> ## Documentation Index
> Fetch the complete documentation index at: https://docs.polygon.technology/llms.txt
> Use this file to discover all available pages before exploring further.
# Changelog
> Product updates across the Polygon ecosystem.
The OMS public API consolidates the account-balance and account-transactions endpoints under the Wallet surface and exposes a synchronous failure response on transaction execution.
### Removed
* **`GET /accounts/{id}/balance`**: the standalone account-balance endpoint is no longer part of the public API. Read balances through `GET /wallets/{id}/balance` instead. The `AccountBalance` schema is removed.
* **`Account` tag**: the `Account` grouping is dropped from the API. Endpoints that referenced it now live under `Wallet`.
### Updated
* **`GET /accounts/{id}/transactions` is now a Wallet operation**: the endpoint is re-tagged from `Account` to `Wallet` and the summary becomes "List wallet transactions." The path parameter `id` now expects a wallet ID with the `wlt_` prefix. The path itself is unchanged, so existing integrations continue to work; update tooling, examples, and SDK groupings to file the endpoint under wallets.
### New
* **`502` response on `POST /transactions` (execute a transaction)**: synchronous provider failures during transaction execution now return `502` with a `Transaction` body in failed status, so clients can distinguish "created but failed at the provider" from "not created." Handle `502` alongside `201` when calling the execute endpoint.
OMS Wallet adds an agentic wallet mode, refreshes the Earn experience with new filters, sorting, and interest disclosures, refreshes the Private Send flow, and ships a wide set of transaction and inventory fixes.
### New
* **Agentic wallet mode**: dedicated landing experience with a terminal-style prompt copy flow for AI coding agents, plus an in-wallet inventory prompt card with docs link, reduced-motion support, and dismiss persistence.
* **Earn interest disclosures and deposit terms**: tooltip-based interest disclosures across the Earn list, detail, and deposit surfaces, with the APY column relabeled to Interest. A terms-and-conditions notice now appears below Review Deposit.
* **Earn coin filters**: switch between "Yours" (vaults for tokens in your inventory) and "All" to discover other opportunities, replacing the previous third "Vaults available for your funds" table.
* **Inventory and empty-state defaults**: collectibles are hidden by default until enabled in settings, the header wallet avatar stack is hidden when only one wallet exists, decorative placeholder cards are removed from empty states, and Earn defaults to all vaults when no coin tokens are held.
### Updated
* **Earn UX**: vault data is now cached across page navigation with background refresh, sorting is available on any column with retained filters and sort order across navigation, deposit and withdraw amounts can be entered as a direct percentage, and vault selection rules now require APY under 100 percent (alongside the existing \$300k minimum TVL and non-deprecated criteria) to filter out stale high-APY vaults.
* **Private Send flow**: refreshed UI with new step transitions, token selection, recipient selection, amount entry, and final send states.
* **Terms of Use and Privacy Policy** updated.
### Fixed
* **Transaction flow reliability**: transaction relay and finality waiting now resolves only after a confirmed final status and handles cancellation and failure consistently; the sign-transaction modal scopes requested transactions correctly and keeps selected transactions visible while progressing; dapp send-wallet-transaction recovery handles wallet sync, duplicate approvals, stored transaction ids, the success idle state, and error rendering consistently.
* **Inventory cache regressions** after the persisted query cache migration: auth inventory prefetch now writes the canonical summary shape consumed by the inventory query hook, and recovery inventory reads are scoped to the requested recovery wallet, including the per-chain selection flow.
* **Empty inventory notice** no longer flickers when refreshing inventory.
* **Earn snapshot initialization** no longer gets permanently stuck if a background refresh is interrupted; the refresh lease now expires within 90 seconds and the next request re-triggers initialization.
* **Private Send withdraw finalization** behavior corrected.
* **Trails success modal** content fixed in the in-wallet cross-chain flow.
* **Agentic mode terminal**: text overflow fixed and generated CLI prompt arguments are now wrapped in double quotes for terminal-safe copy and paste.
A coordinated heimdall hard fork activated on mainnet on June 2 at block 46361000, and one day later the mainnet block time was reduced from 1.75 seconds to 1.5 seconds, lifting effective execution throughput by roughly 16 percent.
### New
* **Mainnet block time reduced from 1.75 s to 1.5 s**: on June 3 the network moved to 1.5-second blocks with the block gas limit held at 140 million, raising the effective execution rate from around 80 Mgas/s to around 93.3 Mgas/s. No operator action is required. As a heads-up, a follow-on block-gas-limit increase from 140 million to 160 million is currently scheduled for June 16 as the final step on the path to 5,000 TPS.
