Skip to main content

The self-improving AI agent — creates skills from experience, improves them during use, and runs anywhere

Project description

SentinelOS

SentinelOS

Privacy-first enterprise AI workstation. Run large language models locally, govern access with RBAC policies, and give every team a secure, auditable AI assistant — without sending a single prompt to the cloud.

SentinelOS combines a desktop chat application, an enterprise governance layer, a local RAG pipeline, and an admin console into a single deployable stack. Models run on your hardware via Ollama. Every action is logged. Every tool call is policy-gated. Data never leaves your network.

Key Capabilities

Capability Description
Local Model Inference Run Qwen, Holo3, Llama, and other open models via Ollama. No API keys required for local models.
RBAC Governance Define groups (Engineering, Sales, Legal) with per-group tool policies and model access.
Tool & Model Policies Allowlist which MCP tools each group can invoke. Whitelist models with privacy badges (local vs. third-party).
Local RAG Ingest company documents (PDF, text). Chunks are embedded and stored locally in ChromaDB.
Admin Console Web-based dashboard for group management, model configuration, RAG ingestion, branding, and audit review.
Audit Trail Chronological log of every administrative and governance action.
Desktop Application Electron-based chat interface with streaming responses, tool output display, and conversation history.
Agent Runtime Self-improving agent with skill creation, memory, scheduled automations, and multi-platform messaging.
Default-Deny Security Fail-closed policy enforcement, timing-safe token auth, local-first data model.

Architecture

┌─────────────────────────────────────────────────────────┐
│                     Desktop App                         │
│              (Electron + React + TUI)                   │
└────────────────────┬────────────────────────────────────┘
                     │
┌────────────────────▼────────────────────────────────────┐
│                  Agent Runtime                          │
│     Skills · Memory · Tools · Subagents · Scheduler     │
├─────────────────────────────────────────────────────────┤
│                Enterprise Layer                         │
│  Auth · Groups · Tool Policies · Model Whitelist · RAG  │
│         Governance · Audit · Config Validation          │
├─────────────────────────────────────────────────────────┤
│                  Admin Console                          │
│        (React SPA ← FastAPI backend @ :18830)           │
└────────────────────┬────────────────────────────────────┘
                     │
┌────────────────────▼────────────────────────────────────┐
│              Local Model Backend                        │
│           Ollama (Qwen, Holo3, Llama, …)                │
└─────────────────────────────────────────────────────────┘

Desktop App — Electron application providing a chat interface, conversation management, and tool output rendering.

Agent Runtime — Python-based agent with autonomous skill creation, persistent memory, cron-scheduled tasks, subagent delegation, and multi-platform messaging (Telegram, Discord, Slack, CLI).

Enterprise Layer — RBAC identity and governance. Groups define which tools and models each team can access. Policy enforcement is default-deny: if a tool or model isn't explicitly allowed, it's blocked. Auth uses timing-safe token comparison.

Admin Console — React single-page application served by a FastAPI backend. Manages groups, tool policies, model whitelists, RAG document ingestion, organization branding, and audit logs.

Local Model Backend — Ollama provides local inference. Models are pulled once and served from disk. External providers (OpenRouter, OpenAI) are supported but clearly marked with privacy badges.

Claude OAuth Architecture (Pro/Max Subscription)

When a user selects Claude (Pro/Max — OAuth) during onboarding, SentinelOS deploys two local sidecars that chain together to route requests through the user's Anthropic subscription:

