Skip to content

SENTINEL Configuration

All SENTINEL behavior is tuned via environment variables. Read at startup by getSentinelConfig in packages/agent/src/sentinel/config.ts. Defaults shown below are verified against that file as of the Last verified date.

VarTypeDefaultValid valuesWhat it tunes
SENTINEL_MODEenumyoloyolo | advisory | offHow SENTINEL acts on its verdict. A block verdict rejects the action in all modes. yolo auto-executes non-blocked (warn/allow) actions and lets SENTINEL run its own fund-moving tools; advisory never moves funds — it pauses flagged actions for human review and only analyzes/alerts; off skips assessment entirely. See operating modes.
SENTINEL_PREFLIGHT_SCOPEenumfund-actionsfund-actions | critical-only | neverWhich agent tools trigger a pre-execution risk check. fund-actions covers all fund-moving tools; critical-only restricts to the highest-risk subset; never disables preflight entirely.
SENTINEL_PREFLIGHT_SKIP_AMOUNTnumber (SOL)0.1any non-negativeSkip preflight when the action amount is below this threshold. Reduces LLM calls for small routine transfers.
VarTypeDefaultValid valuesWhat it tunes
SENTINEL_SCAN_INTERVALnumber (ms)60000any positiveIdle scanner cycle period. How often SENTINEL checks for pending work when the queue is empty.
SENTINEL_ACTIVE_SCAN_INTERVALnumber (ms)15000any positiveActive scanner cycle period. How often SENTINEL ticks when work is already queued.
SENTINEL_AUTO_REFUND_THRESHOLDnumber (SOL)1any non-negativeAuto-refund when a timed-out deposit is at or above this size. Smaller deposits are left for manual review.
VarTypeDefaultValid valuesWhat it tunes
SENTINEL_THREAT_CHECKbooleantruetrue | false (literal strings)Set to 'false' to disable runtime threat checks across all assessments. Useful in isolated dev/test environments.
SENTINEL_LARGE_TRANSFER_THRESHOLDnumber (SOL)10any positiveTransfers at or above this size are flagged for elevated review regardless of other signals.
VarTypeDefaultValid valuesWhat it tunes
SENTINEL_BLACKLIST_AUTONOMYbooleantruetrue | false (literal strings)Whether SENTINEL can add addresses to the blacklist autonomously without a manual admin override. Set to 'false' to require human approval for all blacklist mutations. Used by addToBlacklist.
SENTINEL_CANCEL_WINDOW_MSnumber (ms)30000any positiveHow long a queued circuit-breaker action waits before auto-execution. Gives operators a window to cancel before SENTINEL acts. Used by scheduleCancellableAction.
VarTypeDefaultValid valuesWhat it tunes
SENTINEL_RATE_LIMIT_FUND_PER_HOURnumber5any positive integerMax fund-moving actions SENTINEL allows per wallet per hour before rate-limiting kicks in.
SENTINEL_RATE_LIMIT_BLACKLIST_PER_HOURnumber20any positive integerMax blacklist mutations (add + remove combined) per hour across all wallets.
VarTypeDefaultValid valuesWhat it tunes
SENTINEL_MODELstringopenrouter:anthropic/claude-sonnet-4.6provider:modelId formatLLM model used by SentinelCore for risk assessments. Format matches Pi SDK’s provider:modelId convention. Requires OPENROUTER_API_KEY when provider is openrouter. See packages/agent/src/sentinel/core.ts.
SENTINEL_DAILY_BUDGET_USDnumber (USD)10any positiveMaximum daily LLM spend. SENTINEL falls back to deny-by-default when the budget is exceeded, preventing runaway costs from high-volume incident response.
SENTINEL_BLOCK_ON_ERRORbooleanfalsetrue | false (literal strings)If 'true', any unhandled SENTINEL exception is treated as a block verdict (fail-closed). If 'false', exceptions fall through to allow (fail-open).