SENTINEL — Operations Guide v5.2.2

01

Overview

SENTINEL is a lightweight, zero-dependency macOS session protection utility designed for professionals who run long operations — overnight renders, ML training, large transfers, CI pipelines, DJ sets, or any workflow where your machine sleeping means lost work.

With one click, SENTINEL prevents idle sleep, monitors system health in real time, manages timed sessions, and gives you a live dashboard — all without opening Terminal or babysitting caffeinate commands.

🛡

Architecture

Zero Dependencies

🔒

Network

Localhost Only

⚡

Footprint

~4 MB Total

Key Principles

Privacy-first — SENTINEL runs entirely on your machine. No cloud, no telemetry, no network exposure. The HTTP server binds to 127.0.0.1 only.

Zero-dependency — Built on Python 3 standard library only. No pip packages, no npm, no build tools. If Python 3.10+ is on your Mac, it runs.

Non-destructive — Safe Mode is enabled by default. SENTINEL monitors and protects — it never takes aggressive action unless you explicitly configure it.

02

System Requirements

Requirement	Detail
Operating System	macOS 13.0 (Ventura) or later
Python	3.10 or higher (Homebrew or system)
Browser	Google Chrome (preferred), Chromium, Safari, or system default
Disk Space	~4 MB for the application
Network	None required — fully offline capable
Architecture	Apple Silicon (M1/M2/M3/M4) and Intel x86_64

Python Detection

SENTINEL automatically searches for Python 3.10+ at Homebrew paths (/opt/homebrew/bin/python3, /usr/local/bin/python3) and falls back to the system python3. No manual configuration needed.

03

Installation

1

Download SENTINEL

Download the SENTINEL package from the official distribution source. The package contains the Sentinel.app bundle, launcher scripts, and the daemon.

2

Place in your preferred directory

Move the SENTINEL folder to your desired location. The app dynamically resolves its own path — no hardcoded directories.

3

Verify Python 3.10+

Open Terminal and run python3 --version. If below 3.10, install via Homebrew: brew install python@3.12

4

Launch

Double-click Sentinel.app in Finder, or run ./sentinel.sh from Terminal. The dashboard opens automatically in Chrome.

First Launch

macOS may show a security prompt on first launch since SENTINEL is not yet from the App Store. Go to System Settings → Privacy & Security and click "Open Anyway" to authorize. This only happens once.

04

Launching SENTINEL

SENTINEL offers three launch methods. All resolve to the same daemon — choose based on your preference.

Method	How	Best For
`Sentinel.app`	Double-click in Finder or Dock	Daily use — one-click launch with native error alerts
`sentinel.sh`	Run `./sentinel.sh` in Terminal	Power users — full console output, ASCII banner, verbose diagnostics
`Sentinel.command`	Double-click in Finder	Finder users who want terminal output visible

What Happens at Launch

1

Preflight Check

SENTINEL locates Python 3.10+, checks port 8766 for conflicts, and gracefully handles any stale daemon processes.

2

Daemon Start

The daemon (sentinel_daemon.py) starts an HTTP server on 127.0.0.1:8766 and begins system monitoring.

3

Readiness Probe

The launcher polls /ping to confirm the daemon is ready before proceeding.

4

Dashboard Opens

Chrome launches in app mode (520×780 window) displaying the SENTINEL dashboard.

05

Session Modes

SENTINEL operates in four modes. Transitions are controlled via the dashboard buttons.

⏸ Standby

Default state. Daemon is running and monitoring system stats, but sleep prevention is not active. Your Mac follows its normal energy settings.

🛡 Protected

Active session protection. Caffeinate is engaged to prevent display sleep, idle sleep, system sleep, and disk sleep. Your Mac will not sleep until you deactivate.

🌙 Away

Away mode. Protection remains active but the dashboard indicates you've stepped away. Use for overnight runs, long renders, or unattended operations.

⏱ Timed Session

Time-limited protection. Set a duration and SENTINEL auto-deactivates when the timer expires. Ideal for scheduled tasks with known completion times.

Mode Transitions

Standby → Protected: Click the PROTECT button. Caffeinate starts immediately.

Protected → Away: Click AWAY. Protection continues, status indicator changes.

