C-Sentinel came from 30 years of UNIX systems work and one frustration: monitoring tools tell you what happened, not why it matters.
The idea is simple: capture a system "fingerprint" (processes, configs, network, audit events), let an LLM reason about the combination of signals, and surface non-obvious risks.
Some design choices that might interest HN:
Pure C99, 99KB binary - no runtime dependencies, runs anywhere Privacy-first - usernames hashed, no PII in output Auditd integration - who accessed /etc/shadow and why "Why this score?" - explainable risk factors, not black box
Built as a wee project, launched on LinkedIn, somehow hit 23K impressions. Now here. Wild.
Happy to answer questions about the architecture, the C choices, or why I didn't use Rust (short answer: portability and simplicity).
Repo: github.com/williamofai/c-sentinel Live demo: sentinel.speytech.com