DO NOT open a public GitHub issue for security vulnerabilities.
Email: chg@live.ru
Telegram: @DmLabincev
Include:
- Description of the vulnerability
- Steps to reproduce
- Affected component (sentinel-core, shield, brain, etc.)
- Potential impact
- Your suggested fix (optional)
| Stage | Timeframe |
|---|---|
| Acknowledgment | 48 hours |
| Initial assessment | 1 week |
| Fix development | 7-30 days |
| Public disclosure | After fix is released |
- Acknowledgment — We confirm receipt
- Assessment — We evaluate severity and impact
- Communication — We keep you updated
- Fix — We develop and test a patch
- Release — We publish the fix
- Credit — We credit you (if desired) in commit history
# Never hardcode credentials
import os
api_key = os.environ.get("SENTINEL_API_KEY")# 1. Set strong secrets in .env
cp .env.example .env
# Edit .env — change all placeholder values
# 2. Use docker-compose with restricted ports
docker-compose up -d
# 3. Run behind a reverse proxy (nginx/caddy) with TLSSentinel scans prompts but does not store them by default. For privacy compliance, configure:
logging:
include_prompts: false
hash_only: trueThis security policy covers:
| Component | Language | Notes |
|---|---|---|
| sentinel-core | Rust | 61 detection engines — core attack surface |
| brain | Python | API backend — network-facing |
| shield | C11 | DMZ — memory safety critical |
| immune | C | EDR — kernel-level, highest severity |
| strike | Python | Red team tools — handle with care |
signatures/jailbreaks.jsonis ~51 MB. If you fork, consider Git LFS.- The
strike/directory contains real attack payloads (39K+). Treat as sensitive. - Docker images should not be exposed to public internet without a TLS reverse proxy.
- Security issues: chg@live.ru
- General: GitHub Issues
- Telegram: @DmLabincev
Last updated: February 2026