Changelog
Release history for the CodeSpar SDK, adapters, and MCP servers.
Changelog
July 2026
codespar_checkout is live on the Pix rail 2026-07-03
The sell-side checkout meta-tool now executes end to end. Pass items[] and the meta-tool lowers them to an inbound charge, routed on the pix rail with provider failover. The response carries a hosted payment page (charge_url) plus pix_copy_paste, so the shopper can pay from a link or straight from the copia-e-cola string. See codespar_checkout.
Hosted remote MCP productized 2026-07-03
One URL now serves any remote MCP client: https://connect.codespar.dev/mcp (Streamable HTTP). Authenticate with a csk_ bearer key or OAuth 2.1, with RFC 9728 protected-resource discovery served per host. Claude Code setup is one line:
claude mcp add --transport http codespar https://connect.codespar.dev/mcp --header "Authorization: Bearer <key>"See the MCP adapter docs for the full remote setup.
June 2026
Multi-slot consumer wallet in production 2026-06-25
One wallet per consumer, with per-currency slots (BRL + USDC) minted from a single mandate signature. There is no FX inside the wallet: each slot is its own spend authority in its own currency. Shipped surface: GET /v1/consumers/:id/wallet, slot-to-slot transfer with onramp and offramp legs, and mandate-gated spend against each slot. See codespar_wallet.
@codespar/sdk 0.10 is the current line 2026-06
The SDK moved to the 0.10 line. Typed Session wrappers expanded to cover the newer meta-tools, including session.issue(args) and session.ledger(args), and the framework adapters now track ^0.10. If you are pinned to ^0.9.0, bump the pin; the 0.9 surface carries over additively.
MCP Generator — dashboard wizard + OpenAPI & GitHub source modes 2026-06-09
The MCP Generator is now a point-and-click flow in the dashboard at Develop › Generate — no install required. Scan your API three ways (paste source, an OpenAPI 3.x spec, or a GitHub repo), pick the endpoints to expose, review the generated server, then onboard and activate it. Activated servers become a project-scoped rail in the router (gen_<project>_<slug>), so agent calls to your own API run through the same policy engine, credential vault, and audit chain as Pix and NF-e — isolated from other projects. The CLI and library still emit standalone server code; the wizard is the path that makes a server routable. See MCP Generator.
New meta-tools: codespar_ledger + codespar_issue 2026-06-05
Two new meta-tools (with typed SDK wrappers) join the catalog. codespar_ledger is a double-entry ledger backed by the tenant's self-hosted Lerian Midaz — post journal entries, read balances, create accounts. It is your books, distinct from the rails that move real money. codespar_issue issues and controls payment cards via our card-issuing partner (virtual / physical, freeze / unfreeze / cancel) — the agent-spend-card primitive. Both are wrapped by session.ledger(args) and session.issue(args). See codespar_ledger and codespar_issue.
LATAM catalog expansion + new auth engines 2026-06-05
The provider catalog grew past 60 rails across BR, MX, AR, CO, CL, and PE. codespar_pay now spans 28 providers — including nine Brazilian banks connected direct over mTLS (Banco do Brasil, Itaú, Bradesco, Santander, Caixa, Sicoob, Sicredi, C6, Original) for Pix straight from the account — and codespar_charge spans 17 (Getnet, PagSeguro, Rede, Clip, Kushki, Izipay, Niubiz, Bold, ePayco, Payway, PicPay, Nequi, and more). A new auth engine landed alongside them: two_header (two co-equal credential headers, no Bearer — Cielo, Transbank, Kushki, Payway). See codespar_pay, codespar_charge, and authentication.
codespar_checkout and codespar_shop — the two sides of checkout 2026-06-04
Two meta-tools cover the two sides of a purchase. codespar_checkout is the sell-side primitive: as a merchant, create and process a checkout for a shopper to pay you (cart, pricing, tax, payment), routing to Stripe ACP, Asaas, or x402 by payment method. codespar_shop is the buy-side primitive: the agent acts as the shopper, searching a store and buying — a cart engine resolves product and price with adapters for VTEX, Mercado Livre, and a hosted browser-worker (for sites without a programmatic API), minting the store's real Pix to settle via codespar_pay. See codespar_checkout and codespar_shop.
Cross-border rails on codespar_crypto_pay — onramp + offramp + payout 2026-06-01
codespar_crypto_pay gains three new rails served by our BRL↔USDC on/offramp partner, covering the full cross-border lifecycle: onramp (fiat → USDC via Pix BRL / US wire / EUR SEPA — returns a hosted QR / wire instruction the agent surfaces to the payer), offramp (USDC → fiat on a pre-registered bank account), and stablecoin-payout (USDC → external wallet address for web3 recipients). Agents chain onramp + offramp in two calls to drive a complete cross-border purchase or export flow. The receive-flow default (stablecoin × USDC × INTL) still routes to Coinbase Commerce. See codespar_crypto_pay for the rail table + chained-call examples.
