Release Notes
API
v1.3.0 — Public L402 Test Endpoint (March 2026)
- Public test endpoint —
GET https://api.lightningenable.com/l402/test/pingreturns a 402 with a 1-sat invoice, no API key or signup required - Pay the invoice, retry with
Authorization: L402 <macaroon>:<preimage>, get a 200 — full L402 round-trip in two curl commands - Alby Hub officially verified as L402-compatible
v1.2.0 — L402 Producer API (March 2026)
Agents can now earn, not just spend. The L402 Producer API enables Agentic Commerce subscribers to create L402 payment challenges and verify payments — powering agent-to-agent commerce where AI agents autonomously buy and sell services.
New Features
- L402 Producer API — Two new endpoints (
POST /api/l402/challenges,POST /api/l402/challenges/verify) let merchants programmatically create L402 payment challenges and verify L402 tokens - Challenge idempotency — Same resource + price from the same client within 60 seconds returns the same invoice, preventing duplicate charges on retries
- Two new MCP tools —
create_l402_challengeandverify_l402_paymentbring producer capabilities directly to AI agents via MCP
Documentation
- New L402 Producer API guide with end-to-end agent-to-agent commerce examples
- Updated MCP Complete Guide with producer tool reference
- Updated L402 API Reference with producer endpoints
v1.1.0 — Security Audit & Quality Hardening (February 2026)
Comprehensive security audit and code quality pass across the entire API surface. Added 244 new tests, bringing total coverage from 407 to 651 tests.
Security Hardening (7 Critical + 13 High Priority)
Critical fixes:
- SSRF protection on webhook callback URLs and proxy target URLs — block internal/private network ranges
- Webhook signature verification — constant-time HMAC comparison to prevent timing attacks
- L402 amount binding — macaroon caveats now bind to the invoiced amount, preventing underpayment exploits
- Subscription enforcement — active Stripe subscription required for all authenticated API operations
- Error sanitization — internal exception details, stack traces, and infrastructure information no longer leak in API responses
- API key hashing — merchant API keys stored as one-way hashes for improved credential security
- Webhook replay protection — timestamp validation rejects stale webhook deliveries
High priority fixes:
- Rate limiting on authentication, invoice creation, and webhook endpoints
- Idempotency keys on all OpenNode charge creation calls to prevent duplicate invoices
- Request size limits on all endpoints accepting request bodies
- Input validation on all merchant-supplied URLs (scheme, length, format)
- Correlation ID propagation via
X-Correlation-Idheader for end-to-end request tracing - Webhook delivery queue hardening with dead-letter handling and bounded retries
- L402 macaroon expiry enforcement and nonce replay protection
- Proxy target URL allowlist validation against merchant-registered domains
- Merchant-scoped database query enforcement across all repository methods
- Stripe webhook signature verification on all subscription lifecycle events
- OpenNode API key validation on merchant registration
- Secure cache headers on all API responses
- Admin endpoint authentication audit and header validation
API Improvements (12 Medium Priority)
- OpenAPI annotations on all endpoints with response type documentation
- Cancellation token propagation through all async controller actions and service methods
- DTO validation attributes on all request models (required fields, range constraints, URL format)
- Structured logging with Serilog semantic properties across all services
- Consistent error response format using
ProblemDetails(RFC 9457) - Pagination support on list endpoints with cursor-based navigation
- Health check endpoint expanded with dependency status (database, OpenNode, Stripe)
- Webhook delivery status tracking with queryable history per merchant
- Retry-After headers on rate-limited responses
- Request/response logging middleware with PII redaction
- ETag support on cacheable GET endpoints
- Graceful shutdown handling for in-flight webhook deliveries and background jobs
Code Quality (5 Low Priority)
- Dead code removal across controllers, services, and middleware
- Consistent
async/awaitpatterns — eliminated fire-and-forget calls - Nullable reference type annotations on all public API surfaces
- Standardized exception hierarchy with domain-specific exception types
- Code style enforcement via
.editorconfigand analyzer rules
Test Coverage
- 244 new tests added (407 to 651 total)
- Security-focused tests: SSRF blocking, signature verification, replay protection, rate limiting
- Integration tests for full webhook delivery pipeline
- L402 protocol tests covering challenge, payment, and verification flows
- Subscription enforcement tests across all plan tiers
- Edge case coverage for concurrent requests, timeout handling, and malformed input
MCP Server
v1.12.2 — Critical: Payment Confirmation Fix (April 2026)
Severity: Critical — affects all .NET MCP clients since v1.6.0
Problem: When a client reports MCP elicitation capability (as Claude Code does) but elicitation doesn't actually work, the payment confirmation flow returned "Payment cancelled by user" with no nonce and no recovery path. Any payment above the auto-approve threshold was permanently blocked.