Protected / Away → Standby: Click DEACTIVATE. Caffeinate terminates, Mac resumes normal sleep behavior.

Timed Session: Set duration in seconds when activating. Auto-deactivates to Standby when the timer completes.

06

Session Presets

Session Presets are one-click session profiles that combine a protection mode, optional duration, and optional reminder into a single action. Click a preset and SENTINEL configures everything for you.

Built-In Presets

Preset	Icon	Duration	Reminder	Away	Tier
Quick Protect	⚡	Indefinite	—	—	Free
Download Session	📥	2 hours	1h 45m	—	Pro
Study Night	📚	4 hours	3h 30m	—	Pro
Overnight Run	🌙	8 hours	—	Auto	Pro
Movie Night	🎬	3 hours	—	—	Pro

Using Presets

Presets appear as a horizontal bar at the top of the dashboard during standby. Click any preset to instantly activate that session profile. Pro-locked presets display a lock icon on the Free tier. Presets are also available in the menu bar dropdown under Quick Start.

Custom Presets (Pro)

Pro users can create unlimited custom presets. In the dashboard settings area, click Manage Presets to create, edit, or delete custom profiles. Each custom preset lets you configure a name, icon, duration, reminder, and auto-away behavior. Custom presets are saved to ~/.sentinel/presets.json and persist across sessions.

API Commands

Command	Description
`ACTIVATE_PRESET`	Activate a preset by ID — `{"preset_id": "quick_protect"}`
`LIST_PRESETS`	Returns all available presets (built-in and custom)
`SAVE_PRESET`	Create or update a custom preset (Pro)
`DELETE_PRESET`	Delete a custom preset by ID (Pro)

07

Dashboard Guide

The SENTINEL dashboard is a single-page web interface served by the local daemon. It polls the daemon every 3–5 seconds for real-time data and requires no internet connection.

Dashboard Indicators

Indicator	Location	Meaning
Daemon Dot	Top area	Green = daemon connected. Grey = daemon offline.
Session Mode	Header	Current mode: STANDBY, PROTECTED, AWAY, or TIMED
Session Timer	Header	Elapsed time in current protected session
CPU / Memory / Disk	Stats panel	Real-time system resource utilization
Battery	Stats panel	Current charge level and power source (AC/Battery)
Network	Stats panel	Internet connectivity status via 1.1.1.1 probe
Safe Mode Badge	Controls	Indicates whether Safe Mode is active

Daemon Offline Banner

If the daemon becomes unreachable (process crash, manual kill, port conflict), the dashboard displays a prominent "DAEMON OFFLINE — Restart Required" banner. This banner auto-dismisses when the connection is restored. If you see this, relaunch SENTINEL using any of the three launch methods.

Dashboard Controls

Button	Action
PROTECT	Start a protected session (prevents all sleep types)
AWAY	Switch to away mode while maintaining protection
DEACTIVATE	End the current session, return to standby
Safe Mode Toggle	Enable/disable safe mode (controls aggressive features)
Dry Run Toggle	When enabled, logs actions without executing them

Session Stats

Below the main controls, five stat cards display cumulative session analytics: total sessions, total hours, sessions this week, average duration, and longest session. These stats update every 30 seconds from the daemon's session history.

Session History (Pro)

Click View Session History to expand a scrollable log of recent sessions. Each entry shows date/time, duration, mode, preset used, session name (if set), and how the session ended. Pro users can view the full list and name active sessions using the pencil icon. Free users see the stats bar only — the full session list requires Pro.

About Panel

At the bottom of the dashboard, a compact info bar shows the current version, license tier, and company name. Click it to expand a detail panel with the daemon PID, config path, session count, and links to the Operations Guide, gotsentinel.com, and issue reporting.

First-Launch Welcome

When you open SENTINEL for the first time, a welcome overlay introduces the product with three quick-start steps. Click Get Started to dismiss it. The overlay never shows again after dismissal.

08

System Monitoring

SENTINEL continuously monitors your Mac's vital signs. Stats update every 3 seconds during active sessions and every 10 seconds in standby.

