{"id":50324249,"url":"https://github.com/arais-labs/sentinel","last_synced_at":"2026-06-01T04:01:12.863Z","repository":{"id":340697967,"uuid":"1166559132","full_name":"arais-labs/sentinel","owner":"arais-labs","description":"Sentinel is your AI command center for getting things done.","archived":false,"fork":false,"pushed_at":"2026-05-29T03:57:34.000Z","size":4943,"stargazers_count":22,"open_issues_count":9,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-05-29T05:25:33.119Z","etag":null,"topics":["agents","ai","assistant","automation","chatbot","claw","cli","llms","machine-learning","ui"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arais-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-25T10:58:32.000Z","updated_at":"2026-05-12T04:29:59.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/arais-labs/sentinel","commit_stats":null,"previous_names":["arais-labs/sentinel"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/arais-labs/sentinel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arais-labs%2Fsentinel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arais-labs%2Fsentinel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arais-labs%2Fsentinel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arais-labs%2Fsentinel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arais-labs","download_url":"https://codeload.github.com/arais-labs/sentinel/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arais-labs%2Fsentinel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33759178,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","ai","assistant","automation","chatbot","claw","cli","llms","machine-learning","ui"],"created_at":"2026-05-29T05:00:59.813Z","updated_at":"2026-06-01T04:01:12.857Z","avatar_url":"https://github.com/arais-labs.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/logo.png\" alt=\"Sentinel logo\" width=\"120\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eSentinel\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003eOne autonomous agent. Full execution stack.\u003c/strong\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/arais-labs/sentinel/blob/main/LICENSE\"\u003e\u003cimg alt=\"License: AGPL-3.0\" src=\"https://img.shields.io/badge/license-AGPL--3.0-blue.svg\"\u003e\u003c/a\u003e\n  \u003cimg alt=\"Deployment\" src=\"https://img.shields.io/badge/deploy-Docker%20Compose-2496ED\"\u003e\n  \u003ca href=\"https://sentinel.arais.us\"\u003e\u003cimg alt=\"Docs\" src=\"https://img.shields.io/badge/docs-sentinel.arais.us-informational\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/arais-labs/sentinel/commits/main\"\u003e\u003cimg alt=\"Last commit\" src=\"https://img.shields.io/github/last-commit/arais-labs/sentinel?branch=main\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/arais-labs/sentinel/stargazers\"\u003e\u003cimg alt=\"Stars\" src=\"https://img.shields.io/github/stars/arais-labs/sentinel\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/arais-labs/sentinel/network/members\"\u003e\u003cimg alt=\"Forks\" src=\"https://img.shields.io/github/forks/arais-labs/sentinel\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/arais-labs/sentinel/issues\"\u003e\u003cimg alt=\"Open issues\" src=\"https://img.shields.io/github/issues/arais-labs/sentinel\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/arais-labs/sentinel/pulls\"\u003e\u003cimg alt=\"Open pull requests\" src=\"https://img.shields.io/github/issues-pr/arais-labs/sentinel?label=open%20PRs\"\u003e\u003c/a\u003e\n  \u003cimg alt=\"Top language\" src=\"https://img.shields.io/github/languages/top/arais-labs/sentinel\"\u003e\n\u003c/p\u003e\n\nSentinel is a self hosted AI operator that turns intent into execution.\nIt combines an agent runtime, browser automation, scheduling, memory, approvals, and tool access in one product.\n\nOne deployment hosts multiple isolated **instances** — each with its own database, agent runtime, and LLM provider — managed from a single control plane (the CLI or the desktop app).\n\nBuilt by [ARAIS](https://arais.us).\n\n📖 **Docs:** **[sentinel.arais.us](https://sentinel.arais.us)**\n\n## Quick links\n\n- [Quick Start](#quick-start)\n- [Architecture](#architecture)\n- [What Sentinel can do](#what-sentinel-can-do)\n- [Documentation](#documentation)\n- [Security model](#security-model)\n- [Contributing](#contributing)\n\n## What Sentinel can do\n\n- Run multi step tasks with tool calls and recovery.\n- Use a real browser with Playwright and live VNC monitoring.\n- Execute scheduled runs with cron or heartbeat triggers.\n- Keep persistent hierarchical memory across sessions.\n- Delegate bounded work to sub agents.\n- Gate risky actions behind human approvals.\n- Connect to custom modules for data and actions.\n- Run git operations freely and only gate at push or PR creation, so the agent moves fast without surprise commits to main.\n- Authenticate with your existing Claude Code or Codex CLI OAuth token, no extra API subscription needed.