Sentinel v0.3.0 adds a second deterministic, read-only MCP tool: preflight_x402_v2_payment_required.
The new tool inspects exactly one decoded inline x402 v2 PaymentRequired JSON document under a pinned, closed-world Sentinel safety profile limited to exact, canonical eip155:<chain-id>, and EIP-3009 transfer metadata. It applies nine bounded checks, rejects duplicate JSON keys, evaluates every advertised payment alternative, and never copies supplied payment values into model-visible findings.
This is structural preflight only. It does not decode HTTP headers, fetch requester URLs, evaluate payer policy, request or verify signatures, connect a wallet, submit a payment, settle funds, verify receipts, verify chain or token behavior, prove address ownership, or implement a general x402 client/server. A clear result authorizes no payment.
The existing preflight_agent_payment_boundary tool and two read-only Sentinel service resources remain available.
Artifact verification:
- MCPB SHA-256:
dd3582fbc24d43569ada443df8d2c069ba4be157146d7e17921b558ec07d9757 - clean-room MCP tests: 45/45
- source-site tests: 27/27
- packaged server smoke-tested over stdio with both tools listed
- npm audit: 0 vulnerabilities