Metric	Source	Detail
CPU Usage	`top -l 1`	System + user CPU percentage
Memory	`vm_stat`	Active, wired, compressed memory + swap usage
Total RAM	`sysctl hw.memsize`	Hardware memory capacity
Disk Usage	`df -g /`	Used/available space on root volume
Battery	`pmset -g batt`	Charge percentage, power source, charging state
Network	`nc -z 1.1.1.1 53`	Internet connectivity probe (1-second timeout)

Battery Warnings

When battery drops below 20% (configurable), SENTINEL flags a low-battery warning in the dashboard. This threshold is set via battery_low_threshold in the config file.

09

Notifications

SENTINEL sends native macOS notifications for key session events. Notifications appear in Notification Center and play the Glass sound (configurable). Enable or disable notifications via the notifications_enabled config key.

Notification Events

Event	Title	Message
Session start	SENTINEL — Protected	Session started. Your Mac will not sleep.
Timed session start	SENTINEL — Protected	Timed session started: Xh.
Session end	SENTINEL — Standby	Session ended. Normal sleep behavior restored.
Timed session complete	SENTINEL — Standby	Timed session complete.
Away mode	SENTINEL — Away	Away mode active. Protection continues.
Time Guardian reminder	SENTINEL — Time Check	You have been in session for X. Time to wrap up?
Low battery	SENTINEL — Low Battery	Battery at X%. Consider plugging in.
Preset activation	SENTINEL — Protected	{Preset Name} activated.

Configuration

Key	Default	Description
`notifications_enabled`	`true`	Master toggle for all macOS notifications
`reminder_sound`	`true`	Play sound on Time Guardian reminders

Local Only

Notifications are local-only. They use macOS osascript display notification — no network calls, no push servers, no third-party services.

10

Connected Services

SENTINEL can optionally monitor local services (development servers, databases, AI backends) to give you visibility into what's running alongside your protected session.

Adding a Service

Edit ~/.sentinel/config.json and add entries to the connected_services array:

{
  "connected_services": [
    {
      "name": "Ollama",
      "url": "http://localhost:11434",
      "health_path": "/"
    },
    {
      "name": "FastAPI Backend",
      "url": "http://localhost:8000",
      "health_path": "/health"
    }
  ]
}

SENTINEL polls each service every 10–15 seconds and displays its status (online/offline) in the dashboard's services panel.

Security Note

Only http:// and https:// URLs are accepted. Other URL schemes are rejected at startup to prevent unintended access to local file paths or other protocols.

11

Configuration

SENTINEL stores its runtime configuration at ~/.sentinel/config.json. This file is created automatically on first run with safe defaults.

Key	Default	Description
`safe_mode`	`true`	Prevents aggressive actions (kill list, screen saver). Recommended to leave on.
`dry_run`	`false`	Logs all actions without executing. Use for testing configurations.
`port`	`8766`	Local HTTP server port. Change only if 8766 conflicts.
`poll_interval_stats`	`3`	Seconds between system stats updates.
`poll_interval_health`	`10`	Seconds between service health checks.
`battery_low_threshold`	`20`	Battery percentage that triggers a low-battery warning.
`browser`	`"chrome"`	Preferred browser: chrome, chromium, safari, or default.
`connected_services`	`[]`	Array of local services to monitor (see Section 10).
`check_for_updates`	`true`	Check gotsentinel.com for new versions (every 24 hours).

Update Checker

SENTINEL checks gotsentinel.com once every 24 hours for new versions. If an update is available, a banner appears in the dashboard and menu bar with a download link. The first check runs 30 seconds after daemon startup.

This check fetches a single static JSON file — zero user data is transmitted. No user agent, no cookies, no query parameters, no identifying information of any kind. If you are offline, the check is silently skipped.

To disable update checks entirely, set check_for_updates to false in ~/.sentinel/config.json.

Config Changes

Configuration changes require a daemon restart to take effect. Deactivate any active session, close SENTINEL, and relaunch.

12

Licensing & Activation

SENTINEL uses a freemium model. The Free tier includes full session protection, system monitoring, timed sessions, away mode, Quick Protect preset, 2 connected services, auto-start on login, and macOS notifications. Pro unlocks Time Guardian reminders, session presets, menu bar quick-toggle, unlimited connected services, custom presets, and auto-protect rules.