Breaking change — counterparty.country is required for direction: send on codespar_crypto_pay 2026-06-01
codespar_crypto_pay calls with direction: "send" must now include counterparty.country as an ISO 3166-1 alpha-2 string (e.g. "US", "BR", "MX"). Receive-direction flows (Coinbase Commerce charges, onramp QR generation) may omit it — the buyer is anonymous until they hit the hosted URL. The coercer rejects send-direction calls missing the field before any provider dispatch. This is the destination half of cross-border tracking; an operator_country (origin) field is planned for a follow-up so the platform can derive cross-border flag deterministically across send + receive. Update agents that previously omitted the country on direction: "send" calls.
May 2026
Chat-loop policy hooks now fire on every session.send() tool call 2026-05-23
The policy engine now evaluates every tool call dispatched from the chat-loop session.send() path, not just calls made through session.execute(). Rules tuned for direct-execute traffic — deny, approval-required, rate-limit, time-window — fire identically on chat-loop dispatches. If you have an approval-required rule on a tool the chat loop picks, expect rows in /dashboard/approvals after the next test run. See Chat-loop Governance for what changes and what to check before your next release.
Audit chain now captures chat-loop tool calls 2026-05-23
Every tool call the chat loop dispatches now writes a tool_call.succeeded or tool_call.failed event to the audit chain. Event names and shape are unchanged — existing SIEM-export rules and audit-page filters pick up the new events without changes. Audit-chain volume grows roughly in proportion to chat-loop tool-call volume per day. See Chat-loop Governance for the full ordering of the AgentGate hooks.
Commerce-memory predicates now fire on chat-loop tool calls 2026-05-23
When the chat loop dispatches a tool whose capture predicate matches (Asaas charges, Stone settlements, Melhor Envio fulfillments, KYC approvals), the runtime writes a commerce-memory row per successful call. The predicates themselves are unchanged; what's new is that chat-loop traffic reaches them. Check /dashboard/commerce-memory for entries you might attribute to a workflow that previously lived only on the direct-execute path. See Chat-loop Governance for details.
v0.9.0 — meta-tool router build-out + SSE streaming 2026-05-04
@codespar/sdk@0.9.0 + @codespar/types@0.7.0 + @codespar/api-types@0.4.0 + codespar (PyPI) 0.9.0 — meta-tool router shipped end-to-end. Eight new typed Session wrappers; two new auth types; SSE streaming for async settlement + verification.
Meta-tool typed wrappers — eight new methods on Session (TypeScript + Python parity, snake_case in Python):
session.discover(query)— semantic + lexical tool search across the catalog (pgvector + pg_trgm). Composio-analog.session.connectionWizard(serverId)— connection wizard backend; agents discover what's connected and initiate flows.session.charge(args)— typed wrapper forcodespar_charge(inbound, buyer pays merchant). Distinct from outboundpay.session.ship(args)— typed wrapper forcodespar_ship(Melhor Envio rails: domestic-label / domestic-quote / domestic-track).session.paymentStatus(toolCallId)— polling endpoint for async settlement ofcharge/pay.session.paymentStatusStream(toolCallId, { onUpdate?, signal? })— Server-Sent Events variant. Heartbeats every 15s; auto-closes 5s after terminal state.session.verificationStatus(toolCallId)— polling endpoint for async KYC settlement (codespar_kyc). Statuses: approved / rejected / review / expired / pending.session.verificationStatusStream(toolCallId, { onUpdate?, signal? })— SSE variant.
The polling siblings (paymentStatus, verificationStatus) stay live for backward compat — additive change only.
Meta-tool catalog grew from 5 → 53 routing rails across 9 meta-tools:
codespar_pay— outbound transferscodespar_charge(NEW) — inbound charges (Pix BRL: Asaas / Mercado Pago / iugu / Stone; card USD: Stripe)codespar_invoice— fiscal invoices. Default rail NFS-e (services); passrail: "nfe"for products. Alsonfcifor CFDI MX (Facturapi) + Factura AR (AFIP).codespar_notify— messaging (whatsapp via Z-API / Twilio, sms via Twilio, email via SendGrid)codespar_ship(NEW) — shipping (Melhor Envio with 3 rails)codespar_crypto_pay(NEW) — crypto payments via Coinbase Commerce + Bitsocodespar_kyc(NEW) — KYC via Persona / Sift / Konduto / Truoracodespar_discover(NEW) — tool search meta-toolcodespar_manage_connections(NEW) — connection wizard backend
Two new auth types — total 6 supported (api_key, path_secret, oauth, cert, hmac_signed, none):
cert— mTLS with X.509 client certificate, for BR open-banking corporate APIs (Banco do Brasil pilot; Itaú, Santander, Bradesco, Caixa next batch).hmac_signed— per-request signature (timestamp + method + path + body) with shared key + secret pair. For Foxbit and crypto exchanges following that pattern.
