Skip to content

API Reference

The primary entry point is the cohesive SentinelRN object.

ts
import { SentinelRN } from "@sentinelrn/core";

SentinelRN.configure(config)

Apply configuration. Optional — secure defaults apply otherwise.

ts
SentinelRN.configure({
  policy: "monitor",
  integrity: { includeEvidence: false },
  ai: { includeFindings: false, redactMatches: true },
});
OptionTypeDefaultDescription
policySentinelPolicy"monitor"Default policy across modules.
integrity.includeEvidencebooleanfalseAttach raw evidence to signals (may be sensitive).
ai.includeFindingsbooleanfalseInclude the matched substring on findings.
ai.redactMatchesbooleantruePopulate redacted previews on findings.

SentinelRN.integrity

MemberSignatureDescription
check()() => Promise<ThreatReport>Run an integrity check via the registered provider.
registerProvider(p)(IntegrityProvider) => voidRegister the active platform provider.
getProvider()() => IntegrityProvider | undefinedThe current provider.

SentinelRN.ai

MemberSignatureDescription
guardPrompt(args)(GuardPromptArgs) => AIGuardResultInspect AI-bound input under a policy.
ts
type GuardPromptArgs = { input: string; policy?: "monitor" | "warn" | "block" | "strict" };

SentinelRN.policy

MemberSignature
evaluateIntegrity(report, policy?)(ThreatReport, SentinelPolicy?) => PolicyDecision
evaluateAI(result, policy?)(AIGuardResult, SentinelPolicy?) => PolicyDecision

SentinelRN.redaction

MemberSignatureDescription
redact(input)(string) => stringReplace secrets/PII with placeholders.
inspectAndRedact(input)(string) => RedactionResultSanitized text plus findings.

SentinelRN.registerIntegrityProvider(provider)

Shortcut for integrity.registerProvider. Used by @sentinelrn/native.

SentinelRN.version

The package version string.

Types

ts
type RiskLevel = "low" | "medium" | "high" | "critical";
type Severity = "low" | "medium" | "high" | "critical";
type Confidence = "low" | "medium" | "high";
type RecommendedAction =
  | "allow" | "monitor" | "warn_user" | "block_sensitive_action" | "block_session";

type SentinelPolicy = "monitor" | "warn" | "block" | PolicyConfig;

interface PolicyConfig {
  mode?: "monitor" | "warn" | "block";
  blockOnHighRiskDevice?: boolean;
  redactSensitiveInput?: boolean;
  blockPromptInjection?: boolean;
  allowInSimulator?: boolean;
}

interface IntegrityProvider {
  readonly name: string;
  collectSignals(): Promise<RawSignal[]> | RawSignal[];
}

Advanced exports

For extension and advanced use, @sentinelrn/core also exports the underlying engines: assessRisk, aggregateScore, riskLevelFromScore, buildThreatReport, normalizeSignal, detectFindings, guardPrompt, redact, inspectAndRedact, evaluateIntegrity, evaluateAI, resolvePolicy, createSentinel, and the detector/rule tables (PATTERN_DETECTORS, INJECTION_RULES).

Errors

The SDK never crashes the host app because a detector fails. Errors are structured:

ts
class SentinelError {
  code: string;
  module: "integrity" | "ai" | "policy" | "redaction" | "native" | "core";
  message: string;
  cause?: unknown;
}

Released under the MIT License. SentinelRN is risk-based — always enforce trust on the server too.