Serious agents need enforceable boundaries and a trustworthy record of what they actually did.
Trust kernel for agents2026Active
Sentinel OS
A local-first trust kernel for agent systems with policy checks, append-only history, and verification.
At a glance
A local-first trust kernel with policy checks, append-only history, and verifiable outcomes.
Moves agent safety away from vague logging and toward systems-level integrity guarantees.
System sketch
Policies are evaluated before actions run, with a bias toward explicit permission rather than best effort.
Execution history is captured as an append-only sequence of transitions instead of scattered logs.
Outcomes are packaged so that integrity can be checked offline without trusting the running agent.
The structure is designed to grow toward auditable memory and tighter control planes for agents.
Design notes
If a system cannot show what happened after the fact, it is not trustworthy enough.
Constraint systems matter more when humans can see the rules that governed an action.
Verification belongs in the system design, not as an afterthought.
Question
The harder question for serious agent use is not raw capability. It is whether actions can be constrained, reconstructed, and verified without trusting the model on its own terms.
Sentinel OS treats that as a systems problem rather than a logging or prompting problem.
Approach
- Use append-only execution history instead of scattered logs.
- Bias policy evaluation toward explicit permission rather than best effort.
- Package outcomes so they can be verified offline after execution.
- Treat memory and state transitions as objects that should eventually be auditable too.
Open questions
- What is the smallest useful policy surface for practical agent systems?
- How should memory mutations be represented if they need the same audit trail as actions?
- Which guarantees are worth paying for in exchange for complexity and friction?