Sardis v0.8.8: ERC-4337 Base Preview + Truth Alignment
v0.8.8 adds a real ERC-4337 implementation lane for design partners on Base Sepolia, introduces account_type parity across API and SDKs, and tightens public language around non-custodial posture.
v0.8.8 adds a real ERC-4337 implementation lane for design partners on Base Sepolia, introduces account_type parity across API and SDKs, and tightens public language around non-custodial posture and fiat partner rails.
Gasless Smart Wallets (ERC-4337)
The headline feature is a Base Sepolia preview lane for sponsored UserOperations. This lane is feature-flagged and fail-closed until bundler/paymaster and signer configuration are present.
- New contracts:
SardisSmartAccount,SardisSmartAccountFactory,SardisVerifyingPaymaster - Pimlico bundler/paymaster clients wired into execution runtime with explicit config gates
- Wallet API and SDKs now support
account_type="erc4337_v2" - Transfer responses now expose
execution_pathanduser_op_hash - v1 wallets remain unchanged and fully supported
- Current preview scope: Base Sepolia only
PostgreSQL Persistence for Cards & Ledger
We migrated all remaining in-memory stores to PostgreSQL. Card services (conversions, wallet mappings, offramp transactions) and the ledger engine now persist to Neon serverless PostgreSQL with full ACID guarantees.
PostgresUnifiedBalanceService: replaces in-memory USD balance trackingPostgresAutoConversionService: replaces in-memory USDC/USD conversion recordsPostgresOfframpService: replaces in-memory offramp transaction trackingPostgresLedgerEngine: full-precision NUMERIC(38,18) entries with advisory locks- Alembic migration 015: 5 new tables with proper indexes
Security: Timestamped Webhook Verification
Onramper webhook validation now requires time-bounded signatures. We enforce a 5-minute replay tolerance window and reject old signatures to reduce replay attack risk.
- Supports signature format
t=<timestamp>,v1=<hmac>usingtimestamp.bodypayload signing - Supports legacy raw-body HMAC only when a timestamp header is present and valid
- Rejects missing, invalid, and stale timestamps with explicit 401 responses
SDK and API Parity
Wallet and transfer surfaces now expose the same fields across API, Python SDK, TypeScript SDK, and MCP.
- Create wallet now supports
account_type(mpc_v1orerc4337_v2) - Upgrade endpoint added:
POST /api/v2/wallets/{id}/upgrade-smart-account - Transfer response includes
execution_pathanduser_op_hashwhen applicable
Truth Alignment
We normalized docs and landing claims to match what is actually running:
- Non-custodial wording now explicitly scoped to stablecoin live-MPC mode
- Fiat rails wording now reflects regulated partner settlement/custody boundaries
- Gasless wording now explicitly states Base Sepolia preview scope
Read Next:
Sardis v0.9.0: Multi-Provider Fiat Rails + AI Framework Integrations
v0.9.0 ships Stripe Treasury + Issuing for fiat operations, Coinbase Onramp for zero-fee USDC purchases, a sub-ledger system, and integrations across every major AI framework.
Sardis v0.8.4: Packages Live on npm & PyPI + Security Audit
All 19 Sardis packages are now published to public registries. This release also includes a comprehensive security audit with 54 fixes across 8 batches.