* **Heimdall hard fork activated on mainnet at block 46361000**: the validator-set fee-withdrawal gate hard fork activated on Polygon PoS mainnet at block 46361000 on June 2 at 14:00 UTC, with heimdall v0.8.1 as the matching public release. After the fork, fee-withdrawal operations on heimdall are restricted to addresses in the active validator set; requests from non-validators are rejected at message-handling time. The fork also activates the v0.8.x features documented in the June 1 entry (planned-downtime successor nomination, deterministic state syncs gated on `visibilityTimeHeight`, and the related bridge and consensus guards).
AggLayer v0.5.0 ships stable, with a revised admin API, mandatory gRPC prover transport, and a safer default for settlement confirmations.
### New
* Networks can be marked as disabled in configuration, so operators can stop accepting certificates from a chain without removing it from the deployment ([#1160](https://github.com/agglayer/agglayer/pull/1160))
### Updated
* **Breaking**: the admin API replaces `forceSetCertificateStatus` with `forceEditCertificate`, which takes a certificate ID, a `process-now=true|false` flag, and structured operations such as `set-status,from=InError,to=Candidate` or `set-settlement-tx-hash,from=0x...,to=null`. Update any operator tooling that called the previous endpoint ([#1159](https://github.com/agglayer/agglayer/pull/1159))
* **Breaking**: prover transport is now gRPC-only. The `prover_entrypoint` config key is removed and the `[grpc]` block is mandatory; `prover` references a `ProverType` from the provers repository ([#1195](https://github.com/agglayer/agglayer/pull/1195))
* **Breaking**: the `[extra-certificate-signer]` configuration variable is removed; drop the matching block from deployment configs ([#1206](https://github.com/agglayer/agglayer/pull/1206))
* Default settlement confirmations raised from 1 to 12. Deployments that set this parameter explicitly are unaffected; deployments relying on the default now wait 12 blocks before processing a settlement ([#1470](https://github.com/agglayer/agglayer/pull/1470))
Trails ships SDK v0.16.1 with Hyperlane and LayerZero Value Transfer routes, the Open Intents Framework as a route option, the OMS Wallet widget theme, and a dedicated recovery flow for stuck intents. EVM↔Solana edge support has merged to master and is in QA ahead of a follow-up release.
### New
* **Hyperlane routes**: Trails routes can now traverse Hyperlane Warp Routes, including first-party USDC HWR support across Arbitrum, Base, Polygon, Ethereum, and Katana. Hyperlane is enabled in AUTO routing with market-rate fee estimation, supports `EXACT_INPUT` trades, and includes destination-collateral checks, worker recovery, and underfunded-deposit refund handling.
* **LayerZero Value Transfer (`LZ_TRANSFER`) routes**: a new route provider built on the LayerZero Value Transfer API replaces the deprecated `lz_stargate` route. The widget exposes it as a selectable bridge option.
* **Open Intents Framework (OIF) routes**: OIF is wired in as a route provider, with an expired-order refund worker, explicit rejection of partial-fill quotes, and demo coverage for ETH USDC → Katana USDC.
* **OMS Wallet widget theme**: a new widget theme aligned with OMS Wallet, including a refreshed selected-wallet background.
* **Recover funds screen**: a dedicated screen in intent history for recovering stuck funds, replacing the prior inline recovery surface. Edge wallet intents are now included in history.
* **Fund exact output**: funding flows can now target an exact output amount.
* **Recent chains in the chain selector**: previously used chains surface at the top of the chain selector.
* **Token selector refresh**: a refresh control on the token selector reloads token lists inline.
* **Widget chain and token filtering**: new `supportedChains` and `supportedTokensByChain` widget props let integrators restrict the chains and tokens shown to users.
* **`GetEdges` discovery API**: a new RPC enumerates enabled edge rails so integrators can discover available cross-chain routes at runtime.
* **Intent history filters**: history and search now accept edge address, rail, mode, provider, and participant-address filters.
* **Edge metadata on intent endpoints**: intent receipts now include `IntentEdgeMetadata` with `EdgeStatus`, refund transaction hashes, and rail metadata.
* **Same-chain "Swap & Receive" label**: same-chain terminal swap steps are labeled clearly in transaction summaries.
* **Wagmi auto-detection**: the widget detects an active wagmi provider without explicit adapter configuration.
* **Composable action resolver APIs**: the composable-action resolver helpers are now exported for integrator use. See the [Trails docs](/cross-chain).
* **Somnia chain support**: Somnia is supported as a route destination, including `USDC.e` ↔ `USDso` swaps and `SOMI` OFT routes for cross-chain `SOMI` transfers, with refreshed `SOMI` branding in the widget.
* **EVM↔Solana edge support (in QA)**: end-to-end EVM↔Solana intents are merged to master and available in the dev demo, with SVM wallet auto-detection, Solana-standard wallet support, Solana funding and settings rows, Solana-side refund and failure handling, and server-side edge execution via a new edge monitor worker. Targeting a follow-up SDK release once QA completes.
### Updated
* **Hyperlane fee breakdown**: Hyperlane now shows as a Bridge rather than a Swap in the fee breakdown.
