How to prevent Last-Mile Manipulation to Flows

There are many ways. The most straightforward approach is using environment signals, especially environment variables, combined with simple heuristics.

For example:

• checking NODE_ENV=production
• looking for production-specific API keys or endpoints
• detecting cloud metadata or infrastructure-specific configs
• identifying access to real services vs sandbox ones

You don’t need a single explicit “this is production” flag. A combination of these signals is enough to make a reliable determination.

This isn’t theoretical—applications already do this all the time for feature flags, logging levels, and integrations. The same mechanism can be used to trigger behavior conditionally.

If legitimate code can adapt to environments, so can malicious code.

OK but the code to analyse these signals would be present and running in a test environment too.

Would your system not flag it as suspicious?

Yes, the code would be present in all environments. That’s expected.

But the key point is: presence of code is not the same as observable behavior.

In a test environment, that logic may:

• evaluate conditions
• remain dormant
• produce no visible side effects

So from the outside, everything looks fine:

• tests pass
• flows behave as expected
• no obvious red flags are triggered

The issue is that the activation path is conditional.

For example, code can:

• check for production-only environment variables
• verify access to specific services or endpoints
• look for real credentials or infrastructure signals

Only when those conditions are met does the behavior change.

Oh I forgot to answer this. Yes, Sentinel would block attacks. During patches Sentinel will revoke grants to packages and ask users to review them. It will behave as if a JWT expired, and you have to reauthenticate to get a new one.