v1.0.2 — x402 Spec Compliance

What's changed

x402 Protocol — Full Spec Compliance

AlgoVoi now fully implements the coinbase/x402 specification, while remaining backward-compatible with existing payment flows.

Server (mcp.ilovechicken.co.uk)

• Payment requirements now include maxAmountRequired (spec field) alongside amount (legacy) — third-party x402 clients can now parse the 402 correctly
• Added required spec fields: resource, description, mimeType
• Fixed x402Version: 2 → 1 to match the official spec
• PAYMENT-RESPONSE settlement header returned on all successful paid responses

Extension (mcp-client.ts)

• McpPaymentOption interface accepts both maxAmountRequired (spec) and amount (legacy)
• Payment logic reads maxAmountRequired ?? amount — no behaviour change, works with both old and new server builds

Firefox AMO

• manifest.json now includes browser_specific_settings.gecko (id: [email protected], strict_min_version: 128.0) required for Mozilla Add-ons submission

Store packages

File	Store
algovoi-1.0.1-chrome.zip	Chrome Web Store
algovoi-1.0.1-firefox.zip	Mozilla AMO (patched manifest — sidePanel removed, gecko ID set, scripts fallback added)
algovoi-1.0.1-source.zip	AMO source code submission (required for minified bundles)

Compatibility

All existing x402 payment flows continue to work unchanged. x402 version, field names, and settlement headers now match the coinbase/x402 reference spec.

v1.0.1 — Allbridge fallback + UI fixes

AlgoVoi v1.0.1

Bridge improvements

• Fallback link on failure — if MCP is unavailable, a direct link to allbridge.io opens with the correct route pre-selected (ALG→USDC→destination chain)
• Bridge button always visible — fixed popup height chain (body → #root → flex-col)
• Bridge button style fixed (bg-algo, was undefined gradient-btn)
• Destination address starts blank
• Compact layout — all bridge UI fits without scrolling

Includes all v1.0.0 features

• Allbridge USDC bridge: Algorand → ETH/BSC/SOL/ARB/POL/AVA/OPT/Base/SUI (+ more)
• Security hardening XXI-B (8 findings, all closed)
• Tab bar: Assets · Swap · Bridge · Apps · Agents · Vault

v1.0.0 — Allbridge USDC Bridge + Security XXI-B

AlgoVoi v1.0.0

Allbridge USDC Bridge

Bridge USDC from Algorand to 13 destination chains via Allbridge Core:

• Supported destinations: ETH, BSC, SOL, ARB, POL, AVA, OPT, Base, SUI, Sonic, Linea, Unichain, Stellar
• Atomic transaction group built server-side via MCP, signed locally in extension
• Confirmed working end-to-end (Algorand → Base, live transaction)
• Bridge tab: Algorand-only, USDC-only, blank destination, bg-algo button

Security Hardening XXI-B (8 findings, all closed)

• XXI-B-1: sourceChain validated against VALID_CHAINS whitelist
• XXI-B-2: Secret key retrieved inside try block, sk?.fill(0) in finally
• XXI-B-3: sourceToken validated against per-chain VALID_TOKENS whitelist
• XXI-B-4: Decimals range check (0–19), amount length ≤ 40, uint64 overflow guard
• XXI-B-5: message-handler validates params before dispatching BRIDGE_EXECUTE
• XXI-B-6: TX_FEE_RESERVE applied to native token Max button
• XXI-B-7: Amount regex /^\d+(\.\d+)?$/ rejects scientific notation
• XXI-B-8: BRIDGE_ADDRESS hardcoded constant (not user-supplied)

Allbridge handler hardening

• VALID_DEST_CHAINS whitelist, USDC-only (31566704) enforcement
• ALLBRIDGE_EXECUTE message type with sender.id check and param validation
• sk wiped in finally block, WalletConnect accounts rejected

Other fixes

• Popup height fixed to 600px with #root flex propagation (button always visible)
• Tab bar: Assets · Swap · Bridge · Apps · Agents · Vault
• History tab removed (Phase 2 placeholder)
• Aramid bridge deprecated (relay unreliable)

