Sentinelgate

Overview

SentinelGate is an access control system for AI agents that intercepts every action before execution. It works as an MCP proxy with a policy decision point, using CEL policies and RBAC to allow or deny tool calls, shell commands, and file operations. The system provides deterministic security controls and maintains a full audit trail of all agent activities.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

• read_filepath: string

  Read a file from the filesystem

  Try:Read the contents of config.jsonTry:Show me the content of /home/user/file.txt
• write_filepath: string, content: string

  Write content to a file

  Try:Create a new file with this contentTry:Write to log.txt with timestamp
• list_filespath: string

  List files and directories in a path

  Try:Show all files in the current directoryTry:List files in /home/user/docs
• execute_bashcommand: string

  Execute a bash command

  Try:Run 'ls -la' to list filesTry:Execute 'git status' to check repository state
• make_http_requestmethod: string, url: string, headers: object, body: string

  Make an HTTP request to a web service

  Try:Fetch data from https://api.example.comTry:Send a POST request to the webhook endpoint
• delete_filepath: string

  Delete a file from the filesystem

  Try:Remove the temporary fileTry:Delete the old log file
• create_directorypath: string

  Create a new directory

  Try:Make a new folder called 'backup'Try:Create directory structure for project
• rename_filesource: string, destination: string

  Rename or move a file

  Try:Rename config to config.backupTry:Move the file to the documents folder
• get_file_infopath: string

  Get metadata information about a file

  Try:Check when the file was last modifiedTry:Get the size of the document
• search_filespath: string, pattern: string

  Search for files matching a pattern

  Try:Find all .txt files in the directoryTry:Search for files containing 'error' in the name
• compress_filesfiles: array, output: string

  Compress multiple files into an archive

  Try:Zip all log files togetherTry:Create a backup archive of project files
• decompress_filearchive: string, destination: string

  Decompress an archive to a destination directory

  Try:Extract the downloaded zip fileTry:Unpack the archive to the folder

Note: Tool names inferred from the MCP proxy behavior described in the README, as the README doesn't explicitly list all available tools but mentions '12 discovered' tools in the example startup output. The tools are common file system and system

Comparable tools

Installation

curl -sSfL https://raw.githubusercontent.com/Sentinel-Gate/Sentinelgate/main/install.sh | sh

irm https://raw.githubusercontent.com/Sentinel-Gate/Sentinelgate/main/install.ps1 | iex

{
  "mcpServers": {
    "sentinelgate": {
      "command": "sentinelgate",
      "args": ["serve"]
    }
  }
}

FAQ

What makes SentinelGate different from a regular firewall?

SentinelGate operates at the application layer specifically for AI agent actions, understanding context like tool calls and content, rather than just network traffic.

Does it require modifying my AI agent?

No. SentinelGate works as a proxy between the agent and your system without requiring any code changes to the agent itself.

On Hacker News

Recent discussion from the developer community.

• Show HN: SentinelGate – Access control for AI agents (open-source MCP proxy)▲ 6
  Story by andreadev · 2026-03-26
• Show HN: SentinelGate – Universal Firewall for AI Agents (Open Source, Go)▲ 2💬 1
  Story by andreadev · 2026-02-18
• Show HN: Sentinel Gate – Open-source RBAC firewall for MCP agents▲ 2💬 1
  Story by andreadev · 2026-02-03

Compare Sentinelgate with