Caelex Sentinel
Autonomous compliance
evidence collection.
A lightweight, cryptographically-sealed compliance data extraction layer that transforms raw operational telemetry into verified, regulation-mapped evidence — without ever exposing sensitive data to the outside world.
The Problem
Compliance in space is manual, unverifiable, and a snapshot of one day per year.
Manual
A human copies numbers from Mission Control into a spreadsheet, emails it to a compliance officer, who manually enters it into whatever tool they use. This happens quarterly if they're diligent. Annually if they're not.
Unverifiable
A regulator asks "What was your orbital altitude on March 15?" — the operator provides a number. Was it real? Was it current? Did anyone modify it? There is no chain of custody, no cryptographic proof, no independent verification.
A Snapshot
Annual audits capture one moment in time. What happened the other 364 days? An operator could be non-compliant for months — a decaying orbit, a failed thruster, an unreported cyber incident — and nobody would know until the next audit cycle.
Sentinel eliminates all three problems simultaneously.
Compliance Extraction
99.9999994% of operational data stays inside your network. Only structured, signed compliance evidence is transmitted.
Architecture
Your data never leaves your perimeter until it's compliance evidence.
Collector Modules
Four specialized collectors. Each reads everything. Transmits almost nothing.
Orbit & Debris
Mission Control System, Flight Dynamics, Conjunction Assessment
CCSDS MO · REST API · PostgreSQL · TDM
Cybersecurity
SIEM (Splunk, Sentinel, QRadar), EDR, Vulnerability Scanner, Patch Management
REST API · Syslog · STIX/TAXII · SNMP
Ground Station
Ground Station Management (ATOS, Kongsberg), Antenna Control, Network Management
REST API · SNMP · Syslog · DB Read
Document Watch
Network Drives, SharePoint, Confluence, Certificate Stores
inotify · SharePoint API · REST API
Cryptographic Integrity
Every packet is sealed. Tampering is mathematically impossible.
Every evidence packet contains a SHA-256 content hash, an Ed25519 signature from the agent's private key, and a reference to the previous packet's hash — creating an unbroken, tamper-evident chain.
Modify any packet — the chain breaks. Delete any packet — the gap is detected. Insert a fake — the signature fails. The regulator can verify the entire history is authentic, unmodified, and complete.
{
"packet_id": "sp_2026031514320744_58421_orbit",
"sentinel_id": "snt_a7f3d09e-4b21-4c89-9e67",
"data": {
"altitude_km": 548.317,
"remaining_fuel_pct": 57.66,
"thruster_status": "NOMINAL",
"estimated_lifetime_yr": 4.2
},
"regulation_mapping": [
{ "ref": "art_68", "status": "COMPLIANT" },
{ "ref": "art_70", "status": "COMPLIANT" },
{ "ref": "art_72", "status": "COMPLIANT" }
],
"integrity": {
"content_hash": "sha256:a7f3d09e...",
"previous_hash": "sha256:059669e4...",
"chain_position": 147832,
"signature": "ed25519:MGUCMQCxN8T7..."
}
}Trust Score
Not all evidence is equal.
A Verified Score of 61% built from Level 5–6 evidence is vastly more meaningful than a Declared Score of 82% built from Level 0 self-assessment. Sentinel creates Level 5 and 6 evidence — the highest achievable trust.
Deployment
One command. 512 MB. Zero inbound ports.
--name caelex-sentinel \
--restart unless-stopped \
--memory 512m --cpus 0.5 \
-e SENTINEL_TOKEN=snt_xxxxxxxxxxxx \
-e COLLECTORS=orbit,cyber,ground,documents \
registry.caelex.eu/sentinel:1.4.2
Read-only access
Never writes to source systems. Never modifies operational data. Read-only database connections and API calls only.
No inbound ports
Zero attack surface from the internet. No SSH, no reverse shells, no tunnels. Outbound HTTPS only, certificate-pinned.
Rootless container
Runs as unprivileged user. Immutable filesystem. Container isolation prevents lateral movement. Build from source if you want.
Deploy autonomous compliance infrastructure.
Start with a free compliance assessment. Then deploy Sentinel to automate evidence collection across the EU Space Act, NIS2, and 10 national space laws.