Skip to content

HybridSystemArchitect/sentinel

Repository files navigation

🛡️ SENTINEL — Open-Core Edition

The Immune System for AI Agents

An attack seen once anywhere immunizes every agent everywhere.

Runtime enforcement + a tamper-evident antibody network that spreads immunity across nodes — on-premise, sovereign, zero third-party runtime dependencies.

license deps edition OWASP


What this is

This is the open-core edition of SENTINEL. It includes the full architecture, the antibody network, the tamper-evident ledger, the federation crypto (KeyRing), the fail-closed enforcement engine, and the complete public interfaces — enough to understand the system, run it end-to-end, and integrate against it.

The detection core — the exact matcher algorithms (sequence alignment, graph topology, risk flow, fusion) and the cross-session danger-core extractor that achieve the benchmarked accuracy — is the commercial core and is provided under license. In this edition those modules ship as working interface stubs so the whole system runs.

Open: the architecture, the network, the standard. Licensed: the detection brain.

The idea nobody else ships

Every AI-agent security tool detects or gateways — they sit in monitoring mode, and immunity does not spread. SENTINEL is a living immune system:

  1. Blocks the hijacked action at runtime (fail-closed).
  2. Extracts a content-free, signed "antibody" — the attack's structural signature, never your data.
  3. Shares it across every node — an attack identified once immunizes the whole network.
attack → BLOCK → antibody → shared memory → everyone immune

The network effect is the moat: a competitor can copy a feature, not a running network.

What runs in this edition

pip install -e ".[dev]"
pytest        # 25 infrastructure tests pass; 7 detection-core tests skip (commercial)

Fully working here: antibody protocol structure, tamper-evident hash-chain + Merkle ledger, signed feed export/import with verification, federation KeyRing (rotation, revocation, replay protection), fail-closed enforcement engine, node model, discovery, CLI.

Interface-only (commercial core): the matcher algorithms and the cross-session danger-core extractor that produce the benchmarked detection numbers.

OWASP Agentic Top 10 (2026)

See OWASP_AGENTIC_MAPPING.md — the architecture maps to 8/10 fully, 2/10 partially. Core strengths: ASI01 (Goal Hijack) and ASI06 (Memory/Context Poisoning).

Why on-premise matters

Palo Alto, Lasso, Lakera, Prompt Security — all centralized cloud. Regulated buyers (healthcare, finance, defense, EU sovereignty) legally cannot send agent traffic to a US cloud. SENTINEL is standard-library-only, air-gappable, sovereign by construction.

Commercial core / licensing

The detection core (matchers + danger-core extractor), the full benchmark suite, and the 100k-scale gate are available under commercial license, along with the reproducible evidence a buyer can re-run.

Contact: hybridarchitect@proton.me

License

Open-core edition: Apache-2.0. Commercial core: separate license.

About

The immune system for AI agents — cross-node antibody attack immunity, on-premise, dependency-free.

Topics

Resources

License

Contributing

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Languages