Sentinel is a security middleware framework for Genkit-powered agents. It intercepts prompts, tool arguments, memory context, and model outputs, then enforces actions ( ALLOW , WARN , SANITIZE , BLOCK , REQUIRE_HUMAN_APPROVAL ) before risky content reaches sensitive systems. This post explains architecture, implementation details, and the exact engineering tradeoffs used to ship a practical, demo-ready security layer. Problem: Agent Systems Need Input Firewalls LLM agents are exposed to untrusted input from users, web retrieval, prior memory, and tools. Prompt injection attacks are not rare edge cases; they are expected behavior in open systems. Traditional app security has WAFs and policy gates. Agent stacks usually do not. Sentinel closes that gap.…