Validation

• 28/28 security checks PASS (Comet CDP validated)
• Clean build: ✓ built in 1m 11s
• Manifest V3, no wildcard permissions, full CSP

---

Security audit: SECURITY_AUDIT.md — 0 open findings

v0.8.1 — Swap error messages + security hardening XX

What's changed

Bug fixes

• Swap error messages — Pool liquidity failures now show the actual reason instead of a misleading "insufficient balance" message. Possible messages: pool has insufficient liquidity, sender has insufficient balance, contract rejected the transaction.
• Swap fee buffer — VOI swap panel now reserves 0.01 VOI from the displayed spendable balance to prevent simulation failures caused by entering the full balance with nothing left for fees.

Security — Hardening XX

• XX-1 (Medium, CLOSED) — executeResolve() now validates MCP-returned addresses via algosdk.isValidAddress() before displaying. Sibling of XVIII-1 (same guard was already on executeSend). A compromised MCP server could no longer spoof a .voi name resolution result.

Server (mcp.ilovechicken.co.uk)

• Improved humble_swap_txn error classification in txns.js — distinguishes pool liquidity failures, balance failures, and contract rejections.

Full changelog

• fix(swap): reserve 0.01 VOI fee buffer to prevent simulation failures
• fix(swap): surface server error messages correctly in UI
• security: Hardening XX — fix executeResolve unvalidated MCP address display

v0.8.0 — Falcon PQC Post-Quantum Signatures

What's New

Falcon PQC Post-Quantum Signatures (Algorand Mainnet)

• Falcon-1024 quantum-resistant accounts — NIST Level 5 security (AES-256 equivalent)
• WASM build (88KB) of Algorand's exact C Falcon library via Emscripten
• Deterministic signing compatible with AVM v12 falcon_verify opcode
• Logic sig addresses with 4-txn grouped signing (byte budget pooling)
• Encrypted key storage in the same PBKDF2 + AES-GCM vault as Ed25519 accounts
• UI: "Falcon PQC Account" button in add menu (Algorand only) + shield badge

Verified on Algorand mainnet: TxID 5MWVIZO...

Security Hardening XXIV (8 fixes)

• SHA-256 integrity verification of WASM + JS glue before instantiation
• Input validation: hex string format, key size bounds, NaN rejection
• Falcon account expiry check in signing branch
• Explicit wallet unlock check on key export
• Counter iteration for address derivation (matches Algorand Foundation reference)
• Group size assertion in transaction signing

Key Sizes

Property	Size
Public key	1,793 bytes
Private key	2,305 bytes
Signature	~1,230 bytes (compressed)
WASM module	88 KB

Note: Falcon accounts use raw key bytes (no mnemonic). Export keys for backup. Voi support pending AVM 12+ upgrade.

v0.7.0 — AI Agent WalletConnect + MCP Relay Bridge

What's New

AI Agent WalletConnect Connection

• AI agents can now connect to AlgoVoi as their wallet via WalletConnect v2
• Sessions auto-approved with both Algorand + Voi chain access
• Agent approval popup with full transaction summaries and blind-sign gate
• Per-session rate limiting (max 10 pending requests, max 16 txns per request)
• Session proposal rate limiting (max 5 per minute)

MCP Server Relay Bridge

• Chrome MV3 service workers cannot receive WC relay WebSocket push notifications
• New MCP server bridge (/wc-bridge) proxies relay messages via HTTP polling
• Agent re-encrypts proposal and POSTs to bridge; extension polls every 2s
• Independent JWT auth for bridge relay subscription

Voi Token Swaps

• Swap Voi tokens via Snowball aggregator (direct pool swaps)
• Slippage protection (0–50%, validated both UI and backend)
• Multi-hop swap detection (blocked with user-friendly message)
• uint64 overflow protection on amounts

Security Hardening XXIII (12 fixes)

