What is OmniSentient?¶
OmniSentient is an AI Engineering Reliability Platform that monitors your software repositories for code risk, explains root causes of failures, and delivers human-approved fixes as Pull Requests.
Core Capabilities¶
- Detection — Automated identification of CI failures, dependency vulnerabilities, and code quality regressions from repository events.
- Root Cause Analysis — Structured explanations of why failures occur, which components are affected, and the impact scope.
- Remediation — AI-proposed fixes delivered as Pull Requests, reviewed and approved by your engineers before merge.
What OmniSentient is NOT¶
- Not an APM tool (we don't monitor production runtime)
- Not a SAST scanner (we don't scan source code line-by-line)
- Not autonomous (no code is committed without human approval)
Design Principles¶
| Principle | Implementation |
|---|---|
| Human-in-the-Loop | Every fix requires explicit engineer approval |
| Read-Only by Default | GitHub App uses minimal permissions; source code is not accessed outside vulnerability paths |
| Audit Trail | Every system action is recorded in a tamper-evident, hash-chained ledger |
| Zero Standing Privileges | No persistent write access; PR-scoped permissions only |
Getting Started¶
Prerequisites¶
- A GitHub organization with at least one repository
- Organization admin permissions (for GitHub App installation)
Installation¶
- Sign in at omnisentient.dev/login using your GitHub account
- Install the GitHub App — you'll be prompted to authorize the OmniSentient GitHub App for your organization
- Select repositories — choose which repositories to monitor from the Repository Manager
- First scan — OmniSentient will begin scanning selected repositories within minutes
Permissions Requested¶
| Permission | Access | Purpose |
|---|---|---|
| Repository metadata | Read | Identify repository structure and settings |
| Contents | Read | Read dependency manifests (package.json, requirements.txt, etc.) |
| Pull Requests | Write | Deliver remediation fixes as PRs |
| Checks | Read | Monitor CI pipeline status |
Verify Installation¶
After installation, your Dashboard should show:
- Connected repository count > 0
- Health status: Healthy
- Posture score computed from live signals
How It Works¶
Detection Pipeline¶
Repository Event (push, PR, CI failure)
↓
Event Ingestion (webhook receiver)
↓
Risk Classification (severity, scope, affected components)
↓
Incident Creation (if severity threshold met)
OmniSentient receives events from your GitHub repositories via webhook. Each event is classified by severity and scope. Events exceeding the configured risk threshold generate an incident for triage.
Root Cause Analysis¶
When an incident is created, the system performs:
- Dependency graph traversal — identifies which packages are affected
- Vulnerability correlation — matches against known CVE databases
- Impact scoping — determines blast radius across your monitored repositories
- Explanation generation — produces a structured explanation for the engineering team
Remediation Flow¶
Incident Detected
↓
AI generates fix proposal
↓
Fix delivered as Pull Request
↓
Engineer reviews PR
↓
Engineer approves or rejects
↓
If approved: merged via standard GitHub flow
If rejected: feedback recorded in audit ledger
Critical constraint: OmniSentient never commits code directly. Every fix is proposed as a standard GitHub Pull Request. Engineers retain full control over what gets merged.
Audit Trail¶
Every action taken by the system — detections, analyses, PR proposals, approvals, rejections — is recorded in an immutable Audit Ledger. The ledger is:
- Hash-chained — each entry references the previous entry's hash
- Tamper-evident — any modification breaks the verification chain
- Exportable — full ledger can be exported for compliance review
Security Model¶
For detailed security information, see the Security Policy.
Key guarantees:
- No autonomous code commits — all changes require human approval
- Read-only repository access — source code is not stored; only dependency manifests are analyzed
- Server-side RBAC — role enforcement at the API layer, not in the client
- Organization-scoped OAuth — access is scoped to your GitHub organization only
- Tamper-evident audit log — every system action is cryptographically recorded
Limitations¶
OmniSentient is an early-stage platform. The following constraints apply:
| Limitation | Detail |
|---|---|
| Remediation scope | Currently limited to dependency vulnerability fixes. Logical code bugs are not yet addressable. |
| CI environment support | GitHub Actions is the primary supported CI. Other CI systems (GitLab CI, Jenkins) are not yet integrated. |
| First scan latency | Initial repository scan may take several minutes depending on repository size. |
| Language support | Dependency analysis supports Node.js (npm/yarn), Python (pip/pipenv), and Ruby (bundler). Other ecosystems are in development. |
| Human approval required | All remediations require manual review. There is no "auto-fix" mode. This is by design. |
| Single organization | Each OmniSentient account currently supports one GitHub organization. Multi-org support is planned. |
| Telemetry lag | Dashboard telemetry may lag behind real-time by up to 60 seconds during peak ingestion. |
Reporting Issues¶
If you encounter problems, contact support@omnisentient.dev or file an issue in your connected repository.