Turn your risky integrations back on — and still feel safe.
Give your coding agent shell, repo, web, and connector access again. Point your base URL at us, and every action gets scored before it runs — so the one poisoned page that tries to exfiltrate your keys gets halted, not honored. No popups. You won't feel it.
You already turned off the useful tools. Turn them back on.
If you build with Claude Code, Cursor, Codex, or n8n, you know the pattern: your agent reads an attacker-chosen page, a hidden instruction tells it to exfiltrate a secret, and by the time you notice the request has already left. The usual fix is to disable connectors and babysit every action. Sentisec makes the fix safety-first — so you can hook up email, shell, and web browsing, and let the loop run.
Connectors, re-enabled
Bash + web, together
The overnight job, unsupervised
The fast loop, intact
Point your base URL. Keep your agent loop.
One base-URL change. Every action your agent proposes is scored before it runs; the ones taken from a manipulated state are halted with a clear reason.
You won't feel it — the check runs inline in low single-digit milliseconds.
# point your existing SDK at the control plane$ export ANTHROPIC_BASE_URL=https://api.sentisec.ch$ export OPENAI_BASE_URL=https://api.sentisec.ch/v1
CLAUDE CODE · CURSOR · CODEX · N8N
What it does. What it doesn't (yet).
We'd rather you know before you ship than find out in production.
- Halts actions taken from a manipulated state — shell, fetch, connector, and filesystem calls — before they execute.
- Stops outbound actions whose destination is outside your workspace boundary.
- Gates sensitive local actions by workspace policy, without turning every step into a manual approval.
- Produces a signed, replayable evidence bundle for every session.
- Vendor server-side tools that execute inside the provider's own infrastructure are invisible to any external control plane, including ours.
- Genuinely in-scope, task-aligned actions are a fundamental limit of substrate-level defenses — no external monitor can read intent at perfect fidelity.
- Fast-moving editor surfaces are re-verified each release; between releases, a new action shape may briefly be best-effort.
- Local-model coverage varies per model — we detect and flag reduced-coverage sessions in the dashboard.
- CLAUDE CODE
- CURSOR
- CODEX
- N8N
See it block a live attack against your stack.
Book a 30-minute walkthrough — we run the live block, then answer your integration questions on the call. Want to read first? The docs cover every supported agent.