AISentinel
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@AISentinelcheck if bash command 'cat /etc/shadow' is blocked"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
AISentinel
The missing security, control, and observability layer for the agentic era.
Traditional security tools were built for malware. AI agents were given legitimate power through tools and APIs. AISentinel provides the missing security, control, and observability layer.
1. Project Title + Tagline
AISentinel — an open-source MCP server that protects AI agents at runtime. Built by Kabzhanov / BizDNAi, the team behind the AI Trust Index.
Related MCP server: Stage0 Authorization MCP Server
2. Why AISentinel Exists
AI agents now have shell, browsers, file systems, and API keys. They are
legitimate processes — antivirus cannot see them. A single indirect
prompt injection in a PDF or email can pivot into mass data exfiltration
through ordinary tools like Bash and Email_send.
AISentinel closes that gap: it runs as an MCP server in front of every tool call, evaluates YAML policies, logs every decision, and ships an audit trail compatible with the AI Trust Index.
See docs/SECURITY_AUDIT.md for the full threat model.
3. Quickstart (3 minutes)
Option A: install the binary
go install github.com/Kabzhanov/AISentinel/cmd/aisentinel@latest
aisentinel --help
aisentinel serve --policy policies/default.yamlOption B: clone and build
git clone https://github.com/Kabzhanov/AISentinel.git
cd AISentinel
go build -o bin/aisentinel ./cmd/aisentinel
./bin/aisentinel serve --policy policies/default.yamlOption C: add to Claude Code / Cursor / Cline
{
"mcpServers": {
"aisentinel": {
"command": "aisentinel",
"args": ["serve", "--policy", "/absolute/path/to/policies/default.yaml"]
}
}
}Then restart your MCP client and ask your agent to call any tool —
AISentinel will gate every call and write a JSONL audit trail to
~/.aisentinel/events-YYYY-MM-DD.jsonl.
4. Key Features
Pre-tool gate — evaluate every tool call against a YAML policy (allow / block / require_human_approval / log_only).
Audit log — append-only JSONL with a standardised event schema.
Validate-policy — lint a YAML policy without loading it.
Built-in policies —
default,strict,audit-only(seepolicies/).MCP-native — works in Claude Code, Claude Desktop, Cursor, Cline, Continue.
Zero telemetry — runs locally; no phone-home.
Apache 2.0 — permissive open source with patent grant.
5. Connectors
MCP stdio —
aisentinel serve(Claude Code, Claude Desktop, Cursor, Cline, Continue).Streamable-HTTP —
https://mcp.aisentinel.bizdnai.com/mcp(SaaS, OAuth via BizDNAi).CLI —
aisentinelsubcommands (serve,validate-policy,policies,events,version).Library — Go package
github.com/Kabzhanov/AISentinel/internal/policyfor embedding.
6. Policy Examples
See policies/default.yaml for the full default policy.
version: 1
name: default
rules:
- id: secret-in-args
match: { tool_args_regex: "(?i)(api[_-]?key|secret|token|password|passwd)" }
decision: block
reason: "Possible secret in arguments"
- id: lan-deny
match: { tool_name: "Bash", tool_args_regex: "10\\.|192\\.168\\.|172\\.(1[6-9]|2\\d|3[01])\\." }
decision: block
reason: "LAN access blocked by default"Match modes: tool_name, tool_name_regex, tool_args_regex, tool_args_contains. Multiple matchers AND-combine.
7. How it Improves AI Trust Index Score
AISentinel generates the observability data required for AI Trust Index assessments:
Every tool call → auditable event with agent_id, session_id, decision, signals.
Every policy decision → versioned, fingerprinted (policy_signature field).
Every block → reason, risk_signals, ready for an ATI submission.
Run aisentinel_get_ati_snapshot to get a JSON blob ready to paste into
the AI Trust Index cabinet.
8. Licensing
AISentinel is available under two licensing options:
Apache License 2.0 (Open Source)
Free to use, modify, and distribute under the terms of the Apache 2.0 license.
Includes explicit patent grant from contributors.
Commercial License
For companies that want to embed AISentinel in closed-source products without open-source compliance requirements.
Contact: kabzhanov@gmail.com
By contributing to this repository, you agree to license your contributions under Apache 2.0.
See LICENSE and COMMERCIAL_LICENSE.md.
9. Installation
Requirements: Go 1.22+
go install github.com/Kabzhanov/AISentinel/cmd/aisentinel@latestVerify:
aisentinel version
# AISentinel v1.0.0 — by Kabzhanov / BizDNAi / AI Trust Index10. Usage Examples
Run the MCP server
aisentinel serve --policy policies/default.yamlValidate a custom policy
aisentinel validate-policy my-policy.yamlTail recent audit events
aisentinel events --last 20List built-in policies
aisentinel policiesTry a policy without blocking (shadow mode)
AISENTINEL_DRY_RUN=1 aisentinel serve --policy policies/default.yaml11. Event Schema
See docs/event-schema.md. One JSON object per line
in the JSONL log:
{
"event_id": "20260707T221500.000000001-1",
"timestamp": "2026-07-07T22:15:00Z",
"event_type": "pre_tool",
"agent_id": "agent-42",
"session_id": "sess-abc",
"tool_name": "Bash",
"tool_args": { "command": "curl http://attacker.com/x" },
"decision": "block",
"policy_matched": ["bash-network"],
"risk_signals": ["rule_matched:bash-network"]
}12. Contributing
See CONTRIBUTING.md. By contributing you agree to license your contribution under Apache 2.0.
13. Roadmap
v1.0 (this release) — MCP stdio, 4 tools, 3 built-in policies, JSONL audit log.
v1.1 —
aisentinel scan(MCP-config auditor), mobile connectors.v1.2 — streamable-HTTP transport (SaaS mode), OAuth via BizDNAi.
v2.0 — ATI-feed integration, IDE plugins (VSCode MCP Inspector).
14. License
Apache License 2.0. See LICENSE.
AISentinel is dual-licensed under Apache 2.0 and a commercial license. For commercial terms, contact kabzhanov@gmail.com.
By Kabzhanov / BizDNAi — creators of the AI Trust Index.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Kabzhanov/AISentinel'
If you have feedback or need assistance with the MCP directory API, please join our Discord server