Quick Start

Protect your first AI agent action in under 5 minutes

3 min read

Quick Start

This guide walks you through a complete Sentinel integration — from config to a guarded agent action.

Step 1: Install

bash
npm install @sentinel-sdk/core

Step 2: Create a Sentinel Instance

typescript
import { Sentinel } from '@sentinel-sdk/core';

const sentinel = await Sentinel.create({
  mode: 'full',

  promptGuard: {
    mode: 'rules',  // use built-in rule packs, no LLM required
  },

  executionSandbox: {
    rpcEndpoint: 'https://api.mainnet-beta.solana.com',
    policy: {
      spendingLimits: {
        maxPerTx: 10,     // max 10 SOL per transaction
        maxDaily: 50,     // max 50 SOL per day
        maxWeekly: 200,   // max 200 SOL per week
      },
    },
  },
});

Sentinel.create() is async because it loads rule packs. The returned instance is deeply frozen — configuration cannot be mutated after creation.

Step 3: Guard an Agent Action

Call sentinel.execute() with the agent's input and/or transaction:

typescript
const result = await sentinel.execute({
  input: userMessage,        // the prompt or instruction the agent received
  transaction: base64Tx,    // the serialized transaction the agent wants to send
});

if (!result.approved) {
  console.log('Action blocked by:', result.blocked_by);
  // 'prompt_guard' | 'execution_sandbox'
  return;
}

// Safe to broadcast
await sendTransaction(base64Tx);

execute() never throws. A blocked result always has approved: false and a populated blocked_by field.

Step 4: Inspect Results

typescript
if (result.guardResult) {
  console.log('Guard:', result.guardResult.safe, result.guardResult.threatType);
}

if (result.sandboxResult) {
  console.log('Risk score:', result.sandboxResult.riskScore);
  console.log('Policy violations:', result.sandboxResult.policyViolations);
}

LLM-Augmented Guard

For higher detection accuracy, add an LLM judge alongside the rule engine:

typescript
const sentinel = await Sentinel.create({
  mode: 'full',
  promptGuard: {
    mode: 'both',  // run rules AND llm in parallel; most severe wins
    llm: {
      provider: 'anthropic',
      apiKeyEnvVar: 'ANTHROPIC_API_KEY',
    },
  },
  executionSandbox: {
    rpcEndpoint: 'https://api.mainnet-beta.solana.com',
    policy: {
      spendingLimits: { maxPerTx: 10, maxDaily: 50, maxWeekly: 200 },
    },
  },
});

Guard-Only Mode

If you only need prompt protection (no transaction simulation):

typescript
const sentinel = await Sentinel.create({
  mode: 'guard-only',
  promptGuard: { mode: 'rules' },
});

const result = await sentinel.scanInput(userMessage);

if (!result.safe) {
  console.log('Threat detected:', result.threatType, result.confidence);
}

Sandbox-Only Mode

If your agent doesn't process natural language input:

typescript
const sentinel = await Sentinel.create({
  mode: 'sandbox-only',
  executionSandbox: {
    rpcEndpoint: process.env.SOLANA_RPC_URL!,
    policy: {
      spendingLimits: { maxPerTx: 5, maxDaily: 20, maxWeekly: 100 },
      programAllowlist: ['TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA'],
    },
  },
});

const result = await sentinel.evaluateTransaction(base64Tx);

Listen for Events

React to security events without polling:

typescript
sentinel.on('threat:detected', ({ result }) => {
  alertSecurityTeam(result.threatType, result.confidence);
});

sentinel.on('policy:violated', ({ violation }) => {
  logViolation(violation.rule, violation.message);
});

Next Steps

PreviousInstallationNextSentinel