* **WETH passthrough**: self-wrap and self-unwrap quote shapes are now supported through passthrough.
* **`lz_stargate` removed**: the deprecated `lz_stargate` route provider has been removed in favor of `LZ_TRANSFER`.
* **`xai` and `blast` chains removed**: both chains are no longer supported by the Trails SDK.
* **Widget input scope tightened**: `from.currency` is restricted to fiat and `from.token` to ERC-20 in the widget.
* **Multi-swap route discovery**: routing now discovers multi-swap routes through intermediary tokens, broadening coverage.
* **`GetEarnPools` chain list**: refreshed list of chains exposed by the earn-pools endpoint.
* **`WaitIntentReceipt` synthesis**: receipts are now synthesized from intent state when no receipt row exists, removing a class of "pending" hangs.
### Fixed
* **Polygon USDT permit**: salt-based EIP-712 domain handling now works correctly for the Polygon USDT permit flow.
* **EVM signer resolution**: quote requests now resolve the EVM signer address when a wallet session is connected but `walletClient` is still null (for example, MetaMask on Polygon before wagmi materializes the client).
* **Embedded wallet approval prompt**: the "Please approve..." prompt is hidden for embedded wallets, including OMS Wallet.
* **Embedded wallet intent recovery**: resolves a recovery hang for embedded wallets on v1 intents.
* **Quote owner resolution**: the connected EVM wallet is always used as the quote owner; the recipient address is never substituted.
* **Quote route provider fee labels**: corrected labels for route provider fees in quote breakdowns.
* **Fund method disabled state**: unlisted fund methods now render as disabled rather than enabled.
* **WalletConnect recovery flow**: the WalletConnect recovery flow now completes without stalling.
* **WalletConnect funding**: WalletConnect funding now redirects to token selection and exposes a disconnect button. WalletConnect wallets are also shown when direct-transfer is hidden from fund methods.
* **Native wallet reconnect on reload**: native wallet sessions now reconnect on page reload.
* **Recovery fee options**: fee options no longer break for WaaS wallets in the recovery flow.
* **v1.5 `depositSignature`**: v1-only fields in `depositSignature` are now guarded for v1.5 compatibility.
* **Credit-card flow placeholder**: fund amount placeholder text fixed in the credit-card flow.
* **SDK edge sends**: the SDK no longer auto-executes intents after an edge deposit; server workers handle execution.
* **Same-chain quote math**: fixed `PriceImpactUSD`, native token normalization, and `EXACT_INPUT` calldata for same-chain quotes.
* **Edge quote timeout**: intents now abort cleanly on edge quote timeout.
* **Fee caps**: exact-input fees are capped to the residual amount, and `CollectorFeeCap` is scoped to `EXACT_OUTPUT` to fix an `EXACT_INPUT` bridge gas regression.
* **Edge worker transaction hashes**: init and refund transaction hashes now persist correctly through worker updates.
* **Token decimals cache**: scoped by chain to prevent cross-chain collisions.
* **Deposit transfer logs**: matching deposit transfer logs are summed instead of taking the first match.
* **Outer approvals**: redundant outer approvals are skipped for SDK-managed `hydrateExecuteAndSweep` multicalls.
* **Multi-swap recipients**: replay of multi-swap intents now preserves the original per-step recipients.
* **Fee collector**: corrected fee-collector validation, tokenlist fallthrough, and receipt-state edge cases.
* **Send-transaction destination context**: corrected propagation of destination context for send-transaction calls.
The OMS public API expands the set of blockchain networks accepted for inbound transfers.
### Updated
* **Inbound blockchain networks**: the `BlockchainInNetwork` enum used by the deposit-address simulation endpoint (`POST /deposit-addresses/{depositAddressId}/simulate`) now accepts `INK` and `SUI` in addition to `BASE`, `ETHEREUM`, and `SOLANA`. Integrators using the deposit-address flow can now simulate inbound USDC, USDT, or USAT transfers from Ink and Sui in sandbox.
Bor v2.7.2 through v2.8.2 ship across the lookback window, alongside heimdall v0.7.1, introducing an opt-in heimdall-to-bor gRPC transport, expanded tracing for state-sync transactions, several new operator flags, and a large set of consensus, miner, and bridge fixes.
### New
* **Heimdall-to-bor gRPC transport (opt-in)**: every bor-facing JSON-RPC now has a gRPC counterpart, selectable per-node via `bor_grpc_flag` in heimdall's `app.toml` against bor's new `[grpc]` config section. The `GetBlockInfoInBatch` call used in the consensus-critical `ExtendVoteHandler` path is around 4.4× faster on gRPC, and the wire path allocates 50 to 67 percent fewer bytes across the seven methods. Defaults are unchanged, and heimdall performs a startup hash-parity check across both transports before continuing.
