The agent holds its own P2P, picks any node on Sentinel's decentralized network, and pays it directly per gigabyte — private, end to end on-chain.
Want zero prerequisites instead — just pay USDC and let an operator provision you? That’s the managed path at x402.sentinel.co. This site is the self-funded one.
Only exception: Fedora — its SELinux blocks VPNs and can’t be worked around. macOS, Ubuntu and other mainstream Linux are fine.
Sentinel is one decentralized VPN network. There are two ways an AI agent can get onto it. This site is about the autonomous one: maximum sovereignty, the agent pays nodes directly. The managed one lives at x402.sentinel.co, where an operator provisions you for USDC with zero prerequisites. Pick by how much you want to hold yourself.
The agent holds its own P2P, queries the on-chain node registry, and pays a node directly at its posted per-GB rate. It settles straight with the node, with no operator or subscription in the loop.
The agent makes one paid HTTP request over the x402 protocol. An operator settles the USDC on Base, adds the agent to a subscription plan, and grants a gas allowance. The agent connects with one command — no P2P, no gas, no chain ops. The tunnel is still direct.
POST /vpn/connect/30daysThe autonomous flow only makes sense once you understand what it’s talking to. Sentinel is not a company’s VPN with servers you trust. It’s an open network of independent node operators, coordinated entirely on-chain. There is no central server to subpoena, no account to ban, no API key to revoke.
Anyone can run a node and earn for the bandwidth they serve. Nodes register themselves on the Sentinel blockchain; the registry is the chain, protected by consensus, not a directory some operator controls. The agent reads that registry directly to discover and choose nodes.
On-chain registryP2P (denom udvpn, where 1 P2P = 1,000,000 udvpn) is what everything runs on: it pays for bandwidth, pays gas for chain transactions, and is staked to secure the network and vote in governance. In the autonomous flow the agent holds P2P and spends it directly, with no fiat rail and no operator in between.
Each node posts both a per-gigabyte and a per-hour rate on-chain. The autonomous agent pays one of them directly, for exactly what it uses — per-GB by default — with no plan, no tier, no minimum commitment. Bandwidth revenue splits 80% to the node host / 20% to stakers, so the people serving traffic are the ones earning from it.
Direct to nodeThe protocol floor is 100 udvpn/GB. In practice the live network median is ~40 P2P/GB, and the cheapest nodes run ~2 P2P/GB. Our verified test paid 40.19 P2P for a 1 GB session, right at the median. Auto-select balances price against speed and uptime, not price alone, so it won’t always pick the cheapest node; an agent that wants the floor can sort by price and choose it explicitly. Prices move with the market; treat these as live figures, not a quote.
The agent probes the node directly over HTTPS, opens an on-chain MsgStartSession (paying its own gas), and the node confirms. Then the agent and node complete a WireGuard or V2Ray handshake and the encrypted tunnel comes up. No intermediary touches the payment, the session, or the traffic at any step.
WireGuard (~30% of nodes, faster) captures all system traffic — transparent, full-route, needs admin once. V2Ray (~70% of nodes, zero-admin) is a SOCKS5 proxy — it can encrypt the whole device (systemProxy: true) or just the requests you route through vpn.socksPort. The agent picks per node; both are end-to-end encrypted between agent and node.
Everything the agent does, it does itself. It holds its own keys, picks its own node, pays that node directly, and handshakes peer-to-peer. Nothing is provisioned for it and no fee grant stands behind it. One call on every OS — connect() from blue-js-sdk/ai-path runs the V2Ray tunnel the same way on Windows, macOS and Linux (the binary auto-downloads for each). The native sentinel-dvpncli is only the alternative for WireGuard nodes or Node-less environments.
A representative run: a test agent ran this end-to-end with no operator in the loop. It picked a US node (Seattle), opened on-chain session 45943402, paid 40.19 P2P for a 1 GB V2Ray session, and the SDK confirmed the exit IP 192.3.53.166 through the tunnel in about 35 s. Session ID, node, exit IP, and timing vary run to run; that 40 P2P is right at the live network median, with the cheapest nodes around ~2 P2P/GB.
The agent creates a Sentinel wallet and holds the mnemonic itself, so the keys never leave the agent. createWallet() from blue-js-sdk/ai-path returns { address, mnemonic }. A fresh wallet starts empty, so the agent funds it with P2P first: buy P2P on an exchange that lists it (e.g. MEXC) and withdraw to the new address, or bridge in. From then on it pays its own gas, bundled into the session transaction, from that balance.
