Sentinel Payment Boundary Tools
Read-only MCP preflights and a public quote-request draft tool for agent payment boundaries.
Documentation
Sentinel Recovery Support
Public support and fixed-scope Ethereum evidence-service surface for Sentinel Recovery.
Live site: https://terminallylazy.github.io/sentinel-recovery-support/
Paid services: https://terminallylazy.github.io/sentinel-recovery-support/#services
Agent manifest: https://terminallylazy.github.io/sentinel-recovery-support/.well-known/sentinel-agent.json
The site exposes a human-readable funding page, $49/$99/$199 public-data services, and framework-neutral agent resources. A payer agent may send within its own delegated financial policy, and inbound receipts need no recipient-side human acceptance. Every outbound action from Sentinel's receiving wallet requires human authorization. Sentinel never takes custody, requests private keys or signature material, or promises recovery.
Public resources
/— funding purpose, exact Ethereum Mainnet tuple, terms, and verification links/.well-known/sentinel-agent.json— agent capability and safety manifest/support.json— exact wallet, network, assets, and funding terms/support-intent.json— direction-specific payer and receiving-wallet policy/services.json— fixed-price scope, deliverable, and turnaround catalog/service-request.json— canonical agent input schema, email and public GitHub issue transports, and copyable quote-request template: https://terminallylazy.github.io/sentinel-recovery-support/service-request.json/sample-agent-payment-boundary-review.jsonand.md— inspectable$49self-review demonstration: JSON, Markdown/sample-service-quote.json— complete but expired and explicitly nonpayable quote-shape demonstration/sample-evidence-preview.jsonand.md— inspectable$99format demonstration/service-payment.json— canonical recipient, assets, quote fields, and verification rules/privacy.json— minimal inputs, optional context, retention, and do-not-send rules/agent-guide.md— mandatory agent authority boundaries/impact.json— historical receipt and contribution-funded-work snapshot/llms.txt— short discovery indexmcp/— read-only stdio MCP server with deterministic agent-payment and x402PaymentRequiredpreflights, a local public quote-request draft preparer, and the live service and quote-request resources; install from source or the checksummedv0.4.1GitHub Release, not from the static Pages site
Local MCP preflight and resources
The source checkout is version 0.4.1 and exposes three deterministic read-only
tools:
preflight_agent_payment_boundary— checks one or two inline public documents against 11 fixed payment-authority boundaries, without fetching requester URLs, executing supplied text, submitting a request, or moving fundspreflight_x402_v2_payment_required— checks one decoded inline x402 v2PaymentRequiredJSON document under a pinned, closed-world exact-EVM EIP-3009 Sentinel safety profile, without decoding headers, evaluating payer policy, verifying signatures or receipts, settling, connecting a wallet, or moving fundsprepare_agent_payment_boundary_quote_request— prepares a complete, unsubmitted public GitHub issue draft for the fixed-scope Agent Payment Boundary Review from one or two caller-supplied public HTTPS document URLs without credentials, query strings, fragments, or non-public hosts; it does not fetch or verify those URLs, make a network request, use credentials, submit the issue, authorize payment, or create service entitlement
It also exposes exactly two read-only resources:
sentinel://services/catalogsentinel://services/quote-request-contract
Only resource reads fetch the two hard-coded canonical live JSON contracts. Both preflights run locally on inline content, and the request-draft preparer formats its inputs locally without fetching supplied URLs. All three tools make no network request and cannot submit a request, move funds, authorize payment, request credentials, connect a wallet, or create service entitlement. The requester decides whether to submit the public draft within its own communication authority; a Sentinel human controls issuance of the complete written quote, and any later payment remains controlled by the payer's own policy.
The checksummed v0.4.1 MCPB and its SHA-256 sidecar are published on the
GitHub Release.
The official MCP Registry lists version 0.4.1 as active and latest under
io.github.TerminallyLazy/sentinel-recovery-services; verify the exact
Registry record
before relying on availability.
