An MCP proxy that sits between Claude and your actual MCP servers to enforce access control policies before tool calls execute. You write rules in CEL (Common Expression Language) to allow or deny actions based on tool names, arguments, user roles, or context. Think blocking file reads from .aws/, rate limiting API calls, or restricting shell commands to specific directories. Ships with RBAC for multi-user setups and audit logs for every decision. Works as a drop-in stdio transport, so you configure Claude to talk to SentinelGate instead of directly to your tools. Built for teams running agents in production who need deterministic guardrails without modifying server code or relying on sandboxes alone.
claude mcp add --transport stdio sentinel-gate-sentinelgate uvx sentinelgate