Sentinel A2A Agent Plus

• 

  Production-ready codebase leveraging LangGraph and Gemini 1.5 Pro to monitor, detect, and remediate system dependencies.

Inspiration

As AI agents transition from simple chat assistants to autonomous entities with direct system execution privileges (Agent-to-Agent and Agent-to-API orchestration), a massive, unaddressed security gap is emerging. Traditional cybersecurity architectures are completely unequipped to handle stateful, cyclical, multi-agent workflows that can alter software environments in real time.

We built Sentinel A2A Agent Plus to prove that you can deploy high-velocity, autonomous developer agents without inheriting severe compliance, system access, and vulnerability risks.

What it does

Sentinel A2A Agent Plus is a production-grade, security-hardened orchestration system designed to audit code repositories, track agent actions, and manage multi-agent state boundaries securely. It acts as an intelligent, automated defensive layer that isolates threat vectors and prevents the deployment or execution of vulnerable code across interconnected environments.

How we built it

The platform is architected around a stateful, cyclical multi-agent engine using advanced agentic workflow methodologies:

• Orchestration Core: Built utilizing langgraph to manage complex, non-linear state transitions, execution cycles, and tool-calling validation parameters.
• Intelligence Layer: Powering our intent extraction and autonomous auditing functions is the cutting-edge google-genai engine, running low-latency structural code analysis.
• System Integration: Engineered a custom python-gitlab communication pipeline allowing the agent to interface directly with remote code ecosystems, automatically scanning workspace files.

Challenges we ran into

Building an autonomous system means navigating highly complex dependency trees. During development, our automated pipeline flags went off—identifying 8 distinct security vulnerabilities across core dependencies like urllib3, PyJWT, Django, and ultrajson.

Managing the pipeline infrastructure itself presented classic DevOps hurdles: resolving system-wide environment pathing warning states, overcoming initial Git authentication gates, handling branch divergence tracking mismatches (master vs main), and handling billing-locked cloud testing dependencies.

Accomplishments that we're proud of

Instead of pushing compromised code or ignoring the alerts, we paused operations and completely hardened our baseline workspace environment. We successfully forced strict version-boundary patches to guarantee high-integrity performance: $$\text{Secure Boundary} \ge \text{vVersion Patch}$$

We rewrote our local-to-remote delivery streams, enforced robust Secret Protection and Push Protection, cleared our branch configuration conflicts, and streamlined our pipeline to ensure a 100% clean, zero-vulnerability package submission.

What we learned

1. Agentic Stateful Hygiene: AI orchestration cannot rely on linear prompt chains; rigorous state tracking via graph structures is critical for enforcing security error boundaries.
2. Defensive AI Engineering: Security isn't a post-development wrapper—it must be built directly into the project's dependency structure, environment control, and delivery pipelines from day one.

What's next for Sentinel A2A Agent Plus

Sentinel A2A Agent Plus is built for immediate, production-ready horizontal scaling. Our next steps include migrating the local vLLM and Ollama testing frameworks into fully distributed Google Cloud GKE (Google Kubernetes Engine) clusters, expanding regional cyber-resilience automation for critical infrastructure across Southern Africa.

Built With

• api
• cloud
• genai
• git
• github
• google
• langgraph
• python
• shell