Determine whether failure is inside Sentinel or at upstream provider.
On error responses, Sentinel sets:
x-sentinel-error-source: upstream|sentinelx-sentinel-upstream-error: true|falsex-sentinel-providerx-sentinel-retry-countx-sentinel-circuit-statex-sentinel-correlation-id
- If
x-sentinel-error-source=sentinel
- Check policy and PII actions in
sentinel.yaml - Check
--dry-run/--fail-openand emergency override state - If error is
VAULT_PROVIDER_KEY_MISSING, verifyruntime.upstream.auth_vault.*and provider env vars. - If error is
AGENT_LOOP_DETECTED, tuneruntime.loop_breaker.*thresholds or setaction: warn.
- If
x-sentinel-error-source=upstream
- Inspect status code:
503+x-sentinel-circuit-state=open: breaker fast-fail due to upstream instability504: upstream timeout502: upstream transport/network failure429: provider rate-limited
- Confirm runtime state:
node ./cli/sentinel.js status --jsonImmediate no-block mode:
node ./cli/sentinel.js start --dry-runEmergency pass-through while running:
node ./cli/sentinel.js emergency-open onCapture and replay a request/decision pair with threshold overrides:
node ./cli/sentinel.js forensic capture --request ./incident-request.json --decision ./incident-decision.json --out ./snapshot.json
node ./cli/sentinel.js forensic replay --snapshot ./snapshot.json --overrides ./what-if.json --out ./forensic-replay.jsonGenerate graph/corpus/evidence packets from audit stream:
node ./cli/sentinel.js threat graph --audit-path ~/.sentinel/audit.jsonl --format mermaid --out ./threat-graph.mmd
node ./cli/sentinel.js threat evolve-corpus --audit-path ~/.sentinel/audit.jsonl --out ./evolved-corpus.json
node ./cli/sentinel.js compliance evidence-vault --framework soc2 --audit-path ~/.sentinel/audit.jsonl --out ./evidence-packet.json- Circuit breaker tracks only forwarded upstream outcomes.
- Sentinel local policy/PII blocks do not change breaker counters.