Vigil is Sentiae's security intelligence platform. It provides real-time threat detection, vulnerability scanning, and compliance monitoring for cloud-native infrastructure.
Vigil consists of two components:
┌─────────────────────────────────────────────────────────────┐
│ CUSTOMER K8S CLUSTER SENTIAE PLATFORM │
│ │
│ ┌──────────────┐ gRPC ┌──────────────┐ │
│ │ vigil- │ ────────────────────▶ │ vigil- │ │
│ │ agent │ (mTLS + TLS) │ service │ │
│ │ (DaemonSet)│ │ (Control │ │
│ │ │ │ Plane) │ │
│ │ • eBPF │ │ │ │
│ │ • Telemetry │ │ • HTTP API │ │
│ │ • Rules │ │ • Scanners │ │
│ │ • Anomaly │ │ • Storage │ │
│ └──────────────┘ └──────────────┘ │
│ │
└─────────────────────────────────────────────────────────────┘
vigil/
├── agent/ # K8s DaemonSet (customer clusters)
│ ├── cmd/
│ │ ├── agent/ # eBPF telemetry collector
│ │ └── operator/ # Kubernetes operator
│ ├── internal/
│ │ ├── ebpf/ # eBPF programs
│ │ ├── monitor/ # TLS, DNS, K8s audit monitors
│ │ ├── runtime/ # Rule engine, anomaly detection
│ │ └── transport/ # gRPC client, WAL buffer
│ ├── k8s/ # Kubernetes manifests
│ └── Dockerfile
│
├── service/ # Control plane (Sentiae infra)
│ ├── cmd/
│ │ ├── server/ # HTTP + gRPC control plane
│ │ └── worker/ # Scanner worker
│ ├── internal/
│ │ ├── adapter/ # Handlers, repositories, scanners
│ │ ├── port/ # Hexagonal architecture ports
│ │ ├── usecase/ # Business logic
│ │ └── domain/ # Pure business models
│ ├── pkg/
│ │ ├── config/ # Configuration
│ │ ├── database/ # Database connections
│ │ ├── logger/ # Structured logging
│ │ ├── storage/ # S3/MinIO client
│ │ └── telemetry/ # OpenTelemetry + Prometheus
│ ├── migrations/ # Atlas SQL migrations
│ ├── Dockerfile
│ └── Dockerfile.worker
│
└── shared/ # Shared code (single source of truth)
├── proto/vigil/v1/ # Agent↔Service gRPC contracts
├── events/ # CloudEvents type definitions
├── models/ # Shared domain models
├── version/ # Single version constant
└── go.mod
cd vigil
make build-allmake test-allmake docker-build-allkubectl apply -f agent/k8s/cd service
go run ./cmd/serverDeployed as a Kubernetes DaemonSet on customer clusters. Collects:
- eBPF telemetry — Syscall monitoring (execve, openat, connect, etc.)
- TLS inspection — Certificate validation, cipher analysis
- DNS monitoring — Tunneling detection, DGA domain detection
- K8s audit logs — RBAC violations, privilege escalation
- Anomaly detection — Statistical baselines with z-score alerting
Control Plane (vigil-server):
- REST API (port 8080)
- gRPC server for agent communication (port 50054)
- Multi-store data layer (PostgreSQL, ClickHouse, Neo4j, Redis, MinIO)
Scanner Worker (vigil-worker):
- 11 independent security scanners
- Asynq-based task queue
- Bundled tools: Trivy, Semgrep, etc.
The shared/ directory contains code used by both agent and service:
- gRPC protos — Wire format contracts
- CloudEvents — Event type definitions
- Domain models —
Finding,Scan,Alerttypes - Version — Single version constant for both binaries
Both binaries share the same version:
make release VERSION=1.0.0This tags the release as vigil-1.0.0 and builds both binaries with the same version string.
agent/CLAUDE.md— Agent development guideservice/CLAUDE.md— Service development guideservice/migrations/— Database schema changes
Proprietary — Sentiae Inc.