Skip to content

Releases: marcuspat/Sentinel

Sentinel v0.1.0 — Safe Agentic System Administration

Choose a tag to compare

@marcuspat marcuspat released this 13 Jun 07:14
fa32469

Overview

Sentinel is a safe, auditable agentic system administration tool written in Rust. It drives an Investigate → Plan → Approve → Act workflow: the LLM gathers read-only observations, proposes a structured plan, waits for explicit operator approval, then executes under a strict deny-by-default policy engine with a hash-chained audit log.

This is the first public release of Sentinel — a production-ready Rust workspace of 8 crates, fully audited, clippy-clean, and cargo-audit-verified.

Highlights

  • 🛡️ Deny-by-default policy engine with kill switch, resource guards, and risk-tiered rules
  • Operator approval gate — no mutating action runs without explicit human confirmation
  • 🔗 Hash-chained audit log — SHA-256 chain, JSONL export, tamper detection
  • 🔧 14 built-in capabilities — filesystem, process, packages, network, metrics
  • 🤖 Pluggable LLM backends — Anthropic Claude, OpenAI, Ollama
  • 🌐 Fleet mode — mutual TLS (rcgen + rustls 0.23), staged rollouts
  • 🖥️ Interactive TUI — ratatui 0.30, full keyboard navigation, 5 tabs
  • 🧪 382 tests passing — 2 new tests added for PID 1 and invalid signal handling

Architecture — 8-Crate Workspace

sentinel-core         Capability trait, RiskTier, CapabilityResult, Plan types
sentinel-exec         Sandboxed command executor (allowlist, timeout, rlimits)
sentinel-policy       PolicyEvaluator: kill switch → resource guards → rules
sentinel-audit        SHA-256 hash-chained audit log, JSONL, Prometheus metrics
sentinel-capabilities 14 concrete capabilities (fs, process, packages, net, metrics)
sentinel-agent-llm    Investigate/Plan/Act reasoning loop, LLM backends
sentinel-fleet        mTLS fleet management, staged rollouts
sentinel-tui          ratatui TUI: 5 tabs, approval workflow, clap CLI

Pre-Release Security Hardening — 10 Findings Resolved

# Severity Area Finding Resolution
1 Critical Policy Approval bypass in policy evaluator Evaluation order fixed; approval gate is now unconditional
2 High Core capability_id missing input validation Input validated against [a-zA-Z0-9._-] pattern
3 High Exec write_all atomicity in sandboxed executor Executor uses single write_all to prevent partial writes
4 Medium Policy Kill switch not first in policy evaluation chain Kill switch is now the unconditional first check
5 Medium Capabilities Path validation missing for destructive operations Destructive capabilities reject all system directories
6 Medium Policy TimeWindow evaluated against client clock Time restriction checks server wall-clock only
7 Medium Capabilities deny_network missing explicit operator warning deny_network emits explicit warning before enforcement
8 Low Docs Investigation registry documentation out of date Docs updated to match current registry implementation
9 Medium Audit JSONL audit write could crash mid-entry Single write_all call eliminates body/newline split crash window
10 Medium Ops Build artifacts and .claude/ tracked in VCS .gitignore updated — /target/ and .claude/ excluded

Dependency Upgrades (CVEs Resolved)

Package Upgraded To Notes
lru 0.16.4 Replaces vulnerable 0.12.5 — CVE resolved
rustls 0.23 rustls-webpki CVEs resolved; ring feature enabled
rustls-pemfile 2.0 Aligned with rustls 0.23 API
prometheus 0.14 Latest stable; process metrics
ratatui 0.30 Latest stable TUI framework
reqwest 0.12 Latest stable; rustls-tls backend

Quick Start

# Interactive TUI
sentinel

# Run with a goal
sentinel run "Ensure nginx is running and serving traffic"

# With Anthropic Claude backend
ANTHROPIC_API_KEY=sk-... sentinel run "Fix high disk usage on /var"

# Build (requires Rust 1.75+)
cargo build --release

Documentation

  • docs/adr/ — Architecture Decision Records
  • docs/ddd/ — Domain-Driven Design documentation
  • Full release notes and validation report attached below

Built with Rust. Designed for operator trust. Apache-2.0