While building agent-based systems with LLM tool use, I kept running into the same failure mode:
External content (webpages, files, API responses) would eventually influence agent behavior in unintended ways.
Prompt injection isn’t just a “filtering problem” it’s an architectural one.
So I built Sentinel Gateway, a middleware layer that sits between agents and tools and enforces a strict separation:
- Instruction channel (trusted, signed, runtime-issued only)
- Data channel (untrusted, never executable)
Any action an agent takes must be backed by a signed, scoped runtime token, which means:
- external content cannot escalate into instructions
- tool calls cannot be influenced by injected payloads
- agent actions are constrained to explicit permissions
It’s designed around the idea that:
What it currently supports
- FastAPI-based agent gateway
- Streamlit UI for inspection and control
- Claude sessions + external agent integration
- Runtime-signed tool execution tokens
- Audit logging of all agent actions
- Scheduled tasks + memory tiers
- Local (SQLite) or Postgres deployment
[link] [comments]