Deterministic Governance for Autonomous AI.

Stop monitoring agent drift. Start enforcing sovereignty. Sentinul intercepts every agent action, routes high-risk calls through a human approval checkpoint, and writes a cryptographic receipt to an immutable ledger — before a single token reaches your systems.

Start Protecting Agents — Free See the Decision Layer

How It Works

Intercept

Route traffic through the api.sentinul.app proxy.

Enforce

Apply the 5-layer Gauntlet (Intent, Skill, Route, Response, Chain).

Log

Generate SHA-256 signed event records.

Prove

Auto-sync evidence to Vanta, Drata, or your Auditor.

Decision Layer

Every Action Has a Path. High-Risk Gets a Human.

Sentinul routes every agent intent through two deterministic enforcement paths. Routine actions clear in milliseconds. High-stakes actions pause for a human decision — and that decision becomes a cryptographic receipt.

Fast Pass
Low Risk → Instant Clearance
  1. 1 Agent submits intent to the Aegis Mediator
  2. 2 Heuristic Risk Analyzer scores intent below threshold
  3. 3 Crypto passport issued, action proceeds, SHA-256 entry written to ledger
avg latency: <12ms · fully automated
Slow Pass
High Risk → Human Decision Required
The Hero Feature
  1. 1 Consequence Twin simulates the action in a sandboxed environment
  2. 2 Slack notification fires with Approve / Deny buttons to the security team
  3. 3
    Human decision generates a unique DecisionHashrecorded in the Merkle ledger
  4. 4 Dashboard timeline shows the full chain: Agent → Intercept → Approval → Receipt
immutable proof · auditor-grade · SOC-2 ready

Sample DecisionHash Receipt

dh_sha256:a3f9e1c2b804d57f3a91e6c4d2b30e7a1f58c9d6e2a04b73f1c8d5e9a2b30c74

Written to the Vanguard Merkle Ledger at the moment of human approval. Tamper-evident. Permanent.

What changes when Sentinul is deployed

Without Sentinul
With Sentinul

Agent actions are unaudited — no cryptographic record of what ran or why

Every action cryptographically logged — SHA-256 hash chain, tamper-evident from first call

Incidents discovered in post-mortem, days or weeks after damage is done

High-risk actions blocked at runtime in <12ms — before damage, not after

Compliance evidence assembled manually — weeks of engineer time per audit

Audit evidence auto-generated — signed PDF/JSON exports ready on demand

High-risk agent actions proceed silently — security team has no visibility or veto

Security team gets Slack Approve/Deny on every escalation — full context, one click

Avg $500K–$4.9M per uncontrolled AI incident (IBM, 2024)

Human decisions sealed as DecisionHash receipts — permanent, court-admissible record

IBM Cost of a Data Breach 2024 · Ponemon Institute AI Incident Research · conservative $75K/intervention floor used in SAVI dashboard

Core Technology

The 5-Layer Security Gauntlet

Every agent call passes through five deterministic enforcement layers before reaching the LLM. No drift. No exceptions.

L1 · Intent Binder

RSA-2048 signing locks the system prompt — any drift from signed intent is blocked before the agent can act.

L2 · Skill Scanner

Tool-call payloads are statically analyzed before execution — malformed schemas and injected parameters are rejected at parse time.

L3 · Routing Lock

Cryptographic model-identity binding prevents agents from being rerouted to unverified or spoofed LLM endpoints mid-session.

L4 · Response Filter

LLM outputs are scanned in real-time for PII leakage, exfiltration patterns, and policy violations before delivery to the agent.

L5 · Chain Detector

Cross-session context analysis detects and stops coordinated multi-turn prompt injection sequences before they can complete.

Human-in-the-Loop

Active Gating: approve or deny in Slack.

When Sentinul intercepts a policy violation, your security team receives an instant Slack alert with full context: the agent, the blocked action, the policy rule triggered, and a one-click link to the signed audit trail.

  • Instant violation alerts with full agent context, blocked action, and policy rule cited
  • One-click approve or block override — respond directly in Slack without leaving the channel
  • Every alert links to a cryptographically signed audit record stored in the Evidence Vault
Sentinul Slack Alert
app.sentinul.app / dashboard
Sentinul sovereign visibility dashboard
Sovereign Visibility

Your Entire AI Workforce. One Governance Dashboard.

The Sentinul Dashboard gives security and compliance teams a real-time command view of every agent's behavior. See what every agent called, what was blocked, and why — with cryptographic proof for every event.

  • Live policy enforcement timeline per agent
  • Blocked calls, approved calls, and anomaly scoring
  • Export-ready compliance reports in one click
Evidence Vault

Signed Evidence & Drata/Vanta Sync.

