Project
Roadmap
SentinelLocal is a working prototype today. This is the path to a production-grade release — tracked in the open alongside the source.
Shipped
- ReAct planning agent (plan → reason → act) surfaced in CLI and UI
- Interactive chat REPL (sentinel chat)
- Automatic Ollama lifecycle management (start / health-check / stop)
- Long-running monitor mode (monitor_snapshot — interval-based diff)
- HTTP API + lightweight web UI (sentinel serve)
- Cross-platform log auditor (audit_logs — journald / Windows Event Log / unified log)
- Shell-history auditor (audit_shell_history — bash/zsh/fish/PSReadLine)
Planned
- APK static analysis (apktool / axmldecoder)
- iOS backup auditor (parse Manifest.db, TCC.db, CrashReporter for known stalkerware)
- Signed-binary verification on macOS / Windows
- Streaming agent responses
- Built-in IOC feed updater (MalwareBazaar, abuse.ch URLhaus, etc.)
Workstreams
The planned work is organised into six focused workstreams, taking the prototype to a dependable, well-packaged release.
Core hardening & cross-platform parity
Error handling, scanner parity across Linux/macOS/Windows, CI for all three platforms, docs.
Signed-binary & code-signature verification
Authenticode (Windows) and codesign / Security framework (macOS) verification, surfaced as findings.
iOS backup stalkerware auditor
Parse Manifest.db / TCC.db / CrashReporter from a local unencrypted backup to detect known stalkerware, fully offline.
Offline IOC-feed updater
User-controlled, offline-friendly fetch/merge of MalwareBazaar & abuse.ch URLhaus feeds into the local IOC store.
Streaming agent responses & reliability
Real-time token streaming, progress + cancellation, robust tool-calling and an evaluation harness across local models.
Packaging, docs & community
Homebrew, AUR/Flatpak, Windows MSI, signed macOS .dmg, release CI/CD, user & architecture docs, demo videos.