Metadata-Version: 2.4
Name: sentinel-dlp
Version: 0.1.0
Summary: Terminal-based Data Loss Prevention control panel — monitor USB, HID, network, Bluetooth, clipboard, and file activity from a keyboard-driven interface
Project-URL: Homepage, https://github.com/anir0y/sentinel-dlp
Project-URL: Repository, https://github.com/anir0y/sentinel-dlp
Project-URL: Issues, https://github.com/anir0y/sentinel-dlp/issues
Author: anir0y
License-Expression: MIT
License-File: LICENSE
Keywords: data-loss-prevention,dlp,security,sentinel,textual,usb
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: MacOS
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: System :: Systems Administration
Classifier: Typing :: Typed
Requires-Python: >=3.10
Requires-Dist: platformdirs
Requires-Dist: psutil
Requires-Dist: pydantic>=2.0
Requires-Dist: rich
Requires-Dist: textual>=1.0.0
Requires-Dist: tomli-w
Provides-Extra: dev
Requires-Dist: pytest; extra == 'dev'
Requires-Dist: pytest-asyncio; extra == 'dev'
Requires-Dist: pytest-mock; extra == 'dev'
Requires-Dist: pytest-subprocess; extra == 'dev'
Provides-Extra: windows
Requires-Dist: pywin32; extra == 'windows'
Requires-Dist: wmi; extra == 'windows'
Description-Content-Type: text/markdown

<p align="center">
  <img src="https://raw.githubusercontent.com/anir0y/sentinel-dlp/main/assets/logo.svg" alt="Sentinel DLP logo" width="160">
</p>

<h1 align="center">Sentinel DLP</h1>

<p align="center">
  <a href="https://pypi.org/project/sentinel-dlp/"><img src="https://img.shields.io/pypi/v/sentinel-dlp?color=blue" alt="PyPI"></a>
  <a href="https://pypi.org/project/sentinel-dlp/"><img src="https://img.shields.io/pypi/pyversions/sentinel-dlp" alt="Python"></a>
  <a href="https://github.com/anir0y/sentinel-dlp/blob/main/LICENSE"><img src="https://img.shields.io/pypi/l/sentinel-dlp" alt="License"></a>
</p>

<p align="center">
A terminal-based Data Loss Prevention control panel built with <a href="https://github.com/Textualize/textual">Textual</a>.<br>
Monitor, restrict, and audit data exfiltration vectors — USB storage, HID devices, network uploads, Bluetooth, clipboard, and file activity — from a single keyboard-driven interface.
</p>

<p align="center">
Runs on <strong>macOS</strong>, <strong>Windows</strong>, and <strong>Linux</strong>. All destructive actions support dry-run mode, rollback, and structured audit logging.
</p>

## Screenshots

<p align="center">
  <img src="https://raw.githubusercontent.com/anir0y/sentinel-dlp/main/assets/dashboard.svg" alt="Dashboard" width="100%">
</p>
<p align="center"><em>Dashboard — status overview with USB, whitelist, HID, and program policy cards</em></p>

<p align="center">
  <img src="https://raw.githubusercontent.com/anir0y/sentinel-dlp/main/assets/usb_manager.svg" alt="USB Manager" width="100%">
</p>
<p align="center"><em>USB Manager — block/unblock mass storage, manage device whitelist</em></p>

<p align="center">
  <img src="https://raw.githubusercontent.com/anir0y/sentinel-dlp/main/assets/hid_viewer.svg" alt="HID Viewer" width="100%">
</p>
<p align="center"><em>HID Viewer — scan and fingerprint USB HID devices, detect potential BadUSB</em></p>

<p align="center">
  <img src="https://raw.githubusercontent.com/anir0y/sentinel-dlp/main/assets/network_monitor.svg" alt="Network Monitor" width="100%">
</p>
<p align="center"><em>Network Monitor — track upload volume per interface, alert on threshold breaches</em></p>

## Features

| Feature | Description | Platform |
|---------|-------------|----------|
| **USB Storage Blocking** | Block/unblock all USB mass storage globally | macOS, Windows, Linux |
| **USB Whitelist** | Allow specific devices by VID/PID/serial while blocking everything else | All |
| **HID Fingerprinting** | Scan HID devices and flag potential BadUSB/Rubber Ducky attacks | All |
| **Program Blocking** | Restrict program execution via Software Restriction Policies | Windows |
| **Network Monitoring** | Detect large uploads exceeding configurable thresholds | All |
| **Bluetooth Scanning** | Enumerate nearby Bluetooth devices | macOS, Linux |
| **Clipboard Monitoring** | Scan clipboard for sensitive patterns (SSN, credit cards, etc.) | All |
| **File Activity Monitoring** | Detect bulk file copies to external volumes | All |
| **Audit Logging** | Structured JSONL audit trail of all DLP actions | All |
| **Rollback** | Undo any action with a full rollback journal | All |
| **Policy Export/Import** | Save and load DLP policies as portable JSON files | All |
| **Desktop Notifications** | OS-native alerts for blocked USB insertion, BadUSB detection | All |
| **Hotplug Detection** | Automatic USB device change detection via polling | All |
| **Dry-Run Mode** | Simulate all actions without modifying the system | All |

## Keyboard Shortcuts

| Key | Action |
|-----|--------|
| `d` | Dashboard |
| `u` | USB Manager |
| `h` | HID Viewer |
| `p` | Program Policy |
| `n` | Network Monitor |
| `b` | Bluetooth |
| `a` | Audit Log |
| `o` | Rollback |
| `z` | Undo last action |
| `r` | Refresh all |
| `s` | Save config |
| `q` | Quit |

## Requirements

- Python 3.10+

## Installation

```bash
pip install sentinel-dlp

# Or from source
git clone https://github.com/anir0y/sentinel-dlp.git && cd sentinel-dlp
pip install -e .

# Windows extras (pywin32 + wmi)
pip install sentinel-dlp[windows]
```

## Usage

```bash
# Run Sentinel DLP
sentinel

# Or via module
python -m dlp

# Dry-run mode (no system changes)
sentinel --dry-run
```

> Some features require elevated privileges (e.g. USB blocking needs `sudo` on macOS/Linux or Administrator on Windows).

## Development

```bash
pip install -e .[dev]
pytest
```

## Project Structure

```
src/dlp/
├── app.py                  # Main Textual application
├── config.py               # Pydantic config models (TOML-backed)
├── platform/               # OS-specific backends (macOS, Windows, Linux)
├── features/               # Feature controllers
│   ├── usb_block.py        #   USB storage blocking
│   ├── usb_whitelist.py    #   Device whitelist matching
│   ├── hid_fingerprint.py  #   BadUSB/Ducky detection
│   ├── program_block.py    #   Software restriction policies
│   ├── network_monitor.py  #   Upload threshold monitoring
│   ├── bluetooth_monitor.py#   Bluetooth enumeration
│   ├── clipboard_monitor.py#   Clipboard pattern scanning
│   ├── file_monitor.py     #   External volume file activity
│   ├── notifier.py         #   Desktop notifications
│   └── policy_export.py    #   Policy JSON export/import
├── audit/                  # Audit logging and rollback journal
└── ui/                     # Textual screens and widgets
    ├── screens/            #   Tab screens (dashboard, usb, hid, etc.)
    └── widgets/            #   Reusable widgets (status bar, confirm modal)
```

## License

MIT — see [LICENSE](LICENSE).
