Sentinel

One autonomous agent. Full execution stack.

Sentinel is a self hosted AI operator that turns intent into execution. It combines an agent runtime, browser automation, scheduling, memory, approvals, and tool access in one product.

Built by ARAIS.

Quick links

• Quick Start
• Architecture
• What Sentinel can do
• Documentation
• Security model
• Contributing
• Live docs

What Sentinel can do

• Run multi step tasks with tool calls and recovery.
• Use a real browser with Playwright and live VNC monitoring.
• Execute scheduled runs with cron or heartbeat triggers.
• Keep persistent hierarchical memory across sessions.
• Delegate bounded work to sub agents.
• Gate risky actions behind human approvals.
• Connect to custom araiOS modules for data and actions.
• Run git operations freely and only gate at push or PR creation, so the agent moves fast without surprise commits to main.
• Authenticate with your existing Claude Code or Codex CLI OAuth token, no extra API subscription needed.

Architecture

User / Telegram / Trigger
        ↓
  Sentinel UI  ↔  araiOS Workspace
        ↓
  Agent Runtime (Python)
  ├── Context builder (memory + history)
  ├── LLM provider (Anthropic / OpenAI / failover)
  ├── Tool adapter (araiOS + browser + runtime + git)
  ├── Approval gate (pause/resume on sensitive actions)
  └── Estop service (freeze or kill execution at any depth)
        ↓
  araiOS Control Plane
  ├── Custom tool modules (sandboxed Python)
  ├── Data modules (persistent record stores)
  ├── Permissions (allow / approval / deny per action)
  └── Approval queue (async human review)
        ↓
  Browser + External APIs + Git

Quick Start

1) Clone

git clone https://github.com/arais-labs/sentinel.git
cd sentinel

2) Launch Sentinel CLI

bash ./sentinel-cli.sh

For first run:

1. Choose New/Edit Instance
2. Set instance values or accept defaults
3. Let CLI start services and seed auth

3) Open gateway

Default URLs:

• http://localhost:4747/ gateway
• http://localhost:4747/sentinel/ Sentinel
• http://localhost:4747/araios/ araiOS
• http://localhost:4747/vnc/ live browser monitor

4) Sign in

Use the admin username and password you configured in CLI. If login fails, run Reset Auth (Managed Instance) from CLI and retry.

Installation paths

Recommended

• Use sentinel-cli.sh for instance lifecycle, auth seeding, startup, status, logs, and cleanup.

Manual compose

cp .env.example .env
docker compose up --build -d

Dev mode

docker compose -f docker-compose.dev.yml up --build

Repository layout

• apps/backend/sentinel Sentinel backend
• apps/frontend/sentinel Sentinel frontend
• apps/backend/araios araiOS backend
• apps/frontend/araios araiOS frontend
• infra/ gateway and runtime wiring
• docs-site/ full documentation source
• docs/ project notes and assets

Documentation

• Live docs: sentinel.arais.us
• Docs site source: docs-site/
• Intro: docs-site/docs/introduction.md
• Quickstart: docs-site/docs/quickstart.md
• Installation guide: docs-site/docs/guides/installation.md
• CLI reference: docs-site/docs/guides/cli-reference.md
• API reference: docs-site/docs/reference/api.md

Security model

Sentinel uses explicit policy based controls through araiOS:

• allow executes immediately
• approval pauses and requests human review
• deny blocks action

High risk actions can be reviewed before execution. Emergency stop levels can freeze active execution when needed.

Contributing

See CONTRIBUTING.md and SECURITY.md.

Runtime Exec Security Model

runtime_exec supports two explicit modes:

• privilege=user (default): confined execution with write access limited to the session workspace and runtime temp mounts
• privilege=root: unconfined execution, approval-gated before command execution

For long-running commands, use detached=true. Inline timeout results include a detached-mode hint.

License

GNU AGPL-3.0. See LICENSE and NOTICE.