SentinelGate

v2.0.0Securitystable

Access control for AI agents. MCP proxy + Policy Decision Point. CEL policies, RBAC, full audit trail. Any container, any sandbox.

access-controlai-agentsai-securityauditaudit-trail
Share:
25
Stars
0
Downloads
0
Weekly
0/5

What is SentinelGate?

SentinelGate is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to access control for ai agents. mcp proxy + policy decision point. cel policies, rbac, full audit trail. any container, any sandbox.

Access control for AI agents. MCP proxy + Policy Decision Point. CEL policies, RBAC, full audit trail. Any container, any sandbox.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Access control for AI agents. MCP proxy + Policy Decision Po

Use Cases

AI agent access control
RBAC and CEL policies
Audit trail management
Sentinel-Gate

Maintainer

LicenseAGPL 3.0
Languagego
Versionv2.0.0
UpdatedApr 26, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx sentinelgate

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use SentinelGate

SentinelGate is an MCP proxy and Policy Decision Point that enforces access control for AI agents before they can call tools on downstream MCP servers. It intercepts every tool invocation, evaluates configurable CEL (Common Expression Language) policies and RBAC rules, scans for PII/secrets in arguments and responses, and logs a complete audit trail of every decision. Security teams and platform engineers use SentinelGate to deploy AI agents safely in production by ensuring no tool call can bypass defined policies, with zero changes required to existing MCP servers.

Prerequisites

  • An MCP-compatible AI client (Claude Desktop, Claude Code, or similar)
  • One or more downstream MCP servers you want to proxy and protect
  • curl or PowerShell to run the one-line installer, or ability to download binary from GitHub Releases
  • Port 8080 available on localhost for the proxy and Admin UI
1

Install SentinelGate

Run the one-line installer for macOS/Linux, or the PowerShell command on Windows. Alternatively, download the appropriate binary for your platform from the GitHub Releases page.

# macOS / Linux
curl -sSfL https://raw.githubusercontent.com/Sentinel-Gate/Sentinelgate/main/install.sh | sh

# Windows PowerShell
irm https://raw.githubusercontent.com/Sentinel-Gate/Sentinelgate/main/install.ps1 | iex
2

Start the SentinelGate service

Launch the proxy. It will start the Admin UI on port 8080 and begin listening for MCP client connections at the proxy endpoint. No initial configuration file is required.

sentinel-gate start
3

Open the Admin UI and configure policies

Navigate to the Admin UI to connect upstream MCP servers, define RBAC roles, and write CEL policies. For example, add a policy `deny delete_*` to block all destructive delete operations across any connected tool.

# Open in browser
open http://localhost:8080/admin
4

Point your MCP client to SentinelGate

Update your AI client configuration to connect to SentinelGate's proxy endpoint instead of directly to your MCP servers. Use the API key shown in the Admin UI for Bearer token authentication.

5

Verify the audit trail

After making a few tool calls through your AI client, check the Admin UI audit log to confirm SentinelGate is intercepting calls, evaluating policies, and recording decisions with full context.

SentinelGate Examples

Client configuration

Configure your MCP client to route through SentinelGate's proxy endpoint. SentinelGate then forwards permitted calls to the upstream servers you configured in its Admin UI.

{
  "mcpServers": {
    "sentinelgate": {
      "command": "sentinel-gate",
      "args": ["start"],
      "env": {}
    }
  }
}

Prompts to try

Once SentinelGate is running and an upstream MCP server is connected, test policy enforcement and audit logging through your AI client.

- "List all tools available through SentinelGate"
- "Try to call a delete tool and show me whether it was blocked by policy"
- "What actions have been taken in this session according to the audit log?"
- "Show the active RBAC policies currently enforced by SentinelGate"

Troubleshooting SentinelGate

Port 8080 is already in use and the service fails to start

Check which process is using port 8080 with `lsof -i :8080` (macOS/Linux) or `netstat -ano | findstr 8080` (Windows). Stop the conflicting process or configure SentinelGate to use a different port via its optional YAML configuration.

AI client cannot connect to the proxy endpoint

Ensure sentinel-gate is running and the proxy endpoint is accessible at http://localhost:8080/mcp. Check that you are passing the correct API key as a Bearer token in the Authorization header as shown in the Admin UI.

All tool calls are being denied even when no deny policies are configured

Verify that the upstream MCP server is correctly registered in the Admin UI and that SentinelGate successfully discovered its tools. Check the Admin UI logs for connection errors to the upstream server.

Frequently Asked Questions about SentinelGate

What is SentinelGate?

SentinelGate is a Model Context Protocol (MCP) server that access control for ai agents. mcp proxy + policy decision point. cel policies, rbac, full audit trail. any container, any sandbox. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install SentinelGate?

Follow the installation instructions on the SentinelGate GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with SentinelGate?

SentinelGate works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is SentinelGate free to use?

Yes, SentinelGate is open source and available under the AGPL 3.0 license. You can use it freely in both personal and commercial projects.

SentinelGate Alternatives — Similar Security Servers

Looking for alternatives to SentinelGate? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "sentinelgate": { "command": "npx", "args": ["-y", "sentinelgate"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use SentinelGate?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides