sentinel
postgresgemini stub
developer · v0.1.0 · MIT

Agent Sentinel

Gemini-powered governance plane for enterprise AI agents. Every tool call gated by Gemini Flash, escalated to Pro on ambiguity, hash-chained into an HMAC-signed audit ledger that cites the exact policy version used.

Live gatewayreal Gemini · rate-limitedDashboardthis app · VercelGitHubMIT · clone & runA2A cardagent → agent ingress
01

What it does

Drop Sentinel in front of any MCP-speaking or A2A-speaking agent. Every action — every email, every database read, every refund, every agent-to-agent delegation — passes through four gates and is recorded with cited policy evidence.

  • Allow · deny · rewrite decisions returned in < 2 s end-to-end
  • Hash-chained receipts signed via rotatable KMS keys
  • Per-BU cost meter for finance chargeback (base + Gemini split)
  • Tamper-evident audit via sentinel ledger verify
02

Architecture

  • Static engine · regex denylists, role ACL, refund cap · < 5 ms
  • Drift detector · injection markers, tool-vs-declared-goal mismatch · ~ 0 ms
  • Flash gate · Gemini 2.5 Flash with response_schema and thinking_budget=0
  • Pro reasoner · Gemini 2.5 Pro with cached_content over full policy documents (no chunking, no vector DB)
  • Audit ledger · Postgres, hash-chained, HMAC-signed per-agent chain. Webhook alerts on every deny + rewrite. Merkle batches anchorable to OpenTimestamps or Circle Arc.
  • Cost meter · per-BU $/call event ledger, base vs. Gemini split, CFO-friendly rollup
  • Adapters · Google ADK, Anthropic Agent SDK, OpenAI tool-calling, CrewAI, generic MCP
03

Quick start (60 s, local)

git clone https://github.com/SankarSubbayya/agent_sentinel
cd agent_sentinel
cp .env.example .env                  # GEMINI_API_KEY optional — stubs work without
uv sync && uv run sentinel init-db
uv run sentinel serve --port 8088     # gateway

# in another shell
cd dashboard && npm i && PORT=3030 npm run dev
uv run sentinel demo run              # 6-beat PRD demo
uv run sentinel eval run              # 155 labeled scenarios, ~$0.18
uv run sentinel ledger verify         # INTEGRITY: PASS
04

HTTP API

POST/v1/tools/callMCP-shaped tool envelope · returns allow / deny / rewrite + receipt
curl -X POST https://agent-sentinel.up.railway.app/v1/tools/call \
  -H 'content-type: application/json' \
  -d '{
    "agent_id": "agent-sales-01",
    "session_id": "demo-session",
    "tool": "web.search",
    "args": {"q": "competitor pricing 2026"}
  }'
POST/v1/agents/runBrief-mode loop · Gemini picks tools turn-by-turn, every call gated
curl -X POST https://agent-sentinel.up.railway.app/v1/agents/run \
  -H 'content-type: application/json' \
  -d '{
    "agent_id": "agent-ops-01",
    "brief": "Refund customer C-2200 the full $4,999.99 for ticket #5512."
  }'
POST/v1/policies/textAuthor a policy as raw text · no PDF · catalog upsert
curl -X POST https://agent-sentinel.up.railway.app/v1/policies/text \
  -H 'content-type: application/json' \
  -d '{
    "name": "Refund Authority",
    "version": "v1.4",
    "domain_tags": ["refund", "financial"],
    "body": "§1.1. Ops agent: up to USD 500 per refund..."
  }'
POST/v1/ledger/verifyWalk every receipt chain · recompute HMAC · detect forks / tamper
curl -X POST https://agent-sentinel.up.railway.app/v1/ledger/verify \
  -H 'content-type: application/json' -d '{}'

# → {"total": 703, "verified": 703, "all_ok": true, ...}
GET/v1/events/streamServer-Sent Events · one event per new decision (live timeline feed)
curl -N https://agent-sentinel.up.railway.app/v1/events/stream
05

Adapter quickstart — Google ADK

Three-line wrap of any ADK FunctionTool or whole Agent. Every tool the agent invokes is gated, signed, costed.

from google.adk.agents import Agent
from sentinel.adapters.google_adk_adapter import SentinelADKAgent

sales_agent = Agent(name="Sales Researcher", model="gemini-2.5-flash", tools=[...])

# All tool calls now flow through Sentinel.
governed = SentinelADKAgent(
    sales_agent,
    agent_id="agent-sales-01",
    sentinel_url="https://agent-sentinel.up.railway.app",
)
governed.run("Find Q3 competitor pricing.")

Adapters also exist for Anthropic Agent SDK, OpenAI tool-calling, CrewAI, and generic MCP.

06

Try it

Live gateway

Public Railway deploy with real Gemini. Per-IP rate-limited so the URL stays safe.

agent-sentinel.up.railway.app
This dashboard

Live timeline · receipts · BU cost rollup · red-team console · policy library.

agent-sentinel-weld.vercel.app
GitHub

MIT-licensed reference implementation. Clone, run, audit. 88 pytests passing.

github.com/SankarSubbayya/agent_sentinel
3-min video script

Time-coded demo walkthrough with screen-direction cues and failsafes.

docs/DEMO_VIDEO_SCRIPT.md
07

This dashboard is pointed at

NEXT_PUBLIC_SENTINEL_URLbuild-time baked
https://agent-sentinel.up.railway.app

Change at build time on Vercel: project settings → Environment Variables → NEXT_PUBLIC_SENTINEL_URL → redeploy.

08

Credits

Built by Sankar Subbayya for the Transforming Enterprise Through AI hackathon · Track 2 (Google AI Studio · Gemini) primary, Track 1 (Agent Security & AI Governance) secondary. MIT-licensed.

Sentinel is a reference implementation. It is not a production security guarantee — every deployment should configure its own KMS, run its own red-team exercises, and treat the policy catalog as living code.