Sentinel: Config Reference

Configure the Sentinel Agent with YAML or JSON to customize monitoring, policy enforcement, and reporting behavior.

Configuration File Location

Windows:

C:\ProgramData\TruthVouch\Sentinel\config.yaml

macOS:

/Library/Application Support/TruthVouch/Sentinel/config.yaml

Linux:

/etc/truthvouch/sentinel/config.yaml

Full Configuration Schema

# Agent identification
agent:
  # Display name for this agent
  name: "CORP-LAP-001"

  # Organization/tenant ID
  organization_id: "org-abc123def"

  # Device ID (auto-generated if not set)
  device_id: "dev-xyz789"

# Cloud connectivity
cloud:
  # API endpoint
  api_endpoint: https://api.truthvouch.io

  # Custom endpoint (on-prem)
  custom_endpoint: https://sentinel-policy.company.local

  # API key for authentication
  api_key: ${SENTINEL_API_KEY}

  # TLS certificate verification
  verify_ssl: true

  # Certificate path for custom CA
  ca_cert_path: /etc/truthvouch/sentinel/ca.crt

# Policy synchronization
policy:
  # Policy sync URL
  sync_url: https://api.truthvouch.io/api/v1/policy

  # Sync interval (minutes)
  sync_interval: 60

  # Retry on sync failure
  retry_on_failure: true

  # Max retries before disabling sync
  max_retries: 5

  # Retry backoff (seconds)
  retry_backoff_seconds: 30

# AI tool monitoring
monitoring:
  # Enable monitoring
  enabled: true

  # Tools to monitor
  tools:
    - name: ChatGPT
      enabled: true
      executables:
        - "chrome.exe"
        - "firefox.exe"
        - "Safari"
      domains:
        - "openai.com"
        - "chat.openai.com"

    - name: GitHub Copilot
      enabled: true
      executables:
        - "Code.exe"
        - "code"
        - "VSCode"
      domains:
        - "github.com"

    - name: Google Gemini
      enabled: true
      executables:
        - "chrome.exe"
        - "chromium"
      domains:
        - "gemini.google.com"

    - name: Anthropic Claude
      enabled: true
      executables:
        - "chrome.exe"
        - "firefox.exe"
      domains:
        - "claude.ai"

  # Monitor clipboard access
  clipboard_monitoring: true

  # Monitor network traffic
  network_monitoring: true

  # Process monitoring mode
  process_mode: "automatic"  # automatic, disabled

# Policy enforcement
enforcement:
  # Enable enforcement
  enabled: true

  # Action on policy violation
  action: "block"  # block, warn, log

  # Show notification to user
  notify_user: true

  # Log all activity
  log_all: true

  # Log only violations
  log_violations_only: false

# DLP (Data Loss Prevention) rules
dlp:
  # PII detection
  pii:
    enabled: true

    patterns:
      ssn: true          # 123-45-6789
      credit_card: true  # 1234-5678-9012-3456
      email: true        # [email protected]
      phone: true        # (555) 123-4567
      passport: true     # AB123456
      health_insurance: true

  # Credential/secret detection
  secrets:
    enabled: true

    patterns:
      aws_key: true      # AKIA...
      github_token: true # ghp_...
      api_key: true      # sk-...
      password: true     # password=... patterns

  # Proprietary content
  proprietary:
    enabled: true

    keywords:
      - "confidential"
      - "proprietary"
      - "restricted"
      - "trade secret"

# Reporting
reporting:
  # Enable telemetry reporting
  enabled: true

  # Report URL
  report_url: https://api.truthvouch.io/api/v1/telemetry

  # Report interval (minutes)
  interval: 60

  # Report on shutdown
  report_on_shutdown: true

  # Encrypt reports
  encryption_enabled: true

  # Report compression
  compression: true

# Logging
logging:
  # Log level
  level: INFO  # DEBUG, INFO, WARN, ERROR

  # Log file location
  file_path: /var/log/truthvouch/sentinel.log

  # Max log file size (MB)
  max_size_mb: 50

  # Retain how many rotated logs
  max_backups: 10

  # Log format
  format: json  # json, text

  # Include PII in logs
  include_pii: false

  # Log to console
  console: false

# Local database
database:
  # SQLite database path
  path: /var/lib/truthvouch/sentinel/sentinel.db

  # Max database size (MB)
  max_size_mb: 100

  # Log retention (days)
  retention_days: 30

  # Encryption
  encrypted: true

# Advanced settings
advanced:
  # Excluded users (system accounts)
  excluded_users:
    - "SYSTEM"
    - "LOCAL SERVICE"
    - "NETWORK SERVICE"
    - "root"

