Sentinel AI

Inspiration

In 2025, GitHub reported that 42% of enterprise code is now AI-generated. Developers are shipping Copilot suggestions the way they trust autocomplete, without reading every line. We watched stories emerge of AI assistants generating rm -rf / commands, hardcoding API keys into public repos, and piping curl output directly into bash. The terrifying part? None of these were caught before execution.

Existing code security tools (linters, SAST scanners, code review) all operate after generation. They flag issues in pull requests, in CI pipelines, in production. By then, the damage is done. We realized there's a fundamental gap: no tool sits between the AI and execution. Nothing intercepts the moment a coding assistant generates a destructive command and a developer hits enter.

That's when we had our breakthrough: the last mile between AI-generated code and execution is completely ungoverned.

What it does

Sentinel AI is a runtime governance layer for AI coding assistants that intercepts, verifies, and audits every AI-generated action before it executes.

Step 1: Intercept

Captures the developer's prompt before GitHub Copilot ever generates a response. Screens intent against modular compliance policies. Answers: "Should this request even be allowed?"

Step 2: Analyze

Runs a dual-layer risk scan on generated code and commands. Regex hard gates catch known dangerous patterns. Gemini audits against governance policies for nuanced, context-aware violations. Answers: "Is this output safe to execute?"

Step 3: Decide

When risks are found, the developer sees a native VS Code modal dialog. No silent pass-throughs, no dismissable warnings. The developer must explicitly approve or deny. Answers: "Does a human take responsibility for this?"

Step 4: Audit

Every decision: risk detected, approved, and denied is logged as an immutable memo on Solana. No single party can alter or delete the record. Enterprises get tamper-proof, third-party verifiable proof that governance was enforced. Answers: "Can we prove this happened?"

How we built it

Architecture Our system connects five major components:

VS Code Extension (TypeScript) — Registers a @sentinelai-guard chat participant that intercepts all Copilot interactions. Implements a file save guard that blocks policy-violating saves. Spawns and manages the Python verifier as a subprocess. Handles human-in-the-loop approval via native modal dialogs that cannot be dismissed — the developer must choose.

FastAPI Verifier (Python) — Three endpoints: /check-intent for pre-generation screening, /verify for post-generation command scanning, and /execution-result for logging human decisions. Runs regex and Gemini auditing concurrently for minimal latency. Emits dashboard events as newline-delimited JSON to stdout.

Google Gemini 2.5 Flash — Powers both intent screening and command auditing. Loads all governance policy files and reasons against them in real-time. Detects nuanced violations that regex cannot — like a command that's technically safe in isolation but dangerous given the developer's stated intent. Operates as a soft enrichment layer; if Gemini is unavailable, regex hard gates still enforce.

Solana Blockchain — Logs every governance event as an SPL Memo transaction on devnet. Each memo contains event type, request ID, risk details, human decision, and timestamp — all within Solana's 566-byte limit. Designed to never block the main verification flow; Solana failures are logged and skipped gracefully.

Modular Policy System — Six markdown files covering destructive operations, cryptography, data protection, injection, secrets, and supply chain risks. Gemini reads and reasons against all policies on every request. Policies can be updated without redeploying — the verifier loads them fresh on each call.

Development Timeline Hour 0–8: Architecture design and core scaffolding. Designed the extension-based interception model over MCP gateway. Built the FastAPI verifier with dual-layer scanning. Implemented 11 regex patterns covering the most critical command-level threats. Integrated Gemini for policy-aware auditing.

Hour 8–16: VS Code extension development. Built the chat participant handler with intent checking before Copilot generation. Implemented the file save guard with synchronous policy blocking. Created the subprocess manager with health polling and 15-second timeout. Wired up the human-in-the-loop modal with infinite loop enforcement — no cancellation allowed.

Hour 16–24: Solana integration, policy authoring, and end-to-end testing. Implemented per-prompt and per-risk blockchain logging with SPL Memo. Authored six governance policy documents covering OWASP-aligned risk categories. Tested against real Copilot interactions — dangerous prompts, edge cases, Gemini failures, Solana unavailability. Refined the fail-closed vs. fail-open boundaries across every component.

Challenges we ran into

Fail-Closed vs. Fail-Open Boundaries A governance tool that silently fails is worse than no governance at all. But a tool that blocks everything when a dependency is down makes developers rip it out.

