Open-Source Security Workflow Orchestration Platform.

Sentris is currently in active development. We are optimizing the platform for stable production use and high-performance security operations.

Sentris Flow provides a visual DSL and runtime for building, executing, and monitoring automated security workflows. It decouples security logic from infrastructure management, providing a durable and isolated environment for running security tooling at scale.

• Durable, resumable workflows powered by Temporal.io for stateful execution across failures.
• Isolated security runtimes using ephemeral containers with per-run volume management.
• Unified telemetry streams delivering terminal output, events, and logs via a low-latency SSE pipeline.
• Visual no-code builder that compiles complex security graphs into an executable DSL.

The easiest way to run Sentris Flow on your own infrastructure:

For teams requiring data residency and air-gapped security orchestrations. This setup runs the full stack (Frontend, Backend, Worker, and Infrastructure).

Prerequisites:

• docker - For running the application and security components
• just - Command runner for simplified workflows
• curl and jq - For fetching release information

# Clone and start the latest stable release
git clone https://github.com/zebbern/Sentris.git
cd Sentris
just prod start-latest

Access the studio at http://localhost.

Get the dev environment running in 3 steps:

Prerequisites: Docker Desktop, Bun, Node.js (v20+)

git clone https://github.com/zebbern/Sentris.git
cd Sentris
bun run setup   # Install deps + create .env files
bun run dev     # Start Docker infra + all apps for the active instance

Once running:

bun run dev status  # PM2 + Docker + runtime health for the active instance
bun run dev logs    # View application logs for the active instance
bun run dev stop    # Stop the active instance apps; instance 0 also stops Docker infra
bun run dev:stop    # Compatibility alias for bun run dev stop
bun run dev:fe      # Frontend-only dev (no Docker needed)

Advanced: bun run dev and just dev both support multi-instance development and active instance env files. just dev also handles Clerk auth auto-detection and TLS certificate generation. See the Multi-Instance Guide for details.

29 security components wrapping industry-standard open-source tools:

• Discovery & Recon: Subfinder, Amass, DNSX, Naabu, HTTPx, Katana, theHarvester, ShuffleDNS
• Vulnerability Scanning: Nuclei, Trivy, Semgrep, Checkov, TestSSL
• Secret Detection: TruffleHog
• Threat Intelligence: AbuseIPDB, VirusTotal, YARA, NPM Registry Intel
• Web Security: Ffuf, Wafw00f, Prowler, Supabase Scanner
• Notifications: Notify (Slack, Discord, Telegram, Email)
• Utility: JSON Transform, Logic Scripts, HTTP Requests

• 30 live-validated security workflow templates focused on bug bounty recon, takeover triage, exposed services, repository risk, secrets, and CVE/dependency research.
• One-click deployment: Browse, preview, and create workflows from templates instantly.
• Community publishing: Share your workflows as templates via GitHub PR with automatic secret sanitization.
• Maintainer preflight: Run bun run template-library:check before changing templates, then bun run template-library:verify before handoff. These use the validation ledger and focused template tests, so unchanged templates are not rerun.

• Human-in-the-Loop: Pause workflows for approvals, form inputs, or manual validation before continuing.
• AI-Driven Analysis: Leverage LLM nodes and MCP providers for intelligent results interpretation.
• Native Scheduling: Integrated CRON support for recurring security posture and compliance monitoring.
• API First: Trigger and monitor any workflow execution via a comprehensive REST API.

• MCP Library: Centralized MCP server management with multi-server selection and automatic tool registration
• Built-in MCP Servers: AWS CloudTrail, CloudWatch, and Filesystem support out-of-the-box
• Seamless Tool Discovery: AI Agents automatically discover and use MCP tools via standardized contracts

Sentris Flow is designed for enterprise-grade durability and horizontal scalability.

• Management Plane (Backend): NestJS service handling DSL compilation, secret management (AES-256-GCM), and identity.
• Orchestration Plane (Temporal): Manages workflow state, concurrency, and persistent wait states.
• Execution Plane (Worker): Stateless agents that pull tasks from Temporal and execute tool-bound activities in isolated runtimes.
• Monitoring (SSE/Loki): Real-time telemetry pipeline for deterministic execution visibility.

Learn more about our design decisions and system components in the Architecture Deep-dive.

• Documentation — Full guides on component development and deployment.

Run multiple isolated dev instances on one machine for parallel feature work:

# Instance 0 (default)
just instance show
bun run instance show
just dev
bun run dev

# Switch active workspace instance
just instance use 1
bun run instance use 1
just dev
bun run dev

# Manage per-instance env files
just instance-env init 1

Each instance gets its own frontend port, backend port, database, and Temporal namespace while sharing a single Docker infra stack. See Multi-Instance Development Guide for full details.

We welcome contributions to the management plane, worker logic, or new security components. See CONTRIBUTING.md for architectural guidelines and setup instructions.