MVP · macOS · local-first

See exactly what your apps — and your AI agents — send to the internet.

A lightweight macOS network monitor that shows who's talking to the network, how much they send, and lets you cut off anything suspicious — before the data leaves your machine.

You hand your AI agents access to your files, your tokens, your secrets. Do you actually know where they send it?

Built for developers · no account required · we tell you what we can't see

Sentinet — live outbound traffic
claude-codeapi.anthropic.com↑1.4 MB✓ allowed
python3unknown-host.io↑820 KB⚠ token-like payload
Cursortelemetry.cursor.sh↑44 KB⛔ blocked
Transmissiontracker.example.net↓38 MB🔒 content unavailable

Most of your machine's outbound traffic is fine. Some of it isn't. You find out too late.

Modern dev machines run dozens of processes that phone home constantly — AI agents, CLIs, browsers, downloaders. The one time an agent quietly ships an API key or a chunk of client data to an endpoint you never approved, the damage is already done.

Existing tools either drown you in raw packets or only tell you something connected — not who, where, and how much.

who · where · how much
The three things you need on every connection — in real time.

1 click
to block a request — without killing the whole app.
What you get today

Real capabilities, honest limits — side by side.

We sell trust, so we won't overpromise. Here's exactly what the MVP does — and exactly where it stops. Everything on the right is on the roadmap, not a dead end.

What it does

Focused, real-time view of outbound traffic.

Per-app traffic visibility
Every connection mapped to the app that made it: process → host → volume.
Live bandwidth & connection speed
Tell whether an app is eating your bandwidth or the network is the problem.
One-click blocking
Kill a suspicious request on the spot — without killing the whole app.
Heuristic leak alerts
Flag risky connections by host, volume, and pattern — even when the payload is encrypted.
Payload inspection — where possible
For traffic we can decrypt, see the body and get alerted on secrets: keys, tokens, emails, cards.
!

What it doesn't do yet

Where the MVP stops — with a roadmap, not a dead end.

Read every encrypted payload
Traffic is TLS-encrypted and many apps pin certs. When we can't decrypt, we say so: 🔒 content unavailable.
🔜 Deeper inspection
Touch system & OS traffic
We deliberately leave system processes alone — blocking them could break your machine.
⚙️ By design
Deep Wi-Fi quality diagnostics
Today: current up/down speed only. No history, no signal-quality analysis.
🔜 Full channel diagnostics
Run on Windows / Linux / mobile
macOS only for now.
🔜 Cross-platform
ML detection · history · teams
Today: solid patterns + heuristics, real-time only, single machine.
🔜 ML · history · multi-device
🤝
Our promise. Where we can't see something, we'll tell you we can't — instead of pretending we can. For a security tool, candor is the whole point.
Who it's for

Built for the people who run agents — not for IT departments.

🤖

Developers running AI agents

Claude Code, Cursor, autonomous scripts — know what they send before it's gone.

🛠️

Engineers debugging their apps

A clean map of every network call your code makes — spot the one that shouldn't be there.

🔑

Anyone handling secrets

A kill switch for outbound traffic — without the weight of enterprise DLP.

Not built for large IT/security teams needing centralized policy — yet. See the roadmap.

Roadmap

What we're validating and building next.

Roughly in order. Early users help us decide what to inspect next.

1

Deeper payload inspection

See request bodies even behind certificate pinning (pre-encryption hooking).

2

Full channel diagnostics

Wi-Fi quality, history, and trends — not just current speed.

3

ML-based sensitive-data detection

Fewer false positives, broader coverage.

4

History, reports & export

Look back, not just live.

5

Cross-platform

Windows and Linux.

6

Team & multi-device

Central rules and reporting — endpoint DLP-lite.

7

IoT mode

A single-file extension for embedded devices (ESP32-class): one console showing not just network connections but every peripheral on the pins — camera, Wi-Fi module, sensors.

Run it on your machine

Download one file. See your own traffic in 30 seconds.

A standalone passive monitor — real connections from your own apps, live. No install, no dependencies, no proxy, no admin rights. One Python file.

1
Download the file below (~35 KB).
2
Run it from Terminal:
python3 sentinet-passive.py
3
Your browser opens the dashboard — your real connections, grouped by app, updating live.
macOSno installno root~35 KB
⬇ Download for macOS

Metadata only — it shows who · where · how-much, never your encrypted contents. It's a single readable Python file: open it before you run it. Needs Python 3 (already on macOS).

Know what leaves your machine. Block what shouldn't.

Try the interactive demo right now — it runs entirely in your browser, nothing installed.

macOS · local-first · no account required for the MVP