{"id":"arthurpanhku-docsentinel","name":"DocSentinel","homepage":null,"repo_url":"https://github.com/arthurpanhku/DocSentinel","category":"security","subcategories":[],"tags":["ai-ml","security","compliance","rag","document-parsing","mcp","fastapi","llm","devtools"],"what_it_does":"DocSentinel is a Python/FastAPI MCP-ready service that parses security documents (PDF/DOCX/XLSX/PPTX/text), indexes an organization’s security policies into a knowledge base (RAG), and uses configurable LLM backends to generate structured security assessment reports (risks, compliance gaps, and remediation suggestions). It exposes REST endpoints for assessments and knowledge-base operations and includes an MCP server for agent integration.","use_cases":["Automate first-pass review of security questionnaires and design docs","Assess uploaded documents against internal policies/standards using RAG with citations","Generate structured compliance gap analyses and remediations for frameworks (e.g., ISO 27001, PCI DSS)","CI/CD or security workflow integration for repeated document assessments","Agent/desktop integration (e.g., Claude Desktop/OpenClaw) to run security assessment as a tool/skill"],"not_for":["As a replacement for formal audits or legally binding compliance determinations","Real-time/hyper-low-latency systems (LLM + document parsing workflow)","Systems requiring strong tenancy isolation guarantees without additional infrastructure","Use without validating model output quality and policy mappings"],"best_when":"You need repeatable, auditable security assessments across many projects using internal policies and you want to integrate the capability into agent workflows via MCP or into pipelines via REST.","avoid_when":"You cannot control data exposure (documents/policies sent to external LLM providers) or you need guaranteed deterministic outputs and formal compliance certification.","alternatives":["Custom RAG + LLM pipelines (FastAPI/LangChain/LlamaIndex)","Document compliance checkers using rules-only NLP (e.g., spaCy)","Commercial security questionnaire/compliance automation platforms","General-purpose document RAG assistants with bespoke control-mapping logic"],"af_score":46.0,"security_score":41.5,"reliability_score":27.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:47:38.555281+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["API key via OPENAI_API_KEY (for LLM provider)","Environment-variable configuration for service backends (no explicit user auth described in provided README)"],"oauth":false,"scopes":false,"notes":"The README describes LLM provider keys (OpenAI) and MCP server configuration, but does not describe authentication/authorization for the DocSentinel REST/MCP endpoints (e.g., API keys, OAuth, tenant scoping). Assume service is trusted/internal unless additional auth is implemented elsewhere."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Project appears self-hostable; pricing mainly depends on chosen LLM backend (OpenAI/Claude vs local Ollama). No published hosting tiers in provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":46.0,"security_score":41.5,"reliability_score":27.5,"mcp_server_quality":45.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":40.0,"rate_limit_clarity":10.0,"tls_enforcement":60.0,"auth_strength":25.0,"scope_granularity":20.0,"dependency_hygiene":55.0,"secret_handling":55.0,"security_notes":"Security.md is referenced but not provided; based on README/manifest only, endpoint-level auth/authorization is not clearly documented. TLS requirements for the REST/MCP server are not stated. The project includes LLM provider integration (OpenAI/Claude) and local options (Ollama), which affects data exposure risk. Dependencies include common Python libs and LLM/RAG tooling; no CVE/SBOM evidence is provided in the supplied content.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":40.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":"No explicit idempotency semantics described for assessment submission or KB uploads in provided README.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["LLM backends can produce variable outputs; agents should validate/compare to policy clauses returned by RAG","Document parsing (PDF/DOCX/XLSX/PPTX) quality may vary; agents should expect occasional extraction errors","MCP and REST integration may require correct local file/Chroma path configuration (e.g., CHROMA_PERSIST_DIR)","If using cloud LLMs, document/policy content may be transmitted externally; confirm data-handling expectations before deployment"]}}