Sentinel RAG is an RAG framework designed with "Security-First" philosophy. It solves the critical gap in standard RAG implementations: Lack of document-level permissions and data privacy.
Most RAG implementations treat your knowledge base as a flat file system. When an LLM retrieves context, it doesn't know or care who is asking. This creates a huge security risk. If your knowledge base contains sensitive information, you need a way to ensure that only authorized users can access it—and that any PII is sanitized before it ever reaches the LLM.
Sentinel RAG acts as a secure proxy between your users and your data. It ensures that your AI only "knows" what the specific user is authorized to see, while stripping sensitive PII before it ever hits the inference engine. Preventing sensetive data from being exposed to the LLM and ensuring that your RAG implementation is compliant with enterprise security standards.
-
Contextual Role-Based Access Control(RBAC): Sentinel RAG implements a robust RBAC system that enforces document-level permissions. Each document in your knowledge base have specific access controls, ensuring that users only retrieve information they are authorized to see.
-
Automated PII Sanitization: Before any retrieved context is sent to the LLM, Sentinel RAG automatically detects and redacts PII using a combination of regex patterns and spaCy's NER capabilities, ensuring that sensitive information never leaves your secure environment.
-
Enterprise-Ready Authentication Single-tenant OIDC authentication with JWT-based authorization, supporting both cookie (browser) and Bearer token (API) authentication methods.
-
Immutable Compliance Logging: Every request and its associated metadata (user ID, timestamp, retrieved document IDs, etc.) are logged in an immutable format for auditability and compliance purposes.
-
Industrial-Grade Rag Precision: Sentinel RAG's retrieval pipeline is optimized for precision and relevance, ensuring that the LLM receives only the most pertinent information, which enhances response quality and reduces hallucinations.
Sentinel-RAG uses UV package manager for dependency management and environment isolation.
Ensure you have your cloud credentials ready for:
- PostgreSQL (e.g., Neon)
- Qdrant (e.g., Qdrant Cloud)
# Clone the repository
git clone https://github.com/RajeshTechForge/sentinel-rag.git
cd sentinel-rag
# Setup environment
uv sync
# Install in editable mode
uv pip install -e .
# Download the spaCy model for PII detection
uv run python -m spacy download en_core_web_sm
# Create `.env` based on example
cp .env.example .env
# Update your `.env` file with your credentials
uv run python -m sentinel_rag initiate
uv run uvicorn sentinel_rag.api.app:app --reload
You can also use Docker for a more streamlined setup, especially in production environments.
# Build and start the service
docker compose up --build
You can access the API at
http://0.0.0.0:8000after the containers are up and running.
| Layer | Technology |
|---|---|
| Language | Python 3.11 |
| API Framework | FastAPI (Async) |
| Data Validation | Pydantic v2 |
| Package Manager | uv |
| Vector Search | Qdrant |
| Relational DB | PostgreSQL |
| Orchestration | Docker & Docker Compose |
- API Guide
- CONFIGURATION Guide
- COMPLIANCE Guide
- DATABASE SEPARATION Guide
- EMBEDDINGS Guide
- CONTRIBUTING Guidelines
We love contributors! Whether you are fixing a bug or suggesting a feature.
Check out Contributing Guidelines for more details.
Distributed under the Apache License 2.0. See LICENSE for more information.
Built with ❤️ for a more secure AI future by @RajeshTechForge