Sentinel is the live monitoring surface. It watches the assets in your active workspace in real time and lets you add network-level monitors for the on-chain events you care about. Activity, mempool threats, and security findings stream in over SSE as they happen.
Why it exists
Rule bots only catch attack shapes you anticipated. Sentinel pairs configurable event monitors with mempool threat detection — flash loans, sandwiches, exploit patterns — so you see threats forming in the pending pool before they land, alongside the on-chain activity and drift signals that complement static detectors.
Who uses it
- Security operator — watches the live feed during an active engagement and triages alerts as they arrive.
- Auditor — keeps a target under watch after an audit ships and reviews post-launch activity.
How to open it
- Sidebar → Monitoring → Sentinel.
- Direct URL —
/sentinel(optionally?network=&address=to focus a network and contract).
The dashboard
- Status bar — active monitors, alerts/hour, and critical / high counts, plus a live connection indicator.
- Activity (left) — two tabs:
- On-Chain Activity — a collapsible block feed with per-transaction event pills; filter by event category.
- Mempool Threats — pending-pool threat cards (Ethereum & Polygon), filterable by category.
- Monitors (right) — every code asset in the active workspace is
registered automatically (shown as
auto), and you can add network-level monitors with the Add Network Monitor button. Remove a network monitor with its delete control. - Security findings — rule and detector matches surfaced from the monitored networks.
Adding a network monitor
- Click Add Network Monitor.
- Pick a Network.
- Tick the Events to Monitor (Token, Access Control, Proxy & Upgrades, Emergency, DeFi, Factory & Deployment, Governance) and any Mempool Threats (Ethereum & Polygon only).
- Add Monitor — the poller picks up the rules and matches begin streaming into the activity feed.
One network-level monitor is allowed per network; remove the existing one to reconfigure it.
Limits
- Requires a signed-in account and a running monitor API.
- Workspace asset monitors are scoped to the active workspace and reset when you switch workspaces.
- Mempool detection is available on Ethereum and Polygon.
Troubleshooting
| Symptom or error | Cause | Action |
|---|---|---|
| Feed is silent | No monitors yet, or no matching activity | Add a network monitor, or wait for events on a watched asset. |
| Status shows Disconnected | No monitors configured | Add a monitor or open a workspace with analyzed assets. |
| “Monitor API is not responding” | Gateway not running | Start the gateway: cargo run --bin sigvex-engine. |
Related pages
- Threat Graph — cross-runtime blast radius for the same assets.
- Dependency Map — dependency reach for monitored contracts.