INSPIRATION
I live in Kampala, Uganda.
During the development of this project, Uganda and the Democratic Republic of Congo were experiencing an active Ebola outbreak caused by the Bundibugyo virus — a strain with no licensed vaccine and no approved therapeutics. On May 17, 2026, the World Health Organization declared it a Public Health Emergency of International Concern. Confirmed cases had already reached Kampala through travelers from DRC's Ituri Province.
I was following the same public health updates everyone else was reading. Case counts. Transmission chains. Response coordination efforts.
But one question kept coming back:
How do we know the people responsible for detecting the next case are still out there doing it?
A Reuters report I watched during this period stopped me: only 7% of at-risk contacts had been identified. Experts said 70% were needed for effective containment. The response was lagging behind by weeks.
I wasn't thinking about the virus. I was thinking about the people inside that 7%. The community health workers going door to door every day. And the question nobody seemed to be asking: what happens when one of them stops?
The research answers that question clearly. Studies on Uganda's Integrated Disease Surveillance and Response system show that untimely and incomplete reporting is a persistent structural challenge, independent of disease type. Research on Ebola response in Uganda shows outbreaks are hardest to detect at the community level — the first mile — where CHW coordination breakdowns allow clusters to grow before escalation occurs. A study on Uganda's 2022 Sudan Virus outbreak documents how gaps in community-based surveillance directly delayed detection of viral hemorrhagic fever. And a systematic review of Ebola outbreaks in Uganda from 2000 to 2023 found that diagnostic and response delays are the strongest predictor of case fatality ratios.
Outbreak response does not usually collapse because nobody understands the disease. It collapses because:
- a field worker stops reporting,
- a supervisor assumes coverage still exists,
- a follow-up visit never happens,
- and transmission continues inside an invisible operational gap.
Sentinel was built to detect that gap — before it becomes visible in aggregated public health data, and before it costs lives.
WHAT IT DOES
Sentinel is an autonomous operational intelligence system for outbreak response.
Every other AI system in this space asks: which patients are getting worse?
Sentinel asks: is the system responsible for monitoring those patients still functioning?
It monitors Community Health Workers, not patients.
Every CHW in the system carries a rolling heartbeat score from 0 to 100, degrading in real time based on hours since their last field report. When a score drops below the collapse threshold — and the CHW's assigned contacts are in the peak transmission monitoring window (days 5–10) — Sentinel detects an operational collapse signal.
Without being asked, it:
- Detects the gap — calculates
coverageGapRisk = (1 - heartbeatScore/100) × max(contactRiskScore). If above threshold, collapse is confirmed. - Reassigns the contacts — autonomously moves unmonitored high-risk contacts to the nearest active CHW.
- Alerts the supervisor — generates a tiered escalation alert (Level 1–4) with specific contacts, CHW names, and required actions.
- Logs the action — every autonomous decision is written to MongoDB for full audit visibility.
It also:
- Parses free-text CHW field reports using Gemini 3.5 Flash function calling
- Detects outbreak clusters via MongoDB aggregation pipelines across exposure event networks
- Generates an autonomous operational intelligence brief every morning at 6 AM Kampala time — without any human request
- Streams all operational events in real time to a live terminal operations console
The system acts because the database changed — not because a user clicked a button.
HOW WE BUILT IT
Field Report Intelligence — Gemini 3.5 Flash
Community Health Workers submit reports in natural language exactly as they would from the field:
Visited James Ssemwogerere in Nakawa. Day 9 monitoring.
Fever since yesterday. Was at Kiwatule burial on the 14th.
Gemini 3.5 Flash — accessed via the google-genai unified SDK and orchestrated through Google Cloud Agent Builder — parses these reports using function calling with a strict JSON schema declaration. This enforces structured output and eliminates hallucination risk on the extraction step. Validated data is written to MongoDB Atlas via Motor, an async Python driver.
Cluster Detection — MongoDB Aggregation Pipeline
Sentinel continuously scans for outbreak clusters using a single MongoDB aggregation pipeline that cross-references contacts by exposure event, joins follow-up completion history, calculates missed visit counts per contact, and produces a cluster confidence score. No application-layer joins. No multiple round trips. One query returns the complete cluster picture, sorted by risk.
db.contacts.aggregate([
{ $match: { exposureEvents: { $in: [targetEventId] } } },
{ $lookup: { from: "follow_ups", localField: "_id",
foreignField: "contactId", as: "followups" } },
{ $addFields: { missedFollowups: { $size: { $filter: {
input: "$followups",
cond: { $and: [{ $eq: ["$$this.completed", false] },
{ $lt: ["$$this.dueDate", "$$NOW"] }] }
}}}}},
{ $sort: { riskScore: -1 } },
{ $project: { followups: 0, phone: 0 } }
])
Operational Collapse Detection — MongoDB Change Streams
The most important architectural decision in Sentinel is using MongoDB Change Streams as a real-time event bus rather than polling on intervals.
