Monad/MonadTestnet, SolanaMainnet/SolanaDevnet. SECURITY HARDENING - Hardened `awal_cli.py` to route through the shared validated execution path from `awal_bridge.py`. - Disabled implicit `npx` fallback by default; now requires explicit `AWAL_ALLOW_NPX=1`. - Added strict validation for `AWAL_BIN` and `AWAL_PACKAGE`. - Reduced over-broad `requires.env` declarations in skill metadata to lower false-positive suspicious flags. ERC-8004 / REPUTATION ALIGNMENT - Synced skill docs and examples with latest worker ERC-8004 routes. - Clarified required auth/environment for worker routes (`WORKER_REGISTRATION_API_KEY`, `WORKER_FEEDBACK_API_KEY`, `X402_API_BASE`). - Aligned notes with current reputation behavior (duplicate guard, canonical registry checks, preflight validation in worker). DOCS / DX - Updated env guidance to match actual script references (`SOLANA_WALLET_ADDRESS`, `WALLET_ADDRESS_SECONDARY`, optional AWAL vars). - Removed stale Coinbase/CDP wording from Solana payment script messaging where not applicable. - Refreshed examples and command snippets for current API paths. - Added `references/webhooks-verification.md` and `references/agent-registry-reputation.md` for progressive disclosure. - Moved changelog storage out of skill folder to root-level `x402-layer-CHANGELOG.txt` to keep skill package lean.

v1.2.1 (2026-02-27) Agentic Webhooks Expanded from 1 to 4 event types Event Types - payment.succeeded Fires on any payment for your endpoint (unchanged) - credits.depleted Fires when endpoint.owner_credits hits 0 Signals that a top-up is required before users receive 503 errors - credits.low Fires when credits drop to 100 or below Early warning to top up proactively - credits.recharged Fires after a successful top-up Returns credits_added, previous_balance, new_balance Technical - Refactored dispatchEndpointWebhook to a generic (eventType, data) signature - credits.depleted and credits.low fire at the per-request deduction site (post-RPC) - credits.recharged fires alongside payment.succeeded on the top-up path - All events use the same HMAC-SHA256 signing as payment.succeeded Documentation - SKILL.md updated with an event type table and example payloads