Moltbot Integration
Security guardrails for Moltbot with real-time validation, data leak prevention, and threat detection. Designed as a copilot, not a gatekeeper.
Installation
npm install @sentinelseed/moltbotAdd to your Moltbot config:
{
"plugins": {
"sentinel": {
"level": "watch"
}
}
}Protection Levels
| Level | Blocking | Alerting | Best For |
|---|---|---|---|
off | None | None | Disable Sentinel |
watch | None | All threats | Daily use, full visibility |
guard | Critical | High+ threats | Sensitive data environments |
shield | Maximum | All threats | High-security workflows |
The default watch mode provides full monitoring with zero blocking. Higher levels add protection you can always bypass when needed.
How It Works
Sentinel integrates with Moltbot hooks to provide layered protection:
| Layer | Hook | Function | Can Block |
|---|---|---|---|
| L1 | message_received | Analyze input for threats | No (alerts only) |
| L2 | before_agent_start | Inject safety seed | No (context only) |
| L3 | message_sending | Validate output content | Yes |
| L4 | before_tool_call | Validate tool calls | Yes |
What Gets Detected
Input Analysis detects prompt injection attempts, jailbreak patterns, role manipulation, and system prompt extraction.
Output Validation catches API keys (OpenAI, Anthropic, AWS), passwords, private keys, tokens, credit card numbers, and SSNs.
Tool Validation blocks destructive commands (rm, drop, truncate), system path access, dangerous network operations, and privilege escalation.
Escape Hatches
When you need to bypass protection:
/sentinel pause 5m # Pause for 5 minutes
/sentinel allow-once # Allow next action
/sentinel trust bash # Trust a tool for the session
/sentinel resume # Resume protectionConfiguration
{
"plugins": {
"sentinel": {
"level": "guard",
"alerts": {
"enabled": true,
"webhook": "https://your-webhook.com/sentinel",
"minSeverity": "high"
},
"ignorePatterns": ["MY_SAFE_TOKEN"],
"logLevel": "warn"
}
}
}Programmatic API
Hook Factory
import { createSentinelHooks } from '@sentinelseed/moltbot';
const hooks = createSentinelHooks({
level: 'guard',
alerts: {
enabled: true,
webhook: 'https://your-webhook.com/sentinel'
}
});
export const moltbot_hooks = {
message_received: hooks.messageReceived,
before_agent_start: hooks.beforeAgentStart,
message_sending: hooks.messageSending,
before_tool_call: hooks.beforeToolCall,
agent_end: hooks.agentEnd,
};Validators
import { validateOutput, validateTool, analyzeInput, getLevelConfig } from '@sentinelseed/moltbot';
const levelConfig = getLevelConfig('guard');
const outputResult = await validateOutput(content, levelConfig);
if (outputResult.shouldBlock) {
console.log('Blocked:', outputResult.issues);
}
const toolResult = await validateTool('bash', { command: 'ls' }, levelConfig);
const inputResult = await analyzeInput(userMessage);Escape Manager
import { EscapeManager } from '@sentinelseed/moltbot';
const escapes = new EscapeManager();
escapes.grantAllowOnce('session-id', { scope: 'output' });
escapes.pauseProtection('session-id', { durationMs: 300000 });
escapes.trustTool('session-id', 'bash', { level: 'session' });Audit Log
import { AuditLog } from '@sentinelseed/moltbot';
const audit = new AuditLog({ maxEntries: 1000 });
const recent = audit.getRecent(10);
const stats = audit.getStats();CLI Commands
/sentinel status # Current status
/sentinel level [new] # View/change level
/sentinel log [count] # View recent audit entries
/sentinel pause <duration> # Pause protection
/sentinel resume # Resume protection
/sentinel allow-once [scope]# One-time bypass
/sentinel trust <tool> # Trust a tool
/sentinel untrust <tool> # Revoke trust
/sentinel help # Show all commands