Skip to content

Privacy & security model

Sentinel is built to add safety without adding exposure. The whole system runs on your machine.

  • The proxy listens only on 127.0.0.1:47284 — it is never bound to a public interface.
  • The only outbound traffic is the Claude Code requests you make, forwarded to Anthropic unmodified. There is no telemetry and no analytics phone-home.
  • OTel telemetry (used by the Metrics tab) is received and stored locally.
  • Credentials for inactive accounts are stored in the OS keychain — Keychain on macOS, Credential Manager on Windows, libsecret on Linux — under the service name Sentinel-credentials.
  • The daemon never logs credential values. Only metadata (email, account UUID) is stored in the local SQLite database.
  • Writes to ~/.claude.json and ~/.claude/settings.json use atomic rename, so a crash can’t leave a half-written settings file.
  • The app and daemon talk over a Unix domain socket (named pipe on Windows) created with 0600 permissions — owner read/write only.
  • Event history stores redacted fingerprints only — never the original secret text.
  • A per-finding hash drives deduplication, so the same finding doesn’t flood your history.

Everything: usage history, rate-limit cache, security events, metrics, and settings all live under ~/.sentinel/ and in your OS keychain. Uninstalling can wipe them (Installation → Uninstall).