@kaditang/402sentinel-mcp 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -1
- package/dist/index.js +67 -1
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -7,12 +7,16 @@ decision, scored from on-chain settlement behaviour on Base (address age,
|
|
|
7
7
|
facilitator-aware payer diversity, settlement maturity) + a delivery-outcome
|
|
8
8
|
flywheel, with honest confidence/coverage.
|
|
9
9
|
|
|
10
|
-
Tools
|
|
10
|
+
Tools — vet the **seller**:
|
|
11
11
|
- `assess_counterparty` ($0.002) — risk score + decision + a ready-to-apply `recommended_policy`
|
|
12
12
|
- `assess_counterparty_deep` ($0.02) — same, scans more on-chain history
|
|
13
13
|
- `recommend_policy` ($0.002) — decision + wallet-ready spending policy (caps, denylist, approval)
|
|
14
14
|
- `report_outcome` (free) — after paying, report delivery to train the reliability flywheel
|
|
15
15
|
|
|
16
|
+
Tools — vet the **payment itself** (buyer-side):
|
|
17
|
+
- `firewall` ($0.002) — should YOUR agent make THIS payment now? Catches fraudulent routing (payTo swapped vs the address you usually pay), drain velocity, overcharge, and injection-sourced instructions. Pass your payer wallet as `agent_id`.
|
|
18
|
+
- `firewall_record` (free) — seed your agent's payment history so the firewall has a behavioural baseline.
|
|
19
|
+
|
|
16
20
|
It's a thin client for the hosted service at **https://402sentinel.com** — the
|
|
17
21
|
scoring model and facilitator-identification logic live server-side (closed); this
|
|
18
22
|
package only forwards the request and pays for it, so it's open source.
|
package/dist/index.js
CHANGED
|
@@ -111,6 +111,72 @@ const TOOLS = [
|
|
|
111
111
|
endpoint: "/api/report_outcome",
|
|
112
112
|
paid: false,
|
|
113
113
|
},
|
|
114
|
+
{
|
|
115
|
+
name: "firewall",
|
|
116
|
+
description: "Buyer-side payment firewall: should YOUR agent make THIS payment now? Where assess_counterparty vets the seller, this vets the payment instruction in the context of your agent's own history + provenance. Returns allow/hold/block + signals: routing_anomaly (payTo swapped vs the address you usually pay = fraudulent routing), velocity_anomaly (drain), amount_anomaly (overcharge), provenance_flag, counterparty_risk, injection_destination (if the payTo appears in the untrusted page/tool-output you're acting on, the destination was injected — pass it as context.untrusted_text), intent_mismatch (pass context.intended={payto,max_amount} so a mid-flight redirect is caught), new_counterparty_burst, recurring_flagged (poisoned-memory loop). STRONGLY recommended: pass untrusted_text + intended to catch prompt-injection payments. Pass your payer wallet as agent_id. Costs $0.002. Seed history free with firewall_record.",
|
|
117
|
+
inputSchema: {
|
|
118
|
+
type: "object",
|
|
119
|
+
required: ["agent_id", "payment"],
|
|
120
|
+
properties: {
|
|
121
|
+
agent_id: { type: "string", description: "stable id for your agent — use your payer wallet address" },
|
|
122
|
+
payment: {
|
|
123
|
+
type: "object",
|
|
124
|
+
required: ["payto_address"],
|
|
125
|
+
properties: {
|
|
126
|
+
payto_address: { type: "string", description: "address you're about to pay" },
|
|
127
|
+
amount: { type: "number" },
|
|
128
|
+
asset: { type: "string", description: "e.g. USDC" },
|
|
129
|
+
resource_url: { type: "string", description: "what you're paying for" },
|
|
130
|
+
},
|
|
131
|
+
},
|
|
132
|
+
context: {
|
|
133
|
+
