The Sentinel Platform · v3.4.1

Evidence infrastructure
for the regulated AI era

Every agent decision, turned into a signed and independently verifiable audit package: on-premise, under your jurisdiction, compatible with your existing stack.

Apache 2.0
911 tests passing
100% branch coverage
Ed25519 attestations
RFC-3161 timestamping
Air-gapped deployable
BSI IT-Grundschutz preparation
EU AI Act Annex III enforcement — 2 August 2026. High-risk AI systems must produce automatic tamper-resistant evidence. Penalties up to €15M or 3% of global annual turnover.
103
days remaining
Trace
Runtime capture
Wrap any agent call with a single decorator
Bind input, policy, output, and jurisdiction
Instrument LangChain, CrewAI, AutoGen
Attest
Cryptographic signing
Ed25519 signature on every attestation by default
Hash-chain each record to its namespace predecessor
Verify independently — no vendor required
Audit
Evidence retrieval
Query decisions by agent, policy, or outcome
Retrieve full attestation packages on demand
Stream events to SIEM, GRC, or custom systems
Comply
Regulatory delivery
Package evidence into PAdES-signed PDF bundles
Map to EU AI Act, BAIT, MaRisk, DORA
Deliver what a regulator can verify as a whole
credit_agent.py
capturing
# Your existing agent. Unchanged. from sentinel import Sentinel sentinel = Sentinel() @sentinel.trace(policy="credit_v2") def assess_credit(applicant: dict) -> Decision: return agent.evaluate(applicant) $ python credit_agent.py trace captured trc_8f2a1b3c input hash sha256:3c7f..a91e policy version credit_v2@rev.a47 signature Ed25519 · 64-byte attestation ready 1.8ms
att_9f2e8b1a.json
hash-verified
// Tamper-evident attestation · Ed25519 + SHA-256 { "attestation_id": "att_9f2e8b1a4c7d", "timestamp": "2026-04-20T14:03:22.847Z", "chain_namespace": "sentinel-ns:v1:credit_agent:EU-DE:credit", "previous_hash": "sha256:7a4e..dfc3", "decision": { "agent": "credit_agent@v2.1.4", "policy": "credit_v2@rev.a47", "input_hash": "sha256:3c7f..a91e", "output_hash": "sha256:8b2d..4f6c", "result": "APPROVED" }, "signature": "Ed25519:oz0PLc..SG5yZE" }
hash verified · independently recomputable
sentinel chain verify att_9f2e
Sentinel Control Plane
LIVE · last 24h
47,283
Decisions
47,283
Attestations
312
Denied
1.8ms
Median latency
Time
Agent
Policy
Outcome
Evidence
14:03:22 credit_agent credit_v2@a47 Approved0.94 att_9f2e
14:03:24 kyc_verification kyc_v1@c02 Approved0.89 att_3a7b
14:03:26 claims_processor claims_v3@f12 Review0.47 att_5e9f
14:03:29 credit_agent credit_v2@a47 Denied0.12 att_7c2d
14:03:31 aml_monitor aml_v4@b21 Approved0.91 att_1b4a
14:03:35 fraud_scorer fraud_v2@d33 Review0.58 att_8d2c
audit_package_att_9f2e8b1a.pdf
1 / 1
Audit Package
att_9f2e8b1a · credit_agent@v2.1.4
Generated 2026-04-20
Retention until 2036-04-20
PAdES-signed
Decision
APPROVED · confidence 0.94 · 2026-04-20T14:03:22.847Z
Policy Context
credit_scoring_v2@rev.a47 · signed by compliance@swentures
Input Integrity
sha256:3c7f..a91e · 1,284 bytes
Output Integrity
sha256:8b2d..4f6c · 412 bytes
Jurisdiction
EU-DE · on-premise · no cross-border egress
Regulatory Mapping
EU AI Act Art. 12+17 · MaRisk AT 4.3.1 · BAIT §6.3
Attestation hash independently verified · Ed25519 + SHA-256
sentinel comply verify pack.pdf
The Consequence

Pilots become production. Scale is no longer blocked by audit reconstruction. The next agent is a decision, not a debate.

With evidence running at runtime, compliance moves from blocker to companion — and new AI use-cases ship through the same governed path as every other agent.

Your stack
already has most
of this.

In most regulated organisations the AI stack is already assembled from third-party tools of different vendors: governance tools, observability platforms, LLM providers, identity systems. Each layer lives with its own vendor.

What is missing is the layer that turns this heterogeneous stack into a regulatorily usable whole — the knot-resolver that produces the single audit package a regulator can verify, without replacing any of your existing investments.