Sentinel subscribes directly to the operational_topology collection. When the heartbeat degradation worker writes a new score update, the change stream fires immediately. If the updated score crosses the collapse threshold, detect_operational_collapse() executes — evaluating coverage gap risk, reassigning contacts, and generating supervisor alerts — in under ten seconds from detection to action.
async with db["operational_topology"].watch(
pipeline, full_document="updateLookup"
) as stream:
async for change in stream:
updated_score = change["updateDescription"]["updatedFields"].get("heartbeatScore")
if updated_score is not None and updated_score < COLLAPSE_THRESHOLD:
await detect_operational_collapse()
Autonomous Scheduling — Google Cloud Scheduler
Three Cloud Scheduler jobs operate continuously without human prompting:
| Job | Schedule | Purpose |
|---|---|---|
sentinel-morning-brief |
6 AM EAT daily | Operational priorities, CHW warnings, Gemini intelligence assessment |
sentinel-collapse-check |
Every 2 hours | CHW heartbeat scan, gap risk evaluation |
sentinel-cluster-scan |
Every 4 hours | Exposure network cluster detection |
MCP Integration — mongodb-mcp-server
Sentinel integrates the official mongodb-mcp-server via the Model Context Protocol, allowing Gemini to discover MongoDB operations at runtime. All six custom tools (log_field_report, detect_cluster, get_contact_risk_profile, escalate_supervisor, get_morning_brief, detect_operational_collapse) are registered in Google Cloud Agent Builder as OpenAPI function tools. Gemini orchestrates multi-step tool chains based on context, without hardcoded routing logic.
PII Isolation by Design
In Uganda's outbreak response context, protecting contact identity prevents social stigma and keeps the tracing system trusted by communities — both operationally critical for Bundibugyo containment. Sentinel excludes phone numbers from all analytical queries by default using MongoDB projection. PII is accessed only when generating final supervisor notifications with include_pii=true explicitly set. No separate table. No join penalty. Document-model-native privacy.
Infrastructure
- Backend: FastAPI + Python 3.12, async architecture with Motor
- Deployment: Google Cloud Run with
--min-instances=1to keep change stream workers permanently alive - Frontend: Vanilla HTML/CSS/JS with Server-Sent Events for real-time operational feed, Leaflet.js for live Kampala CHW map
CHALLENGES WE RAN INTO
Detecting Absence as a Systems Signal
Most event-driven architectures react to things that happen. Sentinel needed to react to things that stop happening — a report not filed, a follow-up not completed, a CHW going silent.
Designing absence as a measurable, actionable signal required building a heartbeat degradation model that decays deterministically based on time, is calibrated to realistic CHW reporting patterns, and triggers at thresholds meaningful enough to warrant autonomous action without overwhelming supervisors with false positives. The coverageGapRisk formula — combining heartbeat score decay with the maximum risk score of assigned contacts — took significant iteration to balance sensitivity against noise.
Persistent Listeners on Ephemeral Infrastructure
MongoDB Change Streams require a persistent, long-lived connection to function. Google Cloud Run, by default, scales to zero after periods of inactivity — which would silently kill the change stream listener and heartbeat degradation worker, destroying the autonomous behavior that defines the system.
The solution was --min-instances=1 combined with careful async lifecycle management in FastAPI's lifespan context manager. Discovering this failure mode required testing the deployed system over multiple hours and observing that the autonomous cascade stopped firing after idle periods. Debugging an absence of behavior — rather than a visible error — was among the hardest problems in the project.
Gemini Parsing Reliability Under Variable Input Quality
CHW field reports are not standardized. They can be brief, contain Ugandan place names and burial ceremony references, mix languages, or omit standard clinical terminology. Getting Gemini 3.5 Flash to extract reliably structured data from this variability — without hallucinating fields that were never stated — required moving from prompt-completion to function calling with an explicit schema declaration and symptom vocabulary whitelist. A sanitize_symptoms() post-processing step filters extracted terms against a known clinical vocabulary as a final guardrail.
The Vertex AI to google-genai SDK Transition
Initial development used the Vertex AI Python SDK (vertexai.generative_models) with what was intended as Gemini 3 model references. This produced a persistent 404 Publisher Model Not Found error. Gemini 3.x models are not exposed through the Vertex AI SDK path — they are only accessible through the unified google-genai SDK with Google AI Studio API key authentication. Identifying this architectural incompatibility, understanding why it existed, and migrating the entire parsing layer mid-development cost significant time and required re-architecting the authentication flow for both development and Cloud Run deployment contexts.
