v3.1.0 OZ Smart Account Support

Overview

Version 3.1.0 adds OpenZeppelin smart account support to the Flutter Stellar SDK: passkey-based wallet authentication, multi-signer authorization, and policy-based access control on Soroban, with WebAuthn on iOS, Android, and Web. The smart-account API is additive. This release also packages the SDK as a Flutter plugin with native iOS code — see Packaging and Compatibility.

OpenZeppelin Smart Accounts

Support for the OpenZeppelin smart account contracts on Soroban, implemented as a two-layer architecture under lib/src/smartaccount/ — a contract-agnostic core and an OpenZeppelin-specific layer.

• Wallet lifecycle — create and deploy smart account wallets with WebAuthn passkey registration, and connect to existing wallets via session restore or credential lookup.
• Authorization management — create, edit, and remove context rules with configurable signers and policies, across the Default, CallContract, and CreateContract context types.
• Policies — simple threshold (M-of-N), weighted threshold (weighted voting), and spending limit (amount per rolling ledger window).
• Multi-signer authorization — passkey signers, delegated Stellar account signers, and Ed25519 key signers, with explicit signer selection for threshold and weighted schemes.
• Transaction operations — token transfers and arbitrary Soroban contract calls with automatic auth-entry signing.
• Fee sponsoring — relayer proxy integration for gasless submission (host-function and signed-XDR modes).
• Credential discovery — indexer integration for credential-to-contract lookup.
• WebAuthn — PlatformWebAuthnProvider for native passkey registration and assertion on iOS and Android via platform method channels, and BrowserWebAuthnProvider for the Web target via navigator.credentials. Secure storage adapters: iOS Keychain, Android EncryptedSharedPreferences, IndexedDB and local storage (Web), and in-memory (tests).
• Diagnostics — a typed error hierarchy (SmartAccountException) and a lifecycle event system.

SDK core additions

Additive; no public symbol removed.

• Util.constantTimeEquals for constant-time byte comparison.
• Util.bigIntToI128ScVal to encode a signed 128-bit integer as an i128 XdrSCVal.
• Util.decimalStringToStroops / Util.stroopsToDecimalString amount helpers; the prior toXdrInt64Amount / fromXdrInt64Amount remain as deprecated delegating wrappers that now also handle negative amounts.
• SorobanServer.close for resource cleanup.
• The pre-OZ PasskeyUtils / AuthenticatorAttestationResponse (the standalone factory-contract passkey flow) are deprecated in favor of the smart-account API; retained, not removed.
• The smart account API is exported from the package barrel (lib/stellar_flutter_sdk.dart).

Demo application

A Flutter demo application covering wallet creation and connection with passkey authentication, single- and multi-signer token transfers, and context-rule and policy management, on iOS, Android, and Web.

• Repository: https://github.com/Soneso/flutter-oz-smartaccount-demo
• Live web demo: https://soneso.com/flutter-smart-account-demo/

Documentation

Under documentation/smart-accounts/:

• Onboarding guide covering smart account concepts.
• Usage guide with configuration and code examples.
• API reference (signer types, error hierarchy, kit operations, context rules, policies, storage).
• Per-platform WebAuthn setup guides for iOS, Android, and Web.

An agent skill under skills/stellar-flutter-sdk/ with curated references and a generated API signature index.

Tests

Unit tests covering COSE public-key extraction, signer and signature encoding, contract-address derivation, DER signature normalization, auth-payload construction, policy SCVal encoding, storage adapters, credential management, the event system, error mapping, and exception factories.

Packaging and Compatibility

• The SDK is now a Flutter plugin with native iOS WebAuthn code, packaged for both CocoaPods and Swift Package Manager. CocoaPods is the default; consumers do not need to enable Swift Package Manager.
• iOS: minimum deployment target 15.0. Passkey features (PlatformWebAuthnProvider) additionally require iOS 16 at runtime and the Associated Domains (webcredentials:) entitlement in the consuming app; below iOS 16 those calls return a not-supported result and the rest of the SDK works unchanged. AuthenticationServices is auto-linked on import (not a third-party dependency).
• Android: minSdk 28 (Credential Manager / FIDO2 and EncryptedSharedPreferences).
• Web: any modern WebAuthn-capable browser; declared as a supported plugin platform.
• Desktop (macOS, Windows, Linux) is not a supported smart-account target.
• Requires Flutter >=3.32.0 and Dart >=3.8.0 <4.0.0.
• The smart-account API is additive; existing APIs build and run unchanged.

Installation

dependencies:
  stellar_flutter_sdk: ^3.1.0

flutter pub get

References

• Smart account support: #148
• Smart account documentation: documentation/smart-accounts/

Full Changelog: 3.0.5...3.1.0

v3.0.5 Maintenance release: SEP-11 TxRep rewrite, XDR update, CI hardening

Maintenance release with a rewritten TxRep implementation, updated XDR definitions, and hardened CI workflows.

