# Sentinelayer Docs Index ## Getting Started Install, enforce, and triage first runs. - [Introduction](https://sentinelayer.com/docs/introduction): Sentinelayer docs for Omar Gate, platform architecture, and agent-first discoverability. - [Quickstart](https://sentinelayer.com/docs/getting-started/quickstart): Minimal workflow to run Sentinelayer on pull requests in minutes. - [Install Workflow](https://sentinelayer.com/docs/getting-started/install-workflow): Detailed setup for BYO keys and Sentinelayer-managed model routing. - [Branch Protection](https://sentinelayer.com/docs/getting-started/branch-protection): Require Omar Gate status checks for enforceable merge controls. - [First PR Triage](https://sentinelayer.com/docs/getting-started/first-pr-triage): How to debug and fix the first blocked PR after onboarding. ## Configuration Tune policy, model modes, cost controls, and telemetry. - [Configuration Overview](https://sentinelayer.com/docs/configuration/overview): Map of auth, scan mode, gate controls, and telemetry settings. - [Inputs Reference](https://sentinelayer.com/docs/configuration/inputs-reference): Structured list of common action inputs and defaults. - [LLM Modes](https://sentinelayer.com/docs/configuration/llm-modes): BYO provider, managed mode, and deterministic-only options. - [Severity Gates](https://sentinelayer.com/docs/configuration/severity-gates): P0/P1/P2/none merge-blocking semantics. - [Rate Limits and Cost Controls](https://sentinelayer.com/docs/configuration/rate-limits-and-costs): Use scan caps and approval thresholds to control spend. - [Telemetry and Consent](https://sentinelayer.com/docs/configuration/telemetry-and-consent): Tiered telemetry model and consent controls. ## API Reference Outputs, artifacts, schemas, and status semantics. - [API Reference Introduction](https://sentinelayer.com/docs/api-reference/introduction): Machine interfaces exposed by action outputs and artifacts. - [Outputs and Artifacts](https://sentinelayer.com/docs/api-reference/outputs-and-artifacts): Stable outputs and artifact names for automation. - [Exit Codes](https://sentinelayer.com/docs/api-reference/exit-codes): Deterministic exit code map for CI decisions. - [Runtime Runs API](https://sentinelayer.com/docs/api-reference/runtime-runs-api): REST and stream interfaces for orchestrated runs, approvals, artifacts, and Omar loop execution. ## Features URL Scanner, Prompt Builder, and platform capabilities. - [URL Scanner](https://sentinelayer.com/docs/features/url-scanner): Comprehensive security, performance, and compliance analysis for any public URL. - [Prompt Builder](https://sentinelayer.com/docs/features/prompt-builder): AI-powered spec generation with streaming output, repo context, and security-first defaults. - [Builder Studio Runtime](https://sentinelayer.com/docs/features/builder-studio-runtime): Live audit runtime with streaming actions, terminal output, and file-context aware chat. - [Runtime Insights Dashboard](https://sentinelayer.com/docs/features/runtime-insights-dashboard): Dedicated KPI and evidence dashboard for deterministic run operations and investor/demo readiness. - [Git/PR Checkpoint Automation](https://sentinelayer.com/docs/features/git-pr-checkpoint-automation): Single-run and batch checkpoint automation for commit/PR flow with approval gating. ## Integrations GitHub-first workflow plus ticketing and alert routing. - [GitHub Actions Integration](https://sentinelayer.com/docs/integrations/github-actions): Reference pattern for checks, outputs, and artifact routing. - [Jira Export](https://sentinelayer.com/docs/integrations/jira-export): Map findings into issue workflows by severity and domain. - [Slack Alerts](https://sentinelayer.com/docs/integrations/slack-alerts): Severity-aware alert routing without channel spam. - [Webhook Event Design](https://sentinelayer.com/docs/integrations/webhook-event-design): Suggested payload model for downstream event processing. ## Examples Reusable templates for practical rollout patterns. - [Nightly Audit Example](https://sentinelayer.com/docs/examples/nightly-audit): Scheduled deep scan template for broader coverage. - [Report-only Mode