For software your AI wrote,
but won't admit it broke.

Sentinel watches your live infra, your repo, your dependencies, and your coding agents — and turns every failure into a replayable, evidence-bound, autonomy-capped fix.

Install (60 sec) → See a real finding

kernel.cycle · routing now 10 stages

01Observe · watchers ingest

02Bind · capability passport

03Classify · novelty class

04Constrain · policy, axioms

05Compile · bounded option set

06Adjudicate · Tadabbur · Qiyas

07Render · option + receipt

08Execute / Defer · autonomy ladder

09Verify · predicate satisfied

10Learn · ledger + doctrine

atlas_snapshot #265 · f9585a7208

Slab 01 · Composite risk

Your scanner sees four bugs.
Sentinel sees one broken app.

ESLint and npm audit will surface each of these on their own. Sentinel runs the co-occurrence through the kernel and emits a single compound_app_risk rescue priority — because four bugs that share a blast radius are one emergency, not four work items.

Your scanner output eslint + npm audit

dangerous_dynamic_execution

app.use(eval) on operator-supplied string

possible_command_injection

child_process.exec receives unsanitized input

security_todo

// TODO: replace before prod · never replaced

wide_open_cors

Access-Control-Allow-Origin: *

Sentinel · compound_app_risk

"One vibe-coded app, four co-occurring failures. Rescue, don't triage."

Novelty class · SUBSTRATE_COMPOSITE Sample · 1 TP / 0 FP on vibe fixture Routed · rescue.compose → option_set

Slab 02 · Properties

Replayable. Hashed.
Autonomy-capped.

Three properties of every Sentinel finding — and the reasons buyers can defend the install to a CTO.

01 · Replayable

Same evidence, same option set. Forever.

The kernel compiles the action space mechanically from the evidence graph. Run a finding 100 times, get the same ranked options, the same rejection reasons, the same compilation hash.

$ atlas sentinel route --finding SEN-2026-05-17-031

compiled options → 3

hash → sha256:9c7e…a1f3

$ atlas sentinel route --finding SEN-2026-05-17-031

hash → sha256:9c7e…a1f3 (identical)

02 · Hashed

Every claim is a signature.

Findings ship with passport, event, and compilation hashes. The evidence_anchor points to a node in Atlas. Nothing said about the finding is unverifiable.

passport_hash sha256:c4d9…7e02

event_id finding.created/4b17

compilation sha256:18c8…1330

evidence atlas:node/contributions.js:32

verified node --check passed

03 · Autonomy-capped

Auto-fix you can trust because it can't lie about what it changed.

Sentinel's capability passport pins max_autonomy_level: 2 by default. Higher rungs require tests, allowlists, and readback — authorized explicitly, never assumed.

L1Observe & explain
L2Propose repair with verificationdefault cap
L3Apply in safe workspace with tests
L4Execute allowlisted repair with readback

Slab 03 · Surfaces

Eight surfaces, one event grammar.

Sentinel federates eight watchers across the places software actually fails. Every watcher emits the same event shape, so a Kubernetes alert and a vibe-coded eval injection land in the same ledger.

Kubernetes

k8s watcher

66 live pod_unhealthy findings · top: emr-realtime · CrashLoopBackOff

systemd

systemd watcher

service_failed · service_restart_loop · aria-deep-work.service

Runtime health

runtime-health watcher

live probe results normalized as findings

CLI state

cli-state watcher

"hard gates softened" drift detected across Claude Code & Codex

Repo working tree

repo-state watcher

dirty / stale / cross-session conflict findings

Codebase

codebase watcher

NodeGoat eval injection caught at contributions.js:32-34 · 3 TP / 0 FP

Dependencies

dependency-audit watcher

Snyk/Goof · 20 routed vulns · 20 TP / 0 FP

Composite risk

sentinel-composite

Novel · co-occurring findings → compound_app_risk

Event grammar observation.created finding.created option.compiled repair.proposed task.requested verification.completed lesson.recorded blocker.opened blocker.closed

Slab 04 · Receipts

Proof, not screenshots.

On every reviewed slice so far: 27 findings, 27 true positives, 0 false positives — across NodeGoat, Goof, and the vibe fixture. Below: the latest three rows of the public ledger. Every hash regenerates locally.

sentinel · public ledger / latest 3 ● live · refreshed daily at 00:00 UTC

Finding	Surface	Severity	Compilation hash	Autonomy	Outcome
compound_app_risk SEN-2026-05-17-031 · vibe-fixture	`sentinel-composite`	crit	`sha256:a116b221b053…`	L2 → L3	applied · verified
prototype_pollution SEN-2026-05-16-024 · goof	`dependency-audit`	high	`sha256:7e3c91f8d24a…`	L2	repair proposed
pod_unhealthy SEN-2026-05-17-018 · emr-realtime	`k8s`	high	`sha256:09b7b959d04a…`	L1	routed · awaiting auth

3 of 74 routed this cycle · cycle ok=true Open the full ledger →

Every row is real. Every hash is regenerable. If we ever publish a row we can't reproduce, treat it as a bug — and email proof@aria.dev.

Slab 05 · The kernel

Built on the Aria
cognitive kernel.

LLMs should not be trusted to invent the action space. The kernel compiles the action space mechanically from evidence, axioms, domain topology, runtime state, owner policy, and verification predicates.

The model improves language, analysis, tradeoff explanation, and implementation quality — but only inside the bounded options the kernel allows. Sentinel is the first product on the kernel; Atlas is the substrate it watches. We didn't build a scanner. We built the layer scanners should have been.

How it works → What's next: Atlas →

Client surfaces

Claude Code · Codex · OpenCode · CLI

Harness · L1 packet

Cognition + axioms + skills + memory

per-turn injection from substrate

Harness · L2 BIND

Fitrah axiom evaluation · capability passport

intent receipt · packet-hash binding

Harness · L3 gate runtime

Coach kernel · Mizan output gate · pre-tool gate

18+ Claude hooks · stop gate

Cognitive kernel

10-stage compile · Tadabbur-12 · Qiyas-15

Observe → Bind → Classify → Constrain → Compile → Adjudicate → Render → Execute/Defer → Verify → Learn

Sentinel

first product

Repo-org

Task runner

action ledger

Future

tba

Slab 06 · The wild

Six moments the kernel turned a failure into a receipt.

Six panels from an in-flight library, auto-curated from Codex, Claude Code, and OpenCode sessions on Aria's own infrastructure. Every panel anchored to a real transcript line; every line regenerable from the path printed at the bottom of the card. More land as new sessions clear review.