Catalog scale (as of release):
- 109+ MCP servers published on npm
- 2,200+ individual tools
- 53 routing rails in
META_TOOL_CATALOG - 6 LATAM countries covered: BR, MX, AR, CO, CL, PE
- 9 verticals: payments, banking, crypto, communication, ecommerce, erp, fiscal, fraud, identity
@codespar/api-types@0.4.0 — added cert + hmac_signed to the auth_type enum (AuthTypeSchema) and cert to AuthSchemaFieldKindSchema. Web dashboard's Provider Connect modal now renders cert (file-upload) and hmac_signed (KEY/SECRET) flows directly.
@codespar/types@0.7.0 — new wire-contract types: DiscoverResult, ConnectionWizardResult, PaymentStatusResult, PaymentStatusStreamOptions, VerificationStatusResult, VerificationStatusStreamOptions, ChargeArgs / ChargeResult, ShipArgs / ShipResult.
Adapter peerDeps — framework adapters (@codespar/claude, @codespar/openai, @codespar/vercel, @codespar/mcp, @codespar/langchain, @codespar/google-genai, @codespar/mastra, @codespar/crewai, @codespar/autogen, @codespar/llama-index, @codespar/letta, @codespar/camel) remain on 0.3.0. They consume only the SessionBase surface; the new methods land additively on Session.
See the SDK reference for the full method-by-method shape and Auth concepts for the new auth types.
April 2026
v0.3.0 — API canonicalization + 2-level tenancy 2026-04-19
@codespar/sdk@0.3.0 — Breaking alignment with the canonical wire contract.
codespar.create(userId, config)replacescodespar.sessions.create(config).userIdis now a required first positional argument; credentials, audit logs, and billing scope to it.session.execute(toolName, params)replacessession.execute({ name, arguments }). Two positional arguments instead of a single object.session.send(message)andsession.sendStream(message)take a natural-language string and run a Claude tool-use loop on the backend, returningSendResult/StreamEvent. The previous framing as fire-and-forget / streaming variants ofexecuteis removed.session.mcpis a property{ url, headers }instead of a method call.- 2-level tenancy (Account → Project) shipped end-to-end:
projectIdonSessionConfig,x-codespar-projectheader support, Zod schema validation on client (/^prj_[A-Za-z0-9]{16}$/). - Python package
codespar@0.1.1+on PyPI with matching surface (sync + async).
See Sessions and the SDK Reference for the full canonical shape.
v0.2.0 — SDK + 12 Adapters 2026-04-16
@codespar/sdk@0.2.0 — Major alignment with the api.codespar.dev backend contract.
session.execute()now returnstool_call_idandcalled_atfor auditsession.loop()— Complete Loop orchestration with step callbacks and retry policiessession.send()/session.sendStream()— natural language tool executionSessionConfig.preset— connect all servers for a country in one lineSessionConfig.manageConnections— block until servers are connected
12 Provider Adapters — all published at v0.2.0:
| Package | Framework |
|---|---|
@codespar/claude | Anthropic Claude |
@codespar/openai | OpenAI GPT |
@codespar/vercel | Vercel AI SDK |
@codespar/langchain | LangChain.js |
@codespar/google-genai | Google Gemini |
@codespar/mastra | Mastra |
@codespar/crewai | CrewAI |
@codespar/autogen | Microsoft AutoGen |
@codespar/llama-index | LlamaIndex.TS |
@codespar/letta | Letta (MemGPT) |
@codespar/camel | CAMEL-AI |
@codespar/mcp | MCP (Claude Desktop, Cursor) |
57 MCP Servers — all published on npm under @codespar/mcp-*:
- 14 payments, 5 fiscal, 5 logistics, 5 messaging, 8 banking
- 8 ERP, 3 e-commerce, 4 crypto, 1 public data, 4 agentic protocols
- Coverage: Brazil (35+), Mexico (5), Argentina (5), Colombia (4)
Documentation 2026-04-17
- 12 provider docs pages with full agent loop examples
- 4 cookbooks: Pix Payment Agent, E-Commerce Checkout, Multi-Provider, Streaming Chat
- "How CodeSpar Works" architecture explainer
- Servers & Toolkits catalog (57 servers)
- Expanded API Reference: Sessions, Tools, Connections, Servers
- MCP Generator guide
- Debugging & observability guide
- Build Your Own Server guide
llms.txtandllms-full.txtfor AI assistant context- Fumadocs callouts fix (46 callouts migrated to
<Callout>components) - Theme toggle (light/dark/system), GitHub link, Discord link, Dashboard CTA
- Fraunces display font for toolkits pages
March 2026
v0.1.0 — Initial Release 2026-03-31
@codespar/sdk@0.1.0— initial SDK with session management@codespar/claude,@codespar/openai,@codespar/vercel,@codespar/mcp— first 4 adapters- 20 MCP servers (Brazil-focused)
- Basic docs: intro, quickstart, 4 provider pages, concepts, API reference
SDK v0.3 → v0.9
Upgrading from @codespar/sdk@0.3.0 to 0.9.0. Additive release — eight new typed wrappers, two new auth types, async settlement and verification correlation, SSE streaming. No breaking changes to the 0.3 surface.
Glossary
Definitions for key terms and concepts used throughout the CodeSpar documentation.