type: "object",
|
|
134
|
+
properties: {
|
|
135
|
+
source: { type: "string", enum: ["tool_output", "web_content", "user", "unknown"], description: "where the payTo/instruction came from" },
|
|
136
|
+
metadata: { type: "object", description: "x402 description/reason strings (scanned for injection)" },
|
|
137
|
+
expected_payto: { type: "string", description: "known-good address for this resource (optional)" },
|
|
138
|
+
untrusted_text: { type: "string", description: "the page/tool-output content you're acting on — if the payTo appears in it, the destination was injected (hard block)" },
|
|
139
|
+
intended: { type: "object", description: "what you meant to do: { payto, max_amount } — any deviation = mid-flight redirect (hard block)", properties: { payto: { type: "string" }, max_amount: { type: "number" } } },
|
|
140
|
+
},
|
|
141
|
+
},
|
|
142
|
+
policy: {
|
|
143
|
+
type: "object",
|
|
144
|
+
properties: {
|
|
145
|
+
max_payment_usdc: { type: "number" },
|
|
146
|
+
velocity_window_min: { type: "number" },
|
|
147
|
+
velocity_cap_usdc: { type: "number" },
|
|
148
|
+
check_counterparty: { type: "boolean" },
|
|
149
|
+
block_on: { type: "array", items: { type: "string" } },
|
|
150
|
+
},
|
|
151
|
+
},
|
|
152
|
+
},
|
|
153
|
+
},
|
|
154
|
+
endpoint: "/api/firewall",
|
|
155
|
+
paid: true,
|
|
156
|
+
},
|
|
157
|
+
{
|
|
158
|
+
name: "firewall_record",
|
|
159
|
+
description: "FREE. Seed your agent's payment history so the firewall has a behavioural baseline (record past/known-good payments). Pass your payer wallet as agent_id.",
|
|
160
|
+
inputSchema: {
|
|
161
|
+
type: "object",
|
|
162
|
+
required: ["agent_id", "payment"],
|
|
163
|
+
properties: {
|
|
164
|
+
agent_id: { type: "string", description: "use your payer wallet address" },
|
|
165
|
+
payment: {
|
|
166
|
+
type: "object",
|
|
167
|
+
required: ["payto_address"],
|
|
168
|
+
properties: {
|
|
169
|
+
payto_address: { type: "string" },
|
|
170
|
+
amount: { type: "number" },
|
|
171
|
+
asset: { type: "string" },
|
|
172
|
+
resource_url: { type: "string" },
|
|
173
|
+
},
|
|
174
|
+
},
|
|
175
|
+
},
|
|
176
|
+
},
|
|
177
|
+
endpoint: "/api/firewall/record",
|
|
178
|
+
paid: false,
|
|
179
|
+
},
|
|
114
180
|
];
|
|
115
181
|
function clientOrNull() {
|
|
116
182
|
if (!RAW_PK || RAW_PK.startsWith("0xYour"))
|
|
@@ -119,7 +185,7 @@ function clientOrNull() {
|
|
|
119
185
|
return new GatewayClient({ chain: "base", privateKey: pk });
|
|
120
186
|
}
|
|
121
187
|
async function main() {
|
|
122
|
-
const server = new Server({ name: "402sentinel", version: "0.
|
|
188
|
+
const server = new Server({ name: "402sentinel", version: "0.4.0" }, { capabilities: { tools: {} } });
|
|
123
189
|
server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
124
190
|
tools: TOOLS.map(({ name, description, inputSchema }) => ({ name, description, inputSchema })),
|
|
125
191
|
}));
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kaditang/402sentinel-mcp",
|
|
3
|
-
"version": "0.
|
|
4
|
-
"description": "MCP tools
|
|
3
|
+
"version": "0.4.0",
|
|
4
|
+
"description": "MCP tools for x402 payment safety — vet the counterparty (risk score, allow/review/block, spending policy) AND vet the payment itself (buyer-side firewall: routing/drain/injection). Thin client for 402sentinel.com.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": { "402sentinel-mcp": "./dist/index.js" },
|
|
7
7
|
"main": "dist/index.js",
|