{"id":50446785,"url":"https://github.com/silentspike/project-sentinel","last_synced_at":"2026-05-31T22:01:47.256Z","repository":{"id":354179203,"uuid":"1154953403","full_name":"silentspike/project-sentinel","owner":"silentspike","description":"Reference testbed for runtime governance of LLM coding agents — per-agent sandboxing (bwrap + Landlock + cgroups + netns), event-sourced audit trails, three control planes, 9/9-passing breakout tests.","archived":false,"fork":false,"pushed_at":"2026-05-28T19:23:23.000Z","size":3503,"stargazers_count":1,"open_issues_count":9,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-28T19:26:20.946Z","etag":null,"topics":["agent-runtime","agents","anthropic","bwrap","ebpf","ecs","event-sourcing","go","governance","landlock","llm","runtime-governance","rust","sandbox","sandbox-isolation"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/silentspike.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":".github/SECURITY.md","support":null,"governance":"docs/governance.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-11T00:39:41.000Z","updated_at":"2026-05-25T04:05:07.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/silentspike/project-sentinel","commit_stats":null,"previous_names":["silentspike/project-sentinel"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/silentspike/project-sentinel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/silentspike%2Fproject-sentinel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/silentspike%2Fproject-sentinel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/silentspike%2Fproject-sentinel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/silentspike%2Fproject-sentinel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/silentspike","download_url":"https://codeload.github.com/silentspike/project-sentinel/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/silentspike%2Fproject-sentinel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33750474,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-runtime","agents","anthropic","bwrap","ebpf","ecs","event-sourcing","go","governance","landlock","llm","runtime-governance","rust","sandbox","sandbox-isolation"],"created_at":"2026-05-31T22:01:45.071Z","updated_at":"2026-05-31T22:01:47.249Z","avatar_url":"https://github.com/silentspike.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Project Sentinel\n\n[![CI](https://github.com/silentspike/project-sentinel/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/silentspike/project-sentinel/actions/workflows/ci.yml)\n[![CodeQL](https://github.com/silentspike/project-sentinel/actions/workflows/codeql.yml/badge.svg?branch=main)](https://github.com/silentspike/project-sentinel/actions/workflows/codeql.yml)\n[![OSSF Scorecard](https://github.com/silentspike/project-sentinel/actions/workflows/scorecard.yml/badge.svg?branch=main)](https://github.com/silentspike/project-sentinel/actions/workflows/scorecard.yml)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n[![Release](https://img.shields.io/github/v/release/silentspike/project-sentinel?include_prereleases\u0026label=release)](https://github.com/silentspike/project-sentinel/releases)\n[![Stack: Rust 1.93+ / Go 1.26+](https://img.shields.io/badge/stack-rust%201.93%2B%20%2F%20go%201.26%2B-orange.svg)](#)\n\nA reference testbed for runtime governance of LLM coding agents:\nsandbox each agent, audit each action, and verify failure modes before\ncustomers run agents against production code.\n\nWhen teams put LLM agents into real workflows, three operational questions\ncome back:\n\n- How are they sandboxed?\n- How are their actions audited?\n- What happens when something goes wrong?