Prompt injection broke every agent system I built so I designed a gateway that separates instructions from data
Prompt injection broke every agent system I built so I designed a gateway that separates instructions from data

Prompt injection broke every agent system I built so I designed a gateway that separates instructions from data

While building agent-based systems with LLM tool use, I kept running into the same failure mode:

External content (webpages, files, API responses) would eventually influence agent behavior in unintended ways.

Prompt injection isn’t just a “filtering problem” it’s an architectural one.

So I built Sentinel Gateway, a middleware layer that sits between agents and tools and enforces a strict separation:

  • Instruction channel (trusted, signed, runtime-issued only)
  • Data channel (untrusted, never executable)

Any action an agent takes must be backed by a signed, scoped runtime token, which means:

  • external content cannot escalate into instructions
  • tool calls cannot be influenced by injected payloads
  • agent actions are constrained to explicit permissions

It’s designed around the idea that:

What it currently supports

  • FastAPI-based agent gateway
  • Streamlit UI for inspection and control
  • Claude sessions + external agent integration
  • Runtime-signed tool execution tokens
  • Audit logging of all agent actions
  • Scheduled tasks + memory tiers
  • Local (SQLite) or Postgres deployment
submitted by /u/vagobond45
[link] [comments]