IAGA Sentinel
Docs

Architecture

Twelve layers of defense in depth, organized into seven architectural pillars, in a single binary behind one endpoint.

The governance pipeline evaluating an action through layers: fingerprint, threat intel, rate limit, injection firewall, policy, sandbox.
12-layer governance pipeline

Seven pillars

Enforcement Kernel

Cross-platform soft enforcement today; real eBPF/LSM loader is Enterprise.

Live

Signed Receipts

Ed25519 + Merkle append-log, replay-verified.

Live

Dictum policy language

Typed DSL, Hindley-Milner checker, optional WASM codegen.

Live

Attested Plugins

Offline Sigstore + CycloneDX SBOM verification, Ed25519-signed manifests.

Live

Probabilistic Reasoning

Bring-your-own ONNX; curated model library is Enterprise.

Live

Visual Plane

Operator dashboard served from the binary.

Live

Governance Mesh

Single-cluster baseline; multi-region active-active is Enterprise.

Enterprise

Representative layers

The pipeline evaluates each action through a stack of layers, in order:

  1. Fingerprint
  2. Threat Intel
  3. Rate Limit
  4. Injection Firewall
  5. Policy
  6. Sandbox

OSS enforcement today is soft. Hard kernel enforcement (eBPF/LSM) is Enterprise and roadmap. The cryptographic proof is live today, verifiable from a clean checkout.

Cost control is cross-cutting

Cost control (1.5) is a cross-cutting concern rather than an eighth pillar: crates/iaga-sentinel-cost/ defines the canonical money types (integer micro-USD) and the local pricing engine that the receipts pillar and the dashboard pillar consume.

Workspace layout

iaga-sentinel/
├── crates/
│   ├── iaga-sentinel-core/          # pipeline, server, CLI, dashboard, AppState
│   ├── iaga-sentinel-receipts/      # Ed25519 + Merkle log + replay
│   ├── iaga-sentinel-dictum/        # Dictum parser + evaluator + type checker
│   ├── iaga-sentinel-reasoning/     # ML evidence (tract-onnx behind `ml`)
│   ├── iaga-sentinel-kernel/        # cross-platform launcher + eBPF scaffold
│   ├── iaga-sentinel-cost/          # micro-USD ledger + local pricing engine
│   ├── iaga-sentinel-verify/        # standalone offline receipt verifier
│   └── iaga-sentinel-integrations/  # shared adapter contract + async HTTP client
├── sdks/                    # Python + TypeScript SDKs and framework adapters
├── examples/integrations/   # copy-paste adapter examples (16 frameworks)
├── docs/adr/                # 22 ADRs (0001 to 0023, no 0009)
├── media/                   # hero assets
└── CHANGELOG.md             # release notes

Design records

Twenty-two architectural decision records (0001 to 0023, no 0009) document every design choice. They live in docs/adr on GitHub:

  • 0001 Workspace split
  • 0002 License and scope decisions
  • 0003 Signed receipts design
  • 0004 Dictum MVP
  • 0005 Reasoning plane MVP
  • 0006 Kernel MVP
  • 0007 M5 hardening + RC posture
  • 0008 Dictum as live policy engine
  • 0010 OSS to Enterprise boundary clarification
  • 0011 Signer trait + LocalDiskSigner (1.2)
  • 0012 Drift replay additive (1.2)
  • 0013 Plugin Sigstore + SBOM attestation (1.2)
  • 0014 Dictum HM type checker + WASM codegen scaffolding (1.2)
  • 0015 Standalone receipt verifier + run export (1.3)
  • 0016 OpenTelemetry receipt export (1.3)
  • 0017 Ed25519 signed plugin manifests (1.3)
  • 0018 Conformance closure: receipt is_authoritative + OTel keys + env scrub (1.3.1)
  • 0019 Integrations crate + adapter contract (1.4)
  • 0020 Cost control (1.5)
  • 0021 Deterministic response cache (1.5)
  • 0022 OpenAI Codex integration (1.6)
  • 0023 Dictum secret detection + per-host egress (1.5.4)