Feature Comparison

Feature	Free	Pro
One-click session protection	✓	✓
System monitoring dashboard	✓	✓
Timed sessions	✓	✓
Away mode	✓	✓
Quick Protect preset	✓	✓
2 connected services	✓	✓
Auto-start on login	✓	✓
macOS notifications	✓	✓
Time Guardian reminders	—	✓
5 built-in session presets	—	✓
Custom presets	—	✓
Menu bar quick-toggle	—	✓
Unlimited connected services	—	✓
Auto-protect rules	—	✓ (coming soon)

Activating a License

Purchase a Pro license from gotsentinel.com
Receive your license key via email or download
Open the SENTINEL dashboard
Scroll to the bottom and click Activate License
Paste your full license key into the activation field
All Pro features unlock immediately — no restart required

Offline Verification

License keys are verified offline using Ed25519 cryptographic signatures — the same algorithm used by SSH, Signal, and WireGuard. No internet connection is required to activate. Your key works on up to 3 Macs.

Trial Licenses

Trial keys provide full Pro access for a limited duration (typically 14 or 30 days). The dashboard displays a TRIAL badge with days remaining. When the trial expires, all features revert to the Free tier. You can upgrade to Pro at any time by purchasing and activating a permanent key.

Deactivating a License

To deactivate your license (for example, when moving to a new Mac), scroll to the license section in the dashboard and click Deactivate License. This removes the key from the current machine. You can reactivate on another machine using the same key.

Key Security

Never share your license key publicly. SENTINEL will never ask for your full key via email. If you need support, contact chase@risestudiolabs.com with your order confirmation — not your key.

13

Auto-Start on Login

SENTINEL can start automatically when you log into your Mac. This is a free-tier feature — no Pro license required. Once enabled, the daemon launches in the background at login and is ready to protect when you are.

Enabling Auto-Start

Open the SENTINEL dashboard
Find the Start on Login toggle in the settings area
Click to enable — SENTINEL creates a LaunchAgent at:
~/Library/LaunchAgents/com.risestudiolabs.sentinel.plist
On your next login, SENTINEL starts automatically

The toggle is also available in the menu bar dropdown (Pro).

Disabling Auto-Start

Click the toggle again to disable. SENTINEL removes the LaunchAgent plist automatically. You can also disable manually from Terminal:

launchctl unload ~/Library/LaunchAgents/com.risestudiolabs.sentinel.plist

Troubleshooting

Auto-Start Not Working

If SENTINEL does not start on login, verify the plist exists:

ls ~/Library/LaunchAgents/com.risestudiolabs.sentinel.plist

If the file is missing, toggle Auto-Start off and on again in the dashboard. If the daemon starts but the dashboard does not open, the daemon may be running headless. Check with:

curl -s http://127.0.0.1:8766/ping

If the daemon is responsive, open http://127.0.0.1:8766 in any browser to access the dashboard.

API Commands

Command	Description
`ENABLE_AUTOSTART`	Create the LaunchAgent plist and enable auto-start
`DISABLE_AUTOSTART`	Remove the LaunchAgent plist and disable auto-start
`AUTOSTART_STATUS`	Returns whether auto-start is currently enabled

14

API Reference

SENTINEL's daemon exposes a simple HTTP API on 127.0.0.1:8766. All responses are JSON. The API is designed for the dashboard but can be called by scripts, automations, or other local tools.

GET Endpoints

Endpoint	Response
GET `/`	Serves the dashboard HTML
GET `/ping`	Liveness probe — returns `{pong, pid, version}`
GET `/status`	Full daemon state — mode, stats, timers, health
GET `/log`	Last 60 log entries
GET `/config`	Current runtime configuration
GET `/update`	Update status — current version, available update, last checked
GET `/history`	Session history — last 20 sessions and cumulative stats
GET `/activity`	Structured activity log — last 100 JSONL entries (Pro)

