v2.1.3

What's new since v2.0

Policy Decision Point (PDP)

SentinelGate now exposes a Policy Decision Point alongside the MCP Proxy — the same CEL policies, callable from Go, Python, and Node SDKs to govern any protocol (REST, SQL, shell, custom agents that don't
speak MCP). Cooperative enforcement, identical audit trail, no traffic in the path.

Container and deployment ecosystem

Runnable examples and deployment templates for every target a team is likely to ship on:

• Docker — standalone container, docker-compose demo with filesystem MCP and an agent simulator
• Kubernetes — namespace, ConfigMap bootstrap, Deployment, Service, kind-based demo running 12 automated scenarios
• Podman — rootless with SELinux and Quadlet/systemd integration
• systemd — hardened unit with 18 sandboxing directives
• Firecracker — microVM init script and rootfs build
• LXC/LXD — system container with optional systemd integration
• ECS Fargate — task definition with CloudWatch logging
• Fly.io — fly.toml with persistent volume and automatic TLS
• Modal — serverless web endpoint with persistent state
• E2B — cross-compiled SentinelGate running inside an E2B microVM, 10 automated scenarios
• Daytona — cross-compiled SentinelGate running inside a Daytona sandbox, 10 automated scenarios
• Claude Code — isolated container where Claude talks to the Anthropic API directly but every file operation goes through SentinelGate

Operations

• Kill switch — atomic, global emergency stop for every tool call; state persisted across restarts; activate/resume from the dashboard or REST API
• Readiness probe (/readyz) — verifies bootstrap completion, tool discovery, upstream connectivity, and kill-switch state; ready for K8s and Docker healthchecks
• File-based bootstrap — auto-apply identities, API keys, upstreams, and policies from bootstrap.json at startup; self-consuming, GitOps-friendly

Policy engine

• Sandbox profiles — three curated profiles (strict, standard, permissive) loadable via bootstrap with per-field overrides
• Custom content-scanning patterns — up to 50 user-defined regex patterns on top of the 22 built-in detectors (secrets, PII, prompt-injection markers); persisted in state, managed via REST API
• Bootstrap-driven policies — create identities, API keys, and CEL policies declaratively from a single config file

Links

• Documentation
• Policy Decision API
• Examples
• Website

v2.0

SentinelGate v2.0

Complete rewrite. Access control gateway for AI agents using MCP.

Highlights

• RBAC with CEL policies — expressive, code-free authorization rules
• Multi-upstream routing — aggregate tools from multiple MCP servers with namespace isolation
• Full audit trail — cryptographic evidence chain (ECDSA P-256, hash-chained)
• Admin dashboard — real-time monitoring, policy builder, session recording
• Sub-millisecond overhead — single binary, zero dependencies
• Content scanning — detect secrets, PII, and prompt injection in tool arguments
• FinOps — per-identity cost tracking and budget enforcement
• Formal verification — TLA+ model of the policy engine
• SDKs — Go, Python, Node.js

Breaking changes from v1.x

• Complete architecture rewrite (hexagonal/ports & adapters)
• New configuration format (sentinel-gate.yaml)
• New state management (state.json with atomic writes)
• API key hashing upgraded to Argon2id

Links

• Documentation
• Quick Start
• Website