Parinita Sentry
Agentic Governance for Every Agent, Every Plane, Every POP
Artifact governance. Runtime identity. Behavioral baselining. All three, simultaneously, across all 21+ agents.
Sentry is the cross-cutting agentic-governance layer — the only product in the portfolio that watches every Parinita agent simultaneously across every plane, every POP, every workload. Three governance domains: artifact governance, runtime identity, and continuous behavioral baselining.
Autonomous Agents With No Runtime Oversight Are Uncontrollable
Enterprises deploying autonomous AI agents have no mechanism to enforce what those agents are permitted to do at runtime.
Documented agent permissions are not enforced — they exist in policy documents. Without hardware-level warrant enforcement, any agent can reach any resource its network path allows.
-
Agent Permissions Exist Only in Documents
Documented agent permissions are not enforced at runtime. Any agent can reach any resource its network path allows — policy is aspirational, not technical.
-
Supply Chain Risk From Agent Artifacts
A malicious MCP server, model, or dataset published to a marketplace can be installed by users before any review. A scan pipeline is required, not a checkbox.
-
Cross-Agent Kill Chains Are Invisible
Individual security products see isolated events. A multi-step attack across multiple agents looks like unrelated noise until it's too late.
Three governance domains. One layer. Every agent.
Sentry is the only product that watches the entire agent portfolio simultaneously — artifact governance at publication, runtime identity at execution, behavioral baselining continuously.
Agent permissions compile into BPF maps distributed to ConnectX-7 NICs — a packet to an unauthorized destination is XDP_DROP'd before it touches the kernel.
-
Artifact Governance
Five-track parallel scan: static code analysis, behavioral sandbox on gVisor, publisher reputation, P4 vector similarity to known-malicious artifacts, and version delta analysis.
-
Runtime Identity (Warden)
The Warden agent on Plane 3 issues Ed25519 keypairs for every agent, compiles per-agent permissions into Policy Warrants, and distributes BPF maps to ConnectX-7 NICs via NATS JetStream.
-
NIC-Level Enforcement
Policy Warrants compile to BPF maps. Crucible distributes them. ConnectX-7 ASIC enforces. A packet to an unauthorized destination is XDP_DROP'd before it touches the kernel.
-
Behavioral Baselining
Continuously baselines every agent's tool calls, planes accessed, data volumes, and inter-agent invocations. Anomaly models on MI350P detect novel cross-agent kill chains.
-
Chrysalis Attestation for Approved Artifacts
Approved artifacts receive a 101-validator QBFT attestation (supermajority 68) that customers can verify on-chain independently.
-
Composite Risk Scoring
Five scan tracks produce a composite risk score that triggers approve, block, or quarantine. Post-approval, Overwatch continues monitoring for behavioral anomalies.
-
Cross-Domain Kill-Chain Detection
Behavioral anomalies route to Overwatch for cross-domain response. Sentry detects the agent-level signal; Overwatch correlates across Sentry, Secure, and Chrysalis.
-
Warrant Violation Logging
Every warrant violation — a packet XDP_DROP'd — logs to Chrysalis as an immediate revocation event. The audit trail is immutable by architecture.
-
gVisor Behavioral Sandbox
New agents run in a gVisor sandbox on Plane 3 before approval. Behavioral execution in isolation catches runtime behavior that static analysis misses.
The Plane Model
Orchestra introduces "planes" — logical groupings of hardware optimized for a specific workload class. Unlike Kubernetes node pools, planes represent fundamentally different hardware architectures with different drivers, network requirements, and scheduling semantics.
The plane model is what makes Orchestra different from every other orchestration tool. Kubernetes sees nodes. Orchestra sees purpose-built hardware tiers and routes workloads accordingly.
Three domains. NIC-level enforcement.
Sentry's three governance domains work together — an agent approved at publication can still be isolated if its runtime behavior deviates from its baseline.
- 01Agent identityEvery agent operates under a Sentry-issued Ed25519 keypair — cryptographic identity attached at the NIC, not asserted by the agent itself.
- 02Policy WarrantPer-agent permissions compiled into a BPF map distributed to ConnectX-7 NICs. The warrant is the enforced policy, not the documented one.
- 03Artifact risk scoreComposite score from five scan tracks determines approve, block, or quarantine. Approved artifacts receive a Chrysalis QBFT attestation.
