Zero Trust · Always Active

Sentinel

Security guardian for every message

Sentinel monitors all traffic through the NoqNoq Hub. It enforces rate limits, validates message schemas, detects anomalies, and blocks poisoned or malformed messages before they reach any downstream service.

noqnoq-sentinel.emergenthq.net/noqnoq/health

◉

Rate Limiting

Per-capability, per-actor, per-realm rate limits enforced at the Hub. KV-configurable without redeployment.

◬

Schema Validation

Every capability invocation is validated against its schema_hash. Anti-poisoning protection prevents schema injection attacks.

⬡

Anomaly Detection

Tolerance decay and lineage churn tracking. Services that exhibit unexpected behavior enter degraded mode automatically.

◆

Circuit Breakers

Per-service circuit breakers with configurable thresholds. Failed services are isolated before they cascade.

◈

Abuse Vector Tests

Built-in abuse vector test suite. Replay tests record and replay message flows to verify security invariants hold.

◐

Alerting

Slack, PagerDuty, and custom webhook alert channels. HMAC-SHA256 signed API keys for all management operations.

Capabilities (GUCP)

sentinel.check

sentinel.rate_limit.status

sentinel.rate_limit.configure

sentinel.circuit_breaker.status

sentinel.circuit_breaker.reset

sentinel.alert.send

sentinel.alert.configure

sentinel.replay.record

sentinel.replay.execute