If you’ve ever used standard secret scanners (like Gitleaks or TruffleHog) in a heavy CI/CD pipeline, you’ve probably hit the "Catastrophic Backtracking" wall. A massive minified JS file slips in, the regex engine chokes, and your pipeline freezes.

I got extremely frustrated with the performance bottlenecks and false positives, so I decided to rewrite the architecture from scratch.

Meet Sentinel, an enterprise-grade, ultra-fast pre-commit scanner written in Go.

Aho-Corasick Engine: Instead of relying purely on Regex, the core engine uses an Aho-Corasick automaton. It scans massive payloads in strict O(n) linear time.

Pre-Decoding Layer: It detects Base64 strings in-memory, decodes them dynamically, and feeds them back into the entropy pipeline to catch nested K8s/GCP keys.