AISentinel
БесплатноНе проверенAn open-source MCP server that protects AI agents at runtime by evaluating every tool call against YAML policies and generating audit trails.
Описание
An open-source MCP server that protects AI agents at runtime by evaluating every tool call against YAML policies and generating audit trails.
README
MCP Server GitHub release Apache 2.0 Built by BizDNAi Go 1.22+ AI Trust Index
The missing security, control, and observability layer for the agentic era.
Traditional security tools were built for malware. AI agents were given legitimate power through tools and APIs. AISentinel provides the missing security, control, and observability layer.

1. Project Title + Tagline
AISentinel — an open-source MCP server that protects AI agents at runtime. Built by Kabzhanov / BizDNAi, the team behind the AI Trust Index.
2. Why AISentinel Exists
AI agents now have shell, browsers, file systems, and API keys. They are
legitimate processes — antivirus cannot see them. A single indirect
prompt injection in a PDF or email can pivot into mass data exfiltration
through ordinary tools like Bash and Email_send.
AISentinel closes that gap: it runs as an MCP server in front of every tool call, evaluates YAML policies, logs every decision, and ships an audit trail compatible with the AI Trust Index.
See docs/SECURITY_AUDIT.md for the full threat model.
3. Quickstart (3 minutes)
Option A: install the binary
go install github.com/Kabzhanov/AISentinel/cmd/aisentinel@latest
aisentinel --help
aisentinel serve
go install gives you a standalone binary — you do not need to clone
this repo or pass --policy to get started. aisentinel serve with no
flags loads a built-in default policy (embedded in the binary at build
time), balanced for general use: blocks obvious secrets-in-args and
destructive commands, requires approval for network calls and bulk reads.
To use your own policy instead, pass --policy /path/to/your.yaml or set
$AISENTINEL_POLICY (see Policy resolution below).
Option B: install the sidecar (drop-in policy proxy for any MCP server)
go install github.com/Kabzhanov/AISentinel/cmd/aisentinel-sidecar@latest
# Wrap any stdio MCP server with one command — no --policy required:
aisentinel-sidecar ./your-mcp-server [args...]
Option C: clone and build
git clone https://github.com/Kabzhanov/AISentinel.git
cd AISentinel
go build -o bin/aisentinel ./cmd/aisentinel
go build -o bin/aisentinel-sidecar ./cmd/aisentinel-sidecar
./bin/aisentinel serve --policy policies/default.yaml
(--policy policies/default.yaml here is explicit and optional — omitting
it works too, and falls back to the same built-in default described above.)
Option D: pre-built binaries from GitHub Releases
Download from https://github.com/Kabzhanov/AISentinel/releases/latest.
Available for linux/amd64, linux/arm64, darwin/amd64, darwin/arm64,
windows/amd64.
Option E: add to Claude Code / Cursor / Cline
{
"mcpServers": {
"aisentinel": {
"command": "aisentinel",
"args": ["serve"]
},
"aisentinel-sidecar": {
"command": "aisentinel-sidecar",
"args": ["--policy", "/absolute/path/to/policies/strict.yaml", "/path/to/your-mcp-server"]
}
}
}
Then restart your MCP client and ask your agent to call any tool —
AISentinel will gate every call and write a JSONL audit trail to
~/.aisentinel/events-YYYY-MM-DD.jsonl.
Policy resolution
Both aisentinel serve and aisentinel-sidecar resolve which policy to
load in this order, stopping at the first one that applies:
--policy /path/to/file.yaml— if given, it must load; a missing or invalid file is a hard error.$AISENTINEL_POLICY— same contract as--policyif set../policies/default.yamlrelative to the current directory, if that file exists (this is what you get inside a clone of this repo).- The built-in default policy, embedded in the binary at compile time.
This is what makes
go install ... && aisentinel servework from any directory, with no repo checkout and no flags. When this path is used, the binary printsusing built-in default policyto stderr so it's never a silent surprise.
4. Key Features
- Pre-tool gate — evaluate every tool call against a YAML policy (allow / block / require_human_approval / log_only).
- Audit log — append-only JSONL with a standardised event schema.
- Validate-policy — lint a YAML policy without loading it.
- Built-in policies —
default,strict,audit-only(seepolicies/). - MCP-native — works in Claude Code, Claude Desktop, Cursor, Cline, Continue.
- Zero telemetry — runs locally; no phone-home.
- Apache 2.0 — permissive open source with patent grant.
