Sentinel Linux

A CLI-first intelligent system guardian that predicts update breakages, protects dependencies, and recovers Linux environments.

Repository
Team Members
Gurvansh Singh Kalra
Gurvansh Singh Kalra
gurvansh_singh_kalra
Description

Sentinel Linux: The Kernel-Aware Active Interceptor

Predict. Protect. Recover.

The Problem:

The "Update Anxiety" of Linux Maintenance Linux stability is often a game of Russian Roulette. When a user runs sudo apt upgrade, they are blind to the "blast radius" of the transaction. A routine update can silently mismatch an NVIDIA driver with a new kernel version or break a DKMS module because of a Secure Boot (MOK) state change. Currently, package managers focus on dependency resolution, not system stability. They check if a package exists, but they don't check if it will actually boot.

The Solution: Active Interception & Intelligence:

Sentinel Linux is a proactive system guardian that transforms the package manager into an intelligent auditor. It hooks directly into the native lifecycle of apt (and soon pacman), intercepting the transaction at the "point of no return" before any changes are committed to the disk. Sentinel performs a deterministic pre-flight audit, cross-referencing incoming kernel headers against local hardware security states and partition health.

Core Innovations:

  • The Vanguard Engine: A high-performance, RAM-cached auditor that evaluates transactions in under 200ms. It pulls the emergency brake if it detects /boot saturation, unsigned DKMS module conflicts, or driver mismatches.

  • Universal Transaction Interceptor: Unlike a standalone script, Sentinel is a "Guardrail by Default." Using native DPkg::Pre-Install-Pkgs hooks, it wakes up automatically every time you update, ensuring safety checks are never skipped.

  • Recovery & Diagnosis: Sentinel integrates with timeshift/btrfs for automated, risk-based snapshots and features a "Diagnose" engine that translates cryptic journalctl kernel panics into human-readable terminal commands.

  • The "North Star" Philosophy: Built for low latency and low false positives. Sentinel stays out of the way until it’s needed, providing clear, actionable explanations instead of cryptic error codes.

Open-Source Tech Stack

Sentinel is built with zero proprietary dependencies, relying entirely on native Linux binaries:

  • Language: Python 3.12+ (Utilizing shutil, subprocess, and /dev/shm caching).

  • UI/UX: Rich (For high-fidelity, accessible terminal output).

  • Architecture: Typer (For high-performance command routing).

  • Hook System: Native C-based hooks for deep integration with apt and dpkg.

Issues & Pull Requests Thread
Pull Request
Basic scaffolding and enviroment setup
Pull Request
feat: Implemented universal hook installer for apt and pacman
Pull Request
feat: feature/predict engine (Completed Phase 2)
Pull Request
feat(recovery): implemented phase 3 automated timeshift/snapper guard
Pull Request
feat(diagnose): implement dynamic journalctl telemetry and JSON log parsing
Pull Request
feat(schema): implement dynamic TOML configuration for risk assessment
Pull Request
refactor:implement modular domain architecture for better layout (core, vanguard, recovery, intelligence)