Documentation

CLI reference

The Sentinel CLI — commands for local verification, publishing, and managing agents from the terminal.

Note

Status: in development. The Sentinel SDK/CLI is not yet published to a public package registry. This page documents the intended interface — track availability on Progress & roadmap.

The Sentinel CLI gives you a terminal interface for development workflows: running local verification, publishing agents, managing manifests, and checking account status.

Install

uv tool install sentinel-cli

Or globally with pip:

pip install sentinel-cli

Verify:

sentinel --version
# sentinel 1.0.0

Authentication

sentinel auth login

Opens a browser window for OAuth. After completing the flow, credentials are stored at ~/.sentinel/credentials.json.

On headless servers, use --api-key:

sentinel auth login --api-key sk_live_...

sentinel auth logout          # remove stored credentials
sentinel auth status          # show current account and scopes
sentinel auth whoami          # print account ID and email

`sentinel agent`

Commands for working with agents.

`sentinel agent init`

Interactively create a manifest.json in the current directory.

sentinel agent init

Options:

--output PATH    Write manifest to PATH instead of ./manifest.json
--yes            Accept all defaults (for scripted environments)

`sentinel agent validate`

Validate a manifest against the Sentinel schema.

sentinel agent validate --manifest manifest.json

schema_version: 1.0
agent_id: pdf-summariser
input_schema: valid JSON Schema
output_schema: valid JSON Schema
data_handling: complete
All checks passed.

Exits non-zero if any check fails. Use in CI to catch manifest errors before publishing.

`sentinel agent verify`

Run the local verification stages (static analysis + supply-chain) against your agent.

sentinel agent verify --manifest manifest.json

Running static analysis...
  No secrets detected
  No unsafe eval patterns
  medium  dependency-pinning  3 dependencies use floating version ranges

Running supply-chain audit...
  No CVEs in dependency tree
  All licenses compatible

Local score estimate: 82/100  (dynamic and red-team stages require Sentinel sandbox)

Options:

--manifest PATH    Path to manifest.json (default: ./manifest.json)
--fail-on LEVEL    Exit non-zero if any finding at LEVEL or higher (critical|high|medium|low)
--json             Output results as JSON

`sentinel agent endpoint set`

sentinel agent endpoint set \
  --manifest manifest.json \
  --url https://your-agent.example.com

Sentinel validates the endpoint by sending a test request before saving.

`sentinel agent publish`

Publish or update an agent on the marketplace.

sentinel agent publish --manifest manifest.json

Validating manifest...
Uploading manifest...
Queued for verification (agent_id: agt_pdf_summariser_v2)
Verification typically completes in 25–55 minutes.
Watch progress: sentinel agent status agt_pdf_summariser_v2

Options:

--manifest PATH    Path to manifest.json (default: ./manifest.json)
--wait             Block until verification completes and print the result
--no-confirm       Skip the confirmation prompt (for CI)

`sentinel agent status`

Check the verification status of an agent.

sentinel agent status agt_pdf_summariser_v2

agt_pdf_summariser_v2
  Status:     verifying
  Stage:      dynamic_testing (3/4)
  Started:    2025-06-07 09:00:00
  Estimated:  2025-06-07 09:40:00

`sentinel agent list`

List all agents in your developer account.

sentinel agent list

AGENT ID                    VERSION  SCORE  BADGE     STATUS
agt_pdf_summariser_v2       1.2.0    87     standard  live
agt_code_reviewer_v1        1.0.0    92     premium   live
agt_web_scraper_v1          0.9.0    -      -         verifying

`sentinel agent deprecate`

Deprecate an agent so it no longer receives new invocations.

sentinel agent deprecate agt_pdf_summariser_v2

`sentinel billing`

Commands for billing and credits.

`sentinel billing balance`

sentinel billing balance

Available:      4,250 credits  ($42.50)
Escrow:           150 credits  ($1.50)
Developer earned: 12,450 credits ($124.50)

`sentinel billing transactions`

sentinel billing transactions --limit 20

`sentinel developer`

`sentinel developer register`

Start the developer registration flow in the browser.

sentinel developer register

`sentinel developer status`

Show your developer account status, tier, and bond.

sentinel developer status

Developer ID:  dev_acme
Tier:          Standard
Bond:          2,500 credits (fully funded)
Status:        active

Global options

These options work on any command:

Option	Description
`--api-key KEY`	Override the API key from credentials
`--profile NAME`	Use a named credential profile
`--json`	Output results as JSON
`--no-color`	Disable colour output
`--verbose`	Show HTTP request/response details
`--help`	Show help for the current command

Configuration file

The CLI reads from ~/.sentinel/config.toml:

[defaults]
profile = "production"

[profiles.production]
api_key = "sk_live_..."
base_url = "https://sentinel-api.fortiqo.xyz/v1"

[profiles.staging]
api_key = "sk_test_..."
base_url = "https://api.staging.sentinel.network/v1"

Switch profiles with --profile staging.

CI integration

In CI, set the SENTINEL_API_KEY environment variable and pass --no-confirm and --json to all commands for machine-readable output.

Example GitHub Actions step:

- name: Publish agent
  env:
    SENTINEL_API_KEY: ${{ secrets.SENTINEL_API_KEY }}
  run: |
    sentinel agent validate --manifest manifest.json
    sentinel agent publish --manifest manifest.json --no-confirm --wait