\n\n## Architecture\n\n```text\nUser / Telegram / Trigger\n        ↓\n  Sentinel UI\n        ↓\n  Agent Runtime (Python)\n  ├── Context builder (memory + history)\n  ├── LLM provider (Anthropic / OpenAI / failover)\n  ├── Tool adapter (modules + browser + runtime + git)\n  ├── Approval gate (pause/resume on sensitive actions)\n  └── Estop service (freeze or kill execution at any depth)\n        ↓\n  Module Control Plane\n  ├── Custom tool modules (sandboxed Python)\n  ├── Data modules (persistent record stores)\n  ├── Permissions (allow / approval / deny per action)\n  └── Approval queue (async human review)\n        ↓\n  Browser + External APIs + Git\n```\n\n## Quick Start\n\n### 1) Clone\n\n```bash\ngit clone https://github.com/arais-labs/sentinel.git\ncd sentinel\n```\n\n### 2) Launch Sentinel CLI\n\n```bash\nbash ./sentinel-cli.sh\n```\n\nFor first run:\n\n1. Let the CLI create or reconcile the root `.env`. Prod mode proposes\n   generated values and rejects placeholders/default credentials. Dev mode is\n   explicit via `./sentinel-cli.sh --dev` and may write local dev defaults.\n2. Choose `Start Stack`\n3. Choose `Instances` -\u003e `Create Instance`\n4. Create the default logical instance, for example `main`\n\n### 3) Open Sentinel\n\nDefault URLs:\n\n- `http://localhost:4747/` Sentinel\n- `http://localhost:4747/modules` modules\n- `http://localhost:4747/vnc/` live browser monitor\n\n### 4) Sign in\n\nUse the admin username and password from the root `.env`.\n\n\u003e **Compose / server mode:** admin credentials live in `.env`\n\u003e (`SENTINEL_AUTH_USERNAME` / `SENTINEL_AUTH_PASSWORD`) and are re-applied to the\n\u003e manager database on every backend startup. Rotate by editing `.env` and\n\u003e restarting the backend; the `POST /auth/change-password` endpoint is disabled.\n\u003e\n\u003e **Desktop mode** (`APP_ENV=desktop`): the manager database is the source of\n\u003e truth. `.env` values, if present, are only used to seed credentials on the\n\u003e very first launch. Use the in-app password-change flow to rotate.\n\n## Installation paths\n\n### Recommended\n\n- Use `sentinel-cli.sh` for instance lifecycle, auth seeding, startup, status, logs, and cleanup.\n- The CLI defaults to production mode and uses `docker-compose.yml`.\n- Create a root `.env` from `.env.example` for the default production-shaped\n  path.\n- Use `./sentinel-cli.sh --dev` for explicit local development mode. The CLI\n  can write a complete root `.env` with dev-safe defaults.\n\n### Manual compose\n\n```bash\ncp .env.example .env\n# edit .env and replace the placeholder secrets\ndocker compose up --build -d\n```\n\n`docker-compose.yml` is the production-shaped compose file and fails clearly\nunless these secrets are provided. For local development defaults, use\n`docker-compose.dev.yml`.\n\n### Dev mode\n\n```bash\ndocker compose -f docker-compose.dev.yml up --build\n```\n\n### Desktop app\n\nThe Electron desktop package is under [`apps/desktop/sentinel`](apps/desktop/sentinel).\nIt is a native management shell for local Sentinel instances. The CLI remains\nsupported for terminal workflows.\n\n## Repository layout\n\n- `apps/backend/sentinel` Sentinel backend\n- `apps/desktop/sentinel` Sentinel Electron desktop shell\n- `apps/frontend/sentinel` Sentinel frontend\n- `infra/` gateway and runtime wiring\n- `docs-site/` full documentation source\n- `docs/` project notes and assets\n\n## Documentation\n\n- **Live docs site: [sentinel.arais.us](https://sentinel.arais.us)**\n- Docs site source: [`docs-site/`](docs-site)\n- Intro: [`docs-site/docs/introduction.md`](docs-site/docs/introduction.md)\n- Quickstart: [`docs-site/docs/quickstart.md`](docs-site/docs/quickstart.md)\n- Installation guide: [`docs-site/docs/guides/installation.md`](docs-site/docs/guides/installation.md)\n- CLI reference: [`docs-site/docs/guides/cli-reference.md`](docs-site/docs/guides/cli-reference.md)\n- API reference: [`docs-site/docs/reference/api.md`](docs-site/docs/reference/api.md)\n\n## Security model\n\nSentinel uses explicit policy based controls for module actions:\n\n- `allow` executes immediately\n- `approval` pauses and requests human review\n- `deny` blocks action\n\nHigh risk actions can be reviewed before execution.\nEmergency stop levels can freeze active execution when needed.\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) and [SECURITY.md](SECURITY.md).\n\n## Runtime Exec Security Model\n\nThe agent runs shell commands through the `runtime` system module, which executes\non each instance's managed **SSH/tmux runtime target** inside an OS-level sandbox —\n**Bubblewrap** on Linux runtimes and **macOS Seatbelt** (`sandbox-exec`) on macOS.\nAll commands run confined; there is no unconfined or \"root\" execution mode.\n\nThe module exposes four actions: `runtime.user` (run a command in the session\nworkspace) plus `runtime.terminal_list`, `runtime.terminal_read`, and\n`runtime.terminal_close` for managing tmux-backed terminals. Use `background=true`\nfor long-running commands. See\n[Runtime Exec Security](docs-site/docs/guides/runtime-exec-security.md).\n\n## License\n\nGNU AGPL-3.0. See [LICENSE](LICENSE) and [NOTICE](NOTICE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farais-labs%2Fsentinel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farais-labs%2Fsentinel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farais-labs%2Fsentinel/lists"}