Sentinel Infra
Local-firstAudit-firstSecurity-first

Sentinel Infra

Plateforme LAN-only pour garder vos services critiques, vos journaux et vos actions sous controle total. Pas d effet de manche, juste une architecture disciplinee.

Request a Security ReviewView Architecture
Local-firstLAN only
Audit-firstAppend-only
Security-firstZero WAN

LAN-only

Core and agents stay inside your perimeter. No surprise egress.

Zero WAN

No exposed webhooks. mTLS only, within your network fabric.

Audit immuable

Append-only log with signed events and monotonic time.

Deny-by-default

Nothing runs without explicit policy. Fast revocation path.

Core / Agent / UI

Roles split to reduce blast radius and keep visibility clean.

Storytelling

Le probleme a traiter en priorite

Les equipes sensibles ont besoin d infrastructures qui restent dans le perimetre LAN. Sentinel Infra reduit l exposition, clarifie l audit et garde la main sur chaque action.

1

Cloud dependency

Critical services leaving the LAN = extra attack surface and opaque vendor duties.

2

Expanded attack surface

Internet-facing endpoints, supply chain opacity, API keys scattered everywhere.

3

Control dilution

Execution decisions offloaded to remote pipelines you do not own.

4

Unusable logs

Mutable logs, fuzzy timestamps, no reliable correlation for serious audit.

La reponse

Sentinel Infra, position claire

Aucun composant critique ne sort du LAN. Roles separes, collecte immuable, actions par CLI verifiable. La discipline est imposee par design.

LAN-only core

Runs on your metal. No WAN traffic. Nothing exposed without intent.

Visual separation: Core, Agent, UI paths only.

Zero WAN channels

Agents talk to Core via internal mTLS. No public callbacks, no remote API.

Visual separation: Core, Agent, UI paths only.

Immutable audit

Append-only journal, monotonic clock, signed exports for forensics.

Visual separation: Core, Agent, UI paths only.

Separation of duties

Core / Agents / UI separated. Panel is read-only. Actions via controlled CLI only.

Visual separation: Core, Agent, UI paths only.

Fonctionnalites

Cartes premium, sans surplus

Chaque composant est limite a son role. Pas de dependance cachee, pas de bouton inutile.

Hardened Core

Policy-driven. No egress.

Minimal orchestrator with deny-by-default, short-lived keys, LAN-only supervision.

Controlled Agents

Profiles per role.

Signed agents, locked capabilities, narrow channels, periodic checks with cert rotation.

Deterministic CLI

Trace every action.

Declarative commands, non-interactive runs, timestamps injected into the audit trail.

Read-only Panel

Visibility without risk.

Isolated UI, filtered events, no action buttons. Ideal for SOC dashboards.

LAN Desktop

Ops-grade client.

Native desktop for operators. Local cache, offline-safe notifications, LAN-first sync.

Immutable Audit

Proof by design.

Hash-chained events, append-only pipeline, signed exports for investigations.

Security by design

Section SOC

Limiter le mouvement lateral, conserver la preuve, rendre chaque action reversible par politique. Sans WAN. Sans shell libre.

Security postureLAN perimeterNo WAN exposureNo shell accessAudit mandatory

Deny-by-default

No implicit trust. Every flow declared, numbered, and revocable.

No WAN exposure

Strict LAN perimeter. Nothing calls out, nothing listens on the public edge.

No shell access

No opportunistic bastion. Actions are declared, recorded, and replayable.

Audit mandatory

Every action writes to append-only storage. No silent paths.

Architecture

Schema interactif, clair et separe

Core, Agents, Desktop, Panel, CLI. Roles isoles pour limiter les degats en cas de panne ou de compromission. Diagramme interactif pour guider le regard.

Hover / focus pour inspecter

Core

Local authority

Latency: ~2 ms LANAudit clock: MonotonicExposure: Zero WAN

Orchestrates policy, signs exchanges, maintains the audit clock. No WAN egress. LAN redundancy ready.

CoreAgentsDesktopPanelCLI

Chemins de communication

  • Agents -> Core : mTLS LAN, short-lived certs
  • CLI -> Core : signed commands, auto audit
  • Panel -> Audit : read-only, zero action path

Cas d usage

Pour les environnements exigeants

Sensitive enterprises

Keep critical services off WAN while retaining full auditability.

Cyber labs

Isolate offensive/defensive sandboxes with trustworthy traces.

Hosts & MSPs

Segment client zones, shrink surfaces, audit without intrusion.

Advanced homelab

Harden personal infra without cloud dependencies or exposed APIs.

Audit & training

Hands-on workshops with reproducible, locally proven executions.

Etat du projet

Transparence visuelle

Pas de promesse creuse. Ce qui est stable, en cours ou prevu est visible sur une timeline lisible.

Stable

V1 delivered and running.
  • Core
  • Agent
  • CLI
  • Panel read-only

In progress

Actively built now.
  • Desktop App

Planned

Next milestones in the queue.
  • Additional services
  • SFTP
  • DB drivers

Call to action

Audit Sentinel Infra. Evaluate the security model.

No cloud. No tracking. Full control.

SOC readyOps friendlyInfra control
Request a Security ReviewDiscover