Sardis

Sardis v0.8.4: Packages Live on npm & PyPI + Security Audit

All 19 Sardis packages are now published to public registries. This release also includes a comprehensive security audit with 54 fixes across 8 batches.

Today we published all 19 Sardis packages to public registries. Every SDK, protocol implementation, and tool is now installable with a single command. This release also includes the results of a comprehensive security audit: 54 fixes across 8 batches covering every layer of the stack.

Packages Are Live

All Sardis packages are now publicly available. Developers can start exploring the SDK, protocol implementations, and tooling today.

npm (4 packages)

  • @sardis/sdk -- TypeScript SDK for wallets, payments, policies, and holds
  • @sardis/mcp-server -- MCP server with payment tools for Claude and Cursor
  • @sardis/ai-sdk -- Vercel AI SDK integration for agent payment flows
  • @sardis/ramp -- Fiat on/off ramp integration

PyPI (15 packages)

  • sardis -- Meta-package (SDK + core + CLI)
  • sardis-sdk -- Full Python SDK
  • sardis-core -- Domain models, config, database layer
  • sardis-protocol -- AP2/TAP mandate verification pipeline
  • sardis-chain -- On-chain execution (Base) with multi-chain funding via CCTP v2
  • sardis-api -- FastAPI REST endpoints
  • sardis-wallet -- MPC wallet management (Turnkey)
  • sardis-ledger -- Append-only audit trail with Merkle anchoring
  • sardis-compliance -- KYC (Didit) + AML (Elliptic) integrations
  • sardis-cards -- Virtual card issuance (Stripe Issuing)
  • sardis-cli -- Command-line tool
  • sardis-checkout -- Merchant checkout flows
  • sardis-ramp -- Fiat rails (Coinbase Onramp)
  • sardis-ucp -- Universal Commerce Protocol
  • sardis-a2a -- Agent-to-Agent Protocol

Security Audit: 54 Fixes

Before publishing, we completed a comprehensive security audit covering 8 batches of fixes across every layer of the stack:

  • Batch 1-2: Authentication and authorization hardening, API key hashing, CORS configuration
  • Batch 3-4: Input validation, SQL injection prevention, rate limiting, replay protection
  • Batch 5-6: Cryptographic improvements, smart contract security, dependency audits
  • Batch 7-8: AI prompt injection defenses, webhook signatures, JWT migration to PyJWT

All 649 Python tests and 91 Solidity tests (including 10K fuzz runs) pass after the audit. The identity registry now fail-closes in production and staging environments, and anonymous access is restricted to loopback addresses only.

Try It Now

# Python
pip install sardis

# TypeScript
npm install @sardis/sdk

# MCP Server (for Claude Desktop / Cursor)
npx @sardis/mcp-server init --mode simulated
npx @sardis/mcp-server start

Links:

Sardis v0.8.8: ERC-4337 Base Preview + Truth Alignment

v0.8.8 adds a real ERC-4337 implementation lane for design partners on Base Sepolia, introduces account_type parity across API and SDKs, and tightens public language around non-custodial posture.

Sardis v0.8.3: Demo Ops + Cloud Deployment (Cloud Run & AWS)

v0.8.3 adds deployment automation for Google Cloud Run and AWS App Runner, tightens live-mode operator UX, and documents the frontend-to-backend integration contract.

On this page

Packages Are Livenpm (4 packages)PyPI (15 packages)Security Audit: 54 FixesTry It Now