@kaditang/402sentinel-mcp 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +4 -2
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -113,7 +113,7 @@ const TOOLS = [
|
|
|
113
113
|
},
|
|
114
114
|
{
|
|
115
115
|
name: "firewall",
|
|
116
|
-
description: "Buyer-side payment firewall: should YOUR agent make THIS payment now? Where assess_counterparty vets the seller, this vets the payment instruction in the context of your agent's own history + provenance. Returns allow/hold/block + signals: routing_anomaly (payTo swapped vs the address you usually pay
|
|
116
|
+
description: "Buyer-side payment firewall: should YOUR agent make THIS payment now? Where assess_counterparty vets the seller, this vets the payment instruction in the context of your agent's own history + provenance. Returns allow/hold/block + signals: routing_anomaly (payTo swapped vs the address you usually pay = fraudulent routing), velocity_anomaly (drain), amount_anomaly (overcharge), provenance_flag, counterparty_risk, injection_destination (if the payTo appears in the untrusted page/tool-output you're acting on, the destination was injected — pass it as context.untrusted_text), intent_mismatch (pass context.intended={payto,max_amount} so a mid-flight redirect is caught), new_counterparty_burst, recurring_flagged (poisoned-memory loop). STRONGLY recommended: pass untrusted_text + intended to catch prompt-injection payments. Pass your payer wallet as agent_id. Costs $0.002. Seed history free with firewall_record.",
|
|
117
117
|
inputSchema: {
|
|
118
118
|
type: "object",
|
|
119
119
|
required: ["agent_id", "payment"],
|
|
@@ -135,6 +135,8 @@ const TOOLS = [
|
|
|
135
135
|
source: { type: "string", enum: ["tool_output", "web_content", "user", "unknown"], description: "where the payTo/instruction came from" },
|
|
136
136
|
metadata: { type: "object", description: "x402 description/reason strings (scanned for injection)" },
|
|
137
137
|
expected_payto: { type: "string", description: "known-good address for this resource (optional)" },
|
|
138
|
+
untrusted_text: { type: "string", description: "the page/tool-output content you're acting on — if the payTo appears in it, the destination was injected (hard block)" },
|
|
139
|
+
intended: { type: "object", description: "what you meant to do: { payto, max_amount } — any deviation = mid-flight redirect (hard block)", properties: { payto: { type: "string" }, max_amount: { type: "number" } } },
|
|
138
140
|
},
|
|
139
141
|
},
|
|
140
142
|
policy: {
|
|
@@ -183,7 +185,7 @@ function clientOrNull() {
|
|
|
183
185
|
return new GatewayClient({ chain: "base", privateKey: pk });
|
|
184
186
|
}
|
|
185
187
|
async function main() {
|
|
186
|
-
const server = new Server({ name: "402sentinel", version: "0.
|
|
188
|
+
const server = new Server({ name: "402sentinel", version: "0.4.0" }, { capabilities: { tools: {} } });
|
|
187
189
|
server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
188
190
|
tools: TOOLS.map(({ name, description, inputSchema }) => ({ name, description, inputSchema })),
|
|
189
191
|
}));
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kaditang/402sentinel-mcp",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.0",
|
|
4
4
|
"description": "MCP tools for x402 payment safety — vet the counterparty (risk score, allow/review/block, spending policy) AND vet the payment itself (buyer-side firewall: routing/drain/injection). Thin client for 402sentinel.com.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": { "402sentinel-mcp": "./dist/index.js" },
|