-
-
Sentinel Protocol
-
Sentinel Protocol: Multi-Agent Framework Architecture
-
Inspiration The Sentinel Protocol was born from the "probabilistic gap" in modern AI. While LLMs excel at reasoning, they frequently hallucinate when faced with deterministic system data—a fatal flaw for network security. I was inspired to build a fiduciary safety net that forces AI to prove its work against hard-coded, verifiable system rules, ensuring that technical monitoring is governed by logic rather than probability.
What it does
Sentinel Protocol is an autonomous, multi-agent fiduciary auditing system. It uses a Triage Analyst to pull raw system data and an Integrity Auditor to verify findings against a strict SIFT (Sentinel Integrity Fiduciary Trust) policy. If the AI cannot programmatically prove its claims—such as confirming an IP address's CIDR range—the system issues a [VETOED] status, preventing false positive alerts.
How we built it
We utilized crewai to orchestrate a dual-agent workflow. The core logic is built on:
Deterministic Tooling: Using Python’s ipaddress library to bridge the gap between AI reasoning and mathematical certainty.
Fiduciary Logic: Implementing an Auditor agent that independently cross-references every Analyst claim against raw system output.
Environment Isolation: Using .env and dotenv for secure credential management, ensuring the pipeline remains clean and professional.
Challenges we ran into
The biggest hurdle was "Agent Hallucination." During testing, the AI would frequently guess the ownership of IP addresses. We overcame this by forcing the agents to rely on a deterministic Check Microsoft IP Range tool. We also faced complex Git merge conflicts and environment configuration issues, which we resolved by implementing a rigorous git rebase and force-push workflow to maintain a single source of truth.
Accomplishments that we're proud of The Veto Protocol: Developing an architecture where the Auditor agent has the power to reject the Analyst’s work. Deterministic Safety: Successfully moving from "AI guessing" to "Python-verified certainty." Submission Resilience: Successfully building and deploying a multi-agent system under the pressure of a final hackathon deadline.
What we learned
I learned that the key to AI reliability is decoupling observation from verification. By forcing the AI to use native system tools (like ss -tnp) and mathematical libraries (ipaddress) before reaching a conclusion, we can turn a creative engine into an authoritative auditor.
What's next for Sentinel Protocol Our roadmap focuses on transforming the Sentinel Protocol into a high-fidelity, autonomous IR (Incident Response) workstation.
Toolchain Integration via MCP: We are integrating the Model Context Protocol (MCP) to connect Sentinel directly to industry-standard forensic tools—including Volatility for memory forensics, and log2timeline/Plaso for log aggregation. This allows our agents to operate on deep-system artifacts, not just live network states.
Persistent Self-Correction Loop: We are evolving the Auditor into a feedback engine. When the Auditor issues a [VETOED] status, the system will trigger an automatic re-investigation loop where the Analyst adjusts its parameters and evidence gathering strategy, resubmitting for audit until the evidence meets our high-integrity threshold.
Autonomous Accuracy: By implementing hard iteration caps, we will create a fully autonomous, self-optimizing triage system that maintains absolute fiduciary fidelity without requiring constant human intervention.
Log in or sign up for Devpost to join the conversation.