Every decision logged. Every rule inspectable. Every verdict reproducible. TEOS Sentinel is a deterministic, auditable governance engine — not a black box.
TEOS Sentinel uses a purely deterministic regex-based rule engine. No ML inference. No probabilistic verdicts. Every rule is a named, versioned, publicly inspectable pattern with explicit severity and scoring. The same input will always produce the same output — guaranteeing reproducibility for audit and compliance.
All endpoints return JSON. CORS enabled for cross-origin access. No authentication required for read endpoints.
Submit a command or code snippet. Returns deterministic verdict with rule match, score, and reasoning. Body: { "command": "..." }
Aggregated scan counters: total, blocked, warned, allowed, block rate, top triggered rules.
Paginated event log. Query params: ?page=1&limit=100&verdict=block. Returns recent scan events with full verdict details.
Compliance export. Last 200 events reversed. Includes engine version, rule count, and generation timestamp.
Engine health check. Returns status, engine version, rule count, uptime, and current time.
Static machine-readable rule definitions. 25 rules with regex patterns, severity levels, scores, and categories.
37 attack simulation test cases with expected verdicts. Use to validate engine correctness.
Sample audit log entries showing the schema, field descriptions, and example records.
Every POST /scan response follows this deterministic schema. Fields are guaranteed present for valid input.
| Field | Type | Description |
|---|---|---|
| verdict | string | "BLOCK" | "WARN" | "ALLOW" | "ERROR" |
| score | number | Risk score 0-100. Higher = more dangerous. |
| rule | string | Matched rule identifier. Format: "R{id}.{NAME}" e.g. "R01.DESTRUCTIVE_SHELL" |
| ruleId | string | Short rule ID: "R01" through "R25", or "R00" for clean. |
| severity | string | "critical" | "high" | "medium" | "none" |
| reasons | string[] | Human-readable explanations for the verdict. |
| command | string | The original input command (echoed back). |
| timestamp | string | ISO 8601 timestamp of the scan. UTC. |
TEOS Sentinel is designed for environments that require provable, deterministic security decisions. Key compliance properties:
Same input always produces the same output. No randomness. No model drift. Fully reproducible for auditors.
All 25 rules, 37 test cases, and audit schemas are available as static JSON. Anyone can verify engine behavior.
Every scan decision is logged with timestamp, rule, score, and verdict. Rotating store capped at 500 entries.
Audit logs exportable as CSV or JSON. Compatible with SIEM ingestion and compliance review workflows.
Zero ML inference. No training data, no model weights, no probabilistic outputs. Pure pattern matching.
Engine version reported in every endpoint. Rule updates are additive — existing patterns are never silently changed.
Found a bypass? We reward responsible disclosure. If you can craft a command that matches a threat pattern but gets an ALLOW verdict, report it.