Enterprise AI Agent Governance.
Self-Hosted. EU AI Act Ready.
The only AI agent platform where compliance, security, and human oversight are architecture — not afterthoughts.
AI vendors focus on model performance — not governance
Observability platforms track what happened — not whether it was allowed
Cloud providers bundle governance with vendor lock-in
Open-source guardrails handle injection — but miss audit, compliance, and identity
Self-hosted enterprise platform that governs every AI agent action through deterministic policy enforcement, human-approval workflows, and immutable audit trails.
SHIELD policy engine enforces decisions before execution — not retrospectively. Deny-by-default. Declarative. Auditable.
AI Act risk classification, GDPR data subject rights, NIS2 incident reporting — evidence artifacts generated from operations, not paperwork.
Zero cloud dependency. Air-gapped support via Ollama. Your data never leaves your infrastructure. Deploy on Docker, Kubernetes, or bare metal.
Deny-by-default governance
Declarative YAML policies with typed effects: allow, deny, require_approval, allow_with_redaction. Every agent action evaluated before execution.
Ed25519 signed evidence chains
Append-only audit log with optional cryptographic hash-chain signing. Tamper-evident records for regulatory proof and forensic analysis.
Answer "who approved what, when?" in secondsOversight where it matters
Configurable approval gating for high-risk operations. Identity-bound decisions with OIDC/SAML SSO. Bulk actions via admin console.
High-value decisions always require human sign-offOIDC + SAML + SCIM + RBAC
Full SSO with OIDC (PKCE) and SAML 2.0. SCIM v2 provisioning for automated joiners/movers/leavers. Role-based access control with per-tenant isolation.
Employees offboarded? Sessions revoked instantly.Draft → Approve → Sign → Publish → Monitor
YAML-based skill definitions with Ed25519 signing. Supply-chain integrity verification. A/B testing, metrics tracking, and LLM usage budgets.
No agent skill runs without review and signingImmediate emergency halt
Durable kill switch that halts all agent execution across replicas within seconds. Persists across restarts. Because "undo" doesn't exist for sent emails.
One click to stop everything. Instantly.// Your Infrastructure AI Agents Sentinel Gateway Claude, GPT, → SHIELD Policy Engine Ollama Audit Trail (Ed25519) Identity (OIDC / SAML) Enterprise Skill Engine + Signing SAP, M365, → Kill Switch (distributed) Jira Compliance (AI Act / GDPR / NIS2) Storage: SQLite (single) | PostgreSQL (multi-tenant) Deploy: Docker | K3s / Kubernetes | Ansible / VM
Single command startup. 6 profiles: dev, TLS, multi-tenant, observability, demo, local-LLM.
docker compose upHA with replicas, PDB, HPA, default-deny NetworkPolicy. Production-ready Kustomize configs.
bash scripts/deploy-k3s.sh prod-haSingle-node bare metal. Systemd service management. No container runtime required.
ansible-playbook deploy.ymlGovernance workflows and audit artifacts generated from operations. Compliance evidence automation across four frameworks.
X-Sentinel-AI-Disclosure: true# Classify an agent under EU AI Act curl -X POST https://sentinel.your-domain.com/v1/compliance/ai-act/classify \ -H "Authorization: Bearer $TOKEN" \ -d '{"agentId": "invoice-matcher", "purpose": "automated_invoice_processing"}' # Response { "riskLevel": "limited", "transparencyObligations": ["art50_disclosure"], "recommendedControls": ["human_oversight", "audit_logging"] }
Predictable annual licensing. No consumption billing. No cloud vendor lock-in.
| Severity | Standard | Premium | Premium+ |
|---|---|---|---|
| Sev-1 Critical | Next business day | 1h response, 24/7 | 30min response, 24/7 |
| Sev-2 High | 8 business hours | 4 hours | 2 hours |
| Sev-3 Medium | 3 business days | Next business day | 8 business hours |
| Sev-4 Low | 5 business days | 2 business days | Next business day |
All prices in EUR. USD invoicing available on request. Annual billing, net 30. Initial term 12 months with annual renewal.
Try Sentinel Agent on one priority workflow. Baseline KPIs measured — cycle-time reduction, approval latency, compliance evidence completion rate. Up to 50% of pilot fee credited toward Year 1 subscription.
Start Your PilotTriage, categorize, draft responses with approval gates
Mail, calendar, files via Graph API with policy enforcement
Read/write with mutation audit trails
Approval-gated transactions for high-value operations
Build your own with the MCP Adapter SDK
LangSmith and LangFuse are observability platforms — they show you what happened. Sentinel Agent is a governance control plane — it enforces what's allowed to happen. SHIELD policies evaluate every action before execution, not after. Our immutable Ed25519 audit trail proves tamper evidence. And our compliance modules automate EU AI Act, GDPR, and NIS2 evidence — something no observability platform offers.
Yes. Sentinel Agent supports Ollama for local LLM inference with zero external API calls. Combined with Docker or VM deployment, you can run the entire platform on-premises with no internet connectivity required.
Anthropic Claude, any OpenAI-compatible API, and Ollama for local/air-gapped deployments. The platform is LLM-agnostic — you bring your own models, we govern them.
Yes. The full 46,000+ LOC TypeScript codebase is available under Apache 2.0. All security controls, compliance modules, deployment configs, and tests are included. Commercial support, SLAs, and managed services are available through FRECH & WUEST GmbH.
Docker Compose: under 5 minutes. Kubernetes (K3s): under 30 minutes with our production configs. VM deployment: under 1 hour with Ansible playbook. A typical pilot is operational within 1-2 weeks including configuration and integration.
Sentinel Agent is self-hosted. Your data lives on your infrastructure, in your data center, in your jurisdiction. There is zero cloud dependency and no data ever leaves your control.
Sentinel Agent includes AI Act risk classification (Annex III), technical documentation support (Art. 11), and transparency disclosure headers (Art. 50). Our compliance module generates the evidence artifacts regulators expect. Starting a pilot now gives you a proven governance framework well before the deadline.
| Capability | Sentinel Agent | LangSmith / LangFuse | AWS Bedrock Guardrails | Guardrails AI | DIY |
|---|---|---|---|---|---|
| Pre-execution policy enforcement | ✓ | — | Partial | — | Build it |
| Immutable audit trail (Ed25519) | ✓ | — | — | — | Build it |
| EU AI Act compliance module | ✓ | — | — | — | Build it |
| GDPR data-subject rights APIs | ✓ | — | — | — | Build it |
| Self-hosted / air-gapped | ✓ | Cloud only | AWS only | ✓ | ✓ |
| Human approval workflows | ✓ | — | — | — | Build it |
| OIDC + SAML + SCIM | ✓ | SAML | IAM | — | Build it |
| Kill switch (distributed) | ✓ | — | — | — | Build it |
| Prompt injection detection | ✓ | — | ✓ | ✓ | Build it |
| Time to production | 2 weeks | 1 day | 1 day | 1 week | 18+ months |
Start a 30-60 day pilot. Measure the difference. Up to 50% credited toward your first year.
Or email us directly: sentinel@frechundwuest.de