Balancing Autonomy with Accountability
An autonomous system that silently reassigns community health workers' patient lists during an active outbreak raises real ethical questions. Getting the architecture right meant ensuring every autonomous action is logged immutably in MongoDB with full context — the CHW affected, the contacts reassigned, the risk score that triggered the action, and the timestamp. Supervisors are notified explicitly before acting on any reassignment, and the operational_alerts collection functions as an append-only audit trail. Autonomy must be auditable to be trustworthy.
Ethical Representation of a Real Outbreak
Because the system was built during an active WHO-declared public health emergency, every design and communication decision carried weight beyond a typical hackathon project. The goal was never to dramatize disease transmission or exploit the outbreak for narrative impact. The goal was to accurately represent a documented systems failure mode — silent coordination breakdown — using the outbreak as the context that made that failure mode visible and urgent. Finding the language that was factually honest, operationally focused, and respectful of the communities affected required sustained attention throughout development.
ACCOMPLISHMENTS THAT WE'RE PROUD OF
The moment that made the project real:
The first time I restarted the server after seeding the database, I watched the change stream fire on its own — detecting Namwanje Aisha's eleven-hour silence, calculating the gap risk, reassigning James Ssemwogerere and Rachael Nalwoga to Grace Namutebi, generating a Level 3 URGENT supervisor escalation — all before I had touched a single button.
That is the thing I am most proud of. Not that it was technically impressive. But that it behaved exactly like the system it was designed to be: one that catches what humans miss, before it costs anything.
I am also proud of:
- Using MongoDB Change Streams as a genuine event bus rather than a CRUD backend
- The coverage gap risk formula that is simple enough to explain in ten seconds and meaningful enough to justify autonomous action
- The PII isolation architecture that excludes personal identifiers from all analytical queries by default
- Building a system that is deployed, publicly accessible, and demonstrably working during the period it was designed for
WHAT WE LEARNED
The hardest systems problems are not about detecting what is present. They are about detecting what is absent.
Presence is easy. A fever is a signal. A failed API call returns an error. Something happened, and you respond. Absence is harder. Nothing happened, and you have to prove that nothing happening is itself meaningful. Building Sentinel forced me to think rigorously about how to model the non-occurrence of expected events as a measurable operational signal.
MongoDB is not just a database when you use it correctly.
Change Streams transformed MongoDB Atlas from a data store into a reactive event backbone. The moment I stopped polling and started subscribing, the entire architecture changed — from a system that checks for problems to a system that responds to them. That distinction is not semantic. It is the difference between scheduled-autonomous and genuinely-autonomous behavior.
Gemini 3.5 Flash with function calling is production-grade for structured extraction when you design the schema carefully.
The key insight was not to trust the model to format output — it was to give it a function declaration that makes unformatted output impossible. Schema-enforced function calling, combined with vocabulary whitelisting in post-processing, makes free-text field report parsing reliable enough for use in health infrastructure contexts.
Autonomous agents need constraints as much as they need capabilities.
The coverage gap risk formula is more important to Sentinel's value than any AI feature. Without it, every CHW who misses a single report triggers a cascade. With it, the system calibrates to genuine operational danger. Good autonomous systems are not defined by what they can do. They are defined by what they choose not to do.
Infrastructure decisions define agent behavior.
An agent that scales to zero is not autonomous — it is on-demand. Choosing --min-instances=1 was one of the most consequential architectural decisions in the project. It had nothing to do with AI capability and everything to do with whether the autonomous loop would actually run. The gap between a system that can act autonomously and one that does act autonomously lives entirely in the infrastructure layer.
Real-world context produces better systems.
Building this during an active outbreak in my city forced design decisions that would never have emerged from a theoretical exercise. The PII isolation architecture exists because of Bundibugyo stigma dynamics. The supervisor escalation thresholds were calibrated against real CHW program structures in Uganda. The morning brief generates in East Africa Time for a reason. Systems built from the inside of a problem are different from systems built about it.
WHAT'S NEXT
SMS Integration for Feature Phone Access
The most urgent deployment gap is field access. Most CHWs across Uganda use feature phones, not smartphones. Integrating Twilio SMS would allow CHWs to submit field reports via text message — dramatically expanding the addressable CHW population without requiring app installation or data connectivity.
Multi-Pathogen Configuration
The current system is calibrated for Bundibugyo Ebola — 21-day incubation, days 5–10 peak transmission window, specific symptom vocabulary. Every parameter is configurable. A multi-pathogen deployment layer would allow health authorities to deploy Sentinel for Mpox (different peak window), cholera (different symptom vocabulary), Marburg, and future emerging pathogens without re-engineering the core architecture.
