Skip to main content
Sentrail is a proxy gateway — your agents call Sentrail, Sentrail calls the tool. No agent-side SDK is required. Any HTTP client works.

Request flow

Component responsibilities

ComponentRole
gateway-proxy edge functionAuth, action classification, policy evaluation orchestration, forwarding
evaluate-action edge functionStandalone policy evaluation without proxying (for custom agent pipelines)
_shared/evaluate-action-core.tsShared policy engine logic used by gateway-proxy, evaluate-action, webhook handlers, and mcp-gate
_shared/action-classifier.tsMaps (tool, HTTP method, path) to (action string, resourceType, riskLevel)
approval-decision edge functionReviewer approve/deny, deferred execution trigger
kill-switch edge functionGlobal kill switch and per-tool pause management
mcp-gate edge functionJSON-RPC proxy for MCP servers with policy gating
deferred_actions tableStores the raw HTTP call to replay after approval
approval_requests tableStores approval state, reviewer decision, execution result
audit_logs tableImmutable record of every evaluated action

API key authentication

Every agent request must include an agk_ API key in the Authorization: Bearer header. Sentrail computes a SHA-256 hash of the raw key and looks it up in the api_keys table. The raw key is never stored. Keys carry scopes. The gateway scope is required for gateway-proxy. The evaluate scope is required for evaluate-action. The mcp scope is required for mcp-gate (falls back to evaluate).

Action classification

For GitHub and Linear, Sentrail automatically classifies the action from the HTTP method and path:
POST /repos/owner/repo/pulls → pull_request.create (riskLevel: high)
PATCH /repos/owner/repo/issues/123 → issues.update (riskLevel: medium)
GET /repos/owner/repo/issues → read (riskLevel: low)
DELETE /repos/owner/repo/git/refs/heads/feature → ref.delete (riskLevel: critical)
For MCP, the tools/call method name is used as the action, and risk level is inferred from the tool name prefix (delete_* → high, create_* → medium, get_* / list_* → low).