The Sentinel: An Overview

Aura's coordination layer for AI agents — because a codebase with four AI collaborators is not the same codebase it was last year.

Why This Exists

In early 2026, a research group released a paper that changed how people in our corner of the industry talk about AI-assisted development. The study, which the authors called AgenticFlict, examined thousands of merge events across repositories where multiple AI agents were committing code concurrently. It measured the rate at which those agents produced conflicting changes — not just textual <<<<<<< conflicts, but semantic ones: two agents independently refactoring the same function, two agents renaming the same identifier to different things, two agents fixing the same bug in incompatible ways.

The headline number was 26.86%. More than one in four agent-to-agent merges produced a real conflict, compared to a human baseline hovering around 6%.

That finding is the reason the Sentinel exists.

Traditional version control was designed for humans working at human speed, with human coordination mechanisms — standups, Slack, hallway conversations. AI agents have none of those. They work in parallel, at machine speed, often without awareness that other agents are in the repo at all.

Git assumes cooperating humans. Sentinel assumes cooperating agents. The difference is not rhetorical — it changes what the tool has to do.

What Sentinel Is

Sentinel is the subsystem inside Aura that treats every AI agent as a first-class peer. Claude Code, Cursor, Gemini CLI, GitHub Copilot, and any future tool that speaks the Aura protocol are all registered in the same agent registry, visible to each other, coordinating through the same channels your human teammates use.

It does five things:

1. Detects collisions in real time — when two agents touch the same function body, both agents are notified before the commit lands.
2. Honors zone claims — an agent can stake out a file, directory, or function for a bounded time window. Other agents get a warning or a hard block.
3. Routes inter-agent messages — agents send each other notes about context, handoffs, and pending changes through a shared inbox.
4. Shares knowledge — when an agent learns something about the codebase (a gotcha, a constraint, a hidden dependency) it can record that into a team-wide knowledge store that other agents query before making decisions.
5. Raises cross-branch impact alerts — when a function you depend on is modified or deleted on a branch you don't own, Sentinel surfaces the alert with enough AST-level context for you to act on it.

These aren't speculative features. Every one of them is currently running in the aura-cli MCP server, exposed through the aura_sentinel_*, aura_zone_*, aura_msg_*, and aura_live_* tool families.

Agent-Agnostic By Design

The most important architectural decision Sentinel makes is that it does not care which agent is speaking to it. Claude, Cursor, Gemini, and Copilot are all clients. They register with the same endpoints, they get back the same shape of response, and none of them gets preferential treatment.

This matters because the alternative — a single-vendor coordination layer — is already being built by every major AI lab. Claude has "Agent Teams." OpenAI has multi-agent Assistants. Google has agent graphs in Vertex. Each of those products is excellent within its own ecosystem and useless across ecosystems.

| Coordination System | Claude | Cursor | Gemini | Copilot | Custom | | --- | --- | --- | --- | --- | --- | | Claude Code Agent Teams | Yes | No | No | No | No | | OpenAI Assistants Orchestrator | No | Partial | No | No | Partial | | Google Agent Graph | No | No | Yes | No | Partial | | Aura Sentinel | Yes | Yes | Yes | Yes | Yes |

Teams in real companies do not pick one agent. They pick the right agent for the right task. Claude for deep reasoning, Cursor for inline pair-programming, Copilot for PR review, Gemini for long-context batch work. Sentinel is the substrate that lets those four agents share a repository without stepping on each other.

How It Works (At A Glance)

The flow below is what happens, unmodified, every time an agent starts work in an Aura repo.

1. Handshake. The agent calls aura_status on session start. Sentinel registers the agent in the active-agent registry with a session id, repo path, and optional zone claims.
2. Pre-edit check. Before touching a file, the agent calls aura_snapshot (a durable pre-edit backup). Sentinel uses that call to check whether the file intersects any active zone.
3. Edit notification. When the agent logs intent via aura_log_intent and commits, Sentinel diffs the AST, computes which logic nodes changed, and pushes those nodes to the Mothership for other agents and humans to see.
4. Cross-agent notifications. If another agent is editing a function you just modified, both agents receive a SENTINEL COLLISION event on their next MCP call. The event carries the function's fully-qualified name, both agents' intents, and a suggested resolution.
5. Impact propagation. When a function body changes in a way that affects its callers on other branches, Sentinel raises an impact alert via aura_live_impacts on every affected branch.

None of this requires the agents to be aware of each other at the protocol level. Claude does not need to know Cursor exists; both simply speak to Sentinel, and Sentinel speaks to both.

Examples

Two agents, same function

Picture a mid-afternoon in a four-person team with a Claude instance and a Cursor instance both active.

