We kept thinking SentinelGate was ready. It wasn't.

We built SentinelGate — an open-source MCP proxy that intercepts every AI agent tool call and evaluates it against your policies before it executes. Go, single binary, CEL policy engine, full audit trail. We thought it was ready three times. Each time, something proved us wrong — bugs, sure, but also architectural decisions that felt obvious until someone tried to use the thing and they weren't obvious at all. Why a proxy, not a wrapper The first instinct when you want to control what an AI agent does is to wrap it. Hook into the agent's process, intercept calls from inside, apply your rules. We tried this. It works — until you have more than one agent. A wrapper means integration. If you're running Claude Code, Gemini CLI, Cursor, and a Python script using the MCP client SDK, that's four different integration points. Four different hook mechanisms. Four things that break when the agent updates. And when Codex ships next month with its own MCP support, that's a fifth. We scrapped the w