Overview

Sentinel is an open-source TypeScript SDK that brings layered security to AI agents executing on Solana. It intercepts agent actions before they reach the chain, scanning for prompt injection and enforcing spending policies — all in a single, composable pipeline.

What Sentinel Does

AI agents that control wallets face two distinct attack surfaces:

Prompt injection — an adversarial input that manipulates the agent into doing something it shouldn't. Drain-all instructions, role overrides, urgency manipulation, jailbreaks.

Policy-blind execution — an agent that is acting correctly but hasn't been constrained by spending limits, program allowlists, or cooldown windows. One runaway loop can empty a wallet.

Sentinel addresses both:

Architecture

The two components are independent. Use both (full mode), or pick the one you need.

Packages

The SDK ships as two packages:

• @sentinel-sdk/core — the TypeScript library. Import Sentinel and integrate it directly in your agent.
• @sentinel-sdk/cli — a command-line tool for scanning inputs and simulating transactions without writing code.

Key Properties

Fail closed. Every component is designed to block on error rather than pass. If the LLM judge times out, the guard returns safe: false. If the simulator fails, the sandbox returns approved: false.

Immutable configuration. Configs and results are deep-frozen on creation. An agent cannot mutate its own safety constraints at runtime.

Zero-throw pipeline. sentinel.execute() and sentinel.scanInput() never throw. Every error path returns a structured result.

Composable. Use the top-level Sentinel class for the full pipeline, or instantiate PromptGuard and ExecutionSandbox directly for custom workflows.

Next Steps

• Installation — add Sentinel to your project
• Quick Start — protect your first agent action in under 5 minutes
• Sentinel class — full API reference for the main entry point