Skip to content

Sentinel Payment Preflights v0.3.0

Latest

Choose a tag to compare

@TerminallyLazy TerminallyLazy released this 10 Jul 08:17
8f4a458

Sentinel v0.3.0 adds a second deterministic, read-only MCP tool: preflight_x402_v2_payment_required.

The new tool inspects exactly one decoded inline x402 v2 PaymentRequired JSON document under a pinned, closed-world Sentinel safety profile limited to exact, canonical eip155:<chain-id>, and EIP-3009 transfer metadata. It applies nine bounded checks, rejects duplicate JSON keys, evaluates every advertised payment alternative, and never copies supplied payment values into model-visible findings.

This is structural preflight only. It does not decode HTTP headers, fetch requester URLs, evaluate payer policy, request or verify signatures, connect a wallet, submit a payment, settle funds, verify receipts, verify chain or token behavior, prove address ownership, or implement a general x402 client/server. A clear result authorizes no payment.

The existing preflight_agent_payment_boundary tool and two read-only Sentinel service resources remain available.

Artifact verification:

  • MCPB SHA-256: dd3582fbc24d43569ada443df8d2c069ba4be157146d7e17921b558ec07d9757
  • clean-room MCP tests: 45/45
  • source-site tests: 27/27
  • packaged server smoke-tested over stdio with both tools listed
  • npm audit: 0 vulnerabilities