Install and verify it from the repository root:
npm ci --prefix mcp --ignore-scripts
npm test --prefix mcp
npm audit --prefix mcp --audit-level=high
npm run pack:check --prefix mcp
Configure an MCP client to launch the source checkout over stdio, replacing the path with the absolute path on that machine:
{
"mcpServers": {
"sentinel-recovery-services": {
"command": "node",
"args": ["/absolute/path/to/sentinel-recovery-support/mcp/server.mjs"]
}
}
}
Direct launch uses node mcp/server.mjs. Do not configure the GitHub Pages URL
as an MCP endpoint: the static site does not implement Streamable HTTP. The npm
package is not published yet, so no npx installation is advertised.
Human-approved service quotes
The quote path is deliberately local and human-triggered. The
scripts/prepare-service-quote.mjs helper accepts public-only request JSON, but
only runs after the operator supplies SENTINEL_HUMAN_APPROVAL=APPROVE. It
creates a mode-0600 local artifact for human review. It does not issue or
publish the quote, comment on an issue, request payment, or expand a payer
agent's authority. There is intentionally no public GitHub Actions quote
workflow because a live payable quote ID and payment reference should not be
exposed as a public-repository artifact.
Prepare a live local quote and append its exact digest to a local approval registry (keep both paths outside the repository):
mkdir -p "$HOME/.local/state/sentinel-recovery"
chmod 700 "$HOME/.local/state/sentinel-recovery"
SENTINEL_HUMAN_APPROVAL=APPROVE \
SENTINEL_REQUEST_JSON="$(jq -c . /absolute/path/request.json)" \
SENTINEL_ASSET=USDC \
SENTINEL_VALIDITY_DAYS=7 \
SENTINEL_QUOTE_OUTPUT="$HOME/.local/state/sentinel-recovery/approved-quote.json" \
SENTINEL_QUOTE_REGISTRY="$HOME/.local/state/sentinel-recovery/approved-quotes.jsonl" \
npm run quote:prepare
The same deterministic formatter can run locally with operator-supplied UUID v4 identifiers and timestamps:
node scripts/create-service-quote.mjs \
--request /absolute/path/request.json \
--asset USDC \
--quote-id 11111111-1111-4111-8111-111111111111 \
--payment-reference 22222222-2222-4222-8222-222222222222 \
--issued-at 2026-07-10T20:00:00.000Z \
--expires-at 2026-07-17T20:00:00.000Z
Paid quotes support canonical USDC and canonical USDT only; their base-unit amounts are derived from the fixed integer USD catalog price. ETH remains a voluntary-support asset, not a quoted USD-denominated service asset. The raw formatter emits a nonpayable draft to standard output so a human can inspect it. Only the approval-gated local preparer emits a payable quote and records its digest in the operator's approved-quote registry.
After the requester returns a transaction hash, the read-only receipt checker
can compare the confirmed canonical ERC-20 Transfer log to the exact approved
quote tuple and reconcile it against an append-only local receipt ledger:
node scripts/verify-service-receipt.mjs \
--quote /absolute/path/approved-quote.json \
--quote-registry "$HOME/.local/state/sentinel-recovery/approved-quotes.jsonl" \
--receipt-ledger "$HOME/.local/state/sentinel-recovery/service-receipts.jsonl" \
--transaction-hash 0x... \
--rpc-url "$SENTINEL_ETH_RPC_URL" \
--confirmations 12
Use a trusted HTTPS Ethereum Mainnet JSON-RPC endpoint and keep credentialed RPC
URLs out of issues, logs, and quote artifacts. The checker does not sign,
broadcast, spend, or move funds; it requests no keys, signatures, or wallet
connection. The local ledger makes repeated checks idempotent and routes a
receipt reused across quotes to manual review instead of crediting it twice.
The complete manual operator checklist is in
docs/service-operations.md.
Local development
npm ci
npm run dev
To inspect the exact GitHub Pages artifact at its production base path:
npm run preview:pages
Validation
npm test
npm run lint
npm audit --audit-level=high
npm run export:pages