Cyprus Official Distributor for Cyprus

Sentinel Documentation

Sentinel Pro Bridge Deployment and Operations Runbook

Sentinel Pro 4.3 Beta technical document.

Deployment and Operations 4.3 Beta Date: 2026-04-01
Master Whitepaper Protocol and API Security Whitepaper Back to Sentinel Pro

Sentinel Pro Bridge Deployment and Operations Runbook

Copyright (c) Savant Cyprus 2026

>

Bridge & App microsite link: [Savant Sentinel Pro](https://savantcyprus.com/sentinel-pro.html)

Runbook Version: v4.3 Beta / v4.3b1-pro

Date: 2026-04-01 Repository baseline: https://github.com/PanixP/Sentinel-Pro-beta4

1. Scope

This runbook covers:

  • first-time deployment
  • update workflows
  • operational health checks
  • rollback guidance
  • diagnostics and triage

Host families:

  • ProHosts (modern shared-user SavantOS layout)
  • SmartHosts (RPM-layout hosts)

2. File and Version Baseline

Bridge runtime:

  • savant_network_sentinel_clean_rubi_bridge_v4_3b1_pro.rb

Blueprint profiles:

  • Panix_Sentinel Pro Pro Host.xml
  • Panix_Sentinel Pro Smart Host.xml

Script families:

  • first install:

    • - install_sentinel_dependencies_ProHosts.sh - install_sentinel_dependencies_SmartHosts.sh

  • update:

    • - update_sentinel_bridge_ProHosts.sh - update_sentinel_bridge_SmartHosts.sh

3. Host Path Model

3.1 ProHosts

Default runtime root:

  • /Users/Shared/Savant/Library/Application Support/RacePointMedia/Sentinel

Notes:

  • ProHosts installer may create compatibility symlinks for mixed legacy paths.
  • Avoid manually changing runtime root unless all Blueprint states are updated.

3.2 SmartHosts

Default runtime root:

  • /home/RPM/Sentinel

Notes:

  • This path is the v4.3 beta default and should be preserved across updates.
  • Do not mix ProHosts scripts with SmartHosts profiles.

4. First-Time Installation

4.1 ProHosts


curl -fsSL https://raw.githubusercontent.com/PanixP/Sentinel-Pro-beta4/main/install_sentinel_dependencies_ProHosts.sh | bash

4.2 SmartHosts


curl -fsSL https://raw.githubusercontent.com/PanixP/Sentinel-Pro-beta4/main/install_sentinel_dependencies_SmartHosts.sh | bash

4.3 Blueprint Import

Import the matching XML:

  • ProHosts: Panix_Sentinel Pro Pro Host.xml
  • SmartHosts: Panix_Sentinel Pro Smart Host.xml

Verify key states in Blueprint:

  • script_file = savant_network_sentinel_clean_rubi_bridge_v4_3b1_pro.rb
  • app_port = 42042 (or site-defined override)
  • bind_host = 0.0.0.0
  • host-family-specific path fields match deployment target

5. Update Workflow

5.1 ProHosts


curl -fsSL https://raw.githubusercontent.com/PanixP/Sentinel-Pro-beta4/main/update_sentinel_bridge_ProHosts.sh | bash

5.2 SmartHosts


curl -fsSL https://raw.githubusercontent.com/PanixP/Sentinel-Pro-beta4/main/update_sentinel_bridge_SmartHosts.sh | bash

Expected result:

  • bridge runtime file refreshed
  • scripts refreshed
  • user/policy store retained (unless reset flow is explicitly invoked)

6. Post-Install Verification Checklist

Run all checks after install/update.

  1. Bridge process is running.
  2. Port 42042 is open and listening.
  3. /health reports expected version.
  4. /api/v1/site/config returns expected bridge metadata.
  5. app login succeeds with expected role and gate states.

