The simplest way to run a Claude agent is also the most common way to end up with an incident: give the agent your credentials and let it go.
This isn’t a criticism of Anthropic’s API. It’s an excellent API. The problem is what it doesn’t provide: the operational layer you need to run agents safely against real systems.
What You Get With Raw API Access
When you point Claude Code directly at external services — no gateway in between — you get:
- Full access, whatever your credentials allow. The agent can do anything you can do. If your AWS key has admin access, the agent has admin access.
- No audit trail. The Anthropic API logs your token usage. It doesn’t log what your agent did with those tokens, which systems it touched, or what it changed.
- No policy enforcement. There’s no layer between the agent and the resources it can reach. If you give it a command and it decides to take a broad interpretation, there’s nothing to stop it.
- No cost controls. You’ll know how much you spent on your next invoice. You won’t know until it arrives.
- No approval gates. Destructive operations run if the agent decides to run them.
- No agent identity. If you have multiple agents sharing credentials, your audit trail is useless.
This is acceptable for: local development, prototypes, demos, personal tools with limited blast radius.
What Sentrely Adds
| Capability | Raw API | Sentrely |
|---|---|---|
| Audit trail | None | Every action, immutable |
| RBAC / policy enforcement | None | Per-agent YAML policies |
| Human approval gates | None | Slack / Telegram / dashboard |
| Cost controls | Invoice after the fact | Per-session budgets + alerts |
| Agent identity | Shared credentials | Per-agent identity |
| Runaway loop protection | None | Circuit breaker + token limits |
| Kill switch | Kill the process | Session terminate via dashboard |
| Compliance evidence | None | Structured, queryable audit log |
The Decision Framework
Use raw API access when:
- You’re building a prototype or proof of concept
- The agent only has access to your local machine
- No production data, no production credentials, no production systems
- You’re willing to lose anything the agent might touch
You need a control plane when:
- Any agent touches production systems
- Multiple agents share an environment
- You have a compliance requirement (SOC 2, HIPAA, GDPR)
- You’re running agents overnight or without human supervision
- Token costs matter to your budget
The gap between “this works in my terminal” and “this is safe to run against production” is exactly the gap a control plane fills. Sentrely adds a layer between your agents and the world — a layer that enforces policies, logs everything, and keeps humans in control of the decisions that matter.