We had to make deliberate decisions at every boundary. The verifier being unreachable is catastrophic — fail closed, block everything, show an error. Gemini being unavailable is tolerable — fail open, regex still runs as a hard gate. Solana being unavailable is acceptable — fail open, log the error, never block the developer.

Getting these boundaries wrong in either direction would have killed the product. Too aggressive and developers disable it. Too lenient and it provides false confidence.

The Modal Dialog Problem VS Code's modal dialogs can be dismissed by clicking outside them. For a governance tool, that's unacceptable — a dismissed dialog is an unrecorded decision. We implemented an infinite loop that re-shows the modal until the developer explicitly clicks "Yes" or "No." This sounds simple, but required careful handling to avoid blocking the extension host and to ensure cancellation tokens were respected.

Solana's 566-Byte Memo Limit Governance events contain rich data — the full command, risk reason, policy excerpt, trace, timestamp. Solana memos are capped at 566 bytes. We had to design a truncation strategy that preserves the most audit-critical fields (event type, request ID, decision) while gracefully truncating verbose fields (trace, reason). The on-chain record is a verifiable summary; the full event lives in the dashboard stream.

Policy Granularity vs. Gemini Accuracy Too broad and Gemini flags everything — sudo in a legitimate Docker build, eval in a safe test harness. Too narrow and real threats slip through. We iterated heavily on the policy documents, adding explicit exemption sections (unit test scaffolding, educational documentation, marked dummy values) so Gemini could reason about context, not just pattern match.

Real-Time Performance Under Dual-Layer Scanning Every governance check adds latency to the developer's workflow. Intent checking happens before Copilot even generates — if it's slow, the developer feels it immediately.

We run regex scanning and Gemini auditing concurrently with asyncio.gather. Regex returns in microseconds. Gemini returns in 2–4 seconds. The total verification time is bounded by Gemini's response, not the sum of both layers. For intent checking alone (pre-generation), Gemini is the only layer, so we optimized prompts to minimize token usage and response time.

What we learned

Technical Insights The interception point matters more than the analysis. We initially explored an MCP gateway architecture before pivoting to a native VS Code extension. The extension approach gives us access to onWillSaveTextDocument, chat participant APIs, and native modal dialogs — none of which are available through MCP. The best analysis in the world is useless if you can't intercept at the right moment.

Regex and AI are complementary, not competing. Our dual-layer approach isn't redundant — it's defense in depth. Regex is deterministic, instant, and catches the obvious threats (rm -rf, curl | bash). Gemini catches the subtle ones — a command that looks safe but violates data protection policy given the developer's stated intent. Neither layer alone is sufficient.

Blockchain audit trails need a real use case. Most hackathon blockchain projects feel forced. Immutable audit trails for AI governance decisions is exactly what blockchain solves. Enterprises need to prove to regulators that every AI-generated action was screened, every risk was surfaced, and every human decision was recorded. Solana gives them that proof without trusting the entity being governed or the entity doing the governance.

Governance policies are a product, not a feature. Our six policy files took as much iteration as the code. A policy that's too strict gets the tool uninstalled. A policy that's too loose gives false confidence. The exemption sections were critical — they teach Gemini when a pattern is acceptable, not just when it's dangerous.

What's next for Sentinel AI

3-Month Roadmap Dashboard for real-time visualization of governance events and audit history ElevenLabs voice agent integration: conversational security analyst that debates risk with developers Vultr deployment for centralized, team-wide governance as a hosted service Enterprise policy onboarding — SOC 2, HIPAA, PCI-DSS as uploadable policy sets 6-Month Roadmap Production Solana mainnet deployment Multi-IDE support beyond VS Code (JetBrains, Cursor) Role-based governance: different policy tiers for junior vs. senior developers Analytics and compliance reporting for audit preparation

12-Month Roadmap Self-hosted inference replacing Gemini for air-gapped enterprise environments Custom policy authoring UI for compliance teams Scale to organization-wide deployment across thousands of developers Expansion beyond coding assistants — governance for AI agents in CI/CD, infrastructure, and operations Built With TypeScript Python FastAPI Google Gemini 2.5 Flash Solana VS Code Extension API HTML/CSS/JavaScript React Vite Node.js