5. Connectors
- MCP stdio —
aisentinel serve(Claude Code, Claude Desktop, Cursor, Cline, Continue). - Streamable-HTTP —
https://mcp.aisentinel.bizdnai.com/mcp(SaaS, OAuth via BizDNAi). - CLI —
aisentinelsubcommands (serve,validate-policy,policies,events,version). - Library — Go package
github.com/Kabzhanov/AISentinel/internal/policyfor embedding.
6. Policy Examples
See policies/default.yaml for the full default policy.
version: 1
name: default
rules:
- id: secret-in-args
match: { tool_args_regex: "(?i)(api[_-]?key|secret|token|password|passwd)" }
decision: block
reason: "Possible secret in arguments"
- id: lan-deny
match: { tool_name: "Bash", tool_args_regex: "10\\.|192\\.168\\.|172\\.(1[6-9]|2\\d|3[01])\\." }
decision: block
reason: "LAN access blocked by default"
Match modes: tool_name, tool_name_regex, tool_args_regex, tool_args_contains. Multiple matchers AND-combine.
7. How it Improves AI Trust Index Score
AISentinel generates the observability data required for AI Trust Index assessments:
- Every tool call → auditable event with agent_id, session_id, decision, signals.
- Every policy decision → versioned, fingerprinted (policy_signature field).
- Every block → reason, risk_signals, ready for an ATI submission.
Run aisentinel_get_ati_snapshot to get a JSON blob ready to paste into
the AI Trust Index cabinet.
8. Licensing
AISentinel is available under two licensing options:
Apache License 2.0 (Open Source)
- Free to use, modify, and distribute under the terms of the Apache 2.0 license.
- Includes explicit patent grant from contributors.
Commercial License
- For companies that want to embed AISentinel in closed-source products without open-source compliance requirements.
- Contact: [email protected]
By contributing to this repository, you agree to license your contributions under Apache 2.0.
See LICENSE and COMMERCIAL_LICENSE.md.
9. Installation
Requirements: Go 1.22+
go install github.com/Kabzhanov/AISentinel/cmd/aisentinel@latest
Verify:
aisentinel version
# AISentinel v1.0.6 — by Kabzhanov / BizDNAi / AI Trust Index
#
# `go install ...@latest` builds from a tagged release and embeds that
# tag's version via -ldflags. A plain local `go build` (no -ldflags) prints
# "vdev" instead — that's expected, not a bug.
10. Usage Examples
Run the MCP server
# Uses the built-in default policy — no --policy needed:
aisentinel serve
# Or point at your own policy:
aisentinel serve --policy policies/strict.yaml
Validate a custom policy
aisentinel validate-policy my-policy.yaml
Tail recent audit events
aisentinel events --last 20
List built-in policies
aisentinel policies
Try a policy without blocking (shadow mode)
AISENTINEL_DRY_RUN=1 aisentinel serve --policy policies/default.yaml
11. Event Schema
See docs/event-schema.md. One JSON object per line in the JSONL log:
{
"event_id": "20260707T221500.000000001-1",
"timestamp": "2026-07-07T22:15:00Z",
"event_type": "pre_tool",
"agent_id": "agent-42",
"session_id": "sess-abc",
"tool_name": "Bash",
"tool_args": { "command": "curl http://attacker.com/x" },
"decision": "block",
"policy_matched": ["bash-network"],
"risk_signals": ["rule_matched:bash-network"]
}
12. Contributing
See CONTRIBUTING.md. By contributing you agree to license your contribution under Apache 2.0.
13. Roadmap
- v1.0 (this release) — MCP stdio, 4 tools, 3 built-in policies, JSONL audit log.
- v1.1 —
aisentinel scan(MCP-config auditor), mobile connectors. - v1.2 — streamable-HTTP transport (SaaS mode), OAuth via BizDNAi.
- v2.0 — ATI-feed integration, IDE plugins (VSCode MCP Inspector).
14. License
Apache License 2.0. See LICENSE.
AISentinel is dual-licensed under Apache 2.0 and a commercial license. For commercial terms, contact [email protected].
By Kabzhanov / BizDNAi — creators of the AI Trust Index.
Установка AISentinel
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/Kabzhanov/AISentinelFAQ
AISentinel MCP бесплатный?
Да, AISentinel MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для AISentinel?
Нет, AISentinel работает без API-ключей и переменных окружения.
AISentinel — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить AISentinel в Claude Desktop, Claude Code или Cursor?
Открой AISentinel на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare AISentinel with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