\n\nProject Sentinel makes those questions concrete. It runs a synthetic\noffice workload — sixty personas across three shifts, with real LLM calls —\nand underneath it the runtime layer an organization would actually\noperate: per-agent sandboxing (bwrap + Landlock + cgroups + netns),\nevent-sourced audit trails, three independent control planes, and a\n9/9-passing breakout test report.\n\nThe full stack is documented as a TOGAF v22.1 architecture and runs on a\nprovisioned VM. The included docker demo is a deliberate behavioral\nsubset: it shows the workload and dashboard, but not the kernel-bound\nparts (eBPF, Landlock, FUSE) that need a real host.\n\n[Architecture Guide (TOGAF v22.1)](docs/architecture/togaf-architecture-guide.html) ·\n[Sandbox Test Report (9/9)](docs/security-test-report.md) ·\n[Demo](#demo-one-command)\n\n## Why It Exists\n\nThree things are hard to study without a believable, persistent, multi-agent\nenvironment:\n\n1. **Sandbox primitives at scale.** What does bwrap + Landlock + cgroups\n v2 + netns actually cost when 26 agents tick simultaneously? Where do\n the breakouts come from when nobody is looking? The\n [security test report](docs/security-test-report.md) records 9/9\n breakout tests passing.\n2. **Controlplane design.** Three independent observe / decide / act /\n verify loops (Agent CP, Platform CP, API CP) co-exist. Each owns one\n decision domain, none reach across. See\n [docs/governance.md](docs/governance.md).\n3. **Boundary detection.** Pattern detector for agent self-recognition (15\n regex + two-stage LLM judge) measures when a generation surfaces awareness\n markers; the synthesis engine intercepts ~70% of routine perceptions\n before they reach a real LLM call. See\n [Research Context](#research-context) for the narrative convention that\n underpins the workload.\n\n## Architecture at a Glance\n\n```mermaid\nflowchart TB\n subgraph AGENTS[\"Agent Layer · 60 LLM personas\"]\n A1[\"51 shift-bound (3 shifts × 17)\"]\n A2[\"9 always-on duty staff\"]\n end\n\n subgraph SANDBOX[\"Sandbox Stack (per agent)\"]\n S1[\"bwrap (user-namespaces)\"]\n S2[\"Landlock LSM\"]\n S3[\"cgroups v2\"]\n S4[\"netns + nftables\"]\n S5[\"Wasmtime (tool runtime)\"]\n end\n\n subgraph CP[\"Three Controlplanes — Observe → Decide → Act → Verify\"]\n direction LR\n AGCP[\"Agent CP\u003cbr/\u003e(bio · perception)\"]\n PLCP[\"Platform CP\u003cbr/\u003e(infra · health)\"]\n APCP[\"API CP\u003cbr/\u003e(cost · routing)\"]\n end\n\n STORE[\"Event Store\u003cbr/\u003eLimbo SQLite · append-only\u003cbr/\u003eLamport ordering · hash-chain\"]\n\n subgraph GATEWAY[\"Cortex Gateway (Go)\"]\n G1[\"7-step proxy + guardrails\"]\n G2[\"10-rule synthesis engine\"]\n end\n\n subgraph BRIDGE[\"Quality + Memory Plane\"]\n J1[\"Sentinel Judge\u003cbr/\u003e(NATS · drift · quality)\"]\n J2[\"NATS Bridge\u003cbr/\u003e(Limbo → JetStream)\"]\n J3[\"Hippocampus\u003cbr/\u003e(NMDA night-run)\"]\n end\n\n DASH[\"Dashboard\u003cbr/\u003eBun + Hono + WebSocket\"]\n\n AGENTS -.-\u003e|\"sandboxed in\"| SANDBOX\n AGENTS --\u003e|prompts| GATEWAY\n GATEWAY --\u003e|emit events| STORE\n STORE --\u003e|projections| DASH\n STORE --\u003e|stream| BRIDGE\n CP -.-\u003e|govern| AGENTS\n CP -.-\u003e|govern| GATEWAY\n CP -.-\u003e|govern| STORE\n BRIDGE --\u003e|alerts + metrics| DASH\n```\n\n| Layer | Tech |\n|------------------|-------------------------------------------|\n| World simulation | Rust workspace (15 crates), `bevy_ecs` |\n| LLM gateway | Go (`cmd/cortex-gateway`) |\n| Quality monitor | Go (`services/sentinel-judge`) |\n| Dashboard | Bun + Hono + vanilla-JS (`dashboard/`) |\n| Pub/Sub | Zenoh (Rust SHM \u003c10 µs) + NATS JetStream |\n| Storage | redb (state) + Limbo SQLite (events) |\n\nFor a terminal-friendly plain-text view of the same data flow see\n[Architecture Details](#architecture-details) further down.