6.1 Health Check


curl -k https://<HOST_IP>:42042/health

Expect:

  • "status": "ok"
  • "version": "4.3b1-pro"
  • "pid" and "pid_file" fields present

6.2 Config Check


curl -k https://<HOST_IP>:42042/api/v1/site/config \

  -H "Authorization: Bearer <TOKEN>"

Expect fields:

  • bridge_version
  • active_config_filename
  • transport_scheme
  • tls_enabled
  • tls_fingerprint (when HTTPS)

7. Bridge Lifecycle Operations

7.1 PID-Driven Restart

The bridge records PID to sentinel_bridge.pid near users_file.

Recommended restart flow:

  1. Read pid_file from /health or /api/v1/site/config.
  2. Gracefully stop the process if running.
  3. Re-trigger bridge launch via host/Blueprint integration path.
  4. Re-check /health.

7.2 Safe Update Order

  1. Ensure no active critical operations.
  2. Run update script.
  3. Confirm bridge restart and version.
  4. Re-open app and verify site status.
  5. Validate tools and doorbell functionality.

8. Diagnostics and Triage

8.1 Common Failure Cases

  • Version mismatch after update:

    • - stale runtime file path in Blueprint - wrong host-family script used

  • Auth failures:

    • - gate flags not completed (password/role/monitoring) - temporary integrator disable or permanent revoke active

  • Missing telemetry:

    • - harvest_mode/path misalignment - state list generation fallback triggered

  • App slow startup:

    • - large state count indexing still in progress - slow network/VPN transitions

8.2 Useful API Triage Calls

Root metadata:


curl -k https://<HOST_IP>:42042/

Discovery:


curl -k https://<HOST_IP>:42042/api/v1/site/discovery \

  -H "Authorization: Bearer <TOKEN>"

Host runtime detailed:


curl -k "https://<HOST_IP>:42042/api/v1/site/host-runtime?detail=full" \

  -H "Authorization: Bearer <TOKEN>"

Audit:


curl -k https://<HOST_IP>:42042/api/v1/admin/audit \

  -H "Authorization: Bearer <TOKEN>"

9. User and Access Operations

9.1 Create User with Temporary Password

Use /api/v1/admin/users with:

  • "temporary_password": true
  • optional email for delivery attempts

Operational behavior:

  • bridge can return generated temporary password
  • app/operator should require password change on first login

9.2 Homeowner Integrator Controls

Temporary toggle:

  • endpoint: /api/v1/home/integrator-access
  • POST {"enabled": false} to disable
  • POST {"enabled": true} to re-enable

Permanent revoke:

  • endpoint: /api/v1/home/revoke-integrator
  • requires later Blueprint reset revision to restore integrator path

10. Doorbell Operations Run Path

Baseline workflow:

  1. Read status: /api/v1/tools/doorbell/status
  2. Preview sample: /api/v1/tools/doorbell/sample-audio
  3. Apply sample: /api/v1/tools/doorbell/apply-sample
  4. Optional custom upload: /api/v1/tools/doorbell/upload
  5. Confirm playback and service reload state

If live reload unavailable:

  • follow bridge warning and perform soft reboot as recommended

11. Rollback Guidance

Use rollback only for confirmed regressions.

Recommended rollback pattern:

  1. Backup current runtime directory.
  2. Restore known-good runtime + script set.
  3. Keep user/policy/audit stores unless corruption is confirmed.
  4. Validate health and API contract after rollback.

Avoid destructive reset unless absolutely required.

12. Beta Validation Matrix

Minimum pass criteria before wider rollout:

  1. ProHosts install/update and runtime checks pass.
  2. SmartHosts install/update and runtime checks pass.
  3. Bridge reports 4.3b1-pro consistently on /health and config/status.
  4. Pairing flow passes from fresh state.
  5. Homeowner temporary disable and revoke flows behave as expected.
  6. Doorbell sample preview and apply function from app and API.
  7. Audit stream captures privileged actions.

13. Known Beta Operational Notes

  • Root endpoint list may not show every implemented path

    • (/api/v1/home/integrator-access is implemented).

  • Network transitions (VPN drop/reconnect) can require app reconnect logic;

    • app should detect bridge unreachability and prompt reconnect.

  • High-state homes may require initialization progress indicators while caches

    • and mappings settle.

Master Whitepaper Protocol and API Security Whitepaper All Downloads Back to Sentinel Pro