* **State-sync transaction tracing**: state-sync (bor bridge event) transactions are now first-class in the `debug_*` tracing RPCs, including `debug_traceBlockByNumber`, `debug_traceBlockByHash`, `debug_traceTransaction`, `debug_traceChain`, `debug_traceCall`, `debug_intermediateRoots`, and `debug_standardTraceBlockToFile`. A new wrapped tracing hook collects multiple bridge events under a single synthetic root call frame per state-sync transaction, so `callTracer`-class tracers see one root with N sub-calls instead of N independent traces. The legacy `debug_traceBorBlock` RPC method has been removed; switch any callers to `debug_traceBlockByNumber` or `debug_traceBlockByHash`.
* **`p2p.nosnap` config flag**: decouples the local snapshot tree from serving the `snap/1` p2p sub-protocol. Block producers can keep the flat-state snapshot enabled for fast local reads while declining to serve snap sync to peers, which removes unnecessary network and CPU overhead on validator boxes.
* **`miner.disable-pending-block` flag**: disables the pending-block creation loop in `miner/worker`. RPC queries against the `pending` tag return `nil`. Intended for non-validator and serving nodes that do not need a pending block.
* **Builder-phase prefetch and new metrics**: the builder pipeline now runs three additional, builder-synchronized prefetch phases (upfront plan scan, per-transaction forwarding, and freed-gas overflow), reducing cache-miss costs on contract-heavy blocks. New metrics include `worker/prefetch/builder_added_percent` and `worker/txApplyDuration/{prefetched,notPrefetched}`. Additional block-building timing metrics cover prepare-work duration, pending-transaction fetch time, and the count of header-time extensions.
* **Heimdall planned downtime can nominate a successor**: `MsgSetProducerDowntime` now accepts an optional `target_producer_id` to nominate a specific replacement. If the target is invalid, inactive, or also down for the range, selection falls back to round-robin. Gated on a coordinated hard fork.
* **Heimdall deterministic state syncs**: introduces height-pinned, one-block-delayed visibility for clerk events so that during heimdall halts pending events remain excluded and all validators derive identical query results. Activation is gated on `visibilityTimeHeight`, which is `0` (disabled) on all networks until the next hard fork is scheduled.
* **Heimdall bridge self-healing expanded**: the bridge self-heal loop now recovers `SignerChange` and `UnstakeInit` events in addition to `StakeUpdate`, unified through a single combined subgraph query that returns the max L1 nonce across the three event types. Receipt validation now rejects reverted L1 transactions and logs emitted by unexpected contracts.
* **`prepareProposalBudget` in heimdall**: implements an explicit time budget for proposal preparation in ABCI, bounding the work the proposer can do before block dissemination.
### Updated
* **Witness filestore is now the default**: the filesystem-backed witness storage is now enabled by default in bor's CLI. Existing operators on the database-backed store continue to work; new nodes pick up the filestore without additional flags.
* **Witness configuration template hint**: bor packaging templates now show `[witness]` with `enable = false` instead of the deprecated top-level `witnessprotocol` key, which the current parser no longer consumes. Update any custom configs that still use `witnessprotocol`.
* **`rpc.batchlimit` renamed to `rpc.batch-request-limit`**: bor's templates and example config now use `rpc.batch-request-limit`, matching the runtime parser. The previous `rpc.batchlimit` key was silently ignored, which could leave nodes on the default batch limit of 1000 unintentionally.
* **`cache.triejournaldirectory` is now wired end-to-end**: operators who set this key in `config.toml` now get the configured directory respected. When unset, behavior is unchanged and the journal stays under `/triedb`.
* **Heimdall pruning defaults retuned**: the shipped `config.toml` now defaults `indexer = "null"` (cometbft transaction index disabled), with the pruning `interval` reduced from `3h` to `10m` and `EnforcedMinRetainBlocks` reduced from 2,500,000 to 2,000,000. The effect on a mainnet RPC node is around 23 GB freed at steady state and the elimination of large pruning bursts. Operators who do not use `/tx` or `/tx_search` can also reclaim around 43 GB by removing the existing `tx_index.db` after upgrading.
* **Heimdall bridge metric rename**: the three self-heal Prometheus metrics moved into the `heimdallv2` namespace and follow Prometheus naming conventions. `self_healing__StakeUpdate` is now `heimdallv2_self_healing_stake_events_processed_total`, `self_healing__StateSynced` is now `heimdallv2_self_healing_state_syncs_processed_total`, and `self_healing__NewHeaderBlock` is now `heimdallv2_self_healing_checkpoint_acks_processed_total`. Update any dashboards or alerts that reference the old names.
* **Heimdall bridge performance**: vote-extension processing now pre-fetches L1 receipts in a single batched RPC call, the root-chain listener uses an O(1) topic-to-event map instead of a per-log linear ABI scan, and the clerk mempool check uses the typed CometBFT RPC client.
