🛡️ The First Enterprise-Grade AI Security DMZ — Written in Pure C
36,000+ LOC • 21 Custom Protocols • 119 CLI Handlers • 103 Tests • 100% Production Ready
Every AI system is exposed. LLMs, RAGs, Agents, Tools, MCPs — they all trust input blindly.
SENTINEL Shield is the DMZ they desperately need.
| 🚫 Without Shield | ✅ With Shield |
|---|---|
| Prompt injection → Data leak | Blocked in < 1ms |
| Jailbreak → System compromise | Detected & logged |
| Exfiltration → Business secrets exposed | Redacted automatically |
| No visibility → Blind trust | Full audit trail |
|
|
| Metric | Value |
|---|---|
| Lines of Code | ~36,000 |
| Source Files | 131 .c, 80 .h |
| Protocols | 22 |
| CLI Handlers | 119 |
| Guards | 6 |
| Tests | 103 (94 CLI + 9 LLM) |
| Academy Modules | 22+ per language |
| Category | Protocols | Purpose |
|---|---|---|
| 🔍 Discovery | ZDP, ZRP, ZHP | Zone management |
| 🔄 Traffic | STP, SPP, SQP, SRP | Secure data flow |
| 📈 Analytics | SAF, STT, SEM, SLA | Metrics & telemetry |
| 🔁 HA | SHSP, SSRP, SMRP | Clustering & replication |
| 🔌 Integration | SBP, SGP, SIEM | External systems |
| 🔐 Security | STLS, SZAA, SSigP | TLS, Auth, Signatures |
Shield# show zones
Shield# guard enable all
Shield# class-map match-any THREATS
Shield(config-cmap)# match injection
Shield(config-cmap)# match jailbreak
Shield# policy-map SECURITY
Shield(config-pmap)# class THREATS
Shield(config-pmap)# block
Shield(config-pmap)# log
Shield# service-policy input SECURITYgit clone https://github.com/SENTINEL/shield.git
cd shield
make clean && make
make test_all # 94 CLI tests
make test_llm_mock # 9 LLM integration testsdocker build -t sentinel-shield .
docker run -p 8080:8080 -p 9090:9090 sentinel-shield#include "sentinel_shield.h"
shield_context_t ctx;
shield_init(&ctx);
// Evaluate before LLM call
evaluation_result_t result;
shield_evaluate(&ctx, user_input, len, "external", DIRECTION_INBOUND, &result);
if (result.action == ACTION_BLOCK) {
// Threat detected!
log_alert(result.reason);
} else {
// Safe to call LLM
call_llm(user_input);
}24 modules covering everything from basics to kernel-level security:
| Level | Modules | Focus |
|---|---|---|
| SSA (Associate) | 0-5B | Fundamentals, Installation, CLI |
| SSP (Professional) | 6-10 | Guards, 20 Protocols, HA |
| SSE (Expert) | 11-16 | Internals, Plugins, eBPF |
📚 Academy 🇷🇺 Русский | Academy 🇺🇸 English |
sentinel-shield/
├── src/ # 125 C files (~36K LOC)
│ ├── core/ # Zones, rules, guards
│ ├── protocols/ # 21 custom protocols
│ ├── cli/ # 119 CLI handlers
│ ├── guards/ # 6 guards (LLM/RAG/Agent/Tool/MCP/API)
│ ├── ffi/ # Brain FFI (HTTP, gRPC)
│ └── ...
├── include/ # 77 headers
├── tests/ # 103 tests
├── k8s/ # Kubernetes manifests
├── docs/academy/ # 60+ training modules (EN/RU)
├── Makefile # Build system
├── Dockerfile # Multi-stage production
└── .github/workflows/ # CI/CD (6 jobs)
┌──────────────────────────────────────────────────────────────┐
│ SENTINEL Platform │
├──────────────────────────────────────────────────────────────┤
│ ┌────────────┐ ┌────────────┐ ┌────────────┐ │
│ │ SHIELD │◄─┤ BRAIN │◄─┤ STRIKE │ │
│ │ (C DMZ) │ │ (Python ML)│ │ (Red Team) │ │
│ └────────────┘ └────────────┘ └────────────┘ │
│ ▲ │
│ │ SBP Protocol │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Your AI Systems (LLM/RAG/Agents) │ │
│ └─────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────┘
Apache 2.0 — See LICENSE
SENTINEL Shield
The DMZ Your AI Deserves