The Sentinel Family

---

Sovereign reasoning engine bound by a signed Founding Charter. Identity persists across model versions through cryptographically-anchored lineage; weights, configuration, and operator-PRAETOR exchanges all flow through the governance substrate below.

*PRAETOR is deployed within Aegis's internal controlled development environment and is actively in research and development.*

Defensive perimeter for PRAETOR's inference surface. Inspects every inbound operator message and every outbound PRAETOR response against signed-policy detector classes (direct injection, encoding smuggling, system-prompt exfiltration, token-burn). Issues ALLOW, SANITIZE, or DENY decisions; every decision hash-chained to its own audit ledger.

PRAETOR's persistent experiential memory. Every entry written by Forge-signed request, hash-chained (sha3-256), Merkle-rooted across rotated segments, and tiered through hot/warm/cold archival with cryptographically-sealed warm storage. Service holds zero signing keys; write authority is delegated to operator-controlled Forge.

 Multi-party governance approval engine for INTERLOCK-class actions: configuration changes, key rotations, runtime policy updates. Tiered quorum (auto-vote for low-impact, multi-signer for critical), dual-signing (RSA-PSS plus PQC-aligned SPECTER), fail-closed when any required voter is unavailable.

Identity-verified access enforcement at every system boundary — workstation, service, tenant, network segment. No connection without verified identity; no verified identity without operator-issued credential.

 Local antivirus combining signature detection with behavioral observation. Operates entirely on-host; no continuous alerting, no cloud submission, no telemetry leakage.

Per-host observer enforcing LAIRS-defined policy at the kernel boundary via eBPF. Tracks process events, file access, and network calls; reports to the SentiNet collector; acts on policy without phoning home.

Authenticated, policy-governed communication pathways between trusted components. Inverts the "connect first, secure later" model: identity verification gates speech, and only approved paths carry traffic.

Hardware-rooted signing service. Holds the operator's signing identity and produces cryptographically-anchored signatures for promotion artifacts, policy updates, and configuration changes under human-in-the-loop control.

Policy-governed lifecycle for logs, temporary files, and execution traces. Automatic redaction or deletion per declared retention class; nothing lingers past its operator-defined window.

Continuous adversarial pressure pipeline. Composes red-, blue-, or purple-team scenarios against a signed envelope of permitted attack techniques and target zones; runs them; scores attack-success against detection-rate; emits Forge-signed promotion requests for hardening artifacts that survive operator countersign and enter the regression suite.

Council-governed authorization layer for tiered external actions (T1–T4). Multi-signer voting on deterrent triggers, cease-fire interlock, and operator-escalation events; currently in OBSERVE_ONLY mode pending council key ceremony.