Introduction

Sentinelayer is the security-first development platform that bootstraps your entire workflow from a single CLI. From project scaffolding to AI-powered security review, from spec generation to autonomous frontend auditing — one tool governs it all.

What Sentinelayer Does

**For developers:** Run `npx sentinelayer-cli` to scaffold a new project with specs, build guides, AI prompts, and Omar Gate CI workflows already configured. Then use `sl audit frontend` to have Jules Tanaka (our frontend specialist persona) deep-audit your code with sub-agent swarms, Lighthouse performance scans, and deterministic security checks — all streamed to your terminal in real time.

**For security teams:** Omar Gate blocks unsafe PRs automatically in CI. The 7-layer deterministic review catches secrets, injection patterns, OWASP vulnerabilities, and spec drift before code reaches main. Every finding is evidence-backed with file:line references, not guesswork.

**For enterprises:** Tamper-evident audit trails, budget-governed AI agents with kill switches, AIdenID ephemeral identity provisioning for E2E testing, and compliance-ready artifact chains for SOC 2 and EU AI Act.

How the tools work together

1. **Scaffold** — `sl init` generates your spec, build guide, AI execution prompt, and Omar Gate workflow
2. **Build** — Your coding agent (Claude Code, Cursor, Copilot) follows the generated prompt and builds
3. **Review** — `sl review` runs 22-rule deterministic scan + AI reasoning layer before you push
4. **Gate** — Omar Gate in CI blocks P0/P1 findings, enforces spec compliance
5. **Audit** — `sl audit deep` dispatches 13 domain-specialist personas in parallel for comprehensive DD
6. **Test** — `sl swarm run` orchestrates governed QA swarms with Playwright and AIdenID identities
7. **Fix** — Jules Tanaka's autonomous fix cycle: Jira ticket → worktree fix → PR → Omar Gate → merge
8. **Monitor** — Pulse daemon watches agent health, routes errors, sends Slack/Telegram alerts

Platform components

| Component | What it does | Link |

|-----------|-------------|------|

| **sentinelayer-cli** | CLI for scaffold, audit, review, swarm, daemon | [npm](https://www.npmjs.com/package/sentinelayer-cli) |

| **Omar Gate** | GitHub Action for PR security gating | [Marketplace](https://github.com/marketplace/actions/sentinelayer-omar-gate) |

| **Builder Studio** | Web-based guided spec builder and runtime dashboard | [sentinelayer.com/spec-builder](https://sentinelayer.com/spec-builder) |

| **AIdenID** | Ephemeral identity provisioning for agent testing | [aidenid.com](https://aidenid.com) |

| **sentinelayer-api** | Backend API powering all services | Private |

Who uses Sentinelayer

• **Solo developers** scaffolding secure projects from day one
• **Vibe coders** who need guardrails on AI-generated code
• **Frontend teams** using Jules Tanaka for React/Next.js/Vue deep audits
• **Security engineers** enforcing policy-as-code across repositories
• **CISOs** needing cross-tool governance and audit trails
• **Enterprise teams** requiring SOC 2 compliance for AI-assisted development

Machine-readable discovery

• Documentation: [/docs/llms.txt](https://sentinelayer.com/docs/llms.txt)
• Full export: [/docs/llms-full.txt](https://sentinelayer.com/docs/llms-full.txt)
• Agent FAQ: [/docs/agent-faq.json](https://sentinelayer.com/docs/agent-faq.json)
• Sitemap: [/sitemap.xml](https://sentinelayer.com/sitemap.xml)

Structured Answers