ShrouDB Engine
Sentry
Authorization decisions you can prove in court.
Sentry evaluates versioned policies and signs every allow and deny. The audit trail isn't a log file you have to trust — it's cryptographically verifiable end-to-end.
EVALUATECHECKPOLICY_LOADDECISION_LOG
Features
- Signed, auditable authorization decisions
- Policies loaded from a directory, versioned
- Hot-reload on file change
- Key rotation with overlap for signature verification
- Every allow and deny is cryptographically verifiable
Quickstart (standalone)
sentry.toml
bind = ":7006"
[policies]
dir = "/etc/shroudb/policies"
auto_reload = true
reload_interval = "10s"terminal
$ shroudb-sentry --config sentry.tomlCommand reference
| Command | Args | Description |
|---|---|---|
| EVALUATE | <policy> <input> | Evaluate a decision |
| CHECK | <policy> <input> | Boolean allow/deny check |
| POLICY_LOAD | <path> | Load or reload policies |
| POLICY_LIST | List loaded policies | |
| POLICY_INFO | <id> | Inspect a policy |
| KEY_ROTATE | Rotate decision-signing key | |
| DECISION_LOG | [FILTER] | Stream signed decisions |
Bundle into Moat
Drop Sentry into a unified Moat process and it inherits the shared auth layer, storage, and telemetry — no extra wiring.
moat.toml
[engines.sentry]
enabled = true
policy_dir = "/etc/shroudb/policies"Run Sentry in production today
Free on ShrouDB Cloud up to 10k ops/month — no card required.