Admin Dashboard
See everything. Control everything.
14 pages. Zero config files. Everything from the browser.
No AI decides what's allowed — your CEL policies do.
MCP proxy with CEL policies — single binary, full control.
Single binary · Zero config · Full audit trail
Benchmarked p50/p99 on M4 Pro · full interceptor chain · go test -bench
SentinelGate sits between AI agents and upstream MCP servers. Every action passes through a deterministic policy engine before reaching anything.
Aggregates multiple upstream MCP servers into a single endpoint. Hot-pluggable — add or remove upstreams without restart. Connected clients are notified automatically.
CEL-powered deterministic enforcement. deny delete_* means denied. Always. No probabilistic filtering, no drift. Same engine as Kubernetes and Envoy.
Content scanning, outbound control, response scanning for prompt injection, and tool drift detection with quarantine. Defense in depth without runtime hacks.
Watch the 13-step interceptor chain evaluate tool calls in real time. Allowed actions reach the upstream. Denied actions are blocked at the gate.
Built for security teams and developers who need deterministic control over AI agent actions.
Aggregates multiple upstream MCP servers. Per-tool policies. Single endpoint for your agent. Hot-pluggable upstreams.
Common Expression Language — the same engine behind Kubernetes, Firebase, and Envoy. 34 variables, 13 custom functions. Simple patterns for simple rules. CEL for the rest.
Safe Coding, Read Only, Research, Full Lockdown, Audit Only, Data Protection, Anti-Exfiltration. One click to apply.
Every action logged with identity, decision, timestamp, and arguments. Live SSE stream, filters, CSV export.
14-page browser interface. Policy editor, test playground, security settings, audit viewer, session replay. No config files.
API keys, roles, per-identity policies. Each agent session gets isolated credentials and separate audit trails.
Per-identity limits: max calls, writes, deletes per session. Rate limiting per minute. Deny or warn when reached.
5 types: redact, truncate, inject, dry_run, mask. Applied to responses before they reach the agent. Test in built-in sandbox.
Record every tool call with full request/response payloads. Timeline replay in the UI, JSON/CSV export, configurable retention, privacy mode.
CEL functions using session history: call counts, write counts, action sequences, time windows. Detect read-then-exfiltrate patterns.
11 input patterns, 11 output patterns. Detect PII, secrets, and credentials in payloads. Monitor or enforce mode. Response scanning for prompt injection.
Baseline snapshots of tool definitions. Alert on unexpected changes. Quarantine suspicious tools until resolved.
30 built-in attack patterns across 6 categories. Tool misuse, argument manipulation, prompt injection, permission escalation, multi-step attacks. One-click CEL remediation.
14 pages. Zero config files. Everything from the browser.
Simple tool patterns for common cases. CEL expressions when you need full power. Same engine as Kubernetes, Firebase, and Envoy.
# Tool pattern — matches all delete tools
tool_match: "delete_*"
action: "deny"
# CEL — block by content
action_arg_contains(arguments, "secret")# Only admins can run shell commands
action_name == "bash"
&& !("admin" in identity_roles)
# Block outbound to exfiltration services
dest_domain_matches(dest_domain, "*.ngrok.io")# Deny send after read (anti-exfiltration)
session_sequence(session_action_history, "read_file", action_name)
# Rate-limit within session window
session_count_window(session_action_history, "write_file", 60) > 10AI agents are coming under regulation. If you deploy AI in the EU, handle healthcare data, or need to prove how your agents operate — you need auditable access control with verifiable evidence.
SentinelGate maps directly to regulatory requirements. Cryptographic evidence, audit trails, and human oversight — built in, not bolted on.
Articles 13–15: transparency, human oversight, accuracy, robustness & cybersecurity. Full coverage map with evidence checks and exportable compliance bundles.
Access control, monitoring, change management, risk mitigation. Signed evidence bundles mapped to CC6, CC7, CC8, CC9 controls.