National Federated Deployment
Uganda has 15 administrative districts with active CHW programs. A federated Sentinel deployment would provide district-level operational intelligence to each District Health Officer while maintaining national-level cluster visibility across district boundaries — addressing the inter-district coordination gaps documented in Uganda's 2022 Sudan Virus response.
Predictive CHW Reliability Scoring
The current system is reactive: it detects gaps after they form. Historical CHW reporting pattern analysis — time of day, day of week, gap frequency — would enable predictive reliability scoring. A CHW who typically reports at 8 AM but has not filed by 11 AM on a Monday is a different operational signal than a CHW who is simply early in their day. Predictive scoring would allow preemptive coverage planning before gaps occur.
Integration with WHO GOARN and AFRO Surveillance Networks
The Sentinel API is designed for integration. Connecting operational collapse alerts and cluster confidence scores to the WHO Global Outbreak Alert and Response Network would amplify Sentinel's impact beyond individual CHW programs into regional and global outbreak coordination infrastructure.
Community Engagement Signal Tracking
Research consistently identifies community resistance as a compounding factor in outbreak response failure — documented specifically in the 2026 DRC Bundibugyo response. A community engagement score — tracking patterns of refused visits, missed appointments, and community feedback signals — would give Sentinel early warning of the social dynamics that precede coordination collapse, not just the coordination collapse itself.
RESEARCH FOUNDATION
Sentinel is built on documented surveillance failure modes, not theoretical assumptions.
Delayed and incomplete field reporting degrades outbreak detection. Studies on Uganda's Integrated Disease Surveillance and Response system show that untimely reporting is a persistent structural challenge, independent of disease type. The mechanism Sentinel detects — CHWs going silent — is the same mechanism that produces these reporting gaps at scale. → Timeliness and completeness of weekly surveillance data reporting on epidemic prone diseases in Uganda, 2020–2021 — BMC Public Health, 2023
The first mile problem: community-level detection is the weakest point. Research on Ebola response in Uganda shows outbreaks are hardest to detect at the community level, where the first signals appear. Coordination breakdowns at the CHW layer allow clusters to grow before escalation occurs — precisely the window Sentinel is designed to close. → The first mile: community experience of outbreak control during an Ebola outbreak in Luwero District, Uganda — BMC Public Health
Surveillance gaps directly caused the delay in Uganda's 2022 Sudan Virus outbreak. A study on that specific response documents how gaps in integrated disease surveillance and community-based reporting delayed detection of viral hemorrhagic fever — the same failure mode Sentinel's operational collapse detection is engineered to catch. → Understanding the delay in identifying Sudan Virus Disease — BMC Infectious Diseases, 2024
Response timeliness is the strongest predictor of outbreak severity. A systematic review of Ebola outbreaks in Uganda from 2000 to 2023 found that diagnostic and response delays directly increase case fatality ratios. The speed of the coordination system is not a secondary consideration — it is the primary determinant of outcomes when no vaccine exists. → The Impact of Diagnostic Delays and Timeliness of Response on Ebola Disease outbreak-level case-fatality Ratios in Uganda (2000–2023) — DOAJ Systematic Review
The 2026 outbreak context. This project was developed during the active Bundibugyo Ebola outbreak declared a Public Health Emergency of International Concern in May 2026, with confirmed cases in Kampala linked to travel from DRC's Ituri Province. → WHO Disease Outbreak News — Bundibugyo virus, DRC and Uganda, 2026 → Reuters — DRC Ebola outbreak spreads to Uganda as response lags
POTENTIAL IMPACT
Although Sentinel was inspired by Ebola response coordination in Uganda, the architecture generalizes far beyond one outbreak.
The same operational failure modes — delayed field reporting, silent CHW gaps, coordination breakdown under pressure — appear across Ebola, Mpox, cholera, Marburg, and future emerging infectious diseases.
The disease changes. The coordination problem does not.
Sentinel was designed to watch those gaps before outbreaks spread through them.
BUILT WITH
Google Cloud Agent Builder · Gemini 3.5 Flash · google-genai SDK
MongoDB Atlas · MongoDB Change Streams · Motor (async Python driver)
Google Cloud Run · Google Cloud Scheduler
FastAPI · Python 3.12 · Pydantic
Leaflet.js · Server-Sent Events · Vanilla HTML/CSS/JS
TRY IT OUT
Built With
- gemini-3.5-atlas
- google-cloud-agent-builder
- google-cloud-run
- google-cloud-scheduler
- html/css/javascript
- mongo-change-streams
- mongodb-atlas
- motor
- python
- server-sent-events(sse)
Log in or sign up for Devpost to join the conversation.