Engineering Release Notes
Eliminating credential leaks at the commit stage.
Statically compiled in Go with zero external runtime dependencies, Sentinel runs validation scans in sub-20ms to secure staged files before they leave the developer workstation.
Published by Khaled Hani on July 3, 2026
07 / Engineering Blog
Technical insights & system logs
Articles written by the developers covering the design, optimization, and security philosophy of Sentinel.
JULY 7, 2026
How version 2.0.5 implements a flat, contiguous, integer-indexed DFA table for Aho-Corasick matching. This reduces the Trie's active memory to 500 KB, bringing absolute peak RSS down to Go runtime limits (~11 MB) with zero scan heap allocations.
JULY 3, 2026
How version 2.0.4 achieves a 27% memory footprint reduction (RSS) by compiling user-defined signatures directly into the search trie transitions, removing runtime regex parsing overhead.
JUNE 28, 2026
Why remote repository scanning is too late. A study on the rotation window of exposed cloud credentials and why preventing the commit locally is the only zero-exposure security posture.