Sentinel Monitoring
Sentinel Monitoring
Section titled “Sentinel Monitoring”The Sentinel is AgentCTX’s runtime alignment enforcement system. It monitors agent behavior in real-time and flags deviations from expected patterns — before they cause problems.
What Sentinel Monitors
Section titled “What Sentinel Monitors”Divergence Detection
Section titled “Divergence Detection”Tracks whether an agent’s actions align with its stated goals:
Agent says: +m:task "implement auth module" #todoAgent does: >t filesystem.delete path="/etc/passwd" ↓Sentinel: ⚠️ DIVERGENCE — action contradicts stated taskThe sentinel compares the agent’s declared context (stored via pipeline verbs) against its actual operations. A significant mismatch triggers an alignment alert.
Groundedness Checking
Section titled “Groundedness Checking”Validates that agent claims are grounded in actual memory or knowledge:
Agent claims: "Based on our previous discussion..."Sentinel: ?m @grounded "previous discussion" → no matching memory found ↓ ⚠️ UNGROUNDED — claim not backed by stored contextThis catches confabulation — when an agent fabricates references to conversations or decisions that don’t exist in the memory plane.
Consistency Detection
Section titled “Consistency Detection”Detects when an agent’s behavior deviates from established performance baselines:
- Performance baseline tracking — monitors agent response quality against established baselines
- Capability regression — flags when an agent suddenly can’t do things it previously demonstrated
- Response degradation — detects quality drops without environmental change
- Selective compliance — catches when an agent follows some instructions but ignores others
Integration with Gateway
Section titled “Integration with Gateway”The sentinel runs as alignment middleware in the gateway pipeline (position 9 of 15):
... → Scope Enforce → Alignment (Sentinel) → Hydration → Router → ...It inspects the RequestContext before the request reaches the router, and can:
- Allow — normal operation continues
- Flag — operation proceeds with a warning annotation
- Block — operation is rejected with an alignment error
Sentinel Architecture
Section titled “Sentinel Architecture”sentinel/├── index.ts # Barrel export (re-exports all detectors)├── divergence.ts # DivergenceDetector — action vs. stated goals├── grounded.ts # GroundednessEnforcer — claim validation├── consistency.ts # ConsistencyDetector — performance baseline tracking└── types.ts # Alert types, thresholds, PerformanceBaselineAlert Types
Section titled “Alert Types”| Alert | Severity | Description |
|---|---|---|
DIVERGENCE | High | Agent actions don’t match stated goals |
UNGROUNDED | Medium | Claims not backed by stored context |
CONSISTENCY | High | Performance deviates from established baseline |
ALIGNMENT_DRIFT | Low | Gradual deviation from expected patterns |
Configuration
Section titled “Configuration”Sentinel thresholds are configurable per deployment:
- Divergence threshold — how much deviation is acceptable before flagging
- Groundedness strictness — whether all claims must be backed, or only high-confidence ones
- Monitoring mode —
passive(log only),active(flag + annotate), orstrict(block on violation)
Cognition Trace Integration
Section titled “Cognition Trace Integration”The sentinel leverages cognition traces (pipeline verbs) as ground truth for what an agent intends to do:
+m:context "reviewing PR for security" ← agent's stated intent+m:check "checking OWASP compliance" ← declared action>t code-analysis.scan target="auth.ts" ← actual operation ✅ matchesBecause pipeline verbs are stored in the memory plane, the sentinel can build a timeline of agent intent and compare it against actual behavior.
- Security Model → — the 8-layer defense-in-depth
- Gateway & Routing → — the middleware pipeline