SentinelMeshSOC
Runtime security mesh for autonomous agents
closed
Audit —

Microsoft AI Integration

SentinelMesh plugs natively into Microsoft Agent Framework (MAF), Azure AI Content Safety, the AI Red Teaming Agent, Foundry tracing, and Foundry IQ — three lines of code wrap any MAF or Semantic Kernel agent in our seven-layer policy engine.

Attack Success Rate — naked vs SentinelMesh-protected

Microsoft AI Red Teaming Agent
Loading…

Microsoft Agent Framework — three-line integration

MAF docs 
from agent_framework import Agent
from agent_framework.openai import OpenAIChatClient
from sentinelmesh_agents.microsoft.maf_middleware import attach_sentinel

sentinel = await attach_sentinel(goal="book a hotel in Bangalore")

agent = Agent(
    name="skynest_concierge",
    client=OpenAIChatClient(model="gpt-4o-mini"),
    instructions="You book hotels for travellers, safely.",
    tools=[book_hotel, send_email],
    middleware=[sentinel],          # ← the whole integration
)
Every tool call now flows through L1–L7 + CAP + DLP, gets policy-engine verdict, hash-chained audit, and live SOC dashboard event.

Semantic Kernel — same middleware as a function-invocation filter

SK filter docs 
from semantic_kernel import Kernel
from semantic_kernel.filters import FilterTypes
from sentinelmesh_agents.microsoft.maf_middleware import (
    SentinelMiddleware, attach_sentinel,
)

kernel = Kernel()
sentinel = await attach_sentinel(goal="book a hotel in Bangalore")
kernel.add_filter(FilterTypes.FUNCTION_INVOCATION, sentinel)
# Same middleware works against MAF and SK — the
# FunctionInvocationContext shape is identical.
SK is now Microsoft Agent Framework, but legacy SK deployments work too —SentinelMiddleware is duck-typed against the shared FunctionInvocationContext shape.

Foundry IQ knowledge-base export

loading…
GET /api/v1/foundry-iq/policies — markdown ingestible into a Foundry IQ knowledge base. Any Foundry-hosted agent can then ask "what does the SentinelMesh policy say about external vendor charges?" via the same Responses API call that handles file_search.
Loading…

OTel — gen_ai conventions on every Sentinel decision

Foundry tracing
InstrumentedSentinelClient emits one OTel span per inspect with the gen_ai semantic conventions, so Sentinel decisions show up natively in Foundry's Trace explorer next to the agent's execute_tool spans.
  • gen_ai.systemSet to 'sentinelmesh' so Foundry trace explorer groups them
  • gen_ai.operation.nameAlways 'execute_tool' (matches MAF child-span convention)
  • gen_ai.tool.name<plugin>.<function> — what the agent tried to call
  • sentinelmesh.decisionALLOW | REWRITE | REQUIRE_APPROVAL | BLOCK | QUARANTINE
  • sentinelmesh.composite_riskRisk score in [0,1] — span goes red on BLOCK
  • sentinelmesh.scanner.<L1|L2|...>Per-layer scanner score (DLP/CAP scored too)
Configure with OTEL_EXPORTER_OTLP_ENDPOINT (Foundry Hosted Agents inject this automatically).

What runs where

Run the comparison demo
python -m examples.redteam_compare \
    --objectives-per-category 3 \
    --out artifacts/redteam-report.json
Run the MAF agent under Sentinel
OPENAI_API_KEY=... \
    python -m examples.maf_governed_agent