  # Excluded processes
  excluded_processes:
    - "svchost.exe"
    - "explorer.exe"

  # Timeout for policy checks (milliseconds)
  policy_check_timeout_ms: 100

  # Offline grace period (days)
  offline_grace_period_days: 7

  # Auto-update enabled
  auto_update: true

  # Update check interval (hours)
  update_check_interval: 24

  # Telemetry opt-out
  telemetry_opt_out: false

# Windows-specific
windows:
  # Run as service
  run_as_service: true

  # Service name
  service_name: "TruthVouchSentinel"

  # Windows Firewall exception
  add_firewall_exception: true

  # SYSTEM account for service
  run_as_system: true

# macOS-specific
macos:
  # Run as daemon
  run_as_daemon: true

  # Daemon label
  daemon_label: "io.truthvouch.sentinel"

  # Require accessibility permissions
  require_accessibility: true

# Linux-specific
linux:
  # Run as systemd service
  run_as_service: true

  # Service name
  service_name: "truthvouch-sentinel"

  # Run as root (for network monitoring)
  require_root: true

Common Configurations

Development

monitoring:
  enabled: true
  process_mode: "manual"

enforcement:
  action: "warn"  # Warning, not blocking

reporting:
  enabled: false  # No cloud reporting

logging:
  level: DEBUG

Production

monitoring:
  enabled: true
  clipboard_monitoring: true
  network_monitoring: true

enforcement:
  enabled: true
  action: "block"  # Block violations
  notify_user: true

reporting:
  enabled: true
  interval: 60

logging:
  level: WARN
  include_pii: false

High Security

enforcement:
  action: "block"
  log_all: true

dlp:
  pii:
    enabled: true
    patterns: # Enable all patterns
      ssn: true
      credit_card: true
      email: true
      phone: true

reporting:
  encryption_enabled: true
  compression: true

logging:
  include_pii: false
  retention_days: 90

Environment Variables

Reference environment variables in config:

cloud:
  api_key: ${SENTINEL_API_KEY}
  custom_endpoint: ${SENTINEL_ENDPOINT}

Set via:

Windows (PowerShell):

$env:SENTINEL_API_KEY = "sk-..."

macOS/Linux:

export SENTINEL_API_KEY="sk-..."

Tool Configuration

Add Custom Tool

monitoring:
  tools:
    - name: "Custom LLM App"
      enabled: true
      executables:
        - "custom-app.exe"
        - "custom-app"
      domains:
        - "api.customllm.com"
      ports:
        - 8080
        - 5000

Disable Tool Monitoring

monitoring:
  tools:
    - name: ChatGPT
      enabled: false

DLP Pattern Examples

PII Patterns

dlp:
  pii:
    patterns:
      ssn: true              # 123-45-6789
      credit_card: true      # 1234-5678-9012-3456
      email: true            # [email protected]
      phone: true            # (555) 123-4567, +1-555-123-4567
      passport: true         # 6-9 alphanumeric
      health_insurance: true # Various formats
      driver_license: true   # State-specific

Secret Patterns

dlp:
  secrets:
    patterns:
      aws_key: true          # AKIA...
      github_token: true     # ghp_..., ghu_...
      api_key: true          # api_key=..., apikey:...
      private_key: true      # -----BEGIN PRIVATE KEY-----
      password: true         # password=..., pass=...

Validation

Test configuration:

# Windows
& "C:\Program Files\TruthVouch\Sentinel\sentinel.exe" --validate-config

# macOS/Linux
/usr/local/bin/sentinel --validate-config

Reload Configuration

Reload without restart:

# Windows (PowerShell)
Restart-Service TruthVouchSentinel

# macOS
launchctl stop io.truthvouch.sentinel
launchctl start io.truthvouch.sentinel

# Linux
sudo systemctl restart truthvouch-sentinel

Configuration History

View config changes:

# Windows
Get-EventLog -LogName "TruthVouch Sentinel" -Newest 20

# Linux
tail -20 /var/log/truthvouch/sentinel.log

See Policy Synchronization for policy management.