sentinel-rs 0.1.0

A secure, local task runner with out-of-band notifications, written in Rust.
sentinel-rs-0.1.0 is not a library.

sentinel-rs

A secure, local task runner with out-of-band notifications, written in Rust. It is a minimal, security-conscious command execution monitor for long-running jobs.

Scope

  • Single-user
  • Local machine only
  • No daemon
  • No remote shell or execution

Decisions (the "why")

Why Telegram?

It is a simple, reliable out-of-band channel that does not require opening any ports or maintaining a server.

Why no polling?

There is no long-lived polling loop. Messages are sent only on start and finish, which keeps the process simple and avoids background daemons.

Why no remote execution?

The goal is to run trusted commands locally and receive notifications, not to expose a remote shell or expand the attack surface.

Why truncate logs?

Telegram has message size limits and long-running jobs can emit large output. Truncation keeps notifications useful and bounded.

Why byte-based truncation?

When truncation is added, it should be byte-based to enforce hard limits and to avoid expensive transformations. It should still respect UTF-8 boundaries.

Requirements

  • Rust (stable)
  • Telegram bot token and chat ID

Setup

  1. Create a Telegram bot and get a bot token.
  2. Get your chat ID.
  3. Export the required environment variables:
export TG_BOT_TOKEN="..."
export TG_CHAT_ID="..."

Usage

cargo run -- "echo hello"

You can pass any shell command as the argument.

Notes

  • The command is executed via bash -c.
  • HTTP requests use a 10s timeout.

What I'd add next

  • /ping command to verify connectivity
  • Job registry for querying recent runs
  • Failure-only notifications mode

License

Apache-2.0

Copyright 2025 Ayush Bindlish