The agent reads the live node registry and picks by country, speed, and price — or passes country and lets the SDK auto-select the best one. Every node posts its own per-gigabyte rate (median ~40 P2P/GB, from ~2 P2P on the cheapest) and a per-hour rate; the agent pays the per-GB rate by default — no plan, no tier.
The agent starts the session, pays the node in P2P at its posted rate, then handshakes directly over WireGuard (full system route) or V2Ray (zero-admin SOCKS5 proxy). No middleman in the payment or the tunnel. connect() registers cleanup handlers, so a crashed process never strands the tunnel. disconnect() is soft: it tears down the local tunnel but leaves the on-chain session and any unused gigabytes claimable, so the agent can reconnect without paying again.
One import, one call. The agent holds its own keys, pays the node directly, and the SDK verifies the exit IP through the tunnel. This is the exact surface that ran the verified mainnet session above — connect, disconnect, getBalance from blue-js-sdk/ai-path.
npm install blue-js-sdkimport { connect, disconnect, getBalance } from 'blue-js-sdk/ai-path';
// Agent already holds P2P in its own Sentinel wallet.
// getBalance → { address, udvpn, p2p, sufficient }
const bal = await getBalance(process.env.SENTINEL_MNEMONIC);
// Pick any Sentinel node and pay it directly in P2P.
// protocol: 'v2ray' = zero admin on Windows; the binary auto-downloads (~70% of nodes).
// Omit country to let the SDK pick the best node anywhere; pass nodeAddress to pin one.
const vpn = await connect({
mnemonic: process.env.SENTINEL_MNEMONIC, // agent holds its own keys
country: 'US', // optional — or { nodeAddress: 'sentnode1...' }
protocol: 'v2ray', // 'v2ray' (zero admin) or 'wireguard' (full route, admin once)
gigabytes: 1, // default 1 — pay per-GB; or { preferHourly: true, hours: 24 }
});
// vpn → {
// sessionId: '45943402', // on-chain session, paid by the agent
// protocol: 'v2ray',
// nodeAddress: 'sentnode1zjecy...',
// ip: '192.3.53.166', // exit IP, verified THROUGH the tunnel by the SDK
// socksPort: 11375, // dynamic — always read this from the result, never hardcode
// }
// ...do work over the tunnel...
await disconnect(); // soft: session preserved on-chain, unused GB stays availableprotocol: 'v2ray' runs a SOCKS5 proxy on vpn.socksPort. It can encrypt the entire device or only the requests you choose. Pick one:
systemProxy: true to connect(). The SDK sets the system proxy (Windows registry / macOS networksetup / Linux gsettings) and all traffic routes through the node. The original proxy is restored on disconnect().systemProxy and send only the requests you choose through vpn.socksPort. Other traffic (chain, RPC) stays direct and fast. Use socks5h:// (not socks5://) so DNS resolves at the exit node, preventing a DNS leak.protocol: 'wireguard' for a kernel-level full tunnel (admin once on Windows).Two facts that catch agents: (1) For per-request routing, Node's native fetch() ignores SOCKS5 agents and exits on the real IP — use axios with SocksProxyAgent and adapter: 'http'. (2) socksPort is dynamic — read it from the connect() result, never hardcode it. vpn.ip is the exit IP, already verified through the tunnel by the SDK.
// Whole device — all traffic routes through the node, restored on disconnect():
const vpn = await connect({ mnemonic, country: 'US', protocol: 'v2ray', systemProxy: true });
// Per-request — route one call through the proxy. Use axios; native fetch() ignores SOCKS5.
import { SocksProxyAgent } from 'socks-proxy-agent';
import axios from 'axios';
const proxy = new SocksProxyAgent(`socks5h://127.0.0.1:${vpn.socksPort}`);
const res = await axios.get('https://api.ipify.org', {
httpAgent: proxy, httpsAgent: proxy, adapter: 'http',
}); // res.data === vpn.ipVerified live (Windows). Split tunnel was tested end-to-end on a US V2Ray node (session 45984926): the axios+SocksProxyAgent request returned the exit IP 45.38.249.7 while a plain fetch() on the same machine still returned the host IP 67.169.16.153 — only the routed request changed IP, and the native fetch() footgun is real.