\n\nFor per-cluster implementation status see\n[docs/togaf-gap-v22.md](docs/togaf-gap-v22.md).\nFor deliberate deviations from the spec see\n[docs/togaf-deviations-v22.md](docs/togaf-deviations-v22.md).\n\n## Quick Start\n\n### Prerequisites\n\n| Tool | Version | Purpose |\n|-------------|----------|-------------------------------|\n| Rust | 1.93+ | ECS world, all Rust crates |\n| Go | 1.23+ | Gateway, judge, nats-bridge |\n| Bun | 1.x | Dashboard |\n| cargo-remote (optional) | latest | Remote build server |\n| Docker + Compose | 24+ | Demo stack |\n\n### Configure\n\nSentinel takes deployment-specific values from a single local file. Copy\nthe templates and fill in your own values:\n\n```bash\ncp .env.example .env\ncp .make.local.example .make.local\n```\n\nThe `.env` file holds runtime values (NATS URL, dashboard port). The\n`.make.local` file holds build values (cargo remote server address, deploy\ntarget). Neither file is committed.\n\n### Generate a Company Config\n\nGaia can bootstrap a fresh Sentinel company configuration without LLM calls:\n\n```bash\ncargo run -p sentinel-gaia -- print-example-spec \u003e /tmp/gaia-spec.toml\ncargo run -p sentinel-gaia -- init --spec /tmp/gaia-spec.toml --output-dir /tmp/sentinel-config --yes\ncargo run -p sentinel-gaia -- validate --output-dir /tmp/sentinel-config\n```\n\nFor an operator-style smoke, build `sentinel-daemon` and add\n`--daemon-dry-run --daemon-bin \u003cpath-to-sentinel-daemon\u003e` to `init`. Gaia\npersists its own input as `gaia-spec.toml` and deliberately leaves\n`company.toml` to the Gateway/company-context schema.\n\n### Build\n\n```bash\nmake ci # full: fmt + clippy + test + cargo-deny + typos\nmake build # workspace build\nmake test # all tests\n```\n\nIf you have cargo-remote configured for offload builds, those targets\ntransparently use it.\n\n### Demo (one command)\n\n![Sentinel demo dashboard](docs/images/sentinel-demo.gif)\n\n*The dashboard surfaces runtime governance signals: control-plane decisions, sandbox enforcer status, audit-event throughput, and agent quality drift.*\n\n```bash\nmake demo # build binaries + image, then run\n# or, step by step:\nmake demo-binaries # build sentinel-daemon + sentinel-nightrun\nmake demo-image # docker build\n./scripts/demo.sh # run + open dashboard, tear down after 10 min\n```\n\nThe Rust workspace is heavy. `make demo-binaries` uses `cargo-remote`\nagainst a build server if `.cargo-remote.toml` is present, otherwise\nfalls back to a local `cargo build --release` (~8 GB RAM, ~20 min on\na developer laptop). See [CONTRIBUTING.md](CONTRIBUTING.md) for\ncargo-remote setup if you want to offload the Rust compile.\n\nRuns five agents through a 10-minute morning shift with the default\nworkload configuration. Dashboard: http://localhost:18000 (host port\n18000 is used because 8000 is commonly bound by local nginx/dev servers;\nadjust in `docker-compose.demo.yml` if you have 8000 free).\n\n#### What the docker demo shows — and what it does not\n\nThe compose stack is deliberately a **behavioral demo**, not a full\nproduction deployment. It is meant to give a recruiter or curious reader\na working dashboard in one command, not to reproduce the full sandbox\nstory.