Security gates and threat-telemetry adapter: ingests STIX/TAXII feeds, runs Kitaev-surface drift detection across an 8-gate safety allowlist, and emits receipted audit events into the a11oy fabric with OpenTelemetry span provenance.
sentra is the security layer of the stack. It ingests STIX/TAXII threat feeds, performs Kitaev-surface drift detection, and enforces an 8-gate safety allowlist (action-class allowlist, asset-registry existence, ownership-status check, tenant matching, high-impact approval, audit-logging, and rollback-strategy requirements). Each consequential event becomes a receipted audit record emitted to the a11oy governed-execution fabric.
Note
License status: Source is currently LicenseRef-SZL-Proprietary. Re-licensing to Apache-2.0 is tracked in draft PR #45 (IP hold — do not merge until cleared).
sentra is the security-telemetry feeder into the orchestrator a11oy, which sits at the center of the five-module stack. sentra emits receipted security events into a11oy; amaru mints those into Cardano-anchored receipts; rosie is the operator console over the receipt DAG; and vessels is a domain UI over governed decisions.
sentra ──┐ ┌── rosie (operator console)
(security) │ receipted events │
▼ │
┌──────────────┐ │
│ a11oy │────────────┤
│ orchestrator │ │
└──────────────┘ └── vessels (maritime UI)
│
▼
amaru (receipt minting)
All non-a11oy modules depend on the orchestrator via @workspace/a11oy-orchestration.
# Full stack (UDS):
uds run start
# Module only:
pnpm install
pnpm test # 8-gate safety suite
pnpm dev # run the telemetry adapter locallyNo SZL registry token? The private @szl-holdings/* packages are shipped as
local workspace stubs, so the suite runs with zero auth — see
docs/OFFLINE_QUICKSTART.md:
bash scripts/offline-quickstart.sh test # web safety-gate suite, no auth| Surface | Link |
|---|---|
| Live demo (Docker Space) | SZLHOLDINGS/sentra-security-gates |
| Landing | SZLHOLDINGS/sentra-platform |
| Source mirror | SZLHOLDINGS/sentra-source |
| Org | huggingface.co/SZLHOLDINGS |
Hugging Face is a mirror, not the canonical release source.
Audit events are emitted as DSSE envelopes (in-toto statement payloads) with OpenTelemetry span context. Release artifacts carry SBOMs (SPDX + CycloneDX). Latest-release signature search via the public Sigstore transparency log:
- Sigstore search: search.sigstore.dev
- Release artifacts: github.com/szl-holdings/sentra/releases/latest
All counts are grep-verifiable against main.
| Metric | Value | Verify |
|---|---|---|
| Security gates | 8 | action-class allowlist · asset-registry · ownership-status · integration tenant match · asset tenant match · high-impact approval · audit-logging · rollback-strategy |
| TypeScript source files | 336 | find . \( -name "*.ts" -o -name "*.tsx" \) -not -path '*/node_modules/*' -not -path './.git/*' | wc -l |
| Lean declarations (lutar-lean) | 626 | grep -rE '^(theorem|lemma|def|abbrev|axiom) ' lutar-lean/Lutar/ | wc -l |
| Lean axioms (lutar-lean) | 15 raw / 14 unique | grep -rE '^axiom ' lutar-lean/Lutar/ | wc -l |
| Lean sorries (lutar-lean) | 189 total (each named with a tracked discharge route) | grep -rE '\bsorry\b' lutar-lean/Lutar/ | wc -l |
| Doctrine | v7 · 15 axioms (14 unique) | .github/DOCTRINE_V7.md |
| SLSA | L1 honest (SBOM + DCO; source + build provenance documented) | slsa.dev |
Featured at Warhacker, June 16–19. The publicly verifiable signed deployment artifact is the vessels release uds-v0.3.0 (cosign keyless; .sigstore.json + .sha256). The org deployment bundle in szl-holdings/szl-uds-deployment is a private repo and is not yet public.
LicenseRef-SZL-Proprietary — SZL Holdings. Apache-2.0 re-licensing pending draft PR #45. See LICENSE.
See CITATION.cff.
S. P. Lutar Jr., "sentra — Security gates and threat-telemetry adapter,"
Zenodo, DOI 10.5281/zenodo.20431181, 2026.
ORCID: 0009-0001-0110-4173 · DOI: 10.5281/zenodo.20431181
See SECURITY.md for responsible-disclosure policy.