// The agent controls the full lifecycle:
//
// 1. Wallet: Agent creates & holds its Sentinel keys (mnemonic)
// 2. Tokens: Agent holds P2P in its own wallet
// 3. Gas: Agent pays its own Sentinel gas (bundled into the session TX)
// 4. Node: Agent queries nodes, picks by country / speed / price
// 5. Session: Agent starts & ends sessions, paying the node at its
// posted per-GB rate — ~40 P2P buys 1 GB at the live
// median (cheapest nodes ~2 P2P/GB)
// 6. Tunnel: Agent handshakes directly with the node (WireGuard / V2Ray)
//
// connect() registers cleanup handlers automatically — on crash or exit it
// tears the tunnel down so a dropped process never strands your connection.
//
// The agent settles directly with the node. Ships in blue-js-sdk today.The chain payment — node selection, the per-GB payment, MsgStartSession — is identical on every platform, and so is the V2Ray JS connect() path. The same call below runs on Windows, macOS and Linux: connect({ protocol: 'v2ray' }) auto-downloads the v2ray binary for each OS (the SDK ships SHA256-verified binaries for win32, darwin x64/arm64 and linux x64/arm64). The native CLI is only an alternative for WireGuard nodes or Node-less environments.
// protocol: 'v2ray' = zero admin, zero manual install on Windows, macOS AND Linux.
// connect() auto-downloads the v2ray binary to ~/.sentinel-sdk/bin on first use
// (no admin) for whichever OS you're on, covering ~70% of nodes. This exact call
// works as-is on all three. setup() is optional — it just pre-fetches the binary.
const vpn = await connect({ mnemonic, country: 'US', protocol: 'v2ray', gigabytes: 1 });
// Whole device? Add systemProxy: true — the SDK sets the OS proxy (Windows registry /
// macOS networksetup / Linux gsettings). On headless or non-GNOME Linux that step is a
// no-op, but per-request socksPort routing still works there.
// WireGuard nodes (the other ~30%, faster) need admin ONCE on Windows for the MSI install
// + tunnel service. The SDK checks for admin BEFORE payment and refuses a WireGuard node
// when not elevated — so no P2P is ever wasted. Can't elevate? Stay on v2ray.// Not required for V2Ray (the JS connect() above covers that on every OS). Use this
// only for WireGuard nodes or Node-less environments. The CLI does NOT bundle a tunnel:
// it shells out to wg-quick for WireGuard nodes, so install wireguard-tools first
// (apt / brew / pacman). Needs Go 1.24+ to build.
// CLI: https://github.com/sentinel-official/sentinel-dvpncli
go install github.com/sentinel-official/sentinel-dvpncli@latest
// 1. Import the agent's wallet (keys add is interactive: line 1 = mnemonic,
// blank line 2 = default empty passphrase).
printf '%s\n\n' "$AGENT_MNEMONIC" | sentinel-dvpncli keys add agent --keyring.backend test
// 2. Start a session against the node the agent picked, paying P2P directly.
sentinel-dvpncli tx session-start "$NODE_ADDRESS" \
--tx.from-name agent --keyring.backend test \
--rpc.chain-id sentinelhub-2 --output-format json
// 3. Bring the tunnel up (WireGuard may need sudo to create the interface).
sentinel-dvpncli connect "$SESSION_ID"
// → tunnel up. Tear down with: sentinel-dvpncli tx session-cancel "$SESSION_ID"
// Only exception across all platforms: Fedora (SELinux blocks VPN interfaces).The autonomous flow removes the operator entirely. There is no one to trust with provisioning, no one holding a fee grant, no one in the payment path. The only parties are the agent and the node it chose, and even the node never sees the agent’s keys.
The agent generates and holds its own Sentinel mnemonic. It signs MsgStartSession locally. No operator, no server, and no node ever receives the private key.
The WireGuard / V2Ray handshake is direct between the agent and the node it picked. Nothing sits in the middle of the tunnel. There is no middleman to see traffic, encryption keys, or destinations.
Unlike the managed path, nothing is provisioned for the agent. It pays its own gas and pays the node directly in P2P. There is no third party who could revoke, throttle, or de-anonymize it.
Per-GB, directly to the node, settled on-chain. No subscription to leak identity, no recurring billing relationship, no account. The session is the only record, and it’s pseudonymous on-chain.
The node registry is the Sentinel blockchain, protected by consensus, not a directory any company controls. There is no central server to compromise, subpoena, or shut down.
The agent never registers, never gives an email, never passes KYC. The chain sees a pseudonymous address and a session; the node sees encrypted traffic. That’s all there is.