Request flow
Component responsibilities
| Component | Role |
|---|---|
gateway-proxy edge function | Auth, action classification, policy evaluation orchestration, forwarding |
evaluate-action edge function | Standalone policy evaluation without proxying (for custom agent pipelines) |
_shared/evaluate-action-core.ts | Shared policy engine logic used by gateway-proxy, evaluate-action, webhook handlers, and mcp-gate |
_shared/action-classifier.ts | Maps (tool, HTTP method, path) to (action string, resourceType, riskLevel) |
approval-decision edge function | Reviewer approve/deny, deferred execution trigger |
kill-switch edge function | Global kill switch and per-tool pause management |
mcp-gate edge function | JSON-RPC proxy for MCP servers with policy gating |
deferred_actions table | Stores the raw HTTP call to replay after approval |
approval_requests table | Stores approval state, reviewer decision, execution result |
audit_logs table | Immutable record of every evaluated action |
API key authentication
Every agent request must include anagk_ API key in the Authorization: Bearer header. Sentrail computes a SHA-256 hash of the raw key and looks it up in the api_keys table. The raw key is never stored.
Keys carry scopes. The gateway scope is required for gateway-proxy. The evaluate scope is required for evaluate-action. The mcp scope is required for mcp-gate (falls back to evaluate).
Action classification
For GitHub and Linear, Sentrail automatically classifies the action from the HTTP method and path:tools/call method name is used as the action, and risk level is inferred from the tool name prefix (delete_* → high, create_* → medium, get_* / list_* → low).