Regulatory Frame
EU AI ActBAITMaRisk DORANIS2BSI IT-GrundschutzGDPR
Defines what must be auditable
Identity & Access
Agent authorization
SPIFFEKeycloakEntra
Governance
Policy enforcement
Microsoft AGTOPACedar
Evidence Runtime
Signed audit packages
Sentinel
Observability
Trace & telemetry
LangfuseOpenTelemetry
LLM & Agent
Execution layer
AnthropicMistralLangChain
Layers 1, 2, 4, 5 are typically third-party in most enterprises. Layer 3 is the gap. Sentinel is not a new bottleneck — it is the knot-resolver that holds the heterogeneous third-party stack together, regulatorily.
What Sentinel is

The cryptographic evidence layer for regulated AI.

Every agent decision becomes a signed, hash-linked attestation. Every evidence pack PDF carries a PAdES signature with EU-sovereign RFC-3161 timestamp. Every chain of decisions can be verified independently by your auditor — air-gapped, offline, no vendor lock-in.

Sentinel maps directly to EU AI Act Art. 12 (record-keeping) and Art. 17 (quality management). It supports BSI IT-Grundschutz preparation, BaFin and MaRisk requirements, and any regulator who asks the fundamental question: “Can you prove what your AI did, and when?”

What Sentinel is not

Not an observability platform.

Sentinel does not replace Langfuse, Datadog, Arize, LangSmith, or Microsoft Application Insights. Use those for performance, cost, debugging, and drift detection.

Not an AI governance enforcement tool.

Sentinel does not replace Microsoft Agent Governance Toolkit, OPA, Cedar, or AWS Bedrock Guardrails. Use those for runtime policy enforcement, access control, and guardrails.

Sentinel produces the cryptographic evidence those tools cannot. When your auditor asks for proof in a courtroom-defensible form, that is the question Sentinel answers — and the question no observability or governance tool was designed to solve.

Start in 2 minutes

Four commands.
Zero accounts. Zero network.

Scaffold a local pilot, run ten decisions through @sentinel.trace, write a signed PDF evidence pack, score yourself against EU AI Act Art. 12.

Install

shell
$ pipx install 'sentinel-kernel[pdf]' sentinel-kernel installed (Apache 2.0) $ sentinel key init Ed25519 key written to ~/.sentinel/ed25519.key $ sentinel quickstart hello_sentinel.py scaffolded
The [pdf] extra pulls reportlab, cryptography, and pyhanko — everything needed for signed PDF evidence packs. The bare install still works; evidence-pack tells you what to add.

Wrap one function

hello_sentinel.py
from sentinel import Sentinel sentinel = Sentinel() @sentinel.trace async def approve(request: dict) -> dict: return await your_agent.run(request) # Every call is now a signed, verifiable attestation.
One decorator. One line. Your LLM, ML classifier, rule engine, or robot control loop — Sentinel does not care what the function does, only that its decisions can be recomputed and verified later.
EU AI Act Coverage

What Sentinel covers.
What it does not.

Sentinel automates EU AI Act Art. 12/13/14/17 — the logging, transparency, oversight, and quality-management obligations. Other articles require organisational action. We mark the split honestly.

ArticleRequirementSentinel
Art. 12Automatic tamper-resistant loggingFull
Art. 13Transparency to deployer / userFull
Art. 14Human oversight (kill switch)Full
Art. 17Quality-management traceabilityFull
Art. 9Risk managementPartial
Art. 16Provider obligationsPartial
Art. 26Deployer obligationsPartial
Art. 72GPAI post-market monitoringConditional
Art. 11Technical documentation (Annex IV)Human action
Art. 10Data governanceHuman action
Art. 15Accuracy & robustnessHuman action
Sentinel never overclaims. Articles requiring human action are clearly marked. Partial articles are those where Sentinel produces the evidence but an organisational deliverable must still be written. Run sentinel audit-gap to see the exact split for your setup.
Built for regulated industries

Where the
deadline bites first.

EU AI Act enforcement applies to decisions that touch rights, access to services, safety, or meaningful financial outcomes. The architecture is technology-agnostic; the sectors below are where procurement is already active.

Defence & aerospace

Procurement, logistics, dual-use assessment. Air-gapped and classified deployments with VS-NfD path.

EU AI ActBSI IT-GrundschutzVS-NfD

Financial services

Credit decisioning, fraud scoring, AML, transaction approval. DORA-aligned logging, BaFin BAIT evidence.

EU AI ActDORABaFin BAITMaRisk

Insurance

Underwriting, claims triage, pricing. GDPR Art. 22 explainable decision records for regulated customer outcomes.

EU AI ActGDPR Art. 22Solvency II

Public sector & KRITIS

Benefit eligibility, permit approval, critical-infrastructure AI. Statutory transparency under NIS2 and sector law.

EU AI ActNIS2E-Government law

Healthcare

Clinical decision support, diagnostic triage, prior-authorisation. Evidence suitable for medical-device auditors.

