Skip to main content

The self-improving AI agent — creates skills from experience, improves them during use, and runs anywhere

Project description

SentinelOS

SentinelOS

Privacy-first enterprise AI workstation. Run large language models locally, govern access with RBAC policies, and give every team a secure, auditable AI assistant — without sending a single prompt to the cloud.

SentinelOS combines a desktop chat application, an enterprise governance layer, a local RAG pipeline, and an admin console into a single deployable stack. Models run on your hardware via Ollama. Every action is logged. Every tool call is policy-gated. Data never leaves your network.

Key Capabilities

Capability Description
Local Model Inference Run Qwen, Holo3, Llama, and other open models via Ollama. No API keys required for local models.
RBAC Governance Define groups (Engineering, Sales, Legal) with per-group tool policies and model access.
Tool & Model Policies Allowlist which MCP tools each group can invoke. Whitelist models with privacy badges (local vs. third-party).
Local RAG Ingest company documents (PDF, text). Chunks are embedded and stored locally in ChromaDB.
Admin Console Web-based dashboard for group management, model configuration, RAG ingestion, branding, and audit review.
Audit Trail Chronological log of every administrative and governance action.
Desktop Application Electron-based chat interface with streaming responses, tool output display, and conversation history.
Agent Runtime Self-improving agent with skill creation, memory, scheduled automations, and multi-platform messaging.
Default-Deny Security Fail-closed policy enforcement, timing-safe token auth, local-first data model.

Architecture

┌─────────────────────────────────────────────────────────┐
│                     Desktop App                         │
│              (Electron + React + TUI)                   │
└────────────────────┬────────────────────────────────────┘
                     │
┌────────────────────▼────────────────────────────────────┐
│                  Agent Runtime                          │
│     Skills · Memory · Tools · Subagents · Scheduler     │
├─────────────────────────────────────────────────────────┤
│                Enterprise Layer                         │
│  Auth · Groups · Tool Policies · Model Whitelist · RAG  │
│         Governance · Audit · Config Validation          │
├─────────────────────────────────────────────────────────┤
│                  Admin Console                          │
│        (React SPA ← FastAPI backend @ :18830)           │
└────────────────────┬────────────────────────────────────┘
                     │
┌────────────────────▼────────────────────────────────────┐
│              Local Model Backend                        │
│           Ollama (Qwen, Holo3, Llama, …)                │
└─────────────────────────────────────────────────────────┘

Desktop App — Electron application providing a chat interface, conversation management, and tool output rendering.

Agent Runtime — Python-based agent with autonomous skill creation, persistent memory, cron-scheduled tasks, subagent delegation, and multi-platform messaging (Telegram, Discord, Slack, CLI).

Enterprise Layer — RBAC identity and governance. Groups define which tools and models each team can access. Policy enforcement is default-deny: if a tool or model isn't explicitly allowed, it's blocked. Auth uses timing-safe token comparison.

Admin Console — React single-page application served by a FastAPI backend. Manages groups, tool policies, model whitelists, RAG document ingestion, organization branding, and audit logs.

Local Model Backend — Ollama provides local inference. Models are pulled once and served from disk. External providers (OpenRouter, OpenAI) are supported but clearly marked with privacy badges.

Claude OAuth Architecture (Pro/Max Subscription)

When a user selects Claude (Pro/Max — OAuth) during onboarding, SentinelOS deploys two local sidecars that chain together to route requests through the user's Anthropic subscription:

┌─────────────────────────────────────────────────────────────────┐
│                     Desktop App / Gateway                      │
│              config: base_url = 127.0.0.1:18802                │
└────────────────────────┬────────────────────────────────────────┘
                         │  POST /v1/messages
                         ▼
┌─────────────────────────────────────────────────────────────────┐
│              sentinel-billing-proxy  (:18802)                   │
│                                                                 │
│  • Billing header injection (CC fingerprint)                    │
│  • System prompt template bypass                                │
│  • Tool name obfuscation (bidirectional)                        │
│  • String trigger sanitization                                  │
│  • Tool description stripping                                   │
│  • Property name renaming                                       │
│  • Full bidirectional SSE + JSON reverse mapping                │
│                                                                 │
│  Zero dependencies · Node.js · loopback-only                    │
└────────────────────────┬────────────────────────────────────────┘
                         │  upstream: 127.0.0.1:8316
                         ▼
┌─────────────────────────────────────────────────────────────────┐
│              CLIProxyAPI sidecar  (:8316)                        │
│                                                                 │
│  • OAuth token storage & auto-refresh                           │
│  • Multi-credential pool (round-robin)                          │
│  • Auth file watcher (hot-reload)                               │
│  • Loopback-only binding                                        │
└────────────────────────┬────────────────────────────────────────┘
                         │  HTTPS  (Bearer sk-ant-*)
                         ▼
┌─────────────────────────────────────────────────────────────────┐
│                    api.anthropic.com                             │
│              Claude Opus / Sonnet / Haiku                       │
└─────────────────────────────────────────────────────────────────┘

