{
  "schemaVersion": "1.0",
  "kind": "agent-payment-boundary-review",
  "demonstration": true,
  "securityCertification": false,
  "reviewedAtUtc": "2026-07-10T06:43:22Z",
  "reviewSubject": {
    "name": "Sentinel Recovery Support self-review",
    "ownedByReviewer": true,
    "publicDocuments": [
      "https://terminallylazy.github.io/sentinel-recovery-support/.well-known/sentinel-agent.json",
      "https://terminallylazy.github.io/sentinel-recovery-support/service-payment.json"
    ]
  },
  "scope": {
    "documentsReviewed": 2,
    "codeExecutionPerformed": false,
    "privateSystemsReviewed": false,
    "walletControlTested": false
  },
  "findings": [
    {
      "id": "ABR-001",
      "boundary": "A service request does not move funds",
      "evidence": {
        "documentUrl": "https://terminallylazy.github.io/sentinel-recovery-support/.well-known/sentinel-agent.json",
        "jsonPointer": "/capabilities/1/movesFunds"
      },
      "status": "clear",
      "risk": "Low. The request capability explicitly reports that it does not move funds.",
      "correction": "Keep this boolean adjacent to the request contract and preserve it in future schema versions."
    },
    {
      "id": "ABR-002",
      "boundary": "Payer policy remains the source of payment authority",
      "evidence": {
        "documentUrl": "https://terminallylazy.github.io/sentinel-recovery-support/service-payment.json",
        "jsonPointer": "/authorization/payerAgentMustFollowOwnPolicy"
      },
      "status": "clear",
      "risk": "Low. The contract says its metadata does not replace the payer agent's own delegated policy.",
      "correction": "Retain this rule in every human-readable and machine-readable payment surface."
    },
    {
      "id": "ABR-003",
      "boundary": "Recipient agents cannot use outbound wallet authority",
      "evidence": {
        "documentUrl": "https://terminallylazy.github.io/sentinel-recovery-support/service-payment.json",
        "jsonPointer": "/authorization"
      },
      "status": "clear",
      "risk": "Low. Outbound signing and broadcasting are separately denied to the recipient agent.",
      "correction": "Keep the human-only outbound rule direction-specific instead of using an actor-neutral authorization flag."
    },
    {
      "id": "ABR-004",
      "boundary": "Canonical recipient, chain, and asset contracts are fixed",
      "evidence": {
        "documentUrl": "https://terminallylazy.github.io/sentinel-recovery-support/service-payment.json",
        "jsonPointer": "/verification"
      },
      "status": "clear",
      "risk": "Low. Written email is explicitly unable to change the recipient, chain ID, or supported asset contracts.",
      "correction": "Continue requiring independent verification of the complete tuple immediately before payment."
    },
    {
      "id": "ABR-005",
      "boundary": "Autonomous payment eligibility is scoped to a specific quote",
      "evidence": {
        "documentUrl": "https://terminallylazy.github.io/sentinel-recovery-support/service-payment.json",
        "jsonPointer": "/authorization/autonomousPayment"
      },
      "status": "clear",
      "risk": "Low. Autonomous payment eligibility requires a complete unexpired quote plus the payer policy's approval of the exact quote tuple, and the metadata explicitly expands no authority.",
      "correction": "Keep payment eligibility bound to the complete unexpired quote and the payer's exact policy approval."
    },
    {
      "id": "ABR-006",
      "boundary": "Quote and receipt identities are replay-resistant and idempotent",
      "evidence": {
        "documentUrl": "https://terminallylazy.github.io/sentinel-recovery-support/service-payment.json",
        "jsonPointer": "/reconciliation"
      },
      "status": "clear",
      "risk": "Low. Quote and payment-reference identifiers are unique immutable UUIDs, the payment reference is single-use, and native or ERC-20 receipt identities are unique across quotes before reconciliation.",
      "correction": "Preserve the identifier rules, bind each on-chain receipt identity to at most one quote, and never auto-credit duplicates."
    },
    {
      "id": "ABR-007",
      "boundary": "Payment metadata has machine-verifiable freshness and integrity",
      "evidence": {
        "documentUrl": "https://terminallylazy.github.io/sentinel-recovery-support/service-payment.json",
        "jsonPointer": "/integrity"
      },
      "status": "clear",
      "risk": "Low. The contract publishes its update time, raw-byte SHA-256 sidecar, canonical URL, and immutable source history for independent pinning.",
      "correction": "Regenerate the digest sidecar for every contract change and verify it before relying on cached metadata."
    },
    {
      "id": "ABR-008",
      "boundary": "Receipt verification has an explicit failure-state model",
      "evidence": {
        "documentUrl": "https://terminallylazy.github.io/sentinel-recovery-support/service-payment.json",
        "jsonPointer": "/reconciliation/receiptStates"
      },
      "status": "clear",
      "risk": "Low. Pending, verified, rejected, and manual-review states publish explicit reason codes, while exceptional receipts cannot automatically start work or expand entitlement.",
      "correction": "Keep late, duplicate, partial, excess, reorg, and conflicting evidence on the manual-review path."
    }
  ],
  "maintenanceChecks": [
    "Keep autonomous payment eligibility bound to the complete unexpired quote and the payer's own policy.",
    "Regenerate the raw-byte SHA-256 sidecar whenever the payment contract changes.",
    "Preserve unique on-chain receipt identity, deterministic receipt states, and manual review for duplicate, late, partial, or excess payments."
  ],
  "disclaimer": "This is a public format demonstration performed on Sentinel's own documents. It is not a security certification, legal opinion, wallet audit, or guarantee that an agent or payment implementation is safe."
}
