Sentinel CRE

What it is
Sentinel is an autonomous, AI-driven security guardian for DeFi vaults. It bridges the gap between high-speed on-chain activity and intelligent risk assessment by combining the Chainlink Runtime Environment (CRE) with Google Gemini AI. Unlike static smart contracts, Sentinel acts as a "live" security analyst that monitors assets in real-time and executes autonomous defensive actions to prevent fund drainage.

The Problem It Solves
The DeFi ecosystem suffers from a "Reactive Security Gap." Currently, when a vault is exploited, the only defense is a human-triggered emergency pause. By the time a developer receives an alert and signs a transaction, the assets are usually gone.

• Speed of Attack: Flash-loan exploits happen in seconds.
• Static Logic: Traditional smart contracts can't distinguish between a "whale" making a large planned withdrawal and a malicious attacker draining liquidity.
• Manual Intervention: Current "kill-switches" rely on centralized multisigs or human availability, creating a single point of failure.

How It Works
Sentinel leverages a three-layer architecture to provide proactive defense:

1. The Decentralized Eyes (Chainlink CRE): Using a Cron Trigger within the Chainlink Runtime Environment, Sentinel runs a persistent "Security Patrol." Every 60 seconds, the CRE workflow fetches live vault balances and transaction data across the network. Because this runs on a Decentralized Oracle Network (DON), the data is tamper-proof and verifiable.
2. The Intelligent Brain (Google Gemini AI): Sentinel doesn't just look at numbers; it analyzes intent. The data is passed to Gemini 1.5 Flash along with user-defined risk thresholds (e.g., "Pause if more than 20% of funds move in one hour"). Gemini performs a subjective risk analysis, distinguishing between legitimate high-volume trading and anomalous exploit patterns.
3. The Autonomous Hands (On-Chain Execution): If Gemini identifies a "DANGER" state, the CRE workflow automatically generates and signs a cryptographic report. This report is sent to the Sentinel Smart Contract on-chain, which validates the signature and instantly triggers the pause() or emergencyShutdown() function on the target Vault.

How is it Built?
Sentinel is built using a modern "Agentic" architecture that combines high-performance on-chain execution with decentralized off-chain intelligence. The project is divided into three core technical layers:

1. The Orchestration Layer: Chainlink Runtime Environment (CRE)
   We utilized the Chainlink Runtime Environment (CRE) to build a decentralized "Security Workflow." This is the backbone of Sentinel.

• Triggers: We implemented a Cron Trigger (set to */60 * * * * *) that acts as a persistent heartbeat, waking the agent every minute to perform a security sweep.
• Capabilities: * EVMClient: Used to read live state directly from the Ethereum Sepolia testnet. It fetches the current balance of the Vault contract with decentralized consensus.
  • HTTPClient: A critical component used to communicate with the Gemini API. Unlike standard HTTP calls, the CRE ensures that the API request and response are verified across the Decentralized Oracle Network (DON).
• WASM Compilation: The entire workflow is written in TypeScript using the CRE SDK and compiled into WebAssembly (WASM) for secure, high-speed execution within the Chainlink nodes.

2. The Intelligence Layer: Google Gemini 1.5 Flash
   Rather than relying on brittle, hard-coded "if/else" logic, we integrated Gemini 1.5 Flash as the brain of the Sentinel.

• Contextual Reasoning: We feed Gemini the Vault's current balance, historical baselines, and user-defined risk thresholds.
• Prompt Engineering: We designed a specialized "Security Expert" system prompt that instructs Gemini to perform a mathematical analysis of fund movement.
• Subjective Analysis: Gemini distinguishes between a "Whale Withdrawal" (legitimate) and a "Drain Attack" (malicious) by analyzing the speed and scale of the balance drop against the user's specific "Panic Settings."

3. The Enforcement Layer: Solidity Smart Contracts
   The final defense happens on-chain. We developed and deployed two custom smart contracts using Hardhat:

• Vault.sol: A standard DeFi vault with a built-in "Emergency Stop" mechanism. It is designed to only allow the Sentinel to trigger a lockdown.
• Sentinel.sol: This contract acts as the gatekeeper. It contains logic to verify the cryptographic signatures generated by the CRE Workflow. When a "DANGER" report is signed by the Agent, this contract instantly calls the Vault’s setSentinel and pause functions.

4. The User Experience: Sentinel Dashboard
   To make the system accessible, we built a frontend dashboard that allows users to:

• Set Dynamic Thresholds: A slider interface that updates the config.json for the CRE agent.
• Real-Time Monitoring: Displays a live feed of the "Gemini Security Logs," showing the AI's reasoning (e.g., "SAFE: Balance drop is 2%, well below the 15% threshold").