SEP-11 TxRep

• Rewrite SEP-0011 TxRep to delegate to generated XDR-based toTxRep/fromTxRep methods, replacing hand-written serialization. See PR #134.

XDR

• Update XDR definitions to upstream stellar-xdr cff714a (Protocol 26). See PR #133.
• Update XDR definitions to upstream stellar-xdr 61657d9 (whitespace-only, no generated code changed)
• Fix xdr-update Makefile target to correctly re-download .x files when XDR_COMMIT changes
• Fix CI issue template to reference the correct update procedure

CI

• Add workflow to auto-detect upstream XDR definition changes and create issues
• Add Claude Code automated PR review workflow
• Pin all GitHub Actions to commit SHAs to prevent tag reassignment attacks
• Remove unnecessary id-token:write permission from claude-review workflow
• Add explicit least-privilege permissions block to tests workflow
• Add Dependabot config for monthly GitHub Actions update checks

v3.0.4 Fix published package asset warning

Patch release that removes a test/wasm/ Flutter asset declaration from pubspec.yaml. This directory is excluded from the published package via .pubignore, which caused a warning in the error log when consumers built their apps:

Error: unable to find directory entry in pubspec.yaml: /Users/.../.pub-cache/hosted/pub.dev/stellar_flutter_sdk-3.0.3/test/wasm/

The warning was harmless (no build failures), but noisy and confusing. This release fixes it.

For the full list of changes in this release cycle, see 3.0.3.

v3.0.3 Documentation Overhaul, Agent Skill & Auto-generated XDR types

This release brings three major improvements to the Stellar Flutter SDK: completely rewritten documentation with tested code examples, an agent skill for AI coding agents, and machine-generated XDR types from canonical Stellar .x definitions.

New documentation (#130)

Complete rewrite of the SDK documentation. The new doc/ structure includes a quick-start guide, getting-started guide, full SDK usage reference, Soroban guide, and 17 SEP protocol guides (SEP-01 through SEP-53). Every code snippet is validated by integration tests. The root README has been trimmed to a concise overview with a documentation table.

AI agent skill (#129)

Adds an Agent Skill that teaches AI coding agents how to build Stellar applications using the SDK. Compatible with any agent that supports the Agent Skills open standard (Claude Code, Codex CLI, Cursor, Gemini CLI, and others).

Auto-generated XDR types (#131)

The ~400 hand-written XDR type definitions have been replaced with machine-generated Dart code produced by a Ruby-based code generator that reads Stellar's canonical .x XDR definition files. This ensures correctness, adds 710 round-trip unit tests, and makes it easy to stay in sync with upstream XDR spec changes. The generator lives at tools/xdr-generator/ and a CI workflow ensures generated code stays in sync with the .x definitions.

Breaking changes:

• SorobanContractInfo.envInterfaceVersion replaced by envProtocolVersion and envPreReleaseVersion
• AssetTypePoolShare now requires named constructor parameters and uses toXdrChangeTrustAsset() instead of toXdr()
• Low-level XDR type changes — see the PR for details

Other

• Added compatibility matrix generators for Horizon, RPC, and SEP coverage tracking.

v3.0.2 Maintenance release: bug fixes, compatibility improvements, and documentation corrections

Bug Fixes

• SEP-08: Fix RegulatedAssetsService constructor network resolution logic that unconditionally threw when an explicit network parameter was provided. Forward horizonUrl and network from fromDomain() to the constructor.
• SEP-10: Forward httpRequestHeaders from WebAuth.fromDomain() to the returned instance. Add MissingClientDomainSigningKeyException when clientDomain is provided without a signing key or delegate.
• SEP-09: Serialize birthDate, idIssueDate, and idExpirationDate as date-only (YYYY-MM-DD) per the SEP-9 specification instead of full ISO 8601 timestamps.
• SEP-24: Make SEP24Transaction.moreInfoUrl nullable to match the spec and prevent runtime errors when anchors omit the field.
• SEP-30: Make SEP30ResponseIdentity.role nullable.
• Soroban: Fix needsNonInvokerSigningBy() for non-invoke operations (e.g. RestoreFootprintOperation). It now returns an empty list instead of throwing, matching Java and Python SDK behavior.
• Soroban: Remove DeploySACWithSourceAccountHostFunction which used an invalid XDR combination the network no longer accepts. Use DeploySACWithAssetHostFunction instead.
• Core: Fix AccountResponse.fromJson swapped num_sponsoring/num_sponsored args.
• Core: Fix contract_spec type inference where Uint8List was matched as List before the Uint8List check.
• Core: Fix TxRep parser expecting memo.return but encoder writing memo.retHash.
• Core: Fix ManageSellOffer/ManageBuyOffer offerId precision loss on web platforms.
• Core: Fix removeTailZero returning empty string for input "0" on web.
• Web: Extend XDR enum classes with operator==/hashCode to fix switch statement failures on web for negative discriminant values.
• Web: Remove dead code (readLong, writeLong, u64BytesHelper, u64BigIntBytesHelper) and unused imports.
• KYC: Fix GET request builders not passing custom headers.