• XXIII-1–3: Server input validation (topic format, SSRF prevention, message size limit)
• XXIII-4–5: MCP response validation + sender.id on agent sign handlers
• XXIII-6: Transaction array limit (max 16 per request)
• XXIII-7–8: Backend slippage validation + parseDecimal crash fix
• XXIII-9–10: Server-side timestamps + exponential reconnect backoff
• XXIII-11–12: Snowball poolId validation + proposal rate limiting
• Security headers (nosniff, X-Frame-Options: DENY)
• Listener cap (20 max) with oldest-eviction
• Extended pairing TTL (5→10 min)

Other

• Pairing keepalive port for SW persistence during agent connection
• W3W session persistence across SW restarts via chromeKvStorage
• Auto-cleanup of expired pairings

AlgoVoi v0.6.0 — Algorand AI Agent + Security Hardening XXII

What's new in v0.6.0

Algorand AI Agent Chat (Algorand chain · Agents tab)

Full AI assistant for Algorand, mirroring the Voi agent with chain-specific tools.

• Direct actions — structured commands bypass AI (zero token cost):
  • swap 1000000 ALGO for USDC · send 1 ALGO to grampantics.algo · balance
  • lookup grampantics.algo · price ALGO
• NFD integration (6 tools) — name resolution, reverse lookup, browse, search, activity, analytics via api.nf.domains
• Haystack Router (3 tools) — DEX aggregator across Tinyman, Pact, Folks for best swap routes
• Pera asset data (3 tools) — verification status, asset details, asset search
• Categories: Tokens · Swaps · Names · General
• Teal accent UI with "Ask about Algorand..." placeholder

Security Hardening XXII (Red Team Audit)

Full red team penetration test identifying 3 exploitable paths — all fixed.

ID	Severity	Finding	Fix
XXII-1	HIGH	SIGN_TRANSACTIONS had no sender address verification	Validate every txn sender == active account
XXII-5	HIGH	Internal message handlers (SIGN, SEND, SWAP, SUBMIT, AGENT_CHAT) callable from content scripts	sender.id === chrome.runtime.id check on all 6 handlers
XXII-9	MEDIUM	Name resolution (.voi/.algo) showed truncated address — easy to spoof	Show full resolved address in reply
XXII-3	MEDIUM	SUBMIT_TRANSACTIONS had no wallet lock check	Added lock state verification
XXII-4	MEDIUM	Network parameter accepted arbitrary strings	Strict whitelist: voi-mainnet, algorand-mainnet only
XXII-7	LOW	Agent chat category not validated	Whitelist: tokens, nfts, swaps, names, lending, general
XXII-8	LOW	No bounds on message history array	Max 20 messages, 4000 chars each
XXII-10	LOW	No rate limiting on SIGN_TRANSACTIONS	10 requests per 30s sliding window

MCP Server — API Key Authentication

• agent_chat now requires dual authentication: chrome-extension:// origin + X-AlgoVoi-Key header
• Protects Anthropic API key from unauthorized use by external MCP clients
• All other MCP tools remain open (x402-gated or exempt for extension use)

MCP Server — Algorand Tools

12 new Algorand-specific tools added (62 total across 14 modules):

• NFD: nfd_get, nfd_lookup_address, nfd_search, nfd_browse, nfd_activity, nfd_analytics
• Haystack: haystack_quote, haystack_swap_txn, haystack_needs_optin
• Pera: pera_asset_verification, pera_asset_details, pera_asset_search

Auto-update notifications

• Server-side /version endpoint auto-syncs from GitHub releases every 30 minutes
• Extension checks on startup + daily, shows amber banner when update available

Bug fixes

• algosdk v3 property names in SIGN_TRANSACTIONS validation (txn.sender not txn.from, nested dangerous fields)
• Coinbase Buy button visible error alert (was silently swallowed by stripped console.error)
• Account removal confirmation modal (replaces native window.confirm) — #1
• Import mnemonic button fix on empty-wallet view
• Single Sign & Send button for multi-transaction swap groups
• Auto-lock timer increased to 10 minutes

Security

0 Critical · 0 High · 0 Medium · 0 Low open.

See SECURITY_AUDIT.md for full audit history (Hardening I–XXII).

