Product

Deterministic where it has to be. Judgment only where it helps.

How Sentinel decides, how it learns your guardrails, and exactly what it covers. The mechanism in full, in your own boundary.

How it works

Deterministic where it has to be. Judgment only where it helps.

Every action is checked before it runs. The rules that protect credentials are fixed and never touch a model. Only the genuinely ambiguous cases escalate, and only to a model you own.

agent intent
proposed action
deterministic core
block or allow
escalate
gray area only
logged
on the record
01
Role boundary
Each agent is scoped to a role. Anything outside it is denied.
02
Intent alignment
Every action is checked against the task the agent was given.
03
Behavioral baseline
Deviation from an agent's normal pattern is caught in real time.
04
Policy
Scoped per role, versioned with your repo, enforced before side effects land.
Optional escalation, in your boundary
Ambiguous cases can escalate to a model you bring: Anthropic, Gemini, or an open source endpoint. It runs on-prem and Tuent never sees the data. Credentials never escalate. They are blocked deterministically.
It gets sharper over time
When an escalation overturns a stop, Sentinel proposes a permanent policy change, so the same case resolves deterministically next time. False stops trend down release over release.
Policies

You never write a policy. Sentinel learns it.

As your developers approve and deny actions, Sentinel learns what is normal for each workspace. Once the pattern is clear it recommends a specific policy in plain language and waits for a person to approve it. Nothing is enforced from a guess, and there is nothing to write.

Learns from real approvals and denials, per workspace.
Recommends in plain language, a human approves.
No rules to write, no files to maintain.
sentinel · recommended policy · payments-api
Learned from 28 approvals and 3 denials this week. Approve to enforce.
allowread src and docs26x
allowedit src19x
denyread .env and secretsdenied 3x
escalateunlisted hosts to your model
Approve policy
Adjust
Coverage

Exactly what Sentinel watches.

Every action in the agent's path, evaluated in process at the moment it happens. Mapped to the agent loop, here is what runs through the checkpoints.

+Tool and file calls. Every read, write, and tool invocation the agent makes.
+Shell commands. Including a guard on irreversible, destructive ones.
+MCP calls. Local and hosted, evaluated like any other action.
+Skills. The most common agent surface, wired in first.
+Network egress. Checked against an allowed-host list before it leaves.
+Intent drift. When behavior stops matching the task the agent was given.
Integrations

Built for Claude Code, with more on the way.

Sentinel ships today as a native Claude Code hook. One line of init and every action routes through the checkpoints. More runtimes are next.

Claude Code
Available now
MCP servers
Coming soon
Custom agents
Coming soon
CI pipelines
Coming soon