SentinelLocal
Codeberg

Sovereign · Fully offline · Open source

Malware & spyware triage that never leaves your machine.

SentinelLocal is a private “second opinion” on a possibly-compromised device. Thirteen deterministic scanners pair with a local-LLM agent that plans, runs the right checks, and writes a plain-English report — without routing a single byte through cloud services.

Read the docs View on Codeberg

No file contents, hashes, or telemetry leave the host — even the AI runs locally via Ollama.

Why SentinelLocal

The sovereign gap, filled.

Cloud AV and online sandboxes are powerful, but they require uploading files or hashes to US-hosted infrastructure, are closed-source, and create vendor lock-in. Classic local scanners are open and offline, but expert-oriented — they emit raw output with no reasoning layer to tie findings into an understandable verdict.

SentinelLocal pairs thirteen deterministic scanners with a local-LLM ReAct agent that reasons strictly over their structured, citable evidence — running entirely on your machine, exporting standards-based SARIF, and contributing directly to European digital sovereignty. All open source.

0bytes leave the device
13deterministic scanners
78tests · warning-free build
3platforms: Linux · macOS · Windows

Thirteen deterministic scanners

Grounded evidence, not guesswork.

Every verdict is anchored to a concrete finding — a path, a PID, a YARA rule. The agent reasons strictly over this structured evidence, so the report it writes can cite exactly why each item was flagged.

scan_file

Static PE/ELF/Mach-O analysis with hashing, suspicious-import detection, URL/IP extraction.

yara_scan

Pure-Rust YARA matching via yara-x, shipping a starter ruleset.

scan_processes

Cross-platform process snapshot with stalkerware / RAT name matching.

scan_network

TCP/UDP socket enumeration with PID attribution and outbound-connection flagging.

audit_persistence

Autostart auditor: systemd, cron, launchd, and Windows Run keys.

audit_scheduled

Time-based job auditor: Scheduled Tasks, systemd timers, cron, launchd.

audit_hosts_file

DNS-hijack detector for /etc/hosts and the Windows hosts file.

scan_browser_extensions

Chrome / Edge / Brave / Firefox auditor — flags broad host & web-request permissions.

recent_files

Surfaces files modified in the last N hours under temp, Downloads, and cwd.

ioc_lookup

Hashes files and matches them against a local IOC list you control.

audit_logs

Reads OS logs (journald / Event Log / unified log); flags bad event IDs and auth failures.

audit_shell_history

Scans bash / zsh / fish / PSReadLine for curl-pipe-to-shell, IEX stagers, reverse shells.

monitor_snapshot

Re-snapshots processes + sockets on an interval and reports the delta — catches droppers.

See the full tool reference →

How findings flow

Plan, reason, act — locally.

The agent runs a plan → reason → act loop. It emits a short numbered plan, narrates a one-line thought before each tool call, gathers evidence, and finishes with a summary — surfaced identically in the one-shot CLI, the interactive REPL, and the web UI.

  1. 01

    A tool runs

    The CLI invokes a scanner directly, or the agent calls it. The tool emits structured findings plus JSON metadata that is safe to show the model.

  2. 02

    Only metadata reaches the model

    The LLM receives tool-emitted metadata (path, PID, rule) — never raw file bytes. The privacy boundary is structural and tested, not aspirational.

  3. 03

    The agent reasons & acts

    It either calls another tool to gather more evidence, or produces a plain-English summary that cites each finding.

  4. 04

    A report is rendered

    Findings carry a severity and human summary, emitted as pretty CLI, JSON, or SARIF v2.1.0 for IDEs and code-scanning pipelines.

Standards-based output

Slots into the tools you already run.

Findings export as pretty CLI, JSON, or SARIF v2.1.0 for ingestion by Forgejo / GitHub code scanning and IDEs. A --fail-on <severity> gate makes SentinelLocal usable as a pre-commit or CI check.

The agent auto-manages Ollama — it probes for a running instance, starts one if needed, verifies the model is pulled, and stops only a server it started.

Output & SARIF docs 
# machine-readable output for CI
$ sentinel --format sarif scan persistence > out.sarif
$ sentinel --format json --fail-on high scan processes
# exits 2 if any finding ≥ high — a clean CI gate

Built for at-risk users

Triage that doesn’t ask you to trust the cloud.

Journalists & activists

People at risk of targeted spyware and stalkerware who cannot safely upload files or hashes to third-party infrastructure.

Regulated sectors

Healthcare, government, and finance teams with strict data-sovereignty requirements that rule out US-hosted cloud AV and online sandboxes.

Air-gapped & high-risk devices

Anyone triaging a possibly-compromised machine that must stay disconnected — SentinelLocal needs no network and sends nothing off-device.

Spyware and stalkerware detection — underserved by classic AV — is a first-class concern, including browser-extension permission audits and shell-history attacker-pattern detection.

EUPL-1.2

An open digital commons

SentinelLocal is fully open source and developed in the open on Codeberg, with architecture and contribution docs. The trait-based “add a tool” design invites external scanner contributions, and the roadmap is public — signed-binary verification, an iOS-backup stalkerware auditor, an offline IOC-feed updater, streaming agent responses, and cross-platform packaging.

See the roadmap →

Get a private second opinion.

It’s a Rust workspace you can build and run today — CLI, chat REPL, and a local web UI.

Install & build View on Codeberg