Sidecar Lifecycle

Event Action
User selects Claude OAuth in onboarding cliproxyapi binary downloaded + config written
Gateway starts with provider: custom:anthropic-oauth sentinel-billing-proxy + cliproxyapi auto-started
OAuth login (/api/providers/oauth/claude-max/start) Browser opens Anthropic consent → tokens saved to auth dir
Gateway shutdown Both sidecars stopped (PID-tracked)

File Layout

~/.sentinel/
├── bin/cliproxyapi              # managed binary (auto-downloaded)
├── config/cliproxyapi.yaml      # loopback-only config
├── run/cliproxyapi.pid           # PID tracking
├── logs/cliproxyapi.log          # sidecar logs
scripts/
└── billing-proxy/
    ├── proxy.js                  # sentinel-billing-proxy (zero-dep Node.js)
    └── logs/                     # billing proxy logs

Note: The sentinel-billing-proxy is independent from any third-party routing infrastructure. Each SentinelOS install runs its own instance on loopback.

Full Install (OAuth routing stack)

Recommended two-command setup:

pip install sentinelos-agent
sentinel setup

When you choose Claude (Pro/Max — OAuth), setup offers to install the full local routing stack automatically. Advanced/manual equivalent:

sentinel oauth-stack install

This installs SentinelOS plus two loopback services:

SentinelOS → billing-proxy :18802 → CLIProxyAPI :8316 → Anthropic OAuth

Requirements

  • macOS with launchd or Linux with user systemd
  • Node.js 18+
  • A Claude Pro/Max OAuth login for CLIProxyAPI

The installer is safe to re-run: existing configs are backed up before replacement, and services are unloaded/reloaded cleanly. To remove services without deleting configs or OAuth credentials:

./scripts/install-full.sh --uninstall

OAuth login and smoke test

After services start, the installer checks ~/.cli-proxy-api/claude-*.json. If credentials are missing, interactive terminals can launch:

cliproxyapi -config ~/.sentinel/cliproxyapi.conf -claude-login

When credentials exist, the installer sends a tiny real request through http://127.0.0.1:18802/v1/messages and reports pass/fail.

Troubleshooting

Symptom Likely cause Fix Logs
Connection error after 3 retries or proxy dead after reboot sentinel-billing-proxy or sentinel-cliproxyapi service did not load Re-run ./scripts/install-full.sh; macOS: `launchctl list grep sentinel; Linux: systemctl --user status sentinel-billing-proxy sentinel-cliproxyapi`
HTTP 404 on /v1/v1/messages Client base URL already ends in /v1; older proxy did not normalize doubled prefix Update/re-run installer so scripts/billing-proxy/proxy.js normalizes /v1/v1/ to /v1/ $SENTINEL_HOME/logs/billing-proxy.log
Smoke test skipped No ~/.cli-proxy-api/claude-*.json OAuth credential Run cliproxyapi -config ~/.sentinel/cliproxyapi.conf -claude-login, then re-run installer $SENTINEL_HOME/logs/cliproxyapi.log

Quick Start

See docs/INSTALL.md for full installation instructions.

# 1. Run the enterprise setup script
bash sentinel-enterprise/setup.sh

# 2. Start the admin console
SENTINEL_ADMIN_TOKEN=$(cat ~/.sentinel/admin/token) \
  ./venv/bin/python sentinel-enterprise/admin/serve.py

# 3. Open the admin console at http://127.0.0.1:18830

Documentation

License

This project is licensed under the MIT License — see LICENSE for details.

SentinelOS is a fork of Nous Research Hermes Agent. The original work is copyright © 2025 Nous Research and contributors, licensed under MIT. See the LICENSE file for the full copyright notice.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentinelos_agent-1.2.1.tar.gz (11.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentinelos_agent-1.2.1-py3-none-any.whl (7.8 MB view details)

Uploaded Python 3

File details

Details for the file sentinelos_agent-1.2.1.tar.gz.

File metadata

  • Download URL: sentinelos_agent-1.2.1.tar.gz
  • Upload date:
  • Size: 11.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for sentinelos_agent-1.2.1.tar.gz
Algorithm Hash digest
SHA256 9fac355e07b814ff3222226e42931ae6834812dc4e4e6cd46676f5a4be48617f
MD5 5b29fcebb20056cf0ae00606eca38638
BLAKE2b-256 67618f765d6cbc99294b74864e11c3b909fb61fcaacbee8ab8e8af72f31df645

See more details on using hashes here.

File details

Details for the file sentinelos_agent-1.2.1-py3-none-any.whl.

File metadata

File hashes

Hashes for sentinelos_agent-1.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 5c2774775c6639b2f967b526007e957a504fd20a9913c13d8edd9bc8749b6ed8
MD5 62af891a807a38a261a6cd980db62b6c
BLAKE2b-256 5df4033a188cbc4c8567cdaf96d255eed6a6aa5de33bacf8a0a4c52bad9fe558

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page