Sentinel SCA Security

At A Glance

Area	Current Implementation
Cryptographic identity	Ed25519 agent keys with generated keypair and customer-provided public key enrollment.
Signed governance	Signed agent requests are verified before Sentinel records a governance decision.
Tenant isolation	Users, agents, audit events, evidence exports, and billing state are scoped by organization.
Replay-aware controls	Timestamp and signature checks reduce stale or duplicated request risk.
Audit integrity	Governance decisions include hashes, timestamps, and exportable evidence context.
Billing security	Paddle webhook signatures are enforced before subscription lifecycle changes are processed.
Readiness	`/health`, `/live`, and `/ready` support deployment and monitoring checks.

No Identity, No Action

Agents must be known and cryptographically verifiable before governed actions are accepted.

Tenant-Scoped Evidence

Customer audit timelines and evidence ZIP exports stay bound to the authenticated organization.

Role-Based Access

Owner, admin, auditor, and viewer roles separate management access from evidence-only access.

Billing Integrity

Unsigned or invalid Paddle webhooks are rejected before entitlement state can change.

Operational Controls

Global protocol freeze, readiness checks, and request IDs support incident response.

Enterprise Review

Architecture, API docs, tenant isolation tests, SLA draft, and DR docs are available for review.

Item	Status
Protocol runtime	Operational
Tenant isolation smoke coverage	Implemented
Paddle webhook signature enforcement	Implemented
Customer BYOK agent enrollment	Implemented
Third-party security audit	Planned for Enterprise readiness
SOC 2 / ISO 27001	Roadmap item, not yet certified

For security review, enterprise evaluation, or responsible disclosure, contact Sentinel SCA through the contact flow.