From Copilot Experiment to Production-Ready CLI: Building Sentinel AI
Cybersecurity is no longer optional — every connected system is exposed to potential threats. While there are many enterprise-grade tools available, I wanted to understand how such tools work internally.
So I built my own.
Sentinel AI started as a small experiment using GitHub Copilot CLI. But through iteration, debugging, and production hardening, it evolved into a fully functional, production-ready cybersecurity CLI tool for Linux.
This article explains the journey — from idea to production.
The Idea
Modern systems constantly create network connections — many legitimate, some suspicious. Most users never see what is happening behind the scenes.
I wanted a tool that could:
- Show active network connections
- Identify suspicious behavior
- Assign risk scores
- Provide actionable summaries
- Work directly from the terminal
It needed to be fast, simple, and transparent.
That’s how Sentinel AI was born.
How GitHub Copilot Accelerated Development
GitHub Copilot CLI significantly accelerated development by helping generate:
- Modular Python code structure
- CLI argument parsing using argparse
- Risk classification logic
- Error handling and logging
- Clean and readable code patterns
Instead of spending hours writing boilerplate, I could focus on architecture and functionality.
Copilot acted as a coding assistant — not a replacement — helping me move faster while maintaining control over the system design.
Architecture Overview
Sentinel AI is built using a modular architecture:
Core components:
- Network Scanner — collects active connections
- Analyzer — evaluates connections and assigns risk scores
- Reporting Engine — summarizes system risk level
- CLI Interface — provides user interaction
- Logging System — records activity and errors
Key technologies:
- Python
- psutil
- colorama
- argparse
- autopep8
- GitHub Actions (CI/CD)
This architecture ensures maintainability and extensibility.
Core Features
Sentinel AI provides several security-focused capabilities:
Network Scanning
Lists all active network connections with:
- Protocol
- Local address
- Remote address
- Process ID
- Process name
Example:
sentinel-ai scan
Intelligent Risk Analysis
Each connection is analyzed and assigned:
- Numeric risk score (0–100)
-
Risk level classification:
- LOW
- MEDIUM
- HIGH
Explanation of the risk
Example:
sentinel-ai analyze
Example output:
Proto Local Address Remote Address PID Process Risk
TCP 192.168.1.10:54321 8.8.8.8:53 1234 python3 HIGH (87)
System Risk Report
Provides a system-level security overview:
sentinel-ai report
Output:
=== Sentinel AI CLI Security Report ===
Total connections: 12
External connections: 3
High risk: 1
Medium risk: 2
Low risk: 9
Overall system risk: HIGH (72/100)
This allows users to understand their system security posture instantly.
System Information
Displays system-level information:
sentinel-ai system
Includes:
- OS
- Kernel version
- CPU
- Memory
- Hostname
Developer Utilities
Sentinel AI also includes developer-focused tools:
sentinel-ai debug file.py
sentinel-ai explain-code file.py
sentinel-ai improve-code file.py
These tools help developers analyze, debug, and improve Python code.
From Prototype to Production
What started as a simple script evolved into a production-grade CLI tool.
Key improvements included:
Modern Python Packaging
Sentinel AI uses:
- pyproject.toml
- Standardized project structure
- Proper dependency management
CI/CD Pipeline
Using GitHub Actions, Sentinel AI now has automated:
- Linting (PEP8 compliance)
- Build validation
- Test execution
- Release safety checks
This ensures every update maintains production quality.
Trusted Publishing to PyPI
Sentinel AI uses secure Trusted Publishing, allowing automated and secure package releases.
This eliminates manual credential handling and improves release security.
Installation
Sentinel AI is available on PyPI.
Install using:
pip install sentinel-ai-cli
Run:
sentinel-ai report
And immediately see your system’s security overview.
Challenges and Lessons Learned
Building Sentinel AI taught me several important engineering lessons:
1. CI/CD Discipline
Fixing lint errors, formatting issues, and pipeline failures helped reinforce professional development practices.
2. Production Packaging
Using modern Python packaging standards improved maintainability and reliability.
3. CLI Design Principles
Designing a clean CLI interface requires careful planning to ensure usability and clarity.
4. Copilot as a Force Multiplier
Copilot accelerated development — but debugging and refinement required human understanding.
AI helped build faster, but engineering discipline made it production-ready.
Future Plans
Planned improvements include:
- Arch Linux (AUR) package
- Docker image
- Real-time monitoring mode
- Threat intelligence integration
- Plugin system
Sentinel AI will continue evolving.
Open Source and Availability
GitHub Repository:
https://github.com/Bangkah/sentinel
PyPI Package:
https://pypi.org/project/sentinel-ai-cli/
Sentinel AI is fully open source and contributions are welcome.
Conclusion
Sentinel AI began as a simple experiment with GitHub Copilot CLI.
Through iteration, debugging, CI/CD integration, and proper packaging, it became a production-ready cybersecurity tool.
This project demonstrates how modern AI-assisted development, combined with engineering discipline, can accelerate the creation of real-world tools.
Sentinel AI is not just a project — it is a foundation for building more advanced security tools in the future.
Author
Muhammad Dhiyaul Atha
Computer Science Student & Open Source Developer
Top comments (0)