System architecture
How SentinelOps ingests, reasons, and exposes decisions to operators and partner systems.
DATA & DECISION FLOW
┌───────────┐ ┌──────────────┐ ┌──────────────┐ ┌─────────────────┐ ┌──────────────┐
│ Multi- │ → │ Event │ → │ Anomaly │ → │ AI / RAG │ → │ COA │
│ source │ │ normalization│ │ scoring │ │ reasoning layer │ │ generation │
│ ingestion │ │ │ │ │ │ │ │ │
└───────────┘ └──────────────┘ └──────────────┘ └─────────────────┘ └──────┬───────┘
│
┌────────────────────┐ ┌──────────────────────┐ ┌──────────────┐ │
│ API-ready │ ← │ Explainability & │ ← │ Simulation │ ←──┘
│ deployment │ │ immutable audit trail│ │ engine │
└────────────────────┘ └──────────────────────┘ └──────────────┘Multi-source data ingestion
Streaming adapters normalise heterogeneous feeds into a single event bus. New sources are added via typed adapters without touching the reasoning layer.
- ›AIS · radar · UAV detection nets
- ›MET · OPS-NET patrol logs · harbour APIs
- ›Pluggable adapter SDK (TypeScript / gRPC)
Event normalization
Schema mapping, deduplication, and time alignment produce a canonical event with provenance and source health attached.
- ›Canonical event schema with provenance
- ›Per-source latency & health monitoring
- ›Time alignment across mixed clocks
Anomaly scoring
A hybrid rule + ML pipeline produces severity and confidence per anomaly, with human-tunable sensitivity per category.
- ›Rule-based detectors + ML classifiers
- ›Confidence and severity per anomaly
- ›Operator-tunable sensitivity
AI / RAG reasoning layer
Retrieval-augmented reasoning over doctrine, prior incidents, and current weather produces grounded structured briefs with citations.
- ›Doctrine and prior-incident retrieval
- ›Grounded briefs with citations
- ›Model cards and confidence breakdown
COA generation
Three to four candidate courses of action are produced and ranked by riskReduction × confidence, each with downsides and resource cost.
- ›Multiple candidates, ranked transparently
- ›Per-COA downsides and resource cost
- ›Regenerable with deterministic seed
Simulation engine
Operators toggle scenario variables and immediately see how each COA's expected time, risk reduction, and confidence shift versus baseline.
- ›Per-COA impact matrix vs baseline
- ›Persistent per-COA scenario snapshots
- ›Shared seed with COA comparator
Explainability & audit trail
Every AI suggestion exposes the factors that drove it; every operator action is signed and written to an immutable audit log.
- ›Factor weights per recommendation
- ›Immutable, signed decision log
- ›Two-person approval enforced
API-ready deployment
REST and webhook surfaces with RBAC. Deployable to sovereign cloud, on-prem, or hybrid topologies; compatible with allied message envelope formats.
- ›REST + webhooks · RBAC · OIDC / mTLS
- ›Sovereign cloud · on-prem · hybrid
- ›Allied message-envelope compatible
DEPLOYMENT & STANDARDS
- › Sovereign cloud (per-nation tenancy)
- › On-prem / air-gapped option
- › Hybrid edge + central reasoning
- › OAuth2 / OIDC · MFA · RBAC
- › mTLS between services
- › Signed, immutable audit trail
- › REST + webhooks · gRPC adapters
- › Allied message-envelope compatible
- › Pluggable model providers