Summary
Adds governance and compliance enforcement to AI coding workflows by exposing Sentrik's scanning engine through MCP. The server gives Claude and other agents real-time access to compliance rules (OWASP, SOC 2, HIPAA, PCI-DSS), scan results, and remediation guidance so they can write compliant code from the start rather than catching violations in PR review. Useful if you're generating code at speed with AI agents and need to enforce security policies, regulatory standards, or architectural rules before commits ship. The underlying CLI supports 158+ rules across 5 free standards packs, with paid tiers adding medical device (FDA IEC 62304), government (NIST, CMMC), and automotive standards.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Sentrik
Governance runtime for AI-generated code
Scan, gate, and trace compliance automatically — before it ships.
Website • Docs • Community • Pricing
What is Sentrik?
Sentrik is a CLI + dashboard that enforces coding standards, compliance rules, and security policies on every commit. Built for teams using AI coding agents (Claude Code, Cursor, Copilot) where code is generated faster than humans can review it.
The problem: AI agents write code that works but may violate security policies, compliance requirements, or architectural standards. Nobody catches it until audit time.
The solution: Sentrik scans every change against regulatory standards (OWASP, SOC 2, HIPAA, PCI-DSS, FDA IEC 62304, and more), gates PRs that fail, and generates audit-ready evidence.
Install
pip install sentrik
Installing gives you the free tier immediately — 6 standards packs, 193 rules, no license key or sign-up. Paid tiers are activated with a license key from hello@sentrik.dev.
Quick Start
# 1. Initialize your project (auto-detects language, frameworks, CI)
sentrik init
# 2. Scan your code
sentrik scan
# 3. Enforce the gate in CI (exit 1 on failure)
sentrik gate
# 4. Launch the dashboard
sentrik dashboard
Free Tier (forever, no credit card)
Sentrik includes 6 standards packs with 193 rules for free:
| Pack | Rules | What it catches |
|---|---|---|
| OWASP Top 10 | 69 | SQL injection, XSS, auth flaws, SSRF, and more |
| SOC 2 | 30 | Trust services criteria for security & availability |
| Python Security | 18 | eval/exec, pickle, subprocess, Django/Flask vulns |
| Go Security | 15 | Injection, crypto misuse, unsafe, concurrency bugs |
| Supply Chain Security | 26 | SLSA, SBOM, dependency integrity, AI tool supply chain |
| C/C++ Coding Standards | 35 | Modern C/C++ safety and security practices |
Plus built-in commands at every tier:
sentrik scan/sentrik gate- Scan and enforcesentrik vulns- Dependency vulnerability scanning (CVEs)sentrik sbom- Software bill of materialssentrik secrets- Hardcoded secrets detectionsentrik dashboard- Web UI with findings, charts, and reportssentrik threat-model- STRIDE threat analysissentrik quality-score- Code quality scoring (0-100)
Paid Tiers
| Free | Team | Organization | |
|---|---|---|---|
| Standards packs | 6 (193 rules) | 18 (475 rules) | 24 (595 rules) |
| OWASP, SOC 2, Supply Chain, C/C++ | Yes | Yes | Yes |
| HIPAA, PCI-DSS, ISO 27001, GDPR | - | Yes | Yes |
| FDA IEC 62304, NIST, CMMC, Cloud IaC | - | Yes | Yes |
| MISRA-C, DO-178C, ISO 26262 | - | - | Yes |
| Vulnerability scanning | Yes | Yes | Yes |
| Dashboard | Yes | Yes | Yes |
| Work item reconciliation | - | Yes | Yes |
| Custom rule packs | 5 | 25 | 100 |
| Parallel scanning | - | - | Yes |
| Governance & audit log | - | - | Yes |
Paid tiers are available by contacting hello@sentrik.dev — see sentrik.dev/pricing.
CI/CD Integration
GitHub Actions (Marketplace)
# .github/workflows/sentrik.yml
name: Sentrik Gate
on: [pull_request]
jobs:
gate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: maxgerhardson/sentrik-community@v1
That's it — one line. The action auto-detects PR context, runs the gate, uploads SARIF to GitHub Code Scanning, and attaches the findings report as an artifact.
With options:
- uses: maxgerhardson/sentrik-community@v1
with:
packs: "owasp-top-10,soc2,supply-chain-security"
fail-on: "critical,high"
license-key: ${{ secrets.SENTRIK_LICENSE_KEY }}
Using outputs:
- uses: maxgerhardson/sentrik-community@v1
id: sentrik
- run: echo "Found ${{ steps.sentrik.outputs.findings-count }} findings"
if: always()
GitLab CI
sentrik:
image: maxgerhardson/sentrik:latest
script:
- sentrik gate --git-range "origin/main...HEAD"
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
Azure Pipelines
- script: |
pip install sentrik
sentrik gate --git-range "origin/main...HEAD"
displayName: Sentrik Gate
AI Agent Integration
Sentrik works as an MCP server for AI coding agents:
# Start MCP server for Claude Code, Cursor, VS Code
sentrik mcp-server
The MCP server gives AI agents real-time access to compliance rules, scan results, and remediation guidance — so they write compliant code from the start.
Example Configurations
Starter (web app)
# .sentrik/config.yaml
standards_packs:
- owasp-top-10
- supply-chain-security
gate:
fail_on:
- critical
- high
Healthcare / Medical Device
standards_packs:
- owasp-top-10
- hipaa
- fda-iec-62304
- supply-chain-security
gate:
fail_on:
- critical
- high
- medium
Fintech
standards_packs:
- owasp-top-10
- pci-dss
- soc2
- supply-chain-security
gate:
fail_on:
- critical
- high
Government / Defense
standards_packs:
- owasp-top-10
- nist-800-53
- cmmc
- supply-chain-security
gate:
fail_on:
- critical
- high
- medium
Community
- Discussions - Ask questions, share tips, show what you've built
- Issues - Report bugs or request features
- Documentation - Full CLI reference, configuration guide, API docs
Support
| Channel | For |
|---|---|
| GitHub Discussions | Questions, ideas, community help |
| support@sentrik.dev | Direct support (paid tiers) |
| sales@sentrik.dev | Pricing and licensing |
License
Proprietary. Free tier available forever with no credit card required.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
GUARD_LICENSE_KEYsecretSentrik license key for Team/Organization features (optional — free tier works without it)
Categories
Registryactive
Packagesentrik
TransportSTDIO
AuthRequired
UpdatedApr 9, 2026
