Privacy & security model
Sentinel is built to add safety without adding exposure. The whole system runs on your machine.
Network
Section titled “Network”- The proxy listens only on
127.0.0.1:47284— it is never bound to a public interface. - The only outbound traffic is the Claude Code requests you make, forwarded to Anthropic unmodified. There is no telemetry and no analytics phone-home.
- OTel telemetry (used by the Metrics tab) is received and stored locally.
Credentials
Section titled “Credentials”- Credentials for inactive accounts are stored in the OS keychain — Keychain on macOS,
Credential Manager on Windows, libsecret on Linux — under the service name
Sentinel-credentials. - The daemon never logs credential values. Only metadata (email, account UUID) is stored in the local SQLite database.
- Writes to
~/.claude.jsonand~/.claude/settings.jsonuse atomic rename, so a crash can’t leave a half-written settings file.
Inter-process communication
Section titled “Inter-process communication”- The app and daemon talk over a Unix domain socket (named pipe on Windows) created with
0600permissions — owner read/write only.
Security findings
Section titled “Security findings”- Event history stores redacted fingerprints only — never the original secret text.
- A per-finding hash drives deduplication, so the same finding doesn’t flood your history.
What stays on your machine
Section titled “What stays on your machine”Everything: usage history, rate-limit cache, security events, metrics, and settings all live under
~/.sentinel/ and in your OS keychain. Uninstalling can wipe them
(Installation → Uninstall).