Sentrail CLI: local interceptor for AI coding agents

The Sentrail CLI is a local MCP proxy that sits between your coding agent and its tools. Every tools/call — including shell commands — is classified and checked against your Sentrail workspace policies before it executes. This is how rm -rf, git push --force, DROP TABLE, and other destructive commands get blocked or approval-gated. The cloud MCP gateway (mcp-gate) only sees JSON-RPC calls to a connected upstream server; it cannot intercept shell commands. The local interceptor can.

Quick start (under 2 minutes)

1. Install

npm install -g sentrail

Requires Node.js 18 or later.

2. Initialize

sentrail init

The CLI prompts for:

Your Sentrail API key (agk_…)
Your workspace ID
The upstream MCP server URL the proxy should forward allowed calls to

After setup, it prints the MCP config snippet for the next step.

3. Add the proxy to your agent

Paste the config snippet into your agent’s MCP settings:

{
  "mcpServers": {
    "sentrail": {
      "url": "http://localhost:3773"
    }
  }
}

For Claude Code: ~/.claude/mcp_servers.json or .claude/mcp_servers.json in the project root. For Cursor: Cursor Settings → MCP or ~/.cursor/mcp.json.

4. Start the interceptor

sentrail start

The proxy runs in the foreground and logs every decision with color coding:

Green → allowed, forwarded to upstream
Red → blocked by policy
Yellow → held for human approval

5. Verify with the built-in demo

sentrail demo

The demo runs four simulated agent actions — rm -rf, git push --force, DROP TABLE, and cat README.md — and shows the Sentrail decision for each. No real commands are executed and no cloud connection is required.

How decisions are made

Agent (Claude Code / Cursor / Codex)
        │  tools/call
        ▼
Sentrail local proxy (localhost:3773)
        │
        ├─ classify command (shell classifier: rm -rf → file.delete_recursive / critical)
        │
        ├─ POST /evaluate-action → Sentrail cloud policy engine
        │
        ├─ allow    → forward to upstream MCP server, return result
        ├─ block    → return MCP error -32000 (🛑 Blocked by Sentrail)
        └─ require_approval → prompt in terminal, poll for reviewer decision

If the Sentrail cloud is unreachable, the proxy fails closed: write actions are blocked, read-only actions are allowed.

Supported agents

Any MCP-compatible client, including:

Claude Code
Cursor
Codex
Custom agents using the MCP protocol over HTTP

Core concepts: gateway, policies, approvals, audit logs CLI command reference

​Quick start (under 2 minutes)

​1. Install

​2. Initialize

​3. Add the proxy to your agent

​4. Start the interceptor

​5. Verify with the built-in demo

​How decisions are made

​Supported agents