MODULE 01 / SENTINEL

MCP Sentinel

Drop-in observability and guardrails for agent tool calls. Wrap your MCP server, get an audit-ready event stream and four guards (injection, PII, cost, rate limit) in front of every call. Reference implementation, ~700 LOC.

p99 < 12ms overhead0 incidents post-rolloutgithub.com/pappdavid/mcp-sentinel
// 01Architecture
AGENTMCP SENTINELrate_limit · sliding window 100/minjection_detector · regex + heurpii_scanner · presidioTOOLSBLOCKED · alertEVENT LOG → DASHBOARDSUPABASE · RLS
// 02Live event stream
idtoolstatusp50time
evt_a4f1file_read● allowed4ms14:22:08
evt_b2c9web_search● allowed11ms14:22:06
evt_d8e3code_execute● allowed7ms14:22:04
evt_f1a6db_query▲ warning9ms14:22:02
evt_91besend_email✕ blocked3ms14:22:00
Mock telemetry, rate-limited to 100 events/min.
// 03Quickstart in 3 lines
// github.com/pappdavid/mcp-sentinel
import { MCPSentinel } from './sentinel';
 
const sentinel = new MCPSentinel({ apiKey, guards: ['injection', 'pii', 'cost'] });
const server = sentinel.wrap(yourMCPServer);
server.listen(3001);
// 04Trade-offs
CHOSE
Wrapper, not a sidecar

3 lines to install vs deploying a separate process. p99 stays low because everything is in-process.

CHOSE
Boundary guards, not LLM-based

Pattern + Presidio. No LLM call to decide whether to allow the next LLM call — that's a cost loop.

SKIPPED
Fancy ML detection

90% of injection attempts are caught by 12 patterns. Ship that first; revisit when the data demands it.