* **Amoy bootnodes updated**: bor's compiled-in Amoy static peer list now points at the current set of Amoy bootnodes. Operators relying on the embedded list no longer need a manual override.
* **Heimdall mainnet seeds and persistent peers**: refreshed to the current working set, so nodes regenerating their config pick up working peers without manual intervention.
### Fixed
* **Bor recovers from milestone-mismatch forks without manual wipe**: nodes that briefly forked off the canonical chain due to a heimdall startup hiccup or span propagation gap could enter a state where rewinding required canonical-chain blocks that the downloader refused to deliver, requiring an operator to wipe chain data. The mismatch-rewind path now resyncs the canonical segment from peers while still rejecting genuine sidechain ghost-state attacks.
* **Forkid wire-format change reverted**: a change that included polygon-specific forks (Rio, Madhugiri, Dandeli, Lisovo, Giugliano, Chicago, others) in the eth p2p handshake forkid hash was reverted because changing the wire forkid is a breaking peer-to-peer change. Nodes running the changed code could not handshake with older bor peers. A future, coordinated rollout will reintroduce the fix gated on a fork block.
* **`eth_estimateGas` no longer fails on non-validator nodes**: nodes whose configured signer is not in the active validator set previously returned "insufficient funds for transfer" against the `pending` block because `Prepare()` was failing on every block and the pending snapshot was never refreshed. `Prepare()` no longer fails for unauthorized signers; `Seal()` continues to reject blocks from unauthorized signers independently, so no invalid blocks can be produced.
* **Live tracing no longer conflicts with the miner**: bor running with live tracing enabled could call live tracing hooks from the miner path once it reached live, causing problems. The miner now disables the tracer in its `vm.Config` so only block synchronization invokes the tracer.
* **Heimdall checkpoint submission off-by-one fixed**: the bridge stopped submitting checkpoints to L1 after the `indexer = "null"` migration because the new tx-bytes lookup was passing the event's block height instead of the height of the block that contained the checkpoint transaction. The lookup now uses `height - 1`, matching the invariant established by the side-tx post-handler running in the block after the one that included the message.
* **Heimdall producer downtime span off-by-one fixed**: veBlop spans created by `PostHandleSetProducerDowntime` were one block longer than intended (6,401 instead of 6,400), causing overlaps with adjacent spans. Gated behind `producerDowntimeSpanFixHeight` to preserve pre-fork behavior.
* **`(*Header).GetValidatorBytes` no longer panics on short `Extra`**: an exported helper used by indexers, light clients, and explorers panicked with `slice bounds out of range` when passed a header whose `Extra` field was shorter than 97 bytes on pre-Cancun configurations. The pre- and post-Cancun branches now share a single length guard and return `nil` for malformed input.
* **Witness size recovers when filesystem metadata and DB disagree**: if a crash interrupted a witness write between renaming the file on disk and writing the size key to the DB, witness pagination paths could silently fail because `ReadWitnessSize` returned `nil`. The lookup now falls back to `os.Stat` on the witness file when DB metadata is missing.
* **Miner state-machine wedges closed**: four silent stall paths in the producer state machine that could leak the `pendingWorkBlock` or `pendingTasks` map entry on edge cases (peer count zero during production, syncing-check early return, sealhash interrupt, full `resultCh`) are now plugged, with regression tests for each.
* **`SpanStore.PurgeCache` no longer races its own poll loop**: a background poller could write a freshly purged span back into the cache before the next test read, producing intermittent CI flakes. The poll goroutine is now cancelled and waited on before state is reset.
* **Milestone websocket subscriber shuts down cleanly**: the heimdall milestone subscriber outlived `chainDb.Close()` because it was launched with `context.Background()`. It now exits on the bor close channel, eliminating the burst of `pebble: closed` errors during shutdown.
AggLayer migrates the prover stack to SP1 v6, aggkit ships substantial exit-certificate recovery tooling, and operators get more configurable RPC behavior plus a slate of reliability fixes.
