Sentinel RAG is an RAG framework designed with "Security-First" philosophy. It solves the critical gap in standard RAG implementations: Lack of document-level permissions and data privacy.
The "Intern vs. CEO" Problem
Most RAG implementations treat your knowledge base as a flat file system. When an LLM retrieves context, it doesn't knowβor careβwho is asking. This leads to critical data leaks: an intern's query shouldn't trigger the retrieval of the CEOβs payroll data.
Sentinel RAG acts as a secure proxy between your users and your data. It ensures that your AI only "knows" what the specific user is authorized to see, while stripping sensitive PII before it ever hits the inference engine.
-
βοΈ Contextual Role-Based Access Control(RBAC): Sentinel RAG injects dynamic metadata filters into the retrieval process. It matches the user's Role & Permission against document-level permissions in real-time.
-
π‘οΈ Automated PII Sanitization: Built-in middleware automatically detects and masks sensitive entities before context is sent to the LLM.
-
π Enterprise-Ready Authentication Single-tenant OIDC authentication with JWT-based authorization, supporting both cookie (browser) and Bearer token (API) authentication methods.
-
π Immutable Compliance Logging: Every request is audited. Sentinel RAG logs the user identity, the specific document chunks retrieved, and the sanitized prompt, providing a full trail for GDPR, HIPAA, and SOC2 compliance.
-
π― Industrial-Grade Rag Precision: From advanced embeddings (docs-to-markdown and Context-Aware Hierarchical Splitting) to hybrid retrieval(vector + keyword) ensure precise context retrieval.
Sentinel RAG offers two setup options: Docker (recommended for quick setup) or local installation with uv.
The fastest way to get Sentinel RAG running with all dependencies pre-configured.
# Clone the repository
git clone https://github.com/RajeshTechForge/sentinel-rag.git
cd sentinel-rag
# Create a `.env` file based on example
cp .env.example .env
# Build and start the service
docker compose up --buildSentinel-RAG uses UV package manager for dependency management and environment isolation.
Ensure you have your cloud credentials ready for:
- PostgreSQL (e.g., Neon)
- Qdrant (e.g., Qdrant Cloud)
# Clone the repository
git clone https://github.com/RajeshTechForge/sentinel-rag.git
cd sentinel-rag
# Install dependencies and create environment
uv sync
# Install in editable mode
uv pip install -e .# Create `.env` based on example
cp .env.example .env
# Update your `.env` file with your credentials
# Then setup the system
uv run python -m sentinel_rag initiateuv run uvicorn sentinel_rag.api.app:app --reload
| Layer | Technology |
|---|---|
| Language | Python 3.10 - 3.13 |
| API Framework | FastAPI (Async) |
| Data Validation | Pydantic v2 |
| Package Manager | uv |
| Vector Search | Qdrant |
| Relational DB | PostgreSQL |
| Orchestration | Docker & Docker Compose |
- API Guide
- CONFIGURATION Guide
- COMPLIANCE Guide
- DATABASE SEPARATION Guide
- EMBEDDINGS Guide
- CONTRIBUTING Guidelines
We love contributors! Whether you are fixing a bug or suggesting a feature.
Check out Contributing Guidelines for more details.
Distributed under the Apache License 2.0. See LICENSE for more information.
Built with β€οΈ for a more secure AI future by @RajeshTechForge