Hash-chained receipts
Every action is appended to a tamper-evident chain — operator, role, model, engine-version, scope, cost. Break a link and the verifier rejects everything downstream.
0%
Actions attributable
The accountability layer for AI agents & teams
Receipts,
Receipts,
or it didn't
happen.
Sentinel gives every action your team and your AI agents take a tamper-proof receipt — so you can prove what happened, not just claim it. Receipts anyone can verify; nothing you can quietly edit.
Prove what happened — human or AI
Catch the mistake before it costs you
Audit-ready for any partner or regulator
0
Silent failures tolerated
SHA-256
Hash-chained ledger
L2
On-chain anchor-ready
0
Founding Partner slots
The posture
Operators do not get to be believed.
Operators do not get to be believed.
They get to be verified.
Accountability is the spine, not a feature. Four primitives, enforced in code — not policy, not promises.
Firewall-as-code
Scope is a denylist, not a convention. Sealed workspaces, secrets, and crown-jewel paths are mechanically out of reach — a violation is recorded and attributable, never silent.
On-chain anchoring
Every ledger batch is Merkle-rooted and chain-verifiable by anyone today — including a regulator. On-chain L2 anchoring is rolling out, so the proof outlives us.
Consent-gated reads
Reputation is aggregate-only and consent-gated by architecture. No tier buys around the privacy contract. We sell verifiability — never the underlying identity.
How it works
Plug it in once. Get receipts forever.
No new habits to learn. Once your tools and agents are connected, every action seals itself into the ledger — automatically, the moment it happens.
Connect
Point your agents, scripts, and tools at Sentinel with a single key. Humans and AI emit through the same pipe — nothing to install per person.
Act
A deploy, a payment, a data read, a sign-off — each becomes a sealed receipt the instant it happens. Who, what, on what, and the result.
Chain
Each receipt locks to the one before it. The ledger turns tamper-evident: alter any past entry and every later link visibly breaks.
Verify
One click re-checks the whole chain; on a cadence its fingerprint is anchored on-chain. Pass, or "broken at #N." Anyone can check — even a regulator.
The words you'll see, in plain English
- Receipt
- A sealed record of one action — who did what, to what, and the result.
- Hash-chain
- Each receipt's fingerprint includes the previous one's, so editing history breaks the chain — automatically and visibly.
- Verifier
- The one-click check that returns PASS — or the exact receipt where integrity failed.
- On-chain anchor
- The chain's fingerprint stamped onto a public blockchain, so history can't be rewritten later — not even by us.
- Firewall-as-code
- Rules for what each operator may do, enforced automatically. Out-of-lane actions are blocked, not just logged.
- Consent-gated
- Protected data can't be read without explicit, recorded permission — by anyone, including Sentinel.
Live proof
If the chain does not verify,
the output is not trusted.
This is not a slogan — it's the verifier running. Watch a ledger seal link-by-link. Then tamper with one receipt and watch the whole chain reject.
Ledger idle — run the verifier.
The swarm
It doesn't just record accountability.
It doesn't just record accountability.
It produces it.
Sentinel runs a curated swarm of accountable operators — human or AI — that continuously audit, fix, and maintain your code. The roster is deliberately small: an operator earns its seat only by emitting a verifiable receipt for everything it does. No checkable artifact, no seat.
Audit — find
Operators comb the codebase for the bug, the regression, the security hole. Every finding lands as a receipt, not a claim.
Fix — repair
Each fix links to the finding it corrects, so the repair is provably tied to the problem. Correction lineage, not a mystery commit.
Maintain — keep
Fixes rot. Operators keep them honest over time — re-checking, re-sealing — so what passed yesterday still holds today.
The keystones — catch
Two operators exist only to catch: an independent reviewer and a security operator. The swarm is held to the standard it enforces — who acted, who caught it, who fixed it.
For developers
Wire it in once. Receipts seal in minutes.
Two calls: one to seal an action, one to verify the chain. Humans and agents emit through the same pipe — language-agnostic, dependency-light, identical on every plan.
# 1 · seal an action — humans and agents, same pipe
curl -X POST https://sentinel.matchain.io/v1/receipts \
-H "Authorization: Bearer $SENTINEL_KEY" \
-d '{"operator":"agent:planner-7","role":"planner",
"action":"deploy","target":"svc/checkout@1.9.2",
"scope":"ok","cost_cents":0.4}'
→ { "seq":1069, "hash":"a1f0…e9", "prev":"9c4b…2d" }
# 2 · verify the whole chain — no key required
curl https://sentinel.matchain.io/v1/verify
→ { "ok":true, "links":1069, "root":"0x9f4c…e21" }# pip install sentinel-sdk
from sentinel import Sentinel
s = Sentinel(api_key=os.environ["SENTINEL_KEY"])
# seal — humans and agents use the same call
r = s.receipts.seal(
operator="agent:planner-7", role="planner",
action="deploy", target="svc/checkout@1.9.2",
scope="ok", cost_cents=0.4,
)
print(r.seq, r.hash) # 1069 a1f0…e9
# verify — PASS, or the exact broken link
v = s.verify()
assert v.ok, f"broken at #{v.broken_at}"// npm i @sentinel/sdk
import { Sentinel } from "@sentinel/sdk";
const s = new Sentinel({ apiKey: process.env.SENTINEL_KEY });
// seal an action
const r = await s.receipts.seal({
operator: "agent:planner-7", role: "planner",
action: "deploy", target: "svc/checkout@1.9.2",
scope: "ok", costCents: 0.4,
});
console.log(r.seq, r.hash); // 1069 a1f0…e9
// verify the chain — anyone can
const v = await s.verify();
if (!v.ok) throw new Error(`broken at #${v.brokenAt}`);The verify endpoint is public and keyless. The ingest API is in Founding-Partner preview.