AI management system standard. Risk assessment, operational control, monitoring, and human oversight. Clause-level coverage mapping.
Access control, audit logging, data integrity, authentication, transmission security. Section-level evidence mapping to §164.312.
Every decision signed with ECDSA P-256 and hash-chained. Tamper-proof audit receipts you can verify independently.
Install, configure, connect. Your agents are protected in minutes.
Single binary, zero dependencies. Install with one command, start with another.
# Install (macOS / Linux)
$ curl -sSfL https://raw.githubusercontent.com/Sentinel-Gate/Sentinelgate/main/install.sh | sh
# Install (Windows PowerShell)
> irm https://raw.githubusercontent.com/Sentinel-Gate/Sentinelgate/main/install.ps1 | iex
# Install (Windows CMD)
> powershell -Command "irm https://raw.githubusercontent.com/Sentinel-Gate/Sentinelgate/main/install.ps1 | iex"
# Start the server
$ sentinel-gate start
Admin UI: http://localhost:8080/admin
MCP proxy: http://localhost:8080/mcpAlso available via Docker and manual download — see all install options
Add upstream MCP servers, create identities and API keys, set policies or apply templates. Everything from the browser.
Configure SentinelGate as an MCP server in your agent's settings. Every agent connects the same way.
$ claude mcp add --transport http sentinelgate \
http://localhost:8080/mcp \
--header "Authorization: Bearer <your-api-key>"$ gemini mcp add --transport http -s user \
--header "Authorization: Bearer <your-api-key>" \
sentinelgate http://localhost:8080/mcp# Add SentinelGate as MCP server
$ export SG_KEY="<your-api-key>"
$ codex mcp add sentinelgate \
--url http://localhost:8080/mcp \
--bearer-token-env-var SG_KEY
# NOTE: Codex does NOT persist the API key.
# The env var must be set each session.
# To make permanent: echo 'export SG_KEY="..."' >> ~/.zshrc{
"mcpServers": {
"sentinelgate": {
"type": "http",
"url": "http://localhost:8080/mcp",
"headers": {
"Authorization": "Bearer <your-api-key>"
}
}
}
}import httpx
from mcp import ClientSession
from mcp.client.streamable_http import streamable_http_client
http_client = httpx.AsyncClient(
headers={"Authorization": "Bearer <your-api-key>"}
)
async with streamable_http_client(
"http://localhost:8080/mcp", http_client=http_client
) as (read, write, _):
async with ClientSession(read, write) as session:
await session.initialize()
tools = await session.list_tools()
result = await session.call_tool("read_file", {"path": "/tmp/test.txt"})import { Client } from "@modelcontextprotocol/sdk/client/index.js";
import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
const transport = new StreamableHTTPClientTransport(
new URL("http://localhost:8080/mcp"),
{ requestInit: { headers: { "Authorization": "Bearer <your-api-key>" } } }
);
const client = new Client({ name: "my-client", version: "1.0.0" });
await client.connect(transport);
const { tools } = await client.listTools();
const result = await client.callTool({ name: "read_file", arguments: { path: "/tmp/test.txt" } });# List available tools
$ curl -X POST http://localhost:8080/mcp \
-H "Authorization: Bearer <your-api-key>" \
-H "Content-Type: application/json" \
-d '{"jsonrpc": "2.0", "id": 1, "method": "tools/list"}'
# Call a tool
$ curl -X POST http://localhost:8080/mcp \
-H "Authorization: Bearer <your-api-key>" \
-H "Content-Type: application/json" \
-d '{"jsonrpc": "2.0", "id": 2, "method": "tools/call",
"params": {"name": "read_file", "arguments": {"path": "/tmp/test.txt"}}}'One proxy, every agent. Configure SentinelGate as an MCP server — your agent doesn't need to know it's there.
Everything you need to secure AI agents. Free forever. Enterprise features when you need them.
Coming soon
Contact Sales