Fix: Always fall back to nonce-based confirmation when elicitation fails, regardless of reported client capabilities. Affected tools: pay_invoice, access_l402_resource, pay_l402_challenge.
Update immediately:
# .NET global tool
dotnet tool update -g LightningEnable.Mcp
Affected versions: v1.6.0 through v1.12.1 (all deprecated on NuGet). Python package was never affected.
v1.11.2 — Version Bump (March 2026)
- Version bump for CI pipeline alignment; no functional changes
v1.11.1 — L402 HTTP Client Fix (March 2026)
- Fixed gzip decompression issue in the L402 HTTP client by sending
Accept-Encoding: identity, preventing decompression errors on some servers
v1.11.0 — NIP-44 v2 Outgoing Encryption (March 2026)
- NWC outgoing requests now encrypted with NIP-44 v2 (Alby Hub compatibility)
- NIP-47 encryption tag support for improved NWC interoperability
v1.10.1 — Docker Image Update (March 2026)
- Updated Docker base image; no functional changes
v1.10.0 — NIP-44 v2 Incoming Decryption (March 2026)
- Auto-detects NIP-04 vs NIP-44 v2 encryption on incoming NWC responses
- No configuration required — works transparently with all supported NWC wallets
v1.9.0 — Producer Tools (March 2026)
create_l402_challenge— AI agents can now sell services: create a Lightning invoice + macaroon to present to other agents or users as a 402 challengeverify_l402_payment— Verify an L402 token (macaroon + preimage) to confirm payment before granting access- Both tools require an Agentic Commerce subscription (from $99/mo)
v1.8.0 — LND Wallet Support (February 2026)
- Added LND REST API wallet backend for self-hosted nodes
- Configure with
LND_REST_HOSTandLND_MACAROON_HEXenv vars - Full L402 preimage support via LND
v1.7.0 — discover_api Tool (February 2026)
discover_api— Search the L402 API registry by keyword/category, or fetch a specific API's manifest from a URL- Budget-aware annotations show how many calls you can afford at the current BTC price
v1.6.0 — License Removed, All Consumer Tools Free (February 2026)
- License requirement removed — all 15 consumer tools are now free, no Lightning payment or subscription required
- Added
confirm_paymenttool for explicit payment confirmation before execution - The 6,000-sat license purchase from v1.5.0 is no longer needed; existing licenses are ignored
v1.5.2 — Version Display Fix (February 2026)
- Assembly version now matches package version for accurate startup display
- Includes all v1.5.1 fixes below
v1.5.1 — Critical Bug Fix (February 2026)
Severity: Critical — affects all payment confirmations
Problem: The confirm_payment tool was consuming the payment nonce before pay_invoice could use it. This caused every confirmed payment to fail with:
Invalid, expired, or already-used confirmation nonce
Root Cause: Both confirm_payment and pay_invoice called ValidateAndConsumeConfirmation(), which removes the nonce from memory. Since confirm_payment runs first (to get user approval), it consumed the nonce, leaving nothing for pay_invoice to validate against.
Fix: confirm_payment now uses a read-only ValidateConfirmation() method that checks the nonce without consuming it. Only pay_invoice consumes the nonce.
Update immediately:
# .NET global tool
dotnet tool update -g LightningEnable.Mcp
Affected versions: v1.5.0
v1.5.0 — Multi-Wallet Support
- Added Strike wallet backend with preimage support
- Added LND REST wallet backend
- Added Nostr Wallet Connect (NWC) wallet backend
- Configurable wallet priority via
WALLET_PRIORITYenv var or config file - Config file support at
~/.lightning-enable/config.json - L402 license purchase via Lightning payment (6,000 sats, valid forever)
- Budget controls with dual USD/sats limits
v1.4.0 — L402 Auto-Pay
access_l402_resourcetool for automatic L402 paymentpay_l402_challengetool for manual L402 payment- Budget enforcement with per-request and per-session limits
- Payment history tracking
v1.3.0 — Initial Release
pay_invoice— Pay any Lightning invoicecheck_wallet_balance— Check wallet balanceget_payment_history— View payment historyget_budget_status— View budget limits- OpenNode wallet backend