Skip to main content

Python SDK for Sentinel human-in-the-loop oversight

Project description

Sentinel SDK

License: MIT PyPI version

Oversight infrastructure for AI agents.

Sentinel adds human-in-the-loop approval to any Python function your agent calls. Wrap the function with @oversight, and the SDK pauses execution, requests approval, and only runs once a human approves.

Install

pip install sentinel-oversight

Quick start

# 1. Create an account at https://app.pauseapi.app/signup
#    Copy the API key it returns.

# 2. Wrap your function:
from sentinel import configure, oversight

configure(api_key="sk_live_…")

@oversight(
    risk_level="high",
    approvers=["sms:+15551234567", "alice@acme.com"],
    timeout_seconds=300,
)
def transfer_funds(amount: int, recipient: str):
    return stripe.transfers.create(amount=amount, destination=recipient)

When your agent calls transfer_funds(1000, "acct_xyz"):

  1. Sentinel pauses execution and creates an approval on the backend.
  2. Notifications fire to every approver in the list (rules below).
  3. A human clicks Approve from a signed text/email link or the dashboard.
  4. The wrapped function runs, and its return value flows back to the caller.

If rejected → ApprovalRejected(reason) is raised. If no response within timeout_secondsApprovalTimeout is raised (unless fallback="execute").

Approver formats

Each entry in approvers=[...] is a string. The format determines the channel.

Format Channel Example
name@company.com Email alice@acme.com
mailto:name@company.com Email (explicit) mailto:alice@acme.com
sms:+15551234567 SMS (Twilio) sms:+14155550123 — requires consent, see SMS approvers

You can mix formats — every approver receives a notification, the first decision wins.

Notification routing

  • Email — fires if RESEND_API_KEY is set AND any approver looks like an email address. Email contains signed approve/reject links (HMAC-SHA256, scoped to that action_id and timeout window).
  • SMS — fires if Twilio credentials are set AND an approver uses sms:.

By default, emails send from onboarding@resend.dev. To get branded approvals@yourdomain.app email, verify your domain in Resend (Pro plan).

SMS approvers — TCPA consent

To use sms:+1... approvers you must first register an opt-in record for each phone number. Sentinel won't create an approval whose approvers include an SMS destination without an active consent record — the API returns 400 SMS approver requires active SMS consent contact.

from sentinel import SentinelClient
client = SentinelClient()

# One-time, per phone number, after you've collected a real opt-in:
client.register_sms_contact(
    phone_number="+15551234567",
    display_name="Maya (CTO)",
    consent_source="onboarding_checkbox",       # e.g. "signed_form", "captured_web_form"
    consent_note="Checked the SMS opt-in box during signup on 2026-05-25",
)

Other helpers:

client.list_sms_contacts()           # all active + revoked contacts for this tenant
client.revoke_sms_contact("con_…")   # marks consent revoked; future SMS won't send

The customer can also reply STOP to any Sentinel SMS — the Twilio inbound webhook (/webhooks/twilio/inbound) automatically revokes their consent record. HELP returns a description and contact info. These two keywords are TCPA-mandated.

Risk levels

risk_level is a string the dashboard uses for prioritization. Allowed values: low, medium, high, critical. Required.

Configuration

Set via configure(...) or environment variables:

Variable Default Description
SENTINEL_API_URL https://api.pauseapi.app Base URL of the Sentinel backend
SENTINEL_API_KEY required Your tenant API key
SENTINEL_TIMEOUT 300 Default timeout_seconds
SENTINEL_POLL_INTERVAL 2 Seconds between status polls
SENTINEL_FALLBACK reject reject or execute on timeout

Exceptions

  • SentinelError — base class for all Sentinel errors.
  • SentinelConfigError — SDK was used without an api_key.
  • SentinelAPIError(status_code, message, url) — backend returned a non-2xx.
  • ApprovalRejected(reason, action_id) — a human rejected the request.
  • ApprovalTimeout(action_id, timeout_seconds) — no decision before deadline.

Async

The decorator transparently supports async def functions:

@oversight(risk_level="medium", approvers=["alice@acme.com"])
async def send_email(to, body):
    await mailgun.send(to=to, body=body)

Audit log

Every approval creates a hash-chained audit trail. Fetch it:

from sentinel import SentinelClient
client = SentinelClient()
events = client.list_audit_events(action_id="act_…")  # or omit for full log

Each event has prev_hash and event_hash (SHA-256). Chain integrity can be verified by recomputing sha256(prev_hash + json(payload)).

LangChain

from sentinel.adapters.langchain import SentinelCallbackHandler

agent.run("…", callbacks=[SentinelCallbackHandler(risk_level="high")])

Install with pip install sentinel-oversight[langchain].

Links

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentinel_oversight-0.1.6.tar.gz (9.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentinel_oversight-0.1.6-py3-none-any.whl (11.4 kB view details)

Uploaded Python 3

File details

Details for the file sentinel_oversight-0.1.6.tar.gz.

File metadata

  • Download URL: sentinel_oversight-0.1.6.tar.gz
  • Upload date:
  • Size: 9.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sentinel_oversight-0.1.6.tar.gz
Algorithm Hash digest
SHA256 22d3b416c145f29e3160a9189ab01caaf97e9ed423be0d363846698931f59adf
MD5 a9a90da1b0ac302bcd9632cef86ebebf
BLAKE2b-256 e305329373a76625ac7e5c6136db1c815fd948acf7877aa9d3c52c89a2b1f94a

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentinel_oversight-0.1.6.tar.gz:

Publisher: publish.yml on PetrefiedThunder/sentinel-sdk

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sentinel_oversight-0.1.6-py3-none-any.whl.

File metadata

File hashes

Hashes for sentinel_oversight-0.1.6-py3-none-any.whl
Algorithm Hash digest
SHA256 5c3aec8d83fd2c37c7c7177326035a23f15aac03244a3eabc520b75787d9f4bb
MD5 2efbcb9ed435d8d9e6891d21a3a380a9
BLAKE2b-256 c5e1c59649d99addc4a3226c4f00d88ffaf770729503d77e60ae0a1519f30027

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentinel_oversight-0.1.6-py3-none-any.whl:

Publisher: publish.yml on PetrefiedThunder/sentinel-sdk

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page