POST Commands

Endpoint	Payload	Action
POST `/cmd`	`{"cmd": "PROTECT"}`	Start protected session
POST `/cmd`	`{"cmd": "PROTECT", "duration_s": 3600}`	Start timed session (1 hour)
POST `/cmd`	`{"cmd": "AWAY"}`	Enter away mode
POST `/cmd`	`{"cmd": "DEACTIVATE"}`	End session, return to standby
POST `/cmd`	`{"cmd": "SET_SAFE_MODE", "value": true}`	Toggle safe mode
POST `/cmd`	`{"cmd": "SET_DRY_RUN", "value": true}`	Toggle dry run
POST `/cmd`	`{"command": "SESSION_HISTORY", "limit": 20}`	Session list with pagination
POST `/cmd`	`{"command": "NAME_SESSION", "name": "..."}`	Label active session (Pro)
POST `/cmd`	`{"command": "CLEAR_HISTORY", "confirm": true}`	Delete all session history
POST `/cmd`	`{"command": "DISMISS_WELCOME"}`	Dismiss first-launch overlay

Example: Script-Based Activation

# Start a 4-hour protected session from Terminal
curl -X POST http://127.0.0.1:8766/cmd \
  -H "Content-Type: application/json" \
  -d '{"cmd": "PROTECT", "duration_s": 14400}'

# Check current status
curl -s http://127.0.0.1:8766/status | python3 -m json.tool

# Deactivate
curl -X POST http://127.0.0.1:8766/cmd \
  -H "Content-Type: application/json" \
  -d '{"cmd": "DEACTIVATE"}'

Payload Limit

POST requests are capped at 4,096 bytes. Unknown commands return a 400 response listing valid commands.

15

Time Guardian (Session Reminder)

The Time Guardian is an optional reminder system that nudges you after a set duration — without stopping your session. It's designed for professionals who lose track of time during deep work.

How It Works

When a protected session is active, you can arm a reminder from the dashboard. When the timer fires, SENTINEL shows a prominent banner and sends a macOS native notification with sound. The session continues — nothing is interrupted.

Action	Behavior
Set Reminder	Choose a preset (30m, 1h, 2h, 4h) or set via API. Countdown begins immediately.
Snooze	When fired, click SNOOZE for 30 more minutes. Resets the countdown.
Dismiss	Clears the reminder entirely. No further nudges.
Auto-Clear	All reminder state is automatically cleared when a session is deactivated.

Daemon Commands

Command	Payload	Description
`SET_REMINDER`	`{"duration_s": 3600}`	Arm a reminder (60s–86400s). Requires active session.
`SNOOZE_REMINDER`	`{"snooze_s": 1800}`	Snooze for specified seconds (60s–7200s, default 1800).
`CLEAR_REMINDER`	none	Clear all reminder state immediately.

Configuration

Optional keys in ~/.sentinel/config.json:

Key	Default	Description
`default_reminder_s`	`null`	If set, automatically arm a reminder of this duration when PROTECT starts.
`reminder_sound`	`true`	Play macOS Glass sound when reminder fires.

Design Note

The reminder is a nudge, not a deadline. It never stops your session, kills processes, or takes destructive action. It simply says: "Hey, you've been at this for a while."

16

Troubleshooting

Dashboard Shows "DAEMON OFFLINE"

The daemon process has stopped or crashed. Relaunch SENTINEL using any launch method. If the issue persists, check for port conflicts:

lsof -i :8766

If another process holds port 8766, either stop that process or change the SENTINEL port in ~/.sentinel/config.json.

Mac Still Sleeps While Protected

Verify caffeinate is running:

pgrep -x caffeinate

If no process is found, deactivate and re-protect from the dashboard. Check /log for caffeinate start errors. On some machines, certain energy settings override caffeinate — check System Settings → Energy Saver.

Python Version Error

SENTINEL requires Python 3.10+. If you see a version error:

python3 --version
# If below 3.10:
brew install python@3.12

Orphaned Caffeinate Process

If SENTINEL was force-killed (kill -9), caffeinate may survive as an orphan. Clean it up:

pkill -x caffeinate

Under normal shutdown (closing the app, Ctrl+C, or DEACTIVATE), SENTINEL handles caffeinate cleanup automatically.

Browser Doesn't Open

SENTINEL tries Chrome → Chromium → Safari → system default. If no browser opens, the daemon is still running — access the dashboard manually at http://127.0.0.1:8766 in any browser.

