SentisecSentisec
FOR DEVELOPERS

Turn your risky integrations back on — and still feel safe.

Give your coding agent shell, repo, web, and connector access again. Point your base URL at us, and every action gets scored before it runs — so the one poisoned page that tries to exfiltrate your keys gets halted, not honored. No popups. You won't feel it.

CLAUDE CODE · CURSOR · CODEX · N8NOBSERVE-FIRST ROLLOUTZERO TOKEN CUSTODY
DEVELOPER
INTEGRITY SCORE0.00
NOMINAL
task ⇒ action : action ∈ scope(task) ∧ destination ∈ allow
FIG. 01 · DEVELOPER TIER
§01 CAPABILITY, RESTORED

You already turned off the useful tools. Turn them back on.

If you build with Claude Code, Cursor, Codex, or n8n, you know the pattern: your agent reads an attacker-chosen page, a hidden instruction tells it to exfiltrate a secret, and by the time you notice the request has already left. The usual fix is to disable connectors and babysit every action. Sentisec makes the fix safety-first — so you can hook up email, shell, and web browsing, and let the loop run.

Connectors, re-enabled

An agent that can read your inbox and call your APIs again without being able to send secrets to a stranger.

Bash + web, together

Your agent can browse the web and run shell commands — it just can't combine them into an exfiltration.

The overnight job, unsupervised

Scheduled agent jobs that actually run unsupervised. You read the logs only when we flag something.

The fast loop, intact

No approval popups. We decide inline before the action executes.
§02 THE SWAP

Point your base URL. Keep your agent loop.

One base-URL change. Every action your agent proposes is scored before it runs; the ones taken from a manipulated state are halted with a clear reason.

You won't feel it — the check runs inline in low single-digit milliseconds.

sentisec · base-url swap
# point your existing SDK at the control plane$ export ANTHROPIC_BASE_URL=https://api.sentisec.ch$ export OPENAI_BASE_URL=https://api.sentisec.ch/v1
See it block a live attack

CLAUDE CODE · CURSOR · CODEX · N8N

Integrations
LIVE VIEW · ABSTRACTED
Cognitive integrity · session trace
SESSION TRACE
  1. t=00Task received: research competitors, email me a summary.
COGNITIVE INTEGRITY
100/100
NOMINAL
A single integrity score, drawn from four named verdict levels (NOMINAL · ELEVATED · SUSPICIOUS · HIJACK). Internals of the computation are intentionally omitted from public views.
DETECTION
NOT REQUIRED
USER APPROVAL
NONE
EVIDENCE
SIGNED · REPLAYABLE
OVERHEAD
LOW-MS INLINE
§03 HONEST LIMITS

What it does. What it doesn't (yet).

We'd rather you know before you ship than find out in production.

WHAT IT DOES
  • Halts actions taken from a manipulated state — shell, fetch, connector, and filesystem calls — before they execute.
  • Stops outbound actions whose destination is outside your workspace boundary.
  • Gates sensitive local actions by workspace policy, without turning every step into a manual approval.
  • Produces a signed, replayable evidence bundle for every session.
WHAT IT DOESN'T (YET)
  • Vendor server-side tools that execute inside the provider's own infrastructure are invisible to any external control plane, including ours.
  • Genuinely in-scope, task-aligned actions are a fundamental limit of substrate-level defenses — no external monitor can read intent at perfect fidelity.
  • Fast-moving editor surfaces are re-verified each release; between releases, a new action shape may briefly be best-effort.
  • Local-model coverage varies per model — we detect and flag reduced-coverage sessions in the dashboard.
Integrations
  • CLAUDE CODE
  • CURSOR
  • CODEX
  • N8N
§04 GET STARTED

See it block a live attack against your stack.

Book a 30-minute walkthrough — we run the live block, then answer your integration questions on the call. Want to read first? The docs cover every supported agent.