Sentry Integration

Sentry Integration: Agent Security Error Tracking

Track blocked agent actions as Sentry errors

Forward Rune security blocks to Sentry as error events. When Shield blocks a tool call due to prompt injection or policy violation, Sentry captures the full context — agent ID, threat type, risk score, and the code path that triggered it. Debug agent security issues with the same tool your engineering team already uses for error tracking.

Add Security in Minutes

npm install @sentry/node @runesec/sdk

// In your agent code — forward Shield blocks to Sentry:

import * as Sentry from "@sentry/node";
import { Shield, ShieldBlockedError } from "@runesec/sdk";

const shield = new Shield({ apiKey: "rune_live_..." });

try {
  const result = shield.scanInput(userMessage);
  if (result.blocked) {
    Sentry.captureException(
      new Error(`Agent blocked: ${result.threatType}`),
      {
        tags: {
          agentId: "my-agent",
          threatType: result.threatType,
          severity: result.highestSeverity,
        },
        extra: {
          riskScore: result.riskScore,
          threats: result.threatsDetected,
        },
      }
    );
  }
} catch (err) {
  if (err instanceof ShieldBlockedError) {
    Sentry.captureException(err);
  }
}

Full setup guide in the documentation

Why Sentry Agents Need Runtime Security

Blocked agent actions are errors from the user's perspective. When a legitimate request gets blocked (false positive) or a real threat is caught, your engineering team needs the same debugging context they get for any other error. Sentry integration puts agent security into your existing error tracking workflow.

Top Threats to Sentry Agents

highSilent Security Failures

Without error tracking, blocked agent actions are invisible to engineering. You don't know if blocks are legitimate threat prevention or false positives degrading user experience.

mediumDebugging Blind Spots

When a user reports 'the agent didn't work,' you need to know if it was a security block, a bug, or a policy misconfiguration. Sentry gives you that context.

mediumFalse Positive Detection

Tracking blocks in Sentry lets you spot patterns — if a specific agent or tool path triggers frequent blocks, it might indicate a false positive that needs a policy adjustment.

What Rune Does for Sentry

Error Capture

ShieldBlockedError exceptions are automatically captured by Sentry with full stack traces, agent context, and threat details.

Custom Tags

Tag Sentry events with agent ID, threat type, and severity for filtering and grouping. Create Sentry alerts based on specific threat categories.

Code-Level Integration

Unlike webhook-only integrations, Sentry captures the full code context — which function was called, what arguments were passed, and where in the call stack the block occurred.

Release Tracking

Correlate agent security blocks with releases to detect when a new deployment introduces false positives or changes security behavior.

Common Sentry Use Cases

Engineering debugging of blocked agent actions
False positive detection and policy tuning
Release-correlated security regression tracking
User-reported issue investigation

Other Integrations

Datadog

Unified observability for agent security and infrastructure

PagerDuty

Route agent security incidents to your on-call team

Splunk

Enterprise SIEM integration for agent security events

Secure your Sentry agents today

Add runtime security to your Sentry agents in under 5 minutes. Free tier includes 10,000 events per month.

Start Free — 10K Events/Month Integration Docs