Application Integration (Connectivity)
Zero-code instrumentation of AI apps using proxy environment variables.
An Application in the Sentinel ecosystem refers to any piece of code, automated agent, or internal tooling that leverages AI models and resources.
Applications come in many forms, including:
- Internal Tools: Developer utilities like
claude-codethat leverage remote, public Anthropic models. - Customer-Facing Bots: User-facing agents or customer service systems running on top of private, custom OpenAI-compatible models (like a local GPUStack or vLLM instance).
The easiest way to intercept and protect your application's data streams with Sentinel—without changing a single line of your code—is by redirecting standard model provider environment variables to point to your gateway proxy.
Directing Traffic via Environment Variables
Most AI frameworks and official SDKs (OpenAI, LangChain, Anthropic, etc.) respect default environment variables to determine where to route their API traffic. By overriding these base URL variables to point to your local Sentinel Gateway, all application traffic is automatically instrumented.
Option A: Manual Configuration (Bash/Zsh)
You can manually expose these variables in your current terminal session. Assuming your local Sentinel gateway is running on http://localhost:8000:
# For OpenAI SDKs & compatible frameworks
export OPENAI_BASE_URL="http://localhost:8000/openai"
# For Anthropic SDKs & frameworks
export ANTHROPIC_BASE_URL="http://localhost:8000/anthropic"
# For Gemini/Google AI Studio SDKs
export GOOGLE_BASE_URL="http://localhost:8000/gemini"Option B: Automatic Configuration via the Sentinel CLI
Instead of managing environment variables manually across different terminals, the Sentinel CLI can manage system-wide proxy states natively.
1. Configure your Providers and Gateway URL
Tell the CLI which providers you want to intercept and where your gateway is located using the config command:
sentinel config providers
sentinel config url(This updates your local configurations under ~/.config/sentinel/config.json)
2. Toggle the Proxy Globally
Once configured, you can turn the interception environment rules on or off across your entire device session layout:
# Inject the environment variables globally across your session environment
sentinel proxy on
# Remove the environment variables and restore default direct-to-cloud routing
sentinel proxy offInstrumenting a Custom OpenAI-Compatible Provider
If you followed the Gateway Deployment Guide to add a custom provider (for example, a custom backend named "my-custom-model"), your application can target it just as easily.
Because custom providers utilize the OpenAI-compatible formatting structure, you simply point the standard OPENAI_BASE_URL variable (or however the environment variable is defined for your app) to your custom provider's endpoint path exposed by the Sentinel proxy gateway.
Using the "my-custom-model" example from your gateway setup, you would instrument your application like this:
# Point OpenAI framework traffic to the custom proxy path on the gateway
export OPENAI_BASE_URL="http://localhost:8000/my-custom-model"Example: Running an Application (Python)
Now, when your application initializes a standard OpenAI client instance, it will seamlessly stream through Sentinel to your custom backend target without requiring any custom code overrides:
from openai import OpenAI
# The client automatically picks up OPENAI_BASE_URL from the environment
client = OpenAI(api_key="mock-key-if-required-by-your-backend")
response = client.chat.completions.create(
model="your-custom-model-name",
messages=[{"role": "user", "content": "Hello world!"}]
)
print(response.choices[0].message.content)Sentinel catches the traffic at /my-custom-model, evaluates your local security policies, applies the configured guardrails, and proxies it to the custom base URL (e.g., your GPUStack server) safely.