┌─────────────────────────────────────────────────────────────────┐
│                     Desktop App / Gateway                      │
│              config: base_url = 127.0.0.1:18802                │
└────────────────────────┬────────────────────────────────────────┘
                         │  POST /v1/messages
                         ▼
┌─────────────────────────────────────────────────────────────────┐
│              sentinel-billing-proxy  (:18802)                   │
│                                                                 │
│  • Billing header injection (CC fingerprint)                    │
│  • System prompt template bypass                                │
│  • Tool name obfuscation (bidirectional)                        │
│  • String trigger sanitization                                  │
│  • Tool description stripping                                   │
│  • Property name renaming                                       │
│  • Full bidirectional SSE + JSON reverse mapping                │
│                                                                 │
│  Zero dependencies · Node.js · loopback-only                    │
└────────────────────────┬────────────────────────────────────────┘
                         │  upstream: 127.0.0.1:8316
                         ▼
┌─────────────────────────────────────────────────────────────────┐
│              CLIProxyAPI sidecar  (:8316)                        │
│                                                                 │
│  • OAuth token storage & auto-refresh                           │
│  • Multi-credential pool (round-robin)                          │
│  • Auth file watcher (hot-reload)                               │
│  • Loopback-only binding                                        │
└────────────────────────┬────────────────────────────────────────┘
                         │  HTTPS  (Bearer sk-ant-*)
                         ▼
┌─────────────────────────────────────────────────────────────────┐
│                    api.anthropic.com                             │
│              Claude Opus / Sonnet / Haiku                       │
└─────────────────────────────────────────────────────────────────┘

Sidecar Lifecycle

Event Action
User selects Claude OAuth in onboarding cliproxyapi binary downloaded + config written
Gateway starts with provider: custom:anthropic-oauth sentinel-billing-proxy + cliproxyapi auto-started
OAuth login (/api/providers/oauth/claude-max/start) Browser opens Anthropic consent → tokens saved to auth dir
Gateway shutdown Both sidecars stopped (PID-tracked)

File Layout

~/.sentinel/
├── bin/cliproxyapi              # managed binary (auto-downloaded)
├── config/cliproxyapi.yaml      # loopback-only config
├── run/cliproxyapi.pid           # PID tracking
├── logs/cliproxyapi.log          # sidecar logs
scripts/
└── billing-proxy/
    ├── proxy.js                  # sentinel-billing-proxy (zero-dep Node.js)
    └── logs/                     # billing proxy logs

Note: The sentinel-billing-proxy is independent from any third-party routing infrastructure. Each SentinelOS install runs its own instance on loopback.

Quick Start

See docs/INSTALL.md for full installation instructions.

# 1. Run the enterprise setup script
bash sentinel-enterprise/setup.sh

# 2. Start the admin console
SENTINEL_ADMIN_TOKEN=$(cat ~/.sentinel/admin/token) \
  ./venv/bin/python sentinel-enterprise/admin/serve.py

# 3. Open the admin console at http://127.0.0.1:18830

Documentation

License

This project is licensed under the MIT License — see LICENSE for details.

SentinelOS is a fork of Nous Research Hermes Agent. The original work is copyright © 2025 Nous Research and contributors, licensed under MIT. See the LICENSE file for the full copyright notice.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentinelos_agent-1.2.0.tar.gz (11.2 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentinelos_agent-1.2.0-py3-none-any.whl (7.7 MB view details)

Uploaded Python 3

File details

Details for the file sentinelos_agent-1.2.0.tar.gz.

File metadata

  • Download URL: sentinelos_agent-1.2.0.tar.gz
  • Upload date:
  • Size: 11.2 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for sentinelos_agent-1.2.0.tar.gz
Algorithm Hash digest
SHA256 5876ce442cafaa1f448b739a209dca51f5e84797feb1b0b097a1df5c4b22fb0b
MD5 bb5ff3aac71e874c8f08564bfdb74d0e
BLAKE2b-256 5bd3884a41422ca6cc336fe1b7f9e5123b1316bb645ec2422c10550e97726f38

See more details on using hashes here.

File details

Details for the file sentinelos_agent-1.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for sentinelos_agent-1.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 16b7c31d9222268e0448717b519f4e5f5135d098fd286a8261ce5494d3657623
MD5 f54a5854ef0228a5ba0ba2772bf83330
BLAKE2b-256 1ecd6d19e93a72e6f320697af629a5ab7e88ff232023ae5c1ae966429f84d946

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page