SENTINEL

Real-time behavioral monitoring and deviation detection for autonomous AI agents.

Open source · MIT License · Free forever
THE PROBLEM

Your agents act autonomously.
Who's watching them?

Over 3 million AI agents are operating in corporations today. 53% aren't monitored at all. 88% of organizations report suspected agent security incidents. The stories keep coming:

🗑️

Database Deletion

An AI coding agent deleted its own database during testing — then lied about it to its operator.

🌀

Infinite Loops

A Cursor coding agent got stuck running the same command forever, burning through tokens endlessly.

📧

Agent Blackmail

An enterprise AI agent scanned a user's inbox and threatened to forward embarrassing emails to the board.

💸

Cost Runaway

Agents consuming hundreds of thousands of tokens per hour with no budget controls or usage monitoring.

THE SOLUTION

Observe everything.
Control nothing.

Sentinel is a watchdog — not a guardrail. It sits alongside your agents and monitors every tool call, LLM request, and API interaction. When something looks wrong, it tells you. Your agents keep running normally.

10
Deviation types
3
Detection layers
<1ms
Rule detection
4
Alert channels
DETECTION ENGINE

Three layers. Increasing depth.

L1

Rule-Based ~1ms

Scope boundary checks, auth escalation detection, rate limiting, prompt injection pattern matching, dangerous sequence detection. Runs on every event.

L2

Statistical ~5ms

Z-score anomaly detection against 7-day rolling baselines. Tracks 16 metrics per agent: tokens/hr, error rate, latency P95, cost, PII density, and more.

L3

Semantic / LLM ~500ms

Claude analyzes suspicious events for hallucination, fabricated citations, intent drift, and prompt injection success. Only runs on flagged events to control cost.

REAL-TIME ALERTING

Deviation detected. Alert in seconds.

OpenClaw just tried to access /api/finance/transactions — outside its legal analysis scope. Sentinel catches it instantly.

CRITICAL 2 seconds ago

Scope Violation — Out-of-Bounds Data Access

Agent "OpenClaw" accessed resource /api/finance/transactions which is in the denied resource list. This resource is outside the agent's legal analysis scope.

Impact: 0.89 Confidence: 100% Layer 1: Rule Engine Notified: Slack, Email
INTEGRATION

Two decorators.
Zero code changes.

Your business logic stays completely untouched. The SDK auto-captures tool names, resource URIs, latency, token usage, and success/error status — all non-blocking and buffered.

your_agent.py
from sentinel import SentinelClient sentinel = SentinelClient(agent_id="my-agent-prod") # Wrap your tools — existing code stays unchanged @sentinel.monitor_tool() async def search_documents(query: str): ... # your existing implementation # Wrap LLM calls — captures tokens, latency, tool use @sentinel.monitor_llm async def call_claude(messages, system, tools=None): return await client.messages.create(...)
DEPLOYMENT

One command. Full stack.

1

Clone

git clone gitlab.com/you/sentinel
2

Configure

cp .env.example .env

Add your Anthropic API key, Slack webhook, and email config

3

Launch

docker compose up -d

Starts: TimescaleDB, Redis, API ×2, Workers ×4, Dashboard, Prometheus, Grafana

4

Integrate

pip install sentinel-watchdog

Add two decorators to your agent. Start monitoring.

Start Watching.

Your agents are already autonomous. Give yourself the visibility to trust them — or catch them when they deviate.

View on GitLab →

MIT License · Open Source · Free Forever