Sentinel is an open-source research case study for AI fraud detection and sanctions screening (using OFAC lists) for cross-border payments. It combines public datasets to detect CNP transaction fraud, screen against OFAC sanctions lists, and deliver explainable risk scores with sub-200ms latency.
- CNP fraud detection — LightGBM model for card-not-present transactions
- OFAC sanctions screening — Fuzzy matching against OFAC SDN and Consolidated lists
- Explainable risk scores — Real-time fraud risk with SHAP explanations; sub-200ms latency target
- Notebooks — EDA, model training, and sanctions screener build
- FastAPI scoring service — Real-time inference with Redis velocity features and PostgreSQL audit
- Demo UI — Transaction screening, batch requests, dashboard, PDF export
Warning
For research/educational use only
Models trained on IEEE-CIS data are restricted to non-commercial use. Production deployments require retraining on proprietary or licensed datasets.
Live demo: sentinel.devbrew.ai · Watch the full demo YouTube
The live app enables SHAP explanations for every transaction (~1–1.5s extra); the API alone reaches <50ms p95 when explainability is off.
Full case study: devbrew.ai/work/sentinel
- Backend: FastAPI, Python, LightGBM, SHAP (explainability), RapidFuzz (sanctions), Redis, PostgreSQL
- Frontend: Next.js 16, React 19, Tailwind CSS, Recharts, Radix UI
- Demo hosting: Render (API), Vercel (UI)
- Fraud: IEEE-CIS e-commerce (research only), PaySim (open)
- Sanctions: OFAC SDN and Consolidated Lists (public domain)
sentinel/ ├── apps/ │ ├── api/ # FastAPI scoring service │ └── web/ # Next.js demo UI ├── packages/ │ ├── models/ # trained artifacts, ONNX exports │ └── compliance/ # sanctions screening ├── data_catalog/ # dataset download scripts + notes ├── docs/ # findings, roadmap, requirements └── notebooks/ # EDA + model training Each app has its own README: API · Web.
git clone https://github.com/devbrewai/sentinel.git cd sentinelUsing UV (recommended):
curl -LsSf https://astral.sh/uv/install.sh | sh uv sync source .venv/bin/activate # Linux/macOS # .venv\Scripts\activate # WindowsOr using pip:
python -m venv .venv source .venv/bin/activate uv pip install -e .Option A — Run both together (recommended):
make docker-up cd apps/web && bun install # once; see apps/web/README.md for auth/db if using login make devmake dev starts the API and frontend concurrently. API: http://localhost:8000 · Web: http://localhost:3000
Option B — Run API only:
make docker-up make run-apiSee apps/api/README.md for environment variables and detailed API setup.
Option C — Run frontend only:
cd apps/web bun installSee apps/web/README.md for auth (Neon) and database setup. Then: copy .env.example to .env.local, run bun run db:generate and bun run db:migrate, then bun run dev.
Run make help for all commands.
Make targets (from repo root):
| Command | Description |
|---|---|
make help | Show all available commands |
make dev | Start API + Web concurrently (requires docker-up) |
make docker-up / make docker-down | Start or stop Redis & Postgres |
make run-api | Start FastAPI server |
make run-web | Start Next.js frontend |
make test | Run API tests |
make test-web | Run Next.js component tests |
make lint | Run ruff linting |
make db-generate | Generate Drizzle migrations |
make db-migrate | Apply migrations to Neon auth DB |
make db-push | Push schema directly (dev shortcut) |
make db-studio | Open Drizzle Studio |
API (from project root): uv sync, activate venv, then make run-api or PYTHONPATH=apps/api uvicorn src.main:app --reload. Tests: PYTHONPATH=apps/api pytest apps/api/tests -v. Lint: ruff check .
Web: cd apps/web, bun install, then bun run dev / bun run build / bun run lint / bun run test. Auth DB: bun run db:generate, bun run db:migrate, bun run db:push, bun run db:studio.
Notebooks: Run Jupyter from project root: jupyter notebook notebooks/
Full details: apps/api/README.md, apps/web/README.md.
- API: apps/api/README.md — environment, endpoints, local setup
- Web: apps/web/README.md — auth, database, frontend setup
- Research: docs/ and case study — phases, findings, requirements
- AI/editor context: CLAUDE.md — codebase conventions and architecture for Claude Code
This repository is for educational and research use only. The IEEE-CIS dataset and any models trained on it are non-commercial; model artifacts here are for demonstration. Production use requires retraining on your own data. PaySim and OFAC data are subject to their respective terms. See LICENSE and NOTICE for full terms and dataset attributions.
Apache 2.0 © Devbrew LLC. See LICENSE. NOTICE includes dataset attributions.
Contributions are welcome. Open an issue for bugs or features; submit a PR following CONTRIBUTING.md.
Questions? hello@devbrew.ai
We cannot provide commercial licensing for models trained on IEEE-CIS data. For production fraud detection, contact us about custom solutions with licensed data.