Risk-management layer with six patterns, four-level escalation, governance-adjustable thresholds.
Before Sentinel, Proof had zero risk-management infrastructure. No velocity limits, no concentration caps, no correlation monitoring, no emergency pause.
Capital protocols accumulate risk silently until they don't. Velocity, concentration, correlation, and migration shocks are the four families of failure that have ended more on-chain instruments than every smart-contract bug combined. Proof had none of these protections wired up. Sentinel is the layer that turned every implicit assumption into a named, governance-adjustable threshold and a four-level escalation path the system actually walks under stress.
Risk management as an afterthought is risk management that doesn't run. The thresholds have to live in the same substrate the protocol's other state lives in, queryable by every primitive that touches a position, and adjustable through governance without redeploying the protocol. Anything else is theatre.
Six explicit risk patterns, each with a parameter set and an action: a velocity limiter on repricings and predictions, a concentration cap at the participant and instrument level, a correlation monitor that catches simultaneous downgrades, a pause and kill switch with multisig and timelock, a migration throttle on redemption pressure, and a multi-frame deviation monitor that watches the rolling mean across multiple windows. Every pattern has a name, a documented threshold, and a concrete action. Nothing is implicit.
Four-level escalation: log, alert with soft block, hard block with governance review, kill switch with clawback to the insurance buffer. All thresholds are governance-adjustable through the protocol's own voting mechanism. A single master middleware sits in front of every protocol-level write call; nothing touches state without passing through it.