Example](https://sentinelayer.com/docs/examples/report-only-mode): Temporary non-blocking rollout profile. - [Monorepo Path Filter Example](https://sentinelayer.com/docs/examples/monorepo-path-filter): Path-aware scan strategy for large multi-service repos. ## Platform Vision Public-safe narrative for Sentinelayer's multi-agent direction. - [Agent Architecture (Public Overview)](https://sentinelayer.com/docs/platform/13-agent-architecture): Public-safe narrative of Sentinelayer's multi-agent direction and operational intent. - [Investor Due Diligence Audit Mode](https://sentinelayer.com/docs/platform/investor-due-diligence-audit): How Sentinelayer supports investor diligence with evidence-backed engineering posture. - [Scale Readiness Audit](https://sentinelayer.com/docs/platform/scale-readiness-audit): Evidence model for assessing engineering maturity before aggressive growth phases. - [Minimal HITL Operations](https://sentinelayer.com/docs/platform/minimal-hitl-operations): How Sentinelayer minimizes manual toil while preserving high-risk human governance. - [Autonomous Runtime Runbook](https://sentinelayer.com/docs/platform/autonomous-runtime-runbook): Operator runbook for gated autonomous execution, approvals, and deterministic rollback handling. - [Agent Platform Runbook](https://sentinelayer.com/docs/platform/agent-platform-runbook): Operator runbook for Codex CLI, Claude Code, Cursor, and IDE agents with Omar loop enforcement. - [Greenfield Demo Flow](https://sentinelayer.com/docs/platform/greenfield-demo-flow): Step-by-step tutorial for generating a spec package, building with an external agent, and closing Omar loop to green. - [Funding Readiness Package](https://sentinelayer.com/docs/platform/funding-readiness-package): Demo and diligence package for OpenAI, Google, MIT, and investor technical reviews. - [What's Shipped Now](https://sentinelayer.com/docs/platform/whats-shipped-now): Public-safe changelog of shipped audit runtime capabilities and operator workflows. - [What's Coming Next](https://sentinelayer.com/docs/platform/whats-coming-next): Near-term roadmap themes for audit-first autonomy, scale controls, and enterprise readiness. ## Knowledge Base Question-first long-tail answers for humans and agents. - [How do I install Omar Gate?](https://sentinelayer.com/docs/knowledge-base/how-do-i-install-omar-gate): Add the workflow, configure token plus one model path, and require the Omar Gate check in branch protection. - [How do I run without a provider key?](https://sentinelayer.com/docs/knowledge-base/how-do-i-run-without-provider-key): Run deterministic-only mode to keep baseline scanning active without LLM usage. - [How do I handle fork PRs?](https://sentinelayer.com/docs/knowledge-base/how-do-i-handle-fork-prs): Treat fork PRs as untrusted by default and keep strict fork policy unless hardened exceptions exist. - [Why did my PR get blocked?](https://sentinelayer.com/docs/knowledge-base/why-did-my-pr-get-blocked): A finding at or above configured severity gate was confirmed and triggered merge blocking. - [How do I reduce false positives?](https://sentinelayer.com/docs/knowledge-base/how-do-i-reduce-false-positives): Tune scope and thresholds by evidence instead of globally disabling enforcement. - [Which severity gate should I use?](https://sentinelayer.com/docs/knowledge-base/which-severity-gate-should-i-use): Most teams should start with P1 and tighten only after proving remediation throughput. - [How do I control model spend?](https://sentinelayer.com/docs/knowledge-base/how-do-i-control-model-spend): Use scan caps, cooldowns, and approval thresholds to prevent runaway cost. - [What does exit code 2 mean?](https://sentinelayer.com/docs/knowledge-base/what-does-exit-code-2-mean): Exit code 2 indicates configuration/runtime context error rather than a policy finding block. - [How do I integrate Jira?](https://sentinelayer.com/docs/knowledge-base/how-do-i-integrate-jira): Map findings by severity and component, and include run_id plus location context. - [How do I integrate Slack alerts?](https://sentinelayer.com/docs/knowledge-base/how-do-i-integrate-slack): Route high-severity blocked runs to incident channels and use digests for lower-priority updates. - [How