- 04Behavioral baselineContinuous monitoring of tool calls, plane access patterns, data volumes, and inter-agent invocations establishes a behavioral fingerprint per agent.
- 05Anomaly thresholdMI350P anomaly models flag deviations from the behavioral baseline. Novel cross-agent patterns route to Overwatch for coordinated response.
- 06Plane authorizationEach agent's Policy Warrant specifies which planes it is authorized to access. Cross-plane access outside the warrant is XDP_DROP'd at the NIC.
- 07Publisher reputationOne of five artifact scan tracks. Publisher history, signing key continuity, and prior artifact behavior contribute to the composite risk score.
- 08Revocation eventWarrant violations anchor on Chrysalis as immediate revocation events — immutable audit trail regardless of subsequent agent or platform state.
import sentry
client = sentry.Client(seat_token='your_seat_token')
# List active agent warrants
for warrant in client.warrants.list():
print(f"Agent: {warrant.agent_id}, Planes: {warrant.planes}, Risk: {warrant.risk_score}")
# Stream behavioral anomaly events
for event in client.anomalies.stream():
print(f"Agent: {event.agent_id}, Type: {event.anomaly_type}, Severity: {event.severity}") Proven at scale. Not in a lab.
Parinita AI Edge is the production deployment of the Parinita platform and the largest heterogeneous AI infrastructure deployment in the United States.
Parinita AI Edge
The most complex heterogeneous AI infrastructure in the United States. 101 sites, 9 planes, 12,000+ nodes, 4 accelerator vendors, dual network fabrics, four-layer tenant isolation — all through a single sovereign control plane.
Network & Security Infrastructure
- Multi-vendor acceleratorsFour accelerator vendors — Intel Habana, NVIDIA, AMD, Qualcomm — orchestrated through one control plane with unified scheduling, monitoring, and lifecycle management.
- Dual-fabric networkingCisco production fabric and Arista GPU backend fabric operating as a coordinated system, bridged by identity-aware routing.
- Nationwide scale101 sites across 42 U.S. states, each operating autonomously with a local control agent and a sovereign cross-site routing plane.
- Multi-tenant isolationFour-layer defense-in-depth: VXLAN VNIs, identity-routing, Palo Alto firewalls, and Cilium eBPF — validated across every plane and site.
- Compliance readinessFIPS 140-2 at launch, with FedRAMP Moderate, CJIS, and IL4/IL5 certification paths active through Parinita compliance profiles.
- Sub-millisecond routingEvery request classified and dispatched in under 1ms, enabling real-time SLA enforcement without perceptible overhead.
Required for any deployment with autonomous agents acting on real systems.
Sentry is not optional for agentic workloads — it is the governance layer that makes autonomous operation safe in regulated environments.
Any regulated workflow where demonstrating runtime control over agent behavior is a compliance requirement, not just a documentation exercise.
-
Autonomous Agent Deployments
Any workload with AI agents acting on real systems requires runtime governance. Sentry is the governance layer, not an optional add-on.
-
Regulated AI Workflows
Compliance frameworks increasingly require demonstrable runtime control over AI agent behavior — not just documented permissions.
-
Agent Marketplace Operations
Every model, MCP server, and dataset published to Parinita Central passes through Sentry's five-track artifact governance pipeline before listing.
-
Insider Threat Detection
Behavioral baselining catches agents whose runtime behavior deviates from their approved pattern — including agents compromised after approval.
-
Cross-Domain Security Correlation
Sentry's behavioral anomaly signals feed Overwatch for cross-domain kill-chain correlation across the full Parinita security stack.
Deployment Models
Sentry deploys as a platform-level service — not provisioned per agent. All agents in the fabric automatically fall under Sentry governance.
Sentry activates automatically for all agents in the fabric. Every agent registered with the platform falls under Sentry governance from first registration.
Warden issues Ed25519 keypairs and compiles Policy Warrants on first agent registration. BPF maps distribute to all NICs via NATS JetStream.
Artifacts submitted to Parinita Central enter the five-track scan pipeline automatically. Composite risk score determines listing eligibility.
Talk to Us
Our security team can walk through Sentry's artifact governance pipeline and behavioral baselining for your specific agent deployment.