EU AI ActGDPRMDR

Industrial manufacturing

Quality control, predictive maintenance, robotic decisioning. Standards-aligned retention across plant lifetimes.

EU AI ActISO 42001IEC 62443
Runtime

Evidence at runtime, not after the fact

Sentinel wraps each agent decision as it happens. Input, policy, output, and jurisdiction are bound into a signed attestation before the next call begins. No log collection, no post-hoc reconstruction, no manual mapping under audit pressure.

Capture input hash, output hash, policy version, jurisdiction at the moment of decision
Bind every decision to a reproducible attestation with Ed25519 integrity
Decorate existing agents — LangChain, CrewAI, AutoGen — with one line
Sub-millisecond overhead per attestation on commodity hardware
Independent

Verifiable without operator trust

An auditor can only trust evidence as far as they trust whoever produced it. Sentinel runs as an independent layer — not owned by the operator, not owned by the LLM vendor, not owned by the cloud provider. The signature chain holds whether anyone trusts you or not.

Vendor-neutral — structurally independent of governance, observability, and LLM layers
EU-jurisdiction native — on-premise deployment, no CLOUD-Act exposure
Audit integrity — evidence operated and evaluated by different parties, no structural conflict of interest
Apache 2.0, hash-verified — inspect the kernel, recompute any attestation, own your evidence
Integration

Built for your existing stack

Sentinel does not replace your governance tools, observability platform, or LLM provider. It sits between them — receiving policy results, enriching with traces, emitting signed evidence. Bidirectional by design: allow signals feed innovation, kill signals gate risk.

Python-native kernel with OpenTelemetry-compatible span export
Langfuse, OpenTelemetry, Prometheus — trace ingestion hooks ready today
Microsoft AGT, OPA, Cedar — governance bridges for bidirectional flow
SIEM, GRC, SOAR — stream events to existing enterprise infrastructure
Lifecycle

Stable across LLM generations

Regulatory retention runs ten years or longer. Your LLMs and agents will not. The evidence layer must outlive every model, every framework, every vendor swap — stable signature format, stable storage interface, stable regulatory mapping.

10-year retention by default — EU AI Act Article 17 compliant
Storage-agnostic — SQLite, PostgreSQL, S3-compatible, filesystem
Air-gapped deployment — evidence stays inside your security boundary
BSI IT-Grundschutz preparation and VS-NfD-capable deployment path
Roadmap

Primitives today.
Ecosystem with the community.

We are building Sentinel the way HashiCorp built Terraform: primitive hooks in the kernel, the ecosystem grows through the community. Three stages, honestly labelled.

Available today

Kernel primitives

Production-ready, Apache 2.0, 911 tests passing. Install with pip install sentinel-kernel.

@sentinel.trace decorator Ed25519 attestations (default) Hash-chain linkage PAdES PDF signing RFC-3161 timestamping LangChain · CrewAI · AutoGen SQLite · PostgreSQL · Filesystem OpenTelemetry spans Optional ML-DSA-65 signing ([pqc])
Next months — v3.5 Architecture Release

Bridges to observability and governance ecosystems

Four enrichments that let Sentinel's cryptographic evidence layer sit cleanly beside the observability and governance tools already in your stack. Bridges, not replacements — your developers keep what they use today, Sentinel adds what those tools were never designed to produce. Actively in design.

OpenTelemetry context bridge · when OTEL traces exist, Sentinel reads the context to preserve causal relationships in cryptographic attestations JSON-LD + PROV-O semantic export · for 10-15 year retention scenarios where attestations must remain machine-readable across system generations Fine-grained retention policies · per-decision storage rules driven by jurisdiction, policy family, or decision type — configurable via YAML Write-once storage backends · S3 Object Lock and WORM-compliant backends for environments where evidence integrity must be enforced at the storage layer
Further ecosystem bridges · v3.6+ or community
MCP gateway integration Microsoft AGT bridge Langfuse ingestion hooks OPA native decision-log export format Cedar policy binding Redis · S3-compatible storage
With the community

Enterprise ecosystem

The devil sits in the details of complex enterprise landscapes. These integrations we build with the community, not for it.

SAP agents Salesforce Agentforce Azure AI Foundry Google ADK AWS Bedrock Agents ServiceNow GRC · OneTrust · Archer your use-case
Enterprise AI infrastructure is complex. Sentinel solves one layer — the regulatory evidence layer. The other layers need other tools, and those tools work best when integrated. We build the hooks for the ecosystem. The community fills them.
Get Started

Ready to use Sentinel?

Sentinel is onboarding a select group of regulated enterprises building production-grade AI. Request a design-partner conversation, or read the technical documentation to see how Sentinel fits your stack.

Request a conversation View on GitHub Runtime briefing