\n\n| Feature | Demo container | VM deploy |\n|-----------------------------------------|----------------|-----------|\n| ECS world, Bio-Engine, Physics | yes | yes |\n| Event sourcing + projections + dashboard| yes | yes |\n| Cortex Gateway pipeline + synthesis | yes | yes |\n| NATS JetStream + sentinel-judge | yes | yes |\n| **bwrap + Landlock per-agent isolation**| no (warned) | yes |\n| **cgroups v2 per-agent resource caps** | no (warned) | yes |\n| **netns + nftables agent network** | no (warned) | yes |\n| **eBPF probes (aya-rs)** | no (warned) | yes |\n| **sentinel-fs CAS-FUSE** | no (warned) | yes |\n| Zenoh SHM transport | no (TCP only) | yes |\n\nThese kernel-bound features need user namespaces, `CAP_BPF`,\n`CAP_SYS_ADMIN`, `CAP_NET_ADMIN`, and a writeable bpf-fs / `/dev/fuse`.\nA plain unprivileged container has none of those. The\n`SandboxEnforcer` (`crates/sentinel-sandbox/src/enforcer.rs`) detects\nthe absence at boot and degrades gracefully — warnings in the daemon\nlog are the expected demo signal.\n\nFor the full stack with sandbox enforcement see\n`deploy/systemd/*.service`, the deployment notes in\n[docs/governance.md](docs/governance.md), and the\n[TOGAF v22.1 Architecture Guide](docs/architecture/togaf-architecture-guide.html).\n\n## Customer Workshop Path\n\nFor engineering leadership and DevSecOps teams evaluating runtime\ngovernance for AI coding agents, the recommended walkthrough is a\n45-minute hands-on session:\n\n1. Architecture overview (10 min): TOGAF v22.1 guide, three control planes, sandbox stack.\n2. Hands-on demo (15 min): start the demo stack, observe agent activity, replay events.\n3. Sandbox-config inspection (10 min): bwrap + Landlock + cgroups policy walkthrough.\n4. 9/9 breakout test report review (5 min): what the tests prove, what they don't.\n5. Q\u0026A + production deployment caveats (5 min).\n\nFull agenda: [`docs/workshop-agent-runtime-governance.md`](docs/workshop-agent-runtime-governance.md).\n\n## Demo: What it proves and what it doesn't\n\nThe included docker demo (`make demo`) is a deliberate behavioral\nsubset. It is meant to give a recruiter or curious reader a working\ndashboard in one command, not to reproduce the full sandbox story.\n\n### What the demo proves\n- ECS world simulation, bio-engine, physics, room sim — 60-persona\n workload runs end-to-end on a 5-agent subset.\n- Event sourcing (Limbo SQLite, idempotent, replayable) — full audit\n trail captured per agent.\n- Cortex Gateway 7-step pipeline + 10-rule synthesis engine — agent\n reasoning is observable.\n- Dashboard (Bun + Hono + WebSocket) — live agent activity, drift,\n quality metrics.\n\n### What the demo does not exercise\nThe kernel-bound sandbox primitives (per-agent isolation) require\n`CAP_BPF`, `CAP_SYS_ADMIN`, `CAP_NET_ADMIN`, user namespaces, and a\nwriteable bpf-fs / `/dev/fuse`. A plain unprivileged Docker container\nhas none of those. The `SandboxEnforcer`\n(`crates/sentinel-sandbox/src/enforcer.rs`) detects the absence at boot\nand degrades gracefully — warnings in the daemon log are the expected\ndemo signal.\n\nFor the full stack with sandbox enforcement (bwrap + Landlock + cgroups\n+ netns + nftables + Wasmtime) see `deploy/systemd/*.service` and the\n[TOGAF v22.1 architecture guide](docs/architecture/togaf-architecture-guide.html).\n\n### Verified by external tests\n[Sandbox Test Report](docs/security-test-report.md): 9/9 breakout\ntests pass on a privileged host.\n\n## Status — what works in this alpha, what doesn't yet\n\nKernel-bound features are **not missing** — they are *implemented + tested\nbut not deploy-able in the docker demo*. The VM deploy is the production\ntarget; the docker demo is a deliberate behavioral subset.