Sentinel turns AI-touched code, runtime, and security risk into evidence-bound recovery decisions: Atlas context, authority boundaries, verification, and the autonomy level you allow.
ESLint and npm audit will surface each of these on their own. Sentinel runs the
co-occurrence through the kernel and emits a single compound_app_risk
rescue priority — because four bugs that share a blast radius are one emergency,
not four work items.
Three properties of every Sentinel finding — and the reasons buyers can defend the install to a CTO.
The kernel compiles the action space mechanically from the evidence graph. Run a finding 100 times, get the same ranked options, the same rejection reasons, the same compilation hash.
Findings ship with passport, event, and compilation hashes. The evidence_anchor points to a node in Atlas. Nothing said about the finding is unverifiable.
Sentinel's capability passport pins max_autonomy_level: 2 by
default. Higher rungs require tests, allowlists, and readback —
authorized explicitly, never assumed.
Sentinel federates eight watchers across the places software actually fails. Every watcher emits the same event shape, so a Kubernetes alert and a vibe-coded eval injection land in the same ledger.
contributions.js:32-34 · 3 TP / 0 FPOn every reviewed slice so far: 27 findings, 27 true positives, 0 false positives — across NodeGoat, Goof, and the vibe fixture. Below: the latest three rows of the public ledger. Every hash regenerates locally.
| Finding | Surface | Severity | Compilation hash | Autonomy | Outcome |
|---|---|---|---|---|---|
|
compound_app_risk
SEN-2026-05-17-031 · vibe-fixture
|
sentinel-composite |
crit | sha256:a116b221b053… |
L2 → L3 | applied · verified |
|
prototype_pollution
SEN-2026-05-16-024 · goof
|
dependency-audit |
high | sha256:7e3c91f8d24a… |
L2 | repair proposed |
|
pod_unhealthy
SEN-2026-05-17-018 · emr-realtime
|
k8s |
high | sha256:09b7b959d04a… |
L1 | routed · awaiting auth |
ok=true
Open the full ledger →
Every row is real. Every hash is regenerable. If we ever publish a row
we can't reproduce, treat it as a bug — and email [email protected].
LLMs should not be trusted to invent the action space. The kernel compiles the action space mechanically from evidence, axioms, domain topology, runtime state, owner policy, and verification predicates.
The model improves language, analysis, tradeoff explanation, and implementation quality — but only inside the bounded options the kernel allows. Sentinel is the first product on the kernel; Atlas is the substrate it watches. Sentinel is the security and recovery layer for teams letting AI touch real systems.
Six panels from an in-flight library, auto-curated from Codex, Claude Code, and OpenCode sessions on Aria's own infrastructure. Every panel anchored to a real transcript line; every line regenerable from the path printed at the bottom of the card. More land as new sessions clear review.
The launch proof should not be a polished demo. The next public session is an operator run: start from a real Sentinel finding, open the Atlas dossier, route the task, apply the smallest bounded fix, and rebuild the marketing site while the receipt changes on screen.