| I've been quietly building this forlast few months. Today I am open-sourcing it. One thing that kept bothering me is that teams I worked with were sending raw user input
to OpenAI with literally zero filtering. Not even a regex. Users would type their
SSN or credit card number, it would go straight to the API, and nobody noticed.
There's no safety net here. The model doesn't care. The SDK doesn't care. Your
app doesn't care. So I built Sentinel Protocol. It's a local proxy that sits between your app and any
LLM API - OpenAI, Anthropic, Google Gemini, Ollama,etc and enforces security on every request. What it actually does:
On the way in:
- Scans for 40+ PII types (SSN, credit card, email, phone, passport, tax ID,
AWS keys, API tokens, etc.), blocks critical ones, silently redacts medium ones
- Neural injection classifier (built a custom LFRL engine - rule language plus
ML scoring) + regex + semantic similarity - layered defense
- MCP poisoning detection for agentic apps using tool calls
- Loop detection, intent drift tracking, swarm isolation for multi-agent systems
- Deception engine that intentionally returns fake responses to detected attackers
- Cold start analyzer (heightened sensitivity during first N seconds of warmup) On the way out:
- Output classifier for toxicity, code execution, hallucination signals,
unauthorized disclosure
- Hallucination tripwire (catches fabricated URLs, nonexistent citations, numeric
contradictions in the model's own response)
- Real-time PII redaction in SSE/streaming responses — not after the stream, during
- Stego exfil detection (zero-width characters, invisible Unicode used to embed
data in model output - real attack vector)
- Token watermarking with timing-safe verification Governance:
- OWASP LLM Top 10 - all 10 categories covered
- MITRE ATLAS threat attribution on every blocked event
- JSONL audit log at ~/.sentinel/audit.jsonl (grep-friendly, plain text, yours)
- Forensic debugger with full replay capability — change a config, re-run any
blocked request against the new settings
- AIBOM (AI Bill of Materials) generator for compliance
- TLA+ and Alloy formal verification specs included Numbers:
- 52,069 lines of source code
- 81 security engines
- 139 test suites, 567 tests, 0 failures
- 306 linted files, 0 warnings
- 9 total runtime dependencies (yes, nine — I kept it tight on purpose)
- <5ms p95 proxy overhead
- Zero cloud dependency — everything runs on your machine Start with one command:
npx --yes --package sentinel-protocol sentinel bootstrap --profile paranoid --mode enforce --dashboard Drop-in for any OpenAI SDK — change baseURL to http://127.0.0.1:8787/v1 and add
the x-sentinel-target header. That's it. I wanted to build something that could run in a hospital, a law firm, or a
two-person startup with the same trust model: your data doesn't leave your machine. GitHub: https://github.com/myProjectsRavi/sentinel-protocol
npm: sentinel-protocol (v1.2.7, MIT) Expecting feedback from every developer. |