← All products
Security & Governance

Parinita Sentry

Agentic governance — watches every Parinita agent simultaneously, on every plane, in every POP.

Sentry is the cross-cutting agentic-governance layer. It's the only product in the portfolio that watches every Parinita agent — all 21+ of them — simultaneously across every plane, every POP, every workload. Three governance domains: artifact governance, runtime identity, and continuous behavioral baselining.

Talk to us See the platform
Capabilities

What it does

  • Artifact governance

    Five-track parallel scan pipeline (static code, behavioral sandbox on gVisor, publisher reputation, vector similarity to known-malicious, version delta) gates every model, agent, MCP server, and dataset before publication on Central.

  • Runtime identity (Warden)

    The Warden agent on Plane 3 issues Ed25519 keypairs for every agent, compiles per-agent permissions into Policy Warrants, and distributes BPF maps to ConnectX-7 NICs via NATS JetStream.

  • Behavioral baselining

    Continuously baselines every agent's tool calls, planes accessed, data volumes, and inter-agent invocations. Anomaly models on Plane 1 Gaudi 3 detect novel cross-agent kill chains.

  • NIC-level enforcement

    Policy Warrants compile to BPF maps; Crucible distributes; ConnectX-7 ASIC enforces. A packet to an unauthorized destination is XDP_DROP'd before it touches the kernel — and the violation logs to Chrysalis as an immediate revocation event.

  • Approved artifacts get Chrysalis attestation

    Composite risk score → approve / block / quarantine. Approved artifacts receive a 101-validator QBFT attestation (supermajority 68) that customers can verify on-chain independently.

How it works

Artifact governance runs on a five-track parallel scan pipeline executed on Plane 1 Gaudi 3: static code analysis, behavioral sandbox (gVisor on Plane 3), publisher reputation, P4 vector-database semantic similarity to known-malicious artifacts, and version delta analysis. Composite risk scores trigger policy decisions — approve, block, or quarantine. Approved artifacts get a Chrysalis attestation (101-validator QBFT, supermajority 68) that customers can verify on-chain independently.

Runtime identity uses the Warden agent (on Plane 3) to issue Ed25519 keypairs for every agent, compile per-agent permissions into Policy Warrants, and distribute the resulting BPF maps to ConnectX-7 NICs at every host node via NATS JetStream. The eBPF/XDP program enforces the warrant at the NIC ASIC — a packet to an unauthorized destination is XDP_DROP’d before it touches the kernel, and warrant violations are logged to Chrysalis as immediate revocation events.

Agentic behavior monitoring continuously baselines every agent’s pattern of tool calls, planes accessed, data volumes, and inter-agent invocations. Anomaly models on Plane 1 Gaudi 3 detect novel cross-agent kill chains — for example, an MCP server quietly approved at risk score 0.28 that exfiltrates a GitHub token, then pushes malicious code, then triggers an unusual data volume from the developer workstation. Sentry flags the correlated pattern; Overwatch issues the cross-domain response.

When to use it

  • Any deployment with autonomous agents acting on real systems.
  • Regulated workflows where you need to demonstrate runtime control, not just documented policy.

What it isn’t

A WAF or API gateway. Sentry reasons about agent intent — what action, toward what resource, for what reason — not just request shape.

More from the fabric

Related products

Part of the Parinita AI Edge

Bring Parinita Sentry into your stack.

Every Parinita product runs on the same 9-plane fabric across 101 edge POPs. Talk to us about a pilot, or see how the pieces fit together.

Talk to us See the infrastructure