Documentation

• Fix incorrect API references across SEP-01, SEP-06, SEP-08, and SEP-24 examples.
• Fix outdated test file path references in SEP-08 and SEP-24 documentation.

v3.0.1 SEP-53 support

Summary

• Implements support for SEP-53 (Sign and Verify Messages) on KeyPair with four public methods: signMessage, signMessageString, verifyMessage, verifyMessageString
• Adds unit tests covering all spec test vectors, base64/hex encoding round-trips, failure cases, and edge cases
• Documentation: sep-0053.md
• Signatures match all three SEP-53 spec test vectors (ASCII, Japanese, binary)
• Cross-SDK interoperability: signatures are compatible with Java, Python and PHP SDK implementations
• No breaking changes to existing API

v3.0.0 - Full Flutter Web Platform Support

This release adds full Flutter web platform support by migrating all 64-bit integer types to BigInt.

JavaScript numbers have only 53 bits of integer precision, causing silent data loss for values exceeding 2^53. Since Stellar and Soroban use 64-bit integers extensively (memo IDs, muxed account IDs, sequence numbers, timestamps, durations), BigInt is required for correct behavior on web platforms.

Breaking Changes

Common API

• MemoId(id) and Memo.id(id) now require BigInt
• MuxedAccount(accountId, id) parameter changed from int? to BigInt?
• MuxedAccount.id property now returns BigInt?
• Account muxedAccountMed25519Id parameter changed from int? to BigInt?
• AccountResponse.muxedAccountMed25519Id property now returns BigInt?

Soroban Specific

• SorobanAddressCredentials.nonce property changed from int to BigInt
• SorobanCredentials.forAddress(nonce) parameter changed from int to BigInt
• XdrSCVal.forU64, forI64, forTimepoint, forDuration now require BigInt

XDR Types

• XdrInt64.int64 and XdrUint64.uint64 properties now return BigInt
• XdrInt128Parts.forHiLo and XdrUInt128Parts.forHiLo hi/lo parameters changed to BigInt
• XdrInt256Parts and XdrUInt256Parts parameters changed to BigInt

See v3_migration_guide.md for detailed migration patterns and examples.

v2.2.2 RPC v25.0.0 support

Features

• Add RPC v25.0.0 response fields to getLatestLedger:
  • closeTime: Unix timestamp when the ledger closed
  • headerXdr: Base64-encoded ledger header XDR
  • metadataXdr: Base64-encoded ledger close metadata XDR

v2.2.1 - SEP-45 Support

SEP-45: Web Authentication for Contract Accounts

Overview

This release adds client-side support for SEP-45, enabling authentication of Soroban smart contract accounts (C... addresses) with web services. This complements SEP-10, which handles authentication for traditional Stellar accounts (G... and M... addresses).

Key Additions

WebAuthForContracts Class

A new implementation providing authentication for contract accounts via fromDomain() factory method for automatic stellar.toml configuration or manual setup. The class supports both a complete authentication workflow via the jwtToken() method and step-by-step methods for granular control (getChallenge(), validateChallenge(), signAuthorizationEntries(), sendSignedChallenge()).

Authentication Capabilities

• Challenge retrieval and authorization entry decoding
• Challenge validation and entry signing workflows
• Signed challenge submission to obtain JWT tokens
• Automatic signature expiration calculation using Soroban RPC
• Client domain verification using local keypairs or remote callback signing

Security Validations

• Contract address validation against WEB_AUTH_CONTRACT_ID
• Function name verification (web_auth_verify)
• Sub-invocation rejection
• Server entry presence and signature verification
• Client entry presence validation
• Account validation (client contract account matching)
• Home domain and web_auth_domain validation
• Nonce consistency checks
• Network passphrase verification

Documentation

• SEP-45 Documentation
• SEP-45 Compatibility Matrix

v2.2.0 - Dependency Updates

Release Notes - Stellar Flutter SDK v2.2.0

Overview

This maintenance release updates dependency requirements to resolve version conflicts with modern Flutter tooling and development environments.

Breaking Changes

Minimum Dart SDK requirement increased to 3.8.0

The SDK now requires Dart SDK >=3.8.0 (included in Flutter 3.32+, released May 2025). Users will need to upgrade their Flutter installation to version 3.32 or later.

Changes

Dependencies

• Updated Dart SDK constraint from >=3.0.0 to >=3.8.0
• Updated toml dependency from ^0.16.0 to ^0.17.0

Compatibility

• Resolves petitparser version conflicts with melos >=7.2.0 and other modern development tools
• All compatibility matrices updated for version 2.2.0

Migration Guide

To use this version, ensure you have Flutter 3.32 or later installed:

flutter --version

If you need to upgrade:

flutter upgrade

Then update your dependency:

dependencies:
  stellar_flutter_sdk: ^2.2.0