Sentinel-protected workspace

Sign in to connect the workspace

Owners are guided through setup after Sentinel verifies their admin context. Public product pages stay readable; integrations, runs, approvals, and admin controls remain protected.

What happens next

Guided workspace setup

After sign-in, the site owner is walked through D1 readiness, GitHub App installation, Linear OAuth, operating defaults, retention policy, and first real sync.

Security model

Private deployment vault

Provider tokens are encrypted before storage in this deployment's dedicated D1 database. Rotation and disconnect happen inside the protected admin/setup context.