### New
* SP1 prover upgraded to v6 with backward-compatible reads of legacy v5 proofs and certificates, improving proof generation and verification performance during the migration window ([#1525](https://github.com/agglayer/agglayer/pull/1525), [#1545](https://github.com/agglayer/agglayer/pull/1545))
* gRPC ingress now rejects certificates carrying non-writable SP1 proof versions with a dedicated `UnsupportedProofVersion` error instead of failing downstream ([#1522](https://github.com/agglayer/agglayer/pull/1522))
* Settlement service gains an auto-retry helper (`retry_callback_until_success`) that recovers from transient RPC errors instead of panicking ([#1476](https://github.com/agglayer/agglayer/pull/1476))
* aggkit exit-certificate tool: Step A is split into A1 (tracing) and A2 (receipt-recovery fallback), addressable individually or together via `--step a1`, `a2`, or `a`, with automatic migration of legacy output files ([#1630](https://github.com/agglayer/aggkit/pull/1630))
* aggkit exit-certificate tool: new `stepAWindowSize` option (default 5000) for independent Step A chunk sizing, and an abort-on-error mode that stops all workers on the first trace failure when `ContinueOnTraceError=false`. Trace errors now surface both the transaction hash and the underlying RPC message ([#1629](https://github.com/agglayer/aggkit/pull/1629))
* aggkit exit-certificate tool: `targetBlock` accepts finality keywords (`LatestBlock`, `FinalizedBlock`), decimal/hex values, and relative offsets like `LatestBlock/-10`. The resolved block is persisted and reused across resumed runs ([#1627](https://github.com/agglayer/aggkit/pull/1627))
* aggkit LET operator tooling: new `craft-cert`, `send-cert --no-db`, `cert-status`, and `export-cert-exits` subcommands, with stronger fallback diagnostics when aggsender bridge-exit data is unavailable ([#1616](https://github.com/agglayer/aggkit/pull/1616), [#1570](https://github.com/agglayer/aggkit/pull/1570))
* aggkit RPC client: new `BatchBlockHeaderRetrieval` option lets operators disable batch header requests and fall back to sequential calls for nodes that do not support batching ([#1601](https://github.com/agglayer/aggkit/pull/1601))
### Updated
* Per-epoch certificate rate limiting is restored: `MAX_CERTIFICATE_PER_EPOCH` and epoch-capacity gating in `NetworkTask` once again enforce one certificate per network per epoch ([#1514](https://github.com/agglayer/agglayer/pull/1514))
* aggsender startup recovery now requires a manual database wipe when local certificate state diverges from AggLayer, replacing the previous automatic reconciliation ([#1570](https://github.com/agglayer/aggkit/pull/1570))
* aggkit docs now document that event logs must be available from genesis and provide reth configuration for disabling receipt pruning to prevent historical sync failures ([#1610](https://github.com/agglayer/aggkit/pull/1610))
### Fixed
* aggkit exit-certificate tool now patches ERC-20 balances correctly for smart-contract-locked exits in Step G, supporting both OpenZeppelin v4 (slot 0) and v5 (namespaced storage) layouts. Resolves `ERC20InsufficientBalance` errors during SC-locked exit processing ([#1622](https://github.com/agglayer/aggkit/pull/1622))
* aggkit Docker images now embed `VERSION`, `GITREV`, and `GITBRANCH` build metadata, so `docker run aggkit version` reports the correct values instead of empty fields ([#1619](https://github.com/agglayer/aggkit/pull/1619), [#1621](https://github.com/agglayer/aggkit/pull/1621))
* aggkit `l2gersync` no longer emits ERROR-level logs for max-block-range responses that are already handled by automatic chunking ([#1607](https://github.com/agglayer/aggkit/pull/1607))
* aggkit `ParseMaxRangeFromError` now recognizes the `query exceeds max block range` RPC error format, so ClaimSyncer retries with chunked requests instead of failing ([#1589](https://github.com/agglayer/aggkit/pull/1589))
* aggkit bridge-call matching now filters debug trace frames to actual `CALL` operations only, ignoring `DELEGATECALL`, `STATICCALL`, `CALLCODE`, and untyped frames ([#1609](https://github.com/agglayer/aggkit/pull/1609))
* Pending certificate validation now uses the correct error type instead of `CertificateCandidateError::UnexpectedHeight` ([#1289](https://github.com/agglayer/agglayer/pull/1289))
Trails ships composable actions, a token-first widget destination flow, auto-refresh for expired quotes, and a wide set of widget and SDK fixes.
### New
* **Composable Actions**: chain multiple destination calls into a single intent, with dynamic balance routing and support for multiple ERC-20 tokens in dynamic-amount slots. Integrators can sequence approvals, swaps, and custom calls inside one quote, with backend validation rejecting ambiguous recipient or passthrough configurations. See the [Trails docs](/cross-chain) for usage.
* **Token-first widget destinations**: widgets now accept token-specific destination lists, letting you configure a fixed set of destination tokens (and chains) that users can pick from. Persisted token selections survive across sessions.
* **Quote auto-refresh**: expired quotes refresh automatically on the next user interaction before signing, so users no longer see an "Intent quote has expired" error in the pre-signing state. Refresh is suppressed once signing has begun.
* **Wallet runtime adapters**: Trails wallet runtimes are now decoupled behind explicit adapters, giving integrators a cleaner extension point for embedding custom wallet stacks.
* **Configuration validation and offline recovery**: intent configuration is now validated up front and cached locally, with pruning of stale entries. This enables offline recovery of in-flight intents.
### Updated
* **Widget lifecycle callbacks renamed**: `onSwapComplete`, `onPaymentComplete`, `onFundingComplete`, and `onWithdrawComplete` are now `onSwapSuccess`, `onPaymentSuccess`, `onFundingSuccess`, and `onWithdrawSuccess` for consistency. Update your widget props to match the new names.