Installation

1. Download algovoi-v0.6.0.zip and unzip
2. Open Chrome → chrome://extensions → enable Developer mode
3. Click Load unpacked → select the unzipped folder

AlgoVoi v0.5.0 — AI Agent Chat + Coinbase Onramp

What's new in v0.5.0

AI Agent Chat (Voi chain · Agents tab)

Natural-language wallet assistant powered by Claude Sonnet 4 via the UluMCP server.

• Direct actions — structured commands bypass AI entirely (zero token cost):
  • swap 10 VOI for USDC · send 5 VOI to alice.voi · balance · price of VIA
  • resolve nugget.voi · register mynewname.voi
• AI fallback — conversational and ambiguous queries use Claude Sonnet 4 with a per-category tool whitelist
• Categories: tokens · NFTs · swaps · names · lending · general
• Anthropic API key lives exclusively on the UluMCP server — never bundled in the extension
• Single Sign & Send — swap groups (approve + swap + withdraw) merged into one button, one click

Coinbase Onramp (Algorand chain · Assets tab)

Buy ALGO directly from the wallet via the Buy button.

• Secure session-token flow: wallet address POSTed to AlgoVoi backend, never in URL parameters
• Satisfies Coinbase "require secure initialization" — one-time session token from backend
• CORS restricted to chrome-extension:// origin
• Feature-flagged via COINBASE_ONRAMP_ENABLED — pending Coinbase UK country approval

Auto-update notifications

Extension checks for new releases via the MCP server and shows an amber banner with a download link when a newer version is available. No new permissions required.

• Checks on startup + daily via Chrome alarm
• Server-side /version endpoint auto-syncs from GitHub releases every 30 minutes
• Amber "UPD" badge on extension icon when update available

UX improvements

• Account removal confirmation modal — replaces native window.confirm with in-app styled modal showing account name, address, and backup warning (#1)
• Single sign button for swap groups — multi-transaction swaps now show one "Sign & Send (N txns)" button instead of separate buttons per transaction

Bug fixes

• Import mnemonic on empty-wallet view — the Import Mnemonic button on the empty-wallet screen was non-functional (modal not rendered in early return path). Users were forced through full wallet setup which silently wiped existing accounts on other chains.
• Three approval popups per swap — direct-action tool calls (snowball_tokens, humble_pools, humble_swap_txn) were each hitting x402 payment gates, opening a separate approval popup per call. Server now exempts extension tool calls from x402.

MCP tools expanded

50 tools across 11 modules: arc200 · arc72 · envoi · humble · snowball · swap200 · marketplace · txns · dorkfi · x402 · algod · chat

Security

Hardening XVII–XXI — full review of all attack surfaces. 0 Critical · 0 High · 0 Medium · 0 Low open.

See SECURITY_AUDIT.md for full audit history (Hardening I–XXI).

Installation

1. Download algovoi-v0.5.0.zip and unzip
2. Open Chrome → chrome://extensions → enable Developer mode
3. Click Load unpacked → select the unzipped folder

v0.4.0 — Security Audit + Hardening

What's new in v0.4.0

Security hardening

• HIGH: Strip Authorization header on x402/MPP fetch retry — prevents credential theft by malicious 402 endpoints
• MED: Wrap all sk.fill(0) in try/finally — secret keys wiped even if signing throws
• MED: Auto-expire debug log entries after 7 days
• MED: Pin CSP img-src to explicit WalletConnect subdomains (no wildcards)
• LOW: Strip console.log/warn/info in production builds via Terser
• LOW: Validate WC_PROJECT_ID non-empty at service worker startup

Downloads

File	Browser	Install
algovoi-0.4.0-chrome-edge.zip	Chrome / Edge / Brave	Unzip → chrome://extensions → Developer mode → Load unpacked
algovoi-0.4.0-firefox.zip	Firefox	Submitted to AMO for review
algovoi-0.4.0-source.zip	—	Source code for auditors / AMO review

Install (Chrome / Edge / Brave)

1. Download algovoi-0.4.0-chrome-edge.zip
2. Unzip to a folder
3. Open chrome://extensions (or edge://extensions)
4. Enable Developer mode
5. Click Load unpacked → select the unzipped folder

Full audit report

See SECURITY_AUDIT.md