Inspiration As programmers, we know how tricky it can be to trust AI with your code, especially when it can access your files. One wrong command can delete or corrupt an entire project. We wanted to build a secure, autonomous coding assistant that can safely execute commands, read and write files, and interact with a developer’s environment without risking mistakes or malicious actions. Our personal experiences with CLIs and the potential for accidental damage inspired us to create an agent that acts as a guardian for your code.
What it does Sentinel SDK is a secure agent runtime that combines AI reasoning with safety enforcement. It monitors all tool calls, executes only safe commands in a sandbox, and intervenes when potentially dangerous actions are detected. It uses You.com to perform deep searches for relevant errors or security concerns, ensuring that its solutions are up to date with current documentation and libraries. It also integrates with Composio to automatically notify developers of threats via GitHub issues. Built on top of OpenCode, an open-source CLI for AI-assisted development, Sentinel SDK enhances existing workflows by adding a strong safety and enforcement layer. Essentially, it keeps AI coding assistants helpful, productive, and safe.
How we built it We built Sentinel SDK using Python and TypeScript with an asynchronous agent loop. We integrated it directly with OpenCode, an open-source CLI, to allow the agent to interact with real developer workflows while remaining fully controlled. Key components include: Bastion Guard (our continual learning model), which evaluates proposed actions from the AI and enforces safety rules. Sandbox Executor, which safely runs commands or file operations in a controlled environment. Security Search, which queries You.com whenever a potential risk is detected, ensuring the agent stays current with library updates and open-source models. LLM Adapter, which uses a Llama-based model running on Akash to reason and propose actions. GitHub Notifier, which logs detected threats as GitHub issues through Composio for easy tracking.
Challenges we ran into One of the hardest parts was letting the agent propose actions without risking dangerous operations, especially inside a real CLI environment like OpenCode. Handling asynchronous calls to the LLM and sandbox while keeping session state consistent was tricky. Making sure You.com performed proper deep searches and integrating Composio for automatic GitHub notifications caused authentication and API issues that we had to debug. We also ran into edge cases where the LLM suggested unsafe commands or invalid file paths.
Accomplishments that we're proud of We successfully integrated Sentinel SDK with OpenCode, enabling safe, real-world CLI interactions. We also connected GitHub through Composio and created a modular architecture that separates reasoning, enforcement, execution, and logging. The agent can handle destructive commands safely in a sandbox while automatically alerting developers. On top of that, we built a foundation for autonomous agents that can learn and improve over time while remaining safe.
What we learned Combining AI reasoning with strict enforcement rules is critical for safe automation. Properly sandboxed execution prevents catastrophic errors while still allowing useful operations. Integrating with open-source tools like OpenCode makes safety even more important, since agents operate closer to real developer environments. External integrations like GitHub provide real-time feedback and auditing, and handling errors gracefully in an autonomous agent requires careful design and thorough testing.
What's next for Sentinel SDK We plan to expand tool integrations to include things like database queries and cloud services. We want to add more autonomous learning capabilities so agents can improve over time. A monitoring dashboard is on the roadmap to track agent activity and security events. Finally, we want to explore multi-agent coordination, deeper OpenCode integrations, and more advanced enforcement policies.
Built With
- akash
- composio
- opencode
- python
- typescript
- you.com
Log in or sign up for Devpost to join the conversation.