Skip to main content
1

Create a workspace

Sign in at sentrail.dev and create a workspace. Set the environment to test while you integrate — test workspaces run full policy evaluation but are labeled separately in audit logs.
2

Connect GitHub

Go to Tools → GitHub → Connect. Sentrail will redirect you through GitHub OAuth. After authorization, your workspace stores an access token server-side — the token is never exposed to agents.Copy the webhook URL shown after connecting:
https://<project-ref>.supabase.co/functions/v1/webhook-github
Add it to your GitHub repository or organization settings under Webhooks. Set the content type to application/json and add a webhook secret — you will paste this secret into Sentrail’s tool configuration.
3

Create an API key

Go to Settings → API Keys → New Key. Give the key a name and assign the gateway scope. Copy the key — it starts with agk_ and is shown only once.
agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Store the key in a secret manager immediately. Sentrail stores only a SHA-256 hash and cannot recover the raw value.
4

Write your first gated action

Replace the GitHub API base URL in your agent with the Sentrail gateway. Pass your API key as a Bearer token and include an agent identifier header.
curl -X POST \
  https://<project-ref>.supabase.co/functions/v1/gateway-proxy/github/repos/owner/repo/issues \
  -H "Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "X-Agent-Id: my-coding-agent" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Fix login bug",
    "body": "The logout button is broken on mobile.",
    "labels": ["bug"]
  }'
If no matching policy exists, Sentrail defaults to allow and forwards the request. You will receive the GitHub API response directly with two extra headers:
X-Sentrail-Decision: allow
X-Sentrail-AuditLogId: <uuid>
X-Sentrail-CorrelationId: <uuid>
5

Create a require_approval policy

Go to Policies → New Policy and configure:
FieldValue
Toolgithub
Action patternpull_request.create
Risk levelhigh
Moderequire_approval
Priority10
Now repeat the request but for a pull request:
curl -X POST \
  https://<project-ref>.supabase.co/functions/v1/gateway-proxy/github/repos/owner/repo/pulls \
  -H "Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "X-Agent-Id: my-coding-agent" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Add feature X",
    "head": "feature-x",
    "base": "main"
  }'
You will receive a 202 response:
{
  "ok": true,
  "decision": "require_approval",
  "reason": "Policy 'Require approval for PRs' matched",
  "approvalRequestId": "550e8400-e29b-41d4-a716-446655440000",
  "auditLogId": "...",
  "correlationId": "...",
  "pollUrl": "/functions/v1/gateway-proxy/status/..."
}
The action is paused until a reviewer approves or denies it in the Sentrail dashboard.
6

See the audit log

Go to Audit Logs in the dashboard. Every evaluated action is logged — the decision, which policy matched, the agent identity, the payload preview, and the correlation ID linking the approval request to its execution result.