MCP gives agents access to tools — databases, file systems, APIs. The problem is there's no access control layer. An agent with a database tool can run any query. An agent with file access can read anything. The only safeguard right now is a user clicking "Allow" on a prompt they probably won't read.
Sentinel Gate is a proxy that sits between your MCP client and servers. Every tool call gets checked against RBAC policies before it reaches the server.
The key design decision: *deterministic rules, not AI*. Policies are written in CEL (Common Expression Language). If a rule says deny, it denies. No LLM in the security path, no prompt injection possible against the firewall itself. You get a full audit log of every tool call — what was requested, what was allowed, what was blocked.
Built in Go. Self-hosted. PostgreSQL for audit logs, Redis for sessions. AGPL-3.0.
It's early — we're looking for feedback from teams running MCP in production or planning to. What's missing? What would make this useful for your setup?