* **WalletConnect**: improved QR rendering, deep-link handling, and loading state in the WalletConnect flow.
* **Quote input**: clearer error states when the input amount or token is invalid.
* **Send flow**: destination chain now defaults to the connected wallet's chain when no destination is specified.
* **Mesh exchange**: mesh exchange queries can now run without a configured `trailsApiUrl`.
* **Receipt step ids**: receipt step ids are now stable across renders, making them safer to use as React keys and analytics identifiers.
* **SDK packaging**: improved compatibility with Node environments and better tree-shaking for smaller bundles. Server-side rendering with Trails actions is now safe.
### Fixed
* Fixed swap funding method selection so the chosen method is preserved across re-renders.
* Fixed the receiver token picker losing account context when switching accounts.
* Fixed chain-switch detection in the widget when users change networks mid-flow.
* Fixed Privy wallet modes incorrectly rendering a ConnectKit button.
* Fixed `useQuote` so `QuoteError` is available as a runtime value rather than a type-only export.
* Fixed missing deposit transaction enrichment in intent history.
* Wrapped errors now propagate via `Error.cause`, preserving the original stack and context for debugging.
* Composable-action quotes now reject a top-level recipient (which is per-call only) and omit the quote recipient in earn mode.
* Guarded against undefined `details` in `UnknownRpcError` checks to prevent spurious crashes.
* Removed a duplicate Pay fallback path that could double-trigger the pay flow.
Agglayer adds gRPC-level SP1 proof version validation; aggkit ships configurable block header batching and fixes RPC range errors and bridge call trace matching.
### New
* gRPC ingress now rejects certificates carrying non-writable SP1 proof versions and returns a structured `UnsupportedProofVersion` error, giving integrators explicit feedback when submitting proofs built with unsupported versions
* `BatchBlockHeaderRetrieval` is now configurable in `[L1NetworkConfig.RPC]` and `[Common.L2RPC]` in aggkit; set to `false` to disable batch RPC requests for endpoints that do not support them (v0.10.0-rc3)
### Fixed
* Node process no longer panics on corrupt certificate rows; storage decode failures now surface as `CodecError::Serialization` instead of unwinding the process
* Pending certificate validation now returns the correct error type; previously reused `CertificateCandidateError::UnexpectedHeight` for a case it was not designed for
* ClaimSyncer now recognizes the "query exceeds max block range" RPC error and automatically retries with smaller block ranges, preventing sync failures on restrictive RPC endpoints (aggkit v0.10.0-rc2, v0.8.3-rc2)
* Bridge and claim sync debug traces now correctly match only `CALL` frames, preventing incorrect calldata extraction from `DELEGATECALL`, `STATICCALL`, or `CALLCODE` frames (aggkit v0.10.0-rc3, v0.8.3-rc3)
aggkit pre-releases add configurable RPC block header batching and improve bridge call trace accuracy; agglayer corrects error type semantics in pending certificate validation.
### New
* Batch block header retrieval is now configurable via `RPCClientConfig` in aggkit, letting operators control how many block headers are fetched per RPC call (v0.10.0-rc3)
### Fixed
* Pending certificate validation in agglayer now returns the correct error type; the code previously reused `CertificateCandidateError::UnexpectedHeight`, which is semantically reserved for epoch-context candidate certificates
* aggkit no longer emits a spurious error log when l2gersync encounters a block range that exceeds the RPC provider limit (v0.10.0-rc3)
* Bridge call matching in debug traces is corrected (aggkit v0.10.0-rc3, v0.8.3-rc3)
* aggkit now parses `query exceeds max block range` responses from RPC providers and retries with a reduced range instead of surfacing an unhandled error (v0.10.0-rc2, v0.8.3-rc2)
Two governance proposals targeting the validator reward schedule and payments revenue distribution were merged this week.
### New
* PIP-86 recalibrates `CHECKPOINT_REWARD` on the L1 `StakeManager` to hold annual POL emission at the 1% target (103,530,000 POL/yr) as Polygon Chain transitions to faster block times. The parameter decreases from 34,695.98 POL to 29,414.92 POL per checkpoint when block time moves to 1.75s (planned May 5), and to 25,212.79 POL per checkpoint at 1.5s (planned May 19). No contract upgrades are required; both changes execute via `updateCheckpointReward()` through the existing `Governance` contract.
* PIP-87 proposes a fixed-cost payments program that gives payment companies predictable, fiat-denominated pricing for blockspace on Polygon. Revenue from the program is converted to stablecoins and distributed to validators and stakers via the existing PIP-65/82/85 framework, with a portion used to buy POL from the market for staker distribution and for the PIP-24 burn.
