@sentinelhq/core
v1.0.1
Published
Core security SDK for AI agents on Solana
Maintainers
buildsentinel7Readme
@sentinelhq/core
Core security SDK for AI agents on Solana.
Install
npm install @sentinelhq/coreRequires Node.js 20+
What It Does
Sentinel protects AI agents from prompt injection attacks and unsafe Solana transactions through a three-layer pipeline:
Prompt Guard — Detects and blocks jailbreaks, drain intent, role overrides, urgency manipulation, context manipulation, and out-of-scope requests. Supports an offline regex rule engine and/or an LLM-as-judge classifier (Anthropic / OpenAI).
Execution Sandbox — Simulates Solana transactions off-chain, enforces spending limits (per-tx / daily / weekly), program allowlists, cooldown rate limits, active-hour windows, and computes a 0–100 risk score.
Memo Attestation — Writes on-chain audit records via the Solana Memo Program and computes a verifiable agent trust score from transaction history.
Quick Start
Rules mode (no API key)
import { Sentinel } from '@sentinelhq/core';
const sentinel = await Sentinel.create({
mode: 'full',
promptGuard: {
mode: 'rules',
rules: { rulePacks: ['defi-safety', 'general'] },
},
executionSandbox: {
rpcEndpoint: 'https://api.mainnet-beta.solana.com',
policy: {
spendingLimits: {
maxPerTx: 1_000_000_000, // 1 SOL
maxDaily: 5_000_000_000, // 5 SOL
maxWeekly: 20_000_000_000, // 20 SOL
},
},
},
});
const result = await sentinel.execute({ input: 'swap 0.5 SOL for USDC on Raydium' });
console.log(result.approved); // trueLLM Judge mode
const sentinel = await Sentinel.create({
mode: 'full',
promptGuard: {
mode: 'llm',
llm: {
provider: 'anthropic',
apiKey: process.env.ANTHROPIC_API_KEY,
timeoutMs: 5000,
},
},
executionSandbox: { /* ... */ },
});
const result = await sentinel.execute({ input: '...' });
// result.guardResult.threatType → e.g. 'DRAIN_INTENT'
// result.guardResult.reasoning → human-readable explanationEvent listeners
sentinel.on('threat:detected', ({ result }) => {
console.warn(`[THREAT] ${result.threatType}: ${result.reasoning}`);
});
sentinel.on('policy:violated', ({ violation }) => {
console.warn(`[POLICY] ${violation.rule}: ${violation.message}`);
});Configuration
const sentinel = await Sentinel.create({
// 'full' | 'guard-only' | 'sandbox-only'
mode: 'full',
promptGuard: {
// 'rules' (offline) | 'llm' (API) | 'both' (LLM primary, rules fallback)
mode: 'both',
llm: {
provider: 'anthropic', // or 'openai'
model: 'claude-haiku-4-5',
apiKey: process.env.ANTHROPIC_API_KEY,
timeoutMs: 5000,
},
rules: {
rulePacks: ['defi-safety', 'nft-guard', 'general'],
customRulesPath: './my-rules.yaml',
},
},
executionSandbox: {
rpcEndpoint: 'https://api.mainnet-beta.solana.com',
policy: {
spendingLimits: {
maxPerTx: 1_000_000_000,
maxDaily: 5_000_000_000,
maxWeekly: 20_000_000_000,
},
allowedPrograms: [
'JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4', // Jupiter
'whirLbMiicVdio4qvUfM5KAg6Ct8VwpYzGff3uctyCc', // Orca
],
riskThreshold: 70,
cooldown: { minMs: 3000, maxPerHour: 20 },
timeActive: { startHour: 8, endHour: 23 },
},
},
attestation: {
enabled: true,
agentId: 'my-trading-bot',
payerKeypairPath: '/path/to/keypair.json',
},
});Threat Types
| Threat Type | Description |
|-------------|-------------|
| ROLE_OVERRIDE | Instructions that try to change the agent's role or override its system prompt |
| DRAIN_INTENT | Requests to transfer or drain all funds |
| URGENCY_MANIPULATION | Artificial urgency designed to bypass safety checks |
| JAILBREAK | Attempts to break out of safety constraints |
| CONTEXT_MANIPULATION | Injecting false authority or context into the conversation |
| OUT_OF_SCOPE | Requests for unauthorized operations |
Related Packages
| Package | Description |
|----------|-------------|
| @sentinelhq/cli | CLI — sentinel scan, simulate, attest, verify |
| @sentinelhq/eliza | elizaOS plugin |
| @sentinelhq/agent-kit | Solana Agent Kit middleware |
| @sentinelhq/openclaw | OpenClaw agent hook |
License
MIT