Remote ID
Direct broadcast Remote ID ingestion fully aligned with ASTM F3411 and FAA 89-FR-56396. Compliant decoders for BT4, BT5, and Wi-Fi NaN.
SENTINEL · CORE ARCHITECTURE
Engineered for the millisecond.
Sentinel is a sovereign-deployable airspace platform — not a SaaS subscription with cloud-lock-in. Edge ingest. mTLS service mesh. Oracle Autonomous Database. FIDO2 identity. Open SDKs. Every layer engineered for low latency and high trust.
[ Signal Path ]
From photon to operator, in one diagram.
Every layer is replaceable. Every interface is documented. Every byte is on your network.
[ EDGE · INGEST ]
SDR · 1090
ADS-B
SDR · 978
UAT
BT5 RID
Direct broadcast
Wi-Fi RID
802.11 beacon
FRIENDLY
DJI · Skydio cloud
▼ ▼ ▼ ▼ ▼
[ SIGNAL BUS · CORE ]
MQTT BUS
Time-aligned · dedup
TRACK ENGINE
Kalman · classify
ZONE ENGINE
3D containment
ALERT ROUTER
Type · ack · audit
▼ ▼ ▼ ▼
[ SURFACE · CONSUMERS ]
CONSOLE
Web · WebRTC
FIELD APP
iOS · iPadOS
FLEET
DJI · Skydio · DRC
SDK · API
REST · WS · Python
SIEM · MCP
Audit · agent · webhook
[ Stack ]
Boring tech. Exciting outcomes.
Sentinel is built on technology with decades of operational hardening. We optimize for trust, latency, and fleet-wide upgradability.
Oracle ADB
Autonomous DB · 26ai
ORDS
REST · OAuth2
MQTT 5
Sensor bus
WebRTC
Live FPV
WebSocket
Track + alert
Caddy
TLS · mTLS
JWT · HS256
Service auth
FIDO2 / Passkey
Operator auth
APNs · FCM
Push alerts
OCI Object Storage
Forensic archive
OCI GenAI
Select AI · summary
MCP
Agent surface
[ Security Posture ]
Trust is designed in.
The Sentinel auth chain layers identity from machine to human. mTLS for sensors. JavaCard challenge-response for trusted devices. API keys per service with IP whitelisting. JWTs for human operators. Passkeys at the edge.
- mTLS client certificates forwarded by Caddy with subject + fingerprint headers
- JavaCard ECDSA-P256 challenge-response for hardware-rooted devices
- Per-key IP whitelists, SHA-256 hashed, rotated on schedule
- Locally-validated bearer JWT — no auth round-trip on hot path
- Centralized Oraauth identity provider with OIDC federation
- Role-scoped OAuth2 for ORDS data APIs
- WebAuthn / FIDO2 passkey for operator and admin surfaces
- Hardware-backed keystore on iOS, Keychain-secured tokens
AUTH · CHAIN · ORDERENFORCED
01 · mTLSClient certificate via CaddySENSOR
02 · JCJavaCard ECDSA challengeDEVICE
03 · API KEYX-API-Key + IP whitelistSERVICE
04 · JWTBearer · HS256 · local validateUSER
05 · PASSKEYFIDO2 · WebAuthn · Face IDOPERATOR
FAILNo layer accepts → 401REJECT
[ Sovereignty & Deployment ]
Where Sentinel runs is your choice.
Sentinel runs sovereign cloud, on-premise, or fully air-gapped. Every service ships with a documented installer, systemd units, schema migrations, and an OpenAPI spec. No telemetry leaves your perimeter unless you tell it to.
- Per-service installer with idempotent schema migrations
- Caddy TLS termination, services bound to localhost
- Object storage on OCI, S3-compatible, or on-prem MinIO
- Air-gap deployable — no outbound dependency required
- SDKs in Python and Java; OpenAPI 3 source of truth
- MCP tool surface for AI/agent ecosystems
DEPLOY · TARGETSSUPPORTED
| OS | Oracle Linux 9 · RHEL 9 · Ubuntu 24.04 |
| Database | Oracle Autonomous DB 26ai · ADB on-prem |
| TLS | Caddy · per-service certificates |
| Object Store | OCI · S3 · MinIO |
| Mesh | mTLS · service-mesh ready |
| Reachable Without Internet | Yes · air-gap supported |
| SDK | Python · Java · OpenAPI 3 |
| Audit | SIEM-streamable · MCP queryable |
[ Standards Alignment ]
ASTM F3411
DO-260B
UAT
DJI Pilot 2
OAuth2 / OIDC
FIDO2
On the right side of the standards.
Sentinel speaks every relevant standard from day one — and the moment any one of them updates, our standards engine rolls.
ADS-B / Mode-S
1090 MHz ES decode. ICAO 24-bit, callsign, position, velocity, vertical rate, squawk. TIS-B and ADS-R passthrough.
978 MHz Datalink
RTCA DO-282 compliant ingest. FIS-B and TIS-B supported. Suitable for low-altitude general aviation surveillance.
Cloud-Server Spec
Sentinel implements the DJI Pilot 2 cloud-server compatibility surface — manage, map, wayline, media, livestream, NFZ.
Identity Federation
Integrate with OCI Identity Domains and standards-based OIDC providers. Authorization-code with PKCE, client-credentials for services.
Passkeys / WebAuthn
Phishing-resistant operator authentication. Passkeys on iOS via Face ID. WebAuthn registration through the unified auth surface.