• Claude is refactoring UserService.authenticate to add OAuth support.
• Cursor is, independently, fixing a bug in the same function where the password hash comparison used == instead of a constant-time compare.

Without Sentinel, the last agent to push wins and the other's change is silently clobbered, or worse, a shallow text merge produces code that compiles but is broken in a way nobody inspects.

With Sentinel:

[Cursor] → aura_snapshot UserService.py
          ← 🚨 SENTINEL COLLISION
             Claude session abc123 is editing UserService.authenticate
             Claude intent: "Add OAuth flow to authenticate()"
             Recommended: coordinate via aura_sentinel_send before proceeding

[Cursor] → aura_sentinel_send to=claude-abc123
            body="Fixing timing attack in authenticate(). Safe to
                  combine with your OAuth refactor?"

[Claude] ← sentinel inbox: 1 new message
[Claude] → aura_sentinel_send to=cursor-def456
            body="Yes, land yours first — I'll rebase."

The conflict was resolved by a conversation between two machines, in seconds, with a full audit trail.

Claim a file before a big refactor

aura zone claim --path src/auth/ --ttl 2h \
  --reason "Large OAuth refactor, BLOCKED for other agents"

For the next two hours any other agent attempting to edit src/auth/ gets a hard block — not a warning, a block. The human on call can override; no other agent can.

Knowledge before action

[Gemini] → aura_knowledge_query "retry backoff policy"
         ← Team knowledge entry from Claude, 2026-03-14:
            "retry_logic() uses exponential backoff with jitter.
             Do NOT reduce base delay below 200ms — rate limiter
             will trip. See incident-0042."

Gemini now has context that no prompt could have supplied, learned by a different agent on a different day.

Configuration

Sentinel is on by default in any repo where aura init has run. The relevant settings live in .aura/config.toml:

[sentinel]
enabled = true
collision_mode = "warn"       # "warn" | "block" | "silent"
zone_default_ttl = "1h"
knowledge_autoshare = true

[sentinel.agents]
# Optional per-agent policy overrides
"claude-code" = { collision_mode = "block" }
"copilot"     = { collision_mode = "warn" }

To verify your repo is wired up:

aura doctor --sentinel

You should see sentinel: ok, a list of registered agents, and any active zones.

The Thesis

Version control for humans was solved in 2005 with Git. Version control for agents is not solved. It is barely named.

The premise behind Sentinel, and behind Aura more broadly, is that the next decade of software engineering will be defined by how well teams coordinate a heterogeneous fleet of AI collaborators. The tools that treat agents as second-class scriptable helpers will be replaced by tools that treat them as peers with identities, intents, zones, mailboxes, and shared memory.

That is not a prediction we are hedging. It is the bet the whole project is built on.

A Note on the Research

The AgenticFlict paper is worth reading in full if you are serious about multi-agent development. A few of its findings that Sentinel directly addresses:

• Silent semantic conflicts accounted for 62% of the 26.86% rate. These were merges that completed without textual overlap but produced behaviorally incorrect code. Sentinel's AST-node-level collision detection targets exactly this class.
• Conflict recurrence clustering. The same functions were involved in multiple conflicts across independent agent sessions. The knowledge base and zone system are the interventions for this — once you know a function is a hotspot, you can claim it, annotate it, and coordinate around it.
• Agent-agent disagreement rate. When agents disagreed on the correct fix for a bug, only 14% of the time did the agents themselves detect the disagreement. The inbox and the Sentinel event stream are designed to raise that number toward 100%.

None of these numbers are specific to any single model. They show up in Claude-plus-Claude teams, Cursor-plus-Gemini teams, and in the messy heterogeneous teams real companies actually run. The conclusion the paper draws, which Aura shares, is that the coordination layer is the intervention point — not the models, not the prompts, not the reviewers.

How Sentinel Fits Into Aura

Sentinel is one of four major subsystems in Aura. The others are the semantic engine (AST-level change tracking), Mothership (P2P team sync), and Live (real-time impact propagation). Each is useful on its own; together they form the substrate this document series describes.

Sentinel depends on the semantic engine for its sense of "the same function" — without node identity, collisions would collapse into line diffs. It depends on Mothership for its delivery layer — messages, zone claims, and knowledge entries all ride Mothership's replication. It depends on Live for impact alerts, which are Live's primary output and a Sentinel input.

The practical implication: enabling Sentinel without the rest of Aura does not make sense. The four subsystems are designed as a unit. If you are reading this page having arrived from somewhere else, the recommendation is to read the top-level Aura overview before going further into this module.

See Also

• Agent Collision Detection — the real-time layer.
• Zone Claims — staking out territory.
• Agent Inbox — agent-to-agent messaging.
• Knowledge Sharing — the shared memory layer.
• Multi-Agent Workflows — patterns and anti-patterns.