do I prepare for investor due diligence?](https://sentinelayer.com/docs/knowledge-base/how-do-i-prepare-for-investor-due-diligence): Package risk trends, remediation velocity, and readiness evidence in a repeatable format. - [How does scale-readiness audit work?](https://sentinelayer.com/docs/knowledge-base/how-does-scale-readiness-audit-work): It assesses architecture health, dependency posture, reliability discipline, and remediation cadence. - [What is minimal HITL?](https://sentinelayer.com/docs/knowledge-base/what-is-minimal-hitl): Minimal HITL means automation-first execution with human governance at high-risk boundaries. - [Does Sentinelayer replace human reviewers?](https://sentinelayer.com/docs/knowledge-base/does-sentinelayer-replace-human-reviewers): No. It augments reviewers with structured risk evidence and faster triage context. - [How do I document security exceptions?](https://sentinelayer.com/docs/knowledge-base/how-do-i-document-exceptions): Track exceptions with run_id, owner, expiry date, and remediation plan. - [How do I onboard many repositories?](https://sentinelayer.com/docs/knowledge-base/how-do-i-onboard-many-repositories): Start from shared baseline policy, then tune by repository criticality. - [What artifacts should be retained?](https://sentinelayer.com/docs/knowledge-base/what-artifacts-should-be-retained): Retain findings, summary metadata, and review briefs for auditability and trend analysis. - [How do I handle vibe-coded changes?](https://sentinelayer.com/docs/knowledge-base/how-do-i-handle-vibe-coded-changes): Treat generated code like any production code and enforce identical gate policy. - [How do I explain the multi-agent system publicly?](https://sentinelayer.com/docs/knowledge-base/how-do-i-explain-13-agent-system-publicly): Describe capability outcomes and governance without exposing proprietary orchestration internals. - [Can Sentinelayer support fundraising readiness?](https://sentinelayer.com/docs/knowledge-base/can-sentinelayer-support-fundraising-readiness): Yes, by producing structured technical evidence that supports diligence conversations. - [How do I harden GitHub permissions?](https://sentinelayer.com/docs/knowledge-base/how-do-i-harden-github-permissions): Use explicit least-privilege permissions and avoid unnecessary secret scope. - [How do I run nightly audits without PR noise?](https://sentinelayer.com/docs/knowledge-base/how-do-i-run-nightly-without-noise): Use separate scheduled workflows and route results to digests or dashboards instead of PR threads. - [How do I track remediation velocity?](https://sentinelayer.com/docs/knowledge-base/how-do-i-track-remediation-velocity): Measure time-to-close by severity and category, then review trend deltas by team. - [How do I handle high-volume findings?](https://sentinelayer.com/docs/knowledge-base/how-do-i-handle-high-volume-findings): Prioritize by severity and recurrence, then execute focused cleanup sprints. - [How do I report posture to executives?](https://sentinelayer.com/docs/knowledge-base/how-do-i-report-posture-to-executives): Use trend-oriented summaries: high-risk reduction, remediation speed, and readiness indicators. - [Does Sentinelayer support mixed language stacks?](https://sentinelayer.com/docs/knowledge-base/does-sentinelayer-support-mixed-stacks): Yes. It is designed for heterogeneous repositories and policy-driven review across services. - [How do I prove improvement over time?](https://sentinelayer.com/docs/knowledge-base/how-do-i-prove-improvement-over-time): Track trend trajectories for severity, recurrence, and remediation speed against a baseline window. - [What should be public versus private in docs?](https://sentinelayer.com/docs/knowledge-base/what-should-be-public-vs-private-docs): Publish behavior and contracts; keep proprietary implementation internals private. - [How do I respond to diligence requests quickly?](https://sentinelayer.com/docs/knowledge-base/how-do-i-respond-to-diligence-fast): Maintain a rolling evidence bundle with current trend data, policy posture, and readiness summary. - [How do I keep CI fast with security gates?](https://sentinelayer.com/docs/knowledge-base/how-do-i-keep-ci-fast-with-gates): Use