Every agent action is captured as a SHA-256 signed record, chained to a tamper-evident log. Your auditor gets cryptographic proof — auto-synced to Vanta or Drata the moment it's written.

SHA-256 Hash-Chained

Tamper-evident, ordered event records

JSON + PDF Export

Machine & auditor-readable formats

Vanta & Drata Sync

Automated pipeline, Business tier+

Sentinul Evidence Vault — signed JSON audit log with Vanta sync

JSON-Signed Audit Log: Hash-Chained for Immutability

Enterprise AI Governance at Any Scale.

From rapid prototyping to global compliance. Every commercial tier is scoped to your agentic footprint—talk to us for a tailored quote and deployment plan.

The Sandbox

For early exploration

Free No credit card · developer workspace
  • · 100 Guarded LLM Calls/mo
  • · Single Developer Workspace
  • · Basic Drift Detection
  • · Community Support
Get Started Free

Operational Shield

For growing teams

Customized to your Agentic Workforce

Scoped to seats, call volume, and environments.

  • The 5-Layer Gauntlet Proxy
  • Unlimited LLM Traffic Monitoring
  • Real-time Behavioral Interception
  • 30-Day Audit Log Retention
Contact Sales
IMMU-LOG ENABLED

Merkle Integrity

For security-first teams

Volume-based Enterprise Licensing

Merkle-scale logging priced to your audit surface area.

  • Merkle-Chain Cryptographic Logging
  • Tamper-Evident Audit Pulse
  • CLI Logic Integrity Auditor
  • Multi-User Team Dashboard
Contact Sales
Design Partner Program

Vanguard

For compliance-driven production fleets

Customized to your Agentic Workforce

Co-designed rollout, evidence exports, and policy templates aligned to your controls.

  • Automated Vanta & Drata API Sync
  • Signed Audit Evidence Exports (PDF/JSON)
  • HIPAA & SOC2 Policy Templates
  • Role-Based Access Control (RBAC)
Request Enterprise Demo

The Sovereign

For enterprise AI workforces

Volume-based Enterprise Licensing

Multi-region, SLA-backed capacity for large agent swarms.

  • Multi-Instance Swarm Immunity
  • Cross-Agent Chain Attack Detection
  • 99.9% Uptime SLA
  • 1-Year Immutable Evidence Vault
Request Enterprise Demo

The Fortress

For global enterprises

Customized to your Agentic Workforce

Private instance, BYOK, and bespoke policy engineering.

  • Private Instance (VPC/On-Prem)
  • Customer-Managed Keys (BYOK)
  • White-Glove Audit Support
  • Custom Policy Engine Development
Contact Sales
SHA-256 Hash Chained
AES-256 Encrypted
SOC2 Type II Ready

Frequently Asked Questions

How is Sentinul different from Snyk or SonarQube?

While Snyk scans your code, Sentinul intercepts your execution. We are the runtime firewall for the agentic era.

Does my code leave my machine?

Code analysis runs inside your environment. Only anonymized metadata and cryptographic hashes are synced for audit anchoring. Your source code never leaves your control.

Will auditors accept your reports?

Yes! Vanguard, Sovereign, and Fortress engagements include digitally-signed PDF reports that are accepted by major auditors. We include report IDs, timestamps, cryptographic signatures, and detailed findings that satisfy SOC2 and HIPAA evidence requirements.

Can I use this in CI/CD?

Absolutely! Pro tier and above include delta scanning which only scans changed files—perfect for CI/CD. We have native integrations with GitHub Actions, GitLab CI, and CircleCI. The average scan takes under 30 seconds.

What happens to the auto-fix feature with complex issues?

Auto-fix works great for common vulnerabilities (SQL injection, hardcoded secrets, XSS). For complex issues, we provide detailed recommendations and can generate a preview diff before applying. You always have the option to review before applying fixes.

Do you support languages other than JavaScript/TypeScript?

Currently we support JavaScript, TypeScript, Python, Java, Go, Ruby, and PHP. We're actively adding support for C#, Rust, and Kotlin. Contact us if you need a specific language prioritized.

Ready to see Sentinul in action?

Click our email below to start a draft, or copy it to your clipboard.

contact@sentinul.app

Built for Enterprise

Compliance-ready infrastructure for Global Standards

SOC 2 Type II Ready

Audit-ready infrastructure with complete cryptographic traceability and immutable evidence logs.

GDPR Compliant Protocol

Data sovereignty guaranteed. Local processing with edge-first security perimeter and zero code storage.

HIPAA Compliant Architecture

Enterprise-grade encryption (AES-256) with audit trail integrity and access control federation.

System Operational
Health Score 100%
P99 Latency <2ms
Uptime 99.99%
Calls Blocked 1.2M+
Crypto RSA-2048 SHA-256 AES-256