§INTEGRATION · CLAUDE CODE

Claude Code, safely.

Claude Code respects `ANTHROPIC_BASE_URL`. Point it at us and every proposed action runs through the Sentisec control plane before it executes. No code changes in Claude Code itself.

ONE-LINE SETUP

Two lines. One terminal. Done.

Run the installer, then `sentisec login` to pair the workspace. We don't touch your shell rc files silently — you paste the export yourself.

bash

$ curl -fsSL https://get.sentisec.ch | bash
$ export ANTHROPIC_BASE_URL=https://api.sentisec.ch/v1

PATH OF A TOOL CALL

One hop. No framework rewrite.

Diagram is intentionally kept at the category level — the detail of the checks lives on the developer landing page and under NDA.

claude (your laptop)
   │
   ▼  proposed actions
sentisec control plane
   │   cognitive integrity score · workspace policy
   ▼
Anthropic Messages API
   │
   ▼
tool_result back to claude — or halt + reason

§CATCHES

What this catches

Bash commands whose arguments reference `~/.ssh/`, `~/.aws/`, `credentials*`, `.env`, or known key-file patterns.
Bash / WebFetch / connector calls whose destination is outside the workspace boundary.
Shell commands whose content is derived from retrieved web pages.
Prompt-injection patterns where the proposed action diverges from the user's original task.

§LIMITS

What this doesn't (yet)

Connector responses are handled conservatively in the current release. Deeper connector coverage ships in a later phase.
If you attach skills or memory that themselves contain adversarial instructions, treat that as a separate review surface until dedicated static review lands.

Full limits page →

Try free →Read what we don't catch yet See the 90-second demo →