The ladder
It earns its way up. It does not start broad.
Sentinel graduates a competency ladder before it touches anything that matters. The crown jewel is the graduation, never the start.
Phase 0
Calibration
Throwaway repo. 2-agent smoke test. Containment proven behaviorally.
✓ Shipped
Phase 1
Data layer
Receipts, ledger, scorecards. Self-contained Command Center over a frozen contract.
✓ Shipped
Phase 2
Central aggregation
Cross-machine ingest on Cloudflare. Throttle enforced at run-time, HMAC-authed.
● Live
Phase 3
Identity binding
Every role becomes a persistent MatchID DID. Reputation compounds across audits.
→ Next
Phase 4
Hire registry
On-chain anchor + verifiable hire receipts. Identity on both sides of every engagement.
→ Next
Who it's for
If you delegate to people or agents, you need receipts.
Anywhere actions outrun your ability to watch them, Sentinel turns trust into proof.
AI agent fleets
Running a swarm of agents? Prove what each one did — and catch the one that drifts before it costs you.
Agencies & dev shops
Hand clients receipts as proof of work. Scope disputes end in seconds, not email threads.
Fintech & regulated
A tamper-proof action ledger your auditors can read directly. Regulators get free, unlimited access.
Treasury, multisig & DAO ops
Prove funds and keys were never touched out of scope — to your board, your partners, your community.
Solo devs & researchers
Free tier, forever. Verify any chain and publish the proof. Open-source friendly by default.
Access
Free for the long tail.
Free for the long tail.
Bounded for teams. Bespoke for the regulated band.
Every plan — Free to Regulated — gives you the same load-bearing surface and the same privacy contract. No tier buys around it.
Free
$0
1,000 reads / day
- Hash-chained verification
- Aggregate, consent-gated reads
- Public integrity endpoint
- For devs, researchers, regulators
Pro
$149 / mo
Higher quota
- Everything in Free
- Raised daily read quota
- Priority verification
- Email support
Business
$499 / mo
Team surface
- Everything in Pro
- Workspaces & team keys
- Audit log + exports
- SLA-backed reads
Enterprise
from $2,500 / mo
Custom contract
- Everything in Business
- Dedicated capacity
- On-chain anchor cadence
- Security review support
Regulated
Bespoke
Institutional
- Banks, custody, regulators
- Jurisdiction controls
- Custom retention
- Direct line to the team
● Free regulator access — unlimited, forever, documented publicly.
Annual billing: 20% off Pro & Business.
Founding Partner rate locked 24 months.
Questions, answered
The questions a first-timer actually asks.
Do you read my data?
No. We sell proof of integrity, not access to content. Your findings stay inside your repo; the control plane sees metadata, never the crown jewel.
Do I need to be technical?
To read the dashboard and understand the receipts — no. To wire your agents in today, there's a short developer setup: paste a key, point your tools at it. One-click onboarding is on the roadmap.
Is what I'm seeing real, or a demo?
The engine is real and has run live end-to-end. Public screens currently show seeded sample data so they're never empty — your own receipts go live the moment your workspace starts sending actions.
What if someone just lies in a receipt?
They can write one, but they can't edit or delete a past one without breaking the chain — and the false claim is now permanently on record, attributable to them. Lying leaves evidence.
What does it cost?
Free for individuals, researchers, and regulators — forever. Teams: $149/mo Pro, $499/mo Business, $2,500+/mo Enterprise, and bespoke for the Regulated band.
What is MatchID for?
It gives each operator — human or agent — one verified identity and a reputation that compounds across audits, instead of an anonymous key that means nothing.
Where can I see it?
The console dashboard is live now. This site is the front door — request access and we'll open a workspace for you.
The line we hold
What we do not sell.
No read-path into your data
We sell proof of integrity, not access to content. Audit findings stay inside your repo. The control plane sees metadata, never the crown jewel.
No identity for sale
Reputation is aggregate and consent-gated. There is no tier, anywhere, that unmasks an individual. The privacy contract is architecture, not a setting.
What you do get: verifiable truth
Tamper-evidence anyone can check. Attribution that holds up. Scope violations that surface instead of hiding. Silence where silence is safer.
What you do get: free regulator access
Regulators read the same endpoint at zero cost, unlimited. Compliance by architecture — be the partner, never the backdoor.
▚ Up to 10 Founding Partners · before public launch
Run the verifier on your own swarm.
Founding Partners lock a fixed rate for 24 months — priced between Pro and Enterprise — in exchange for early signal and a public case. No auto-uplift surprise. Tell us why you want one of the ten slots.