Bor v2.7.2 stable ships RPC fixes including re-enabling `eth_simulateV1`, with v2.7.3-beta adding private transaction relay improvements and critical fixes for memory growth and security landing on the development branch.
### New
* Added `miner.disable-pending-block` config option to disable the pending block creation loop; when set, all `pending` block RPC queries return nil
### Updated
* RPC gas cap is now bypassed only for internal system transactions; external `eth_call` and simulation requests are subject to the configured gas cap
* Private transaction relay now purges stale transactions more aggressively using per-block-producer error tracking, preventing unbounded in-memory growth under sustained relay load
### Fixed
* `eth_simulateV1` is re-enabled in v2.7.2; a context propagation error in the RPC path was causing the method to return incorrect results
* Fixed exponential memory growth in the pathDB BFS preload path: the node-child enumeration was enqueuing all 16 nibble children regardless of node type, causing the visited map to grow as O(16^depth) and consuming up to 14 GB per goroutine on restart, stalling block import for up to two hours on archive and full nodes
* Go runtime updated to 1.26.2, resolving 6 standard library CVEs in `crypto/tls` and `crypto/x509` including a TLS 1.3 KeyUpdate denial-of-service and several certificate validation bypass issues
Trails API adds gas fee option selection to the intent flow, persists wallet configuration at quote time, and fixes a recovery issue for intents using custom address overrides.
### New
* Intents now support gas fee option selection. Specify fee options at quote time; the API validates the selected option against quoted options before execution, giving integrators explicit control over transaction costs.
* Wallet configuration is now stored at quote time and returned with the quote response, enabling reliable intent recovery and re-execution across sessions.
### Fixed
* Recovery now correctly applies custom address overrides when deriving wallet context, preventing derived-address mismatches for intents configured with non-default addresses.
Trails SDK and widget ship smarter intent protocol defaults, better recipient handling, and improved error recovery.
### New
* The SDK now automatically resolves the best intent protocol version for each transaction. An explicit override, global config, or SDK default is checked in order, with a fallback to the API-provided default when the preferred version isn't supported.
### Updated
* The widget highlights the recipient address when it differs from the sender, making it easier to spot send-to-other flows before confirming.
* Expired quote errors now show a warning icon and offer a clear recovery path so users can retry without restarting the flow.
### Fixed
* Fixed an issue where the recipient address could go stale after switching wallets in the widget.
* Fixed the add-wallet flow in the recipient selector so users can successfully add new recipient addresses.
Bor v2.7.1 stable ships opt-in EVM execution optimizations, database performance improvements, and a goroutine leak fix.
### New
* Added opt-in EVM execution optimization via `--switch-dispatch` CLI flag or `EnableSwitchDispatch` config option, introducing a fixed-size opcode stack and a switch-dispatch fast path for hot opcodes ported from GEVM
### Updated
* Tuned PebbleDB write path (1 MiB `BytesPerSync`, adaptive compaction) and increased PathDB state buffer to 2 GB with intelligent carry-over across flushes, reducing write stalls for archive and full nodes
* Removed legacy `UpdateDeps`/`GetDep` DAG algorithm from BlockSTM, fully replaced by the `DepsBuilder` implementation
### Fixed
* Fixed goroutine leaks in the witness request path that caused unbounded memory growth when peers disconnected during parallel stateless import
aggkit fixes claim syncer startup block selection on empty databases.
### Fixed
* Claim syncer now determines its starting block from the earliest settled reference block (not the latest) when the database is empty on startup, preventing sync errors on fresh starts
Bor v2.7.1-beta ships transaction propagation improvements and an SRC buffer reduction, with additional RPC and monitoring fixes merged to the development branch.
### Updated
* Increased max transaction packet size from 100 KB to 1 MB, improving transaction propagation between peers
* Reduced SRC buffer from 500ms to 100ms, allowing block producers to spend more time on transaction execution
### Fixed
* `bor_getLogs` and `bor_getLatestLogs` now correctly return state-sync logs from blocks produced before the Madhugiri upgrade
* Prometheus `_count` metrics no longer reset to zero on each scrape, restoring correct `rate()`, `increase()`, and latency calculations for node operators
The Polygon Wallet adds private token transfers via Hinkal and Yield vault support in the Earn tab.
### New
* Added end-to-end private send flow via Hinkal, including a dedicated status screen for deposit, withdraw, success, and failure states, and refreshed gas and privacy fee display with up to 4 decimal place precision
* Added Yield vault support to the Earn tab
Agglayer raises the default settlement confirmation count to 12 for safer out-of-the-box deployments.
* Default confirmations for L1 settlement increased from 1 to 12. Deployments that do not set this value explicitly are now safer by default.
Trails API adds a new option to suppress passthrough quotes from intent responses.
* Added `intents.disable_passthrough_quotes` option. When set, the API omits passthrough quotes from intent results, giving integrators tighter control over which quote sources are returned.