Open Source Tool

sentinel

Dependency firewall for AI agents. Blocks hallucinated packages. Checks CVEs before npm/pip/cargo install.

MIT License Python

AI Hallucinates Package Names

Cursor suggests npm install react-super-helpers. Package doesn't exist. Or worse: it's a typosquatted malware. sentinel validates before install.

Validation Workflow

sentinel runs 3 parallel checks in <50ms before allowing package installation

Features

🛡️ Hallucination Detection

Validates package exists in registry (npm, PyPI, crates.io). Non-existent = blocked before install.

🔍 CVE Database

Real-time vulnerability checks. Known CVE = warning + block option. No more Log4Shell surprises.

📊 MCP Integration

Works via Model Context Protocol. Any AI IDE that supports MCP gets protection automatically.

⚡ Fast Validation

<50ms per package check. Cached for 24h. Doesn't slow down AI workflow.

🔐 Typosquatting Detection

Levenshtein distance check. "reqeusts" → suggests "requests". Protects against fat-finger attacks.

📝 Audit Log

Every block logged. "AI tried to install X at Y time". Compliance-ready trail.

Need Enterprise Features?

sentinel is free and open source (MIT). For centralized policy management across teams, check out Security Triad.

View Security Triad →

Stop Installing Hallucinated Packages

Install sentinel in 2 minutes. Block supply-chain attacks today.

Join Waitlist PyPI