Log Access

View the last 60 log entries via the dashboard's log panel or directly:

curl -s http://127.0.0.1:8766/log | python3 -m json.tool

Log files rotate automatically (max 10 files). Log buffer caps at 500 entries in memory.

Uninstalling SENTINEL

To completely remove SENTINEL from your Mac:

Quit SENTINEL — deactivate any active session first, then close the app.

Disable auto-start if enabled — toggle it off in the dashboard, or run:

launchctl unload ~/Library/LaunchAgents/com.risestudiolabs.sentinel.plist

Delete Sentinel.app from Applications (or wherever you installed it).
Remove config and data (optional):
```
rm -rf ~/.sentinel
```
This removes config, license, session history, and logs.

Remove LaunchAgent (optional):

rm ~/Library/LaunchAgents/com.risestudiolabs.sentinel.plist

Your license key remains valid and can be reactivated on a fresh install.

17

Architecture

SENTINEL follows a single-daemon architecture. All entry points resolve to one Python process serving both the API and the dashboard.

Component	File	Role
Daemon	`sentinel_daemon.py`	HTTP server, system monitoring, caffeinate management, all business logic (~1,036 lines)
Dashboard	`sentinel.html`	Single-file frontend — all HTML/CSS/JS inline, no build step (~773 lines)
App Bundle	`Sentinel.app/`	macOS .app wrapper with icon, Info.plist, and launch script
Terminal Launcher	`sentinel.sh`	Full-featured terminal launcher with diagnostics
Finder Launcher	`Sentinel.command`	Double-click Finder shim → delegates to sentinel.sh
Daemon-Only	`sentinel_daemon.sh`	Starts daemon without opening a browser
Config	`~/.sentinel/config.json`	User configuration (created automatically on first run)
Version	`VERSION`	Single source of truth for the current version number

Security Architecture

Network isolation: HTTP server binds to 127.0.0.1 only — inaccessible from LAN or internet.

No CORS headers: Dashboard is same-origin; external pages cannot call the API.

No shell injection: All subprocess calls use list form (no shell=True).

Payload protection: POST requests capped at 4,096 bytes with strict command validation.

Zero credentials: No API keys, tokens, or secrets anywhere in the codebase.

18

Product Roadmap

SENTINEL is evolving from a personal utility into a professional macOS product. Below is the four-phase plan.

Phase A — Production Release (Target: Q2 2026)

macOS code signing + notarization via Apple Developer Program
Direct download distribution via gotsentinel.com
DMG installer with drag-to-Applications flow
Auto-update mechanism (Sparkle framework or custom)
Privacy policy and terms of service

Phase B — Feature Expansion (Q3–Q4 2026)

Native macOS menu bar integration (tray icon with quick controls) — ✓ Shipped v4.5.0
Login item support (auto-launch on boot) — ✓ Shipped v5.0.0 (as Auto-Start on Login)
Multi-session profiles (dev, render, meeting, etc.)
Smart scheduling — auto-protect during calendar blocks
Usage analytics dashboard (local-only, privacy-first) — ✓ Shipped v5.2.0 (as Session History + Activity Log)
Webhook/Slack notifications for session events

Phase C — Native Swift Rewrite (2027)

Full Swift/SwiftUI native app — no Python dependency
Native Cocoa menu bar agent
LaunchAgent daemon management
Apple Silicon optimized
Potential Mac App Store distribution

Phase D — Platform Expansion (2027+)

Windows port (PowerShell daemon + native tray app)
Linux port (systemd service + GTK/web dashboard)
Team/enterprise tier — centralized dashboard, fleet management

Revenue Model

Tier	Price	Features
Free	$0 forever	Core protection, monitoring, timed sessions, away mode, 2 services, auto-start
Pro Lifetime	$24.99 one-time	Time Guardian, presets, menu bar, unlimited services, custom presets
Pro Monthly	$3.99/mo ($29/yr)	Everything in Pro + ongoing updates, early access, priority support
Team	TBD	Fleet management, centralized dashboard, webhook integrations (Phase D)

Current Status

v5.2.2 — Beta release. Fully functional with Free and Pro tiers live. Available at gotsentinel.com and Gumroad. Code signing and notarization pending Apple Developer enrollment.