Sentinel - Compliance Engineering Copilot

Sentinel is a compliance engineering copilot for healthcare and fintech teams. It turns HIPAA, SOC 2, PCI, and GDPR compliance from a periodic, $50K external audit cycle into a continuous, $0.03-per-PR CI gate. It ships three coordinated agentic surfaces: (1) a Bob IDE skill pack: five custom modes (hipaa-auditor, soc2-auditor, pci-auditor, phi-tracer, remediation-engineer) that load into any team's Bob IDE, where /audit-hipaa, /trace-phi, and /remediate <id> run inline; (2) a GitHub Actions agent: on every pull request, sentinel watch scans only the changed files, posts a sticky comment with a severity table and inline diff annotations, and fails the check on critical findings, so non-compliant code stops merging (3) a CLI + Next.js dashboard: sentinel init for one-command install, sentinel scan / remediate for batch audits, and a dashboard with a PHI data-flow graph, per-PR verification badges, and remediation patches with cross-file blast-radius analysis. Sentinel doesn't just audit, it also verifies its own fixes: after each remediation patch is applied, Sentinel re-audits the patched files and labels every fix verified-resolved, partial, regression, or neutral. The agent closes its own loop. Across 12 IBM Bob IDE task sessions ($18.72 / 40 Bobcoins, ~47% of the hackathon allocation), Bob designed every HIPAA / SOC 2 / PCI / GDPR control, wrote the test suite (38 cases, all passing), built the watch agent, the init wizard, the verification loop, and generated 30 per-control reference documentation pages. Every shipped feature traces back to a Bob IDE task ID. Receipts in bob_sessions/.