PR-diff mode for everyday checks and deep scans on schedule. - [How do I set a security gate SLA?](https://sentinelayer.com/docs/knowledge-base/how-do-i-set-security-sla): Define response windows by severity and track adherence in engineering ops cadence. - [How do I manage legacy risk backlog?](https://sentinelayer.com/docs/knowledge-base/how-do-i-manage-legacy-risk-backlog): Separate legacy debt remediation from new-change gating so forward progress continues. - [How do I use Sentinelayer in monorepos?](https://sentinelayer.com/docs/knowledge-base/how-do-i-use-sentinelayer-in-monorepos): Use path-aware workflows, scoped policy profiles, and ownership routing. - [How do I balance security with delivery speed?](https://sentinelayer.com/docs/knowledge-base/how-do-i-balance-security-with-delivery-speed): Tune by evidence: preserve strict controls for high-risk findings while reducing low-signal friction. - [How do file context chips work in Builder Studio?](https://sentinelayer.com/docs/knowledge-base/how-do-file-context-chips-work): Attach selected files as chips so the runtime can confirm loaded context before analysis or edits. - [Which runtime mode should I use for audit work?](https://sentinelayer.com/docs/knowledge-base/which-runtime-mode-should-i-use): Use audit_readonly for analysis, edit_gated for local patching, and autonomous_gated only when you want looped remediation with approvals. - [How does the Omar remediation loop stop?](https://sentinelayer.com/docs/knowledge-base/how-does-the-omar-loop-stop): It stops on clean P0-P2 plus green gates, or on explicit budget, policy, or approval checkpoint exit reasons. - [How do I prepare enterprise security questionnaire answers?](https://sentinelayer.com/docs/knowledge-base/how-do-i-prepare-enterprise-security-answers): Use policy definitions, run evidence, and incident readiness summaries as supporting artifacts. - [How do I present the agentic SWE-team vision?](https://sentinelayer.com/docs/knowledge-base/how-do-i-present-agentic-swe-team-vision): Frame Sentinelayer as a coordinated specialist-agent engineering layer with minimal HITL governance checkpoints. - [How do I make docs more agent parseable?](https://sentinelayer.com/docs/knowledge-base/how-do-i-make-docs-agent-parseable): Use stable headings, direct answers, canonical URLs, and machine-readable indexes generated from a single source. - [How do I run a funding-ready live demo?](https://sentinelayer.com/docs/knowledge-base/how-do-i-run-a-funding-ready-live-demo): Run a gated session end-to-end, show approvals and loop stop reasons, then export evidence with KPI deltas. - [How do I run Omar loop from Codex CLI or Claude Code?](https://sentinelayer.com/docs/knowledge-base/how-do-i-run-omar-loop-from-codex-or-claude-code): Use the same repo runbook: attach spec artifacts, enable command+git permissions, run gated loop, and stop only on clean P0-P2 plus green gates. - [How do I handle a base spec plus add-feature spec?](https://sentinelayer.com/docs/knowledge-base/how-do-i-handle-base-spec-plus-add-feature-spec): Treat the base spec as non-regression policy and the add-feature spec as delta acceptance criteria; validate both before merge. - [What is the operator runbook for autonomous mode?](https://sentinelayer.com/docs/knowledge-base/what-is-the-operator-runbook-for-autonomous-mode): Use preflight checks, enforce approval boundaries, monitor loop telemetry, and publish evidence on completion. - [How do I avoid SEO and agent-indexing conflicts?](https://sentinelayer.com/docs/knowledge-base/how-do-i-avoid-seo-agent-indexing-conflicts): Keep canonical consistency, sync sitemap and robots, and generate LLM indexes directly from docs source. ## Security and Operations Data handling, runbooks, and release governance. - [Data Handling](https://sentinelayer.com/docs/security/data-handling): Execution-boundary and telemetry policy overview. - [False Positive Defense](https://sentinelayer.com/docs/security/false-positive-defense): Layered controls that keep security findings actionable. - [Incident Runbook](https://sentinelayer.com/docs/security/incident-runbook): Operational triage sequence for blocked and failed runs.