\n\n| Area | Status | Demo-Container | VM-Deploy |\n|------|--------|----------------|-----------|\n| ECS world (bevy_ecs), bio + physics + room sim | ✅ implemented + exercised | yes | yes |\n| Event sourcing (Limbo SQLite, idempotent, replayable) | ✅ implemented + exercised | yes | yes |\n| Cortex Gateway 7-step pipeline + 10-rule synthesis engine | ✅ implemented + exercised | yes | yes |\n| Dashboard (Bun + Hono + WebSocket) | ✅ implemented + exercised | yes | yes |\n| sentinel-judge quality + drift monitoring (NATS streaming) | ✅ implemented + exercised | yes | yes |\n| sentinel-projection CQRS read-models | ✅ implemented + exercised | yes | yes |\n| sentinel-nightrun batch consolidation, deterministic replay | ✅ implemented, manual trigger | yes | yes |\n| **bwrap + Landlock per-agent isolation** | ✅ implemented + 9/9 breakout-tested (`crates/sentinel-sandbox/`) | **no (kernel-caps)** | **yes** |\n| **cgroups v2 per-agent caps** | ✅ implemented | **no (kernel-caps)** | **yes** |\n| **netns + nftables agent network** | ✅ implemented | **no (kernel-caps)** | **yes** |\n| **eBPF probes (aya-rs)** | ✅ implemented | **no (kernel-caps)** | **yes** |\n| **sentinel-fs CAS-FUSE** | ✅ implemented | **no (FUSE)** | **yes** |\n| TOGAF v22.1 architecture guide + per-cluster gap report | ✅ shipped in `docs/architecture/` | n/a | n/a |\n| 60 LLM-persona agents (`config/agents/AGENT-*.toml`) | ✅ defined; demo runs a 5-agent subset | partial (5/60) | yes (full 60) |\n| Pre-built demo binaries (linux-x86_64) on every release | ✅ since v0.1.0-alpha | yes | yes |\n| CodeQL pipeline | ✅ green on main | n/a | n/a |\n| Tag verified-badge on GitHub | ✅ verified=true (Ed25519) | n/a | n/a |\n| OpenGraph social-preview image | ⏳ image in repo (`docs/images/opengraph-preview.png`); upload via repo Settings → Social preview pending (#351) | n/a | n/a |\n| Demo binaries for arm64 / Apple Silicon | ⏳ planned (currently linux-x86_64 only) | n/a | n/a |\n| Multi-tenant company configs (`sentinel-gaia`) | ✅ deterministic generator + CLI init/validate path | n/a | yes (offline config generation + daemon dry-run) |\n\nSee [docs/known-limitations.md](docs/known-limitations.md) for the full\ncaveat list.\n\n## Repository Layout\n\n| Path | Contents |\n|------------------------------|-------------------------------------------------------------|\n| `crates/` | 17 Rust crates (ECS, bio, physics, sandbox, eBPF, etc.) |\n| `services/sentinel-gaia/` | Gaia company-config generator + CLI |\n| `services/sentinel-daemon/` | Daemon + controlplane |\n| `services/sentinel-judge/` | Quality / drift monitor (Go) |\n| `services/sentinel-nightrun/`| Nightly consolidation (Rust) |\n| `services/sentinel-nats-bridge/` | NATS event bridge (Go) |\n| `cmd/cortex-gateway/` | LLM proxy + synthesis (Go) |\n| `dashboard/` | Bun + Hono real-time UI |\n| `pkg/sentinel-go/` | Shared Go package (judge heuristics, eventstore, messaging) |\n| `config/` | Agent TOMLs, room layout, simulation parameters |\n| `docs/` | Architecture, governance, gap, deviations, glossary |\n| `deploy/` | systemd units, release manifest schema |\n| `.github/workflows/` | 16 CI workflows (build, test, security, supply chain) |\n\n## Documentation\n\n| Doc | Purpose |\n|--------------------------------------------------------------|-----------------------------------------------|\n| [llms.txt](llms.txt) | LLM-friendly project index (read first) |\n| [docs/architecture/togaf-architecture-guide.html](docs/architecture/togaf-architecture-guide.html) | Authoritative architecture reference (v22.1) |\n| [docs/governance.md](docs/governance.md) | Governance mechanisms ↔ code path mapping |\n| [docs/togaf-gap-v22.md](docs/togaf-gap-v22.md) | Per-cluster implementation status |\n| [docs/togaf-deviations-v22.md](docs/togaf-deviations-v22.md) | Intentional deviations from the spec |\n| [docs/component-readmes.md](docs/component-readmes.md) | Component-level README index for Rust/Go modules |\n| [docs/glossary.md](docs/glossary.md) | Agent-persona narrative + agent-layer glossary |\n| [docs/security-test-report.md](docs/security-test-report.md) | Sandbox breakout test results |\n| [docs/workshop-agent-runtime-governance.md](docs/workshop-agent-runtime-governance.md) | 45-min hands-on workshop: how to evaluate runtime governance for LLM coding agents |\n| [docs/research-context.md](docs/research-context.md) | Synthetic-workload personality model + role taxonomy + ethics |\n| [examples/](examples/) | Copy-pasteable runtime-governance walkthroughs (sandbox policy, audit replay, control-plane isolation) |\n| [CONTRIBUTING.md](CONTRIBUTING.md) | How to contribute |\n| [SECURITY.md](SECURITY.md) | Reporting vulnerabilities |\n| [CHANGELOG.md](CHANGELOG.md) | Release history |\n\n## Architecture Details\n\nPlain-text alternative to the [Mermaid diagram above](#architecture-at-a-glance),\nuseful for terminal-only viewers and screen-readers. Same data flow, lower\nfidelity:\n\n```\nDeterministic (ECS) Probabilistic (LLM)\n┌─────────────────────┐ ┌──────────────────────────────────┐\n│ bevy_ecs World │ │ Cortex Gateway │\n│ Bio / Physics │ ───────\u003e │ 7-step pipeline │\n│ 60 agent slots │ \u003c─────── │ Synthesis engine │\n│ Event Store │ │ Self-recognition pattern detector│\n└─────────────────────┘ └──────────────────────────────────┘\n │ │\n └─────────── Event Sourcing ────────┘\n (sentinel-limbo, append-only)\n```\n\nFor full architectural depth (clusters, controlplane internals, deviation\nregister) see the\n[TOGAF v22.1 architecture guide](docs/architecture/togaf-architecture-guide.html)\nand the gap report in [docs/togaf-gap-v22.md](docs/togaf-gap-v22.md).\n\n## Release status\n\nThis is the first **public** release boundary. The project was developed\nprivately prior to `v0.1.0-alpha`; the tag marks the boundary between\nprivate development and public visibility, not the start of the project.\n\nCI on `main`: ci, lint, coverage, supply-chain (cargo-deny, npm-audit,\ngo-vuln, rust-audit), conventional-commits, dependency-freshness — green.\nCodeQL goes green on the first scheduled run after the public flip\n(GHAS gating). Security: dependency audit + `gitleaks` + `trufflehog` clean,\n9/9 sandbox breakout tests passing on a privileged host.\n\nSee [docs/known-limitations.md](docs/known-limitations.md) for full caveats\nand the [Status table above](#status--what-works-in-this-alpha-what-doesnt-yet)\nfor the per-feature picture.\n\n## Research Context\n\nThe synthetic office workload is a deliberate stress-test for the runtime\nlayer. The personality model, role taxonomy, and bio-state mechanism are\ndocumented in [docs/research-context.md](docs/research-context.md). The\nplatform underneath is the work; the workload is the evaluation.\n\n## Why this proof matters\n\nWhen customers evaluate AI coding agent deployment, three runtime\nquestions come back:\n\n- *\"How is the agent isolated from production?\"* — sandbox stack\n (bwrap + Landlock + cgroups + netns), 9/9 breakout tests passing.\n- *\"What evidence remains for review?\"* — event sourcing on Limbo\n SQLite, deterministic replay, hash-chained audit trail.\n- *\"Who decides what the agent can do?\"* — three independent control\n planes (Agent CP, Platform CP, API CP), each owning a single\n decision domain.\n\nThis repo is not a product. It is a **reference implementation** that\nmakes those questions concrete. The TOGAF v22.1 architecture is the\ncontract; the docker demo is a reduced behavioral subset (see Demo\nsection above).\n\n## License\n\nSee [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsilentspike%2Fproject-sentinel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsilentspike%2Fproject-sentinel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsilentspike%2Fproject-sentinel/lists"}