All systems operational

Sentinel Agent Downloads

Deploy the Sentinel Agent to monitor AI tool usage, enforce governance policies, and report back to your TruthVouch dashboard.

Latest Release
 
Released
 
View Release Notes →

Platform Downloads

Download the installer for your target operating system. Verify the SHA-256 checksum before deploying.

🪟
Windows
   
SHA-256
 
Download .msi
🍎
macOS
   
SHA-256
 
Download .tar.gz
🐧
Linux (DEB)
   
SHA-256
 
Download .deb
🐧
Linux (RPM)
   
SHA-256
 
Download .rpm

GPG Signature Verification

All Sentinel Agent releases are signed with our GPG key. Verify the authenticity of your download before deploying.

TruthVouch Release Signing Key — valid for all releases from v1.0.0 onward.

A1B2 C3D4 E5F6 A7B8 C9D0   E1F2 A3B4 C5D6 E7F8 A9B0
1. Import the signing key
curl -fsSL https://releases.truthvouch.ai/sentinel/gpg-key.asc | gpg --import
2. Verify the download (Linux / macOS example)
gpg --verify sentinel-agent_amd64.deb.sig sentinel-agent_amd64.deb
3. Check SHA-256 (alternative, no GPG required)
# Linux sha256sum --check sentinel-agent_amd64.deb.sha256 # macOS shasum -a 256 --check sentinel-agent_amd64.deb.sha256 # Windows (PowerShell) Get-FileHash .\SentinelAgent.msi -Algorithm SHA256

Supply Chain Verification

Every Sentinel release ships with SLSA Level 2 provenance, CycloneDX and SPDX SBOMs, and cosign keyless signatures — all independently verifiable by your security team without trusting TruthVouch infrastructure.

SLSA Provenance

A cryptographically signed attestation that links each binary artifact to its exact source commit, build environment, and CI pipeline run — satisfying SLSA Level 2 requirements.

Verify with slsa-verifier
slsa-verifier verify-artifact \ vt-sentinel-agent_linux_amd64.tar.gz \ --provenance-path provenance.intoto.jsonl \ --source-uri gitlab.com/truthvouch/truthvouch \ --source-tag sentinel-v0.1.0 \ --builder-id https://truthvouch.com/sentinel-release/v1
Download Provenance
SBOM (CycloneDX + SPDX)

Machine-readable Software Bill of Materials listing every Go dependency, license, and package URL. Import into Grype, Trivy, Dependency-Track, or Snyk for vulnerability scanning.

CycloneDX SPDX
Cosign Signatures

Every artifact is signed with sigstore/cosign keyless signing via GitLab OIDC. Signatures are recorded in the public Rekor transparency log — no long-lived keys to manage or trust.

Verify artifact signature
cosign verify-blob \ --signature artifact.tar.gz.sig \ --certificate artifact.tar.gz.cert \ --certificate-identity-regexp="https://gitlab.com/truthvouch/.*" \ --certificate-oidc-issuer="https://gitlab.com" \ artifact.tar.gz
Full verification guide →
Compliance Coverage

These attestations satisfy controls across NIST SSDF, EO 14028, EU Cyber Resilience Act, SOC 2 Type II, ISO 27001, and FedRAMP requirements. View full compliance mapping →

Previous Versions

We recommend always running the latest stable release. Previous versions are provided for compatibility testing only.

System Requirements

Minimum requirements for running the Sentinel Agent.

🪟 Windows
  • Windows 10 (1903+) or Windows Server 2019+
  • 64-bit (x86_64 or ARM64)
  • 100 MB disk space
  • Administrator privileges for installation
  • Outbound HTTPS access to API server
🍎 macOS
  • macOS 12 (Monterey) or later
  • Apple Silicon or Intel
  • 100 MB disk space
  • Administrator privileges for installation
  • System Extension approval required
🐧 Linux (DEB)
  • Ubuntu 20.04+, Debian 11+
  • x86_64 or ARM64
  • systemd init system
  • 100 MB disk space
  • Root or sudo for installation
🐧 Linux (RPM)
  • RHEL 8+, CentOS Stream 8+, Fedora 38+
  • x86_64 or ARM64
  • systemd init system
  • 100 MB disk space
  • Root or sudo for installation