About
Security guardrails for AI agent payments
README
AgentPay Sentinel MCP
A watchdog MCP that validates every agent payment request against all 9 security checks before it executes — catching policy violations, replay attacks, amount tampering, revoked tokens, and budget overruns at call time.
What your agent can do
- Run a pre-flight audit on any payment transaction before executing it — get PASS or BLOCKED with the specific check that failed
- Validate token integrity: confirms the SHA-256 hash matches the expected
merchant_id:amountbinding, catching forged or tampered tokens - Enforce budget caps: rejects transactions where
current_spend + amount > budget_capand returns exact remaining budget - Check merchant allowlist membership and block purchases in restricted categories
- Verify token expiry and rate limits before the payment fires
- Simulate known attack vectors (token forgery, budget overflow, replay, merchant spoof, expiry bypass) and get the specific defense mechanism and detection method for each
Installation
Requires: Python 3.10+, mcp package.
pip install mcp
Claude Desktop — add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"agentpay-sentinel": {
"command": "python",
"args": ["/absolute/path/to/agentpay-sentinel-mcp/server.py"]
}
}
}
Cursor — add to .cursor/mcp.json in your project root:
{
"mcpServers": {
"agentpay-sentinel": {
"command": "python",
"args": ["/absolute/path/to/agentpay-sentinel-mcp/server.py"]
}
}
}
Tool Reference
| Tool | Description | Key params |
|---|---|---|
sentinel_audit_transaction |
Run all 9 security checks; returns PASS/BLOCKED + SHA-256 audit hash | token_hash, merchant_id, amount, current_spend, budget_cap (required) · nonce, token_id, approved_amount (enable checks 7–9) |
sentinel_revoke_token |
Permanently revoke a token — all future audits with this token_id will BLOCK |
token_id, reason |
sentinel_clear_nonce |
Remove a nonce from the replay store (for legitimate refunds/retries only) | nonce |
sentinel_verify_chain |
Verify a sequence of audit hashes forms an unbroken chain | audit_hashes, expected_chain_root |
sentinel_threat_model |
Simulate any named attack vector; returns severity, defence, and detection | attack_vector, context |
All 9 checks run by sentinel_audit_transaction
| # | Check | What it catches | Param |
|---|---|---|---|
| 1 | Token integrity | SHA-256 hash mismatch — forged tokens | token_hash |
| 2 | Budget enforcement | Spend exceeding cap | current_spend, budget_cap |
| 3 | Merchant allowlist | Payment to unlisted merchant | allowlist |
| 4 | Category restriction | Purchase in blocked category | blocked_categories |
| 5 | Expiry check | Expired token | expires_at |
| 6 | Rate limit | Too many calls per minute | calls_this_minute |
| 7 | Amount mismatch | Agent changed amount after human approved | approved_amount |
| 8 | Replay attack | Same nonce used twice (file-backed store) | nonce |
| 9 | Revocation evasion | Agent using a revoked token | token_id |
Checks 7–9 activate when the corresponding param is passed. State persists to ~/.sentinel/.
Attack vectors in sentinel_threat_model
token_forgery · budget_overflow · replay_attack · amount_mismatch · revocation_evasion · merchant_spoof · expiry_bypass
Security
sentinel_audit_transaction returns an advisory verdict — it does not intercept network traffic. Your agent is responsible for calling it before executing a payment and halting on BLOCKED. The audit hash returned is a SHA-256 digest of all check results, giving you a tamper-evident record of each pre-flight decision.
Pricing
| Plan | Price | Included |
|---|---|---|
| Free | $0 | 50 audits/month |
| Pro | $19/month | Unlimited audits + threat model simulations |
License
MIT — AgentPay Labs. Source: github.com/Rumblingb/agentpay-sentinel-mcp
Installing Agentpay Sentinel
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/Rumblingb/agentpay-sentinel-mcpFAQ
Is Agentpay Sentinel MCP free?
Yes, Agentpay Sentinel MCP is free — one-click install via Unyly at no cost.
Does Agentpay Sentinel need an API key?
No, Agentpay Sentinel runs without API keys or environment variables.
Is Agentpay Sentinel hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install Agentpay Sentinel in Claude Desktop, Claude Code or Cursor?
Open Agentpay Sentinel on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
by modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
by xuzexin-hzCompare Agentpay Sentinel with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All ai MCPs
